MİKROMAN MADEN

 

 

POLICY OF PROTECTING AND PROCESSING PERSONAL DATA

 

 

 

MİKROMAN MADEN SAN. VE TİC. A.Ş.

2022

 

 

 

 

Target Group: All real persons whose personal data is processed by MİKROMAN MADEN

 

Prepared By: Personal Data Protection Council of MİKROMAN MADEN

 

Version: 2.0

 

Approved By: Personal Data Protection Board of MİKROMAN MADEN

 

ABOUT

Policy of Processing and Disposing of Personal Data of MİKROMAN MADEN (“Policy”) was prepared by taking secondary legislations and jurisprudence into consideration in the scope of administrative precautions after entering the Personal Data Protection Law numbered 6698 into force, and was added unanimously by Personal Data Protection Council of MİKROMAN MADEN SAN. VE TİC. A.Ş. to the company policy on …../…./2022, and became a part of Harmonization Process of Personal Data Protection. The Policy was investigated by Personal Data Committee of MİKROMAN MADEN, and was submitted to the approval of the Board of MİKROMAN MADEN SAN. VE TİC. A.Ş.. Personal Data Protection is one of the primary policies for our company. Being one of the most important steps of Harmonization Process of Personal Data Protection (“Process”), our policy consists of data and rights of our customers, employees, employee candidates, business partners and real persons getting contact with us.

 

The Policy has been prepared in Turkish, and Turkish text shall be principal in case of any dispute due to the translations of other languages.

This Policy has been prepared by MİKROMAN MADEN SAN. VE TİC. A.Ş, and cannot be reproduced and distributed without written permission of MİKROMAN MADEN SAN. VE TİC. A.Ş. under any circumstances.

 

© MİKROMAN MADEN SAN. VE TİC. A.Ş.  v.2 2022

 

 

 

 

CONTENT

 

 1.    INTRODUCTION  3  

1.1. Purpose  3

1.2. Scope   3

1.3. Ground  3

1.4. Definitions  3

2. ASPECTS RELATED TO PROTECTING PERSONAL DATA  5

2.1. Providing Safety of Personal Data 5

2.2. Protecting Specific Personal Data 5

 2.3. Increasing the Consciousness to Protect and Process Personal Data 5 

3. PROCESSING PERSONAL DATA 5

3.1. Processing Personal Data According to Legislation 5

3.2. Processing Conditions of Personal Data 6  

3.3. Processing Sensitive Personal Data

 3.4. Noticing of Personal Data Owner 

3.5. Transferring Personal Data

4. PARAMETERS OF PERSONAL DATA 

5.MEASURES TAKEN REGARDING THE PROTECTION OF PERSONAL DATA

6. STORAGE AND DISPOSAL OF PERSONAL DATA  

  7.  RIGHTS OF PERSONAL DATA OWNERS AND USAGE OF THESE RIGHTS 

7.1. Rights of Personal Data Owner

7.2. Exercise of Rights by the Personal Data Owner

7.3. Responding to Applications

   7.4. Rejection of Personal Data Owner's Application    

7.5. The Right of Personal Data Owner to Complain to the PDP Authority

8. EXECUTION

9. ENFORCEMENT and NOTICE   

 ANNEX 1- Data Category and Personal Data   

ANNEX 2- Aims of Categorized Personal Data Processing

ANNEX 3 –Persons to whom Personal Data is Transferred and Purposes of Transfer

    

   

 

 

 

 

 

MİKROMAN MADEN

POLICY OF PROTECTING AND PROCESSING PERSONAL DATA

 

1. INTRODUCTION

MİKROMAN MADEN SAN. VE TİC. A.Ş.   (‘’MİKROMAN MADEN”) takes cognizance of protecting personal data in activities carried out by it, and considers it as primary in business and transactions. Policy of Protecting and Processing Personal Data of MİKROMAN MADEN (“Policy”) is the main regulation in order to harmonize MİKROMAN MADEN organization and business processes with principles and methods of personal data process specified by Personal Data Protection Law numbered 6698 (“Law”). MİKROMAN MADEN processes and protects personal data with superior responsibility and consciousness in the direction of principles in the Plicy, and provides the required transparency by informing the owner of personal data.

 

1.1. Purpose

The purpose of this Policy is to harmonize the MİKROMAN MADEN organization and business processes with principles and methods of laws and other related legislations, and implement them in its activities efficiently. MİKROMAN MADEN takes any kind of administrative and technical precautions with this Policy in order to process and protect personal data, constitutes the required internal procedures, increases the awareness and organizes all the required trainings for consciousness. All the required precautions are taken for harmonizing shareholders, authorized persons, employees and business partners with Law processes, and suitable and efficient audit mechanisms are established.

1.2. Scope

The Policy includes all the personal data obtained automatically in business process of MİKROMAN MADEN or obtained in the way non-automatically provided that it is part of any data record system.

3. Ground

The Policy bases on the Law and the related legislation. The Personal Data is processed in order to comply with legal liabilities arising from Mining Law, Mining Directive, Directive Related to Authorized Legal Entities, Tender Directive of Mining Zones, Directive on National Commission of Mine Sources and Reserve Reporting, Directive of Turkish Geology Data and Core Database Duties, Principles and Methods, Directive of Mine Wastes and other related organization regulations.

The legislation in force shall be applied in case of the fact that there is any dispute between legislation in force and the Policy. Regulations foreseen by the related legislation are converted to MİKROMAN MADEN applications by means of the Policy. 

1.4. Definitions

Explicit Consent

Consent related to a particular aspect, based on information and stated with freewill.

Application Form

Application form including applications of owner of personal data to use their rights, prepared according to Personal Data Protection Law numbered 6698 and Notification About Principles and Methods of Application to Data Supervisor issued by Personal Data Protection Organization and related to the applications by the related person (Owner of Personal Data) to the data supervisor.

Related User

Persons processing personal data in the data supervision organization or with the authority and instruction taken by data supervisor excluding the person or department being responsible for storing, protecting and backing up the data technically.

Dispose

Deleting, disposing of or anonymizating personal data.

Record Environment

Any kind of environment including personal data obtained automatically and completely of partially or obtained in the way non-automatically provided that it is part of any data record system

Personal Data

Any kind of information related to the real person whose identity is definite or specifiable.

Processing personal data

Any kind of transaction on data such as obtaining personal data automatically and completely of partially or obtaining in the way non-automatically provided that it is part of any data record system, recording, storing, maintaining, changing, rearranging, disclosing, transferring, taking, making available, classifying or preventing usage etc.

Anonymizating the personal data

Converting the personal data to a condition which cannot be identified or related to a specifiable real person even by matching with other data.

Owner of personal data

Real person whose personal data is processed by or on behalf of MİKROMAN MADEN.

Deleting personal data

Deleting personal data and making the personal data unaccesible and non-reusable under any circumstances for the related users.

Disposing of personal data

Making personal data unaccesible, unrecapturable and non-reusable under any circumstances by anybody.

Council

Personal Data Protection Council

Organization

Personal Data Protection Organization

Spesific personal data

Personal data related to race, ethnicicty, political views, philosophical believes, religion, sects or other belief, clothes, membership of association, foundation of union, health, sexual life, sentences and security measures, and biometric and genetic data.

Periodical disposal

Deleting, disposing of or anonymizating personal data with the periods mentioned in policy of storing and disposing of personal data and with repeated intervals in case of the fact that conditions of processing personal data in the Law are removed completely.

Data processor

Real person and legal entity processing the personal data on behalf of data supervisor according to the provided authority.

Data recording system

Recording system in which personal data are configured and processed according to particular criteria.

Data Owner / Related Person

Real person whose personal data is processed.

Data supervisor

Real person or legal entity determining purposes and means of processing personal data and being responsible establishing and managing data recording system.

Data Representative

Real person assigned in order to perform the duties of Data Supervisor in the scope of provision of the related law.

Directive

Directive About Deleting, Disposing of or Anonymizating Personal Data published in Official Journal on the date of 28 October 2017.

2. ASPECTS RELATED TO PROTECTING PERSONAL DATA

 

1.  Providing Safety of Personal Data
MİKROMAN MADEN takes required precautions specified in article 12 of the Law according to the qualification of personal data in order to prevent disclosing, accessing, transferring the personal data against the legislations or prevent any kind of safety problems. MİKROMAN MADEN takes precautions and carries out audits in order to allow required personal data safety level according to the guides published by Personal Data Protection Organization.


2. Protecting Specific Personal Data
The precautions are taken and the required audits are performed for protecting biometric and genetic data as well as the specific data related to race, ethnicicty, political views, philosophical believes, religion, sects or other belief, clothes, membership of association, foundation of union, health, sexual life, sentences and security measures. 

 

3. Increasing the Consciousness to Protect and Process Personal Data
MİKROMAN MADEN provides required trainings with the related persons in order to process and access the personal data as per the laws, maintain the data and increase the consciousness to use the rights. MİKROMAN MADEN constitutes required business processes and takes support from consultants if necessary, in order to increase the consciousness of employees to protect personal data. The failures encountered in the implementation and the result of trainings are evaluated by management of MİKROMAN MADEN SAN. VE TİC. A.Ş.. As a result of such evaluations, new trainings are organized if necessary according to the amendments in the related legislation.

3. PROCESSING PERSONAL DATA

3.1. Processing Personal Data According to Legislation

Personal data is processed as per the legislation under the principles mentioned below:

i. Processing According to Law and Good Faith 

Personal data is processed under business processes according to the law and good faith without damaging fundamental rights and freedom of the persons.
ii. Enabling Personal Data Actual and Accurate
Required precautions are taken in order to keep the processed personal data actual and accurate, and it is worked under plan and schedule.
iii. Processing for Definite, Explicit and Legitimate Purposes

Personal data is processed according to the legitimate purposes determined in business processes and explained.
iv. Being Relevant, Limited and Continent for Processing Purpose

Personal data is collected in the qualification required by business processes, and processed related and limited to the determined purposes.
v. Maintaining for Required Period

Personal data is maintained at the least period specified in the related legislation and required for processing personal data. Firstly, it is maintained for the related period if a duration is defined in the legislation for storing the personal data, or for the required period for the purpose of processing personal data if a duration is not defined. At the end of the storing period for personal data, it is disposed of (deleted, disposed or anonymizated) with suitable methods according to the periodical disposal duration or application of data owner.

 

3.2. Processing Conditions of Personal Data

Personal data is processed by means of the explicit consent of the owner or by based on one or more conditions mentioned below:
i. Explicit Consent of Owner of Personal Data
Processing personal data is performed with the explicit consent of the owner. The Explicit consent of the owner of personal data is constituted by informing in a particular aspect and getting the freewill.
ii. Explicit Consent Absence of Owner of Personal Data 
Personal data can be processed without the explicit consent of owner in case of any condition mentioned below:
a. Specifying Clearly in Laws
Personal data can be processed without consent of the owner in case of the fact that there is a clear provision in the laws related to the personal data processing.
b. Failure to Get Explicit Consent from the Related Person due to Actual Impossibility
The personal data of the owner can be processed in case of any obligation to process the personal data in order to protect his/her own life or any other’s life or physical integrity in regard with the person whose consent cannot be taken or cannot be valid due to the actual impossibility.

c. Depending Directly on Concluding or Performing Contract
The personal data of the owner can be processed if it is related directly to concluding or performing a contract in which the owner of the data is a party.
d. Fulfilling the Legal Liability
The personal data of the owner can be processed in case of obligatory processing of personal data while MİKROMAN MADEN is fulfilling the legal liabilities.
e. Anonymizating the Personal Data of Owner
Personal data of owner whose personal data is anonymizated can be processed limitedly.
f. Mandatory Data Processing for the Establishment or Protection of a Right


If the data processing is mandatory for the establishment, the personal data of the data owner may be processed.

g. Mandatory Data Processing for Legitimate Interest

Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is mandatory for the legitimate interests of MİKROMAN MADEN.

3.3.  Processing Sensitive Personal Data

MİKROMAN MADEN processes sensitive personal data following the principles set out in the Law and Policy, by taking all necessary administrative and technical measures with the methods determined by the Board, with the following procedures and principles:
i. Sensitive personal data other than health and sexual life may be processed without the explicit consent of the data owner if there is an explicit provision in the law regarding its processing. In cases not explicitly stipulated by law, the explicit consent of the data owner is obtained.
ii. Sensitive personal data related to health and sexual life may be processed by persons under the obligation of confidentiality or authorized institutions and organizations: to protect public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, without the explicit consent of the data owner. Otherwise, the explicit consent of the data owner is obtained.

3.4.  Noticing of Personal Data Owner

MİKROMAN MADEN informs personal data owners under the relevant legislation about the purposes for which their personal data are processed, with whom they are shared, with which methods they are collected, the legal reason, and the rights of data owners in the processing of their personal data. In this respect, the protection of personal data is carried out following other policy documents and clarification texts prepared within the framework of the principles in the Policy.

3.5. Transferring Personal Data

MİKROMAN MADEN may transfer personal data and sensitive personal data to third parties (third party companies, group companies, third natural persons) following the law by taking the necessary security measures in line with the purposes of personal data processing. MİKROMAN MADEN performs transfer transactions following the regulations stipulated in Article 8 of the Law.
i. Transferring Personal Data

Although explicit consent of the personal data owner is sought for the transfer of personal data, personal data may be transferred to third parties by taking all necessary security measures, including the methods prescribed by the Board, based on one or more of the following conditions.
a. expressly stipulated in the Laws,

b. It is directly related and necessary to the establishment or performance of a contract,
c. It is mandatory for MİKROMAN MADEN to fulfill its legal obligation Limited for the purpose of publicization, provided that the personal data have been made public by the data owner, it is mandatory for the establishment, use, or protection of the rights of the MİKROMAN MADEN or data owner or third parties,
f. It is mandatory for the legitimate interests of MİKROMAN MADEN, provided that it does not harm the fundamental rights and freedoms of the data owner,
g. If the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid is obligatory for him/herself or someone else to protect his/her life or body integrity.

Personal data related to any of the above-mentioned situations may be transferred to those who have the status of a foreign country that has been declared as a "Foreign Country with Adequate Protection" and determined by the Board to have adequate protection. Personal data may be transferred according to the conditions stipulated in the legislation to those who do not have sufficient protection, who undertake adequate protection in writing by the data controllers in Turkey and foreign countries, and who have the status of "Foreign Country where the Data Controller Undertakes Adequate Protection" with the permission of the Board. However, your personal data is not transferred abroad by MİKROMAN MADEN.

ii. Processing Sensitive Personal Data

Following the principles set out in the Policy, personal data of special nature can be transferred under the following conditions by taking all necessary administrative and technical measures, including the methods to be determined by the Board:

a. Sensitive personal data other than health and sexual life, without the explicit consent of the data subject if there is an explicit provision in the law regarding the processing of personal data, otherwise if the explicit consent of the data subject is obtained
b. Personal data of special nature related to health and sexual life, protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, without explicit consent by persons or authorized institutions and organizations under the obligation of confidentiality, otherwise the explicit consent of the data owner is obtained.

Personal data may be transferred to those with "Foreign Country with Adequate Protection" status according to the data transfer conditions regulated in the legislation if any of the above conditions are found, and to those with "Foreign Country with Adequate Protection Undertaking Data Controller" status if there is not enough protection. Your sensitive personal data is not transferred abroad by MİKROMAN MADEN

4. PERSONAL DATA INVENTORY PARAMETERS

In MİKROMAN MADEN management, human resources, administrative affairs, financial affairs (accounting-finance), planning-logistics-computing, production, product development-quality, R&D marketing-sale, purchasing business processes, data categories, and personal data (Annex-1) of personal data ownership consisting of employee candidate, employee, shareholder/partner, potential product or service recipient, trainee, supplier official, product or service recipient, parent/guardian/representative, visitors are processed depending on personal data processing purposes (Annex-2). For the purposes of processing according to the data categories, the details of the data subject person groups are reported in the field of MİKROMAN MADEN at https://verbis.kvkk.gov.tr/.

The purposes of personal data processing are processed according to the personal data categories, to inform the relevant persons following Article 10 of the Law and other legislation, based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, to carry out the personal data processing following the general principles specified in the Law, especially the principles specified in Article 4 of the Law.

 

Following the principles set out in section "3.5. Transfer of Personal Data”: It can be shared with real persons or private legal entities, shareholders, business partners, affiliates and subsidiaries, suppliers, authorized public institutions and organizations, private insurance companies, auditors, consultants, contracted services, and domestic organizations (Annex-3). There is no transfer of personal information to foreign countries.

5. MEASURES TAKEN REGARDING THE PROTECTION OF PERSONAL DATA

MİKROMAN MADEN takes the necessary technical and administrative measures to protect the personal data it processes following the procedures and principles set out in the Law, carries out the necessary inspections in this context, and carries out awareness-raising and training activities. 

If the processed personal data are obtained by third parties through unlawful means despite all technical and administrative measures being taken, MİKROMAN MADEN shall notify the relevant persons and units as soon as possible.

6. STORAGE AND DISPOSAL OF PERSONAL DATA

MİKROMAN MADEN shall keep the personal data for the period required for the purpose of processing and for the minimum period stipulated in the relevant legislation. MİKROMAN MADEN stores personal data for the period required for the purpose of processing personal data if a period is determined in the relevant legislation, following this period; if a legal period is not foreseen. At the end of the specified storage periods, personal data are destroyed by the specified method (deletion, destruction, or anonymization) following the periodic destruction periods or the application of the data owner.

7. RIGHTS OF PERSONAL DATA OWNERS AND USAGE OF THESE RIGHTS 

7.1.  Rights of Personal Data Owner

Personal data owners have the following rights arising from the Law:
i. To learn whether personal data is processed or not,
ii. To request information about personal data if they have been processed,
iii. To learn the purpose of processing personal data and whether they are used following their purpose,
iv. To know the third parties to whom personal data are transferred at home or abroad,
v. To request the correction of personal data in case of incomplete or inaccurate processing and to request the notification of the transaction made within this scope to the third parties to whom the personal data are transferred,
vi. To request the deletion or destruction of personal data in case the reasons for processing are eliminated, even though they have been processed following the provisions of the Law and other relevant laws, and to request the notification of the transaction made within this scope to the third parties to whom the personal data have been transferred,
vi. To object to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,
viii. To request compensation in case of suffering damage due to unlawful processing of personal data.

7.2. Exercise of Rights by the Personal Data Owner

Personal data owners may submit their requests regarding the rights listed in Article 6.1 to MİKROMAN MADEN by the methods determined by the Board. Personal data owners and those who have the right to apply on their behalf can apply to MİKROMAN MADEN by filling out the "Data Owner Application Form" on our website.

7.3. Responding to Applications

MİKROMAN MADEN concludes the applications made by the personal data owner following the Law and other legislation. Requests duly submitted to MİKROMAN MADEN shall be concluded free of charge as soon as possible and within 30 (thirty) days at the latest. However, if the transaction requires an additional cost, a fee may be charged following the tariff determined by the Board.

7.4. Rejection of the Application of the Personal Data Owner

MİKROMAN MADEN may reject the request of the applicant by explaining the reason in the following cases:

i. Processing personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,
ii. Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy or personal rights or does not constitute a crime,
iii. Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security,
iv. Processing of personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution procedures,
vi. If the processing of personal data is necessary for the prevention of committing a crime or for the investigation of a crime,
v. Processing of personal data made public by the personal data owner,
vi. The processing of personal data is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by authorized public institutions and organizations and professional organizations in the nature of public institutions, based on the authority granted by the law,
vii. The processing of personal data is necessary for the protection of the economic and financial interests of the State in relation to budget, tax and financial matters,
viii. If the request of the personal data owner is likely to prevent the rights and freedoms of other persons,
ix. Requests that require disproportionate effort

x. The requested information is public information.

The Right of Personal Data Owner to Complain to the PDP Authority
In cases where the application is rejected following Article 14 of the Law, the answer given is found to be insufficient or the application is not answered in due time; MİKROMAN MADEN may file a complaint with the Board within thirty days from the date of learning the answer of mine and in any case within sixty days from the date of application.

6. Information that may be requested from the Applicant Personal Data Owner

MİKROMAN MADEN may request information from the relevant person in order to determine whether the applicant has personal data or not. In order to clarify the issues included in the application of the personal data owner, MİKROMAN MADEN may ask questions about its application to the personal data owner.

8. EXECUTION

The policy has been approved and put into effect by the Executive Board. The technical execution of the Policy is ensured by the "Storage and Destruction Policy of Personal Data" (Annex-4).

The Board of Directors is responsible for the execution and updating of the Law and Policy when necessary, and the MİKROMAN MADEN Personal Data Protection Committee is responsible for the follow-up, coordination and supervision of all works and transactions within this scope.

9.  ENFORCEMENT and NOTICE

The policy entered into force as of the date of its publication. Changes in the policy are published on the websites of MİKROMAN MADEN (www.mikroman.com.tr) and made available to personal data owners and related persons. The policy changes shall enter into force on the date of announcement.

ANNEXES

ANNEX 1- Data Category and Personal Data 

ANNEX 2- Aims of Categorized Personal Data Processing

ANNEX 3- Persons to whom Personal Data is Transferred and Purposes of Transfer

ANNEX 4- Storage and Destruction Policy of Personal Data

 

 

ANNEX 1- Data Category and Personal Data

           

Data Category

Personal Data

ID

Name, Surname

Name, Surname of Mother and Father

Name and surname of the dependents of the personnel

Birth Date

Birth Place

Marital Status

ID Card Serial and Registration No

Identity Number

Sex Info

Identity Card

Driving License

Tax Identity Number

Nationality

Signature

SSI Registration No

Contact

Residential Address

E-Mail

Address

Contact Address

Registered Electronic Mail Address (KEP)

Phone Number

Firm Name

House Phone Number

Shipment Address

Web Address

Fax      :

Personnel's Information (Family Information)

Name, Surname

ID Number

Birth Date

Birth Place

Sex

Name of Mother and Father

State of Education

State of Family

Person to Whom He/She is Affiliated in Terms of SSI

Location

Vehicle Tracking System Info

Personnel Info

Payroll Info

Background Info

Performance Evaluation Reports

Position Info

Passport Photo

Status of Military Service

Reference Info

Legal Transaction

Information in correspondence with judicial authorities, information in the case file, etc.

Customer Transaction

Invoice

Note

Cheque Info

Order Info

Appointment Info (date, hour and information of physician to be consulted)

Invoice Amount Information

Physical Area Security

Entry-Exit Registration Information of Employees and Visitors

Camera Records

Transaction Security

Transaction Security (such as IP address information, website login and exit information, password and password information)

Traffic information (IP Address Information, Website Login-Output Information, Password and Password Information, Log Records, Device IMEI no and MAC address)

Finance

Bank Account Number

Credit card no

Payment Due Date

Tax number

IBAN

Professional Experience

Diploma Information

Courses Taken

On-The-Job Training Information

Certificates

Visual and Audio Records

Closed Circuit Camera System Image, Audio Recording

Health Information

Blood Type Information

Disability Status

Device Prosthesis Information Used

Visitor's fever

Health Family History

Disease and drug information used

Physical examination findings

Laboratory Findings

Opinion

Symptoms of cough, pain, runny nose, shortness of breath, etc.

COVID contact information in the last 14 days

Personal Health Information

Study Data

Department

Temporary duty start date

Time attended the training

Shift information of the facility where he/she works

 

Shift information

Temporary task end date

Overtime start date

Overtime end date

Occupation

References

Risk Management

Trade Registry Example

Certificate of Authorization

Chamber Registration Certificate

Signature Circular

Industry Registration Certificate Sample

Business Registration Certificate

Tax Certificate

Insurance

Social Security Institution Data

Biometric Data

Biometric face data

Misc.

Visited person/department

Contract information (Start Date, Monthly rent)

Year of Permit

Information of the goods entrusted

Information about the report

Reason for Visit (Maintenance-Repair/Meeting/Study)

ANNEX 2- Aims of Categorized Personal Data Processing

 

Conducting Emergency Management Processes

Execution of Information Security Processes

Execution of Employee Candidate / Intern / Student Selection and Placement Processes

Execution of Application Processes of Employee Candidates

Execution of Employee Satisfaction and Commitment Processes

Fulfillment of Employment Contract and Legislative Obligations for Employees

Execution of Benefits and Benefits Processes for Employees

Execution of Training Activities

Execution of Access Authorization

Conducting Activities following the Legislation

Execution of Finance and Accounting Affairs

Execution of Assignment Processes for Ensuring Physical Space Security

Execution of Assignment Processes

Execution and Follow-up of Legal Affairs

Conducting Communication Activities

Planning Human Resources Processes

Conduct / Audit of Business Activities

Conducting Occupational Health / Safety Activities

Conducting Business Continuity Activities

Receiving and Evaluating Suggestions for Improving Business Processes

Execution of Goods / Service Purchase Processes

Execution of Goods / Services After Sales Support Services

Execution of Goods / Services Sales Processes

Execution of Goods / Services Production and Operation Processes

Execution of Customer Relationship Management Processes

Execution of Performance Evaluation Processes

Execution of Retention and Archive Activities

Execution of Contract Processes

Ensuring the Security of Movable Goods and Resources

Ensuring the Security of Data Controller Operations

Informing Authorized Persons, Institutions and Organizations

Execution of Management Activities

Creating and Tracking Visitor Records

Annex 3 – Persons to whom Personal Data is Transferred and Purposes of Transfer

In accordance with Articles 8 and 9 of the MİKROMAN MADEN Law, the participant may transfer the personal data of the employees to the following categories of persons:

 

Persons to whom Data Transfer can be made

Definition

Data Transfer Purpose and Scope

Real persons or private law legal entities

Real or legal persons with whom MİKROMAN MADEN has a relationship and carries out transactions following its activities

Restricted to the work and transaction performed

Business partners

Business partners, business partner banks with which MİKROMAN MADEN is associated for purposes such as performing its services

Establishment and execution of business partnership limited to its purpose and activities

Authorized Public Institutions and Organizations

Public institutions and organizations authorized to receive information and documents from MİKROMAN MADEN according to the provisions of the relevant legislation such as Social Security Institution, Tax Offices, etc.

Limited to the purpose requested by the relevant public institutions and organizations under their legal authority

Legally Authorized Private Legal Persons

Institutions or organizations established following certain conditions following the provisions of the relevant legislation and continuing their activities within this framework

Limited to the subjects falling within the fields of activity they carry out

Private Insurance Companies

Private health, pension, IAI (Individual Annuity Insurance) Application

Limited to the scope of private insurance registrations and notices 

Members of the Board of Directors

Members of the Board of Directors of MİKROMAN MADEN

To carry out the activities of the Board of Directors of MİKROMAN MADEN, limited

Organizations receiving services and cooperating

Organizations that receive contracted services and cooperate

Limited to contract and cooperation protocol principles

Lawyers with the power of attorney when the lawyer warns the

Lawyers with the power of attorney when the lawyer warns the

The company is limited to the issues that may have legal consequences on its activities and worker transactions.

Supplier

Parties providing services to the MİKROMAN MADEN in line with the purposes and requests of data processing

Limited to supply goods and services to carry out the commercial activities of MİKROMAN MADEN from external sources

Consultants

Experts and those who benefit from their experience

Experts and those who benefit from their experience

Auditors

Auditors with audit authority when they comply with the relevant legislation

Authorities and duty limits specified in the legislation