KVKK Clarification Text

İlgili İçerik Sayfaları
Protection of Personal Data

IC ENTERRA RENEWABLE ENERGY INC.
INFORMATION TEXT REGARDING THE PROCESSING OF YOUR PERSONAL DATA

As IC İçtaş Energy Investment Holding Inc. (“Company”), we attach great importance to the security of your personal data. In this context, in accordance with the Personal Data Protection Law No. 6698 (“PDPL”), we take necessary measures to prevent your personal data from being processed unlawfully and accessed unlawfully, and to ensure an appropriate level of security for the processing and transfer of your personal data to third parties. Therefore, this text has been prepared to inform the relevant persons. This text will be updated in case of renewal of the entire text or certain articles organized by our Company.

  1. PERSON PROCESSING YOUR DATA:

As the Company, we are the legal entity responsible for determining the purposes and means of processing your personal data, and for establishing and managing the data recording system. We will start processing your personal data securely upon your explicit consent or when informing you in cases where your explicit consent is not necessary. We may process your personal data by authorizing one or more data processors to ensure the necessary security level.

  1. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA, HOW IT CAN BE OBTAINED, AND WHICH PERSONAL DATA WILL BE PROCESSED:

Your personal data will be used by our Company in accordance with the relevant legislation provisions to provide and enhance the quality of services, activities foreseen and/or considered as exceptions by public authorities, to fulfill the company's activities, and to comply with obligations of information storage, reporting, and informing. Furthermore, your personal data listed in ANNEX-1 may be processed in whole or in part for visiting our Company, ensuring security and legitimate interests related to your visit, providing our products and services, communicating about the products/services you have received/will receive, and to offer products/services, modeling, reporting, scoring, risk monitoring, and other activities related to our company's field of activity, and to enhance the quality of these services. For these purposes, we may share your personal data processed with our affiliates, business partners, suppliers, company officials, shareholders, group companies, and legally authorized public institutions and private individuals both domestically and abroad. This document cannot be reproduced or distributed without the written permission of IC İçtaş Energy Investment Holding Inc. Form No: FR-29/01.Rev00

  1. SHARING YOUR PERSONAL DATA:

Your personal data can be collected verbally, in writing, or electronically through our Company, affiliates, business partners, employees, our website, social media channels, and other channels in compliance with the relevant legislation provisions. This information form is an integral part of all contracts you have signed with our Company and requests for service procurement.

  1. DESTRUCTION OF YOUR PERSONAL DATA:

Our Company stores the processed personal data for the periods defined by the legislation. However, if the legislation does not specify a period for storing your personal data, it will be stored for the period required by the services provided by our Company while processing that data and thereafter only for the period necessary to provide evidence in case of legal disputes. After the specified periods have ended, your personal data will be deleted, destroyed, or anonymized at the first destruction date in accordance with Article 7 of the PDPL.

  1. YOUR RIGHTS REGARDING THE PROCESSING OF YOUR PERSONAL DATA:

Under Article 11 of the PDPL, you can submit the following requests to our Company;

  1. Learn whether your personal data is being processed, and if so, request information regarding this,
  2. Learn the purpose of processing your personal data and whether they are used appropriately for their purpose,
  3. Learn the third parties to whom your personal data is transferred domestically or abroad,
  4. Request correction if your personal data is processed incompletely or inaccurately,
  5. Request the deletion, destruction, or anonymization of your personal data if the reasons necessitating their processing cease to exist under Article 7 of the PDPL,
  6. Request that the actions taken in accordance with subparagraphs (d) and (e) be notified to the third parties to whom personal data has been transferred,
  7. Object to the outcomes against you created by the analysis of processed personal data solely through automated systems,
  8. Request compensation for the damages in case you incur damages due to unlawful processing of your personal data.

You can use the application form available at www.ictasenerji.com.tr in accordance with the PDPL and the Notification on Procedures and Principles of Application to Data Controller published on 10.03.2018;

  1. By a wet-signed petition through hand delivery, via notary or registered mail with return receipt to Mevlana Boulevard No: 182/B Floor: 23 Çankaya/ANKARA (the last address published in the trade registry gazette should be considered in case of an address change)
  2. By using your registered electronic mail (KEP) address, secure electronic signature, mobile signature, or by using the electronic mail address previously reported to us and registered in our Company, or through a software or application developed for the purpose of the application (provided that this application complies with the relevant legislation), by sending an email to ictasenerji.kvkk@ic.com.tr. If the request is made by someone other than the person concerned, a notarized special power of attorney issued on behalf of the person making the request by the person concerned must be provided.

Your requests submitted to our Company in accordance with the procedures will be concluded within thirty days at the latest. If the conclusion of your requests requires an additional cost, the fee determined by the Personal Data Protection Board (“Board”) may be charged by our Company. If your application is responded to via a recording medium such as a CD or flash drive, a fee not exceeding the cost of the recording medium may be requested.

Our Company may request necessary information and documents from you to determine whether you are the actual owner of the personal data in question and may ask you questions related to your application to clarify the issues stated in your application. Our Company can reject your application by stating the reasons in the following cases:

  • Processing of your personal data for purposes such as research, planning, and statistics by anonymizing them with official statistics.
  • Processing of your personal data for purposes such as art, history, literature, or science, or within the scope of freedom of expression, provided that it does not violate national defense, national security, public safety, public order, economic security, privacy of private life, or personal rights.
  • Processing of your personal data within the scope of preventive, protective, and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order, or economic security.
  • Processing of your personal data by judicial authorities or execution authorities related to investigation, prosecution, judicial, or execution proceedings.
  • Processing of your personal data being necessary for the prevention of crime or for crime investigation.
  • Processing of your personal data which has been made public by you.
  • Processing of your personal data being necessary for the execution of inspection or regulation duties and disciplinary investigation or prosecution by public institutions and organizations or professional organizations having the status of public institution, based on the authority given by the law.
  • Processing of your personal data being necessary for the protection of the economic and financial interests of the State regarding budgetary, tax, and financial issues.
  • Possibility of your request preventing the rights and freedoms of others • If your request requires a disproportionate effort.
  • If the information you request is already public information.

Our Company will inform you of the response to your request in writing or electronically. In case your application is rejected, you find the response of our Company insufficient, or your application is not responded to in time; you can file a complaint to the Board within 30 (thirty) days from the date you learn the response of our Company, or in case of no response, from the end of the response period, and in any case within 60 (sixty) days from the date of the application.

Annex-1: Categories of Personal Data

  • Identity information: Clearly belonging to an identified or identifiable real person; processed either fully or partially automatically or as part of the data recording system in a non-automatic manner, all information found in documents such as Driver's License, Identity Card, Residence, Passport, Attorney ID, Marriage Certificate
  • Contact information: Clearly belonging to an identified or identifiable real person; processed either fully or partially automatically or as part of the data recording system in a non-automatic manner; information such as phone number, address, email
  • Customer information: Clearly belonging to an identified or identifiable real person, processed either fully or partially automatically or as part of the data recording system in a non-automatic manner; information obtained and produced about the person concerned who is an authority or employee of the customer in the context of our commercial activities and operations conducted by our business units
  • Customer transaction information: Clearly belonging to an identified or identifiable real person and located within the data recording system; records related to the use of our products and services and the instructions and requests necessary for the customer's use of products and services
  • Physical space security information: Clearly belonging to an identified or identifiable real person and located within the data recording system; personal data related to records and documents obtained during entry into the physical space and while staying inside the physical space
  • Transaction security information: Clearly belonging to an identified or identifiable real person and located within the data recording system; personal data processed for the purposes of ensuring the fulfillment of technical, administrative, legal, and commercial obligations while conducting our commercial activities
  • Risk management information: Clearly belonging to an identified or identifiable real person and located within the data recording system; personal data processed through methods generally accepted in legal, commercial customs, and honesty rules to manage our commercial, technical, and administrative risks
  • Financial information: Clearly belonging to an identified or identifiable real person, processed either fully or partially automatically or as part of the data recording system in a non-automatic manner; personal data of the customer's authority or employee related to any kind of financial outcome information, documents, and records