ASLI SNCAKTAROĞLU- ETHIQUE PLANT BASED
Regarding the Protection and Processing of Personal Data
The purpose of this Personal Data Protection and Confidentiality Policy is to set the principles to be followed by the Company within the Company and/or online methods while processing Personal Data and fulfilling its obligations to protect Personal Data in accordance with the provisions of the relevant legislation, especially the Law on the Protection of Personal Data No. 6698 of ETHIQUE PLANT BASED . determines.
The Company has undertaken to act in accordance with this Policy and the procedures to be applied in accordance with the Policy in terms of Personal Data within its own body.
This Policy covers all activities related to Personal Data being processed and is applied to related activities.
This Policy, personal data of employees, employee candidates, service providers, customers, visitors and other third parties are within the scope of this Policy, and this Policy is applied in all recording media where personal data owned or managed by Ethique Plant Based is processed and in activities for personal data processing. .
This Policy does not apply to data that does not qualify as Personal Data.
Explicit Consent: It refers to the consent that is based on being informed about a certain subject and that is expressed with free will.
Anonymization: It means making Personal Data impossible to be associated with an identified or identifiable natural person in any way, even by matching with other data.
Obligation to Disclose: It means the obligation of the Data Controller or the person authorized by him to inform the Data Subject within the scope of Article 10 of the KVKK during the acquisition of Personal Data.
Personal Data: Means any information pertaining to an identified or identifiable natural person (within the scope of this Policy, the term “Personal Data” will also include “Private Personal Data” defined below as appropriate).
Personal Data Processing: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available the Personal Data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, It refers to all kinds of operations performed on data such as classification or prevention of use.
Board: Refers to the Personal Data Protection Board.
Institution: Refers to the Personal Data Protection Authority.
KVKK: Refers to the Law on Protection of Personal Data No. 6698.
KVK Regulations: Law No. 6698 on the Protection of Personal Data and other relevant legislation on the protection of Personal Data, binding decisions, policy decisions, provisions, instructions and applicable international agreements on data protection and any other applicable legislation issued by regulatory and supervisory authorities, courts and other official authorities. means any kind of legislation.
KVK Procedures: refers to the procedures that determine the obligations that the dietitian, employees, Committee must comply with within the scope of this Policy.
Special Qualified Personal Data: Data related to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric data. and genetic data.
Data Processor: Refers to the natural or legal person who processes Personal Data on behalf of the Data Controller, with the authorization of the Data Controller.
Data Subject: Refers to all natural persons whose Personal Data are processed by or on behalf of a dietitian.
Data Controller: Refers to the natural or legal person who determines the purposes and means of Processing Personal Data and is responsible for the establishment and management of the data recording system.
Deletion or Deletion: It means making the Personal Data inaccessible and unusable for the relevant users in any way.
Destruction: It refers to the process of making Personal Data inaccessible, unrecoverable and unusable by anyone in any way.
4. PERSONAL DATA PROTECTION POLICY
Processing of Personal Data in Compliance with Law and Integrity Rules
Ethique Plant Based'in processes and undertakes to process Personal Data in accordance with the law and honesty and on the basis of proportionality.
Taking Necessary Precautions to Keep Personal Data Accurate and Up-to-Date When Necessary
Ethique Plant Based takes all necessary measures to ensure that Personal Data is complete, accurate and up-to-date and updates the relevant Personal Data in case the Data Subject requests a change in Personal Data within the scope of KVKK Regulations.
Processing of Personal Data for Specific, Clear and Legitimate Purposes
Prior to the Processing of Personal Data, Ethique Plant Based's determines the purpose for which Personal Data will be processed. In this context, the Data Subject is clarified within the scope of KVK Regulations and Explicit Consent is obtained when necessary.
Relating to the Purpose for which Personal Data is Processed, Limited and Measured
Ethique Plant Based processes Personal Data only in exceptional cases within the scope of KVK Regulations (Articles 5.2 and 6.3 of the KVKK) or for the purpose within the scope of the Explicit Consent from the Data Subject (Articles 5.1 and 6.2 of the KVKK) and in accordance with the principle of proportionality. The Data Controller processes the Personal Data in a way that is suitable for the realization of the determined purposes and refrains from obtaining and processing Personal Data that is not related to the realization of the purpose or is not needed.
Retention of Personal Data for the Period Envisioned in the Relevant Legislation or Required for the Purpose of Processing
Ethique Plant Based'in preserves Personal Data for the purpose as long as required by the legislation.
Personal Data is deleted, destroyed or Anonymized after the period required for the purpose of Personal Data Processing has expired.
5. PROCESSING OF PERSONAL DATA – EXPRESS CONSENT
Personal Data is processed after the notification to be made within the framework of fulfillment of the Obligation of Disclosure to Data Subjects and if the Data Subjects give their Explicit Consent.
Data Subjects are notified of their rights either directly or through Ethique Plant Based 's www.ethiqueplantbased.com website before Explicit Consent is obtained within the framework of the Disclosure Obligation .
The Explicit Consent of the Data Subject is obtained through methods in accordance with the KVK Regulations. Explicit Consent is provably maintained by Ethique Plant Based for the required period of time within the scope of KVK Regulations.
Processing of Personal Data without Explicit Consent
In cases where the Processing of Personal Data is foreseen without the Explicit Consent within the scope of KVK Regulations (Article 5.2 of the KVKK), Ethique Plant Based may process Personal Data without obtaining the Explicit Consent of the Data Subject. In case Personal Data is processed in this way, Ethique Plant Based Processes Personal Data within the limits drawn by the KVK Regulations. In this context: Personal Data may be processed by Ethique Plant Based without Explicit Consent, if it is expressly stipulated in the laws. Personal Data may be processed by Ethique Plant Based without Explicit Consent, if it is necessary for the protection of the life or bodily integrity of the Data Subject himself or someone other than the Data Subject, who is unable to express his or her consent due to actual impossibility or whose consent is not legally valid.
Provided that it is directly related to the establishment or performance of a contract, Personal Data may be processed by Ethique Plant Based without the Explicit Consent of the Data Subjects, if it is necessary to process the Personal Data of the parties to the contract .
If the Processing of Personal Data is mandatory for the Company to fulfill its legal obligation, Personal Data may be processed by the dietitian without the Explicit Consent of the Data Subjects.
Personal Data made public by the Data Subject may be processed by the dietitian without the express consent.
If the Processing of Personal Data is necessary for the establishment, exercise or protection of a right, Personal Data may be processed by Ethique Plant Based without express consent .
Provided that it does not harm the fundamental rights and freedoms of the Data Subject, Personal Data may be processed by the Company without Explicit Consent, if data processing is necessary for the legitimate interests of the dietitian.
Processing of Private Personal Data
Sensitive Personal Data can only be processed if the Explicit Consent of the Data Subject is available or in case of expressly required by law in terms of Sensitive Personal Data other than sexual life and personal health data.
Personal Data related to health and sexual life can only be used by persons (e.g. company physicians) or authorized institutions and organizations under the obligation of confidentiality for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. may be processed by organizations without express consent.
While Processing Special Quality Personal Data, precautions determined by Ethique Plant Based are taken.
Employees who have a job change or quit their job will immediately remove their authority in this area and will immediately take back the inventory allocated to the relevant employee.
Ethique Plant Based in case of the processing of Special Quality Personal Data in the physical environment, regarding the physical environments where the Data is processed, stored and/or accessed.
It will ensure that adequate security measures (against electricity leakage, fire, flood, theft, etc.)
It will prevent unauthorized entry and exit by ensuring the physical security of these environments.
In case of transfer of Private Personal Data, Data Controller:
If it is necessary to transfer Sensitive Personal Data via e-mail, an encrypted corporate e-mail address or a Registered Electronic Mail (“KEP”) account will be used.
In addition to the above regulations, the Company will comply with the KVK Regulations, particularly the Personal Data Security Guide, published by the Board regarding the security of Personal Data, including Special Quality Data.
6. PERSONAL DATA STORAGE PERIOD
Personal Data are kept by Ethique Plant Based or by third parties or companies for the period of relevant legal retention periods, and are kept for the period necessary for the realization of the activities related to this data and the purposes specified in this Policy. Personal Data whose purpose of use has expired and whose legal storage period has expired is deleted, destroyed or anonymized by Ethique Plant Based in accordance with Article 7 of the KVKK.
7. DELETING, DESTROYING AND MAKING PERSONAL DATA ANONYMOUS
When the legitimate purpose for the Processing of Personal Data ceases, the relevant Personal Data is Deleted, Destroyed or Anonymized.
Ethique Plant Based may store Personal Data for future use.
All Deletion, Destruction and Anonymization activities that Ethique Plant Based will implement on Personal Data will be carried out in accordance with the principles set forth in the Personal Data Storage, Destruction and Anonymization Policy.
8. EFFECTIVE DATE OF THE POLICY
This version of the Policy was approved on 01/09/2022 and entered into force.