EN
TR Follow EEC
  • Homepage
  • EEC Policy on the Protection and Processing of Personal Data

EEC Policy on the Protection and Processing of Personal Data

Purpose

The purpose of Law No. 6698 on the Protection of Personal Data ("PDPL") is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data and to regulate the obligations of natural and legal persons who process personal data and the procedures and principles to be followed.

The provisions of the PDPL shall apply to natural persons whose personal data are processed and to natural and legal persons who process such data wholly or partially automatically or by non-automatic means provided that they are part of any data recording system.

The purpose of this General Clarification Text prepared within the scope of the disclosure obligation specified in Article 10 of the PDPL is to inform our customers and prospective customers, suppliers, business partners, subcontractors, institutions with which we have business relations, employees and prospective employees, office and website (eec.com.tr) visitors about our PDPL practices.

Definitions

KVKK (PDPL): Law No. 6698 on the Protection of Personal Data.

Board: Personal Data Protection Board

Institution: Personal Data Protection Authority

Personal Data: It refers to any information relating to an identified or identifiable natural person. In order to be able to speak of personal data, the data must be related to a natural person and must be of a nature that makes this person directly or indirectly identifiable.

Sensitive Personal Data: Data that, if learned by others, may cause the person concerned to be victimized or subjected to discrimination. Within the scope of the PDPL, which personal data are special categories of personal data are specified one by one, and those other than those listed cannot be considered as special categories of personal data. In this respect, it is accepted that special categories of personal data are limited.

Sensitive personal data are data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

Relevant Person: Relevant person refers to the natural person whose personal data is processed. In the Law, only the data of natural persons are protected and the data of legal entities are excluded from the scope of the PDPL.

Processing of Personal Data: Processing of personal data refers to all kinds of operations performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system. Personal data cannot be processed without the explicit consent of the data subject.

Data Recording System: Data recording system refers to the recording system in which personal data is structured and processed according to certain criteria. The data recording system, which can be characterized as a filing system, can be created in electronic or physical environment.

Explicit Consent: Explicit consent is a consent expressed with free will based on information on a specific subject. Explicit consent has three elements; it is related to a specific subject, it is based on information and it is expressed with free will. Explicit consent must include the "affirmative declaration of will" of the person giving consent. Explicit consent does not have to be obtained in writing; it is also possible to obtain it via electronic media, call center, etc.

Data Controller: The data controller may be a natural person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system, as well as legal entities such as public institutions, companies, associations or foundations.

The data controller is the person who will answer the questions of "why" and "how" the processing will be carried out.

Data Processor: The data processor is a natural or legal person who processes personal data on behalf of the data controller within the framework of the instructions given to him/her. The activities of the data processor are mostly limited to the technical parts of data processing. What is important here is that the data processor carries out the personal data processing activities within this scope in line with the instructions received from the data controller. The natural person responsible for the data processing activity cannot be the data controller.

Destruction of Personal Data: Destruction is the process of making personal data in electronic and physical environment inaccessible, unrecoverable and non-reusable by anyone in any way.

Transfer of Personal Data: It is the transfer of information, documents or documents containing personal data to a third natural or legal person. Personal data cannot be transferred without the explicit consent of the data subject, except for the exceptions specified in the law.

Anonymization of Personal Data: Anonymization means making personal data impossible to be associated with an identified or identifiable natural person, even if it is matched with other data, and eliminating the identifiability of the identity.

Obligations of the Data Controller:

According to Article 12 of the PDPL, the data controller is obliged to;

  • Prevent unlawful processing of personal data,
  • Prevent unlawful access to personal data,
  • Ensure the protection of personal data

In order to fulfil these obligations, the data controller is obliged to take all necessary technical and administrative measures to ensure the appropriate level of security. It is among the powers and duties of the Board to take regulatory action to determine the obligations regarding data security. However, additional measures may also be taken depending on the nature of the personal data processed on a sectoral basis, based on the minimum criteria to be determined by the Board.

Pursuant to the PDPL, EEC Entegre Bina Kontrol Sistemleri Sanayi ve Ticaret Anonim Şirketi ("Company") will fulfil the above-mentioned obligations in the capacity of Data Controller.

The contact information of the Company is given below:

Title: EEC Entegre Bina Kontrol Sistemleri Sanayi ve Ticaret Anonim Şirketi
Address: Kaptanpaşa Mahallesi Halit Ziya Türkkan Sokak Famas Plaza A-Block Kat: 16 Okmeydanı, Şişli, İstanbul, Turkey
Telephone Number: 0212 320 1626
Website Address: eec.com.tr
E-mail Address: ebks@eec.com.tr
KEP Address: eecentegre@hs01.kep.tr

Basic Principles for Processing Personal Data:

As a rule, the processing of personal data is prohibited by law. However, the law has made it possible to process personal data in the presence of certain circumstances. The fact that data processing has a purpose and is limited to this purpose constitutes the limit of the data processing activity.

The Company will always act in accordance with the basic principles set forth under the PDPL in the processing of personal data. The basic principles in the processing of personal data are as follows:

  • Being in compliance with the law and good faith,
  • Being accurate and, where necessary, up to date,
  • Processing for specific, explicit and legitimate purposes,
  • Being relevant, limited and proportionate to the purpose for which they are processed,
  • Retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed.

The principle of being in compliance with law: refers to the obligation to act in accordance with the principles introduced by laws and other legal regulations in the processing of personal data.

The principle of being accurate and, where necessary, up-to-date: Emphasizes the importance of the accuracy and timeliness of data and is compatible with the right to request correction of data. In order to ensure that personal data can be kept accurate and up-to-date, the sources from which personal data are obtained should be identified, the accuracy of the source from which personal data are collected should be tested, requests arising from inaccuracy of personal data should be taken into account and reasonable measures should be taken in this context.

The principle of processing for specific, explicit and legitimate purposes: It means that personal data processing activities should be clearly understandable by the person concerned, the legal transaction condition on which the personal data processing activities are carried out should be determined, and the personal data processing activity and the purpose of this activity should be revealed in detail to ensure certainty.

The principle of being relevant, limited and proportionate to the purpose for which they are processed: It means that personal data should be appropriate for the purpose for which they are processed, limited and reasonable within the scope of this purpose. Personal data should not be collected and/or processed to an extent/amount that is not necessary for the realization of the personal data processing activity. Accordingly, personal data should only be collected for specific purposes and as much as necessary and used where required by the purpose.

The principle of retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed: It refers to the obligation to retain personal data only for the period stipulated in the relevant legislation or required for the purpose for which they are processed. Accordingly, if there is a period stipulated in the relevant legislation for the retention of data, data controllers shall comply with this period and retain personal data only for the period necessary for the purpose for which they are processed. In the event that both the periods stipulated within the scope of the legislation to which the data controller is subject due to its legal obligations and the retention periods determined by the data controller are exceeded, the personal data must be deleted, destroyed or anonymized by the data controller in accordance with the Regulation on Deletion, Destruction and Anonymization of Personal Data.

PDPL

Pursuant to Article 5 of the PDPL, personal data may be processed without explicit consent in the following cases

  • It is explicitly stipulated by law,
  • It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
  • Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract,
  • It is mandatory for the data controller to fulfil its legal obligation,
  • It has been made public by the person concerned,
  • Data processing is mandatory for the establishment, exercise or protection of a right,
  • Data processing is mandatory for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the data subject.

Personal health data may be processed by persons under the obligation of confidentiality or authorized institutions and organizations for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

The conditions for the processing of personal data, i.e., the cases of lawfulness, are listed in a limited number within the scope of PDPL, and these conditions cannot be expanded for any reason.

Collection and Processing Purposes of Personal Data

The Company may obtain personal data directly from the data subjects themselves or indirectly from third parties and from the data made public by the data subject himself/herself. In this context, data is collected verbally, physically or electronically and this personal data is processed.

The categories of personal data that may be subject to processing by the Company are as follows;

  • Identity, communication, customer transaction, risk management, finance, marketing and audio-visual recording information of customer and prospective customer company employees
  • Supplier company employees' identity, communication, customer transaction information, risk management, finance and physical space security information
  • Identity, contact, customer transaction information, risk management, finance and physical space security information of business partner company employees
  • Identity, contact, personal, customer transaction, physical space security, financial, professional experience, audio-visual record, race, health and criminal conviction information of subcontractor employees
  • Identity, communication, location, personal, legal action, physical space security, transaction security, risk management, finance, professional experience, visual and audio recording, race, association and foundation membership, health, biometric and criminal conviction information of company employees
  • Identity, communication, professional experience, visual and auditory records, race, association and foundation membership information of the Company's employee candidates
  • Identity and physical space security information of company headquarters or regional office visitors
  • Transaction security information of visitors to the company website (eec.com.tr)

The collected personal data may be processed in accordance with the basic principles stipulated in the PDPL and within the personal data processing conditions specified in Articles 5 and 6 of the PDPL; by the Company in the management processes of the personal data of the data owners, for the purpose of ensuring the commercial, technical, legal and business security of the Company and the relevant persons who have a business relationship with the Company and for the performance of the activities, within the framework of the Company's activities.

Personal data, in this respect, limited with the following purposes, can be processed within the scope of Personal Data Processing conditions specified in articles 5 and 6 of PDPL;

  • Fulfilment of legal and contractual obligations to be fulfilled by the Company
  • Communicating with the employees of customers and prospective customers regarding the products and/or services offered within the scope of the Company's field of activity, making visits, concluding contracts
  • Creating Customer, Prospective Customer, Supplier, Business Partner and Subcontractor portfolios within the Company, provided that they can only be accessed by authorized persons
  • To be able to offer the products and / or services offered within the scope of the Company's field of activity to the relevant person, to carry out the necessary work by the Company's business units in order to benefit the Personal Data Owners from the products and / or services, to carry out marketing, procurement and all operation activities; to carry out reconciliation, payment and collection transactions; to communicate with the Personal Data Owners in order to carry out these transactions, to send / provide relevant documents and information
  • Performing transactions related to procurement, delivery, etc. regarding the products and/or services offered by the Company and sharing information and negotiation processes related to them via mail, e-mail, SMS and telephone
  • Carrying out and managing internal system and application management operations, communication, market research and social responsibility activities, financial operations and product / project / manufacturing / investment / quality processes in line with the purpose of determining and implementing the Company's commercial and business strategies
  • In the sales and / or after-sales process of the products and / or services offered within the scope of the Company's field of activity and in new sales; renewal of the purchased product and / or service if necessary, meeting complaints or review requests regarding the purchased products and / or services, and informing and auditing in this regard
  • Execution, management and supervision of financial and accounting processes by the Company
  • Issuance of current account cards as a basis for the legal books and records kept by the Company
  • Accessing the records of Personal Data Owners created within the Company in subsequent business relations, invoicing automatically
  • Meeting the demands of credit and financial institutions to know, analyse and verify the reliability of their customers,
  • Preparation of documents (contract, invoice, waybill, check, promissory note, signature circular, power of attorney, etc.) required within the scope of the activities carried out by the company
  • Organization of business trips within the scope of company activities and arrangement of documents required for travel (visa, insurance, work permit, flight, vehicle and hotel reservations, etc.)
  • Adding the necessary information to the contracts to be signed with suppliers, business partners and subcontractors in order to carry out the transactions within the scope of the Company's activities, sharing the information required to be shared with suppliers, business partners and subcontractors within the scope of these contracts or obtaining the relevant information from suppliers, business partners and subcontractors and performing the necessary operations with suppliers, business partners and subcontractors
  • Recording the contact, personal and reference information of Employee Candidates in order to carry out the human resources activities of the Company
  • Participation of the Company in tenders in the public and private sector, submission of bids, execution of works and communication for these purposes
  • Referencing the Company's operations and previous business to customers or prospective customers
  • Preparation of tender documentation in tenders in which the Company participates and/or wins within the scope of its field of activity
  • Execution of administrative and legal transactions, legal correspondence, execution of processes by the Company in order to ensure the legal and commercial obligations of the Company
  • Carrying out the necessary informatics activities in order to ensure the security of the data held by the Company, obtaining external technical support services in this context
  • Contacting with third parties in the fields of education, transportation, informatics and similar areas, concluding contracts, obtaining services and fulfilling them, if necessary, within the scope of the Company's activities
  • Managing activities to ensure the physical security and supervision of the Company's locations
  • Identification of visitors/personnel entering the Company's workplaces, creation and follow-up of visitor/personnel records
  • Ensuring that Company employees and/or employees of the Company's suppliers, business partners and subcontractors enter the workplaces of the Company's customers
  • Ensuring field inspections at the workplaces belonging to the Company and at the workplaces belonging to the customers served by the Company
  • Planning and/or execution of customer relationship management processes, including the planning and/or execution of customer satisfaction activities; accordingly, mailing to customer employees, reaching out by e-mail and telephone; conducting service evaluation surveys
  • Carrying out advertising and promotion processes within the scope of the Company's activities, conducting interviews, preparing news, communicating with the people subject to the news
  • Contacting the Personal Data Owners who submit their requests and complaints to the Company and ensuring the follow-up and management of requests and complaints
  • Recording and distribution of notifications received by the Company
  • Execution of the Company's human resources policies, fulfilment of its obligations within the framework of occupational health and safety and taking necessary measures,

Data

The Company, in its capacity as Data Controller, accepts and declares the following;

  • that it has taken the necessary technical and administrative measures to ensure the appropriate level of security to prevent unlawful processing of personal data and unlawful access to data and to ensure the preservation of data,
  • that it will not disclose the personal data learned to others in violation of the provisions of the PDPL and will not use it for purposes other than processing,
  • that it will notify the Board in case the processed personal data is obtained by others illegally.

Data Transfer

The Company may transfer personal data for the following purposes within the scope of the "Personal Data Transfer" conditions specified in Articles 8 and 9 of the PDPL;

  • To fulfil legal and contractual obligations
  • To carry out various projects, to receive services, to provide services and to carry out all other transactions necessary to ensure their fulfilment in the realization of its commercial activities and human resources policies
  • To realize the activities carried out within the scope of legislation, event management and corporate communication processes
  • To ensure the design, management at the highest level, operation and supervision of strategies for commercial activities
  • In line with the sales and after-sales demands of customers, making the necessary transactions and informing them in accordance with their needs and usage, showing their previous activities as a reference
  • To conduct customer and prospect visits
  • To conduct studies and surveys to measure customer satisfaction
  • To carry out advertising and promotion processes within the scope of the Company's activities, to publish magazines, interviews and news in this context
  • To carry out the necessary informatics activities in order to ensure the security of the data held by the Company and to ensure that external technical support services are obtained in this context
  • To reach Personal Data Subjects by mail, e-mail and phone,

for the above-mentioned purposes, to Group Companies (AVEKA Algılama ve Kontrol Teknolojileri Sanayi ve Ticaret A.Ş. and Elektronik Cihazlar Sanayi ve Ticaret A.Ş.), business partner, supplier and subcontractor officials, Company partners, Company officials, customer and/or prospective customer officials.

In addition, if requested by the relevant public institutions and organizations within their legal authority and if requested by the relevant private law persons within their legal authority in accordance with the provisions of the legislation; The Company may transfer Personal Data to legally authorized Public Institutions and Organizations and legally authorized Private Law Persons and / or third parties / organizations to be determined by them.

Relevant Person (Data Subject) Rights

Pursuant to Article 11 of the PDPL, everyone has the following rights in relation to himself/herself by applying to the data controller;

  • To learn whether their personal data is being processed,
  • To request information if their personal data has been processed,
  • To learn the purpose of processing personal data and whether they are used for their intended purpose,
  • To know the third parties, if any, to whom personal data is transferred domestically or abroad,
  • To request correction of personal data in case of incomplete or incorrect processing,
  • To request the erasure or destruction of personal data under the conditions provided for in Article 7 of the PDPL,
  • To request notification of the transactions made in line with the correction, deletion and destruction requests specified in subparagraphs (d) and (e) of the Article to third parties to whom personal data are transferred,
  • To object to the emergence of a result to the detriment of the person himself/herself by analysing the processed data exclusively through automated systems,
  • To demand compensation for the damage, in case of damage due to unlawful processing of personal data.

Application Process to the Data Controller

Article 13 of the PDPL regulates the way of application to the Company regarding the requests of the data subject regarding the implementation of the PDPL. Accordingly, data subjects are obliged to submit their requests regarding the implementation of the PDPL to the Company.

The methods by which the Data Subjects can send their applications to the Company are specified below:

After filling out the KVKK Application Form on the Company website (eec.com.tr), it can be sent to the registered electronic mail (KEP) address eecentegre@hs01.kep.tr belonging to the Company or to the e-mail address ebks@eec.com.tr with secure electronic or mobile signature if the e-mail addresses are registered in the Company's systems.

The PDPL Application Form on the Company's website (eec.com.tr) can be filled out and sent with wet signature to the Company's headquarters address Kaptanpaşa Mahallesi Halit Ziya Türkkan Sokak Famas Plaza A-Blok Kat: 16 Okmeydanı, Şişli, Istanbul where the Company's head office is located or sent by registered letter with return receipt requested or through the notary public.

The Company will finalize the request within 30 (thirty) days at the latest. The Company may accept the request or reject it by explaining its reasoning. If the request in the application is accepted, the Company will fulfil the requirement and the relevant person will be informed in writing or electronically.

In the event that the relevant person finds the response given by the Company insufficient or fails to respond to his/her application in due time, he/she may file a complaint to the Board within 30 (thirty) days from the date he/she learns the Company's response and in any case within 60 (sixty) days from the date of application to the Company. However, in requests related to the protection of personal data, it is obligatory to apply to the Company first, and a complaint cannot be made to the Board without exhausting this remedy.

Download PDPL Application Form

We use session and performance cookies in accordance with legal regulations on our website. If you wish, you can delete or block cookies in your browser settings.

Accept Cookies