Law No. 6698 on the Protection of Personal Data (“Law”), which entered into force after its publication in the Official Journal dated 07.04.2016, regulates the protection of fundamental rights and freedoms of individuals, especially the privacy of private life, while processing personal data, as well as the obligations of data controllers who collect and process data, and the procedures and principles they are bound by. “Policy on Protection, Storage, Transfer, and Destruction of Personal Data by Marmara Uluslararası İnşaat ve Ticaret Anonim Şirketi” has been established to implement the law and its implementing regulations, the resolutions adopted by the Personal Data Protection Authority, and to describe the duties and responsibilities of the public and Company employees.
The Policy on Protection, Storage, Transfer, and Destruction of Personal Data by Marmara Uluslararası İnşaat ve Ticaret Anonim Şirketi has been prepared to be enforced for the Company, managers, employees, customers, and all persons who establish a relationship with the Company.
This Policy sets out the rules and principles in order to serve the rights to privacy and inviolability of private life of all natural persons who establish a relationship with the Company and the rights to protection of personal data protected by the Law. Any violation of the Policy implies that the Company has violated the Law as it acts as the registered Data Controller; therefore, violation of Policy on Protection, Storage, Transfer, and Destruction of Personal Data by Marmara Uluslararası İnşaat ve Ticaret Anonim Şirketi by employees shall be deemed to breach discipline.
For all documents and activities in this Policy and Law on the Protection of Personal Data, the following definitions shall apply:
Personal data may only be processed in compliance with the procedures and principles set forth in Law. The following principles shall be complied with within the processing of personal data: lawfulness and conformity with rules of bona fides; accuracy and being up to date, where necessary; being processed for specific, explicit and legitimate purposes; being relevant with, limited to and proportionate to the purposes for which they are processed; being retained for the period of time stipulated by relevant legislation or the purpose for which they are processed.
The Company collects the personal data detailed below and also in the Personal Data Inventory for establishing a business relationship with the personnel it employs, preparing the personnel and medical files, executing employment contracts, securing workplace and customer safety, concluding contracts for purchase, sale, service procurement and similar contracts with the companies with whom the Company enters into business relations or maintains business relations, executing contracts, fulfilling legal, financial and commercial obligations thereof, and analysing commercial risks, carrying out procurement operations as well as legal and administrative operations and fulfilling the legal obligations set forth in the provisions of the legislation to which the Company is subject, primarily Labor Law No. 4857, Occupational Health and Safety Law No. 6331, Social Insurance and General Health Insurance Law No. 5510, Turkish Commercial Code No. 6102, and Tax Legislation.
Personal data shall not be processed without the explicit consent of the data subject. The explicit consent must be in writing or provable and must be obtained after the data subject has been informed of the collection, use, transfer, and destruction. The company may process the personal data, without seeking the explicit consent of the data subject, only in cases where one of the following conditions is met:
While collecting personal data, the Company, as data controller, or the person authorised by it is obliged to inform the data subjects about the following:
The Company, as data controller, are obliged to take all necessary technical and administrative measures to provide a sufficient level of security in order to:
Each person has the right to apply to the controller and
You can send your request for exercising your rights to us by sending it to our mail, fax, or registered e-mail address indicated below with a secure electronic signature, or by filling out the Application Form on our website, or in accordance with the method if the Personal Data Protection Board defines a different method in writing and with a wet signature along with the certificates that prove your identity.
For your requests on Marmara Uluslararası İnşaat ve Ticaret Anonim Şirketi, please find our contact details below:
Address : Türkmen Mah. Gazi Beğendi Bulvarı No.21 Kuşadası/Aydın
Phone : 0256 618 15 30
E-Mail : info@korumar.com.tr
Your personal data may be transferred to business partners, shareholders, holdings to which our Company is affiliated, subsidiaries, companies from which our Company procures services as a supplement or extension of its activities, suppliers, subcontractors, banks, ministries, municipalities, support service providers, contracted companies, institutions that cooperate in accordance with the provisions of the legislation, public authorities and bodies, and law enforcement agencies for the purposes set out above and under the applicable legal provisions and the requirements and purposes of processing personal data set out in Articles 8 and 9 of the LPPD.
Personal data shall never be transferred abroad without the explicit consent of the data subject. However, the transfer of personal data abroad, regardless of the explicit consent of the data subject, requires one of the conditions set out in Article 6 above, as well as the following conditions pursuant to Article the LPPD:
The countries where sufficient protection is available for transfer abroad shall be designated and announced by the Authority. The personal data may be transferred abroad, without prejudice to the provisions of international conventions, in cases where the interests of Türkiye or the data subject would be seriously harmed, but only with the approval of the Authority after consulting the relevant public institution or organization. The provisions set forth in other laws on the transfer of personal data abroad are reserved.
Personal data shall be stored in existing and secure physical or electronic mediums available within the Company. Only the persons authorized by the Company shall be allowed access to the data.
Concordantly,
The personal data shall be stored for the periods indicated in the table below under the applicable Legislation and the principles set forth in this Policy and shall be anonymized or destructed after the deadline. Since data from the same data category may be processed due to different procedures, the following table has been created by taking into account the longest retention period:
Data Category | Retention Time | Destruction Period |
Identity Data (name, surname, date of birth, place of birth, marital status, serial number of identity card, Turkish ID No, signature, etc.) | 30 years | Within 180 days after the end of the retention period |
Contact Details (work address, home address, personal e-mail, corporate e-mail, contact address, registered electronic mail address (REM), work phone, home phone, cell phone) | 30 years | Within 180 days after the end of the retention period |
Personnel Data (payroll data, disciplinary proceedings, employment records, property declaration data, CV, performance evaluation reports, leaves, etc.) | 10 years following the dissolution of the relationship | Within 180 days after the end of the retention period |
Data on Legal Proceedings (information in correspondence with judicial authorities, information in the case file) | 10 years | Within 180 days after the end of the retention period |
Data on Customer Proceedings (invoice, bill, cheque details, order details, requests) | 5 years | Within 180 days after the end of the retention period |
Security Data of Physical Space (camera footage) | 45 days | Within 180 days after the end of the retention period |
Process Security Data (ip addresses, website login and logout details, password and passcodes) | 2 years | Within 180 days after the end of the retention period |
Finance Data (balance sheets, financial performances, credit and risk profiles, assets, salaries, insurance premiums, bank account details) | 10 years | Within 180 days after the end of the retention period |
Professional Experience Data (diploma credentials, courses attended, vocational trainings, certificates, transcripts) | 10 years following the dissolution of the relationship | Within 180 days after the end of the retention period |
Marketing Data (Advertising, surveys, cookie registrations) | 3 years | Within 180 days after the end of the retention period |
Audiovisual Recording Data (photo) | 10 years following the dissolution of the relationship | Within 180 days after the end of the retention period |
Philosophical Belief, Religion, Sect and Other Belief Data | 10 years following the dissolution of the relationship | Within 180 days after the end of the retention period |
Association Membership Data | 10 years following the dissolution of the relationship | Within 180 days after the end of the retention period |
Foundation Membership Data | 10 years following the dissolution of the relationship | Within 180 days after the end of the retention period |
Medical Data (disability details, blood groups, personal medical data, information on devices and prostheses in use, medical records, periodic medical examination form for employment) | 15 years following the dissolution of the relationship | Within 180 days after the end of the retention period |
Criminal Conviction and Security Measure Data (criminal records) | 10 years following the dissolution of the relationship | Within 180 days after the end of the retention period |
Biometric Data (fingerprint) | Within the periodic destruction time following the dissolution of the relationship | Within 180 days after the end of the retention period |