Catalog

AYNES GIDA SANAYİ VE TİCARET AŞ PERSONAL DATA PROCESSING AND PROTECTION POLICY

PRESENTATION AND SCOPE
This policy, created for Aynes Gıda Sanayi ve Ticaret AŞ (“Aynes Gıda”), has been prepared both within the framework of Law No. 6698 and its additional legislation and within the framework of the European Union General Data Protection Regulation (GDPR) as a text that can be taken as a basis for establishing international uniformity in the law on the protection of personal data. It regulates the principles and procedures to be applied in personal data processing activities. In case of conflict between national legislation and international legislation in the processing and protection of personal data, national legislation shall be applied first.

The purpose of the policy is to create a corporate culture in the processing and protection of personal data in the operation of Aynes Gıda and to ensure compliance with the personal data protection legislation by taking into account the rights of Aynes Gıda Related Persons. While creating the policy, maximum sensitivity was shown regarding the rights of Relevant Persons.

 

AYNES GIDA CONTACT PERSONS COMMITTEE
Aynes Gıda appoints a contact person within the framework of personal data protection law. A five-person Committee is formed within Aynes Gıda, including a contact person. The committee is chaired by Aynes Gıda contact person.

The contact person acts with the Committee's opinions and recommendations regarding administrative and technical measures. Regarding administrative and technical measures, the principles determined by the Personal Data Protection Authority are taken into account. The contact person makes the necessary efforts to ensure the Company's compliance with the personal data protection legislation. The contact person supervises the Company units for which he is responsible within the scope of personal data protection law. As a result of these inspections, when necessary, it warns the relevant units and informs the senior management of the situation.

The contact person records the administrative and technical risks and threats that arise in line with the notifications received from the Company's employees or people who have dealings with this Company and his own observations and inspections, and makes plans to eliminate them with the contributions of the Committee.

The contact person ensures coordination in responding to relevant person applications made to the Company within legal periods and in accordance with the procedure, and if necessary, makes the actual response. The contact person manages the Company's relations with the Personal Data Protection Authority.

 

PERSONAL DATA PROCESSING INVENTORY
Each unit of Aynes Gıda keeps an up-to-date personal data processing inventory and shares it with the contact person upon request. The unit manager is responsible for the accuracy and up-to-dateness of this inventory and presenting it to the contact person when necessary. The contact person prepares a joint training plan with the Committee and puts it into practice regarding keeping inventories accurate, implementing the current Company policy on the protection of personal data, and current developments on the protection of personal data.

 

GENERAL PRINCIPLES REGARDING PERSONAL DATA PROCESSING AND TRANSFER
Aynes Gıda takes the necessary administrative and technical measures to ensure the implementation of this policy and ensures that they are kept up to date. Aynes Gıda trains its employees for the implementation of the Policy and obtains the necessary commitments from its solution partners with data processing status. Aynes Gıda employees comply with the principles and criteria contained in this policy in their personal data processing activities.

In accordance with the legislation, Aynes Gıda ensures that personal data processing and transfer activities comply with the following criteria:

1. Complying with the law and the rules of honesty,

2. Being accurate and up to date when necessary,

3. Processing for specific, clear and legitimate purposes,

4. Being relevant, limited and proportionate to the purpose for which they are processed (data minimization principle),

5. To be preserved for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.

                                                                                                                                             

CONDITIONS FOR PROCESSING AND TRANSFER OF PERSONAL DATA
Aynes Gıda ensures that personal data processing activities are carried out based on one or more of the data processing conditions stated in Article 5 of Law No. 6698.

Aynes Gıda takes the necessary precautions in the processing of special personal data in line with the decisions taken by the Personal Data Protection Board.

When the purpose of processing personal data is eliminated or when it is determined that more personal data is processed than necessary for the relevant activity in line with the data minimization principle, these data are destroyed in accordance with the law.

Transfer of personal data within the scope of Aynes Gıda's activities is subject to the data transfer conditions stipulated in the legislation. Aynes Gıda complies with Articles 8 and 9 of Law No. 6698 in the transfer of personal data. A commitment is taken from the transferred persons regarding data security, that the data is processed in a limited and measured manner in connection with the purpose of transfer, that it will be destroyed in accordance with the procedure and confidentiality when the purpose of transfer is no longer fulfilled. Industry practices are also taken into account in Aynes Gıda's relations with third parties to whom it transfers data.

 

OBLIGATIONS OF AYNES GIDA SANAYİ VE TİCARET AŞ
1. Obligation to inform the relevant person

The Committee determines the necessary methods and practices to inform the Relevant Persons whose personal data are processed within the scope of Aynes Gıda's activities about the following information:

Identity of the Data Controller and his representative, if any,
Purpose of processing Personal Data,
To whom and for what purposes Personal Data may be transferred,
Method and legal reason for collecting Personal Data,
Rights of the person concerned.

2. Obligation to respond to relevant person applications

Data controller Aynes Gıda acts with the awareness that the Relevant Person has the following rights in the Relevant Person applications made:

Learning whether personal data is being processed or not,
Requesting information if personal data has been processed,
Learning the purpose of processing personal data and whether they are used for their intended purpose,
Knowing the third parties to whom personal data are transferred at home or abroad,
Requesting correction of personal data if they are incomplete or incorrectly processed,
Requesting the deletion or destruction of personal data in accordance with the law in cases where data processing conditions do not exist or disappear,
Requesting correction or destruction processes to be notified to third parties to whom personal data has been transferred,
Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automatic systems,
Request compensation for damages in case of damage due to unlawful processing of personal data.
Relevant persons may apply to Aynes Gıda regarding their rights listed above, in the procedure specified in the disclosure texts. In applications contrary to the specified procedure, the contact person informs the Relevant Person about this aspect of the application and guides the Relevant Person regarding the solution within the framework of the rules of good faith and honesty.

3. Obligation to take administrative and technical measures regarding personal data security

Aynes Gıda makes the necessary efforts to comply with personal data protection legislation. In this regard, Aynes Gıda primarily ensures that its employees are trained on the protection of personal data.

Aynes Gıda uses firewall and gateway in the information systems they use. In addition, it uses antivirus and antispam products. Ensures necessary system software is up to date. It takes into account and fixes feedback about security vulnerabilities in software.

Aynes Gıda imposes authorization restrictions on data processing activities carried out through the software they use.

 

STORAGE AND DESTRUCTION OF PERSONAL DATA
Personal data processed within Aynes Gıda is for the purpose of continuing its commercial activities uninterruptedly, fulfilling its legal obligations, conducting citizen and customer relations, planning and fulfilling employee rights; For data processing reasons specified in the Law, it is stored securely and sensitively in electronic or physical environments. If the aforementioned reasons are eliminated and the legal periods pass, these personal data are deleted, destroyed or anonymized, depending on their nature, ex officio or upon the request of the relevant person.

End to End