INFORMATION PURSUANT TO THE LAW ON THE PROTECTION OF PERSONAL DATA NO. 6698
This “Information Text” is presented by ISITAN MAKİNE SANAYİ VE TİCARET A.Ş. (the “Company”), acting in the capacity of “Data Controller” within the scope of the Law on the Protection of Personal Data No. 6698 (“KVKK”), to inform you regarding the purposes for which your personal data is processed, to whom and for what purposes it may be transferred, the methods and legal grounds for collecting your personal data, and your rights pursuant to Article 11 of the KVKK.
This Information Text has been prepared within the framework of the “Obligation of the Data Controller to Inform” regulated in Article 10 of the KVKK. This text constitutes an information document accessible to natural persons whose personal data is processed.
Scope and Purpose of the Information Text
The following matters are detailed in this Information Text:
- Methods and legal grounds for collecting personal data,
- Data categories and example data types,
- Purposes for which the relevant personal data is processed,
- To whom and for what purposes personal data may be transferred,
- Personal data sharing with public institutions and official authorities,
- Rights of the data subjects regarding their personal data and how to exercise these rights,
- Method of application to the Data Controller.
A. Methods and Legal Grounds for Collection of Personal Data
The Company collects personal data audibly, electronically, or in writing through the data subject themselves, call centers, social media applications, CCTV, websites, cookies, and other communication channels. This collection is performed in accordance with the personal data processing conditions specified in the KVKK and based on the legal grounds stated in this Information Text.
B. Data Categories and Data Types
No. | Data Subject | Data Category | Example Data Types |
1. | Customer | Identity Information | Name-Surname, Gender, TC Identity Info, Passport Number |
Contact Information | Address (home/work), E-mail, Telephone / Mobile Phone | ||
Financial Information | Payment Information, Invoice Information | ||
Other | CCTV | ||
2. | Visitor | Identity Information | Name-Surname |
Contact Information | Telephone / Mobile Phone | ||
Other | License Plate, CCTV | ||
3. | Online Visitor | Transaction Security Info | Law No. 5651 Logs, Traffic Information |
Transaction Information | IP Address | ||
4. | Supplier | Identity Information | Name-Surname |
Contact Information | Address, E-mail, Telephone / Mobile Phone | ||
Financial Information | Invoice Information | ||
Legal Action & Compliance | Signature Circulars, Activity Information | ||
Other | CCTV, Certificate |
C. Purposes for Processing Personal Data
Your personal data is processed for the following purposes
- Management of Emergency Processes
- Execution of Information Security Processes
- Conducting Application Processes for Employee Candidates / Interns
- Fulfillment of Obligations Arising from Employment Contracts and Legislation for Employees
- Execution of Benefits and Perks Processes for Employees
- Execution of Audit / Ethics Activities
- Conducting Training Activities
- Execution of Access Authorizations
- Conducting Activities in Accordance with Legislation
- Execution of Finance and Accounting Operations
- Execution of Company / Product / Service Loyalty Processes
- Execution of Assignment Processes
- Follow-up and Execution of Legal Affairs
- Execution of Internal Audit / Investigation / Intelligence Activities
- Execution of Communication Activities
- Planning of Human Resources Processes
- Execution / Supervision of Business Activities; Execution of Occupational Health / Safety Activities
- Receiving and Evaluating Suggestions for Improvement of Business Processes
- Execution of Activities for Ensuring Business Continuity
- Execution of Logistics Activities
- Execution of Goods / Services Purchasing Processes
- Execution of After-Sales Support Services for Goods / Services
- Execution of Goods / Services Sales Processes
- Execution of Customer Relationship Management Processes
- Execution of Activities Aimed at Customer Satisfaction
- Execution of Performance Evaluation Processes
- Execution of Contract Processes
- Execution of Supply Chain Management Processes
- Execution of Wage Policy
- Execution of Marketing Processes for Products / Services
- Execution of Talent / Career Development Activities
- Informing Authorized Persons, Institutions, and Organizations; processing pursuant to Law No. 5651
- Resolution of customer problems and complaints
- Ensuring Corporate Communication
- Planning and Execution of Certification Activities
- Execution of Import / Export Processes
- Execution of Information and Communication Technologies Processes
- Operational Activities Necessary for Ensuring Execution in Accordance with Company Procedures and/or Relevant Legislation
- Execution of Legal Incentive processes
- Use as evidence in potential disputes
- Fulfillment of Obligations Arising from Law No. 5615
- Ensuring Employees Benefit from Social Security and General Health Insurance rights
D. To Whom and For What Purposes Personal Data May Be Transferred
Personal data may be transferred domestically to Financial Advisors, Lawyers, Banks, Public Procurement Authority, Real persons or private legal entities, Business Partners, Affiliates and Subsidiaries, Authorized Public Institutions and Organizations, Suppliers, Customers, and Dealers. These transfers are made for the purposes of Conducting Activities in Accordance with Legislation, Fulfilling Legal Responsibilities, Making employee salary payments to banking companies, and within the scope of Execution / Supervision of Business Activities.
This personal data is NOT shared with third parties residing abroad
E. Personal Data Sharing with Public Institutions and Official Authorities
No. | Data Subject | With Whom and For What Purpose is Personal Data Shared? |
1. | Customer | Traffic information arising from internet usage provided at Company premises; sharing with public institutions and organizations legally authorized to request such information within the scope of legal obligations (including but not limited to combating crime, threats to state and public security, where the Company has a legal or administrative obligation to notify or inform); sharing log records with official institutions. |
2. | Visitor / Online Visitor | Traffic information such as personal data related to membership and browsing information; sharing with public institutions and organizations legally authorized to request such information within the scope of legal obligations (including but not limited to combating crime, threats to state and public security, where the Company has a legal or administrative obligation to notify or inform); sharing log records with official institutions. |
3. | Supplier | Sharing personal data with relevant public institutions for the purpose of making mandatory legal notifications by accounting; sharing invoice information with the Ministry of Finance during tax audits; sharing financial data with banks for the purpose of fulfilling payment obligations arising from the commercial relationship. |
F. Rights of the Data Subject and How to Exercise These Rights
Pursuant to Article 11 of the Law titled “Rights of the Data Subject,” you possess the following rights
- To learn whether personal data is processed,
- To request information if personal data has been processed,
- To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
- To know the third parties to whom personal data is transferred domestically or abroad,
- To request rectification of personal data in case of incomplete or incorrect processing,
- To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
- To request notification of the operations made pursuant to rectification, deletion, and destruction rights mentioned above to third parties to whom personal data has been transferred,
- To object to the occurrence of a result against the person themselves by analyzing the processed data exclusively through automated systems,
- To claim compensation for damages in case of damage due to unlawful processing of personal data.
The Company may make changes to this Information Text at any time. These changes become effective immediately upon the publication of the revised new Information Text70.
G. Method of Application to the Data Controller
You may submit your application:
- In Writing: To the address Kayapa Org. San. Böl. Kayapa Sanayi Bulvarı No:23 Nilüfer/BURSA TURKEY;
- Using your Registered Electronic Mail (KEP) address;
- Via E-mail: By sending an e-mail to kvkk@isitan.com using your e-mail address previously registered in our system or confirmed to belong to you.
For more detailed information regarding the procedures and principles to be followed when making an application, you can refer to the “Communique on the Principles and Procedures for the Request to Data Controller” of the Personal Data Protection Authority.
