Personal Data Protection Policy

Addressee: All natural persons, other than employees of Alpha Refractory LLC, whose Personal Data is processed by Alpha Refractory LLC.

Prepared by: Alpha Refractory LLC

Approved by: Alpha Refractory LLC board of directors.

Effective Date: 24.03.2025

This document may not be reproduced or distributed without the written permission of Alpha Refractory LLC.

1. INTRODUCTION

1.1. Introduction

Alpha Refractory LLC (“Company”) attaches utmost importance to protecting the fundamental rights and freedoms of individuals, especially the privacy of private life regulated in Article 20 of the Constitution, in the protection and processing of personal data. Within this framework, the Company pays attention to the protection and processing of personal data in accordance with the Law No. 6698 on the Protection of Personal Data (“Law” or “KVK Law”) and acts with this understanding in all its planning and activities.

Our Company does not consider the protection and processing of personal data, which is the basis of the confidentiality of private life, only within the scope of compliance with the legislation, but puts the value it attaches to human beings at the heart of its approach. Acting with this awareness, our Company takes all necessary administrative and technical measures to protect and process personal data in accordance with the law.

1.2. Purpose of the Policy

The purpose of the Policy on the Protection and Processing of Personal Data (“Policy”) is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life regulated in Article 20 of the Constitution, to the maximum extent in the protection and processing of personal data processed by fully or partially automatic means or by non-automatic means, provided that it is part of any data recording system, in accordance with the purpose of the Law, and to inform personal data owners (data subjects) about the obligations of our Company and the procedures and principles to be followed in accordance with the Law. In line with the purpose of the Policy, it is aimed to ensure full compliance with the legislation in the protection and processing of personal data carried out by our Company and to protect the right to privacy and data security of personal data owners.

1.3. Scope of the Policy

This Policy has been prepared for Employee Candidates, Interns, Customer Authorities, Customer Employees, Potential Customer Authorities/Employees, Company Shareholders/Partners, Company Authorities, Business Partner Authorities, Business Partner Employees, Subcontractor Authorities, Subcontractor Employees, Supplier Employees, Supplier Authorities, Family Members of the Employee/Authority/Shareholder/Subcontractor, Visitors, Health Professionals, Third Parties, provided that they are real persons and will be applied within the scope of these specified persons. The Company informs these personal data owners about the Law by publishing this Policy on its website. This Policy shall not apply to legal entities in whatever capacity. For the employees of our Company, “Personal Data Processing Policy for Employees” shall apply.

This Policy shall apply to the above-mentioned data subjects in the event that their personal data is processed by our Company through fully or partially automated or non-automated means, provided that it is part of any data recording system. This Policy shall not apply if the data is not included in the scope of “Personal Data” within the scope specified below or if the personal data processing activity carried out by our Company is not by the means specified above.

1.4. Definitions

The terms used in this Policy have the meanings given below:

Open Consent

It is consent on a specific issue, based on information and expressed with free will.

Publicization

The concept of publicization, which means “making known to everyone”, is listed in Article 5 of Law No. 6698 as one of the exceptions to the “requirement of obtaining the explicit consent of the natural person whose personal data is processed”, which is necessary for the processing of personal data.

Disclosure Obligation

It is the obligation of the data controller to inform the persons whose personal data it processes, by whom, for what purposes and on what legal grounds these data may be processed and to whom and for what purposes they may be transferred.

Related User

Persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data.

Destruction

It refers to the deletion, destruction or anonymization of personal data.

Processing of Personal Data

Any operation performed on Personal Data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of Personal Data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

KVK Board

Personal Data Protection Board.

Relevant Person / Personal Data Owner

Employee Candidates, Interns, Employees, Customer Authorities, Customer Employees, Potential Customer Authorities/Employees, Company Shareholders/Partners, Company Authorities, Business Partner Authorities, Business Partner Employees, Subcontractor Authorities, Subcontractor Employees, Supplier Employees, Supplier Authorities, Employee/Authority/Shareholder/Family Members of the Subcontractor, Visitors and Third Parties whose Personal Data (including sensitive personal data) are processed.

Personal Data

Any information relating to an identified or identifiable natural person.

Institution

The Personal Data Protection Authority consisting of the Board and the Presidency.

Automatically Processing Data

It is a processing activity that is performed by devices with processors such as computers, phones, watches, etc., and that takes place spontaneously without human intervention within the scope of algorithms prepared in advance through software or hardware features.

Sensitive Personal Data

Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive data.

Registry

Data Controllers Registry.

Company / Our Company

Alpha Refractory LLC.

Data Processor

A natural or legal person who processes Personal Data on behalf of the Data Controller based on the authorization granted by the Data Controller.

Data Recording System

It refers to the recording system where Personal Data is structured and processed according to certain criteria.

Data Category

It is a class of personal data belonging to the data subject group or groups of persons in which personal data are grouped according to their common characteristics.

Data Subject Person Group

The group of persons whose personal data is processed by the data controller.

Data Controller

The natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system.

1.5. Enforcement of the Policy

The Policy, which was issued by Alpha Refractory LLC and entered into force on 24.03.2025, is published on the Company’s website (alpharefractoryllc.com) and made available to the relevant persons.

2. PROTECTION OF PERSONAL DATA

2.1. Security of Personal Data

In accordance with the Law, our Company takes all necessary administrative and technical measures to ensure the appropriate level of security in order to store personal data securely and to prevent unlawful processing and access to personal data. The administrative and technical measures taken regarding the security of personal data are regulated in detail in our Company’s Personal Data Storage and Destruction Policy.

Our Company has established the “Personal Data Protection Management System” in order to ensure that it acts in accordance with the regulations in the Law and other legislation, and in this context, it has established the Personal Data Protection Committee within its organization to ensure the implementation of the Policy and other relevant policies.

2.2. Audit

Our Company carries out the necessary audits and has them carried out in order to establish the data security described above and to ensure the regularity and continuity of the measures taken. The Personal Data Protection Committee oversees the measures taken for the security of personal data.

2.3. Confidentiality

Our Company takes all necessary administrative and technical measures according to technological possibilities and implementation costs in order to ensure that the relevant data controllers and data processors do not disclose their personal data to others in violation of the provisions of the Law and Policy and do not use them for purposes other than processing. In this context, information and training activities are carried out for company employees about the Law and Policy, and confidentiality agreements are signed as part of the recruitment processes of the relevant employees.

2.4. Unauthorized Disclosure of Personal Data

In the event that the personal data processed by our Company are obtained by others through unlawful means, our Company shall carry out the necessary procedures to notify the relevant person and the PDP Board within the periods determined by the PDP Board. If deemed necessary by the PDP Board, this situation shall be announced on the website of the PDP Board or by another method deemed appropriate by the PDP Board.

2.5. Observing the Legal Rights of Relevant Persons

Our Company observes all legal rights of the relevant persons regarding the implementation of the Policy and the Law and takes all necessary measures to protect these rights.

2.6. Protection of Special Categories of Personal Data

The race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are personal data of special nature. Our Company is aware of the fact that sensitive personal data are data that may cause the person concerned to be victimized or subjected to discrimination if learned by others, and for this reason, it sensitively takes adequate measures determined by the Board for the protection of such personal data processed in accordance with the law. Within this framework; it has a separate policy (Security Policy for Sensitive Personal Data) and procedure that is systematic, clearly defined, manageable and sustainable.

3. PROCESSING AND TRANSFER OF PERSONAL DATA

3.1. General Principles for Processing and Transferring Personal Data

Personal data are processed by our Company in accordance with the procedures and principles stipulated in the Law and this Policy. Our Company complies with the following principles when processing personal data.

3.1.1. Compliance with the Law and Good Faith

Our Company processes personal data in accordance with the relevant legislation and the requirements of the rule of honesty and uses it within these limits. In accordance with the principle of compliance with the rule of good faith, our Company takes into account the interests and reasonable expectations of the data subjects while trying to achieve its goals in data processing. It acts in a way to prevent the emergence of results that the data subject does not expect and should not expect. In accordance with the principle, it also ensures that the data processing activity in question is transparent for the data subject and acts in accordance with its information and warning obligations.

3.1. Being accurate and up-to-date when necessary

Our Company ensures that the personal data it processes is accurate and up-to-date, taking into account the fundamental rights and legitimate interests of the data subjects. In this context, it carefully considers issues such as determining the sources from which the data is obtained, confirming its accuracy, and evaluating whether it needs to be updated. In accordance with its active duty of care, our Company always keeps the channels open to ensure that the information of the personal data owner is accurate and up-to-date. Keeping personal data accurate and up-to-date is necessary for the protection of the fundamental rights and freedoms of the data subject as well as protecting the interests of our Company.

3.1.3. Processing for Specific, Explicit and Legitimate Purposes

Our Company determines the purpose of data processing clearly and precisely and ensures that this purpose is legitimate. The legitimacy of the purpose means that the personal data processed by our Company is related to and necessary for the work it has done or the service it provides. Our Company does not process data for purposes other than these purposes. In this respect, it shows sensitivity in compliance with the principle of certainty and clarity in legal transactions and texts where the purposes of personal data processing are explained.

3.1.4. Being relevant, limited and proportionate to the purpose for which they are processed

Our Company pays attention to the fact that the personal data processed is suitable for the realization of the specified purposes and avoids the processing of data that is not related to the realization of the purpose or is not needed. Our Company does not collect or process personal data for purposes that do not exist and are thought to be realized later. In order to process data to meet the needs that are likely to arise later, it fulfills the processing conditions regulated in the Law as if it is starting processing for the first time. In addition, it limits the processed data only to what is necessary for the realization of the purpose. Within the scope of the principle of proportionality, it establishes a reasonable balance between data processing and the purpose to be achieved.

3.1.5. Retention for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed

If there is a period stipulated in the relevant legislation for the storage of data, our Company complies with these periods; otherwise, it retains personal data only for the period required for the purpose for which they are processed. In the event that there is no valid reason for further storage of personal data by our Company, such data shall be deleted, destroyed or anonymized. Procedures regarding the storage and destruction of personal data are regulated in detail in our Company’s Personal Data Retention and Destruction Policy.

3.2. Terms of Processing Personal Data

Our Company does not process personal data without the explicit consent of the data subject. Personal data may only be processed without the explicit consent of the data subject in the presence of one of the following conditions:

3.2.1. Explicit Provision in Laws

Our Company may process personal data without seeking the explicit consent of the person concerned in cases clearly stipulated by law.

3.2.2. It is Necessary for the Protection of the Life or Bodily Integrity of the Person or of Another Person Who Is Incapable of Explaining His/her Consent Due to Physical Impossibility or Whose Consent Is Not Given Legal Validity

In cases where consent cannot be disclosed or is not valid, our Company may process personal data without seeking explicit consent in order to protect the life or body integrity of individuals.

3.2.3. Processing of Personal Data of the Parties to a Contract is Necessary Provided that it is Directly Related to the Establishment or Performance of a Contract

In the event that it is mandatory to process the personal data of the parties to the contract directly related to the establishment or performance of a contract, our Company may process the personal data of the relevant persons without seeking explicit consent, limited to this purpose, as required by the ordinary course of life.

3.2.4. It is Mandatory for our Company to Fulfill its Legal Obligations

Our Company may process the personal data of the data subject without seeking explicit consent in cases where it is mandatory to fulfill its legal obligations as a data controller.

3.2.5. Publicized by the Relevant Person Himself

Our Company may process the personal data of the data subjects which are made public by the data subjects themselves, in other words, which have been disclosed to the public in any way, limited to the purpose of publicization, since it is accepted that the legal benefit to be protected in the processing of such data, which is made public by the data subjects and thus becomes publicly known, has disappeared.

3.2.6. Data Processing is Mandatory for the Establishment, Exercise or Protection of a Right

In cases where data processing is mandatory for the exercise or protection of a legitimate right under the law, our Company may process the personal data of the relevant persons without seeking explicit consent.

3.2.7. Data Processing is Mandatory for Legitimate Interests of Our Company, provided that it does not harm the Fundamental Rights and Freedoms of the Data Subjects

Our Company may process the personal data of the relevant persons in cases where the processing of personal data is mandatory for the provision of legitimate interests, provided that it does not harm the fundamental rights and freedoms of the relevant persons protected under the Law and Policy. Our Company shows the necessary sensitivity to comply with the basic principles regarding the protection of personal data and to observe the balance of interests of our Company and personal data owners. What is meant by legitimate interest is an interest that is legitimate, effective, specific and already existing at a level that can compete with the fundamental rights and freedoms of the person concerned. Our Company takes additional protective measures to prevent damage to the rights of the person concerned. A reasonable balance is maintained between our Company’s interest and the fundamental rights and freedoms of the person concerned.

3.3. Conditions for Processing Sensitive Personal Data

Our Company does not process sensitive personal data without the explicit consent of the data subject. Sensitive personal data can only be processed without the explicit consent of the data subject in the presence of one of the following conditions:

3.3.1. Explicit Provision in Laws

Sensitive personal data other than the health and sexual life of the data subject may be processed without the explicit consent of the data subject in cases clearly stipulated by law.

3.3.2. For the Protection of Public Health, Preventive Medicine, Medical Diagnosis, Treatment and Care Services, Planning and Management of Health Services and Financing

Sensitive personal data relating to the health and sexual life of the data subject may be processed by persons under the obligation of confidentiality or authorized institutions and organizations for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

3.4. Conditions of Transfer of Personal Data

Our Company may transfer personal data to third parties based on and limited to one or more of the following personal data processing conditions in accordance with Article 8 of the Law by taking the necessary security measures:

Explicit consent of the data subject,
There is a clear regulation on the transfer of personal data in the laws,
The transfer of personal data
is mandatory for the protection of the life or physical integrity of the data subject or someone else, and the data subject is unable to disclose his consent due to actual impossibility or his consent is not legally valid,

Provided that it is directly related to the establishment or performance of a contract,
it is necessary to transfer the personal data of the parties to the contract,

Personal data transfer is mandatory for our Company to fulfill its legal obligations,
Personal data has been made public by the person concerned,
Personal data transfer is mandatory for the establishment, exercise or protection of a right,
Personal data transfer is mandatory for the legitimate interests of our Company, provided that it does not harm the fundamental rights and freedoms of the person concerned.
Personal data of special nature may be transferred based on one of the following conditions and limited to the condition that adequate measures are taken:

Explicit consent of the data subject,
In the case of sensitive personal data other than the health and sexual life of the data subject, there is a clear regulation in the laws regarding the transfer of such data.
In the case of sensitive personal data related to the health and sexual life of the data subject, such data may be transferred by persons or authorized institutions and organizations under the obligation of confidentiality for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

3.4.1. Conditions for Transferring Personal Data Abroad

Our Company may transfer personal data abroad based on the explicit consent of the data subject in accordance with Article 9 of the Law by taking the necessary security measures.

However, in the presence of one of the conditions specified in the second paragraph of Article 5 and the third paragraph of Article 6 of the Law, without prejudice to the provisions of international agreements to which Turkey is a party, our Company may only transfer personal data to foreign countries declared to have adequate protection by the PDP Board or, in the absence of adequate protection, to foreign countries where the data controllers in Turkey and the relevant foreign country undertake adequate protection in writing and where the PDP Board has permission, without seeking the explicit consent of the data subject.

4. CATEGORIES OF PERSONAL DATA AND GROUPS OF DATA SUBJECTS

4.1. Categories of Personal Data

Personal data are categorized and processed by our Company as follows:

Identity

Data containing information on the identity of personal data subjects: Name-surname, Turkish ID number, marital status, parents’ names and surnames, place and date of birth and other identity information and copies of driver’s license, identity card and passport containing this information; tax number, SSI number, signature information, etc.

Contact

Contact information of personal data subjects: Telephone number, address, e-mail address, registered electronic mail address (REM), fax number, etc.

Location

Information on the location of personal data subjects: Location data that can be obtained while using vehicles or devices belonging to the Company and the Company’s group companies; location data that can be obtained through systems such as OGS, vehicle recognition and meal card etc.

Personnel

Information processed to obtain information that will be the basis for the protection of personal rights of personal data owners: Curriculum vitae, title information; employment-exit document records; social security/pension information, payroll information, property declaration information, information in disciplinary investigation and performance evaluation reports, etc.

Legal Action

Data processed within the scope of the Company’s legal obligations for the determination and follow-up of its legal receivables and rights and the performance of its debts: Power of attorney information, court and administrative authority decisions, information in correspondence with judicial authorities, information in case files, etc.

Customer Transaction

Information collected by the Company regarding real persons within the scope of its commercial activities: Customer number; order, request and instruction information; call center records; invoice, bill, check information; information in box office receipts, etc.

Physical Space Security

Personal data related to the records and documents taken at the entrance to the physical spaces of the Company and while inside the physical spaces: Entry-exit records, magnetic card records, security camera records, vehicle license plates, etc.

Process Security

Personal data processed regarding the technical, administrative, legal and commercial security of both the personal data owner and the Company while carrying out the Company’s activities: IP address information, website login and exit (traffic) information, internet access records, password and password information, etc.

Finance

Personal data processed in relation to information, documents and records showing the result of all kinds of financial relations established by the Company with personal data owners and bank account information, credit information, balance sheet information, financial profile, asset and insurance information, etc.

Professional Experience

Diploma, transcript, education/course/certificate information, driver’s license information, foreign language information, reference information, etc. recorded during and after the recruitment process of personal data owners.

Marketing

Information collected by the Company within the scope of marketing activities: Shopping history, surveys, cookie records, information obtained through campaign activities, etc.

Audio and Visual Recordings

Photographs, camera and voice recordings of personal data owners that can be taken outside the scope of physical space security and other documents where these data are transferred: Photographs attached to forms, video interview and meeting recordings, etc.

Communication Records

Communication data that can be obtained through the Company’s communication and information systems: Corporate telephone call records, corporate mail and e-mail records and contents, etc.

SPECIAL CATEGORIES OF PERSONAL DATA

Health Information

Health data of personal data subjects: Examination information, health reports, disability status, health permits, blood group information, etc.

Criminal Conviction and Security Measures

Documents containing information on criminal convictions and security measure decisions about personal data subjects: Criminal records.

Biometric Data

Biometric data of personal data subjects: Biometric data required for the use of facial recognition etc. systems in company buildings.

4.2. Data Subject Person Groups

Only real persons can benefit from the protection of this Policy and the Law. Personal data owners within this scope are grouped as follows:

Employee Candidate

Real persons who have made a job application to our company in any way or who have opened their CV and related information to our company’s review.

Intern

Real persons who spend a period of applied learning in our Company in order to improve their professional knowledge and gain experience.

Customer Officer

Dealers, distributors, sales points, etc. who deliver our company’s products to the end consumer within the scope of the contractual relationship. real persons or real person officials of legal entities

Customer Worker

Identified/identifiable employees of real or legal persons such as dealers, distributors, sales points, etc. who deliver our Company’s products to the end consumer within the scope of the contractual relationship.

Business Partner Officer

Real persons or real person officials of legal entities that are not included in the Customer, Subcontractor and Supplier groups but are independent of our Company with whom our Company has a business relationship.

Business Partner Employee

Identified/identifiable employees of real or legal persons who are not included in the Customer, Subcontractor and Supplier groups but are independent of our Company with whom our Company has a business relationship.

Potential Customer Officer/Staff

Natural persons who have made a request or interest in using our products and services or who have been assessed to have this interest in accordance with the rules of commercial practice and honesty, and the officials and employees of legal entities.

Company Shareholder/Partner

Alpha Refractory LLC is a shareholder/partner.

Company Official

Alpha Refractory LLC board member and other authorized persons.

Subcontracting Officer

Real persons or authorized officials of legal entities with whom our Company has established a principal employer-subcontractor relationship with a contract.

Subcontractor Employee

Identified/identifiable employees of real or legal persons with whom our Company has established a principal employer-subcontractor relationship with a contract.

Supplier Officer

Natural persons or legal entities that provide inputs, raw materials or products to our Company in order to provide a product or service.

Supplier Employee

Identified/identifiable employees of real or legal persons who provide inputs, raw materials or products to our Company in order to provide a product or service.

Family Members of the Employee/Authorized/Shareholder/Contractor

Family members of our Company’s Employees, Officers, Shareholders and Subcontractors.

Health Professionals

Real persons working in the health sector with whom our Company establishes a relationship within the scope of promotional activities.

Patient/Consumer

Real persons who are suspected of being exposed to unwanted effects/side effects due to the use of products offered by our Company.

Visitor

All real persons who have entered the physical premises owned by our Company for various purposes or who visit our websites for any purpose.

Third Parties

Other persons who are not included in the scope of Alpha Refractory LLC Personal Data Protection and Processing Policy for Employees, which is prepared for the employees of the Company, and who are not included in any data subject group in this Policy (e.g. those who apply for claims and complaints, references, person reporting side effects)

5. METHOD OF COLLECTING PERSONAL DATA AND LEGAL GROUNDS

5.1. Method of Collecting Personal Data

Our Company collects personal data for the purposes specified in Article 6.1, in whole or in part, by automatic or non-automatic means; in all kinds of verbal, written, electronic media; through but not limited to the following channels:

Job application forms,
Customer information forms,
Various documents submitted to the Company,
Mail, e-mail and forms sent to the Company,
Call center,
Company website,
Cookies,
Social media tools,
Persons, companies and business partners to whom the Company provides or receives services, third parties such as subcontractors, service/product suppliers and group companies,
Employment companies and job search portals,
Mobile applications,
Corporate communication accounts and devices,
Company information systems and devices,
Security cameras,
GPS, OGS, vehicle recognition and food card etc. systems. systems.

5.2. Legal Grounds for Collection of Personal Data

Our Company collects personal data based on one of the following legal grounds in accordance with Articles 5 and 6 of the Law:

Explicit consent of the person concerned,
Explicitly stipulated in the laws;
The personal data has been made public by the person concerned,
Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract,
It is mandatory for our company to fulfill its legal obligation,
Data processing is mandatory for the establishment, use or protection of a right,
Provided that it does not harm the fundamental rights and freedoms of the persons concerned, it is mandatory for our Company to process data for its legitimate interests.
Protection of public health, preventive medicine, medical diagnosis, treatment and care services.

6. PURPOSES OF PROCESSING PERSONAL DATA

6.1. Matching the Data Subject Person Groups with the Processing Purposes Regarding Personal Data Categories

The matching of the data subject groups, whose definitions and scopes are given above, with the processing purposes for personal data categories is presented below: (Natural persons can only be included in one person group.)

Employee Candidate

Data Categories: Identity, Contact, Personal, Professional Experience, Audiovisual Records, Criminal Convictions and Security Measures

Processing Objectives: Execution of Employee Candidate/Intern Selection and Placement Processes, Execution of Employee Candidate Application Processes, Execution of Communication Activities, Execution of Audit/Ethical Activities

Intern

Data Categories: Identity, Communication, Personnel, Professional Experience, Audiovisual Records, Transaction Security, Finance, Communication Records, Physical Space Security

Processing Objectives: Execution of Employee Candidate / Intern Selection and Placement Processes, Execution of Communication Activities, Execution of Emergency Management Processes, Execution / Supervision of Business Activities, Execution of Activities in Compliance with Legislation, Execution of Performance Evaluation Processes, Execution of Audit / Ethics Activities, Execution of Appointment Processes, Planning Human Resources Processes, Ensuring Physical Space Security, Execution of Finance and Accounting Affairs, Fulfillment of Obligations Arising from Employment Contract/Legislation, Execution of Information Security Processes, Execution of Access Authorizations

Company Shareholder/Partner

Data Categories: Identity, Contact, Personal, Legal Action, Physical Location Security, Finance, Communication Records, Professional Experience, Audiovisual Records, Health Information, Criminal Convictions and Security Measures

Processing Purposes: Execution of Finance and Accounting Affairs, Execution of Activities in Compliance with Legislation, Execution of Investment Processes, Providing Information to Authorized Persons / Institutions and Organizations, Follow-up and Execution of Legal Affairs, Execution of Communication Activities, Execution of Emergency Management Processes, Execution / Supervision of Business Activities, Execution of Contract Processes, Execution of Audit / Ethics Activities, Execution of Appointment Processes, Planning of Human Resources Processes, Execution of Occupational Health / Safety Activities, Ensuring Physical Space Security, Execution of Management Activities

Company Official

Data Categories: Identity, Contact, Personal, Legal Transaction, Transaction Security, Physical Location Security, Finance, Communication Records, Professional Experience, Audio and Visual Records, Health Information, Criminal Conviction and Security Measures

Processing Purposes: Execution of Finance and Accounting Affairs, Execution of Activities in accordance with the Legislation, Execution of Investment Processes, Providing Information to Authorized Persons / Institutions and Organizations, Follow-up and Execution of Legal Affairs, Execution of Communication Activities, Execution of Emergency Management Processes, Execution / Supervision of Business Activities, Execution of Contract Processes, Execution of Audit/Ethical Activities, Execution of Assignment Processes, Planning of Human Resources Processes, Execution of Occupational Health/Safety Activities, Ensuring Physical Space Security, Execution of Management Activities, Execution of Information Security Processes, Execution of Access Authorizations

Customer Officer

Data Categories: Identity, Communication, Finance, Customer Transaction, Communication Records, Legal Transaction, Marketing

Purposes of Processing: Execution of Activities in Compliance with Legislation, Execution of Contract Processes, Follow-up and Execution of Legal Affairs, Providing Information to Authorized Persons / Institutions and Organizations, Execution of Goods / Service Sales Processes, Execution of Goods / Service After Sales Support Services, Execution of Customer Relations Processes, Execution of Activities Related to Customer Satisfaction, Execution of Company/Product/Service Loyalty Processes, Follow-up of Demands/Complaints, Execution of Advertising/Campaign/Promotion Processes, Execution/Supervision of Business Activities, Execution of Communication Activities, Execution of Goods/Service/Production and Operation Processes, Execution of Audit/Ethical Activities, Execution of Marketing Analysis Studies

Customer Worker

Data Categories: Identity, Contact, Customer Transaction, Communication Records

Processing Purposes: Execution of Goods / Service Sales Processes, Execution of Goods / Service After Sales Support Services, Execution of Customer Relations Processes, Execution of Activities Related to Customer Satisfaction, Execution of Company / Product / Services Loyalty Processes, Follow-up of Demands / Complaints, Execution of Advertising / Campaign / Promotion Processes, Execution / Supervision of Business Activities, Execution of Communication Activities, Execution of Goods / Service / Production and Operation Processes, Execution of Audit / Ethical Activities

Business Partner Officer

Data Categories: Identity, Contact, Personal, Professional Experience, Audiovisual Records, Finance, Legal Transaction, Communication Records, Physical Location Security, Health Information

Processing Purposes: Execution / Supervision of Business Activities, Execution of Financial and Accounting Affairs, Execution of Activities in Compliance with the Legislation, Execution of Contract Processes, Execution of Communication Activities, Execution of Audit / Ethical Activities, Providing Information to Authorized Persons / Institutions and Organizations, Execution of Assignment Processes, Ensuring Physical Space Security, Execution of Emergency Management Processes, Execution of Goods / Service Procurement Processes, Execution of Goods / Service / Production and Operation Processes, Follow-up of Requests / Complaints, Follow-up and Execution of Legal Affairs