KVKK ABOUT

Noya Energy

Law on the Protection of Personal Data (“KVKK”)

Definitions

In this clarification text;

Personal Data: Any information relating to an identified or identifiable natural person,

Law on the Protection of Personal Data (“KVKK”): The Law on the Protection of Personal Data No. 6698, which entered into force after being published in the Official Gazette on April 7, 2016,

Data Processor: The natural or legal person who processes Personal Data on behalf of the data controller based on the authorization given by him,

Data Controller: Refers to the natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system.

As Noya Energy (“Our Company”), the protection of fundamental rights and freedoms, the protection of privacy related to private lives, the provision and protection of information security, and respect for ethical values are among our primary principles. Accordingly, the Law on the Protection of Personal Data (“KVKK”) 10. In order to fulfill our disclosure obligation arising from the article, our explanations given below are presented for your information;

Data Controller

Our Company, which has the title of “Data Controller” as defined in the KVKK, processes your personal data for the purposes described below and within the limits ordered by the legislation.

Purpose of Processing and Transfer of Personal Data

In our company, employees (including volunteer, part-time, interns, students, candidate employees) and their family members and relatives, customers, suppliers, consultants, business partners, shareholders, Company officials and Company representatives, the person(s) with whom the contractual relationship is established and their employees, the person(s) who are the addressees of legal proceedings (such as lawsuits filed/to be filed/to be filed/finalized by or against the Company, enforcement proceedings, mediation proceedings, etc.) identity and contact information (including photograph and/or biometric data), family and social life, education and training information, employment information, information on request/complaint management, information on legal affairs, information on compliance with ethical values and law, financial information, audit information, use of electronic media, information on goods and services provided and provided, your personal data such as information related to business activities, trade and other licenses and permits, physical space security information, visual and audio information (photographs, cameras, audio recordings), telecommunication logs, e-mail and information systems services usage logs and login logs, and sensitive personal data such as union memberships, health reports and health data, biometric data and criminal record information (including investigation, prosecution and execution procedures) It is collected, recorded and processed in accordance with KVKK.

Your personal data, the realization of commercial activities carried out by our Company and the management and execution of related business processes, relations with business partners and/or suppliers, technical management of our Company’s websites, customer management and follow-up of complaints, product surveys and follow-up of the questions you send to our Company, Carrying out the necessary work by our business units to benefit you from the products and services offered by our Company, Planning and executing the sales, marketing, after-sales processes of products and/or services, informing about the contents of the products and services in question, sending commercial electronic messages with separate approval in accordance with the legal regulations, conducting competitions, events and other organizations, conducting legal and commercial relations with our Company and people who have a business relationship with our Company and ensuring the security of these relations, Administrative operations for communication, employee administration and management carried out by our company, ensuring the physical security and supervision of the company’s locations, planning logistics activities, conducting reputation research processes, compliance with ethical values and law and execution of legal affairs and procedures, follow-up of contract processes and/or legal requests, planning and execution of Human Resources and personnel recruitment processes and follow-up of education and training activities and realization, planning and/or execution of occupational health and/or safety processes, carrying out research and development activities and ensuring that our Company can benefit from incentives, planning and executing corporate communication and corporate governance activities, conducting information security management services, monitoring and auditing financial and/or accounting affairs and carrying out activities for the determination of financial risks of customers, Our Company’s commercial and business It is collected and processed within the scope and purposes of personal data processing conditions and purposes specified in Articles 5 and 6 of the KVKK and limited to these purposes, in order to determine and implement strategies, to create and follow visitor records, for other purposes to be notified to the relevant person during the acquisition of information, and to ensure the fulfillment of legal obligations as required or mandated by the relevant legislation. Your personal data may be transferred to reliable third parties and/or institutions and organizations and/or our business partners and/or Bosch Group companies in the country and/or abroad, and within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVKK, to the extent necessary and limited to this purpose, provided that it is necessary for the fulfillment of the above-mentioned purposes and to ensure your data security. In addition, personal data can be shared with public institutions and organizations that are authorized to request and receive this data as required by a legal requirement.

Method of Collecting Personal Data and Legal Reason

Personal data is collected, used, recorded, stored and processed by our company within the framework of the principle of proportionality, provided that it is connected and limited to the above-mentioned legitimate purposes, by verbal, written and/or electronic means by providing verbal, written and/or electronic information to personal data owners in a clear and understandable manner and obtaining their explicit consent when necessary, in accordance with the law and the rules of honesty.

We guarantee that your personal data will not be processed by our company for purposes other than those specified in this clarification document, and will not be transferred or stored to 3rd parties in the country and abroad.

Retention Period of Personal Data

Your personal data is stored within the retention periods specified in the relevant legal regulations, if no period is determined in the relevant legal regulations, in accordance with the practices and commercial practices of our Company or for the period required by the above-mentioned processing purposes, and then deleted, destroyed or anonymized in accordance with the KVKK.

The purpose of processing personal data has ended; If the relevant legislation and the retention periods determined by our Company have come to an end; Personal data can only be stored for the purpose of constituting evidence in possible legal disputes or asserting the relevant right related to personal data or establishing a defense. In the establishment of the periods herein, the statute of limitations for asserting the aforementioned right and the retention periods are determined on the basis of the examples in the requests made to our Company on the same issues despite the expiry of the statute of limitations. In this case, the stored personal data is not accessed for any other purpose and access to the relevant personal data is provided only when it is required to be used in the relevant legal dispute. Here, too, after the expiry of the aforementioned period, personal data is deleted, destroyed or anonymized.

Security of Personal Data

In order to prevent your personal data from being exposed to unauthorized access, loss and damage in the environments where they are processed and stored, the technical and administrative measures of the Information Security Management System (ISO 27001 Standard and good practice booklet 27018), the requirements of the Personal Data Protection Management System (Bureau Veritas – Data Protection Technical Standard, BS 10012 Data Protection Personal Information Management System Standard) and also the Security of Personal Data published by the KVKK board. The requirements of the relevant guidelines are constantly operated and developed within the scope of continuous improvement.

Rights of the Personal Data Owner

Pursuant to Article 11 of the KVKK, everyone can apply to the data controller and apply for themselves;

  1. a) To learn whether personal data is processed or not,
  2. b) If personal data has been processed, requesting information about it,
  3. c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

ç) To know the third parties to whom personal data is transferred in the country or abroad,

  1. d) Requesting correction of personal data in case of incomplete or incorrect processing,
  2. e) Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7,
  3. f) Requesting notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data has been transferred,
  4. g) Objecting to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,

ğ) In case of damage due to unlawful processing of personal data, it has the right to demand the compensation of the damage.

Application Methods Regarding the Rights of the Personal Data Owner

Pursuant to paragraph 1 of Article 13 of the KVKK, you can make your request to exercise your above-mentioned rights with the following methods and information in accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller” published in the Official Gazette dated March 10, 2018 and numbered 30356.

Required information in the application content;

  1. Name, Surname information of the applicant.
  2. If the applicant is a citizen of the Republic of Turkey, the TR identity number, if not, the passport number with the nationality or the identity number, if any.
  3. The address of the applicant’s place of residence or place of work for notification.
  4. The applicant’s e-mail address, telephone or fax for notification.
  5. The subject of the applicant’s claim.
  6. Information and documents based on the applicant’s request.

Application methods that can be used by the person concerned;

  1. The applicant can personally fill out the “Application Form” to the Company Address* and deliver it to the consultancy office with a closed envelope and a “Request for Information in accordance with the Law on the Protection of Personal Data” on the envelope.
  2. The applicant may send a notification to the Company Address* through a Notary Public, but the note “Information Request in Accordance with the Law on the Protection of Personal Data” must be added to the notification envelope.
  3. With the “Secure Electronic Signature” defined in the Electronic Signature Law No. 5070, the applicant can apply in person to our Company’s Registered Electronic Mail «info@noyaenerji.com» address with the note “Information Request in Accordance with the Law on the Protection of Personal Data” in the subject section.

* Company Address: Noya Energy, Abdurrahman Gazi Mahallesi Atayolu Caddesi No:31 Sancaktepe/Istanbul