Personal Data Protection Privacy Policy

Privacy Policy

PERSONAL DATA RETENTION AND DESTRUCTION POLICY

 

1. PURPOSE

The purpose of this policy is to provide explanations about the personal data processing activities carried out lawfully by our Company and the systems adopted regarding the protection of personal data, to ensure transparency by informing the persons whose personal data is processed by our Company including students, staff, job candidates, our officials, visitors, employees, shareholders and officials of the institutions we cooperate with, and third parties; to check whether valid reasons exist for storing processed personal data; and to destroy personal data for which the reason for storage has disappeared.

2. SCOPE

This policy covers all personal data processed through automatic or non-automatic means, provided that they form part of any data recording system, belonging to students, staff, job candidates, our officials, visitors, employees, shareholders and officials of institutions we cooperate with, and third parties. The application scope of this policy regarding personal data owner groups mentioned above may be the entire policy or only some provisions (e.g. only our visitors).

3. REFERENCES

3.1. Law on the Protection of Personal Data No. 6698 dated 24 March 2016, published in the Official Gazette dated 7 April 2016 and numbered 29677.

4. RESPONSIBILITIES

4.1. The Board of Directors is responsible for enforcing this document.

4.2. The Quality and HSE Directorate is responsible for preparing and updating this policy.

5. DEFINITIONS

I. Explicit consent: Consent that is related to a specific subject, based on information and declared with free will.

II. Recipient group: The category of real or legal persons to whom personal data is transferred by the data controller.

III. Anonymization: Changing personal data so that it loses its nature as personal data and this situation cannot be reversed. Example: making personal data unrelatable to a real person through techniques such as masking, aggregation, data corruption.

IV. Application form: The application form to be used by personal data subjects to exercise their rights, explaining the method of application linked above within the scope of this policy, namely the “Application Form Regarding Applications to be Made to the Data Controller by the Data Subject Pursuant to Law No. 6698”.

V. Employee candidate: Real persons who have applied to our Company for a job or internship by any means or who have opened their CVs and relevant information for our Company's review.

VI. Direct identifiers: Identifiers that alone reveal, disclose and distinguish the person they relate to.

VII. Indirect identifiers: Identifiers that, together with other identifiers, reveal, disclose and distinguish the person they relate to.

VIII. Relevant user: Real or legal persons who process personal data within the organization of the data controller or under the authority and instructions received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of data.

IX. Destruction: Deletion, destruction or anonymization of personal data.

X. Employees, shareholders and officials of institutions we cooperate with: Real persons working at institutions with which our Company has any kind of business relationship (such as business partners and suppliers, but not limited to these), including the shareholders and officials of these institutions.

XI. Business partner: Parties with whom our Company forms a business partnership while conducting its activities.

XII. Redaction: Drawing lines over, painting or blurring personal data in a way that prevents the data from being related to an identified or identifiable real person while preserving the integrity of the data.

XIII. Recording medium: Any medium in which personal data processed through fully or partially automatic or non-automatic means, provided that it is part of any data recording system, is located.

XIV. Processing of personal data: Any operation performed on data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making obtainable, classifying or preventing the use of personal data through fully or partially automatic means or non-automatic means, provided that it is part of a data recording system.

XV. Personal data: Any information relating to an identified or identifiable real person. Therefore information on legal entities is not within the scope of the Law. For example: name and surname, ID number, e-mail, address, date of birth, credit card number etc.

XVI. Personal data subject: The real person whose personal data is processed. For example students and staff.

XVII. Personal Data Retention and Destruction Policy: The policy used as the basis by the data controller to determine the maximum period personal data will be kept and for deletion, destruction and anonymization operations.

XVIII. Masking: Removing certain fields of personal data in a way that prevents it from being related to an identified or identifiable real person by deleting, crossing out and starring such fields.

XIX. Student/Staff: Real persons to whom transportation service is provided by our Company's vehicles.

XX. Special categories of personal data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

XXI. Company official: The Board of Directors and other authorized real persons.

XXII. Supplier: Parties that provide services to our Company based on a contract and in accordance with our Company's instructions while conducting our Company's activities.

XXIII. Third party: Real persons whose personal data is processed within the scope of this policy and who are not defined differently within this policy (e.g. guarantor, companion, family members and relatives).

XXIV. Data processor: Real or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller. For example, the cloud computing company that holds our Company's data or the call-center company conducting searches within scripts.

XXV. Data recording system: The recording system in which personal data is processed by structuring according to specific criteria.

XXVI. Data controller: The person who determines the purposes and means of processing personal data and manages the place where the data is kept (data recording system).

XXVII. Visitor: Real persons who enter the physical premises owned by our Company for various purposes, participate in our events or visit our websites.

XXVIII. PDPL: Law on the Protection of Personal Data No. 6698, published in the Official Gazette dated 7 April 2016 and numbered 29677.

XXIX. EU: European Union.

XXX. Constitution: The Constitution of the Republic of Turkey dated 7 November 1982 and published in the Official Gazette dated 9 November 1982 and numbered 17863.

XXXI. Personal Data Protection Board: The Personal Data Protection Board.

XXXII. Personal Data Protection Authority: The Personal Data Protection Authority.

XXXIII. Policy: Kube Pompa Personal Data Retention and Destruction Policy.

XXXIV. Company/Our Company: Kube Pompa Teknolojileri Sanayi Ticaret A.S.

XXXV. Turkish Code of Obligations: Turkish Code of Obligations No. 6098 dated 11 January 2011 and published in the Official Gazette dated 4 February 2011 and numbered 27836.

XXXVI. Turkish Penal Code: Turkish Penal Code No. 5237 dated 26 September 2004 and published in the Official Gazette dated 12 October 2004 and numbered 25611.

XXXVII. Turkish Commercial Code: Turkish Commercial Code No. 6102 dated 13 January 2011 and published in the Official Gazette dated 14 February 2011 and numbered 27846.

6. BASIC PRINCIPLES

6.1. Protecting personal data is among the most important priorities of our Company. An important pillar of this is the protection and processing of the personal data of students, staff, job candidates, our officials, visitors, employees, shareholders and officials of institutions we cooperate with, and third parties, which is governed by this policy.

According to the Constitution of the Republic of Turkey, everyone has the right to demand the protection of personal data concerning him or her. Our Company shows the utmost care to protect the personal data of students, staff, job candidates, our officials, visitors, employees, shareholders and officials of institutions we cooperate with, and third parties managed by this policy and makes this a Company policy.

Within this scope, the necessary administrative and technical measures are taken by our Company to protect personal data processed in accordance with the relevant legislation. In cases of conflict between this policy in Turkish and any translation, the Turkish text shall prevail.

This policy provides detailed explanations on the fundamental principles adopted by our Company in processing personal data listed below:

6.1.1. Processing personal data in accordance with law and the rule of honesty,

6.1.2. Keeping personal data accurate and up to date when necessary,

6.1.3. Processing personal data for specific, explicit and legitimate purposes,

6.1.4. Processing personal data that is relevant, limited and proportionate to the purpose for which they are processed,

6.1.5. Keeping personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed,

6.1.6. Informing and enlightening personal data subjects,

6.1.7. Establishing the necessary system for personal data subjects to exercise their rights,

6.1.8. Taking necessary measures for the preservation of personal data,

6.1.9. Acting in accordance with the relevant legislation and Personal Data Protection Board regulations in transferring personal data to third parties in line with the requirements of the purpose of processing,

6.1.10. Showing the necessary sensitivity in processing and protecting special categories of personal data,

6.1.11. Destroying personal data when the purposes of retention disappear in accordance with the legislation.

7. METHOD

7.1. APPLICATION OF THE POLICY AND RELEVANT LEGISLATION

Legal regulations in force on the processing, protection and destruction of personal data shall primarily apply. In case of conflict between the legislation in force and this policy, our Company accepts that the legislation in force will apply.

This policy is prepared by concretizing the rules set out by the relevant legislation within the scope of our Company's practices. Our Company is conducting the necessary system and preparations to act in accordance with the implementation periods stipulated in the PDPL (see Annex-1).

7.2. EFFECTIVENESS OF THE POLICY

This policy issued by our Company is dated 29.12.2017. If the entire policy or certain articles are renewed, the effective date of the policy will be updated.

The policy is published on our Company's website (29.12.2017) and is made available to personal data subjects upon request.

7.3. ISSUES REGARDING THE PROTECTION OF PERSONAL DATA

In accordance with Article 12 of the PDPL, our Company takes the necessary technical and administrative measures to prevent personal data from being processed unlawfully, to prevent unlawful access to personal data and to ensure their safekeeping at an appropriate security level, and conducts or has conducted necessary inspections within this scope.

7.3.1. ENSURING THE SECURITY OF PERSONAL DATA

Our Company takes the necessary legal, technical and administrative measures regarding data security on the issues listed below and shows the utmost care and attention in this regard. Actions and measures taken by our Company to ensure “data security” in accordance with Article 12 of the PDPL are listed below.

7.3.1.1. Our Company takes technical and administrative measures according to technological capabilities and implementation cost to ensure the lawful processing of personal data. Employees are informed that they cannot disclose personal data they have learned to anyone in violation of the PDPL provisions and cannot use it for purposes other than processing and that this obligation will continue after leaving their position; necessary undertakings are obtained accordingly.

7.3.1.2. Our Company takes technical and administrative measures according to technological capabilities and implementation cost to prevent personal data from being disclosed, accessed, transferred or otherwise unlawfully accessed due to negligence or without authorization. Our Company increases awareness among data processors such as business partners and suppliers to whom it has transferred personal data on preventing unlawful processing, unlawful access and ensuring lawful preservation of personal data.

7.3.1.3. The obligation to comply with the legal, administrative and technical measures that our Company, as data controller, is obliged to follow while processing personal data is contractually imposed on data processors such as suppliers and business partners with whom the Company has relations, in a manner consistent with the nature of the data processing activity.

7.3.1.4. Our Company takes necessary technical and administrative measures according to technological capabilities and implementation cost to ensure that personal data is stored in secure environments and to prevent unlawful destruction, loss or alteration. Personal data processed by our Company is stored in backup units in line with these measures.

7.3.1.5. Our Company conducts or has conducted necessary inspections within its organization in accordance with Article 12 of the PDPL. The results of these inspections are reported to the relevant department within the Company’s internal functioning and necessary activities are carried out to improve the measures taken.

7.3.1.6. Our Company operates the system that ensures notification to the personal data subject and the Personal Data Protection Board as soon as possible in case personal data processed in accordance with Article 12 of the PDPL is obtained by others through unlawful means.

7.3.2. OBSERVING THE RIGHTS OF THE DATA SUBJECT; CREATING CHANNELS FOR THESE RIGHTS TO BE SUBMITTED TO OUR COMPANY AND EVALUATION OF THE REQUESTS OF THE DATA SUBJECTS

Our Company carries out necessary channels, internal functioning and administrative and technical arrangements in accordance with Article 13 of the PDPL to evaluate the rights of personal data subjects and to provide the necessary information to personal data subjects.

If personal data subjects submit their requests regarding their rights listed below to our Company in writing, our Company concludes the request free of charge as soon as possible and within thirty days at the latest depending on the nature of the request. However, if the process requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board is charged. Personal data subjects may:

  • Learn whether personal data has been processed,
  • If personal data has been processed, request information about it,
  • Learn the purpose of processing personal data and whether they are used in line with that purpose,
  • Know the third parties to whom personal data is transferred domestically or abroad,
  • Request correction of personal data if it is incomplete or incorrectly processed and request that the transaction carried out within this scope be notified to third parties to whom personal data has been transferred,
  • Request deletion or destruction of personal data if the reasons requiring processing disappear despite being processed in accordance with the PDPL and other relevant legal provisions, and request that the transaction carried out within this scope be notified to third parties to whom personal data has been transferred,
  • Object to a result arising against the person by analyzing the processed data exclusively through automated systems,
  • Request compensation if they suffer damage due to unlawful processing of personal data.

Pursuant to Article 13, paragraph 1 of the Law on the Protection of Personal Data, you must submit your request to exercise the above- mentioned rights “in writing” or by other methods determined by the Personal Data Protection Board to our Company. Since the Personal Data Protection Board has not determined any other method at this stage, you must submit your application to our Company in writing under the imperative provision of the Law.

To exercise the above-mentioned rights, you may deliver your request including the necessary information identifying your identity and explanations regarding the right you wish to use under Article 11 of the PDPL; by filling in the form at www.kubepompa.com, delivering a signed copy with documents identifying your identity in person to Uzunbey Mh. Cengel Cd. No: 6 41180 Kartepe / Kocaeli / TURKIYE, sending it through a notary or by other methods specified in the PDPL, or sending it with a secure electronic signature to kube@hs02.kep.tr.

7.3.3. PROTECTION OF SPECIAL CATEGORIES OF PERSONAL DATA

Certain personal data is given special importance due to the risk of causing victimization or discrimination if processed unlawfully under the PDPL.

These data are: race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, biometric and genetic data.

Our Company acts with particular sensitivity in protecting special categories of personal data determined as “special category” by the PDPL and processed lawfully. Within this scope, the technical and administrative measures taken by our Company to protect personal data are carefully applied for special categories of personal data and necessary audits are ensured.

7.3.4. CLARIFYING AND INFORMING THE PERSONAL DATA SUBJECT

Our Company enlightens personal data subjects during the acquisition of personal data in accordance with Article 10 of the PDPL. Within this scope our Company informs personal data subjects during the acquisition of personal data about our Company’s identity, for what purpose personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and the rights of the personal data subject under Article 11 of the PDPL.

Article 20 of the Constitution states that everyone has the right to be informed about personal data concerning him or her. In this respect, “requesting information” is also among the rights of the personal data subject under Article 11 of the PDPL. Our Company provides the necessary information in case the personal data subject requests information in accordance with Article 20 of the Constitution and Article 11 of the PDPL.

In addition, our Company announces to personal data subjects and related parties that it conducts personal data processing activities in compliance with law and the rule of honesty through this policy and various documents open to the public, ensuring accountability and transparency in its personal data processing activities. Also our Company informs the related persons about its activities and matters in the Law by many different methods, especially when applying to the “explicit consent” of persons.

7.4. ISSUES REGARDING THE PROCESSING OF PERSONAL DATA

Our Company processes personal data in accordance with Article 20 of the Constitution and Article 4 of the PDPL; lawfully and in accordance with the rule of honesty; accurate and when necessary up to date; for specific, explicit and legitimate purposes; relevant, limited and proportionate to the purpose for which they are processed. Our Company keeps personal data for the period stipulated in laws or required for the purpose of processing.

Our Company processes personal data on the basis of one or more of the conditions for processing personal data in Article 5 of the PDPL in accordance with Articles 20 of the Constitution and 5 of the PDPL.

Our Company acts in accordance with the regulations stipulated for the processing of special categories of personal data under Article 6 of the PDPL.

Our Company acts in accordance with the regulations stipulated by the PDPL and the decisions of the Personal Data Protection Board regarding the transfer of personal data under Articles 8 and 9 of the PDPL.

7.4.1. PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES STIPULATED IN THE LEGISLATION

7.4.1.1. Lawful and Fair Processing

Our Company acts in compliance with the principles introduced by legal regulations and the general rule of trust and honesty in processing personal data. In this scope our Company considers proportionality and therefore does not use personal data for purposes other than fulfilling the purpose.

7.4.1.2. Ensuring Personal Data is Accurate and Up to Date When Necessary

Our Company ensures that personal data it processes is accurate and up to date, considering the fundamental rights of personal data subjects and the legitimate interests of our Company. It takes the necessary measures accordingly.

7.4.1.3. Processing for Specific, Explicit and Legitimate Purposes

Our Company determines clearly and precisely legitimate personal data processing purposes. Our Company processes personal data to the extent they are related to the services it provides and necessary for these services. Our Company reveals the purpose for which personal data will be processed before starting the personal data processing activity.

7.4.1.4. Being Relevant, Limited and Proportionate to the Purpose of Processing

Our Company processes personal data in a manner suitable for achieving the specified purposes and avoids processing personal data that is not related to or unnecessary for achieving the purpose. For example, personal data processing activities are not carried out for potential future needs.

7.4.1.5. Retention for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed

Our Company keeps personal data only for the period stipulated in the relevant legislation or required for the purpose for which they are processed. In this scope, our Company first determines whether a period is stipulated for keeping personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period; if no period is specified, it keeps personal data for the period necessary for the purpose for which they are processed. At the end of the period or when the reasons requiring processing disappear, personal data is deleted, destroyed or anonymized by our Company.

7.4.2. PROCESSING PERSONAL DATA BASED ON AND LIMITED TO ONE OR MORE OF THE PERSONAL DATA PROCESSING CONDITIONS SPECIFIED IN ARTICLE 5 OF THE PDPL

Protection of personal data is a constitutional right. Fundamental rights and freedoms may only be limited by law based on the reasons stated in the relevant articles of the Constitution, without infringing on their essence. According to the third paragraph of Article 20 of the Constitution, personal data may only be processed in the cases stipulated by law or with the explicit consent of the person. In accordance with this, our Company processes personal data only in the cases stipulated by law or with the explicit consent of the person.

The legal bases for processing personal data by our Company may vary, but in every personal data processing activity, our Company acts in compliance with the general principles stated in Article 4 of the PDPL (see 7.4.).

7.4.2.1. Presence of Explicit Consent of the Personal Data Subject

One of the conditions for processing personal data is the explicit consent of the data subject. Explicit consent must be related to a specific subject, based on information and declared with free will. To process personal data based on the explicit consent of the personal data subject, explicit consents are obtained from students, staff, employee candidates, officials and visitors through the relevant methods.

7.4.2.2. Clearly Provided for by Laws

If the personal data of the data subject is clearly provided for by law, it may be processed lawfully.

7.4.2.3. Failure to Obtain Explicit Consent Due to Actual Impossibility

If it is compulsory to process personal data for the protection of the life or physical integrity of the person who is unable to express consent due to actual impossibility or whose consent is not legally valid, the personal data of the data subject may be processed. Example: providing information on the blood type of a student who has fainted to doctors by our Company employees.

7.4.2.4. Direct Relation to the Conclusion or Performance of a Contract

If it is necessary to process personal data of the parties to a contract, provided that it is directly related to the conclusion or performance of the contract, personal data may be processed.

7.4.2.5. Fulfillment of the Company’s Legal Obligation

If processing is necessary for our Company as data controller to fulfill its legal obligations, the personal data of the data subject may be processed.

7.4.2.6. Publicizing by the Personal Data Subject

If the personal data subject has publicized his or her personal data, the relevant personal data may be processed.

7.4.2.7. Compulsory Data Processing for the Establishment or Protection of a Right

If data processing is compulsory for the establishment, exercise or protection of a right, the personal data of the data subject may be processed.

7.4.2.8. Compulsory Data Processing for the Legitimate Interest of our Company

Provided that it does not harm the fundamental rights and freedoms of the personal data subject, the personal data of the data subject may be processed if data processing is compulsory for the legitimate interests of our Company.

7.5. PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA

Our Company complies with the regulations stipulated in the PDPL for processing special categories of personal data determined as “special category” by the PDPL.

In accordance with Article 6 of the PDPL, certain personal data carries the risk of causing victimization or discrimination if processed unlawfully. These data are race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, biometric and genetic data.

Our Company processes special categories of personal data in accordance with the PDPL as follows, provided that adequate measures determined by the Personal Data Protection Board are taken:

  • If the personal data subject has explicit consent, or
  • If the personal data subject does not have explicit consent;

- Special categories of personal data other than the personal data of the data subject related to health and sexual life are processed in cases provided for by law,

- Special categories of personal data of the data subject related to health and sexual life are processed only by persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

7.6. TRANSFER OF PERSONAL DATA

Our Company may transfer the personal data and special categories of personal data of the personal data subject to third parties (Group Companies, business partners and suppliers) by taking necessary security measures within the scope of lawful personal data processing purposes. Our Company acts in accordance with the regulations stipulated in Article 8 of the PDPL in this regard.

7.6.1. Transfer of Personal Data Abroad

Our Company may transfer the personal data and special categories of personal data of the personal data subject to third parties by taking necessary security measures within the scope of lawful personal data processing purposes. Our Company transfers personal data to foreign countries declared by the Personal Data Protection Board to have adequate protection (“Foreign Country with Adequate Protection”) or to foreign countries where the data controllers in Turkey and the relevant foreign country undertake adequate protection in writing and have the Board’s permission if adequate protection is not available (“Foreign Country Where the Data Controller Undertakes Adequate Protection”). Our Company acts in accordance with the regulations stipulated in Article 9 of the PDPL in this regard.

7.7. PERSONAL DATA PROCESSING ACTIVITIES AT BUILDING ENTRANCES AND WITHIN BUILDINGS AND ANNEXES AND WEBSITE VISITORS

Our Company conducts personal data processing activities through security camera monitoring and tracking of guest entry and exit in our Company buildings and annexes for security purposes.
By using security cameras and recording guest entry and exit, our Company conducts personal data processing activities.
In this scope our Company acts in accordance with the Constitution, PDPL and other relevant legislation.
At the entrances and inside our Company buildings and facilities, video recordings of our visitors are taken through camera monitoring systems.
Our Company carries out camera monitoring activity for purposes such as improving the quality of the service provided, ensuring its reliability, ensuring the security of the Company, visitors and other persons and protecting the interests of visitors regarding the service they receive.
Our Company acts in accordance with the regulations in the PDPL regarding camera monitoring for security purposes.
Camera monitoring conducted by our Company is carried out in accordance with the Law on Private Security Services and related legislation.
Only a limited number of Company employees have access to the digitally recorded and stored footage. Live camera images can be monitored by security officers through an outsourced service. The limited number of persons with access to the recordings declare with a confidentiality undertaking that they will keep the data confidential.
In accordance with Article 12 of the PDPL, our Company takes the necessary technical and administrative measures to ensure the security of the personal data obtained as a result of camera monitoring.
In addition to the monitoring with cameras mentioned above, our Company conducts personal data processing activities to track guest entry and exit in our buildings and facilities for security purposes and for the purposes set out in this policy.

7.8. CONDITIONS FOR DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

Article 138 of the Turkish Penal Code, Article 7 of the PDPL and Article 7 of the Regulation on Deletion, Destruction or Anonymization of Personal Data provide that although processed in accordance with relevant law provisions, personal data shall be deleted, destroyed or anonymized by our Company upon its own decision or upon request of the personal data subject if the reasons requiring processing disappear.

7.8.1.

Within this scope, to fulfill this obligation, our Company takes the necessary technical and administrative measures, develops the necessary operational mechanisms, trains the relevant business units, assigns them and increases their awareness to comply with these obligations.
When obtaining names and surnames of persons visiting our Company buildings as guests or through notices posted or other means made available to guests by our Company, the relevant personal data subjects are informed within this scope. The data obtained for the purpose of tracking guest entry and exit is processed solely for this purpose and the relevant personal data is recorded in the data recording system in a physical environment.
For security purposes and for the purposes stated in this policy; our Company may provide internet access to Visitors who stay within our Buildings and Facilities upon request. In this case, log records of your internet access are recorded in accordance with Law No. 5651 and the relevant legislation and processed only if requested by authorized public institutions and organizations or during audit processes to fulfill our relevant legal obligation.
Only a limited number of Company employees have access to these log records. Company employees with access to the relevant records access these records only to use them in response to requests from authorized public institutions and organizations or during audit processes and share them with legally authorized persons. The limited number of persons with access to the records declare with a confidentiality undertaking that they will keep the data confidential.
On the websites owned by our Company; internet movements within the site are recorded through technical means (e.g. cookies) in order to ensure that visitors carry out their visits in line with the purposes of the visit, to show customized content and to conduct online advertising activities.
Detailed explanations regarding the protection and processing of personal data for these activities carried out by our Company are included in the “Website Privacy Policy” texts on the relevant websites.

7.9 RELATIONSHIP OF THE COMPANY'S PERSONAL DATA PROTECTION AND PROCESSING POLICY WITH OTHER POLICIES

Our Company ensures the implementation within the Company of the principles put forward with this policy through policies, procedures and application guides issued for the execution of the relevant principles. The principles set out in this policy on personal data protection are also linked to and aligned with our Company's other basic policies, procedures and application guides, thereby ensuring compatibility between similar processes operated with different policy principles (e.g. Kube Pompa Code of Ethics Regulation).

7.10 GOVERNANCE STRUCTURE OF THE COMPANY'S PERSONAL DATA PROTECTION AND PROCESSING POLICY

Within the Company, to manage this policy and other related policies, procedures and application guides, a “Personal Data Protection Committee” (Information Security Board) has been formed in line with the decision of the Company’s Board of Directors. The duties of this committee are as follows:

  • Prepare fundamental policies on Personal Data Protection and Processing and any changes when necessary and submit to the Board of Directors for approval to put into effect.
  • Submit for Board approval the methods of implementation and audit of policies on Personal Data Protection and Processing, make internal assignments and ensure coordination within the Company on these issues.
  • Identify what needs to be done to ensure compliance with the Law on the Protection of Personal Data and relevant legislation, submit what needs to be done to the approval of the Board of Directors, oversee implementation and ensure coordination.
  • Increase awareness within the Company and among Company business partners regarding Personal Data Protection and Processing.
  • Identify risks that may arise in the Company's personal data processing activities and ensure that necessary measures are taken; submit improvement proposals to the Board of Directors for approval.
  • Design and ensure implementation of trainings on personal data protection and processing.
  • Make final decisions at the highest level on applications of personal data subjects.
  • Coordinate the execution of information and training activities to ensure that personal data subjects are informed about personal data processing activities and their legal rights.
  • Follow developments and regulations regarding Personal Data Protection; give recommendations to the Board of Directors on what should be done within the Company in line with these developments and regulations.
  • Coordinate relations with the Personal Data Protection Board and Authority.
  • Execute other duties to be assigned by the Company Board of Directors regarding personal data protection.

    • 8. REVIEW

    The responsibility for reviewing and updating this document belongs to the Quality and HSE Directorate. Changes and updates made are published with Board approval. The review is conducted every year in October.

     

Uzunbey Mah. Bahçeli Sok. No: 18 41180 Kartepe / Kocaeli / Türkiye kube@kubepompa.com +90 262 371 41 74

Corporate

Our Products Corporate Catalogs Gallery Contact

Products

P1 Gasoline P1 Diesel P2 Gasoline

Copyright © Kube Pump Technologies Industry and Trade Inc. All rights reserved.

Kube Pump is a registered trademark of Kube Pump Technologies Industry and Trade Inc.

Personal Data Protection | Privacy Policy