GDPR POLICY

As Data Processor, DISA OTOMOTIV URUNLERI SANAYI ve TIC.A.S., DISA OTOMOTIV ITHALAT IHRACAT PAZARLAMA A.S., DISA ULUSLARARASI TICARET A.S. and DISA AUTOMOTIVE GMBH ("DISA" or "COMPANY"), we show utmost sensitivity to the security of personal data and to protect fundamental rights and freedoms, especially privacy in processing your personal data.

Some of your personal data is processed by DISA in the capacity of data processor. With this policy, we inform you about your personal data, the ways of collecting and transferring your personal data, the purposes of processing, legal reasons and your rights in accordance with the provisions of the Turkish Law on Protection of Personal Data No.6698 ("KVKK" or "GDPR").

DISA reserves the right to update this policty at any time within the framework of changes to be made in the legislation and changes in the purposes of processing and transferring personal data. You can always easily follow the updates made on our website.

In addition, if you request, we will also share our Personal Data Storage and Destruction Procedure with you.

1. Data Processor

In accordance with KVKK - GDPR, your personal data; as data processor; DISA, which is established and continues its activities as a joint stock company in accordance with the laws of the Republic of Turkey and registered under the registry number 4975 of the Corlu Trade Registry Office, located at Ergene 2 Organized Industrial Zone D-100 Karayolu, No: 139/1 Ergene / Tekirdağ, can be processed by our company within the scope described in this policy.

2. Processing of Personal Data and Personal Data

In accordance with the KVKK- GDPR, any information that makes your identity specific or identifiable constitutes your personal data. Individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are private and these are interpreted as qualified personal data.

Processing of your personal data refers to all kinds of operations performed on the data such as obtaining, saving, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of these data in accordance with the KVKK - GDPR.

If you are our customer, your processed personal data are: (directly from you or your company representative), your identity information (name, last name, mother-father name, ID No, date of birth, etc.), your contact information (phone number, address, e-mail address), professional experience information (name of the company you work for, title within the company, etc.), financial information (bank account information, etc.), employee information and their contact information, product information you have purchased, your signature, your video recording if you visit our facilities and your vehicle license plate if you visit the company with your vehicle.

If you are our supplier, your processed personal data are: (directly from you or your company representative), your identity information (name, last name, mother-father name, ID No, date of birth, etc.), your contact information (phone number, address, e-mail address), professional experience information (name of the company you work for, title within the company, etc.), financial information (bank account information, etc.), employee information and their contact information, product information you have purchased, your signature, your video recording if you visit our facilities and your vehicle license plate if you visit the company with your vehicle.

If you are an employee of our customers or suppliers, your processed personal data are; your name and last name, your contact information (phone number, e-mail address), professional experience information (name of the company you work for, your title in the company, etc.), your video recording if you visit our faciilities, and your vehicle license plate if you visit the company with the vehicle.

If you are a candidate customer, your processed personal data are; your name and last name, your contact information (phone number, e-mail address), professional experience information (name of the company you work for, your title in the company, etc.) through the business cards given at your own request as a result of the application you have made on our website or through the fairs.

If you are a candidate supplier, your processed personal data are; your name and last name, your contact information (phone number, e-mail address), professional experience information (name of the company you work for, your title in the company, etc.) through the business cards given at your own request as a result of the application you have made on our website or through the fairs.

If you are a visitor to our facility, your processed personal data are; your name and last name, your video recording if you visit our faciilities, and your vehicle license plate if you visit the company with the vehicle.

3. Purpose of Processing Personal Data

DISA can process your personal data in general, within the scope of the Turkish Commercial Code, Turkish Code of Obligations and other legal regulations, in order to continue its business activities, to ensure customer satisfaction, to fulfill its contractual obligations, to carry out marketing activities and to fulfill its legal obligations.

For our customers and suppliers; Ensuring the legal and commercial security of customers and suppliers, fulfilling the obligations arising from the legislation, carrying out storage and archive activities, determining commercial and business strategies, conducting information security processes, performing audit activities, carrying out service sales and purchasing processes, continuing commercial activities, finance and carrying out accounting procedures, conducting communication activities, providing after-sales support, providing information to authorized persons, institutions and organizations, monitoring and executing legal affairs, carrying out risk management processes, following up demands and complaints.

For our customer and supplier Candidates; Carrying out marketing-selling and purchasing processes of products, determining commercial and business strategies, carrying out information security processes, continuing commercial activities, conducting communication activities, and following up demands and complaints.

For visitors; The security of our facility.

Your personal data is processed in accordance with the principles of compliance with the law and honesty rules, being accurate and up-to-date when necessary, processing for specific, clear and legitimate purposes, being linked, limited and proportionate to the purpose for which they are processed, and keeping them for the period required by the relevant legislation or the purpose for which they are processed.

4. Method and Legal Reason for Collecting Personal Data:

Your personal data can be accessed through physical or electronic media through channels such as our general directorate, organizations, information on your website in order to provide the services we offer within the specified legal framework and to fulfill our company's responsibilities arising from the contracts and legal legislation in a complete and correct manner. It carries out our activities by obtaining from various verbal, written or electronic media by automatic or non-automatic methods and through other channels through which our company communicates with you or can communicate with you in the future.

Your personal data collected for this legal reason can be processed and transferred for the purposes specified in this policy within the framework of the personal data processing conditions and purposes specified in Articles 4, 5 and 6 of the KVKK - GDPR. The legal reasons for its processing are as follows:

For our customers and suppliers; It is necessary to process your personal data, provided that we establish a contractual relationship with you or are directly related to our performance obligation arising from this contract. processing your contact information for the purpose of communication, recording your bank account number for tracking payment activities), legitimate interest of the Data Processor (for example, keeping camera recordings to ensure physical space security), your explicit consent we receive / will receive from you when necessary.

For visitors; Legitimate interest as a Data Processor.

For our Customer and Supplier Candidates; The legitimate interest of the Data Processor (such as contacting us by filling out the relevant section on our website), being made public by the relevant person himself (such as communicating with you through the information on the business card you voluntarily provided as a result of the fairs carried out) and your consent we got where required.

5. Transfer of Personal Data:

The personal data collected can be transferred for limited purposes, processed domestically or abroad with the purpose of fulfillment of the commercial activities carried out by DISA in accordance with the legislation and the Company's Internal Policies and Procedures, ensuring the legal and commercial security of DISA's group companies and shareholders, real or legal persons who have business relations with DISA, maintaining their commercial activities and other processing purposes specified in this policy; DISA's group companies, shareholders, consultants, auditors and / or suppliers and customers with our business partners and service providers who provide, operate or provide services to our IT infrastructure, with our business partners and service providers who provide services in the field of quality control, complaint management and risk analysis, by law, authorized public institutions, private persons or organizations and third parties, if log records are requested to resolve legal disputes or in accordance with the relevant legislation, with administrative authorities, judicial authorities or the relevant law enforcement officers, in cases required by the legitimate interest of the data controller, with third parties to be determined specifically in this policy.

6. Rights of Personal Data Owner

As the owner of the collected personal data, you have right to:

- Learn whether it has been processed,

- Learn if your personal data has been processed, to request information regarding this,

- Know for what purpose your personal data is processed and whether it is used for these purposes,

- Know the third parties to whom your personal data has been transferred domestically or abroad,

- Request correction of your personal data if it is incomplete or incorrectly processed,

- Request the deletion or destruction of your personal data,

- Request notification of your rectification, deletion and destruction requests to third parties to whom your personal data have been transferred,

- Object to the occurrence of a result against you by analyzing your processed data exclusively through automated systems,

- Demand compensation for the damage, if you suffer damage due to unlawful processing of your personal data, you have the right to .

You can send your requests for information, correction, deletion, destruction and objections; to our company in writing to our postal address or e-mail address below or by other methods determined by the Personal Data Protection Board.

Post Address: Disa Otomotiv, Ergene 2 Organize Sanayi Bolgesi, D-100 Karayolu, No: 139/1, Ergene, Tekirdag, Turkey

E-mail address: kvkk@disaotomotiv.com

We are responsible to take all necessary technical and administrative measures to ensure confidentiality and security of your personal data and that this data will always be processed in accordance with the relevant legislation and our company's own data protection policies and that your personal rights will be protected, your personal data will be kept confidential at all times.

 

Document no: MTN-001-01

Last revision date: 03.02.2021

Link