MİKROMAN MADEN
POLICY OF PROTECTING AND PROCESSING PERSONAL DATA
MİKROMAN MADEN SAN. VE TİC. A.Ş.
2022
Target Group: All real persons whose personal data is processed by MİKROMAN MADEN
Prepared By: Personal Data Protection Council of MİKROMAN MADEN
Version: 2.0
Approved By: Personal Data Protection Board of MİKROMAN MADEN
ABOUT
Policy of Processing and Disposing of Personal Data of MİKROMAN MADEN (“Policy”) was prepared by taking secondary legislations and jurisprudence into consideration in the scope of administrative precautions after entering the Personal Data Protection Law numbered 6698 into force, and was added unanimously by Personal Data Protection Council of MİKROMAN MADEN SAN. VE TİC. A.Ş. to the company policy on …../…./2022, and became a part of Harmonization Process of Personal Data Protection. The Policy was investigated by Personal Data Committee of MİKROMAN MADEN, and was submitted to the approval of the Board of MİKROMAN MADEN SAN. VE TİC. A.Ş.. Personal Data Protection is one of the primary policies for our company. Being one of the most important steps of Harmonization Process of Personal Data Protection (“Process”), our policy consists of data and rights of our customers, employees, employee candidates, business partners and real persons getting contact with us.
The Policy has been prepared in Turkish, and Turkish text shall be principal in case of any dispute due to the translations of other languages.
This Policy has been prepared by MİKROMAN MADEN SAN. VE TİC. A.Ş, and cannot be reproduced and distributed without written permission of MİKROMAN MADEN SAN. VE TİC. A.Ş. under any circumstances.
© MİKROMAN MADEN SAN. VE TİC. A.Ş. v.2 2022
CONTENT
1. INTRODUCTION
1.1. Purpose
1.2. Scope
1.3. Ground
1.4. Definitions
2. ASPECTS RELATED TO PROTECTING PERSONAL DATA
2.1. Providing Safety of Personal Data
2.2. Protecting Specific Personal Data
2.3. Increasing the Consciousness to Protect and Process Personal Data
3. PROCESSING PERSONAL DATA
3.1. Processing Personal Data According to Legislation
3.2. Processing Conditions of Personal Data
3.3. Processing Sensitive Personal Data
3.4. Noticing of Personal Data Owner
3.5. Transferring Personal Data
4. PARAMETERS OF PERSONAL DATA
5.MEASURES TAKEN REGARDING THE PROTECTION OF PERSONAL DATA
6. STORAGE AND DISPOSAL OF PERSONAL DATA
7. RIGHTS OF PERSONAL DATA OWNERS AND USAGE OF THESE RIGHTS
7.1. Rights of Personal Data Owner
7.2. Exercise of Rights by the Personal Data Owner
7.3. Responding to Applications
7.4. Rejection of Personal Data Owner's Application
7.5. The Right of Personal Data Owner to Complain to the PDP Authority
8. EXECUTION
9. ENFORCEMENT and NOTICE
ANNEX 1- Data Category and Personal Data
ANNEX 2- Aims of Categorized Personal Data Processing
ANNEX 3 –Persons to whom Personal Data is Transferred and Purposes of Transfer
MİKROMAN MADEN
POLICY OF PROTECTING AND PROCESSING PERSONAL DATA
1. INTRODUCTION
MİKROMAN MADEN SAN. VE TİC. A.Ş. (‘’MİKROMAN MADEN”) takes cognizance of protecting personal data in activities carried out by it, and considers it as primary in business and transactions. Policy of Protecting and Processing Personal Data of MİKROMAN MADEN (“Policy”) is the main regulation in order to harmonize MİKROMAN MADEN organization and business processes with principles and methods of personal data process specified by Personal Data Protection Law numbered 6698 (“Law”). MİKROMAN MADEN processes and protects personal data with superior responsibility and consciousness in the direction of principles in the Plicy, and provides the required transparency by informing the owner of personal data.
1.1. Purpose
The purpose of this Policy is to harmonize the MİKROMAN MADEN organization and business processes with principles and methods of laws and other related legislations, and implement them in its activities efficiently. MİKROMAN MADEN takes any kind of administrative and technical precautions with this Policy in order to process and protect personal data, constitutes the required internal procedures, increases the awareness and organizes all the required trainings for consciousness. All the required precautions are taken for harmonizing shareholders, authorized persons, employees and business partners with Law processes, and suitable and efficient audit mechanisms are established.
1.2. Scope
The Policy includes all the personal data obtained automatically in business process of MİKROMAN MADEN or obtained in the way non-automatically provided that it is part of any data record system.
3. Ground
The Policy bases on the Law and the related legislation. The Personal Data is processed in order to comply with legal liabilities arising from Mining Law, Mining Directive, Directive Related to Authorized Legal Entities, Tender Directive of Mining Zones, Directive on National Commission of Mine Sources and Reserve Reporting, Directive of Turkish Geology Data and Core Database Duties, Principles and Methods, Directive of Mine Wastes and other related organization regulations.
The legislation in force shall be applied in case of the fact that there is any dispute between legislation in force and the Policy. Regulations foreseen by the related legislation are converted to MİKROMAN MADEN applications by means of the Policy.
1.4. Definitions
|
Explicit Consent |
Consent related to a particular aspect, based on information and stated with freewill. |
|
Application Form |
Application form including applications of owner of personal data to use their rights, prepared according to Personal Data Protection Law numbered 6698 and Notification About Principles and Methods of Application to Data Supervisor issued by Personal Data Protection Organization and related to the applications by the related person (Owner of Personal Data) to the data supervisor. |
|
Related User |
Persons processing personal data in the data supervision organization or with the authority and instruction taken by data supervisor excluding the person or department being responsible for storing, protecting and backing up the data technically. |
|
Dispose |
Deleting, disposing of or anonymizating personal data. |
|
Record Environment |
Any kind of environment including personal data obtained automatically and completely of partially or obtained in the way non-automatically provided that it is part of any data record system |
|
Personal Data |
Any kind of information related to the real person whose identity is definite or specifiable. |
|
Processing personal data |
Any kind of transaction on data such as obtaining personal data automatically and completely of partially or obtaining in the way non-automatically provided that it is part of any data record system, recording, storing, maintaining, changing, rearranging, disclosing, transferring, taking, making available, classifying or preventing usage etc. |
|
Anonymizating the personal data |
Converting the personal data to a condition which cannot be identified or related to a specifiable real person even by matching with other data. |
|
Owner of personal data |
Real person whose personal data is processed by or on behalf of MİKROMAN MADEN. |
|
Deleting personal data |
Deleting personal data and making the personal data unaccesible and non-reusable under any circumstances for the related users. |
|
Disposing of personal data |
Making personal data unaccesible, unrecapturable and non-reusable under any circumstances by anybody. |
|
Council |
Personal Data Protection Council |
|
Organization |
Personal Data Protection Organization |
|
Spesific personal data |
Personal data related to race, ethnicicty, political views, philosophical believes, religion, sects or other belief, clothes, membership of association, foundation of union, health, sexual life, sentences and security measures, and biometric and genetic data. |
|
Periodical disposal |
Deleting, disposing of or anonymizating personal data with the periods mentioned in policy of storing and disposing of personal data and with repeated intervals in case of the fact that conditions of processing personal data in the Law are removed completely. |
|
Data processor |
Real person and legal entity processing the personal data on behalf of data supervisor according to the provided authority. |
|
Data recording system |
Recording system in which personal data are configured and processed according to particular criteria. |
|
Data Owner / Related Person |
Real person whose personal data is processed. |
|
Data supervisor |
Real person or legal entity determining purposes and means of processing personal data and being responsible establishing and managing data recording system. |
|
Data Representative |
Real person assigned in order to perform the duties of Data Supervisor in the scope of provision of the related law. |
|
Directive |
Directive About Deleting, Disposing of or Anonymizating Personal Data published in Official Journal on the date of 28 October 2017. |
2. ASPECTS RELATED TO PROTECTING PERSONAL DATA
1. Providing Safety of Personal Data
MİKROMAN MADEN takes required precautions specified in article 12 of the Law according to the qualification of personal data in order to prevent disclosing, accessing, transferring the personal data against the legislations or prevent any kind of safety problems. MİKROMAN MADEN takes precautions and carries out audits in order to allow required personal data safety level according to the guides published by Personal Data Protection Organization.
2. Protecting Specific Personal Data
The precautions are taken and the required audits are performed for protecting biometric and genetic data as well as the specific data related to race, ethnicicty, political views, philosophical believes, religion, sects or other belief, clothes, membership of association, foundation of union, health, sexual life, sentences and security measures.
3. Increasing the Consciousness to Protect and Process Personal Data
MİKROMAN MADEN provides required trainings with the related persons in order to process and access the personal data as per the laws, maintain the data and increase the consciousness to use the rights. MİKROMAN MADEN constitutes required business processes and takes support from consultants if necessary, in order to increase the consciousness of employees to protect personal data. The failures encountered in the implementation and the result of trainings are evaluated by management of MİKROMAN MADEN SAN. VE TİC. A.Ş.. As a result of such evaluations, new trainings are organized if necessary according to the amendments in the related legislation.
3. PROCESSING PERSONAL DATA
3.1. Processing Personal Data According to Legislation
Personal data is processed as per the legislation under the principles mentioned below:
i. Processing According to Law and Good Faith
Personal data is processed under business processes according to the law and good faith without damaging fundamental rights and freedom of the persons.
ii. Enabling Personal Data Actual and Accurate
Required precautions are taken in order to keep the processed personal data actual and accurate, and it is worked under plan and schedule.
iii. Processing for Definite, Explicit and Legitimate Purposes
Personal data is processed according to the legitimate purposes determined in business processes and explained.
iv. Being Relevant, Limited and Continent for Processing Purpose
Personal data is collected in the qualification required by business processes, and processed related and limited to the determined purposes.
v. Maintaining for Required Period
Personal data is maintained at the least period specified in the related legislation and required for processing personal data. Firstly, it is maintained for the related period if a duration is defined in the legislation for storing the personal data, or for the required period for the purpose of processing personal data if a duration is not defined. At the end of the storing period for personal data, it is disposed of (deleted, disposed or anonymizated) with suitable methods according to the periodical disposal duration or application of data owner.
3.2. Processing Conditions of Personal Data
Personal data is processed by means of the explicit consent of the owner or by based on one or more conditions mentioned below:
i. Explicit Consent of Owner of Personal Data
Processing personal data is performed with the explicit consent of the owner. The Explicit consent of the owner of personal data is constituted by informing in a particular aspect and getting the freewill.
ii. Explicit Consent Absence of Owner of Personal Data
Personal data can be processed without the explicit consent of owner in case of any condition mentioned below:
a. Specifying Clearly in Laws
Personal data can be processed without consent of the owner in case of the fact that there is a clear provision in the laws related to the personal data processing.
b. Failure to Get Explicit Consent from the Related Person due to Actual Impossibility
The personal data of the owner can be processed in case of any obligation to process the personal data in order to protect his/her own life or any other’s life or physical integrity in regard with the person whose consent cannot be taken or cannot be valid due to the actual impossibility.
c. Depending Directly on Concluding or Performing Contract
The personal data of the owner can be processed if it is related directly to concluding or performing a contract in which the owner of the data is a party.
d. Fulfilling the Legal Liability
The personal data of the owner can be processed in case of obligatory processing of personal data while MİKROMAN MADEN is fulfilling the legal liabilities.
e. Anonymizating the Personal Data of Owner
Personal data of owner whose personal data is anonymizated can be processed limitedly.
f. Mandatory Data Processing for the Establishment or Protection of a Right
If the data processing is mandatory for the establishment, the personal data of the data owner may be processed.
g. Mandatory Data Processing for Legitimate Interest
Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is mandatory for the legitimate interests of MİKROMAN MADEN.
3.3. Processing Sensitive Personal Data
MİKROMAN MADEN processes sensitive personal data following the principles set out in the Law and Policy, by taking all necessary administrative and technical measures with the methods determined by the Board, with the following procedures and principles:
i. Sensitive personal data other than health and sexual life may be processed without the explicit consent of the data owner if there is an explicit provision in the law regarding its processing. In cases not explicitly stipulated by law, the explicit consent of the data owner is obtained.
ii. Sensitive personal data related to health and sexual life may be processed by persons under the obligation of confidentiality or authorized institutions and organizations: to protect public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, without the explicit consent of the data owner. Otherwise, the explicit consent of the data owner is obtained.
3.4. Noticing of Personal Data Owner
MİKROMAN MADEN informs personal data owners under the relevant legislation about the purposes for which their personal data are processed, with whom they are shared, with which methods they are collected, the legal reason, and the rights of data owners in the processing of their personal data. In this respect, the protection of personal data is carried out following other policy documents and clarification texts prepared within the framework of the principles in the Policy.
3.5. Transferring Personal Data
MİKROMAN MADEN may transfer personal data and sensitive personal data to third parties (third party companies, group companies, third natural persons) following the law by taking the necessary security measures in line with the purposes of personal data processing. MİKROMAN MADEN performs transfer transactions following the regulations stipulated in Article 8 of the Law.
i. Transferring Personal Data
Although explicit consent of the personal data owner is sought for the transfer of personal data, personal data may be transferred to third parties by taking all necessary security measures, including the methods prescribed by the Board, based on one or more of the following conditions.
a. expressly stipulated in the Laws,
b. It is directly related and necessary to the establishment or performance of a contract,
c. It is mandatory for MİKROMAN MADEN to fulfill its legal obligation Limited for the purpose of publicization, provided that the personal data have been made public by the data owner, it is mandatory for the establishment, use, or protection of the rights of the MİKROMAN MADEN or data owner or third parties,
f. It is mandatory for the legitimate interests of MİKROMAN MADEN, provided that it does not harm the fundamental rights and freedoms of the data owner,
g. If the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid is obligatory for him/herself or someone else to protect his/her life or body integrity.
Personal data related to any of the above-mentioned situations may be transferred to those who have the status of a foreign country that has been declared as a "Foreign Country with Adequate Protection" and determined by the Board to have adequate protection. Personal data may be transferred according to the conditions stipulated in the legislation to those who do not have sufficient protection, who undertake adequate protection in writing by the data controllers in Turkey and foreign countries, and who have the status of "Foreign Country where the Data Controller Undertakes Adequate Protection" with the permission of the Board. However, your personal data is not transferred abroad by MİKROMAN MADEN.
ii. Processing Sensitive Personal Data
Following the principles set out in the Policy, personal data of special nature can be transferred under the following conditions by taking all necessary administrative and technical measures, including the methods to be determined by the Board:
a. Sensitive personal data other than health and sexual life, without the explicit consent of the data subject if there is an explicit provision in the law regarding the processing of personal data, otherwise if the explicit consent of the data subject is obtained
b. Personal data of special nature related to health and sexual life, protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, without explicit consent by persons or authorized institutions and organizations under the obligation of confidentiality, otherwise the explicit consent of the data owner is obtained.
Personal data may be transferred to those with "Foreign Country with Adequate Protection" status according to the data transfer conditions regulated in the legislation if any of the above conditions are found, and to those with "Foreign Country with Adequate Protection Undertaking Data Controller" status if there is not enough protection. Your sensitive personal data is not transferred abroad by MİKROMAN MADEN
4. PERSONAL DATA INVENTORY PARAMETERS
In MİKROMAN MADEN management, human resources, administrative affairs, financial affairs (accounting-finance), planning-logistics-computing, production, product development-quality, R&D marketing-sale, purchasing business processes, data categories, and personal data (Annex-1) of personal data ownership consisting of employee candidate, employee, shareholder/partner, potential product or service recipient, trainee, supplier official, product or service recipient, parent/guardian/representative, visitors are processed depending on personal data processing purposes (Annex-2). For the purposes of processing according to the data categories, the details of the data subject person groups are reported in the field of MİKROMAN MADEN at https://verbis.kvkk.gov.tr/.
The purposes of personal data processing are processed according to the personal data categories, to inform the relevant persons following Article 10 of the Law and other legislation, based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, to carry out the personal data processing following the general principles specified in the Law, especially the principles specified in Article 4 of the Law.
Following the principles set out in section "3.5. Transfer of Personal Data”: It can be shared with real persons or private legal entities, shareholders, business partners, affiliates and subsidiaries, suppliers, authorized public institutions and organizations, private insurance companies, auditors, consultants, contracted services, and domestic organizations (Annex-3). There is no transfer of personal information to foreign countries.
5. MEASURES TAKEN REGARDING THE PROTECTION OF PERSONAL DATA
MİKROMAN MADEN takes the necessary technical and administrative measures to protect the personal data it processes following the procedures and principles set out in the Law, carries out the necessary inspections in this context, and carries out awareness-raising and training activities.
If the processed personal data are obtained by third parties through unlawful means despite all technical and administrative measures being taken, MİKROMAN MADEN shall notify the relevant persons and units as soon as possible.
6. STORAGE AND DISPOSAL OF PERSONAL DATA
MİKROMAN MADEN shall keep the personal data for the period required for the purpose of processing and for the minimum period stipulated in the relevant legislation. MİKROMAN MADEN stores personal data for the period required for the purpose of processing personal data if a period is determined in the relevant legislation, following this period; if a legal period is not foreseen. At the end of the specified storage periods, personal data are destroyed by the specified method (deletion, destruction, or anonymization) following the periodic destruction periods or the application of the data owner.
7. RIGHTS OF PERSONAL DATA OWNERS AND USAGE OF THESE RIGHTS
7.1. Rights of Personal Data Owner
Personal data owners have the following rights arising from the Law:
i. To learn whether personal data is processed or not,
ii. To request information about personal data if they have been processed,
iii. To learn the purpose of processing personal data and whether they are used following their purpose,
iv. To know the third parties to whom personal data are transferred at home or abroad,
v. To request the correction of personal data in case of incomplete or inaccurate processing and to request the notification of the transaction made within this scope to the third parties to whom the personal data are transferred,
vi. To request the deletion or destruction of personal data in case the reasons for processing are eliminated, even though they have been processed following the provisions of the Law and other relevant laws, and to request the notification of the transaction made within this scope to the third parties to whom the personal data have been transferred,
vi. To object to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,
viii. To request compensation in case of suffering damage due to unlawful processing of personal data.
7.2. Exercise of Rights by the Personal Data Owner
Personal data owners may submit their requests regarding the rights listed in Article 6.1 to MİKROMAN MADEN by the methods determined by the Board. Personal data owners and those who have the right to apply on their behalf can apply to MİKROMAN MADEN by filling out the "Data Owner Application Form" on our website.
7.3. Responding to Applications
MİKROMAN MADEN concludes the applications made by the personal data owner following the Law and other legislation. Requests duly submitted to MİKROMAN MADEN shall be concluded free of charge as soon as possible and within 30 (thirty) days at the latest. However, if the transaction requires an additional cost, a fee may be charged following the tariff determined by the Board.
7.4. Rejection of the Application of the Personal Data Owner
MİKROMAN MADEN may reject the request of the applicant by explaining the reason in the following cases:
i. Processing personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,
ii. Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy or personal rights or does not constitute a crime,
iii. Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security,
iv. Processing of personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution procedures,
vi. If the processing of personal data is necessary for the prevention of committing a crime or for the investigation of a crime,
v. Processing of personal data made public by the personal data owner,
vi. The processing of personal data is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by authorized public institutions and organizations and professional organizations in the nature of public institutions, based on the authority granted by the law,
vii. The processing of personal data is necessary for the protection of the economic and financial interests of the State in relation to budget, tax and financial matters,
viii. If the request of the personal data owner is likely to prevent the rights and freedoms of other persons,
ix. Requests that require disproportionate effort
x. The requested information is public information.
The Right of Personal Data Owner to Complain to the PDP Authority
In cases where the application is rejected following Article 14 of the Law, the answer given is found to be insufficient or the application is not answered in due time; MİKROMAN MADEN may file a complaint with the Board within thirty days from the date of learning the answer of mine and in any case within sixty days from the date of application.
6. Information that may be requested from the Applicant Personal Data Owner
MİKROMAN MADEN may request information from the relevant person in order to determine whether the applicant has personal data or not. In order to clarify the issues included in the application of the personal data owner, MİKROMAN MADEN may ask questions about its application to the personal data owner.
8. EXECUTION
The policy has been approved and put into effect by the Executive Board. The technical execution of the Policy is ensured by the "Storage and Destruction Policy of Personal Data" (Annex-4).
The Board of Directors is responsible for the execution and updating of the Law and Policy when necessary, and the MİKROMAN MADEN Personal Data Protection Committee is responsible for the follow-up, coordination and supervision of all works and transactions within this scope.
9. ENFORCEMENT and NOTICE
The policy entered into force as of the date of its publication. Changes in the policy are published on the websites of MİKROMAN MADEN (www.mikroman.com.tr) and made available to personal data owners and related persons. The policy changes shall enter into force on the date of announcement.
ANNEXES
ANNEX 1- Data Category and Personal Data
ANNEX 2- Aims of Categorized Personal Data Processing
ANNEX 3- Persons to whom Personal Data is Transferred and Purposes of Transfer
ANNEX 4- Storage and Destruction Policy of Personal Data
ANNEX 1- Data Category and Personal Data
|
Data Category |
Personal Data |
|
ID |
Name, Surname |
|
Name, Surname of Mother and Father |
|
|
Name and surname of the dependents of the personnel |
|
|
Birth Date |
|
|
Birth Place |
|
|
Marital Status |
|
|
ID Card Serial and Registration No |
|
|
Identity Number |
|
|
Sex Info |
|
|
Identity Card |
|
|
Driving License |
|
|
Tax Identity Number |
|
|
Nationality |
|
|
Signature |
|
|
SSI Registration No |
|
|
Contact |
Residential Address |
|
|
|
|
Address |
|
|
Contact Address |
|
|
Registered Electronic Mail Address (KEP) |
|
|
Phone Number |
|
|
Firm Name |
|
|
House Phone Number |
|
|
Shipment Address |
|
|
Web Address |
|
|
Fax : |
|
|
Personnel's Information (Family Information) |
Name, Surname |
|
ID Number |
|
|
Birth Date |
|
|
Birth Place |
|
|
Sex |
|
|
Name of Mother and Father |
|
|
State of Education |
|
|
State of Family |
|
|
Person to Whom He/She is Affiliated in Terms of SSI |
|
|
Location |
Vehicle Tracking System Info |
|
Personnel Info |
Payroll Info |
|
Background Info |
|
|
Performance Evaluation Reports |
|
|
Position Info |
|
|
Passport Photo |
|
|
Status of Military Service |
|
|
Reference Info |
|
|
Legal Transaction |
Information in correspondence with judicial authorities, information in the case file, etc. |
|
Customer Transaction |
Invoice |
|
Note |
|
|
Cheque Info |
|
|
Order Info |
|
|
Appointment Info (date, hour and information of physician to be consulted) |
|
|
Invoice Amount Information |
|
|
Physical Area Security |
Entry-Exit Registration Information of Employees and Visitors |
|
Camera Records |
|
|
Transaction Security |
Transaction Security (such as IP address information, website login and exit information, password and password information) |
|
Traffic information (IP Address Information, Website Login-Output Information, Password and Password Information, Log Records, Device IMEI no and MAC address) |
|
|
Finance |
Bank Account Number |
|
Credit card no |
|
|
Payment Due Date |
|
|
Tax number |
|
|
IBAN |
|
|
Professional Experience |
Diploma Information |
|
Courses Taken |
|
|
On-The-Job Training Information |
|
|
Certificates |
|
|
Visual and Audio Records |
Closed Circuit Camera System Image, Audio Recording |
|
Health Information |
Blood Type Information |
|
Disability Status |
|
|
Device Prosthesis Information Used |
|
|
Visitor's fever |
|
|
Health Family History |
|
|
Disease and drug information used |
|
|
Physical examination findings |
|
|
Laboratory Findings |
|
|
Opinion |
|
|
Symptoms of cough, pain, runny nose, shortness of breath, etc. |
|
|
COVID contact information in the last 14 days |
|
|
Personal Health Information |
|
|
Study Data |
Department |
|
Temporary duty start date |
|
|
Time attended the training |
|
|
Shift information of the facility where he/she works |
|
|
Shift information |
|
|
Temporary task end date |
|
|
Overtime start date |
|
|
Overtime end date |
|
|
Occupation |
|
|
References |
|
|
Risk Management |
Trade Registry Example |
|
Certificate of Authorization |
|
|
Chamber Registration Certificate |
|
|
Signature Circular |
|
|
Industry Registration Certificate Sample |
|
|
Business Registration Certificate |
|
|
Tax Certificate |
|
|
Insurance |
Social Security Institution Data |
|
Biometric Data |
Biometric face data |
|
Misc. |
Visited person/department |
|
Contract information (Start Date, Monthly rent) |
|
|
Year of Permit |
|
|
Information of the goods entrusted |
|
|
Information about the report |
|
|
Reason for Visit (Maintenance-Repair/Meeting/Study) |
ANNEX 2- Aims of Categorized Personal Data Processing
|
Conducting Emergency Management Processes |
|
Execution of Information Security Processes |
|
Execution of Employee Candidate / Intern / Student Selection and Placement Processes |
|
Execution of Application Processes of Employee Candidates |
|
Execution of Employee Satisfaction and Commitment Processes |
|
Fulfillment of Employment Contract and Legislative Obligations for Employees |
|
Execution of Benefits and Benefits Processes for Employees |
|
Execution of Training Activities |
|
Execution of Access Authorization |
|
Conducting Activities following the Legislation |
|
Execution of Finance and Accounting Affairs |
|
Execution of Assignment Processes for Ensuring Physical Space Security |
|
Execution of Assignment Processes |
|
Execution and Follow-up of Legal Affairs |
|
Conducting Communication Activities |
|
Planning Human Resources Processes |
|
Conduct / Audit of Business Activities |
|
Conducting Occupational Health / Safety Activities |
|
Conducting Business Continuity Activities |
|
Receiving and Evaluating Suggestions for Improving Business Processes |
|
Execution of Goods / Service Purchase Processes |
|
Execution of Goods / Services After Sales Support Services |
|
Execution of Goods / Services Sales Processes |
|
Execution of Goods / Services Production and Operation Processes |
|
Execution of Customer Relationship Management Processes |
|
Execution of Performance Evaluation Processes |
|
Execution of Retention and Archive Activities |
|
Execution of Contract Processes |
|
Ensuring the Security of Movable Goods and Resources |
|
Ensuring the Security of Data Controller Operations |
|
Informing Authorized Persons, Institutions and Organizations |
|
Execution of Management Activities |
|
Creating and Tracking Visitor Records |
Annex 3 – Persons to whom Personal Data is Transferred and Purposes of Transfer
In accordance with Articles 8 and 9 of the MİKROMAN MADEN Law, the participant may transfer the personal data of the employees to the following categories of persons:
|
Persons to whom Data Transfer can be made |
Definition |
Data Transfer Purpose and Scope |
|
Real persons or private law legal entities |
Real or legal persons with whom MİKROMAN MADEN has a relationship and carries out transactions following its activities |
Restricted to the work and transaction performed |
|
Business partners |
Business partners, business partner banks with which MİKROMAN MADEN is associated for purposes such as performing its services |
Establishment and execution of business partnership limited to its purpose and activities |
|
Authorized Public Institutions and Organizations |
Public institutions and organizations authorized to receive information and documents from MİKROMAN MADEN according to the provisions of the relevant legislation such as Social Security Institution, Tax Offices, etc. |
Limited to the purpose requested by the relevant public institutions and organizations under their legal authority |
|
Legally Authorized Private Legal Persons |
Institutions or organizations established following certain conditions following the provisions of the relevant legislation and continuing their activities within this framework |
Limited to the subjects falling within the fields of activity they carry out |
|
Private Insurance Companies |
Private health, pension, IAI (Individual Annuity Insurance) Application |
Limited to the scope of private insurance registrations and notices |
|
Members of the Board of Directors |
Members of the Board of Directors of MİKROMAN MADEN |
To carry out the activities of the Board of Directors of MİKROMAN MADEN, limited |
|
Organizations receiving services and cooperating |
Organizations that receive contracted services and cooperate |
Limited to contract and cooperation protocol principles |
|
Lawyers with the power of attorney when the lawyer warns the |
Lawyers with the power of attorney when the lawyer warns the |
The company is limited to the issues that may have legal consequences on its activities and worker transactions. |
|
Supplier |
Parties providing services to the MİKROMAN MADEN in line with the purposes and requests of data processing |
Limited to supply goods and services to carry out the commercial activities of MİKROMAN MADEN from external sources |
|
Consultants |
Experts and those who benefit from their experience |
Experts and those who benefit from their experience |
|
Auditors |
Auditors with audit authority when they comply with the relevant legislation |
Authorities and duty limits specified in the legislation |
