This Confidentiality and Personal Data Protection Policy (“Confidentiality Policy”), which was established in accordance with Turkish Laws and its head office is located in Yenibosna Merkez Mh. Ladin Sk. No:4M Kuyumcukent AVM Z030 D:72 Bahçelievler, Istanbul, registered in the Istanbul Trade Registry with the registration number 149207-5, owned by Aga Kıymetli Madenler Anonim Şirketi (“Company” or “AGA”), shared with the Company by the data owners or shared with the Company What personal data of the data owner, why and how is collected, what is done with the collected data, how long the data obtained is stored, with whom your personal data is shared, the Company's obligations and what measures it takes regarding the protection of your personal data, deletion of your personal data, terms of destruction and anonymization, what rights you have as a result of the collection of your personal data and how to use them,
1) WHAT IS THE PURPOSE OF THE CONFIDENTIALITY POLICY?
Within the scope of this Confidentiality Policy, it is aimed to provide information to data owners on the following issues:
2) WHICH DATA DO WE PROCESS?
As a result of your use of AGA services and products through the website, the following personal data (but not limited to) may be processed by AGA as a "Data Controller":
3) COLLECTION METHODS AND LEGAL REASONS OF YOUR PERSONAL DATA:
Your personal data, by AGA through different channels, verbally, in writing or electronically and based on the above-mentioned purposes, for the purpose of carrying out activities; In order to develop the products and services we offer and to carry out our commercial activities, it is processed verbally, in writing or electronically, through automatic or non-automatic methods, through the call center, website, etc.
Personal Data, within the scope of KVKK and other relevant legislation (i) clearly stipulated in the laws, (ii) it is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract, (iii) it is mandatory for the data controller to fulfill its legal obligations , (iv) can be processed without the consent of the personal data owner for one or more of the reasons that the data subject has been made public by himself.
In case of entering into a commercial or legal relationship with AGA in any way, Personal Data is required by AGA to process the personal data of the parties to the contract, provided that it is directly related to the conclusion or performance of a contract specified in the 2nd paragraph of Article 5 of the KVKK (i) ”, (ii) “It is mandatory for the data controller to fulfill its legal obligation”, (iii) “The data subject has been made public by himself”, (iv) “Data processing is mandatory for the establishment, exercise or protection of a right” and (v) “Provided that it does not harm the fundamental rights and freedoms of the person concerned,It is processed automatically by filling out an application or request form in the electronic environment, provided that it does not violate the fundamental rights and freedoms of the data subject based on legal reasons.
If the user logging into the website does not have a previously obtained explicit consent; Obtaining express consent as required by legal obligation for Personal Data processed, which does not fall within one of the reasons for compliance with the law in paragraph 2 of Article 5 of the KVKK, but is limited to AGA's ability to offer products and services and to the security of the user who accesses the website. required. In this case, we inform you that such express consent can be given electronically, with the same legal nature and value as the written consent. You can review the information text on the processing of personal data in electronic environment and give your express consent statement by instant notification on SMS, e-mail and website.
4) WHAT IS THE PURPOSE OF PROCESSING YOUR DATA?
Your personal data,
processed for such purposes. AGA acts in accordance with the obligations stipulated in all relevant legislation, especially the KVKK.
5) HOW LONG DO WE STORE YOUR DATA?
Personal Data is provided by the Company, taking into account the periods determined by all relevant laws, including the provisions of the KVKK and other relevant legislation, the Law No. 6563 on the Regulation of Electronic Commerce and the provision of Article 138 of the Turkish Penal Code, the statute of limitations and the periods required by the purpose of processing. kept in line with obligations. After the relevant periods, Personal Data will be deleted, destroyed or anonymized ex officio or upon your request. If a period of time is not regulated in the legislation regarding how long Personal Data should be kept, Personal Data is processed for the period required by the processing purposes of the Company's Personal Data listed in this Confidentiality Policy, and then deleted, destroyed or anonymized.
6) WITH WHOM IS YOUR DATA SHARED?
Your Personal Data is shared with third parties only with your explicit consent and Personal Data is not transferred to third parties without your explicit consent.
AGA may share and transfer your Personal Data to one of the databases of group companies, affiliates, business partners or one of its external partners located abroad. As data protection levels vary around the world, we may only transfer your Personal Data to group companies or third-party companies outside the European Union if they maintain at least the same level of personal protection.
Personal Data processed by AGA may be shared with our business partners, company partners and company officials in order to fulfill their legal obligations.
Personal Data provided by the Company for the above-described methods and purposes, provided that adequate and effective measures are taken in accordance with the security and confidentiality principles set forth in the KVKK and relevant legislation; Within the framework of AGA's legal obligations and limited to these, the execution of AGA's activities and limited to the above-mentioned purposes by AGA; Third parties, including legal consultants, tax consultants, with whom we have a contract with domestic or foreign group companies, our business partners, shareholders, customers with whom we have contracted and served as required by our activities, to resolve legal disputes or to the Social Security Institution in case of request in accordance with the relevant legislation, General Directorate of Security and other law enforcement forces, authorized public institutions and organizations,
AGA takes necessary technical and legal measures to prevent any violation of rights during data transfer to third parties. In this context, AGA is not responsible for violations that occur in the risk area under the responsibility of the third party, due to the data protection policies of the third party receiving the Personal Data.
Personal Data transfers can be made to countries where it is determined and declared that there is no adequate protection by the Personal Data Protection Board, provided that the data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and the permission of the Personal Data Protection Board can be obtained for the relevant transfer. will be possible.
7) WHAT ARE OUR OBLIGATIONS TO ENSURE YOUR DATA SECURITY?
Our obligations to ensure your data security; (i) to inform the personal data owners in accordance with the KVKK and other relevant legislation during the acquisition of personal data, (ii) to prevent the processing and access of your personal data in violation of the law and honesty rules, KVKK and other relevant legislation; (iii) to take all kinds of technical and administrative measures to ensure that your personal data is kept in accordance with the KVKK and other relevant legislation in a timely manner; (iv) to keep your personal data accurate and up-to-date, and when necessary to delete, destroy or anonymize in accordance with KVKK and other relevant legislation; and (v) to make or have all the necessary inspections done in this context. At the same time, even if the persons and officials who process personal data on behalf of our company leave their duties, takes the necessary precautions to ensure that the personal data they learn during their duties are not disclosed to others in violation of the provisions of the KVKK and other relevant legislation, and they are not used for purposes other than processing. In the event that the processed personal data is unlawfully obtained by others, our Company immediately notifies the person concerned and the Personal Data Protection Board.
8) TERMS OF DELETING, DESTROYING AND ANONYMIZING PERSONAL DATA
Despite the fact that it has been processed in accordance with the provisions of the relevant law within the scope of the laws of the Republic of Turkey, in the event that the reasons requiring its processing are eliminated, Personal Data is deleted, destroyed or anonymized in accordance with the provisions of the KVKK and other relevant legislation, upon the decision of the Company or upon the request of the data owner.
9) WHAT ARE YOUR RIGHTS ON YOUR PERSONAL DATA? HOW TO USE YOUR RIGHTS?
On the Personal Data processed by AGA, within the scope of Article 11 of the KVKK, without prejudice to the cases stipulated in Article 28 of the KVKK titled “Exceptions”;
10) HOW CAN YOU SEND YOUR REQUESTS REGARDING THE IMPLEMENTATION OF KVKK?
The Company, which has the qualification of data controller, can make all kinds of requests in written form or by other methods determined by the Personal Data Protection Board, including, but not limited to, requests for update, change, deletion, anonymization or destruction related to the implementation of the KVKK and other relevant legislation. Center Mh. Ladin Sk. No:4M Kuyumcukent AVM Z030 D:72 Bahçelievler, Istanbul by hand, send it via a notary public or other methods specified in the KVKK. We kindly request you to include the following elements in your application:
Your requests included in your application will be concluded free of charge by the Company as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires a separate cost for the Company, the fee in the tariff determined by the Personal Data Protection Board will be charged. If the application is due to the Company's fault, the fee will be returned to the relevant person.
11) HOW CAN YOU SUBMIT YOUR QUESTIONS AND SUGGESTIONS ABOUT THE CONFIDENTIALITY POLICY?
You can send any questions and suggestions regarding the Confidentiality Policy to the firstname.lastname@example.org e-mail address.
12) CHANGES TO THE CONFIDENTIALITY POLICY
This Confidentiality Policy was prepared on 15.06.2021 and was last updated on 15.06.2021. It may make changes in this Confidentiality Policy at any time in order to comply with the changing conditions and legislation. In case of any change in the Confidentiality Policy, the effective date and content of this Confidentiality Policy will be updated by the Company and will enter into force immediately.