-
Brief information about data protection law
We take great care in protecting personal data. Data protection laws allow people to manage how their personal information (any information that relates to them, such as a name, identification numbers, photos etc.) is used. Belkim Kimyevi Maddeler’s use of the personal information of its employees, contractors, customers, business contacts or any other identifiable individuals is covered and regulated in many cases by local data protection law (Law 6698). The use of personal data is subject to legal conditions. We only use sensitive personal information if it is absolutely necessary for us to use it. Personal data is used if it is necessary for business purposes. Personal data is not used for purposes other than business purposes. The use of biometric data is subject to special conditions. We do not use this data without permission. We protect personal data with technical, administrative and legal measures. Our company uses international information security standards to ensure information security (ISO/IEC 27001-2022)
Data protection laws affect Belkim Kimyevi Maddeler internationally
European (inc. The Türkiye) data protection laws do not allow the transfer of personal information to countries outside the European Economic Area that do not ensure an “adequate” level of data protection. Many of the countries in which the Belkim Kimyevi Maddeler operate are not regarded by the European Economic Area as providing an adequate level of data protection and/or privacy.
We ensure compliance with the data protection law
The Binding Corporate Rules (BCR) are based on European data protection standards and comprise the rules and internal practical procedures with respect to data privacy compliance. The rules must be followed by each employee and contractor of Belkim Kimyevi Maddeler when handling personal information. Applying European data protection standards (GDPR) across the Belkim Kimyevi Maddeler by means of the data privacy rules is the best way for the Belkim Kimyevi Maddeler to ensure that an adequate level of protection exists for transfers of personal information to countries outside the EEA across the Belkim Kimyevi Maddeler international operations. Compliance with the BCR forms part of our regular awareness and training on the topic of data privacy. We will take appropriate steps to deal with any instances of non-compliance. This document contains the 16 data privacy rules contained in the BCR adopted by Belkim Kimyevi Maddeler. The Belkim Kimyevi Maddeler Data Privacy Policy contains further detailed guidance to assist employees and contractors who work with personal information to put the rules into practice. These data privacy rules will be construed in accordance with and governed by the applicable data privacy laws.
We will comply with local and international data security laws
As an organisation Belkim Kimyevi Maddeler must always comply with any applicable legislation relating to personal data (e.g. in the Türkiye, KVKK Act 2018). Where there is no law or the law does not meet the standards set out by the rules in this document, we will process personal information in adherence to the rules in this document. We must be aware of any local or regional laws affecting the use of personal data and never ignore them.
We take responsibility for information data protection
Our company has established a data security organization. This organization includes the KVKK Coordinator, Data Controller Contact Person (DPO), KVKK Committee, Cyber Incident Response Team and Data Security Internal Auditors. Information management and auditing are managed, audited and reported to senior management by this internal organization. All individuals who manage personal data within the Belkim Kimyevi Maddeler should be aware of these rules and the commitment we have made to follow them. Every employee in the organization is responsible for performing his/her duty. Job descriptions, instructions and forms have been prepared.
We shall be open with individuals as to how their personal information will be used by us
Being open and transparent in the way we use and share our employees’, contractors’, customers’ and business contacts’ personal information is the most important step we can take to create good privacy practices. We must ensure that individuals are always told in a clear and comprehensive way about the uses, disclosures and other processing activities performed on their information when such information is obtained.
We only use personal data in a limited and proportionate manner in relation to the purpose
We use personal data only for business purposes. We prepare information texts before processing personal data. If express consent is required, we prepare express consent. It is prohibited to use personal data for purposes other than business. Our employees, our suppliers, stakeholders, customers, visitors have been informed about this.
Requests regarding the processing of personal data are taken into account
We shall always be receptive to any queries, requests or complaints made by individuals in connection with their personal information. Requests received by the company regarding the processing of personal data are evaluated. Confidentiality of private life is essential. Requests are evaluated as soon as possible and the most appropriate response is given to the relevant persons. In certain cases, the individual’s consent to the new processing activities may be necessary. Compliance with the law is essential in this matter. Compliance with Law No. 6698 and secondary regulations must be ensured.
Personal information is kept accurate and up to date
It is extremely important for data protection and privacy that personal data is accurate and up-to-date. Here are some points to consider:
- Accuracy of personal data
- Keeping personal data up to date
- Regular checking of personal data
- Informing Data Owners
- Establishing data processing and protection policies
Personal data is stored as long as necessary
Any personal information relating to individuals should only be kept where there is a business or legal need to do so. Personal data whose retention period has expired in accordance with the relevant laws will be destroyed or anonymized. Archive and data destruction policies and instructions are being created. Archive and destruction policies are established within the legal framework. Records of destroyed information and documents are kept. Personal data retention periods are recorded in the VERBIS database. You can access our VERBIS database record by typing our company name from this link www.kvkk.gov.tr
Protection of personal data with technical and administrative measures
We shall always adhere to appropriate technical and organisational security measures to protect personal information. Personal information must be kept secure. Technical and organisational security measures are necessary to prevent the unauthorised or unlawful processing or disclosure of personal information, and the accidental loss, destruction of, or damage to, personal information. We do the following work on this subject:
Technical security measures: We ensure network and system security; We have password and passcode policies; Penetration testing and vulnerability scanning are performed; Log records are kept; Backups of data are taken; Security hardening is being carried out
Administrative security measures: Training employees and increasing their awareness; Developing data security policies; Reducing personal data as much as possible; Providing supplier management; Performing risk analysis; Creating an access authorization matrix; Creating a personal data inventory; Performing data security internal audits.
Managing data processing suppliers
We attach importance to supplier management. Where a provider of a service to the Belkim Kimyevi Maddeler access to our employees, contractors, customers and business contacts personal information, we must impose contractual obligations dealing with the security of that information. All contracts with providers of such services should therefore include appropriate contractual provisions. Personal data security and confidentiality clauses are included in employment contracts. Suppliers are informed about data security. Suppliers are audited regarding personal data security.
About data transfer to third parties
We never transfer personal information to non-Belkim Kimyevi Maddeler without ensuring that the third parties provide the right level of protection. Transfers of personal information to non-Belkim Kimyevi Maddeler Entities in countries outside the European Economic Area that do not ensure an “adequate” level of data protection are not allowed without appropriate steps being taken, such as contractual clauses which will protect the personal data being disclosed. Personal data is only transmitted to authorized state institutions, courts and security agencies. If necessary, we may transfer personal data to our consultants, lawyers and suppliers who do work for us for business purposes.
Marketing communications and opt-out/opt-in options
We always allow customers to opt out of receiving marketing information. One of the key data protection elements is that individuals have the right to object to the use of their personal information for direct marketing purposes and Belkim Kimyevi Maddeler must honour all such opt out requests. Legal permission is obtained from customers for marketing communications. Individuals can revoke their marketing communication permission by submitting a written application, SMS or e-mail to your institution. We always suppress from marketing initiatives the personal data of individuals who have opted out of receiving marketing information. Responsible for a direct marketing campaign must take all necessary steps to prevent the sending of marketing materials to individuals who have opted out.
Identity and Full Address of the Data Controller to Whom You Will Apply
Data Controller: Belkim Kimyevi Maddeler Tic. ve San. A.Ş.
Adress: Gebze OSB, 2 Mah 1000. Cad No 1028/1, 41400 Çayırova/Kocaeli
E-mail: kvkk@belkim.com
Secure Email: belkim@hs01.kep.tr
Website: www.belkim.com
Close