Privacy Policy (KVKK)

PERSONAL DATA PROTECTION AND PROCESSING POLICY

1. INTRODUCTION

APAZ YİYECEK İÇECEK TİCARET ANONİM ŞİRKETİ ("Company") attaches great importance to the protection of personal data belonging to its customers, employees, employee candidates, suppliers, business partners, and other third parties.

In this awareness, the Company processes personal data in compliance with the Law on the Protection of Personal Data No. 6698 ("Law"), secondary legislation issued under this Law, and the decisions of the Personal Data Protection Board.

This Personal Data Protection and Processing Policy ("Policy") has been prepared to inform the personal data owners ("Relevant Person") about the Company's data processing activities and to regulate the principles to be followed regarding the protection of personal data.

2. PURPOSE AND SCOPE

This Policy covers all personal data processing activities of APAZ YİYECEK İÇECEK TİCARET ANONİM ŞİRKETİ and has been prepared to explain how the Company processes personal data, for what purposes it uses them, with whom it shares them, the rights of data subjects, and the measures taken for data security.

3. DEFINITIONS

• Personal Data: Any information relating to an identified or identifiable natural person.
• Special Categories of Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and clothing, association, foundation or trade union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
• Processing of Personal Data: Any operation performed upon personal data such as collection, recording, storage, preservation, alteration, rearrangement, disclosure, transfer, takeover, making available, classification or preventing the use thereof, wholly or partly by automatic means or provided that the process is part of any data filing system, by non-automatic means.
• Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data filing system.
• Data Processor: The natural or legal person who processes personal data on behalf of the data controller upon its authorization.

4. PRINCIPLES OF PERSONAL DATA PROCESSING

The Company processes personal data in compliance with the following fundamental principles:

• Lawfulness and fairness
• Being accurate and kept up to date where necessary
• Being processed for specified, explicit and legitimate purposes
• Being relevant, limited and proportionate to the purposes for which they are processed
• Being stored for the period laid down by relevant legislation or required for the purpose for which they are processed

5. PURPOSES OF PERSONAL DATA PROCESSING

Personal data are processed for the following purposes:

• Execution and management of business activities
• Ensuring communication
• Customer relationship management processes
• Supply chain management processes
• After-sales support services
• Performance of contractual obligations
• Legal compliance

6. TRANSFER OF PERSONAL DATA

Personal data may be transferred to third parties in compliance with the Law:

• To business partners and suppliers within the scope of conducting business activities
• To legally authorized public institutions and organizations
• To legally authorized private law persons

7. PERSONAL DATA STORAGE AND DESTRUCTION

Personal data are stored for the period required by relevant legislation or for the purpose for which they are processed, and are destroyed, deleted, or anonymized when the processing conditions are eliminated.

8. RIGHTS OF THE DATA SUBJECT

Data subjects have the following rights regarding the processing of personal data:

• To learn whether personal data are being processed
• To request information if personal data have been processed
• To learn the purpose of processing personal data and whether they are used in accordance with the purpose
• To know the third parties to whom personal data are transferred domestically or abroad
• To request rectification of personal data in case they are incomplete or inaccurately processed
• To request deletion or destruction of personal data
• To request notification of the operations carried out to third parties to whom personal data have been transferred
• To object to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems
• To claim compensation for damages in case of loss due to unlawful processing of personal data

9. DATA SECURITY MEASURES

The Company takes necessary technical and administrative measures to ensure data security:

• Technical measures: Firewall, encryption, penetration testing, access log records
• Administrative measures: Employee training, confidentiality agreements, data processing inventory

10. CONTACT INFORMATION

For your requests regarding the protection of personal data:

Data Controller: APAZ YİYECEK İÇECEK TİCARET ANONİM ŞİRKETİ
Address: Adalet Mah. Anadolu Cad. 41 Megapol Tower K:20 Bayraklı, İzmir
E-mail: kvk@apazgroup.com
Phone: 444 80 52