The protection of personal data is a constitutional right and is within the scope of our Company's priorities. Yet, having adopted this objective, it has been aimed to establish a system in our Company which is continuously updated so this policy has been issued accordingly. Within the scope of the Law on the Protection of Personal Data no. 6698, in its capacity as the Data Officer, TAM PLASTİK VE KALIP SAN. TİC. LTD. ŞTİ. (Central Registration System No: 0817000642600015) (the Company), this policy has been issued in order to fulfill the general disclosure and informational obligation and to determine the basic principles of our company's personal data processing rules and the principles on the protection of the personal data of our customers, potential customers, employees, our employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of the companies we cooperate with, their shareholders and authorities and third parties are regulated accordingly.
For the implementation of the issues stated in this Policy, necessary procedures are organized within the Company, disclosure texts are formed and complied with the personal data processing inventory specific to the categories of persons, confidentiality agreements and third party agreements are executed, job descriptions are revised and necessary administrative and technical measures are taken as well as necessary controls are made or caused to be made in this context by TAM PLASTİK VE KALIP SAN VE TİC LTD ŞTİ. for the protection of personal data. The protection of personal data is an issue also adopted by and under the responsibility of the top management and the process of protecting personal data is managed through the formation of a special Committee regarding this matter (Company PPD Committee).
The main objective of this Policy is to set forth the principles for the processing and protection of personal data activities carried out by TAM PLASTİK VE KALIP SAN. TİC. LTD. ŞTİ. in accordance with the law by our Company and the systems adopted for the protection of personal data and in this context to ensure transparency by means of disclosing to and informing the persons whose personal data is processed by our Company mainly our customers, our potential customers, our employee candidates, employees, company shareholders, company officials, employees, our visitors, employees, shareholders and officials of the companies we cooperate with, shareholders and third parties.
This policy relates to all personal data of our customers, potential customers, candidate employees, Company shareholders, Company officials, visitors, as well as employees, shareholders and authorities of the institutions we cooperate, and third parties, processed through automated means or provided that they are part of any data registry system through non-automated means.
This policy relates to all personal data of our customers, potential customers, candidate employees, Company shareholders, Company officials, visitors, as well as employees, shareholders and authorities of the institutions we cooperate, and third parties, processed through automated means or provided that they are part of any data registry system through non-automated means.
The relevant legal regulations in force for the processing and protection of personal data shall primarily apply. In case of any inconsistency between the legislation in force and this Policy, our Company acknowledges that the current legislation shall prevail.
The policy shall be published on our Company's website https://tamplastik.com) and made available to the access of the relevant persons upon request of the personal data owners and updated when required.
In accordance with Article 20 of the Constitution and Article 4 of the LPPD, our company engages in personal data processing in a limited and modular manner in accordance with the rules of law and honesty, in an accurate and updated manner if required and with specific, clear and legitimate purposes, in connection with the objective. Our Company retains personal data for as long as required by law or as required for the personal data processing purposes.
Pursuant to Article 20 of the Constitution and Article 5 of the LPPD, our company processes personal data on the basis of certain requirements under Article 5 of the LPPD regarding the processing of personal data.
As per Article 419 of the Code of Obligations and without prejudice to the LPPD numbered 6698, our Company processes the personal data of the employees and the employee candidates based on their inclination to work and the purposes of the performance of the employment contract.
In accordance with Article 20 of the Constitution and Article 10 of the LPPD, our company discloses to personal data owners and provides the necessary information if the personal data owners request information and apply for their rights arising from the law and responds to the applications within the legal period.
Our Company complies with the regulations envisaged for the processing of data of special nature, pursuant to the provisions of Article 6 of the LPPD.
Our Company complies with the rules stipulated in the Law on the transfer of personal data in accordance with Articles 8 and 9 of the LPPD and fulfills the practices by taking into consideration the decisions and the notifications issued by the PPD Board and the lists of safe countries.
Our Company acts in accordance with the principles set out by legal regulations and general trust and good faith in the processing of personal data. In this context, our company takes into consideration the proportionality requirements in processing of personal data and does not use personal data other than for its intended purpose.
Our Company ensures that personal data processed by it is accurate and up to date, taking into account the fundamental rights of personal data owners and its own legitimate interests. In this respect, our company takes the necessary measures.
Our company clearly and precisely defines the purpose of processing personal data in a legitimate and lawful manner. Our company processes personal data as much as is necessary for and related to the service offered by it. The purpose for which personal data will be processed by our Company will be set forth before starting the personal data processing activity.
Our company processes personal data in a manner that is conducive to achieving the stated objectives and avoids the processing of personal data that is not relevant or not required to be performed.
Our Company retains personal data only for the period specified in the relevant legislation or for the purpose for which such data has been processed. In this context, our Company in the first place determines whether a period has been stipulated for the storage of personal data in the relevant legislation and if a period has been stipulated, then it acts in compliance with this period, takes into account the legal and penal prescription periods and retains personal data for the time period required for the purpose for which they were processed. In the case the period expires or the reasons for such processing are not present anymore, the personal data will be deleted, destroyed or anonymized by our Company.
Protection of Personal Data is a constitutional right and may be restricted by law only, subject to the circumstances set forth in the relevant articles of the Constitution, without prejudice to their essence. Pursuant to the paragraph three of Article 20 of the Constitution, personal data may only be processed in the cases provided for in the law or upon the person's explicit consent. However, in the presence of one of the conditions listed below, personal data of the person concerned may be processed without such explicit consent by our Company:
In processing personal data designated as "data of special nature" by the LPPD, our Company adheres to the regulations stipulated in the Law. The personal data of special nature listed under article 6 of the LPPD is related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress codes, association, foundation or trade union memberships, health, sexual life, criminal conviction and security measures as well as biometric and genetic data. In accordance with the LPPD, our Company processes special quality personal data in the following cases, provided that the required measures to be determined by the LPPD are taken:
Our Company, in accordance with Article 10 of the LPPD, discloses to the Personal Data Owners during the acquisition of personal data. In this context, our Company provides information regarding the purpose for which the personal data is to be processed, to whom and for which purpose the personal data will be transferred, the method of collecting personal data and the legal reasons and the rights of the personal data owner. "Requesting information" has also been listed among the rights of the personal data owner in article 11 of the LPPD and in this context, as per Article 20 of the Constitution and Article 11 of LPPD, our company provides necessary information if this is requested by the Personal Data Owner.
Our company may transfer personal data and personal data of special nature of the personal data owner to third parties (third party companies, group companies, third party real persons) by taking the required security measures pursuant to the personal data processing purposes in accordance with the law. In this respect, our Company acts in accordance with the regulations stipulated in Article 8 of the LPPD.
Our company may transfer personal data to third parties in line with legitimate and legal personal data processing purposes on the basis of one or more of the personal data processing conditions specified in Article 5 of the Law listed below:
If explicit consent of the data owner is available, or
Regardless of the underlying reason, the general data transfer principles shall always be taken into account in the processing activities and such principles are complied with (LPPD art. 4; see Part 2 above, I, 1).
Our company may transfer personal data of special nature of the personal data owner to third parties in the following cases in line with legitimate and legal personal data processing purposes, by showing due diligence, taking the required security measures and adequate measures stipulated by the PPD Board.
If explicit consent of the data owner is available, or
If no explicit consent of the data owner is available;
Regardless of the underlying reason, the general data transfer principles shall always be taken into account in the processing activities and such principles are complied with (LPPD art. 4; see Part 2 above, I, 1).
Our company may transfer personal data and personal data of special nature of the personal data owner to third parties by taking the required security measures pursuant to the personal data processing objectives in accordance with the law. Personal data shall be transferred by our Company to foreign countries that have been announced by the PPD Board to have adequate protection ("Foreign Country with Adequate Protection") or in the absence of an adequate protection, to the foreign countries allowed by the PPD Board and where an adequate protection has been undertaken in written form by the data officers Both in Turkey and in the relevant foreign country ("Foreign Country where the Data Officer Undertaking the Adequate Protection is Located"). In this respect, our Company acts in accordance with the regulations stipulated in Article 9 of the LPPD.
Our company, pursuant to the legitimate personal data processing objectives in accordance with the law, may transfer personal data if there is explicit consent of the data owner or to Foreign Countries with Adequate Protection or to the Foreign Countries where the Data Officer Undertaking the Adequate Protection is Located in the presence of any one of the below listed cases if there is no explicit consent of the data owner:
In accordance with Article 10 of the LPPD, our Company informs the personal data owner of the groups to whom personal data has been transferred. In accordance with Articles 8 and 9 of the LPPD, our Company may transfer personal data to the following categories of persons:
Only limited to the fulfillment of the purpose of establishing a business partnership,
In a limited manner in order to ensure that the services, which are outsourced by our Company from the supplier and which are required to fulfill the commercial activities of our company, are provided to our Company,
Pursuant to the aim to ensure that human resources policies of our company are carried out, in order to carry out the human resources operations in accordance with the human resources policies of our Company, to fulfill the obligations within the framework of occupational health and safety and to take the necessary measures,
To our Affiliates, Shareholders, Legally Authorized Public Institutions and Organizations, Legally Authorized Private Entities, to companies to which our Company is a shareholder according to the provisions of the relevant legislation,
In accordance with the provisions of the relevant legislation, to our shareholders authorized to design the strategies and audit activities related to the commercial activities of our Company,
In accordance with the provisions of the relevant legislation, to the public institutions and organizations authorized to receive information and documents from our Company, in a manner limited to provide the conduct of commercial activities requiring the participation of the private legal entities authorized to receive information and documents from our Company as well as the affiliates of our Company,
In accordance with the provisions of the relevant legislation, limited to the designing and auditing strategies regarding the commercial activities of the Company and to the objective required by the relevant public institutions and organizations within the scope of their legal authorities,
In the transfers made by our Company for the purpose requested by the relevant private legal entities within the scope of their legal authority, the principles and rules set forth in this Policy are complied with.
Although the legal basis for the processing of personal data by our Company varies, we act in accordance with the general principles set forth in Article 4 of the LPPD in all kinds of personal data processing activities. According to this, the below issues are considered in all kinds of data processing activities:
Our Company processes personal data limited to the purposes and conditions within the scope of the personal data processing requirements specified in paragraph 2 of article 5 and paragraph 3 of article 6 of the Law on the Protection of Personal Data No. 6698. In the data processing process, the legal basis mentioned above is taken into consideration and the consent of the person concerned is requested if the other legal basis is not available. Here, audits on general principles are carried out within the scope of Article 4 and above all, the condition where data processing is generally compliant with the principles of the law is sought. The explicit consent of the person concerned is obtained based on information and free will.
The personal data in our company units may be processed for the below stated purposes:
As set out in Article 138 of the Turkish Penal Code and Article 7 of the LPPD, personal data shall be deleted, destroyed or made anonymous upon the Company's own decision or at the request of the personal data owner, in the case the reasons that require processing are eliminated in spite of the fact that it has been processed in accordance with the relevant legal provisions.
Our Company stores personal data, where stipulated in the relevant laws and regulations, for the period stated in such legislations. In cases where the legislation does not regulate the period of retention for how long personal data should be stored, personal data shall be processed for a period, which requires the processing of our data in accordance with the requirements of our Company's practices and precedents of commercial activities, depending on the services offered by our Company and they shall be then deleted, destroyed or anonymized.
As set out in Article 138 of the Turkish Penal Code and Article 7 of the LPPD, personal data shall be deleted, destroyed or made anonymous upon the Company's own decision or at the request of the personal data owner, in the case the reasons that require processing are eliminated in spite of the fact that it has been processed in accordance with the relevant legal provisions. In this context, our Company fulfills its relevant obligation with the methods explained in this section.
As per paragraph 1 of Article 13 of the LPPD, personal data owners are required to submit to our Company their request for the exercise of their above-mentioned rights with the methods stated below, which would be sufficient:
Application Method | Application Address | Information to be Submitted in during the Application |
---|---|---|
Personal Application (Application by the applicant personally by validating his/her identity) | Kavakli Mh. Deniz Aktas Cd. No: 32 34520 Beylikduzu/Istanbull | "Information Request within the scope of Law on the Protection of Personal Data" shall be written on the envelope. |
Notification through Notary Public | Kavakli Mh. Deniz Aktas Cd. No: 32 34520 Beylikduzu/Istanbul | "Information Request within the scope of Law on the Protection of Personal Data" shall be written on the notification envelope.. |
By being signed with "Secured Electronic Signature" and sending it to the registered Company electronic mail address (KEP) | tamplastik@hs01.kep.tr | "Information Request on the Law on the Protection of Personal Data" should be written in the subject line of the e-mail |
In the application;
It is obligatory that the name, surname, signature - if the application is made in a hardcopy format - Turkish Republic Identity Number for the Turkish Republic citizens, nationality if the applicant is of foreign origin, passport number or identity number, if available, place of residence or business address constituting the basis for notices, e-mail address constituting the basis for notices, if any, telephone and fax number and the subject matter of the request are present. Information and documents related to the subject matter will be attached to the application.
It is not possible to place a request by third parties on behalf of personal data owners. In order for a person other than the personal data owner to make such a request, there must be a special power of attorney issued by the personal data owner in the name of the applicant. In the application, personal data owner should clearly state the requested subject matter, the subject matter should be related to the person himself/herself or if he/she is acting on behalf of another person, he/she must be specially authorized and such authority must be certified and documented, the application should contain the identity and address information and the documents confirming the identity must be attached to the application.
It is not possible to place a request by third parties on behalf of personal data owners. In order for a person other than the personal data owner to make such a request, there
In the event that the personal data owner duly communicates his/her request to our Company, we shall conclude the demands involved in the applications within the shortest time possible depending on the nature of the demand and within thirty days at the latest and free of charge. However, if the process requires a separate cost, our Company shall charge the applicant the fee listed in the tariff set by the PPD Board. Our company may request information from the person concerned to determine whether the applicant is the personal data owner or not. In order to clarify the issues in the application of the personal data owner, our Company may direct questions to the personal data owner about the application.
Our company takes all required technical and administrative measures to ensure that personal data is processed in accordance with the law. In this context;/p>
With the LPPD, some personal data has been attributed special importance due to the risk to cause victimization of persons or discrimination when processed contrary to the law. This data is, related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress codes, association, foundation or trade union memberships, health, sexual life, criminal conviction and security measures as well as biometric and genetic data. Our company sensitively handles the protection of personal data of special nature determined by LPPD as "of special nature" and processed in accordance with the law. In this context, the technical and administrative measures taken by our Company for the protection of personal data are carefully applied with regard to special quality personal data and necessary controls are provided.
Our company takes technical and administrative measures to protect the personal data from unauthorized or negligent disclosure, access, transfer or other forms of illegal and unauthorized access.
The main technical measures taken by our Company in order to prevent illegal access to personal data are listed as follows:
are all carried out. An official reporting procedure is being established for the employees to report security vulnerabilities on the system and the services or to report the threats using the same.
Evidence is collected and securely safeguarded in undesirable cases such as crashing of the information system, malicious software, attack to leave the service unavailable, incomplete or incorrect data entry, violations of privacy and integrity and misappropriation of the information system.
If the personal data is stored on the devices located in the premises of the data officers or in hardcopy format, physical security measures are taken against threats such as theft or loss of these devices and hardcopies.
The physical environments which contain personal data are protected against external risks (such as fire, flood, etc.) using appropriate methods and the entrances/exits to such environments are controlled.
If the personal data is kept in electronic environment, access may be restricted between the network components or the components are ensured to be disconnected to prevent personal data security breaches.
The measures at the same level are also taken for the hardcopy media, electronic environment and devices (laptops, mobile phones, flash drives) which are located outside the Company premises and which contain personal data belonging to the Company. Personal data to be transmitted by electronic mail or mail is also sent carefully with the adequate measures taken.
Sufficient security measures are also taken in the case employees provide access to the information system network with their personal electronic devices.
The use of access control authorization and/or encryption methods are applied against the cases such as loss or theft of devices containing personal data. In this context, the password key is stored only in the environment accessible to authorized persons and unauthorized access will be prevented.
Documents in hardcopy format containing personal data are also stored in a locked and in an environment only accessible by authorized persons therefore unauthorized access to such documents is prevented.
The main administrative measures taken by our Company in order to prevent illegal access to personal data are listed as follows:
Our company takes the necessary technical and administrative measures according to technological facilities and cost of implementation in order to prevent personal data from being stored in non-safe environments and being destroyed, lost or changed with illicit purposes.
Dear Business Partners,
We are extremely happy and excited to announce that as of May 1st, 2020 we acquired the global rights of Braiform Group, one of the largest hanger companies in the world, and our strategic business partner for a long time.
As an integral part of the retail industry we are acutely aware of the impact COVID-19 has had in our sector, and are working hard to make sure we bring the necessary solutions and services required for the retail industry to rebuild together post COVID-19. We believe the key to this joint success will be built on supplier choice, seamless solutions, and competitiveness in the space and with this approach we decided to execute this acquisition.
Apart from driving our business customer and environment friendly, one of the most important missions we appointed ourselves is to secure the competitive market environment, which could have led to a monopoly, if we have not taken the challenge to acquire the global rights of Braiform Group.
We have a tremendous ambition to make sure we are positioned well in the marketplace to demonstrate our capabilities on producing and reusing hangers, by being the supplier of choice and ensuring the future security of a competitive market environment which is even more essential today.