PERSONAL DATA PROTECTION AND PROCESSING POLICY
SECTION 1 – PURPOSE AND SCOPE OF THE POLICY
The Personal Data Protection Law Draft was first prepared in our country in 2007 within the scope of harmonization with the European Union. The Personal Data Protection Law No. 6698, with various amendments made to the previous texts, was submitted to the Presidency of the Grand National Assembly of Turkey on January 18, 2016, and was adopted by the General Assembly of the Grand National Assembly of Turkey on March 24, 2016, and became law.
It was published in the Official Gazette dated April 7, 2016, and numbered 29677, and entered into force.
The protection of personal data refers to the disciplined processing of personal data and, in this context, the protection of fundamental rights and freedoms, primarily the privacy of private life, as provided for in the Constitution.
Data protection is primarily aimed at protecting the individuals to whom the data relates, rather than the data itself.
Data protection refers to a series of measures aimed at protecting individuals from harm arising from the processing of information about them (whether by automated or non-automated means) and is embodied in the principles of personal data protection.
This Policy establishes the principles for the protection and processing of the personal data of our customers, employees, job applicants, company shareholders, company officials, visitors, employees, shareholders, and officials of institutions we collaborate with, and third parties.
The main goal of the policy is to explain the personal data processing activities carried out by Kuyumcukent İşletme A.Ş. and the processes related to personal data protection under the Personal Data Protection Law No. 6698 (“KVKK”). to provide explanations regarding the personal data processing activities and processes related to the protection of personal data carried out by the Data Controller Kuyumcukent İşletme A.Ş., to inform the relevant individuals whose personal data is processed by our company, and to ensure transparency in practice.
With this Policy, Kuyumcukent İşletme A.Ş. makes the protection of personal data, which is a constitutional right, a company policy and undertakes to comply with the Personal Data Protection Law and related legislation and regulations within the scope of its legal and social responsibility.
In accordance with the Personal Data Protection Law and related legislation, the Company establishes necessary procedures, creates specific disclosure texts, enters into confidentiality agreements, revises job descriptions, and takes the necessary administrative and technical measures to protect personal data, including conducting or commissioning the necessary audits.
SECTION 2- DEFINITIONS
Explanations of certain definitions contained in the Personal Data Protection Law and Kuyumcukent İşletme A.Ş.'s Personal Data Protection and Processing Policy are provided below.
Processing of Personal Data: Any operation performed on personal data, such as the collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or restriction of use of such data, whether fully or partially automated or non-automated provided it is part of a data recording system.
Data Subject: Real persons whose personal data is processed, including customers, employees, job applicants, suppliers and their employees, partners, and other third parties covered by a contract with the company.
Personal Data: Any information relating to an identified or identifiable natural person.
For example: name and surname, Turkish ID number, e-mail address, address, work address, date of birth, place of birth, credit card number, driver's license number, bank account number, passport number, license number, diploma, etc.
Special Category Personal Data: Data related to race, ethnic origin, political opinions, philosophical beliefs, religion, denomination, or other beliefs, attire, membership in associations, foundations, or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data, are considered special category data.
Data Controller: The person who determines the purposes and means of processing personal data, establishes and manages the data recording system where data is systematically processed and stored.
Data Processor: A real or legal person who processes data on behalf of the data controller within the scope of the authority granted by the data controller.
Customer: Persons who have a contractual business relationship with the company or who use the company's products and services even if they do not have a contractual relationship.
Potential Customer: A person or persons who show interest in and demand for the products and services offered by the company.
Explicit Consent: Consent that is specific to a particular subject, based on information, and freely given.
Deletion of Personal Data: The process of rendering personal data inaccessible and unusable for the relevant users.
Destruction of Personal Data: The process of rendering personal data inaccessible, irretrievable, and unusable by anyone.
Anonymization: The process of rendering personal data incapable of being associated with any identifiable or identifiable natural person, even when matched with other data.
KVKK: The Personal Data Protection Law published in the Official Gazette dated April 7, 2016, and numbered 29677.
SECTION 3- METHOD OF COLLECTION AND LEGAL BASIS FOR YOUR PERSONAL DATA
Personal data is information that our company requests from you in accordance with its legitimate interests and in a manner appropriate to its activities; We collect personal data through verbal, written, visual, or electronic means, including call centers, websites, and similar channels, as well as from HR organizations that provide services to our company, and through legal documents and notifications sent to us to fulfill our legal obligations.
Our company acts in accordance with the principles established by legal regulations and general rules of trust and integrity in the processing of personal data.
In accordance with the provision in Article 5, Paragraph 1 of the Law, which states that “Personal data cannot be processed without the explicit consent of the person concerned,” our company processes personal data only with explicit consent, except in cases where the law allows exceptions.
Under Article 5 of the Law, our company may process the data of personal data subjects without obtaining their explicit consent in the following circumstances:
Your personal data, Personal Data Protection Law Art. 5/2-c: “The processing of personal data belonging to the parties to a contract is necessary provided that it is directly related to the establishment or performance of the contract,” Personal Data Protection Law Article 5/2-ç: “It is necessary for the data controller to fulfill its legal obligations,” Personal Data Protection Law Article 5/2-e: “The processing of data is necessary for the establishment, exercise, or protection of a right,” and the fulfillment of obligations under the Social Security Institution and the Labor Law No. 4857.
Our company processes personal data in accordance with Article 20 of the Constitution and Article 4 of the Personal Data Protection Law, ensuring: compliance with the law and the principle of good faith, accuracy and up-to-date maintenance, processing for specific, clear, and legitimate purposes, processing that is relevant, limited, and proportionate to the purpose, and retention for the period prescribed by law or necessary for the purpose for which the data is processed.
Our company also acts in accordance with the principles established by legal regulations regarding the processing of personal data and the general rules of trust and honesty.
In this context, the requirements of proportionality are taken into account in the processing of personal data, and personal data is not used except in cases where it is necessary for the purpose.
As Kuyumcukent İşletme A.Ş., we act in accordance with the regulations set forth in Articles 6, 8, and 9 of the Law regarding the processing of special category personal data and the transfer of personal data, as well as the principles published by the Personal Data Protection Authority.
For our company, the protection of special category personal data, which is defined as “special category” under the KVKK and processed in accordance with the law, is of particular importance. Under Article 6 of the KVKK, certain personal data that, if processed unlawfully, may pose a risk of causing harm or discrimination to individuals are classified as “special category” data, and special care and sensitivity must be exercised in their processing.
These data include race, ethnic origin, political opinion, philosophical beliefs, religion, sect or other beliefs, attire and clothing, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.
Except for the exceptions specified in Article 6 of the Law, the explicit consent of the Data Subject must be obtained in order to process this data.
Special category personal data relating to the health and sexual life of the Data Subject may only be processed without obtaining explicit consent by persons or authorized institutions and organizations subject to confidentiality obligations for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment, and care services, and the planning and management of health services and their financing.
SECTION 4- PROCESSED PERSONAL DATA AND PURPOSES OF PROCESSING PERSONAL DATA
Your special category personal data and general category personal data may be processed by our company in a manner that is related to and proportionate to the data categories specified in this article, including but not limited to the following:
Identity First name, last name, mother's and father's names, mother's maiden name, date of birth, place of birth, marital status, ID card serial number, Turkish ID number, etc.
Contact Address number, email address, contact address, registered electronic mail address (KEP), phone number, etc.
Location Location information, etc.
Personal Payroll information, disciplinary investigation, employment records, asset declaration information, resume information, performance evaluation reports, etc.
Legal Proceedings Information from correspondence with judicial authorities, information from court files, etc.
Customer Transactions Call center records, invoice, promissory note, check information, information from cashier receipts, order information, request information, etc.
Physical Premises Security; Employee and visitor entry/exit records, camera recordings, etc.
Financial Balance sheet information, financial performance information, credit and risk information, asset information, etc.
Professional Experience Diploma information, courses attended, professional training information, certificates, transcript information, etc.
Visual and Audio Recordings Visual and audio recordings, etc.
Health Information Information related to disability status, blood type information, personal health information, information about devices and prosthetics used, etc.
Criminal Convictions and Security Measures Information related to criminal convictions, information related to security measures, etc.
Personal data you send or enter at https://www.kuyumcukent.com.tr/.
Any personal data obtained by our company (including but not limited to special category personal data) may be processed for the following purposes:
Execution of Information Security Processes
Execution of Employee Candidate/Intern/Student Selection and Placement Processes
Conducting Employee Candidate Application Processes
Fulfilling Employment Contract and Legal Obligations for Employees
Conducting Processes Related to Employee Benefits and Entitlements
Conducting Educational Activities
Conducting Access Authorizations
Conducting Activities in Compliance with Legislation
Conducting Financial and Accounting Activities
Ensuring Physical Premises Security
Conducting Assignment Processes
Monitoring and Implementation of Legal Affairs
Implementation of Communication Activities
Planning of Human Resources Processes
Implementation of Occupational Health and Safety Activities
Implementation of Customer Relationship Management Processes
Execution of Performance Evaluation Processes
Execution of Storage and Archiving Activities
Execution of Contract Processes
Ensuring the Security of Data Controller Operations
Providing Information to Authorized Persons, Institutions, and Organizations
Creating and Tracking Visitor Records for the purposes of;
Your personal data obtained and processed in accordance with the relevant legislation may be transferred to our company's physical archives and/or information systems and stored both digitally and physically.
SECTION 5- TRANSFER OF PERSONAL DATA
Your personal data may be transferred to the General Directorate of Security and other law enforcement agencies, all types of judicial authorities, central and other third parties, your authorized representatives, lawyers, tax and financial advisors, and other third parties we consult with, regulatory and supervisory authorities, official bodies, and our business partners and other third parties with whom we collaborate to develop or carry out healthcare services for the purposes mentioned above, or may be transferred abroad within this scope. It may be transferred to group companies, consultants and advisors with whom it has a contractual business relationship, service providers, public institutions and other institutions defined by legislation within the scope of legal obligations arising from the activity.
Kuyumcukent İşletme A.Ş. complies with the regulations set forth in Articles 6, 8, and 9 of the Law regarding the processing of Special Category Personal Data and the transfer of personal data, as well as the principles published by the Personal Data Protection Authority.
Under Article 5 of the Law, personal data may be transferred without the explicit consent of the data subjects in the following circumstances:
Where the processing of personal data by our company is directly related to and necessary for the establishment or performance of a contract;
Where the processing of personal data is necessary for our company to fulfill its legal obligations;
Provided that the personal data has been made public by the Data Subject, it may be processed by our company to the extent necessary for the purpose of making it public,
The processing of personal data is necessary for the establishment, exercise, or protection of the rights of our company, the Data Subject, or third parties,
It is necessary for our company to process personal data for its legitimate interests, provided that this does not harm the fundamental rights and freedoms of data subjects.
Except for the exceptions listed in Article 6 of the Law and below, the explicit consent of the Data Subject is required for the transfer of special category data.
The relevant exceptions are as follows: Special category personal data relating to the health and sexual life of the data subject may only be transferred without obtaining explicit consent by persons or authorized institutions and organizations subject to confidentiality obligations for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment, and care services, and the planning and management of health services and their financing.
SECTION -6 INFORMING AND NOTIFYING THE DATA SUBJECT
As Kuyumcukent İşletme A.Ş., we act in accordance with the principles established by legal regulations and the general rules of trust and honesty in the processing of personal data, and we do not use personal data for purposes other than those required.
Our company clearly and definitively determines the legitimate and lawful purpose of processing personal data and the purpose of transferring it. The purpose for which personal data will be processed is established before the personal data processing activity begins. The parties to whom the data may be transferred and the purposes of transfer are specified in the Information Notice. It avoids processing personal data that is not related to the purpose or is not necessary.
As Kuyumcukent İşletme A.Ş., it retains personal data only for the period specified in the relevant legislation or for the period necessary for the purpose for which it is processed. If a period is specified, it acts in accordance with that period; if no period is specified, it retains personal data for the period necessary for the purpose for which it is processed. Upon the expiration of the retention period or the cessation of the reasons necessitating the processing of personal data, such data is deleted, destroyed, or anonymized by the Company. Personal data is not retained for future use.
These principles are communicated to the individuals whose data will be processed in accordance with Article 10 of the Law and the KVKK Information Text. The information text is available on the company's website, and the relevant individuals are clearly informed by sending them the Information Text before establishing a business relationship and contract.
In this context, the Company informs data subjects about the identity of its representative, if any, the purpose for which personal data will be processed, how it will be stored, to whom and for what purpose the processed personal data may be transferred, the method and legal basis for collecting personal data, and the rights of the data subject.
Article 20 of the Constitution stipulates that everyone has the right to be informed about personal data concerning them. In this regard, Article 11 of the KVK Law lists “requesting information” among the rights of the Data Subject.
Our company informs the data subject in accordance with Article 20 of the Constitution and provides the necessary information in accordance with Article 11 of the KVK Law when the data subject requests information.
SECTION 7- ENSURING THE SECURITY OF PERSONAL DATA:
Measures Taken to Prevent Unlawful Access to Personal Data and to Store Personal Data in Secure Environments:
Our company has implemented the infrastructure and controls necessary to protect the integrity of information and guarantee its continuous accessibility. To prevent the disclosure, access, transfer, or other unlawful access to personal data due to negligence or unauthorized actions, and to protect against other technical threats, the company has implemented the technical and administrative measures listed below, depending on the nature of the data to be protected.
Technical Measures:
The security system protects personal data from all threats while it is stored in information systems belonging to individuals.
Among information security threats, internal threats, which can be defined as conscious or unconscious threats posed by individuals working within the organization, play a very important role.
Considering the conscious or unconscious threats that may be posed by individuals working within the organization, the necessary security controls have been implemented in all relevant areas to control access to information and prevent unauthorized access.
The log programs used help system administrators monitor the system effectively.
The company's information systems unit regularly checks whether employees' daily activities comply with their authorization profiles.
Authorization level approvals are granted by the general manager or data controller manager.
Passwords used by personnel or third parties to access personal data sources are set in accordance with the password setting rules defined for the relevant systems. Complex passwords consisting of combinations of numbers, uppercase letters, lowercase letters, and punctuation marks are used, which are memorable and do not resemble old passwords.
Layered network security measures have been established in the company against threats that may come from external networks.
Firewalls, antivirus software, security walls, content controllers, and central management software are used in company computer systems.
Email, HTTP, and FTP traffic, which are the services most susceptible to viruses, are directed to the antivirus gateway based on firewall logic. After scanning, the traffic is directed to the appropriate locations. This system blocks viruses coming from outside the network. The antivirus system installed on the mail servers neutralizes viruses circulating within the local network via email.
With the virus protection software installed on the server computers and the software that monitors the systems of company employees, our company has a corporate antivirus solution in place.
These monitoring activities include security scans for known vulnerabilities, security scans for applications based on application type, and system configuration checks.
Administrative Measures:
The main purpose of our company's data security policies is to provide explanations about personal data processing activities and processes related to the protection of personal data, to inform individuals whose personal data is processed by the company, and to ensure transparency, data security, and compliance with the law.
Taking into account the conscious or unconscious threats that may be posed by individuals working within the organization and the dangers that may come from external networks, information security policies have been implemented in relevant areas to control access to information, prevent unauthorized access, and ensure data security.
Technical control systems have been established for the applications. As the data controller, the company conducts systematic periodic audits of its internal systems through the Data Controller Manager. Audits are conducted by independent audit companies when deemed necessary.
Privacy commitments: Data controllers and natural or legal persons processing data may not disclose personal data they have learned to others in violation of the provisions of the KVKK. This obligation continues even after they leave their positions or their service contracts expire.
Pursuant to the second paragraph of Article 12 of the Law, data processors are jointly responsible with the data controller for ensuring the security of personal data.
A document explaining the purposes of processing and transferring personal data and the categories of data, and stating that data security measures are subject to supervision by the data processor, is provided to the data processor.
It is mandatory to obtain a commitment letter from all employees and other persons or institutions processing data regarding the provision of data confidentiality and compliance with security measures.
Confidentiality commitment letters are also added to contracts with employees, consultants, information system support companies, and other third parties or companies within this scope.
Our company ensures that the necessary training is provided to business units to raise awareness of preventing the unlawful processing of personal data, unlawful access to data, and ensuring the protection of data.
Our company establishes the necessary systems to raise awareness among its current and new employees regarding the protection of personal data, and works with consultants when necessary. In this regard, our company evaluates participation in relevant training, seminars, and information sessions, and organizes new training courses in line with updates to the relevant legislation.
SECTION 8–RETENTION PERIODS FOR PROCESSED PERSONAL DATA
In accordance with Article 10 of the KVK Law, our company determines which groups of data subjects' personal data are processed on a categorical basis within the scope of its disclosure obligation, and informs the data subject of the purposes of processing their personal data and the retention periods.
Our company processes personal data in accordance with legitimate and lawful purposes, based on one or more of the conditions specified in Article 5 of the KVK Law, and in compliance with the general principles and all obligations stipulated in the KVK Law, particularly the principles outlined in Article 4 regarding the processing of personal data. Customers, Visitors, Third Parties Who Are Parties to Contract-Based Transactions, Employees, Employee Candidates, Company Shareholders, Employees of Institutions with Which the Company Collaborates, Partners, and Authorized Persons are processed on a category basis.
In the Regulation dated October 28, 2017, regarding the Deletion, Destruction, or Anonymization of Personal Data, in the section titled “Principles Regarding Personal Data Storage and Destruction Policy,” it is stated that "Data Controllers who are required to register in the Data Controllers Registry in accordance with Article 16 of the Law are obliged to prepare a ‘Personal Data Storage and Destruction Policy’ in accordance with the personal data processing inventory. Data Controllers who are required to register with the Data Controllers Registry in accordance with Article 16 of the Law are required to prepare a ‘Personal Data Retention and Destruction Policy’ in accordance with the personal data processing inventory."
Pursuant to Article 4 of the Law, personal data must be retained for the period specified in the relevant legislation or for the period necessary for the purpose for which they are processed, and must be deleted, destroyed, or anonymized automatically or upon the request of the Data Subject when the reasons for processing them cease to exist.
In accordance with Articles 5 and 6 of the Law, when all of the conditions for the processing of personal data have ceased to exist, the data controller must delete, destroy, or anonymize the personal data on its own initiative or upon the request of the data subject.
The Regulation, which entered into force on October 28, 2017, also sets out the procedures and principles for the deletion, destruction, or anonymization of personal data when the reasons for processing no longer exist.
Our company stores personal data for the period specified in the relevant laws and regulations, if required by law. If no period is specified in the legislation regarding how long personal data must be retained, personal data is processed for as long as necessary in accordance with our company's practices and customary practices in daily life, depending on the services provided by our company while processing that data, and is then deleted, destroyed, or anonymized.
In this context, our company first determines whether the laws and relevant legislation stipulate a period for the storage of personal data, and if a period is specified, it acts in accordance with that period. If no period is specified, it stores personal data for as long as necessary for the purpose for which it is processed. If the purpose of processing personal data has ended and the retention periods specified by the relevant legislation and the company have also expired, personal data may be retained only for the purpose of serving as evidence in potential legal disputes or asserting or defending rights related to personal data, taking into account the statutory periods.
Our company does not store personal data for future use.
SECTION 9-OBLIGATION TO DELETE, DESTROY, AND ANONYMIZE DATA
Article 7 of the Law regulates the deletion, destruction, and anonymization of personal data. Accordingly, even if personal data has been processed in accordance with the law, if the reasons for processing it no longer exist, such data shall be deleted, destroyed, or anonymized by the data controller, either on its own initiative or at the request of the relevant person.
In particular, it is accepted that the conditions for processing personal data have ceased to exist in the following cases:
Amendment or repeal of the relevant legislation on which the processing of personal data is based,
The contract between the parties has never been established, is invalid, has expired automatically, has been terminated, or has been rescinded,
The purpose for which the personal data was processed no longer exists,
The processing of personal data is contrary to the law or the principle of good faith,
In cases where the processing of personal data is based solely on the condition of explicit consent, the relevant person withdraws their consent,
The data controller's acceptance of the relevant person's application regarding the processing of personal data within the scope of their rights under Article 11(e) and (f) of the Law,
If the data controller rejects the request made by the data subject for the deletion or destruction of their personal data, if the response provided is deemed insufficient, or if the data controller fails to respond within the timeframe specified in the Law, a complaint may be filed with the Board, and if the Board deems the request appropriate,
The maximum period for which personal data must be stored has expired, but there are no circumstances that would justify storing the personal data for a longer period,
The conditions for processing personal data set out in Articles 5 and 6 of the Law no longer apply,
In the aforementioned cases, personal data shall be deleted, destroyed, or anonymized by the data controller either on its own initiative or upon the request of the relevant individual.
The process of deleting personal data is defined as “making the personal data in question inaccessible and unusable by the relevant users in any way.” In this context, when the reasons for processing data cease to exist, the data in question is permanently deleted from all environments, including backups.
The decision on which technique to use for the deletion and destruction of personal data and the anonymization of personal data is made by the Data Controller Manager.
The personal data to be deleted is determined. Deletion operations are carried out by pre-determined personnel. The powers of this personnel are specifically regulated. The personnel performing the deletion process are deprived of their access rights to retrieve or reuse the deleted data.
The Information Security Committee (KVKK Compliance Team) verifies that the deletion, destruction, or anonymization of the data to be deleted is carried out in accordance with the law, regulations, and company policies and procedures, and that the information records created regarding the processes are accurate.
SECTION 10 – RIGHTS OF THE DATA SUBJECT AND EXERCISE OF THESE RIGHTS
Kuyumcukent İşletme A.Ş. informs the Data Subject of their rights in accordance with Article 11 of the KVK Law and guides the Data Subject on how to exercise these rights. Our company has implemented administrative and technical regulations related to internal operations for the evaluation of the rights of the relevant person and the provision of necessary information to the relevant persons.
The relevant person has the following rights in accordance with Article 11 of the KVKK:
To learn whether their personal data has been processed.
To request information about the processing of their personal data.
To learn the purpose of the processing of their personal data and whether it is being used in accordance with that purpose.
To know the third parties to whom their personal data has been transferred within or outside the country.
Requesting the correction of personal data that has been processed incorrectly or incompletely, and requesting that the third parties to whom the personal data has been transferred be notified of the correction.
Even if personal data has been processed in accordance with the provisions of the KVK Law and other relevant laws, the right to request the deletion or destruction of personal data when the reasons for processing no longer exist, and to request that this action be communicated to third parties to whom the personal data has been transferred.
Object to the analysis of processed data exclusively through automated systems resulting in a decision adverse to the individual.
To request compensation for damages incurred as a result of the unlawful processing of personal data.
Exercising the Rights of the Data Subject;
The Data Subject may exercise the rights specified in the explanation of Article 11 above in accordance with the first paragraph of Article 13 of the KVK Law.
The Data Subject may submit their applications under Article 11 of the Law by bringing a written application with a wet signature to our address in person or sending it through a notary public, or by sending it to the address kuyumcukentisletme@hs01.kep.tr with a secure electronic signature, mobile signature, or the electronic mail address notified by the Data Subject to our company and registered in our company's system with a secure electronic signature.
Third parties cannot make requests on behalf of the Data Subject.
For someone other than the Data Subject to make a request, there must be a special power of attorney issued by the Data Subject on behalf of the person who will make the request.
The Data Subject may file a complaint with the KVK Board within thirty days from the date they learn of our company's response, and in any case within sixty days from the date of the request, in cases where their request is rejected, the response is deemed insufficient, or no response is provided within the specified timeframe, in accordance with Article 14 of the KVK Law.
Our Company's Right to Reject the Data Subject's Request;
Our company may reject the request of the person making the request in the following cases, explaining the reasons:
Processing of personal data made public by the Data Subject.
The possibility that the data subject's request may infringe upon the rights and freedoms of others.
The requested information being publicly available.
Processing of personal data for official purposes such as research, planning, and statistics by anonymizing the data.
Processing of personal data within the scope of security and intelligence activities carried out by public institutions and organizations authorized by law to maintain public order in the areas of national defense, national security, public safety, and economic security.
Processing of personal data by the judiciary in relation to investigation, prosecution, trial, or enforcement proceedings.
The necessity of personal data processing for investigations or inquiries conducted by the competent and authorized public institutions and organizations.
Our company may request additional information and documents from the relevant person in order to determine whether the applicant is the Relevant Person, and may ask questions regarding the matters stated in the relevant person's application.
SECTION 11. IMPLEMENTATION OF THE POLICY
This Policy, established by Kuyumcukent İşletme A.Ş., is dated. In the event of a revision of the entire Policy or specific articles thereof, the effective date of the Policy will be updated. This Policy enters into force with the signature of the General Manager on our company's website. The review and updating of this Policy is carried out by personnel authorized by the General Manager's instructions. Updates are implemented with the approval of the General Manager. The Policy is reviewed at least once a year by the Data Protection Officer.
For your information.
KUYUMCUKENT İŞLETME A.Ş.