REVEGO ENVIRONMENTAL SOLUTIONS AND TECHNOLOGIES INC.
Personal Data Protection and Processing Policy
Entrance
In accordance with Article 20 of the Constitution of the Republic of Turkey, everyone has the right to request the protection of personal data regarding themselves. This right also includes the right to be informed about personal data about oneself, to access this data, to request its correction or deletion, and to learn whether it is used for its purposes.
The Personal Data Protection Law No. 6698 ("KVKK") regulates the protection of the fundamental rights and freedoms of individuals in the processing of personal data, and the obligations and procedures and principles to be followed by real and legal persons who process personal data. The purpose of this Policy, prepared in this direction, is to ensure compliance with the obligations regarding the KVK Law regulations.
Governed by politics; Visitor, Product or Service Recipient, Supplier Official, Supplier Employee, Intern, Potential Product or Service Buyer, Shareholder/Partner, Employee, Employee Candidate, Customer Employee, Customer Representative, Consultant, Subcontractor Employee, Trainee Candidate, Endorser, Consultant Personal data of groups of people.
If there is a conflict between KVKK and other relevant legislation and the Company's Personal Data Protection and Processing Policy, the current legislation will apply.
Aim
REVEGO ÇEVRESEL ÇÖZÜMLER VE TEKNOLOJİLERİ A.Ş. aims to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data and to regulate the obligations of real and legal persons processing personal data and the procedures and principles they will comply with. (“Company”) Personal Data Protection and Processing Policy (“Policy”) has been prepared.
The policy aims to maintain and develop the activities carried out by the Company in accordance with the principles in the KVKK and to inform personal data owners.
Scope
Data owners whose personal data are processed within the scope of this Policy are categorized as follows:
Employee Candidate | Natural persons who make their CV and relevant information accessible to the Company by applying for a job at the Company or by any means |
Worker | People who continue to have a business relationship with the company |
Former Employee | Former employees whose employment relationship with the company has ended |
visitors | Real persons who have entered the Company's physical facilities for various purposes or visited its websites |
Intern Candidate | Natural persons who make their CV and relevant information accessible to the Company by applying for an internship to the Company or by any other means |
Intern | People who continue their internship relationship with the company |
Person Receiving Product or Service | The person who purchases products / services from the Company and whose personal data is obtained for this purpose |
Supplier Representative | Persons who are authorized signatories of real persons, sole proprietorships or legal entities to which the Company supplies products/services |
Supplier Employee | Persons working at suppliers from whom the Company supplies products/services |
Potential Product or Service Buyer | People who are potential customers of the Company, prospective customers |
Shareholder/Partner | Company shareholders |
Customer Representative | Persons who are authorized signatories of real persons, sole proprietorships or legal entities to which the Company sells products/services |
Customer Employee | Persons working for customers to whom the Company sells products/services |
Advisor | Persons receiving service from the Company's R&D department (academics, etc.) |
Subcontracted Worker | Persons working in companies that are subcontractors of the Company |
Keşideci-Ciranta | Real persons whose check information is processed in the Company's financial-accounting processes |
Third Parties | Although not defined in the Policy, guarantors, family members, etc. whose personal data are processed within the framework of this Policy. other natural persons, including but not limited to |
Definitions
The definitions used in this Policy are listed below:
Explicit consent | Consent regarding a specific issue, based on information and expressed with free will |
anonymise | Making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data |
Personal health data | All kinds of health information regarding an identified or identifiable natural person |
personal data | Any information regarding an identified or identifiable natural person |
Processing of personal data | Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. Any action performed on data, such as blocking |
KVKK | Personal Data Protection Law No. 6698 |
Board | Personal Data Protection Board |
Organisation | Personal Data Protection Authority |
Special personal data | Data regarding people's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data |
TCK | Turkish Penal Code No. 5237 |
data processor | Natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller |
Personal data owner | The real person whose personal data is processed and who is considered as the "relevant person" in the KVK Law |
Data Owner Application Form | Application form that personal data owners, whose personal data are processed within the company, will use when applying for their rights described in Article 11 of the KVK Law. |
Data controller | Natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system |
Data Controllers Registry (VERBIS) | Data controllers' registry maintained by the Personal Data Protection Board |
Data Inventory | Personal data processing activities carried out by the Company depending on its business processes, personal data, personal data processing purposes, recipient group to which personal data is transferred, storage periods, transfers to foreign countries and security measures taken regarding the security of personal data are created by associating them with the relevant personal data owner group. and the personal data processing inventory it details |
