BEMFİL MENSUCAT SAN. AND TRADE Inc.
PERSONAL DATA PROTECTION AND PROCESSING POLICY
Target Audience: Bemfil Mensucat San. And Trade. Inc. All natural persons whose personal data are processed by
Prepared by: Bemfil Mensucat San. And Trade. Inc. Personal Data Protection Committee Version: 1.0
Approved by: Bemfil Mensucat San. And Trade. Inc. Approved by.
BEMFİL MENSUCAT SAN. AND TRADE Inc.
PERSONAL DATA PROTECTION AND PROCESSING POLICY
1. INTRODUCTION
Bemfil Mensucat San. And Trade. Inc. (“Bemfil Mensucat”) attaches importance to the protection of personal data in its activities and considers it among its priorities in its business and transactions. Bemfil Mensucat Personal Data Protection and Processing Policy ("Policy") is the basic regulation for the compliance of Bemfil Mensucat organization and business processes with the personal data processing procedures and principles determined by the Personal Data Protection Law No. 6698 ("Law"). In line with the principles of this Policy, Bemfil Mensucat processes and protects personal data with high level of responsibility and awareness, and provides the necessary transparency by informing personal data owners.
1.1.Purpose
The purpose of this Policy is to ensure that the procedures and principles stipulated by the Law and other relevant legislation are harmonized with Bemfil Mensucat's organization and processes and implemented effectively in its activities. Bemfil Mensucat takes all kinds of administrative and technical measures with this Policy for the processing and protection of personal data, creates necessary internal procedures, raises awareness, and carries out all necessary training to ensure awareness. Shareholders, officials, employees and business partners are subject to legal processes.
For their compliance, all necessary precautions are taken and appropriate and effective control mechanisms are established.
1.2. Scope
The policy covers all personal data obtained automatically in Bemfil Mensucat business processes or non-automatically, provided that it is part of any data recording system.
1.3 . Rest
The Policy is based on the Law and relevant legislation. Personal data is subject to the Industrial Registry Law no. 6948, the Law on the Preparation and Implementation of Technical Legislation on Products no. 4703, the Turkish Standards Institute (TSE) Establishment Law no. 132 and the Laws amending this Law, the Law on Consumer Protection no. 6502, the Identity Declaration Law no. 1774. To fulfill legal obligations arising from the Labor Law No. 4857, Occupational Health and Safety Law No. 6331, Social Security and General Health Insurance Law No. 5510, Unemployment Insurance Law No. 4447, Turkish Commercial Code No. 6102, Tax Procedure Law No. 213 and other relevant legislation. is being processed.
In cases of incompatibility between the applicable legislation and the Policy, the applicable legislation shall be applied. The regulations stipulated by the relevant legislation are transformed into Bemfil Mensucat practices with the Policy.
| Explicit consent | on a specific subject, based on informed and free It refers to consent expressed voluntarily. |
| Application form | What personal data owners can do to exercise their rights Protection of Personal Data numbered 6698, which includes the application According to the Law and the Data Protection Authority issued by the Personal Data Protection Authority In accordance with the Communiqué on the Procedures and Principles of Application to the Person in Charge data prepared by the relevant person (Personal Data Owner) Application form for applications to be made to the responsible person. |
| Related user | Technical storage, protection and Except for the person or unit responsible for backing up within the data controller organization or from the data controller processes personal data in accordance with the authority and instructions received are people. |
| Destruction | Deletion, destruction or anonymization of personal data bringing. |
| recording media | Wholly or partially automated or any data by non-automatic means, provided that it is part of the recording system Any environment where processed personal data is located. |
| Personal Data | Any kind of information regarding an identified or identifiable natural person information. |
| Processing of personal data | processing of personal data wholly or partially automated or provided that it is part of any data recording system Obtaining, recording, storage, preservation, replacement, reuse arrangement, disclosure, transfer, acquisition, acquisition making it accessible, classifying or using Any action performed on data, such as blocking. |
| Anonymization of personal data | Personal data cannot be processed in any way, even by matching it with other data. with an identified or identifiable natural person making it unrelatable. |
| Personal data owner | Processing of personal data by or on behalf of Bemfil Mensucat the real person who was stung. |
| Deletion of personal data | Deletion of personal data; personal data for Relevant Users become inaccessible and unusable in any way bringing. |
| Destruction of personal data | Personal data cannot be accessed by anyone in any way, The process of making it irreversible and unusable. |
| Board | Personal Data Protection Authority. |
| Organisation | Personal Data Protection Authority. |
| Special personal data | People's race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, attire, association, foundation or union membership, health, sexual life, criminal conviction and with data regarding security measures biometric and genetic data. |
| periodic destruction | All conditions for processing personal data specified in the law Storing and destroying personal data in case of disappearance ex officio at recurring intervals specified in the policy deletion, destruction or anonymization to be carried out process. |
| Data Processor | Personal data on behalf of the data controller, based on the authority given by the data controller Real or legal person who processes data. |
| Data Recording System | Personal data is structured and processed according to certain criteria recording system. |
| Data subject / Contact person | The real person whose personal data is processed. |
| Data Controller | Determining the purposes and means of processing personal data, data Responsible for establishing and managing the registration system natural or legal person. |
| Data Representative | In accordance with the law, the relevant legal articles of the Data Controller real persons appointed to fulfill their duties within the scope of person. |
| regulation | Personal Law published in the Official Gazette on 28 October 2017 Deletion, Destruction or Anonymization of Data Regulation on |
2. PERSONAL DATA PROTECTION ISSUES
2.1. Ensuring the Security of Personal Data
Bemfil Mensucat takes the necessary precautions stipulated in Article 12 of the Law, depending on the nature of the personal data, in order to prevent unlawful disclosure, access, transfer of personal data or security problems that may occur in other ways. Bemfil Mensucat takes measures and carries out inspections to ensure the necessary level of personal data security in accordance with the guidelines published by the Personal Data Protection Authority.
2.2. Protection of Special Personal Data
Personal data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction, security measures and biometric data Measures taken to protect genetic data are carefully implemented and necessary inspections are carried out.
2.3. Developing Awareness on the Protection and Processing of Personal Data Bemfil Mensucat provides the necessary training to those concerned to ensure the legal processing and access of personal data, the protection of data and the development of awareness regarding the use of rights. In order to increase the awareness of employees about protecting personal data, Bemfil Mensucat implements the necessary business processes.
Creates and receives support from consultants if needed. The deficiencies encountered in practice and the results of the training are evaluated by Bemfil Mensucat management. New trainings are organized if necessary due to changes in the legislation regarding these evaluations.
3. PROCESSING OF PERSONAL DATA
3.1. Processing of Personal Data in Compliance with Legislation Personal data is processed in accordance with the legislation in line with the principles listed below.
I. Processing in Compliance with the Law and the Rules of Honesty Personal data is processed in accordance with the law and the rule of honesty, to the extent required by business processes, and limited to these, without harming the fundamental rights and freedoms of individuals.
ii. Ensuring that Personal Data is Up-to-Date and Accurate. Necessary precautions are taken to keep the processed personal data up-to-date and accurate, and work is carried out in a planned and programmed manner.
iii. Processing for Specific, Clear and Legitimate Purposes Personal data is processed based on the legitimate purposes determined and disclosed in the business processes carried out.
iv. Being Relevant, Limited and Proportionate to the Purpose for which they are Processed Personal data are collected in the quality and extent required by business processes, and are processed in a limited manner, depending on the determined purposes.
v. Retention for the Necessary Period Personal data is retained for the minimum period required for the purpose of processing personal data and stipulated in the relevant legislation. First of all, if a period of time is foreseen for the storage of personal data in the relevant legislation, it is kept for this period; if not, personal data is kept for the period necessary for the purpose for which it is processed. At the end of their retention period, personal data is destroyed by appropriate methods (deletion, destruction or anonymization) in accordance with the periodic destruction periods or the data owner's application.
3.2. Conditions for Processing of Personal Data Personal data is processed based on the explicit consent of the owner or one or more other conditions specified below.
I. Existence of Explicit Consent of the Personal Data Owner. Processing of personal data is done with the explicit consent of the data owner. Explicit consent of the personal data owner: It is obtained by being informed about a certain issue and obtaining his/her free will.
ii. Lack of Explicit Consent of the Personal Data Owner: If any of the conditions listed below are met, personal data may be processed without the need for the explicit consent of the data owner.
a. Clearly Regulated in Laws. If there is a clear regulation in the law regarding the processing of personal data, personal data may be processed without obtaining the consent of the data owner.
b. Inability to Obtain the Explicit Consent of the Data Subject Due to Actual Impossibility Due to actual impossibility, the personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to express his/her consent or whose consent cannot be validated, in order to protect his or her own or another person's life or physical integrity.
c. Directly Relevant to the Establishment or Performance of a Contract If the processing of personal data is directly related to the establishment or performance of a contract to which the data owner is a party, the data owner's personal data may be processed.
D. Fulfillment of Legal Obligations While Bemfil Mensucat fulfills its legal obligations, personal data of the data owner may be processed if personal data processing is mandatory.
to. Publicization of Personal Data by the Personal Data Owner Personal data belonging to data owners who have made their personal data public may be processed on a limited basis for the purpose of publicization.
f. Mandatory Data Processing for the Establishment or Protection of a Right If data processing is mandatory for the establishment, exercise or protection of a right, the personal data of the data owner may be processed.
g. Mandatory Data Processing for Legitimate Interests Personal data of the data owner may be processed if data processing is mandatory for the legitimate interests of Bemfil Mensucat, provided that it does not harm the fundamental rights and freedoms of the personal data owner.
3.3. Processing of Special Personal Data Bemfil Mensucat processes special personal data in accordance with the principles set out in the Law and Policy, by taking all necessary administrative and technical measures with the methods determined by the Board, with the following procedures and principles:
I. Special categories of personal data, other than health and sexual life, may be processed without seeking the explicit consent of the data owner, if there is a clear provision in the law regarding their processing. In cases not expressly provided for by law, explicit consent of the data owner is obtained.
ii. Special personal data regarding health and sexual life may be collected by persons or authorized institutions and organizations who are under the obligation of confidentiality, for the purpose of protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, by the data owner. It may be processed without explicit consent. Otherwise, explicit consent of the data owner is obtained.
3.4. Disclosure of Personal Data Owner Bemfil Mensucat informs personal data owners for what purposes their personal data is processed, for what purposes it is shared with whom, by what methods it is collected, the legal reason and data owners'
informs them about their rights in the processing of their personal data in accordance with the relevant legislation. In this regard, the protection of personal data is carried out in accordance with other policy documents and clarification texts prepared within the framework of the principles in the Policy.
3.5. Transfer of Personal Data Bemfil Mensucat may lawfully transfer personal data and sensitive personal data to third parties (third party companies, group companies, third real parties) in accordance with the personal data processing purposes, by taking the necessary security measures. Bemfil Mensucat transfer operations,
It carries out the transactions in accordance with the regulations stipulated in Article 8 of the Law.
I. Transfer of Personal Data Although the express consent of the personal data owner is required for the transfer of personal data, personal data may be transferred to third parties by taking all necessary security measures, including the methods prescribed by the Board, based on one or more of the conditions specified below.
a. It is clearly stipulated in the law,
b. It is directly related to and necessary for the establishment or performance of a contract,
c. It is mandatory for Bemfil Mensucat to fulfill its legal obligations,
D. Limited to the purpose of publicization, provided that personal data has been made public by the data owner,
to. It is mandatory for the establishment, use or protection of the rights of Bemfil Mensucat or the data owner or third parties,
f. It is necessary to ensure the legitimate interests of Bemfil Mensucat, provided that it does not harm the fundamental rights and freedoms of the data owner,
g. It is necessary for a person who is unable to express his/her consent due to actual impossibility or whose consent is not given legal validity, to protect his/her own or someone else's life or physical integrity.
Personal data based on any of the above-mentioned situations may be transferred to foreign countries declared as "Foreign Countries with Adequate Protection", which are determined by the Board to have adequate protection. Personal data may be transferred, in accordance with the conditions stipulated in the legislation, to those who have the status of "Foreign Country Where the Data Controller Committed to Adequate Protection" is located, where there is no adequate protection, and the data controllers in Turkey and foreign countries undertake to provide adequate protection in writing and have the permission of the Board.
ii. Transfer of Special Personal Data Special personal data can be transferred in accordance with the principles set out in the Policy, by taking all necessary administrative and technical measures, including the methods determined by the Board, and under the conditions set out below:
a. Special categories of personal data, other than health and sexual life, are collected without the explicit consent of the data owner, if there is a clear provision in the law regarding the processing of personal data, otherwise, if the explicit consent of the data owner is obtained.
b. Special personal data regarding health and sexual life can be collected without explicit consent by persons under the obligation of confidentiality or authorized institutions and organizations for the purpose of protecting public health, preventive medicine, medical diagnosis, execution of treatment and care services, planning and management of health services and financing. , otherwise in case of obtaining the explicit consent of the data subject.
Personal data may be transferred to those with the status of "Foreign Country with Adequate Protection" if any of the above conditions are met, or if there is no adequate protection, personal data may be transferred to those with the status of "Foreign Country Where the Data Controller Undertakes Adequate Protection is Located", in accordance with the data transfer conditions regulated in the legislation.
4. PERSONAL DATA INVENTORY PARAMETERS
Bemfil Mensucat management, administrative affairs (accounting-administrative affairs), finance, production, purchasing, warehouse, sales, marketing-logistics business processes, employee candidate, employee, potential product or service buyer, supplier representative, product or service recipient, parent /guardian/representative, visitors etc. Data categories and personal data of personal data owners (Annex-1) are processed depending on the personal data processing purposes (Annex-2). Data subject person groups and processing purposes according to data categories
Details are reported in Bemfil Mensucat's area at https://verbis.kvkk.gov.tr/.
Personal data processing purposes, according to personal data categories, to inform the relevant persons in accordance with Article 10 of the Law and other legislation, based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, Law on the processing of personal data It is processed according to the determined purposes in order to comply with the general principles specified in the Law, especially the principles specified in Article 4 of the Law.
Personal data Policy “3.5. Pursuant to the principles set out in the "Transfer of Personal Data" section: Real persons or private law legal entities, suppliers, authorized public institutions and organizations, private insurance companies, auditors, consultants, domestic organizations from which we receive contracted services and cooperate, and for specified purposes (Annex-3). can be shared. Personal information is not transferred to foreign countries.
5. MEASURES TAKEN REGARDING THE PROTECTION OF PERSONAL DATA
Bemfil Mensucat takes the necessary technical and administrative measures to protect the personal data it processes in accordance with the procedures and principles specified in the Law, carries out the necessary inspections in this context, and carries out training and training activities.
Even though all technical and administrative measures have been taken, if the processed personal data is obtained by third parties through illegal means, Bemfil Mensucat will notify the relevant persons and units as soon as possible.
6. STORAGE AND DESTRUCTION OF PERSONAL DATA
Bemfil Mensucat retains personal data for the minimum period required for the purpose of processing and stipulated in the relevant legislation. Bemfil Mensucat, first of all, if a period is determined in the relevant legislation, it complies with this period; If a legal period is not stipulated, it stores personal data for the period necessary for the purpose of processing personal data. At the end of the specified storage periods, personal data is destroyed by the specified method (deletion, destruction or anonymization), in accordance with the periodic destruction periods or the data owner's application.
7. RIGHTS OF PERSONAL DATA OWNERS AND THE USE OF THESE RIGHTS
7.1. Rights of Personal Data Owner Personal data owners have the following rights arising from the Law:
I. Learning whether personal data is processed or not,
ii. Requesting information if personal data has been processed,
iii. Learning the purpose of processing personal data and whether they are used for their intended purpose,
iv. Knowing the third parties to whom personal data is transferred at home or abroad,
v. Requesting correction of personal data in case personal data has been processed incompletely or incorrectly and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,
vi. Requesting the deletion or destruction of personal data in case the reasons requiring processing no longer exist, even though it has been processed in accordance with the law and other relevant legal provisions, and requesting that the action taken in this context be notified to third parties to whom the personal data has been transferred,
vii. Object to the emergence of a result that is unfavorable to the individual by analyzing the processed data exclusively through automatic systems, viii. Requesting compensation for damages in case of damage due to unlawful processing of personal data.
7.2. Exercise of Personal Data Owner's Rights Personal data owners 6.1. may submit their requests regarding the rights listed in the article to Bemfil Mensucat through the methods determined by the Board. Personal data owners and those who have the right to apply on their behalf can apply to Bemfil Mensucat by filling out the "Data Owner Application Form" (Annex-4).
7.3. Responding to Applications Bemfil Mensucat finalizes the applications made by the personal data owner in accordance with the Law and other legislation. Requests submitted to Bemfil Mensucat in accordance with the procedure shall be received as soon as possible and within 30 days at the latest.
It is concluded within (thirty) days, free of charge. However, if the transaction requires an additional cost, a fee may be charged in accordance with the tariff determined by the Board.
7.4. Rejection of the Application of the Personal Data Owner Bemfil Mensucat may reject the request of the applicant by explaining the reason in the following cases:
I. Research, planning and use of personal data by anonymizing them with official statistics
Processing for purposes such as statistics,
ii. Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defence, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime,
iii. Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defence, national security, public safety, public order or economic security,
iv. Processing of personal data by judicial authorities or enforcement authorities regarding investigation, prosecution, trial or enforcement proceedings,
v. Processing personal data is necessary for the prevention of crime or criminal investigation,
vi. Processing of personal data made public by the personal data owner,
vii. Processing of personal data is necessary for the execution of auditing or regulatory duties and disciplinary investigation or prosecution by public institutions and organizations and professional organizations that are public institutions, based on the authority granted by the law,
viii. Personal data processing is necessary to protect the economic and financial interests of the State regarding budget, tax and financial matters,
ix. The request of the personal data owner is likely to hinder the rights and freedoms of other persons,
x. Requests have been made that require disproportionate effort,
xi. The requested information must be publicly available information.
7.5. Personal Data Owner's Right to Complain to the KVK Board
Pursuant to Article 14 of the Law, in cases where the application is rejected, the response is found to be insufficient, or the application is not responded to within due time; He/she may file a complaint with the Board within thirty days from the date of learning Bemfil Mensucat's answer and in any case within sixty days from the date of application.
7.6. Information That May Be Requested from the Applicant Personal Data Owner Bemfil Mensucat may request information from the relevant person in order to determine whether the applicant is the personal data owner. Bemfil Mensucat may ask questions to the personal data owner regarding his application in order to clarify the issues included in the personal data owner's application.
8. EXECUTION
The policy was approved by the Board of Directors and put into effect. Politics' technical
Its execution is provided by the "Personal Data Storage and Destruction Policy" (Annex-5).
Execution of the Policy before the parties in business processes "Customer Information Text and Explicit Consent"
Declaration” (Annex-6), “Supplier Confidentiality Commitment, Supplier Information Text and Explicit Consent
"Declaration" (Annex-7), "Employee Information Text and Explicit Consent Statement" (Annex-8), "Employee Candidate
Information Text and Explicit Consent Statement" (Annex-9), "Website Cookie Information Text" (Annex 10), "Camera Information Text and Explicit Consent Statement" (Annex-11).
The Board of Directors is responsible for the execution of the Law and Policy and updating it when necessary.
Bemfil Mensucat Personal Services is responsible for the monitoring, coordination and supervision of all works and transactions within the scope.
The Data Protection Committee is responsible.
9. ENFORCEMENT AND DECLARATION
The policy has entered into force as of its publication date. Changes to the Policy
It is published on Bemfil Mensucat's website (www.bemfil.com.tr) and personal data owners are informed about the relevant information.
is made available to people. Policy changes come into force on the date they are announced.
APPENDICES
Annex 1- Data Categories and Personal Data
Annex 2- Personal Data Processing Purposes
Annex 3- Persons to whom Personal Data is Transferred and Purposes of Transfer
Annex 4- Personal Data Owner Application Form
Annex 5- Personal Data Storage and Destruction Policy
Annex 6- Customer Information Text and Explicit Consent Statement
Annex 7- Supplier Confidentiality Agreement, Supplier Information Text and Explicit Consent Statement
Annex 8- Employee Information Text and Explicit Consent Statement
Annex 9- Employee Candidate Information Text and Explicit Consent Statement
Annex 10- Website Cookie Information Text
Annex 11- Camera Information Text and Explicit Consent Statement
ANNEX 1- Data Categories and Personal Data
| Data Categories | Personal Data |
| Identity | Name surname Parent's Name Date of birth Place of birth Marital Status Identity Card Serial Number TC Identification number Gender Information TR ID Card Driver's license |
| Communication | Address E-mail address Contact address Registered Electronic Mail Address (KEP) Phone number |
| Location | Location information of the current location, etc. |
| Personnel | Payroll Information Disciplinary Investigation Employment Entry-Exit Certificate Records CV Information |
| Legal action | Information in correspondence with judicial authorities, case information in the file etc. |
| Customer Transaction | Invoice Bill Check Information Entry-Exit Information Order Information |
| Physical Space Security | Entry and Exit Registration Information of Employees and Visitors Camera Recordings |
| Transaction Security | Transaction Security (IP address information, website login such as login information, password and password information) IP Address Information Website Login and Exit Information Password and Password Information |
| Risk management | Processed to manage commercial, technical and administrative risks such as information |
| Finance | Balance Sheet Information Financial Performance Information Credit and Risk Information Bank Account Number IBAN number |
| Professional experience |
Diploma Information |
| Marketing | Shopping History Information Information Obtained through Campaign Work |
| Audiovisual Records | Closed Circuit Camera System Image, Audio Recording |
| Health Information | Information on Disability Status Blood Group Information Personal Health Information Device Used and Prosthesis Information Laboratory and Imaging Results Test results Inspection Data Prescription Information |
| Criminal Conviction and Security measures |
Information on Criminal Convictions Information Regarding Security Measures |
| Family Information | Number of children Family registry Spouse Working Information Child Education and Age Information |
| Working Data | department How it works Job Last Company Information Reference Information |
| Signature Information | Contained on documents that constitute personal data wet or electronic signature, fingerprints, special marks |
| Website Usage Datas |
Application Form Filling Date Frequency/Times of Login to the Site Last Login Date IP Address (Any requests or complaints directed to the Company personal data regarding collection and evaluation.) |
| Insurance Information | Private Insurance Data Social Security Institution Data |
| Vehicle Information | Vehicle License Plate Data |
| Residence Permit for Foreigners Information |
Information on Residence Permit for Foreigners |
ANNEX 2- Categorical Personal Data Processing Purposes
| Conducting Emergency Management Processes Conducting Emergency Management Processes Execution of Information Security Processes Conducting Employee Candidate / Intern / Student Selection and Placement Processes Carrying out the application processes of employee candidates Conducting Employee Satisfaction and Loyalty Processes Fulfillment of Employment Contract and Legislation Obligations for Employees Execution of Fringe Benefits and Benefits Processes for Employees Conducting Audit / Ethics Activities Conducting Educational Activities Execution of Access Authorizations Conducting Activities in Compliance with Legislation Carrying out Finance and Accounting Affairs Execution of Commitment Processes for Company / Product / Services Ensuring Physical Space Security Execution of Assignment Processes Follow-up and Execution of Legal Affairs Conducting Internal Audit / Investigation / Intelligence Activities Carrying out Communication Activities Planning Human Resources Processes Execution/Audit of Business Activities Carrying out Occupational Health / Safety Activities Receiving and Evaluating Suggestions for Improving Business Processes Carrying out Business Continuity Ensuring Activities Carrying out Logistics Activities Execution of Goods / Service Purchasing Processes Execution of Goods/Service After-Sales Support Services Execution of Goods / Service Sales Processes Execution of Goods / Service Production and Operation Processes Execution of Customer Relationship Management Processes Carrying out Activities for Customer Satisfaction Organization and Event Management Conducting Marketing Analysis Studies Conducting Performance Evaluation Processes Execution of Advertising / Campaign / Promotion Processes Conducting Risk Management Processes Carrying out Storage and Archive Activities Execution of Contract Processes Tracking of Requests / Complaints Ensuring the Security of Movable Goods and Resources Execution of Supply Chain Management Processes Execution of Wage Policy Execution of Marketing Processes of Products / Services Ensuring the Security of Data Controller Operations Execution of Investment Processes Conducting Talent / Career Development Activities Providing Information to Authorized Persons, Institutions and Organizations Conducting Management Activities Creation and Tracking of Visitor Records |
ANNEX 3 – Persons to whom Personal Data is Transferred and Purposes of Transfer
In accordance with Articles 8 and 9 of the Law, Bemfil Mensucat may transfer personal data of participants, customers and employees to the categories of persons listed below:
| Data transfer To whom it can be done |
Definition | Purpose and Scope of Data Transfer |
| Real persons or private legal entities |
Real or legal persons with whom Bemfil Mensucat has relationships and carries out transactions due to its activities | With the work and process carried out annoyed |
| Authorized Public Institutions and Organizations |
Social Security Institution, Tax Apartments etc. to the relevant legislative provisions information and information from gore Bemfil Mensucat Public institutions and organizations authorized to obtain documents organizations |
Relevant public institutions and Legal authority of their organizations limited to the purpose requested |
| Contracted service received, collaborating organizations |
Contracted service, cooperation organizations made |
Agreement and cooperation protocol limited to the principles |
| Supplier | Purpose and purposes of data processing to Bemfil Mensucat providing services in line with requests sides |
Bemfil Mensucat's exterior commercial activities from the source goods and services to fulfill provision of services limited to the purpose |
| Private Insurance Companies | Contracted BES Company | carried out within the scope of BES limited to notification |