CONFIDENCE FROM THE PAST, SOLUTIONS FOR THE FUTURE

Legal Warnings (KVKK – Personal Data Protection Law)

Declaration
In this clarification text;

Personal Data refers to all kinds of information regarding an identified or identifiable natural person,

Personal Data Protection Law (“KVKK”) stands for Personal Data Protection Law No. 6698, which entered into force after being published in the Official Gazette on April 7, 2016,

Data Processor refers to the natural or legal person who processes data on behalf of data controller based on authority given by them,

Data Controller refers to the natural or legal person who determines the purposes and means of processing of Personal Data and is responsible for the establishment and management of the data recording system.

As ORAU Orhan Automotive Control Systems Industry Inc. (“Our Company”), especially protecting fundamental rights and freedoms; protecting privacy, ensuring and protecting information security, and respecting for ethical values are among our priority disciplines. Accordingly, our explanations given below are provided for your information within the scope of fulfilling our clarification obligation arising from Article 10 of the Personal Data Protection Law (“KVKK”);

Data Controller

Our Company, which has the title of “Data Supervisor” as defined in KVKK, processes your personal data within the framework of the purposes described below and the limits ordered by the legislation.

The Purpose of Processing and Transferring Personal Data

In our company, identity and contact information (including photo and/or biometric data), family and social life, education and training information, employment information, information about demand/complaint management, information about legal affairs, information about ethical values ​​and compliance with the law, financial information , audit information, use of electronic media, information about the goods and services provided and supplied, information about business activities, trade and other licenses and permits, physical space security information, visual and audio information (photo, camera, sound recordings), telecommunication logs, personal data such as e-mail and information systems services usage logs and login logs, as well as health reports, health data and criminal record information (including investigation, prosecution and execution procedures) of employees (including volunteers, part-time employees, interns, students, candidate employees) and family members, relatives, customers, suppliers, consultants, business partners, shareholders, Company officials and Company representatives, the person(s) with whom the contractual relationship is made and their employees, the person(s) who are the addressee of the transactions (parties to legal transactions such as lawsuits filed/to be filed/finalized by or against the Company, execution proceedings, mediation transactions), survey participants and visitors are collected, recorded and processed in accordance with KVKK.

In order to ensure the fulfillment of legal obligations as required or obliged by the relevant legislation, your personal data are collected and processed within the scope and purposes of processing specified in Articles 5 and 6 of the KVKK and limited to following purposes: performing commercial activities carried out by our Company and management and execution of related business processes, relations with business partners and/or suppliers; technical management of our Company’s websites; customer management and following up complaints; product surveys and follow-up of the questions you send to our Company; carrying out the necessary transactions by our business units for you to benefit from the products and services offered by our Company; planning and carrying out sales, marketing and after-sales processes of products and/or services; providing information about the contents of the relevant products and services; being able to send commercial electronic messages by obtaining separate approval in accordance with the legal legislation; carrying out activities and other organizations; performing legal and commercial relations with our Company and those who are in business relations with our Company and ensuring the security of these relations; administrative operations for communication carried out by our Company; employee administration and management; ensuring the physical security and supervision of the company’s facilities and working areas; planning logistics activities; conducting reputation research processes; compliance with ethical values ​​and law, carrying out legal business and procedures; following contract processes and/or legal requests; planning and executing Human Resources and personnel recruitment processes, and monitoring and performing education and training activities; planning and/or executing occupational health and/or safety processes; ensuring that our company can benefit from incentives by conducting research and development activities; planning and executing corporate communication and corporate governance activities; carrying out information security management services, monitoring and auditing financial and/or accounting affairs, and conducting activities aimed at determining the financial risks of customers; determining and implementing our Company’s commercial and business strategies; creating and tracking visitor records. In order to fulfill the above-mentioned purposes and to ensure your data security, your personal data can be transferred to trusted third parties and/or institutions and organizations and/or our business partners and/or our affiliates and business partners in Turkey and/or abroad, within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVKK, taking all necessary measures by our Company. In addition, personal data can be shared with public institutions and organizations authorized to request and receive this data as a legal necessity.

Collection Method of Personal Data and Cause of Action

Within the framework of the principle of proportionality and provided that they are linked and limited to the legitimate purposes stated above, personal data are collected, used, recorded, stored and processed by providing personal data owners with verbal, written and/or electronic information in a clear and understandable manner and by obtaining their express consent by verbal, written and / or electronic means when necessary, in accordance with the law and good faith.

We ensure that your personal data shall not be processed by our company for purposes other than those specified in this clarification document, and shall not be transferred or stored to third parties at home and abroad.

Retention Period of Personal Data

According to the retention periods specified in the relevant legal regulations, if the period has not been determined in the relevant legal regulations, your personal data are stored and then deleted, destroyed or anonymized in accordance with the KVKK in accordance with the practices and customs of our company’s commercial life or during the period required by the above-mentioned processing purposes.

Personal data can only be stored in order to provide evidence in possible legal disputes or to assert the relevant right related to personal data or to establish a defense if the purpose of processing personal data has expired and the retention periods determined by the relevant legislation and our Company have come to an end. Despite the time-out periods for asserting the right mentioned in the establishment of the periods here and the expiration of the time-out periods, retention periods are determined based on the examples made in the previous requests made to our Company on the same issues. In this case, the stored personal data is not accessed for any other purpose, and access to relevant personal data is provided only when it is required to be used in the relevant legal dispute. After the aforementioned period expires, personal data are deleted, destroyed or anonymized.

Security of Personal Data

Your personal data are continuously processed and developed within the scope of continuous improvement in order not to be exposed to unauthorized access, loss and damage in the environments where they are processed and stored in line with the requirements of the Information Security Management System (TISAX), KVKK technical and administrative measures, BS 10012/ISO 27701 Data Protection Personal Information Management System Standard, and also the guidelines on Personal Data Security published by the KVKK board.

Rights of Personal Data Owner

In accordance with Article 11 of the KVKK, everyone has the following rights by applying to the data controller;
a)to learn whether personal data is processed or not,
b)to request information if personal data has been processed,
c)to learn the purpose of processing personal data and whether they are used appropriately for their purpose,
d)to know the third parties to whom personal data are transferred domestically or abroad,
e) to request correction of personal data in case of incomplete or incorrect processing,
f)to request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7,
g) to request notification of the transactions made pursuant to sub-paragraphs (e) and (f) to third parties to whom personal data have been transferred,
h)to object to the emergence of a result against the person herself/himself by analyzing the processed data exclusively through automated systems,
i)to request the compensation of the loss in case of damage due to the illegal processing of personal data.

Application Methods Regarding the Rights of the Personal Data Owner Pursuant to paragraph 1 of article 13 of the KVKK, you can make your request to exercise your rights mentioned above with the following methods and information based on the “Communiqué on the Procedures and Principles of Application to the Data Controller” published in the Official Gazette No. 30356 dated 10 March 2018.

Necessary information in the application content;

  1. Applicant’s name and surname.
    2. T.R. identity number if the applicant is a citizen of Turkish Republic; if not, Nationality and Passport Number or identity number.
    3. Applicant’s place of residence or workplace address for notification.
    4. Applicant’s e-mail address, telephone or fax.
    5. The subject of applicant’s request.
    6. Information and documents based on the subject of applicant’s request.

Application methods that the relevant person can use;
1.The applicant can personally fill in the «Application Form» to the address of the Company* and submit a written report to the advisory office with the note «Information Request Required by the Law on Protection of Personal Data» on the sealed envelope.
2. The applicant can send a notification to the address of the Company* through a Notary, but the note «Request for Information as per the Law on Protection of Personal Data» must be attached to the notification envelope.
With the “Secure Electronic Signature” defined in the Electronic Signature Law No. 3.5070, the applicant can personally apply to our Company’s Registered Electronic Mail address «orauorhanotomotiv@hs03.kep.tr» with the note «Information Request Required by the Law on Protection of Personal Data» in the subject section.

*Company Address: NOSAB Meşe Cad. No:6 Nilüfer/Bursa