CLARIFICATION TEXT ON THE PROTECTION AND PROCESSING OF PERSONAL DATA[1]
- Identity and Purpose of the Data Controller
In subparagraph (ı) of paragraph 1 of Article 3 of the PDPL, the data controller is defined as “Real or legal persons who determine the purposes and means of processing personal data, are responsible for the establishment and management of the data recording system”. In this context, the data controller is STS ELEKTRİK SANAYİ VE TİCARET A.Ş (“STS” ).
The Clarification Text on the Processing of Personal Data (“Clarification Text”) prepared by CSL acting as the data controller has been prepared in order to inform you about your personal data being processed to ensure the performance of the Company's activities within the framework of Article 10 of the Personal Data Protection Law No. 6698 ("Law").
You can access more detailed information on the processing of personal data in the “STS ELEKTRİK SANAYİ VE TİCARET A.Ş Personal Data Protection and Processing Policy” and the “PDPL Clarification Text” shared with the public by the Company at www.stselektrik.com.
- Categorization of Personal Data
In line with our company’s legitimate and lawful personal data processing purposes, your personal data in the categories specified below is processed based on one or more of the personal data processing conditions specified in Articles 5 and 6 of the PDP Law and in compliance with the general principles set forth in the PDP Law, especially the principles set forth in Article 4 of the PDP Law regarding the processing of personal data, and all obligations set forth in the PDP Law.
PERSONAL DATA CATEGORIZATION |
DATA CATEGORIZATION DESCRIPTION |
Identity | Name and Surname, Mother-Father's Name, Date of Birth, Place of Birth, Marital Status, ID Card Serial Number, TR ID Number, Tax ID Number, Signature in documents such as Driver's License, ID Card, Passport |
Contact | Information such as phone number, address, e-mail |
| Location | Location information of the personal data owner |
Legal Process | Your personal data processed within the scope of determining and following our legal receivables and rights, fulfilling our debts, and complying with our legal obligations and our company's policies. |
Customer Process | Information obtained and produced as a result of our commercial activities and the operations carried out by our business units within this framework (invoice, promissory note, check information, etc.), records regarding the use of our products and services, and information such as the customer's instructions and requests required for the use of the products and services. |
Physical Space Security | Camera recordings taken at the entrance to the physical space and during the stay in the physical space |
Information on Risk Management | Personal data processed through methods used in accordance with legal, commercial practices and good faith that are generally accepted and/or made mandatory by relevant legislation in these areas in order to manage our commercial, financial and administrative risks. |
Financial Information | Personal data processed regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship our company has established with the personal data owner, as well as data such as bank account number, IBAN number, financial profile, asset data, income information. |
Marketing Information | Personal data processed for the marketing of our products and services and the reports and evaluations created as a result of this processing |
Audio/Visual Information | Camera recordings (excluding recordings within the scope of Security Information), voice recordings and the data in documents containing personal data. |
SENSITIVE PERSONAL DATA CATEGORIZATION |
DATA CATEGORIZATION DESCRIPTION |
Health Data |
The "blood group" information on the photocopy/image of the old-type identity document (ID card, driver's license) obtained from real persons due to legal obligation and the information in the health reports. |
Religious Affiliation Data | The "religion" information on the photocopy/image of the old-type ID card obtained from real persons due to legal obligation. |
- The Purposes of Processing Your Personal Data
Your personal data such as identity, contact, location, personnel, family-relatives information, professional experience, legal process, customer process, risk management, marketing, visual/audio, process security and physical space security and your sensitive personal data such as blood group and religion are processed by our Company within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698 for basic purposes such as taking the necessary actions by our relevant business units for the realization of the commercial activities carried out by the Company and carrying out the related business processes, carrying out the necessary activities for the Company to continue its commercial activities, developing the Company's reputation and business relations and to determine its strategies, managing and carrying out advertising/campaign/promotion processes and marketing processes, carrying out customer relations management processes, ensuring the legal, technical and commercial-occupational security of the Company and the relevant persons who have a business relationship with the Company, providing you with better and more reliable services, developing services and products suitable for you and continuing this without interruption, complying with the information storage, reporting and notification obligations stipulated by the Social Security Institution and other authorities and within the scope of legal legislation, carrying out human resources processes, responding complaints, questions and requests,recording camera images in our branch and head office premises due to security practices in the workplace.
The data is processed within the scope of the categories of personal data owners and the types of personal data processed of the persons within these categories, as well as the personal data processing conditions and purposes specified in Articles 5 and 6 of the PDPL.
- Kamera ve Ses Kaydının Alınması
In order to ensure the security and protection of property and confidentiality and to control service quality, camera recording is carried out in the head office and branch premises where our Company carries out its activities, in accordance with the provisions of the Personal Data Protection Law No. 6698.
In addition, the conversations with our Company officials via the call center and the external calls made by our Company in order to carry out the necessary processes for the continuation of the activities, especially factoring transactions, are recorded.
The camera and audio recordings made by our company are not transferred to any real or legal person at home or abroad.
- Methods of Collecting Your Personal Data and Legal Reasons Related to Them
Your personal data is collected through automatic and non-automatic methods, through all agreements/information forms and other documents drawn up with your approval and/or signature in accordance with all laws and relevant legislation, primarily the Turkish Penal Code No. 5237 and the Personal Data Protection Law No. 6698, in order to fulfill legal obligations arising from the relevant legislation, through notifications you will make with electronic approval and/or signature, via text messages, e-mail, internet and all similar tools or environments, mobile applications or correspondence made through mobile applications, telephone, fax, mail, cargo or courier services and all similar communication tools, through channels such as our General Directorate units, branches, call center and through the databases of various institutions and organizations with your approval when legally mandatory to the extent permitted and within the limits drawn by the relevant legislation and the agreements made.
According to Article 5/2 of the PDPL, the legal reasons for processing your personal data are as follows ; a) the processing of your data such as identity and address information is mandatory by law, b) it is mandatory for the establishment and performance of agreements you will enter into with our Company in order to receive services from our Company, c) it is mandatory for the performance of our Company's reporting obligations arising from the law and sharing information with authorized bodies, d) it is mandatory for the protection, exercise and establishment of our rights and receivables arising from the agreements between you and our Company, e) data processing is mandatory for the legitimate interests of our Company, provided that it does not harm your fundamental rights and freedoms, f) there is explicit consent.
- Transfer of Your Personal Data to Third Parties
Within the scope of the data processing purposes specified above, your personal data is transferred to authorized official institutions and organizations and legally authorized private persons in order to fulfill our legal obligations or to establish, exercise or protect the rights of the Company; to our business partners in order to respond to your applications, requests and questions and to increase our service quality; to other financial institutions operating within the borders of the Republic of Türkiye; to private persons authorized to receive information and documents from our Company in accordance with the relevant legislation (Independent Auditor, Lawyer) and, upon request, to judicial authorities or law enforcement officers, within the framework of the personal data processing conditions and purposes specified in Article 8 of the Law on the transfer of personal data.
Personal data is not transferred abroad by our company in any way.
- Rights of the Personal Data Owner
Within the scope of Article 11 of the Law, you have the following rights regarding your personal data:
- To learn whether personal data has been processed or not,
- To request information if your personal data has been processed,
- To learn the purpose of the processing of your personal data and whether it is being used in accordance with that purpose,
- To know the third parties to whom personal data is transferred inside or outside Türkiye,
- To request the correction of personal data in case of incomplete or incorrect processing,
- To request deletion or destruction of personal data,
- In case of correction, deletion or destruction of personal data, to request that these transactions be notified to third parties to whom personal data has been transferred,
- To object to the occurrence of any unfavorable consequences resulting from the analysis of personal data exclusively by automated systems,
- To demand compensation for damages in case of damages due to unlawful processing of your personal data.
To exercise your rights listed above, you can fill out the “Application Form for Applications to be Made to the Data Controller by the Relevant Person (Personal Data Owner) in Accordance with the Personal Data Protection Law No. 6698” at info@stselektrik.com and forward it to our Company free of charge using the methods below.
1. After filling out the form at www.stselektrik.com and signing it with a wet signature, you can deliver it to “OSB Mah., 15. Sk. No:3 Dilovası/KOCAELİ” in person
2. After filling out the form at www.stselektrik.com and signing it with a wet signature, you can send it to OSB Mah., 15. Sk. No:3 Dilovası/KOCAELİ via a notary
3. After filling out the application form at www.stselektrik.com and signing it with the “secure electronic signature” defined in the Electronic Signature Law No. 5070, you can send it to “info@stselektrik.com” via e-mail
4. After filling out the application form at www.stselektrik.com, you can send it to stselektrik@hs01.kep.tr via Registered Electronic Mail (KEP) from the (KEP) account.
In addition to the methods listed above, applications can be submitted using other methods specified in the Article 5 titled “Application Procedure” of the Communiqué on the Application Procedures and Principles to the Data Controller.
Our Company will finalize your requests regarding your rights listed above, in writing or through other methods determined by the Board, as soon as possible and within thirty days at the latest after the date of transmission.
- Storage and Destruction of Your Personal Data
Your personal data processed for the purposes specified above will be stored and destroyed in accordance with the Personal Data Protection Law and the Regulation on the Deletion, Destruction or Anonymization of Personal Data.Our company stores and destroys your personal data in accordance with our Personal Data Storage and Destruction Policy. You can review our Personal Data Storage and Destruction Policy at www.stselektrik.com to learn about the precautions we take to securely store and destroy your personal data and the storage and destruction periods we determine.
It is not possible to make a request by third parties on behalf of the personal data owners. In order for a person other than the personal data owner to make a request, the original copy of the special power of attorney regarding the subject issued by the personal data owner for the person who will make the application must be presented.
The Personal Data Owner undertakes that the personal data subject to this clarification text is complete, accurate and up-to-date. In case of any changes regarding the Personal Data, the data owner will be able to inform STS and request that the personal data be updated. If STS has not provided accurate and up-to-date information, STS will not be held responsible at all.
İThis Clarification Text may be revised by STS when deemed necessary. In case of revision, information will be provided about this issue…
I have read and understood this Clarification Text, consisting of 5 (five) pages, which was duly submitted to me.
I consent to the processing of my personal data defined in this Clarification Text by STS ELEKTRİK SANAYİ VE TİCARET A.Ş. within the framework of the PDPL and limited to the reasons and purposes explained in this Clarification Text, and to the sharing of these data with authorized institutions and persons in accordance with the law and other legislation.
Personal Data Owner's
Name Surname :
Date :
Signature :
[1] (Prepared within the framework of Articles 10, 11 and 13 of Law No. 6698)