Customer Login
Privacy Policy

INTERNET PLATFORM DISCLOSURE TEXT

1. IDENTITY OF THE DATA CONTROLLER

Our CompanyLaw

2. COLLECTION, PROCESSING AND PROCESSING PURPOSES OF PERSONAL DATA

Your personal data listed below are collected electronically and processed for the following purposes:

  • Your identity and contact information that you will provide in your application to us by using the “e-mail list” and/or “contact” form on our website,
  • If you visit our website or browse these sites, your digital trace data and cookie data will also be processed.

Your personal data; It is processed for the purposes of providing our company's services, performing after-sales services, increasing customer satisfaction, evaluating and responding to complaints and suggestions, performing statistical analyses, fulfilling legal and regulatory requirements, providing the necessary information in line with the requests and inspections of official authorities, and ensuring data security.

On the other hand, if you give explicit consent, your identity and contact data will also be processed for promotion, e-mail newsletter sending and marketing purposes.

3. TRANSFER OF PERSONAL DATA

Your personal data may be transferred within the scope of the Law and other legislation and for the purposes explained in Article 2 of this Information Text, provided that it is limited to the reason that requires transfer; Within the scope of the law and relevant regulations; It can be transferred to supervisory and regulatory public institutions and organizations (BTK, TURKSTAT, courts, banks, etc.), auditors, companies providing software and hardware support services, and legally authorized private persons such as lawyers.

On the other hand, since our website servers are located abroad, the personal data you share with us through our website will be transferred abroad based on your explicit consent.

4. YOUR RIGHTS TOWARDS THE PROTECTION OF PERSONAL DATA

The rights of real persons whose personal data are processed are listed in Article 11 of the Law. If you, as a personal data owner, submit your requests regarding your rights listed in the relevant Law article to the Data Controller, in accordance with the application procedures stipulated in the Communiqué on Application Procedures and Principles, to our company's official address, in person or through a Notary Public, in accordance with the application procedures, as soon as possible and as soon as possible, depending on the nature of your request. It will be finalized free of charge within thirty (30) days at the latest. However, if the transaction requires an additional cost, it may request the fee at the tariff determined by the Personal Data Protection Board.

EXPRESS CONSENT TEXT FOR THE PROCESSING OF PERSONAL DATA

Clarification Text

 

Commercial Message Approval

In addition, in accordance with the Law No. 6563 on the Regulation of Electronic Commerce, through the channels I have marked below ; I consent to you contacting me for commercial communication, newsletter sending, and advertising and promotion of products and services.

SMS

E-mail

Call

 

 

 

PERSONAL DATA PROTECTION AND PROCESSING POLICY

Version : 1

Edited Date     : 01.09.2022

1. PURPOSE

CompanyPolicy

The purpose of the policy is to establish rules in the internal management of personal data, determine goals and obligations, establish control mechanisms in line with the reasonable risk level, fulfill legal obligations in the field of personal data protection and protect the interests of individuals in the best possible way.

2. SCOPE

Policy provisions cover company employees, sub-employees and interns who provide support services to all units of the Company, especially the Company's board of directors. Any action that violates the Personal Data Protection Law No. 6698 or this Policy is evaluated within the scope of the relevant legislation and sanctions are applied accordingly.

Again, the Company's business partners, suppliers and the Company who have access or may have access to personal data All third parties working with are invited to read and comply with this Policy.

3. DEFINITIONS

Explicit consent:

Consent regarding a specific subject, based on information and expressed with free will,

Anonymization:

It refers to making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data.

Contact Person:

The natural person notified by the Data Controller during registration to the Registry for the communication to be established with the Institution regarding the obligations of the data controller,

Law:

6698 Personal Data Protection Law no.

Personal data:

Any information regarding an identified or identifiable natural person,

Personal Data Inventory:

Personal data processing activities carried out by data controllers depending on their business processes; The inventory they create by associating personal data processing purposes and legal reason, data category, transferred recipient group and data subject person group and detailing the maximum retention period required for the purposes for which personal data are processed, personal data envisaged to be transferred to foreign countries and measures taken regarding data security,

Processing of personal data:

Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or Any operations performed on the data, such as preventing its use,

Institution:

Personal Data Protection Authority,

Set:

Personal Data Protection Board,

KVK Committee:

A structure consisting of real person or persons appointed by the data controller, who perform administrative follow-up and coordination of the processes established within the scope of the Law,

KVK Letter of Commitment:

The document determining the legal obligations of third parties with whom data is shared,

Register:

Institution data controllers' registry kept by,

Data Processor:

Natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller,

Data controller:

The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system,

expresses.

 

4. RESPONSIBILITIES

The Company has the title of Data Controller in accordance with the Law. Everyone who is an employee of the Company is responsible for developing and encouraging correct practices in the processing of personal data within the Company and for other obligations.

All employees of the Company who process personal data are responsible for complying with the Personal Data Protection legislation.

The Company is responsible for providing the necessary notifications and training for all its employees to know their responsibilities in the field of protection of personal data and to have the necessary awareness.

Company employees are responsible for all personal data provided to the Company by them or related to them. is responsible for ensuring the accuracy and up-to-dateness of the data.

4.1. KVK Committee:

KVK Committee members are appointed by the Board of Directors, taking into account their regular training and experience in the Law and secondary legislation and its applications, and they report directly to the Board of Directors. The KVK Committee was established as the committee responsible for managing the personal data protection system and ensuring and documenting compliance with the Law and other relevant legislation, and is responsible to the Board of Directors on these matters.

4.2. KVK Committee Duties and Responsibilities:

  • KVK Committee, Board of Directors, protection of personal data should be informed about the legislation and developments.
  • The KVK Committee is responsible for ensuring that the Company's policies and procedures are up-to-date, that data processing audits and trainings are carried out in accordance with the planned schedule and that they are in compliance with the relevant legislation.
  • KVK. The Committee acts together with the relevant employees on all issues related to the protection of personal data.
  • The KVK Committee is obliged to ensure that personal data that is not clearly necessary for the purpose of processing is not collected and processed.
  • The KVK Committee is obliged to ensure that personal data that is not clearly necessary for the purpose of processing is not collected and processed every year. It checks that the data processed through the updated personal data inventory is appropriate and relevant.
  • The KVK Committee checks that all data processing methods are appropriate and relevant through the internal audit/external audit it will conduct on an annual basis.
  • The KVK Committee is responsible for stopping the data processing activity in respect of personal data that it determines to be inappropriate, not relevant, or excessive for the purpose of processing, and to securely destroy the processed data in accordance with the procedure defining the storage and destruction process.
  • The KVK Committee is obliged to instruct the relevant unit to evaluate the type, storage period and amount of data processed through the data inventory and to review the accuracy or currency of certain data.

5. APPLICATION PRINCIPLES

5.1. DATA PROCESSING PRINCIPLES

The company will comply with personal data protection legislation and data protection principles. The data processing principles adopted by the Company include the following:

  • Processing personal data only if clearly necessary for legitimate corporate purposes,
  • Processing as much personal data as is necessary for these purposes and not processing more data than necessary (ensuring data minimization),
  • Providing individuals with clear information about who and how their personal data is used,
  • Processing only relevant and appropriate personal data,
  • Processing personal data fairly and in accordance with the law,
  • Keeping an inventory of personal data categories processed by the Company,
  • Keeping personal data accurate and updated when necessary,
  • Providing personal data only for the period required by legal regulations, the Company's legal obligations or legitimate corporate interests.
  • Storing personal data in a way that does not allow access to the identity information of Data Owners for longer than the period reasonably necessary for the purposes for which personal data is processed,
  • To ensure data confidentiality, for any project or as a key factor in the initial phase of the activity and subsequently throughout its service life (Principle of Ensuring Confidentiality from the Start),
  • Respecting the rights of individuals regarding their personal data, including the right to access,
  • Transferring personal data abroad only in accordance with the explicit consent of individuals or if adequate protection is available,
  • To implement the exceptions allowed in accordance with the legislation,
  • To establish and implement the personal data protection system for the implementation of the policy,
  • When necessary, to protect the internal and external stakeholders who are parties to the personal data protection system and their personal data of the Company. To determine to what extent they are included in the data protection system,
  • To identify employees with special authorities and responsibilities regarding the personal data protection system.

All personal data processing activities comply with the following data protection principles. It should be done as. The Company's policies and procedures aim to ensure compliance with these principles:

  • Compliance with the law and the rules of honesty
  • To be accurate and up to date when necessary
  • To be processed for specific, clear and legitimate purposes
  • To be related to the purpose for which they are processed, limited and proportionate
  • As stipulated in the relevant legislation or to the extent that they are processed to be kept for the period necessary for the purpose.

In this regard, the Company includes information and privacy notices regarding the personal data processing activities it carries out in data collection channels and relevant forms. The areas where notifications containing clear and understandable information about whose data are processed by the Company and for what purposes will be included and announced are determined by taking the opinion of the KVK Committee. These notifications include the following:

  • The identity and contact information of the Company as the data controller,
  • Types of personal data processed,
  • Purposes of processing personal data,
  • Methods of collecting personal data,
  • Based on the legal basis on which personal data is processed,
  • Rights of the data owner,
  • Third parties with whom the data may be shared.
  • >

In the personal data inventory, the reasons/purposes for processing personal data are determined and personal data cannot be used for purposes other than the specified purpose without another legal justification or the explicit consent of the data owner. If conditions arise that require the use of personal data for purposes other than those specified in the personal data inventory, this situation is reported to the KVK Committee by the relevant employee/unit/directorate. The KVK Committee checks the suitability of the new purpose and, if necessary, ensures that the data owner is informed about the new purpose and new data processing activity.

Personal data; It must be processed in accordance with the purposes for which it is processed, relevant and to a limited extent, and must be accurate and up-to-date. The accuracy and currency of data kept for a long period of time should be reviewed. The company is responsible for training all employees on the accurate and up-to-date collection and storage of data.

The KVK Committee must be informed about all data collection channels.

Accuracy and up-to-dateness of the data held regarding employees. It is the responsibility of the relevant employee.

Employees/customers/institutions and other relevant persons must inform the Company to update the processed personal data.

Personal data should be processed in such a way that the person concerned can be identified only if it is necessary for the purpose of data processing.

Backup of personal data, etc. Due to requirements, in cases of storage beyond the specified period or data security weakness, secure destruction methods determined by the Board are applied for personal data in order to protect the rights and freedoms of individuals.

The periods determined in accordance with the procedure defining the storage and destruction process of personal data are applied. When longer processing time is required, the written approval of the KVK Committee is obtained.

All Company units that process Personal Data are responsible for complying with the measures that put both the above-mentioned principles and applicable data protection laws into force and must be able to prove that they comply.

>

5.2. RISK ASSESSMENT

The Company determines the risks associated with the processing of personal data types. Certain types of data processing activities; If it is likely to pose a high risk to personal rights and freedoms in line with its structure, context and purposes, the Company must manage potential risks by performing an impact analysis before the data processing activity. A single assessment may be based on more than one data processing activity that involves similar risks.

If, as a result of the impact analysis, it is understood that the Company is about to start a data processing activity that may pose a high risk to personal rights and freedoms, the KVK Committee on this issue 's approval is required. If the KVK Committee deems it necessary, it obtains the opinion of the Board on the matter.

5.3. OBTAINING EXPRESS CONSENT

The Company may make a written/oral statement or express statement by the data owner regarding certain data processing activities and in cases required by the Law, based on being informed and revealing the will to process data about him/her with free will. It accepts the consent expressed through a confirmatory action as explicit consent. Explicit consent is obtained in writing or in a systematically verifiable manner. Explicit consent can be withdrawn by the data owner at any time.

In case the data processing activity based on explicit consent will be continuous or repeated, the express consents obtained are checked. The up-to-dateness and accuracy of these explicit consents are the responsibility of the relevant unit. Explicit consent forms or other relevant proof tools regarding data processing activities based on explicit consent are stored by the relevant unit.

5.4. DATA SECURITY

All employees are obliged to ensure that the data processed by the Company and under their responsibility is kept secure and not disclosed to third parties unless they sign a confidentiality agreement.

Only access to personal data is possible. Those who need it should have access.

Events that threaten the security of personal data are reported to the Board and the relevant person as soon as possible after they are determined by the KVK Committee and, in any case, within 72 hours at the latest after learning of the incident.

5.5. DATA SHARING

Personal data can only be shared with third parties in accordance with law and equity. Accordingly, in order for personal data to be shared, one of the following conditions must be met:

  • Obtaining the explicit consent of the data owner,
  • It is clearly foreseen by law,
  • It is necessary for the protection of the life or physical integrity of the person or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not given legal validity,
  • Company It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or execution of a contract to which the company is or will be a party,
  • It is mandatory for the Company to fulfill its legal obligations,
  • It has been made public by the relevant person,
  • Data processing is mandatory for the establishment, exercise or protection of the Company's rights,
  • Provided that it does not harm the fundamental rights and freedoms of the relevant person, the Company It is mandatory to process data for the legitimate interests of .

Personal data can only be transferred abroad provided that the above conditions are met and there is adequate protection in the target country or the data owner's explicit consent to this transfer is obtained.

In transferring personal data abroad, the list of countries with adequate protection determined by the Board is taken into account.

When it comes to transferring personal data abroad, the KVK Committee provides the necessary permissions and notifications to the Board in accordance with the Law and relevant legislation.

All transactions regarding the sharing of personal data must be recorded in writing with their justifications. These records are audited periodically by the KVK Committee.

In case there is a regular data sharing relationship without a legal basis or legal obligation, a KVK Commitment is made with the party in question, which determines the conditions of data sharing.

5.6. MANAGEMENT OF RECORDS

Personal data cannot be kept longer than necessary for the purposes of processing. The classification of records containing personal data and their retention periods are determined in accordance with the Personal Data Recording, Storage and Destruction Procedure.

Personal data that has expired or must be destroyed upon the justified request of the data owner, in accordance with the procedure where the storage and destruction process is defined. is anonymized or deleted or destroyed.

5.7. RIGHTS OF DATA HOLDERS

Data owners have the following rights regarding data processing activities and records at the Company:

  • Learning whether personal data is processed or not,
  • Requesting information if personal data has been processed,
  • Learning the purpose of processing personal data and whether they are used for their intended purpose,
  • Knowing the third parties to whom personal data are transferred at home or abroad,
  • Requesting correction of personal data if they have been processed incompletely or incorrectly,
  • Requesting the deletion or destruction of personal data for which there is no legal justification or basis for processing in accordance with KVKK or this policy,
  • li>
  • Requesting that corrections or deletions made upon request be notified to third parties to whom personal data have been transferred,
  • Objecting to the emergence of a result against the person by analyzing the processed data exclusively through automatic systems,
  • >
  • Requesting compensation for damages in case of damage due to illegal processing of personal data.

Application Procedure of the Data Owner

Data owners may apply to the Company with their requests regarding their rights listed above, in accordance with the application procedures stipulated in the Communiqué on the Procedures and Principles of Application to the Data Controller.

p>

In this case, the Company will finalize the request free of charge as soon as possible and within 30 (thirty) days at the latest, depending on its nature. However, if the transaction requires an additional cost, the Company may charge the fee in the tariff determined by the Board. Processes regarding receiving, transmitting and finalizing requests are carried out in accordance with the Procedure for Receiving, Evaluation and Response to Data Owner Applications.

Access rights and contact information of data owners are included in the notifications and on the web address so that data owners can submit their requests.

p>

All employees of the Company, regardless of their job description, are obliged to guide data owners on the correct application method for data owner access requests made to them. Company employees must be informed by the KVK Committee on how to act regarding requests from data owners.

In this context, applications;

  • It can be done by the Data Owner's personal application,
  • Through a Notary Public

6. ENFORCEMENT AND KEEPING UPDATED

This Policy entered into force on 01.09.2022; The law will be re-evaluated at the beginning of each year by the KVK Committee in line with the relevant secondary legislation, Board Decisions and Company business processes, and will be updated if necessary.

 

 

 

PROCEDURE FOR RECEIVING, EVALUATING AND RESPONDING TO DATA OWNER APPLICATIONS

Version                     : 1

Edited Date     : 01.09.2022

 

ProcedureCompany

Works and procedures regarding receiving, evaluating and responding to applications made by data owners regarding personal data are subject to this Procedure prepared by the Company accordingly. It is carried out in accordance with.

1. DEFINITIONS

Law:

6698 Personal Data Protection Law no.

Set:

Personal Data Protection Board

Data Owner:

Natural person whose personal data is processed

Personal Data:

Any information regarding an identified or identifiable natural person, as long as it is within the scope of the law

 

2. RECEIVING THE APPLICATION

2.1. Form of Application

Data Owners will submit their applications in writing to the Company contact person in accordance with Article 13 of the Law, in order to obtain information about their personal data collected by the Company and to exercise their rights specified in Article 11 of the Law. .

Accordingly, applications to be made by Data Owners can be made in writing as follows:

2.2. Content of the Application

In order to evaluate the Data Owner's requests, it will first be determined whether the Data Owner is the owner of the personal data processed by the Company. In this regard, in applications to be made to our Company within the scope of the Law, the identity information of the Data Owner must be stated clearly and truthfully.

In conditional requests, the Data Owner must provide the necessary information about how this condition is fulfilled and submit the documents to prove this claim to the Company. should convey.

Applications that are not received through the methods specified in this Procedure may be evaluated if the identity of the Data Owner has been determined and the information and/or documents requested by the Company for the application within the scope of the Law have been provided. Otherwise, the applications will be rejected due to irregularity.

Applications that do not meet the qualifications specified in this article will be evaluated and the Data Owner will be contacted until the requested information is obtained; However, if the requested information and/or documents are not provided by the Data Owner, the Data Owner's application will be rejected due to irregularity.

3. OTHER CASES

3.1. Application Made by Attorney or Legal Representative

Applications to be made to the Company within the scope of the Law can also be made by the Data Owner's attorney or legal representative, if the official document proving it is presented.

3.2. Application Fee

The Law stipulates that the Data Controller will finalize the request submitted to him/her free of charge. However, it has been stated that if the transaction requires an additional cost, it may be possible to charge a fee in line with the principles determined by the Board. In this context, if finalizing the applications to the Company requires any additional costs, the Company may charge a fee from the Data Owner.

4. APPLICATION EVALUATION PROCESS

If it is determined that there is missing information and/or documents in the applications made by the Data Owner, this issue will be notified to the Data Owner. If the requested information and/or documents are not provided by the Data Owner, the Data Owner's application will be rejected due to irregularity.

In cases where it is not possible to respond to the Data Owner's application without sharing personal data of third parties, the Company uses the following three steps: evaluation process will be applied:

  • Responding to the application without sharing the personal data of the third party (for example, deleting the personal data of the third party or darkening) will be evaluated whether it is possible.
  • It will be determined whether the third party has given explicit consent to share their personal data.
  • If the third party's explicit consent is not obtained, it will be evaluated whether the personal data in question can be shared without explicit consent.

If it is not possible to finalize the application without sharing the data of the third party; First of all, explicit consent will be obtained from the Data Owner whose personal data has to be shared. If the third party does not consent to the sharing of its data, the application will be responded to by completely extracting the third party's information.

If the third party whose personal data will be shared cannot be reached, the Company will show utmost care and sensitivity in sharing information containing the third party's personal data. In this way, personal data of third parties may also be shared if necessary.

5. EVALUATION PERIOD OF APPLICATIONS

Data Owner's requests will be evaluated and concluded by the Company as soon as possible and within thirty (30) days at the latest.

Applications made to the Company, will be directed to the relevant department of the Company within a maximum of three (3) days; The investigations to be conducted by the department to which the application is directed will be concluded within a maximum of one (1) week.

6. RESPONDING TO APPLICATIONS

Applications made by the Data Owner to the Company are answered by the contact person appointed by the Company and the following information is included in the responses to the applications:

  • Applicant Making the Request
  • Requests
  • Information and Documents Provided as a Result of the Request
  • Request Date of receipt
  • If extra information and documents regarding the request are requested; date of these requests and date of receipt of relevant responses
  • Transactions regarding the request
  • Company's Responses to the Requests
  • Request Response Date
  • Authorized Signature

With the relevant application Incident records, documents and results related to this issue are stored in the electronic directory created for this purpose. A copy of the written submission record is also kept in the archive.

7. ENFORCEMENT AND KEEPING UPDATED

This Procedure entered into force on 01.09.2022; It will be re-evaluated by the KVK Committee at the beginning of each year in line with the law, relevant secondary legislation, Board Decisions and Company business processes and will be updated if necessary.

Our Announcements and NewsYou Can Get Information By Examining!
ATS Corrugated Packaging Takes a Brand New Path!
ATS Corrugated Packaging Takes a Brand New Path!
We announce to you with great excitement and pride that the official website of ATS Oluklu Ambalaj has started publishing!
Where are Standard Boxes Used?
Where are Standard Boxes Used?
It is used in many industries for transportation, storage, and protection against breakage and damage.
Where Are Corrugated Cardboards Used?
Where Are Corrugated Cardboards Used?
Corrugated cardboard packaging is preferred in food, electronics, furniture, automotive and many other sectors.
ATS AMBALAJ
Offer Form
ATS AMBALAJ

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. Privacy Policy, Cookie Declaration