Personal Data Processing Privacy Notice
As KOCAER ÇELIK A.Ş. (“Kocaer Çelik” or the “Company”), we process all kinds of personal data belonging to all individuals associated with the Company in accordance with the Law No. 6698 on the Protection of Personal Data (“Law”).
In this English version of the Privacy Notice, prepared pursuant to Article 10 of the Law, data subjects are informed in line with the Data Controller’s duty to inform.
Data Controller (Kocaer Celik) and Its Representative
This disclosure is made by the Company, acting as the Data Controller within the scope of the Law No. 6698, to inform its employees, job applicants, customers, suppliers, consultants, business partners, shareholders, company officials, company representatives, persons with whom the Company has contractual relationships, their employees, visitors, and all other real or legal persons with whom the Company communicates for any reason.
For each personal data processing activity, a specific disclosure text will be also be will also be provided.
Purposes of Processing Personal Data
Personal data are processed by the Company in accordance with the principles stated in Article 4 of the Law and based on one or more of the conditions set forth in Articles 5 and 6 of the Law, for the following purposes:
- Conducting emergency management processes
- Ensuring information security processes
- Managing candidate / intern / student recruitment and placement processes
- Managing job application processes
- Conducting employee satisfaction and engagement processes
- Fulfilling obligations arising from employment contracts and legislation
- Managing employee benefits and fringe benefits
- Conducting audit and ethics activities
- Conducting training activities
- Managing access authorizations
- Ensuring compliance with legislation
- Managing finance and accounting processes
- Managing loyalty processes related to products/services
- Ensuring physical security of facilities
- Managing assignment processes
- Conducting legal affairs
- Conducting internal audit / investigation / intelligence activities
- Managing communication activities
- Planning human resources processes
- Conducting and supervising business operations
- Managing occupational health and safety processes
- Receiving and evaluating suggestions for improving business processes
- Ensuring business continuity
- Managing cargo and logistics processes
- Managing procurement processes
- Managing after-sales support services
- Managing sales processes
- Managing production and operational processes
- Managing customer relations
- Conducting customer satisfaction activities
- Organizing events and organizational activities
- Conducting marketing analysis studies
- Conducting performance evaluation processes
- Managing advertising, campaign, and promotion activities
- Managing risk processes
- Managing archiving and storage activities
- Managing social responsibility and NGO activities
- Managing contract processes
- Managing sponsorship activities
- Conducting strategic planning activities
- Managing requests and complaints
- Ensuring security of movable assets and resources
- Managing supply chain processes
- Managing wage and compensation policies
- Managing product and service marketing processes
- Ensuring the security of the data controller’s operations
- Conducting investment and R&D activities
- Managing talent and career development activities
- Providing required information to authorized individuals and entities upon request
- Managing administrative activities
- Creating and tracking visitor records
Additionally, personal data may be processed in accordance with legal obligations imposed by regulatory and supervisory authorities.
Personal data and special categories (sensitive personal data) of personal data are securely stored in physical or electronic environments for the duration required for processing purposes. All processing activities are carried out in compliance with the Law No. 6698 on the Protection of Personal Data and relevant legislation.
For detailed information, please review the “Personal Data Protection and Processing Policy” available at www.kocaersteel.com
Transfer of Personal Data
Your personal data may be transferred, within the scope of Article 8 of the Law, for the purposes stated above, to:
- Contracted data processors for the execution of activities
- Business partners, dealers, and affiliates
- Suppliers and supplier employees
- Independent audit firms and public institutions
- Legal, financial, and tax consultants
- Shareholders (limited to strategic business purposes)
- Authorized public institutions and organizations
- Courts upon request
- Institutions required by law
- Banks and insurance companies
- Subcontractors
- Data processors providing technical or administrative support
- Educational institutions
- Travel agencies, hotels, and airlines
- Healthcare providers serving Company employees
Transfers may occur based on explicit consent or under conditions specified in Articles 5(2) and 6(3) of the Law.
International Transfer of Personal Data
Personal data may be transferred abroad in accordance with Article 9 of the Law, subject to explicit consent or where adequate protection exists as determined by the Personal Data Protection Board. If adequate protection does not exist, transfer may occur only if data controllers in Türkiye and the relevant foreign country provide written assurance of adequate protection and receive approval from the Board.
Method and Legal Basis of Data Collection
Personal data are collected through websites, contracts, forms, surveys, job applications, social media, call centers, training sessions, offices, physical environments, and camera systems, either verbally, in writing, or electronically, with or without explicit consent where legally permitted.
Personal data are processed based on the following legal grounds:
- Explicit consent
- Explicitly stipulated in laws
- Compliance with legal obligations
- Necessity for the performance of a contract
- Public disclosure by the data subject
- Necessity for establishment, exercise, or protection of a right
- Legitimate interests of the data controller, provided fundamental rights are not harmed
- Special categories of personal data are processed only under the conditions specified in Article 6(3) of the Law.
Retention Period
Personal data are retained for the periods stipulated by legislation or as long as necessary for processing purposes. Upon expiration, data are securely destroyed.
Rights of the Data Subject
Under Article 11 of the Law, data subjects have the right to:
- Learn whether personal data are processed
- Request information regarding processing
- Learn the purpose of processing and whether data are used accordingly
- Know third parties to whom data are transferred domestically or abroad
- Request correction of incomplete or inaccurate data
- Request deletion or destruction of personal data
- Request notification of these actions to third parties
- Object to results against the individual arising from automated processing
- Request compensation for damages due to unlawful processing
Data Subject Access Request
Applications may be submitted via:
- Written application delivered in person with wet signature
- Notary public
- Secure electronic signature
- Mobile signature
- Registered Electronic Mail (KEP): [email protected]
- Registered email address previously provided to the Company
Applications must contain the applicant's identity, contact details, a clear explanation of the request, and any supporting documentation.
Updating Your Information
You may request updates to your personal data by contacting the Company in person or via [email protected]
Amendments
Kocaer Çelik reserves the right to amend this clarification text in line with legislative changes or decisions of the Personal Data Protection Authority.
