KVKK

KVKK

BESLER FEED AND FLOUR INC.
PERSONAL DATA PROCESSING AND STORAGE POLICY

Effective Date: 28.01.2021



CONTENTS

CHAPTER I
PURPOSE, SCOPE AND DEFINITIONS

  • INTRODUCTION
  • PURPOSE OF THE POLICY
  • SCOPE OF THE POLICY
  • DEFINITIONS



CHAPTER II
ISSUES REGARDING THE PROCESSING OF PERSONAL DATA

  • PRINCIPLES TO BE FOLLOWED WHEN PROCESSING PERSONAL DATA
  • Processing in Compliance with Law and Integrity
  • Ensuring Personal Data Are Accurate and Up-to-Date When Necessary
  • Processing for Specific, Explicit, and Legitimate Purposes
  • Being Relevant, Limited and Proportionate to the Purpose for which they are Processed
  • Retention for as Long as Required for the Purpose for which they are Processed or Envisioned in the Relevant
  • Legislation
  • Enlightening and Informing Relevant Persons
  • PROCESSED PERSONAL DATA
  • PURPOSE OF PROCESSING PERSONAL DATA
  • PERSONAL DATA PROCESSING METHODS AND LEGAL REASONS
  • PERSONAL DATA PROCESSING ACTIVITIES IN THE BUILDING AND WORKING AREA AND PERSONAL DATA PROCESSING IN THE BUILDING AND WORKING AREA

CHAPTER III
MATTERS REGARDING THE TRANSFER OF PERSONAL DATA

  • LEGAL REASONS FOR THE TRANSFER OF PERSONAL DATA
  • PURPOSE OF TRANSFERRING PERSONAL DATA AND PERSONS WHO MAY BE TRANSFERRED TO


CHAPTER IV
STORAGE, PROTECTION AND DISPOSAL OF PERSONAL DATA

  • STORAGE AND DISPOSAL OF PERSONAL DATA
  • MEASURES TO ENSURE DATA SECURITY
  • KVKK COMMITTEE AND DATA PROTECTION OFFICER


CHAPTER V
PERSONAL DATA INVENTORY

  • GENERAL EXPLANATIONS REGARDING THE INVENTORY
  • PERSONAL DATA CATEGORIZATION AND DISCLOSURE



CHAPTER VI
RIGHTS OF PERSONAL DATA SUBJECT

  • RIGHTS OF THE DATA OWNER
  • USE OF THE DATA SUBJECT'S RIGHTS


CHAPTER VII
FORCE

  • EFFECTIVENESS AND UPDATING OF THE POLICY




    --------------------------------------------------------------------------------------------------------------------------
    TITLE OF DATA SPEAKER Beşler Yem ve Un A.Ş. Construction Contracting Tourism Furniture Petroleum Products Industry Trade Joint Stock Company
    ADDRESS OF DATA SUBJECT University Mahallesi Çat Yolu Caddesi No: 210/1 Şantiye Apt. YAKUTİYE/ERZURUM
    DATA SPEAKER MERSIS NUMBER 07200014668800013

    --------------------------------------------------------------------------------------------------------------------------

CHAPTER I
PURPOSE, SCOPE AND DEFINITIONS
1- INTRODUCTION

As the data controller Beşler Yem ve Un Anonim Şirketi (Beşler Yem ve Un A.Ş. or The Company); We attach importance to the protection of personal data of our business partners, shareholders, employees, interns, employee candidates, customers, suppliers, subcontractors, visitors and other real persons with whom we are in contact. This Policy and other policies published on our website http://www.beslerunyem.com.tr/ have been prepared for the processing and protection of personal data.

In accordance with the Law No. 6698 and the relevant legislation, Beşler Yem ve Un A.Ş. Necessary administrative and technical measures are taken.

For natural persons whose personal data are processed in this policy text; The terms Data Subject, Relevant Person or Personal Data Owner are used.

2- PURPOSE OF THE POLICY

The main purpose of this Policy is Beşler Yem ve Un A.Ş. To make explanations about the personal data processing activity carried out in accordance with the law and the systems adopted for the protection of personal data, in this context, our current and prospective employees, interns, employee candidates, customers, subcontractors, suppliers, visitors, Company officials and in cooperation. is to ensure transparency by informing our shareholders, employees and third parties of our business partner institutions, and to ensure that their personal data is processed and protected in accordance with legal regulations.


3- SCOPE OF THE POLICY
This Policy; Being part of an automated or any data recording system of our employees, interns, employee candidates, customers, suppliers (supplier employees and officials), subcontractors, visitors, Company shareholders and Company officials, shareholders and employees of the institutions we cooperate with, and third parties regarding all personal data processed by non-automatic means, provided that


4- DEFINITIONS

  • Contact Categories
  • Company Partner: Partners of the Company are natural persons.
  • Natural Person Business: Partners are natural persons, including subcontractors, with whom the Company has any business relationship.
  • Stakeholder, Official, Employee of the Company's Business Partners: are all real persons, including employees, Stakeholders and officials of real and legal persons (such as subcontractors, business partners, suppliers) with whom the Company has any business relationship.
  • Company Authorities: are members of the Board of Directors of the Company and other authorized real persons.
  • Employee/Trainee are real persons who perform services in the Company with an employment contract.
  • Employee Candidate: They are real persons who have applied for a job to the Company by any means or have opened their CV and related information to the Company's review.
  • Customers: are real persons who purchase goods and services from the Company.
  • Supplier, Supplier Employee, Officer and Shareholder: means natural persons who are shareholders, officials or employees of companies that provide goods and/or services to our Company, based on the current or prospective agreement with our Company.
  • Visitors: are all natural persons who enter the physical premises of the Company for various purposes or visit the websites for any purpose.
  • Third Party Real persons: excluding the Related Person categories mentioned above and Company employees.

The terms used in this Policy have the following meanings:


CHAPTER II

ISSUES REGARDING THE PROCESSING OF PERSONAL DATA

1- PRINCIPLES TO BE FOLLOWED WHEN PROCESSING PERSONAL DATA

In this Policy, the basic principles adopted by our company in the processing of personal data and written below will be included.

  • Processing personal data in accordance with the law and honesty rules
  • Keeping personal data accurate and up-to-date when necessary
  • Processing personal data for specific, explicit and legitimate purposes
  • Connected, limited and measured processing of personal data for the purpose for which they are processed to. Keeping personal data for as long as required by the relevant legislation or for the purpose for which they are processed.
  • Enlightening and informing the relevant persons
  • Creating the necessary infrastructure for the persons concerned to exercise their rights
  • Taking necessary measures to protect personal data
  • To act in accordance with the relevant legislation and KVK Board regulations in the determination and implementation of the processing purposes of personal data and transferring them to third parties
  • Processing and protection of special categories of personal data

Beşler Yem ve Un A.Ş. informs the relevant persons in accordance with Article 10 of the KVK Law and requests the consent of the data subjects in cases where consent is required, and processes these personal data on the basis of the following criteria.


Processing in Compliance with Law and Integrity

Beşler Yem ve Un A.Ş. provides transparency, information, warning, etc. brought by legal regulations in the processing of personal data. It acts in accordance with the principles of general trust and honesty. In accordance with the principle of being in compliance with the rule of integrity, the Company takes into account the interests and reasonable expectations of the data subjects while trying to achieve its goals in data processing.


Ensuring Personal Data Is Accurate and Up-to-Date When Necessary

Keeping personal data accurate and up-to-date, Beşler Yem ve Un A.Ş. is necessary for the protection of the fundamental rights and freedoms of the person concerned. The Company has an active duty of care to ensure that personal data is accurate and up-to-date when necessary. For this reason, all communication channels are open for the Company to keep the information of the person concerned accurate and up-to-date.


Processing for Specific, Explicit, and Legitimate Purposes

Beşler Yem ve Un A.Ş. clearly and precisely determines the legitimate and lawful personal data processing purpose. The Company processes as much personal data as is necessary for and in connection with the commercial activity it carries out.


Being Related to the Purpose for which they are Processed, Limited and Measured

Beşler Yem ve Un A.Ş. processes personal data within the scope of the purposes related to its field of activity and necessary for the conduct of its business. For this reason, the Company processes personal data in a way that is suitable for the realization of the determined purposes and avoids the processing of personal data that is not related to the realization of the purpose or is not needed. For example, personal data processing activities are not carried out to meet the needs that may arise later. to. Retention for the Time Required for the Purpose of Processing or Envisioned in the Relevant Legislation

Beşler Yem ve Un A.Ş. retains personal data only for as long as required by the relevant legislation or for the purpose for which they are processed. In this context; First of all, the company determines whether a period is foreseen for the storage of personal data in the relevant legislation, if a period is determined, it acts in accordance with this period. is stored for the specified time. The Company takes the retention periods in the personal data inventory as a basis, and at the end of the periods specified here, personal data is deleted, destroyed or anonymized according to the nature of the data and the purpose of use, within the framework of the obligations under the Law.


Enlightening and Informing Relevant Persons

Beşler Yem ve Un A.Ş.; In accordance with Article 10 of the KVK Law, it enlightens the personal data owners during the acquisition of personal data. In this context, the Company provides information about the identity of the data controller, the identity of its representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method of personal data collection and the legal reason, according to the nature of the person concerned and the data processing process. is doing. In this context, Illumination Texts have been placed in areas that people can see easily and in areas that can be seen by visitors on the Company campus. On the Beşler Yem ve Un A.Ş website, along with this Policy, the Data Processing, Storage and Disposal Policy, a clarification text for parents/students, employees and guests, a cookie policy, and an application form have also been published.

2- PROCESSED PERSONAL DATA

Your Personal Data collected by our company varies according to the nature of the relationship with our Company and legal obligations. Your Personal Data collected can be listed as follows.


Identity Information: The person concerned, to vary as necessary; T.R. All data contained in documents such as identity card, passport, driver's license, professional card, identity record sample containing identity number, name, surname, passport number, mother and father's name, place of birth, date of birth, gender, photograph and similar information.
Contact Information: E-mail address, telephone number, mobile phone number, fax number, address, etc. personal data
Location Information: Information that determines the location of the employees while using company vehicles; GPS location data.
Personal Information: All kinds of personal data required for the recruitment of company employees and the creation of personal files afterwards
Family Members and Close Information Identity information: data about the children, spouses, parents of the data owner regarding the employee and employee candidates

Legal Action and Compliance Information Personal data: that is legally required to process or has an interest in processing for the Company's request or performance of its contractual or legal rights or debts or for the resolution of contractual disputes
Customer Transaction Information: Information such as records regarding the use of products and services, and instructions and requests required by the customer for the use of products and services.
Physical Space Security Information: Entry-exit records, visit information, camera records, etc. to the Company and work areas. personal data
Transaction Security Information: IP address records, log records, port information, etc., processed to ensure the technical, administrative, legal and commercial security of the Company. personal data
Risk Management Information: Personal data processed so that the Company can control its commercial, technical, administrative and legal risks

Financial Information: Personal data processed for information, documents and records showing all kinds of financial results created according to the nature of the legal relationship the Company has established with the person concerned, and data such as bank account number, IBAN number, credit card information, income information.
Professional Experience Information: Information on the education and professional qualification history of employees, candidates.
Audio-Visual Records: Photographs, camera recordings, audio recordings, etc., belonging to an identified or identifiable person. personal data
Employee Candidate Information: All kinds of data (for example, identity information, education information, professional experience, interview notes, contact information, etc.)
Performance and Career Evaluation Information: All kinds of personal data included in the reports prepared for the Company to measure the performance of its employees and to plan their career development.
Audit and Inspection Information: Personal data processed within the scope of compliance with the company's legal obligations and company policies
Reputation Management Information Information collected for the purpose of protecting the commercial reputation of the company, evaluation and activity reports

Request/Complaint Management Information: Receiving all kinds of requests and complaints directed to the Company, and personal data included in the reports prepared by the relevant units and evaluated.
Special Qualified Personal Data: Health data (employment health reports, periodic examination reports, reports on disability status, etc., information on criminal convictions and security measures)
Other Information: Employees' body size information (height, weight, shoe size, clothing size in order to be a basis for the safety equipment to be provided in accordance with the occupational health and safety legislation)

The listed Personal Data types do not cover all your processed data, and similar types of Personal Data can be processed by our company.


3- PURPOSE OF PROCESSING PERSONAL DATA

Main Purposes Sub-Aims

Planning and Execution of Human Resources Processes:

  • Carrying out the processes of employee entry and exit, creation of personnel file for employees
  • Execution of fringe benefits and benefits processes for employees
  • Fulfillment of obligations arising from employment contracts and legislation for employees
  • Execution of employee performance evaluation processes
  • Conducting talent/career development activities
  • Execution of employee satisfaction and loyalty processes
  • Conducting intern admission and training processes
  • Execution of application, selection and placement processes of employee candidates
  • Execution of assignment processes
  • Foreign personnel work and residence permit procedures

Ensuring the Company's Commercial Continuity and Execution and Supervision of Business Activities:

  • The Company's execution of contractual processes with people with whom it has business relation.
  • Carrying out communication activities with the persons with whom the Company has business relations
  • Execution of finance and accounting works
  • Carrying out business continuity activities
  • Carrying out the processes of creating the wage policy
  • Execution of goods/services production and operation processes
  • Execution of marketing processes of products/services
  • Execution of marketing analysis studies
  • Execution of goods/services purchasing processes
  • Execution of goods/services sales processes
  • Execution of after-sales support services for goods/services
  • Execution of customer relationship management processes
  • Carrying out activities for customer satisfaction
  • Execution of company/product/service commitment processes
  • Execution of logistics activities
  • Execution of organization and event management processes
  • Execution of investment processes
  • Execution of supply chain management processes
  • Execution of advertising/campaign and promotion processes

Carrying out the Company's Activities to Ensure Physical, Transactional and Legal Security Execution of information security processes:

  • Execution of emergency management processes
  • Execution of risk management processes
  • Execution of occupational health and safety activities
  • Carrying out activities to take and evaluate measures and suggestions for the improvement of business processes
  • Execution of physical space security activities
  • Creating and tracking visitor records
  • Carrying out activities to ensure the safety of movable goods and resources
  • Carrying out activities to ensure the security of the operations of the data controller

Execution of Activities Related to the Company's Use of Administrative Duties and Authorities:

  • Execution of audit/ethical activities
  • Use/execution of access privileges
  • Carrying out internal audit/investigation and intelligence activities
  • Execution of strategic planning activities
  • Execution of storage and archiving activities
  • Follow-up of requests and complaints

Execution of Legal Affairs of the Company:

  • Follow-up and execution of legal affairs
  • Execution of activities in accordance with the legislation
  • Execution of legal compliance activities
  • Providing information to authorized persons, institutions and organizations

Other:

  • Carrying out other social responsibility and civil society activities
  • Execution of sponsorship activities


4- PERSONAL DATA PROCESSING METHODS AND LEGAL REASONS

Within the scope of the commercial, legal, contractual or otherwise established relationship between the Company and the Related Person; Within the framework of the purposes stated in detail below and based on the reasons for compliance with the law in the second paragraph of Article 5 of the Law No. 6698 or in the absence of such a reason, based on the express consent; Personal Data can be collected and processed by the Company directly from the person concerned in electronic or physical media. Necessary details in this regard are specified in the illumination texts prepared separately for each data subject and presented to the data subjects in physical and electronic environments (Web site illumination texts, Customer, Supplier / Business partner illumination text, Personnel/Personnel Candidate illumination text, Visitor Illumination text, etc.).

At least one of the following issues is accepted as the legal basis for data processing.

a. It is stipulated in the legislation to which the company is subject,
b. Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract, to be able to provide the requested products and services or to fulfill the requirements of the concluded contracts,
c. Data processing is mandatory for the Company to fulfill its legal obligations,
d. It has been made public by the person concerned,
to. Data processing is mandatory for the establishment, exercise or protection of a right as required by the Company's legislation or internal practice,
f. Data processing is necessary for the Company's legitimate interests, provided that it does not harm the fundamental rights and freedoms of the person concerned,
g. The express consent of the Data Subject.

The express consent of the data subject is only one of the legal bases that makes it possible to process personal data in accordance with the law. Except for express consent, personal data may be processed in the presence of one of the conditions specified in the law. The basis of the personal data processing activity can be only one of the conditions stated below, or more than one of these conditions can be the basis of the same personal data processing activity.


Legal terms of processing personal data; We will try to explain with the examples given below.

Conditions of Processing of Personal Data Explanation and Examples

In accordance with the Law: some legal regulations order the processing of personal data.
Sample
Labor Legislation, Tax Legislation orders personal information of employees to be kept on record.

In accordance with the Performance of the Contract: Contracts generally impose debts/performances on both parties. In order for one party to fulfill its obligation, the other party needs to process some personal data.
Sample
Such as saving your delivery address information so that a purchased goods can be delivered.

Actual Impossibility: A person who cannot give consent due to actual impossibility, or who does not have the power to discern.
Sample
Contact or address information of the unconscious person. Location information of a kidnapped person.
Legal of Data Controller

Legal of Data Controller Responsibility: Companies are inspected by government agencies and other competent authorities in accordance with legal regulations.
Sample
Since our company is subject to financial audit and audit related to working life in accordance with legal regulations, it is also obliged to record the personal information stipulated by these regulations.
Making It Public: Bringing Publicity The person concerned presents his/her information to the public.
Sample
Announcement of the contact information of the person to be reached in case of emergency.
Establishment, Protection of Right: Exercise There are situations where an existing right needs to be established and protected. In such cases, documents and information required by the legislation are needed in order to exercise legal rights.
Sample
At the stage of filing a lawsuit, the defendant's name, surname, T.C. Such as notifying the identity number and address and submitting information and documents to the court that will help resolve the dispute. It also becomes obligatory to keep the necessary information about an employee leaving the job during the statute of limitations.
Legitimate Interest: Data may be processed if it is necessary for the legitimate interest of the data controller, provided that the fundamental rights of the data subject are not harmed.
Sample
Data processing for the purpose of applying rewards and bonuses that increase employee loyalty.


Beşler Yem ve Un A.Ş. In accordance with Article 20 of the Constitution and Article 4 of the KVK Law, regarding the processing of personal data; carries out personal data processing activities in a limited and measured manner in accordance with the law and honesty rules, accurately and, when necessary, for up-to-date, specific, clear and legitimate purposes. Beşler Yem ve Un A.Ş., retains personal data for as long as required by law or for the purpose of processing personal data.

Beşler Yem ve Un A.Ş., personal information of its customers, employees, business partners, visitors, supplier company employees and third parties; It processes information such as identity information (name, surname, T.R. identity number, gender, age, date of birth), contact information (e-mail address, telephone number, address information), visual and audio data in accordance with the processing conditions ordered by the law in accordance with the examples given above. . In the absence of one of the conditions listed in paragraph 2 of Article 5 of the Law, the express consent specified in paragraph 1 of Article 5 of the Law operates on the basis of legal grounds.

5- PERSONAL DATA PROCESSING ACTIVITIES IN BUILDINGS AND WORK AREAS AND IN BUILDINGS AND WORK AREAS

Beşler Yem ve Un A.Ş. Beşler Yem ve Un A.Ş. In its buildings and facilities, personal data processing activities are carried out for monitoring the entrance and exit of guests with security cameras. The basis of both activities is the Legitimate Interest principle specified in the 2nd paragraph of Article 5 of the Law.

Beşler Yem ve Un A.Ş. While obtaining the identity data of the people who come to their buildings or Beşler Yem ve Un A.Ş. In this context, the personal data owners are enlightened through the texts that are posted on the website or made available to the guests in other ways. The data obtained for the purpose of tracking guest entry-exit is processed only for this purpose and the relevant personal data is recorded in the data recording system in the physical environment.

Beşler Yem ve Un A.Ş. within the scope of monitoring activity with security cameras; It aims to protect the interests of the company and other persons in order to ensure their safety. This monitoring activity is carried out in accordance with the Law on KVKK and Private Security Services and the relevant legislation. In this context, the information that camera monitoring is performed is announced to all employees and visitors, and people are enlightened. Notifications are posted at the entrances of the monitoring areas. Beşler Yem ve Un A.Ş takes necessary technical and administrative measures to ensure the security of personal data obtained as a result of camera monitoring in accordance with Article 12 of the KVK Law.


CHAPTER III
MATTERS REGARDING THE TRANSFER OF PERSONAL DATA

1- LEGAL REASONS FOR PERSONAL DATA TRANSFER

Beşler Yem ve Un A.Ş. may transfer the personal data of the personal data subject to third parties by taking the necessary security measures in line with the purposes of processing personal data in accordance with the law. The reasons for the transfer are explained below:

a. If there is a clear regulation in the law regarding the transfer of personal data,
b. If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
c. If personal data transfer is necessary to fulfill its legal obligation,
d. If personal data transfer is necessary for the establishment, exercise or protection of a right,
e. If personal data transfer is necessary for Honda's legitimate interests, provided that it does not harm the fundamental rights and freedoms of the person concerned.

2- PURPOSE OF TRANSFERRING PERSONAL DATA AND PERSONS TO WHOM DATA MAY BE TRANSFERRED

The groups of persons to whom personal data are transferred in accordance with Article 10 of the KVK Law and the stakeholder categories, scope of transfer and data transfer purposes in accordance with Articles 8 and 9 of the KVK Law are indicated in the table below:

Business Partner: Parties with whom the Company has established business partnerships, including subcontractors, for purposes such as the execution of commercial activities,

It can be used on a limited basis in order to ensure the fulfillment of the purposes of establishment of the business partnership.

The parties providing services: to the Company on a contractual basis, in accordance with the Company's orders and instructions, within the scope of the conduct of the Company's commercial activities.

It can be used on a limited basis to ensure that the services that the Company outsources from the supplier and that are necessary to carry out the Company's commercial activities are provided to the Company. Bank, Insurance company, Travel Agency, Event Agency, Service, Cargo, Training Companies, companies that receive services for sending SMS and E-mail.
Affiliates: Companies of which the Company is a shareholder

It can be used limited to ensuring the execution of commercial activities that require the participation of the Company's affiliates.
Company Stakeholders: Company's shareholders

It can be used limited to the purposes of the activities carried out by the Company within the scope of company law, event management and corporate communication processes.
Company officials
Company's natural persons authorized to sign:

It can be used for the purposes of designing the strategies of the Company's commercial activities, ensuring the highest level of management and auditing purposes.
Legally Authorized Public Institutions and Organizations:
Public institutions and organizations authorized to receive information and documents of the Company in accordance with the provisions of the relevant legislation

It can be used limitedly for the purpose requested by the relevant public institutions and organizations within the legal authority.
Legally Authorized Private Law:
Contacts
Private law persons authorized to receive information and documents from the Company in accordance with the provisions of the relevant legislation

It can be used in a limited manner for the purpose requested by the relevant private legal persons within the scope of their legal authority.


CHAPTER IV
STORAGE, PROTECTION AND DISPOSAL OF PERSONAL DATA

1- STORAGE AND DISPOSAL OF PERSONAL DATA

The personal data we obtain are securely stored in physical or electronic media for a limited period of time in order to carry out the Company's activities. The company acts in accordance with the obligations in all relevant legislation, especially the KVKK, regarding the protection and storage of the personal data it obtains.

Our company attaches great importance to the protection of sensitive personal data due to the risk of causing discrimination and victimization of individuals. These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

Technical and administrative measures taken to protect sensitive personal data are carefully implemented and necessary audits are provided. Personnel who can access sensitive personal data are provided with necessary training, the scope and duration of access authorization of these personnel are determined, periodic audits are carried out and confidentiality agreements are signed. If the relevant personnel leaves the job, the access authorization is immediately revoked.

Our company determines the storage periods of personal data by taking into account the legislation in force and the purposes of processing the data subject to the process. In this context, legal obligations and statute of limitations regarding Personal Data Processing are taken into account. In accordance with Article 7 of the KVKK and the provisions of other relevant legislation, in case the reasons for processing the processed personal data disappear, personal data is deleted, destroyed or anonymized upon the decision of the Company, its periodic control and/or the request of the person concerned.

Personal data transmitted to us by any means in error or when it is understood that the will of the person concerned does not lead to express consent is immediately destroyed by our Company with methods in accordance with the Law.

Our company will not keep personal data longer than necessary, in connection with the reason for data collection, in a way that will allow the identification of the data subject.

Our company may store personal data for a longer period of time only for public benefit, scientific or historical research or statistical purposes, by taking appropriate technical and organizational measures in order to protect the rights and freedoms of the data owner and to ensure data security.

The criteria used to determine this period, including the retention period for each category of personal data and the legal obligations that the Company has to keep the data, are specified in our Company's Personal Data Retention and Disposal Policy and will be applied in all cases.

2- MEASURES TO ENSURE DATA SECURITY

Beşler Yem ve Un A.Ş. takes the necessary technical and administrative measures to ensure the level of security in order to prevent the unlawful processing of the personal data it processes and to ensure the preservation of the data, and in this context, it makes or has the necessary inspections made.

Beşler Yem ve Un A.Ş. The measures taken to ensure data security in accordance with Article 12 of the KVK Law are summarized below. You can find detailed information on the Administrative and Technical Measures taken in our Personal Data Retention and Disposal Policy.

• Employees are informed that they cannot disclose the personal data they have learned to others in violation of the provisions of the KVKK and cannot be used for purposes other than processing, and that this obligation will continue after they leave their job, and necessary commitments are taken from them in this direction.

• The obligations that our institution has to comply with when processing personal data as a data controller and the obligation to comply with the legal, administrative and technical measures developed in this regard.

• Our institution carries out or has had the necessary inspections done within its own body. The results of these audits are reported to the relevant department within the scope of the internal functioning of the Institution and necessary activities are carried out to improve the measures taken.

• Our Institution operates the system that ensures that the personal data processed in accordance with Article 12 of the KVK Law is obtained by others illegally, and this situation is reported to the relevant personal data owner and the KVK Board as soon as possible.

3- KVKK COMMITTEE AND DATA PROTECTION OFFICER

Within the framework of KVKK and in the process of compliance with this law, a KVK Committee has been established within our Company. Committee;

a. To ensure the effective implementation of the personal data protection and compliance program stipulated by the policy,
b. To make the necessary assignments and to coordinate within the activities for the implementation of the KVK Policy,
c. To determine the issues that need to be done in order to ensure compliance with the personal data protection legislation and to inform the management, to express an opinion on this subject spontaneously or upon request, or to take the necessary actions to obtain an expert opinion on the subject,
d. To raise awareness within the body of our Company and the institutions with which our Company cooperates on legislation and information security issues within the scope of protection of personal data, and to provide the necessary trainings for our Company employees who process personal data,
to. To maintain and follow up the necessary communication with public institutions and private organizations for the protection of personal data, especially the KVK Authority and the KVK Board,
f. To manage the applications of personal data owners, to make a final decision on them and to ensure that the applications are responded to in a timely manner,
g. To ensure that the personal data processing inventory of our company is kept up-to-date and the necessary notifications are made to the data controllers registry,
h. Ensuring that the necessary records are kept to prove our Company's compliance with the personal data protection legislation within the scope of the KVK Policy,
I. To examine significant cases in terms of data security, to identify and implement or have them enforced the necessary measures to minimize the risks that may arise on personal data owners and our Company, to ensure that the necessary notifications are made to the personal data owners and the KVK Board,
j. To ensure that the KVK Policy reflects the requirements of legal, technological and organizational changes, to ensure that our Company is informed of such changes in a timely manner,
k. To ensure that the KVK Policies are reviewed periodically and that the proposed changes are submitted to the management's approval along with their justifications,
l. He is obliged to fulfill other duties assigned to him by our Company within the scope of KVKK.

Data protection officers are “departmental managers”. The senior employee at the head of each department is designated as the "Department Data Protection Officer".

It is also the responsibility of the Department Data Protection Officer to supervise whether each employee in the relevant department fulfills their duties and responsibilities within the scope of the Regulation, to raise awareness of Personal Data among new recruits, and to inform department employees about the developments in the protection of Personal Data.


CHAPTER V
PERSONAL DATA INVENTORY

1- GENERAL EXPLANATIONS ON INVENTORY

At Beşler Yem ve Un A.Ş, in line with the Company's legitimate and lawful personal data processing purposes, based on and limited to one or more of the personal data processing conditions specified in Article 5 of the KVKK, in particular in Article 4 regarding the processing of personal data. In cooperation with the personal data owners within the scope of this Policy (employee candidates, employees, customers, interns, suppliers, business partners including subcontractors/subcontractors, including the principles set forth in the KVK Law and all obligations set forth in the KVK Law). Employees of the institutions we are affiliated with, visitors, third parties), personal data in the categories specified below are processed by informing the relevant persons.

Beşler Yem ve Un A.Ş., has created a personal data inventory in accordance with the Data Controllers Registry Regulation issued by the Personal Data Protection Authority. This data inventory includes data categories, data source, data processing purposes, data processing process, recipient groups to which data is transferred, and retention periods. In this context, Beşler Yem ve Un A.Ş. Personal data inventory includes, but not limited to, the following categories of data.


2- PERSONAL DATA CATEGORIZATION AND DISCLOSURE

Identity Information: Belonging to an identified or identifiable natural person; name-surname, T.C. identity number, place of birth, date of birth, gender, identity card and passport number, tax number, SGK number, etc. informations.

Contact Information: Belonging to an identified or identifiable natural person; information such as telephone number, address, e-mail address, fax number.
Location Information: Information that determines the location of the relevant person while using Company vehicles within the framework of the operations carried out by the Company's business units; GPS location data.
Transaction Security Information: Data such as IP address, log records, computer password, internet access records of the data subject.
Physical Space Security Information: Personal data regarding the records and documents taken at the entrance to the physical spaces of the Company, during the stay in the physical space; camera recordings and recordings taken at the security point, etc.
Financial Information: Personal data processed for information, documents and records showing all kinds of financial results created according to the type of legal relationship the Company has established with the Related Person, and data such as bank account number, IBAN number, credit card information, income information.
Audio/Visual Information: belonging to an identified or identifiable natural person; data consisting of photographs and camera recordings, audio recordings obtained through the call center.
Personnel Information: All kinds of personal data processed for obtaining information that will form the basis for the formation of personal rights of real persons who are in a working relationship as a personnel in accordance with the service contract established with the Company.
Education and Occupation Data Information: about the work and educational background of employees, candidates, customers and potential customers.

Legal Transaction Information: Data processed within the scope of the determination and follow-up of the legal receivables and rights of the Company and the performance of its debts and legal obligations.
Customer Transaction Information: Information such as records for the use of products and services, and instructions and requests required for the use of the customer's products and services.
Marketing Data: Personal data processed for the marketing of products and services by customizing them in line with the usage habits, tastes and needs of the Relevant Person, and the reports and evaluations created as a result of these processing results.
Special Quality Personal Data: are data specified in Article 6 of the Law and whose processing and protection are subject to more special conditions (for example: health data, criminal conviction data, etc.).
Asset Data: It is the data group containing the assets owned by the person (Deed photocopy/scan, vehicle license photocopy/scan

Beşler Yem ve Un A.Ş. Beşler Yem ve Un A.Ş. Prepared Personal Data Inventory.

Beşler Yem ve Un A.Ş. has determined the retention periods together with their legal bases in the Personal Data Retention and Disposal Policy.

CHAPTER VI
RIGHTS OF PERSONAL DATA SUBJECT

1- RIGHTS OF THE DATA SUBJECT

Beşler Yem ve Un A.Ş. In accordance with Article 13 of the KVK Law, the Personal Data Application and Response Procedure, which is an annex to the personal data inventory, as a data controller against the requests of the data subjects, and for applications that do not meet the application conditions specified in the Law, procedures have been established for directing to a written template. Technical preparations have been made in order to carry out the necessary actions in accordance with these procedures. There is a systemic infrastructure within Honda to ensure the implementation of this procedure.

Requests of personal data owners regarding their rights listed below; By personal application with presentation of identity, in writing or by registered electronic mail (KEP) address, secure electronic signature, mobile signature or by the person concerned, Beşler Yem ve Un A.Ş. will respond to the request free of charge within thirty days at the latest, depending on the nature of the request.

Personal data owners will be able to claim all the rights in the relevant article of the Law, including all processing processes, purposes and transfer information of their personal data, with their application in accordance with this procedure.

2- USE OF THE DATA SUBJECT'S RIGHTS

Personal data owners;
• Learning whether personal data is processed or not,
• If personal data has been processed, requesting information about it,
• To learn the purpose of processing personal data and whether they are used in accordance with the purpose,
• Knowing the third parties to whom personal data is transferred in the country or abroad,
• Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
• Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing have disappeared, although it has been processed in accordance with the provisions of the KVKK and other relevant laws, and requesting the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
• Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
• It has the right to demand the compensation of the damage in case of loss due to unlawful processing of personal data.
Personal data owners will be able to submit their requests regarding their rights specified in this Policy to Beşler Yem ve Un A.Ş, free of charge, by filling out and signing the Application Form, with the information and documents that will identify them and using the methods specified below or other methods determined by the Personal Data Protection Board. However, if a fee is stipulated by the Personal Data Protection Board, Beşler Yem ve Un A.Ş. The fee determined by the tariff will be charged.

In order for the application to be accepted as a valid application, in accordance with the Communiqué on Application Procedures to the Data Controller, the relevant person must;

a. Name, surname and signature if the application is written,
b. For citizens of the Republic of Turkey, T.C. identification number, nationality for foreigners, passport number or identification number, if any,
c. Domicile or workplace address for notification,
d. If available, the e-mail address, telephone and fax number for notification,
to. Demand,

It is mandatory to indicate the information. Otherwise, the application will not be considered as a valid application. In the applications to be made without filling out the application form, the issues listed here must be conveyed completely.

In line with these rights, applications can be made by filling out the application form on the website of Beşler Yem ve Un A.Ş. Beşler Yem ve Un A.Ş. It must be delivered to Beşler Yem ve Un A.Ş. may request additional verifications (such as sending a message to your registered phone, calling) in order to determine whether the application belongs to you and thus to protect your rights. In case the application is made by third parties on behalf of personal data owners, a special power of attorney issued by the data owner to the person who will apply is required.

Your request, which includes the necessary information identifying your identity to exercise your above-mentioned rights, and your explanations regarding your right that you request to exercise from the rights specified in Article 11 of the KVKK; Fill in the application form and send a signed copy of the form to Organize Sanayi Bolgesi 1.Cad. 4.Sok No:5, 25700 Aziziye/Erzurum, you can personally send the documents identifying your identity to the address, send it through a notary public or other methods specified in the KVKK, or send the relevant form to suhut.tosun@beslerunyem.com.tr or besler.gida@hs03. You can send it to kep.tr with a secure electronic signature.
In the event that your application is not answered within 30 calendar days, which is considered appropriate within the scope of the law, or in the event that your application is rejected and you find the response to your application insufficient, as the relevant person, 30 days from the date you learn the reply of Beşler Yem ve Un A.Ş. and in any case following the application date. You can file a complaint with the Personal Data Protection Board within 60 calendar days.


CHAPTER VII
FORCE

1- ENFORCEMENT AND UPDATING OF THE POLICY

The most recent policy is considered in effect until the most current version is published. If the policy is deemed necessary by the company, the necessary sections are updated.

This policy entered into force on 28.01.2021.

Top