ABCS GIDA KİMYA MAKİNA DANIŞMANLIK VE TİCARET LTD. ŞTİ
Address: Batı Sitesi Mah. 2310/1 Cad. No: 45/2
Yenimahalle / ANKARA
Phone/Fax: +90 312 255 33 25 / +90 312 255 33 26
Website: www.abcs.com.tr

TABLE OF CONTENTS

PURPOSE OF THE POLICY .................................................................................................................. 3

SCOPE OF THE POLICY ......................................................................................................................... 3

DEFINITIONS ............................................................................................................................................. 4

PROCESSING OF PERSONAL DATA ..................................................................................................... 6
6.1. Principles Applicable to the Processing of Personal Data ............................................................ 6
6.1.1. Processing Personal Data in Accordance with the Law and the Principle of Good Faith ......... 7
6.1.2. Ensuring Personal Data is Accurate and Up-to-date When Necessary ...................................... 7
6.1.3. Processing Personal Data for Specific, Explicit and Legitimate Purposes ................................. 7
6.1.4. Processing Personal Data in a Manner Relevant, Limited and Proportionate to the Purpose ... 7
6.1.5. Retaining Personal Data for the Duration Prescribed by Law or for the Necessary Period ..... 8
6.2. Processing of General Personal Data ................................................................................................ 8
6.2.1. Explicit Consent of the Data Subject ........................................................................................... 8
6.2.2. As Explicitly Prescribed by Laws ................................................................................................ 8
6.2.3. In Cases Where It Is Not Possible to Obtain Consent Due to Actual Impossibility .................. 9
6.2.4. Necessity for the Establishment or Performance of a Contract .................................................. 9
6.2.5. Fulfillment of Legal Obligations of the Company ........................................................................ 9
6.2.6. Personal Data Made Public by the Data Subject ......................................................................... 9
6.2.7. Necessity for the Establishment, Exercise or Protection of a Right ........................................... 9
6.2.8. Necessity for the Legitimate Interests of the Company .............................................................. 9
6.3. Processing of Special Categories of Personal Data ........................................................................ 10
6.4. Transfer of Personal Data .................................................................................................................. 11
6.4.1. Domestic Transfer of Personal Data ........................................................................................... 11
6.4.2. International Transfer of Personal Data ....................................................................................... 11

PERSONAL DATA RELATED TO INTERNET ACCESS PROVIDED ................................................... 13

PERSONAL DATA OF WEBSITE VISITORS ......................................................................................... 13

SECURITY OF PERSONAL DATA ......................................................................................................... 13

DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA .................................. 15

RIGHTS OF THE DATA SUBJECT AND APPLICATION TO THE COMPANY .................................. 15
11.1. Rights of the Data Subject ............................................................................................................... 15
11.2. Exercise of Rights by the Data Subject ........................................................................................... 16
11.3. Exceptions to the Right of Application by the Data Subject
11.4. Response to Applications by the Data Subject .............................................................................. 16
ANNEX-1: Categories of Personal Data .................................................................................................. 16
ANNEX-2: Matching of Personal Data Categories and Data Subject Groups ...................................... 16

1. INTRODUCTION

For ABCS GIDA KİMYA (hereinafter referred to as “ABCS GIDA KİMYA” or the “Company”), the protection of personal data is of utmost importance. The Company exercises the highest level of sensitivity regarding the protection of the personal data of its shareholders, employees, employee candidates, customers, potential customers, company officials, suppliers, and healthcare professionals with whom it collaborates, as well as employees, officials, visitors, and third parties of its service providers.

As part of its activities or requirements, ABCS GIDA KİMYA processes the personal data of its shareholders, employees, employee candidates, customers, potential customers, company officials, suppliers, and healthcare professionals it cooperates with, as well as employees and officials of its service providers, visitors, and third parties. The protection and enhancement of the constitutionally guaranteed “Right to Protection of Personal Data” is adopted as a corporate policy.

2. PURPOSE OF THE POLICY

This Policy has been prepared to ensure that all Company activities are carried out in compliance with the Law on the Protection of Personal Data No. 6698 (hereinafter referred to as the “Law” or “LPPD”), the decisions of the Personal Data Protection Board (hereinafter referred to as the “Board”), and secondary legislation, regarding the processing and protection of personal data.

3. SCOPE OF THE POLICY

This policy covers any kind of processing such as obtaining, recording, storing, preserving, modifying, rearranging, disclosing, transferring, taking over, making accessible, classifying, or preventing the use of personal data belonging to relevant individuals by means that are fully or partially automatic or that are not automatic but form part of a data recording system, as well as the administrative and technical measures taken to ensure the security of personal data.

4. DEFINITIONS
In this policy,
• Explicit Consent: Consent based on information and expressed with free will regarding a specific subject,
• Recipient Group: Category of natural or legal persons to whom personal data is transferred by the data controller,
• Anonymization: Making personal data in a way that cannot be associated with an identified or identifiable natural person, even by matching it with other data,
• Relevant Person: Natural person whose personal data is processed,
• Employee: ABCS GIDA KİMYA MAKİNA DANIŞMANLIK VE TİCARET LTD. ŞTİ personnel,
• Candidate Employee: Real persons who have applied for a job in any way to ABCS GIDA KIMYA, electronically or physically, in order to become an employee of ABCS GIDA KIMYA, or who have opened/sent their resume and related information for review by ABCS GIDA KIMYA in person or through a system,
• Relevant User: Persons who process personal data within the data controller organization or in accordance with the authorization and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of data,
• Visitor: Real persons who have entered the physical premises owned by ABCS GIDA KIMYA for various purposes or visited our websites,
• Business Partner: Parties with whom ABCS GIDA KIMYA has established business partnerships for the purposes of carrying out various projects and receiving services while carrying out its commercial activities,
• Customer: Real persons who benefit from the products and services offered by ABCS GIDA KIMYA,
• Candidate Customers: Real persons who have requested or will request to benefit from the products and services offered by our company or to purchase the relevant products and services and who can be evaluated in accordance with the rules of commercial customs and honesty,
• Health Professional: Persons whose knowledge and professional experience ABCS GIDA KİMYA has consulted for the purposes of education, sectoral research, survey, information, promotion, receiving opinions and suggestions, conducting scientific activities, and conducting social responsibility activities,
• Destruction: Deletion, destruction or anonymization of personal data,
• Law: Personal Data Protection Law No. 6698 dated 24/3/2016,
• Recording Environment: Any environment containing personal data processed by fully or partially automatic means or non-automatic means provided that it is part of any data recording system,
• Electronic Environments: Any environment where personal data can be created, processed, stored and transmitted with devices having the relevant technological infrastructure,
• Other Non-Electronic Environments: Any written, visual and other environments other than electronic environments,
• Service Provider: ABCS GIDA Within the framework of the relevant contract with KİMYA, any real or legal person providing any service,
• Personal Data: Any information related to an identified or identifiable real person,
• Special (Sensitive) Personal Data: Data related to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures of individuals, and
biometric and genetic data,
• Processing of Personal Data: Any operation performed on personal data, such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing its use, through fully or partially automatic means or non-automatic means provided that it is part of any data recording system,
• Board: Personal Data Protection Board
• Institution: Personal Data Protection Institution,
• Periodic Destruction: Any operation performed on personal data, such as processing the personal data specified in the Law in case of complete disappearance, the deletion, destruction or anonymization process specified in the personal data storage and destruction policy and carried out ex officio at recurring intervals,
• Registry (VERBIS): Data controllers registry information system kept by the Personal Data Protection Authority,
• Data Processor: Natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller,
• Data Registration System: Registration system in which personal data is structured and processed according to certain criteria.

5. PURPOSES OF PROCESSING PERSONAL DATA
ABCS GIDA KİMYA; processes personal data in accordance with the relevant information obligation within the scope of KVKK Art. 10, ABCS GIDA KİMYA data processing purposes, in accordance with the principles stipulated in KVKK Art. 4 and KVKK and at least one of the conditions stipulated in KVKK Art. 5 and Art. 6 and limited to the relevant purposes.

ABCS GIDA KİMYA’s personal data processing purposes are particularly as follows:
• Conducting Emergency Management Processes
• Conducting Information Security Processes
• Conducting Employee Candidate / Intern / Student Selection and Placement Processes
• Conducting Application Processes of Employee Candidates
• Fulfilling Employment Contract and Legislative Obligations for Employees
• Conducting Side Rights and Benefits Processes for Employees
• Conducting Audit / Ethics Activities
• Conducting Training Activities
• Conducting Access Authorizations
• Conducting Activities in Accordance with Legislation
• Conducting Finance and Accounting Affairs
• Conducting Company / Product / Service Loyalty Processes
• Conducting Assignment Processes
• Following and Conducting Legal Affairs
• Conducting Communication Activities
• Planning Human Resources Processes
• Conducting Business Activities / Audit
• Conducting Occupational Health / Safety Activities
• Receiving and Evaluating Suggestions for the Improvement of Business Processes
• Conducting Business Continuity Activities
• Conducting Goods / Services Purchasing Processes
• Conducting After-Sales Support Services for Goods / Services
• Conducting Goods / Services Sales Processes
• Conducting Customer Relationship Management Processes
• Conducting Activities for Customer Satisfaction
• Organization and Event Management
• Conducting Performance Evaluation Processes
• Conducting Advertising / Campaign / Promotion Processes
• Conducting Risk Management Processes
• Conducting Storage and Archive Activities
• Conducting Social Responsibility and Civil Society Activities
• Conducting Contract Processes
• Conducting Sponsorship Activities
• Monitoring Requests / Complaints
• Ensuring the Security of Movable Goods and Resources
• Conducting Supply Chain Management Processes
• Implementing Wage Policy Execution
• Execution of Marketing Processes of Products / Services
• Ensuring the Security of Data Controller Operations
• Execution of Talent / Career Development Activities
• Providing Information to Authorized Persons, Institutions and Organizations
• Execution of Management Activities

6. PROCESSING OF PERSONAL DATA
6.1. Principles to be Applied in the Processing of Personal Data
ABCS GIDA KİMYA acts in accordance with the Constitution, KVKK and other relevant legal legislation in the processing of personal data of the relevant persons. The principles in Article 4 of KVKK regarding the processing of personal data are at the core of all personal data processing activities and it is the priority of ABCS GIDA KİMYA that all personal data processing activities are carried out in accordance with these principles, and these principles taken into consideration in data processing processes are as follows.

6.1.1 Processing of Personal Data in Accordance with Law and the Rules of Integrity The principle of compliance with law and the rule of integrity, which has been accepted as a prerequisite by ABCS GIDA KİMYA in all data processing processes, expresses the obligation to act in accordance with the principles introduced by laws and other legal regulations in the processing of personal data. In accordance with this principle, our Company, while trying to achieve its goals in data processing, takes into account the interests and reasonable expectations of the relevant persons and acts in a way that prevents the emergence of results that the relevant person does not expect and does not need to expect. Within the scope of this principle, our Company aims to ensure that the data processing activity is transparent for the relevant person by informing the relevant person as necessary about how and for what purpose personal data will be processed.

6.1.2 Ensuring that Personal Data is Accurate and Up-to-date when Necessary If ABCS GIDA KİMYA presents a result regarding the relevant person based on the personal data of the relevant person, it fulfills its active duty of care in ensuring that the personal data is accurate and up-to-date when necessary. Apart from this, communication channels are kept open and necessary opportunities are provided for the relevant persons to apply to ABCS GIDA KIMYA in order to ensure that their information is accurate and up-to-date.

6.1.3. Processing Personal Data for Specific, Clear and Legitimate Purposes ABCS GIDA KIMYA shows sensitivity in complying with the principle of specificity and clarity in legal transactions and texts where the purposes of processing personal data are explained (explicit consent, information, answering the applications of the relevant person), and care is taken to ensure that the data processing activity is clearly understandable by the relevant person. Personal data is processed within the framework of the purposes determined, announced, notified or agreed upon in the contract.

6.1.4. Processing Personal Data in a Limited and Proportionate Way in Connection with the Purpose for Which They Are Processed In the data processing processes carried out by ABCS GIDA KIMYA, care is taken to ensure that the processed data is suitable for the realization of the determined purposes;

6.1.5. Preserving Personal Data for the Period Stipulated in the Legislation or Necessary for the Purpose of Processing The Company stores personal data for the period stipulated in the legislation, ABCS GIDA KİMYA Storage and Destruction Policy or necessary for the purpose of processing. In case the period specified in the legislation and/or Storage and Destruction Policy expires or the purpose is achieved, personal data is deleted, destroyed or made anonymous ex officio or upon the request of the relevant person. A “Personal Data Storage and Destruction Policy” has been prepared regarding the destruction of personal data and has been announced on the Company’s website.

6.2. Processing of General Personal Data Pursuant to Article 20 of the Constitution and Article 5 of the KVKK, personal data cannot be processed without the explicit consent of the relevant person. In line with these legal regulations, our Company always takes care to obtain the explicit consent of the relevant person in the processing of personal data. However, in some cases, the KVKK has permitted the processing of personal data without explicit consent. If one or more of these situations are present, personal data can be processed even without explicit consent. In case of processing of personal data without the explicit consent of the data subject, the principles explained in heading 5.1 are followed. Your personal data can be processed by ABCS GIDA KIMYA if one or more of the conditions listed below are present.

6.2.1. Obtaining the Explicit Consent of the Personal Data Owner Obtaining explicit consent for the processing of personal data is a priority for ABCS GIDA KIMYA. For this reason, the necessary methods and systems have been developed to obtain the explicit consent of the relevant persons whose personal data we process in physical and electronic environments. Before obtaining the consent of the relevant persons regarding the processing of their personal data, the obligation to inform is fulfilled in accordance with Article 10 of the KVKK, and it is ensured that their explicit consent is obtained based on information and with free will regarding a specific subject.

6.2.2 If It Is Clearly Stipulated in the Laws If it is clearly stipulated in the laws, the processing of personal data is lawful, and in this case, whether the data subject has given explicit consent is not additionally evaluated. In accordance with Article 75 of the Labor Law No. 4857 on Employee Personnel Files, the collection of employee data is evaluated within this scope. In addition, in accordance with the Law on the Protection of Personal Data No. 6698, the Turkish Code of Obligations No. 6098, the Turkish Commercial Code No. 6102, the Law on the Regulation of Publications Made on the Internet and the Combating of Crimes Committed through Such Publications No. 5651, the Occupational Health and Safety Law No. 6361, the Social Insurance and General Health Insurance Law No. 5510, the Law on the Right to Information No. 4982, the Law on the Exercise of the Right to Petition No. 3071 and secondary legislation related to these laws, data can also be processed by ABCS GIDA KİMYA.

6.2.3. Failure to Obtain Explicit Consent Due to Actual Impossibility In cases where consent cannot be explained or is not valid, it is envisaged that data will be processed to protect the life or physical integrity of individuals. For example, in cases where the person is unconscious or mentally ill and their consent is not valid, personal data may be processed during medical interventions to protect life or physical integrity.

6.2.4. Directly Related to the Establishment or Performance of a Contract If it is directly related to the establishment or performance of a contract, it is possible to process personal data belonging to the parties to the contract without explicit consent. For example, the account number of the creditor party may be obtained for the payment of a fee under a contract.

6.2.5. Mandatory for the Fulfillment of the Company's Legal Liability If it is mandatory for the company to fulfill its legal obligations, it is possible to process personal data without explicit consent. For example, even without explicit consent, the information requested by a court order may be submitted to the court.

6.2.6. Data Made Public by the Relevant Person Personal data made public by the relevant person may be processed without explicit consent. For example, the information of a person who shares his/her CV on an account on a website established for the purpose of providing employment is considered as publicly available data.

6.2.7. Being Mandatory for the Establishment, Exercise or Protection of a Right If data processing is mandatory for the establishment, exercise or protection of a right, personal data may be processed without explicit consent. The use of certain data by the company as evidence in a lawsuit filed by an employee is within this scope.

6.2.8. Being Mandatory for the Legitimate Interests of the Company If data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person, personal data may be processed without explicit consent.

6.3. Processing of Special Personal Data The KVKK has given special importance to certain personal data, considering that they have the potential to discriminate and may cause victimization of individuals when processed unlawfully, and these data have been named as “special personal data”. (For definition, see: 4. DEFINITIONS) The Company is also sensitive in the processing of the “special personal data” to which the KVKK attaches special importance. Employees involved in the processing of special personal data are provided training on the Law and related regulations and on the security of special personal data, are required to sign confidentiality agreements, their access authority to data is restricted, and the authorities of employees who change their duties or leave their jobs in these areas are immediately revoked. If special personal data is to be transferred via e-mail, it is transferred via an encrypted corporate e-mail account or KEP account. Security tests may be performed when deemed necessary. Sufficient security measures are taken in the physical environments where special personal data is stored, and unauthorized entry and exit to these environments are prevented. Measures have been taken against the risks of fire, flood, etc. that may occur in these physical environments. VPN is used in cases where transfer takes place between servers in different physical environments. If data needs to be transferred via paper, necessary precautions are taken against risks such as theft, loss or viewing by unauthorized persons, and the documents are sent in the format of “confidential documents”. ABCS GIDA KIMYA’s priority is the explicit consent of the relevant persons for the processing of the data in question. ABCS GIDA KIMYA may process special personal data only in the following exceptional cases specified in the KVKK, if the data subject does not give explicit consent;

▪ Personal data other than health and sexual life may be processed without the explicit consent of the relevant person in cases stipulated by the laws.
▪ Personal data related to health and sexual life may only be processed by persons or authorized institutions and organizations under a confidentiality obligation for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing without the explicit consent of the relevant person.

6.4. Transfer of Personal Data
6.4.1. Transfer of Personal Data Domestically Obtaining explicit consent in sharing personal data is ABCS GIDA KIMYA’s priority. For this reason, the necessary methods have been developed to obtain the explicit consent of the relevant persons whose personal data we share with third parties in physical and electronic environments. ABCS GIDA KIMYA may share the personal data of the relevant person with third parties in accordance with the law and rules of honesty in line with the purposes of processing personal data.

6.4.1.1. Transfer of General Personal Data Domestically ABCS GIDA KIMYA may transfer the personal data of the relevant persons to third parties in accordance with the principles adopted in the processing of personal data. Sensitivity is shown to obtaining the consent of the relevant person in the transfer of personal data to third parties, and in the event that one or more of the following situations occur, personal data may be transferred without obtaining explicit consent; see: KVKK art. 5/2

6.4.1.2. Transfer of Special Personal Data Domestically Our company may transfer the special personal data of the relevant persons to third parties in accordance with the principles adopted in the processing of personal data. In the transfer of special personal data to third parties, sensitivity is shown to obtain the consent of the relevant person and special personal data is transferred domestically by taking sufficient technical and administrative measures. However, in the event that the following situations exist, it is possible to transfer special personal data without the explicit consent of the relevant person by taking sufficient technical and administrative measures; ❖ Data regarding race, ethnic origin, political views, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership in associations, foundations or unions, criminal convictions and security measures, and biometric and genetic data of individuals, in cases stipulated by law,
❖ Personal data regarding health and sexual life may only be transferred by persons or authorized institutions and organizations under a confidentiality obligation for the purposes of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and their financing.

6.4.2. Transfer of Personal Data Abroad When transferring personal data abroad, care is taken to obtain the explicit consent of the relevant person. Therefore, the necessary methods are used to obtain the explicit consent of the relevant persons in physical and electronic environments.

7. DATA RELATED TO THE PROVIDED INTERNET ACCESS
ABCS GIDA KİMYA buildings and facilities provide staff and guests with access to the internet. The name, surname, telephone number, T.C. identity number, and the websites and time information of the staff and guests who want to use the internet access are stored as a legal obligation in accordance with the Law No. 5651 on the Regulation of Publications Made on the Internet and Combating Crimes Committed Through Such Publications and the Regulation on Internet Mass Use Providers issued based on this Law. The stored records may be shared with legally authorized institutions and organizations in order to fulfill legal obligations upon the request of authorized institutions and organizations.

8. PERSONAL DATA OF WEBSITE VISITORS
The “Personal Data Protection and Processing Information Text, Privacy Policy” has been published on the company’s websites regarding how and for what purpose personal data is obtained, within the scope of Article 10 of the KVKK, and visitors have been informed about this matter.

9. SECURITY OF PERSONAL DATA
ABCS GIDA KIMYA takes all necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of personal data and unlawful access to personal data and to ensure the preservation of personal data. In this context, first of all, studies have been carried out to determine what personal data processed by ABCS GIDA KIMYA are, workshops have been held and considering whether the processed personal data is special personal data, the risks that may arise regarding the protection of this data have been determined and the necessary technical and administrative measures have been implemented to reduce or eliminate the risks. In-company policies and procedures have been adopted to regulate the processing, preservation, storage, destruction and other processes of personal data in accordance with the law, legislation and relevant security measures. In order to ensure personal data security, to prevent the unlawful disclosure and sharing of personal data and to raise awareness about KVKK, regular training is provided to employees and managers. In addition, employees involved in personal data processing processes are asked to sign confidentiality agreements and commitments as part of business processes, and it is strongly reminded that if employees are found to have acted contrary to security policies and procedures, the necessary disciplinary process will be applied. The agreements made between ABCS GIDA KİMYA and employees, suppliers, business partners, etc. and the agreements made between data processors and ABCS GIDA KİMYA have been examined, and within this scope, revision studies have been carried out within the scope of KVKK and other legislation, and additional protocols have been prepared. Access to personal data included in data processing processes by the Company has been restricted on a personnel basis, and a limited number of personnel have been granted access to personal data related to the business processes they carry out. Data processing activities carried out by personnel are recorded. Data processing activities carried out by personnel are recorded. In order to prevent unlawful processing of personal data and unlawful access to personal data, technical systems have been established for the monitoring and control of processes related to the processing of personal data. Network security and data flow security studies have been carried out, and existing software has been updated to prevent data loss. Internal audits have been conducted to prevent unlawful processing of personal data and unlawful access to personal data. Penetration tests are conducted in accordance with the instructions of the board member responsible for information technologies and at specified intervals. System security gaps are monitored, patches are installed to ensure appropriate security levels, and information systems are kept up to date. Our website is protected by the https security protocol. Following the studies on personal data held by ABCS GIDA KIMYA, the personal data identified were analyzed and examined within the scope of the legislation. In this context, unnecessary data was deleted and the principle of reducing data as much as possible was adopted. In order to prevent unlawful access to personal data and to ensure that personal data is stored in secure environments, technical methods with appropriate security levels are used and the methods in question are updated in accordance with the developing technology. In case of an internal or external attack on the company's data recording system, a system has been established to detect this situation early and to intervene early, which software and services are running on the IT networks and whether there is any leakage or any movement that should not be present in the IT networks are regularly checked, and all users' transaction transactions are regularly recorded. In order to notify the relevant person and the Board in the event that personal data is unlawfully obtained by others, an appropriate system and infrastructure has been established by ABCS GIDA KIMYA and a procedure has been adopted by ABCS GIDA KIMYA. If sensitive personal data is to be transferred via e-mail, it is transferred via an encrypted corporate e-mail account or KEP account. If the transfer is made between servers in different physical environments, data transfer is made between the servers via VPN method. If the data transfer is to be made physically, necessary precautions are taken against risks such as theft, damage, loss or unauthorized access to the document and the documents are sent in closed files and in a “confidential” format so that they cannot be read from outside. In order to ensure the security of information and information systems against environmental risks, many precautions are taken such as ensuring that only authorized personnel enter the system room, that the keys to locked data storage units are held by certain persons, ensuring the physical security of the side switches forming the local area network, fire extinguishing system, cooling system for the correct operation of the server, firewalls, attack prevention systems, network access control, antivirus systems, etc.

10. DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA
For detailed information on this subject, please see: “Gew’n Kirish Personal Data Storage and Destruction Policy”

11. RIGHTS OF THE PERSONAL DATA OWNER AND APPLICATION TO THE COMPANY
Our company informs the relevant persons whose personal data we process about their rights and how they can exercise their rights within the scope of Article 10 of the KVKK.

11.1. Rights of the Personal Data Owner
The relevant person who is the personal data owner has the following rights within the scope of Article 11 of the Personal Data Protection Law;
▪ To learn whether or not your personal data has been processed,
▪ To request information if your personal data has been processed,
▪ To learn the purpose of processing your personal data and whether it is used in accordance with its purpose,
▪ To know the third parties to whom your personal data has been transferred domestically or abroad,
▪ To request correction of your personal data if it is processed incompletely or incorrectly, and to request notification of the correction to third parties to whom your personal data has been transferred,
▪ To request the deletion or destruction of your personal data within the framework of the conditions stipulated in Article 7 of the Law, excluding legal limits, and to request notification of the deletion and destruction to third parties to whom your personal data has been transferred,
▪ To object to the emergence of a result to your detriment by exclusively analyzing the processed data through automated systems,
▪ To request compensation for damages in the event that you suffer damages due to the unlawful processing of your personal data.

11.2. Exercising the Rights of the Personal Data Owner For this purpose, see: Gew’n Kirish Application Form to the Data Controller.

11.3. Answering the Applications of the Personal Data Owner ABCS GIDA KİMYA takes all necessary administrative and technical measures to finalize the applications of the relevant person within the scope of Article 11 of the KVKK effectively, in accordance with the law and the rule of honesty. If the request is forwarded to ABCS GIDA KİMYA, ABCS GIDA KİMYA will finalize the request free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. If the response is more than ten pages, a processing fee of 1 Turkish Lira may be charged for each page over ten pages. If the response to the application is given on a recording medium such as CD or flash memory, the cost of the data recording medium may be requested. ABCS GIDA KİMYA may request additional information if it deems it necessary to determine whether the applicant is the personal data owner and to evaluate the requests, and may ask questions to the personal data owner regarding the application in order to clarify the issues specified in the application. Important: For Current Personal Data Categories / Personal Data Category and Person Group Matching, please visit verbis.kvkk.gov.tr.