Hangi dil ile devam etmek istiyorsunuz?
KVKK EN.docx

Z EKSEN BASKI SİSTEMLERİ VE BİLGİ TEKNOLOJİLERİ SAN. VE TİC. A.Ş.

POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA


MAY 2021


TABLE OF CONTENTS

  1. OBJECTIVE 3

  2. SCOPE 3

  3. DEFINITIONS 3

  4. OUR PRINCIPLES 4

  5. PURPOSES OF PROCESSING PERSONAL DATA 6

  6. CATEGORIES OF PERSONAL DATA PROCESSED 7

  7. CATEGORIES OF PARTIES WITH WHOM PERSONAL DATA IS SHARED 8

  8. ENSURING THE SECURITY OF PERSONAL DATA 8

  9. RIGHTS HELD BY THE DATA OWNER 9

  10. PERIODIC DESTRUCTION PERIOD 10

  11. UPDATE AND COMPLIANCE 10

  12. ENFORCEMENT AND ANNULMENT OF THE POLICY 10

  1. OBJECTIVE


    As Z Eksen Baskı Sistemleri ve Bilgi Teknolojileri San. ve Tic. A.Ş. ("Zaxe"), we care about the protection and processing of your personal data in accordance with the Law on the Protection of Personal Data No. 6698 (the "Law"). This Personal Data Protection and Processing Policy (the "Policy") has been prepared in order to make statements about the personal data processing activity and the processes for the protection of personal data, to ensure transparency and compliance with the law in practice and to inform the real persons whose personal data has been processed by Zaxe.


  2. SCOPE


    This Personal Data Protection and Processing Policy is related to all personal data processed for our company's employees, business partners, suppliers, visitors and real third parties, provided that they are a part of our system in any manner.


  3. DEFINITIONS


    Explicit Consent

    :

    The statement of consent given by the personal data owner about a specific subject based on information and expressed in free will.

    Related Person/Personal

    Data Owner

    :

    The real person whose data has been processed

    Law

    :

    Law on Protection of Personal Data No. 6698

    Recording Environment

    :

    Shall refer to any environment in which personal data has been processed, which is fully or partially automated or non-automated provided that it is part of any data recording system.

    Personal Data

    :

    Any information related to the identitied or identifiable real

    person

    Processing of Personal Data

    :

    Any transaction performed on the data such as obtaining, recording, storage, preservation, alteration, rearrangement, disclosure, transfer, acquisition, recapture, classification or preventing the use of the same by non-automated means provided that personal data is a part of a wholly or partially automated data recording system.

    Personal Data

    Owner

    :

    The real person whose data has been processed

    Board

    :

    Personal Data Protection Board

    Sensitive Personal Data

    :

    Shall refer to the data about the race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership to an association, foundation or trade union, medical condition, sexual life, criminal conviction and security measures as well as biometric and genetic data of

    persons.

    Policy

    :

    Personal Data Protection and Processing Policy of Zaxe

    Data Processor

    :

    Shall refer to the real person or the legal entity who processes personal data on behalf of the data controller based on the authority vested to it by the same,

    Data Recording

    System

    :

    The recording system where Personal Data is processed by

    means of configuring the same according to certain criteria,

    Data Controller

    :

    Zaxe

    Regulation

    :

    The Regulation on the Deletion, Destruction or Anonymization of Personal Data,


    Business Partner

    :

    The parties with whom Zaxe has established business partnerships for purposes such as carrying out various projects and receiving services while conducting company commercial activities. Data will be transferred only limited to the fulfillment of the purpose of establishing a business partnership.

    Legally Authorized Public Institutions

    and Organizations

    :

    Shall refer to public institutions and organizations authorized to receive information and documents from Zaxe in accordance

    with the provisions of the legislation.


  4. OUR PRINCIPLES


    1. Zaxe carries out its personal data processing activities in accordance with the data processing principles stipulated by the Law and other legislation. Pursuant to this Zaxe acts in accordance with the below principles while processing personal data.


      Acting in accordance with the law and integrity rules, Being correct and up-to-date when required,

      Processing with certain, explicit and legitimate objectives,

      Personal Data being linked to, limited and measured with the purpose of being processed

      Personal data being maintained for the time stipulated in the relevant legislation or for the time required regarding the purpose for which they are being processed.


    2. Zaxe carries out data processing activities in accordance with the conditions for processing personal data stipulated by the Law except for the explicit consent of the data owner. Zaxe may process data without obtaining the explicit consent of the data owner under the following conditions stipulated by the Law.


      The Processing of Personal Data is clearly prescribed by the law

      No explicit consent of the related person being available due to actual impossibilities

      Direct relation with the establishment or execution of the contract Performance of the legal obligations by Zaxe

      Personal data owner declaring the personal data as public

      Data processing being compulsory for the establishment or protection of a right

      Data processing being necessary for the legitimate interest of Zaxe


    3. Sensitive personal data will only be processed in accordance with the principles specified in this Policy and by taking all necessary administrative and technical measures, including the methods to be determined by the Board, should the following conditions exist:


      Sensitive personal data other than health and sexual life may be processed without seeking for explicit consent if this is explicitly stipulated by the law, otherwise with the explicit consent of the data owner.

      Sensitive personal data relating to health and sexual life may be processed by the authorized institutions and organizations and the persons under the obligation of keeping secret for planning and managing the financing planning and healthcare services and executing protective medicine, medical diagnosis, treatment and care services and protecting public health without seeking for any explicit consent, otherwise with the explicit consent of the data owner.


    4. Even if the personal data subject has not given his/her explicit consent, if one or more of the following conditions are present, personal data may be transferred to third persons by Zaxe by taking all due care and all necessary security precautions including those stipulated by the Board:


      Relevant activities related to the transfer of personal data being explicitly stipulated in the law,

      The transfer of personal data by the Company is directly related to and required for the establishment or execution of a contract;

      The transfer of personal data is compulsory for our Company to fulfill its legal obligations;

      The transfer of personal data by our Company in a limited manner for the purpose of making it public, provided that it has been made public by the data owner;

      The transfer of personal data by the Company is mandatory for the establishment, use, or protection of the rights of the Company or the data owner or third parties,

      Personal data transfer activity is mandatory for the legitimate interests of our Company, provided that such transfer does not violate the fundamental rights and freedoms of the data owner,

      The existence of an obligation to protect the life or bodily integrity of the person who cannot explain his/her consent due to actual impossibility or whose consent is not deemed valid in legal terms.


    5. Furthermore, personal data may be transferred to the foreign countries announced by the Board to have adequate protection if any of the conditions are met. In the absence of adequate protection, personal data may be transferred to foreign countries where

      data controllers in Turkey and in the relevant foreign country undertake the adequate protection in written form under Article 9 of the Law and where the Board has given consent for the transfer of personal data.


  5. PURPOSES OF PROCESSING PERSONAL DATA COLLECTED BY ZAXE


    Any personal data obtained by Zaxe and included in this Policy may be processed for the following purposes.

    • Conducting the Process of Employee Candidate/Trainee/Student selection and recruitment,

    • Conducting the process of employee candidate application processes,

    • Performance of assignment processes,

    • Planning of Human Resources Processes,

    • Conducting the communication activities,

    • Conducting the wage policy,

    • Conducting the finance and accounting activities,

    • Fulfillment of the obligations arising from the employment contract and legislation for the employees,

    • Conducting the fringe benefits and interests processes for employees,

    • Tracking and conduct of legal affairs,

    • Conducting the communication activities,

    • Execution of goods/services purchasing processes,

    • Execution of goods/service sales processes,

    • Conducting customer relationship management processes,

    • Conduct of investment processes,

    • Conduct of contract processes,

    • Conduct of information security processes,

    • Conduct of goods/services after sales support services,

    • Performance of marketing analysis procedures,

    • Creating and tracking visitor records,

    • Conduct of management activities,

    • Providing information to authorized persons, institutions and organizations,

    • Tracking of requests/complaints,

    • Assuring physical field security,

    • Conduct of information security processes,

    • Management of access authorizations,

    • Performance of storage and archive activities,

    • Receiving and assessment of suggestions of the improvement of business processes,

    • Conduct of activities for customer satisfaction,

    • Conduct of marketing processes of products / services,

    • Performance of Advertising/Campaign/Promotion Processes

  6. CATEGORIES OF PERSONAL DATA PROCESSED WITHIN THE SCOPE OF PERSONAL DATA PROCESSING ACTIVITIES CONDUCTED BY ZAXE


    PERSONAL DATA CATEGORIZATION

    DESCRIPTION

    Identity Information

    These is the personal data containing information about the identity of the person: documents such as driver's license, ID card, and passport that contain such information as name-surname, Turkish Republic ID number, nationality information, mother's name-father's name, place of birth, date of birth, and gender as well as information such as tax number, SSI number, signature information, vehicle license plate, etc.

    Contact Information

    Information such as telephone number, address, e-mail and fax number.

    Transaction Security Information

    Your personal data (e.g. log records, IP information, identity verification information) processed to ensure our technical, administrative, legal and commercial security

    Information on Family Members and Relatives

    Personal data about family members (spouse, mother, father, child, etc.) and relatives of the personal data owner in order to protect the legitimate interests of Zaxe and the data owner.

    Financial Information

    Personal data processed in relation to information, documents and records showing any financial outcome between Zaxe and the data controller, as well as personal data such as bank account number, IBAN number, credit card information, receivable/debt information, financial profile, asset data and income information.

    Physical Field Security Information

    Personal data related to the records and documents taken at the entrance to the physical field and during the stay in the physical field; camera recordings, etc.

    Legal Transaction Information

    Personal data processed within the scope of the determination, follow-up and performance of our legal receivables and rights, our legal obligations and compliance with the legislation (information in correspondences with the judicial authorities, information in the case file, etc.).

    Customer Transaction Information

    Personal data collected from customers within the scope of conducting commercial activities (call center records, invoice, promissory note, check information, information in box office receipts, order information, request information, etc.).

    Marketing Information

    Personal data collected within the scope of marketing activities (shopping history information, survey, cookie records, information obtained through campaign work, etc.)

    Audio/Visual Information

    Photographic and camera recordings, audio recordings (Except for physical space security records, photo on the resumé, etc.)

    Professional Experience Information

    Personal data such as diploma information, courses attended, in-service training information, certificates, transcript information collected from employees and employee candidates.

    Sensitive Personal Data

    The data specified in Article 6 of the Law (e.g., health data including blood type, biometric data, religion and association information, etc.).


  7. CATEGORIES OF PARTIES WITH WHOM PERSONAL DATA IS SHARED



    BUYER CATEGORIES

    DESCRIPTION

    PURPOSE OF DATA TRANSFER

    Business Partner

    Parties to the business partnership established by Zaxe in the course

    of its business activities

    Only limited to the fulfillment of the purpose of

    the business partnership,

    Supplier

    Parties providing contractual services to Zaxe as part of Zaxe's business activities

    Limited to the purpose of providing services necessary to sustain Zaxe's business

    activities

    Authorized Public Institutions and Organizations

    Public institutions and organizations authorized to receive information and documents in accordance with the provisions of the legislation

    As limited to the purpose requested by the relevant public institutions and organizations within their legal authority

    Real Persons or private legal entities

    Parties to whom information and documents are shared within the scope of the provisions of the relevant legislation and within the legitimate interests of Zaxe

    Limited to the sharing activities requested by the relevant private legal entities within the scope of their legal authority and performed by Zaxe for the



    parties such as consulting firms, etc.


  8. ENSURING THE SECURITY OF PERSONAL DATA


    The following administrative and technical measures are taken by Zaxe in the processing and storage of personal data, within the framework of the responsibilities regarding the data controller in Article 12 of the Law, in order to store personal data securely and to prevent unlawful processing and access.


    1. Technical Measures

      Physical environments containing personal data are protected against external risks (fire, flood etc.).

      Network security and application security are ensured.


      .

      Log records are maintained in such a way that there is no user intervention. Security measures are taken within the scope of supply, development and maintenance of information technology systems.

      Intrusion detection and prevention systems are used. Up-to-date anti-virus systems are used.

      Firewalls are implemented.

      Cyber security measures have been taken and implementation of such measures is constantly monitored.

      Encryption is performed.

      Security of environments containing personal data is ensured. Access logs are maintained regularly.

      The security of personal data stored in the cloud is ensured.


    2. Administrative Measures

      Except for the non-related department managers, there will be no authority to display.

      Personal data is reduced to the extent possible. An alarm system is available.

      Necessary security measures are taken for entering and exiting physical environments containing personal data.

      Personal data security issues are reported promptly. Personal data security is monitored.

      Periodic and/or random audits are carried out within the organization. Personal data security policies and procedures have been identified.

  9. RIGHTS HELD BY THE DATA OWNER


    The data owner shall have the right to apply to the data controller and make a request in accordance with the article Article 11 of the Law. You can file an application and make a request to Zaxe on the following issues within the scope of this right stipulated by the Law.


    To learn whether your personal data has been processed or not,

    To request information regarding your personal data if it has been processed,

    To learn the purpose of processing your personal data and whether they are used appropriately in accordance with this purpose,

    To have information about the third parties to whom your personal data has been transferred either at home or abroad,

    To request correction if personal data has been processed incompletely or inaccurately and to request that the third parties to whom the personal data has been transferred be notified of the operation performed within this context,

    To request deletion, destruction or anonymization of personal data in case the reasons necessitating their processing cease to exist, despite personal data has been processed in accordance with Law and relevant other law provisions, and to request notification of the operations made within this context to third parties to whom your personal data has been transferred,

    To object to the occurrence of a result against your side by means of analyzing the processed data exclusively through automated systems,

    In the case you incur losses due to illegal processing of your personal data, to claim the compensation of such loss.

    You can deliver your applications regarding your above-mentioned rights in written form and with an original signature personally by hand at the address of our company, Yeşilce Mah. Seçilmiş Sok. No:2/1 Kağıthane/İstanbul, or through a notary public or by sending an e-mail to the address info@zaxe.com via your e-mail address in accordance with the "Communiqué on the Procedures and Principles of Application to the Data Controller".

  10. PERIODIC DESTRUCTION PERIOD


    In accordance with Article 11 of the Regulation on Deletion, Destruction or Anonymization of personal data, Zaxe has determined the periodic destruction period to be 6 months. Accordingly, periodic destruction is carried out by Zaxe twice a year, in June and December. To get detailed information about the destruction of personal data, you can review Zaxe Personal Data Retention and Destruction Policy.


  11. UPDATE AND COMPLIANCE


    Zaxe reserves the right to make changes to this Policy in line with changes to the Law and other relevant legislation, decisions of the Board, decisions to be taken as a company or developments in the sector or in the field of informatics.

  12. ENFORCEMENT AND ANNULMENT OF THE POLICY


This Policy shall be deemed to have entered into force on the date written on it. If this Policy is updated or repealed and a new policy is determined, the updated or newly determined policy will be considered effective.

Z Eksen Baskı Sistemleri ve Bilgi Teknolojileri San. ve Tic. A.Ş.

Yeşilçe Mh. Seçilmiş Sk. No: 2 Kağıthane / İstanbul

+90 (212) 279 00 60+90 (212) 280 92 93

Subscribe

Sign up for our email list to stay up to date with Zaxe's developments in the 3D world.

Zaxe Iyzico Banner