Clarification and Consent Text
KVKK Clarification Statement
1. Subject
The subject of this KVKK Clarification Statement is to specify the principles regarding the processing of all kinds of personal data of PETRAY İnşaat Kimya Sanayi Ve Dış Ticaret Limited Şirketi (“Company”) in accordance with the Law No. 6698 on the Protection of Personal Data (‘Law’). Accordingly, the Company, which is the data controller pursuant to Article 3 of the Law, informs and enlightens the personal data owners (employees, employee candidates, customers, suppliers, suppliers, consultants, business partners, shareholders, company officials, company proxies, persons with whom there is a contractual relationship and their employees, persons who are the addressees of all kinds of legal transactions, visitors and real or legal persons with whom it communicates for any reason whatsoever) with this KVKK Clarification Statement in accordance with Article 10 of the Law. Personal data and special categories of personal data processed by the Company are securely stored in physical or electronic media for a period of time appropriate for the purpose of processing. The Company declares that it acts in accordance with the obligations stipulated in all relevant legislation, especially KVKK, regarding the protection of personal data within the scope of such activities.
1. Data Controller and Representative
Data Controller
- Title of the Company : PETRAY Construction Chemical Industry And Foreign Trade Limited Company
- Address :Giyimkent 3.Sokak NO:93, Oruçreis, 34235 Esenler/Istanbul
- Tax No :7291244054
- Tax Office :Atışalanı
- Telephone No :0 533 959 84 68
- E-mail : info@usepetra.com
- Web Address : www.usepetra.com
2. Purposes of Processing Personal Data
2.1. Personal data are processed by the data controller or legal/real persons to be appointed by the data controller or legal/real persons to be appointed by the data controller in accordance with the general principles specified in Article 4 of the Law, based on one or more of the personal data processing conditions specified in Articles 5 and 6, in order to achieve the following purposes. In all personal data processing activities carried out by the Company, it acts in accordance with the obligations specified in all relevant legislation, especially the Law, and the decisions of the Personal Data Protection Board. In case of explicit consent;
- Execution of Information Security Processes
- Execution of Access Authorisations
- Execution of Activities in Accordance with the Legislation
- To fulfil the obligations undertaken in accordance with the distance sales contract and other contracts concluded with customers
- Execution of Customer Relationship Management Processes
- Execution of Activities for Customer Satisfaction
- Follow-up of Requests / Complaints
- Sending messages, bulletins and other publications via e-mail, SMS, whatsapp etc. platforms
will be processed for the purposes listed and may be shared with the persons specified in this clarification text.
2.2. Apart from the above-mentioned purposes, personal data may also be processed in order to ensure the fulfilment of legal obligations determined by regulatory and supervisory authorities and specified in the Law and other legislation.
3. Transfer of Personal Data and Purposes of Transfer
Personal data processed within the scope of the purposes described may be transferred to the following persons who have a contractual relationship with the Company for the purpose of carrying out the activities of the Company by the Company in accordance with the principles stipulated in Article 8 of the Law, on the basis of this explicit consent in the case of explicit consent of the personal data owner or on the basis of these provisions in the presence of the data processing conditions stipulated in paragraph 2 of Article 5 and paragraph 3 of Article 6 of the Law, limited to the subject of the contract:
- To the business partnerships, dealers or affiliates of the Company in order to fulfil and maintain the continuity of commercial activities,
- Suppliers and supplier employees on a limited basis in order to provide outsourced products and services,
- To audit firms within the scope of relevant contracts for the audit of commercial activities in accordance with the provisions of the relevant legislation,
- Legal and tax advisors, financial advisors and other advisors, if any,
- To shareholders for the limited purpose of designing and implementing strategies for the Company’s business activities,
- To public institutions and organisations within the legal authority of the relevant public institutions and organisations, limited to their requests,
- Institutions and organisations designated to ensure the fulfilment of the legal obligations specified in the Law,
- To banks and insurance companies in relation to the Company’s commercial activities,
- The name, surname and contact information of the customers are provided to the payment institutions for the purpose of identity verification in accordance with the payment institution framework agreement to be approved at the payment stage and in accordance with the Regulation on Measures to Prevent Laundering Proceeds of Crime and Financing of Terrorism published in the Official Gazette dated 9 January 2008 and numbered 26751,
4. Transfer Abroad
4.1. The Company may transfer personal data abroad at any time by obtaining the explicit consent of the personal data owner.
4.2. In the absence of the explicit consent of the personal data owner, personal data may be transferred abroad in the presence of the conditions for data processing without explicit consent stipulated in paragraph 2 of Article 5 and paragraph 3 of Article 6 of the Law. In this case, in accordance with Article 9 of the Law, personal data may be transferred only to persons and organisations residing in these countries after the foreign countries with adequate protection to be determined by the Personal Data Protection Board are announced; for the countries where it is determined and announced that there is no adequate protection, provided that the data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and the permission of the Board can be obtained for the relevant transfer.
5. Method and Legal Grounds for Collection of Personal Data
5.1. Personal data, by our Company or real or legal persons who process data on behalf of the Company; website, contracts made with the personal data owner, information forms, questionnaires, social media applications, call centres, participation in trainings, seminars, fairs and similar environments organised by the Company, parties with whom the Company has a business relationship and / or receives services that are complementary to its activities, contracted organisations, offices and other physical environments where it can be contacted and through other similar channels and through verbal, written or electronic channels, including but not limited to those listed here, and where possible, with the explicit consent of the personal data owner.
5.2. Personal data are obtained in all business processes for the purposes of the Company to continue its commercial life and to fulfil its obligations arising from the laws in a complete and accurate manner, and the personal data collected in this direction are processed in accordance with the general principles listed in Article 4 of the Law, based on the data processing conditions specified in Article 5 of the Law. In this context, the following types of “personal data” may be processed in accordance with the terms and conditions set out in the Clarification Text:
Identity Data: Name, surname, date of birth and other identity data
Contact Data: Your address, telephone number, e-mail address and other contact data
Customer Transaction Data: Your voice and other digital information such as your voice call records kept in accordance with call centre standards
6. Preservation of Personal Data
Your personal data are processed limited to the period required for the fulfilment of the purposes described in the clarification text and in any case in accordance with the practices of our company and the customs of its commercial life; after the expiration of the periods, they are deleted, destroyed or anonymised. Your personal data you have entered into the system can only be changed by you, and all necessary technical and administrative measures are taken by our Company in order to prevent anyone else from accessing and changing this information.
7. Cookie Policy
In order to carry out online behavioural advertising and marketing, our company has the right to associate the behaviour of the user who comes to the site with a cookie in the browser, even if they are not a member, and to define remarketing lists based on metrics such as the number of pages viewed, the duration of the visit and the number of target completions. You can obtain information about the cookies and similar devices we use, their purposes, how you can manage your preferences and other information that may be of interest to you from our Cookie Policy.
8. Rights of the Personal Data Owner
8.1. The personal data owner has the following rights listed in Article 11 of the Law:
- To learn whether their personal data is being processed or not,
- Request information if personal data has been processed,
- To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
- To know the third parties to whom personal data are transferred domestically or abroad,
- To request correction of personal data in case of incomplete or incorrect processing,
- In case the reasons requiring the processing of personal data disappear, to request the deletion or destruction of the data,
- To request that the information corrected or deleted upon the request of the personal data owner be notified to the third parties to whom the personal data has been transferred, if transferred,
- To object to the emergence of a result to the detriment of the person himself/herself by analysing the processed data exclusively through automated systems,
- In case of damage due to unlawful processing of personal data, to demand compensation for the damage.
8.2. Pursuant to paragraph 1 of Article 13 of the Law, personal data owners may make their requests to exercise the above-mentioned rights with the following information and methods in accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller” published in the Official Gazette dated 10 March 2018 and numbered 30356.
Information to be included in the application:
- Name, surname and signature of the applicant if the application is in writing,
- If the applicant is a citizen of the Republic of Turkey, his/her Turkish ID number; if not, his/her nationality and passport number or ID number, if any,
- The applicant’s residential or business address for notification,
- The applicant’s e-mail address, telephone or fax number for notification,
- The subject of the applicant’s request,
- Information and documents related to the subject of the applicant’s request.
Application Methods:
- The applicant may deliver the application form (“ANNEX-1”) to the Company’s address in person, by filling out the attached application form (“ANNEX-1”) and hand-delivering it to the Company’s information office located at the address below, in a sealed envelope with wet signature and with the note “Information Request in accordance with the Law on the Protection of Personal Data” on the envelope.
- The applicant may send a notification to the Company address through a notary public, but the phrase “Information Request as required by the Law on the Protection of Personal Data” must be added on the notification envelope.
As well as these;
- With secure electronic signature defined in the Electronic Signature Law No. 5070,
- With mobile signature,
- To info@usepetra.com, the registered e-mail address of the Company, with the note “Information Request in accordance with the Law on the Protection of Personal Data” in the subject section of the e-mail,
- The application can also be made by using the e-mail address previously notified to the Company and registered in the Company’s system.
8.3. As the personal data owner, in the application containing explanations regarding the request; the requested issue must be clear and understandable, the requested subject must be related to the personal data owner or if the application is made on behalf of someone else, it must be specially authorised and the authorisation must be documented, the application must contain identity and address information and documents certifying the identity must be attached to the application.
8.4. It is important that the information shared during the application is transferred correctly, this is necessary for the exercise of the rights on the data within the scope of the Law and the responsibility arising from the provision of false or incorrect information belongs to the person concerned.
8.5. Applications will be finalised as soon as possible and within 30 (thirty) days at the latest.
8.6. In the event that answering the applications to be made regarding the processing of personal data requires an additional cost, the relevant person (applicant) may be charged the fee in the tariff determined by the Personal Data Protection Board.
9. Request for Updating Information
In the event of any change in the personal data, the personal data owner will be able to inform the Company address or info@usepetra.com e-mail address of his/her current and correct personal information.
10. Changes
The Company reserves the right to make changes in this Disclosure Statement in case of changes in the Law or in the methods to be determined by the Personal Data Protection Board..