Sarıtaş Çelik Sanayi ve Ticaret A.Ş. Personal Data Protection and Processing Policy

The Turkish Law No. 6698 on the Protection of Personal Data (“KVKK”) and the relevant secondary legislation regulate the procedures and principles to be observed in the processing and protection of personal data in order to safeguard, in particular, the right to privacy and the fundamental rights and freedoms of individuals.


Sarıtaş Çelik Sanayi ve Ticaret A.Ş. (the “Company”) is fully aware of its obligations and responsibilities under the Turkish Personal Data Protection Law (Law No. 6698) and applicable secondary legislation. The confidentiality and security of personal data are of utmost importance to our Company. Ensuring full compliance with the KVKK and establishing a data protection and processing policy aligned with international standards are among our top priorities.


Accordingly, this Personal Data Protection and Processing Policy (“PDPP Policy”) sets forth the fundamental principles and standards adopted and implemented by our Company in the processing and protection of personal data in compliance with the KVKK and relevant secondary legislation.

 

I. Our Objective
 

Our objective is to ensure the protection of personal data within our Company by:

 

  • Raising awareness regarding personal data protection,
  • Establishing the necessary procedures and safeguards, and
  • Ensuring that internal operations are fully compliant with the KVKK and applicable secondary legislation.
     

Our PDPP Policy serves as guidance for implementing the procedures and principles set forth under the KVKK and related regulations.

 

II. Core Principles of Our Pdpp Policy


1. General Principles


In processing personal data, the Company adopts the following principles in compliance with the KVKK:


a. Processing Personal Data in Accordance with Law and Good Faith


Our Company processes personal data in compliance with applicable laws, the KVKK, secondary legislation, decisions of the Personal Data Protection Authority, and other legal regulations.


In line with the principle of good faith:

 

  • Personal data is processed only for specific purposes and limited to what is necessary,
  • The Company respects and considers the reasonable expectations of data subjects.
  • Data subjects are informed in advance about all processing activities, and
  • Explicit consent is obtained where required.

 

b. Ensuring Accuracy and Up-to-Date Status of Personal Data


Maintaining accurate and up-to-date personal data is essential to protecting the fundamental rights and freedoms of data subjects.


To ensure this:

 

  • The accuracy of data collection sources is verified,
  • Reasonable measures are taken to maintain data integrity,
  • Data subjects are granted the right to request correction or deletion of inaccurate or outdated data.

 

c. Processing Personal Data for Specific, Explicit, and Legitimate Purposes

 

Personal data is processed only for specific, explicit, and lawful purposes.


Within this scope:

 

  • The Company determines the purposes of processing through its Personal Data Processing Inventory,
  • Data subjects are informed of these purposes prior to processing,
  • Explicit consent is obtained where necessary,
  • Personal data is processed strictly within the scope of such disclosure and consent.
     

d. Processing Data in a Relevant, Limited, and Proportionate Manner


Purpose limitation is one of the fundamental principles of data protection.


Accordingly:

 

  • Personal data is processed only to the extent relevant, limited, and proportionate to the intended purpose,
  • Data unrelated to the processing purpose is not processed,
  • Data is not processed for speculative future purposes,
  • Data minimization is a core principle of our operations.

 

e. Retention of Personal Data for the Required Period


If a retention period is stipulated by law, personal data is retained for that period.

If no such period is specified, personal data is retained only for as long as necessary for the purpose for which it was processed.
 

2. Legal Grounds for Processing Personal Data


In conducting personal data processing activities, the Company complies with:

 

  • Article 5 of the KVKK for general categories of personal data,
  • Article 6 of the KVKK for special categories of personal data.
  • Before any processing activity:
  • It is assessed whether explicit consent is required,
  • If not required, whether another legal basis exists,
  • If no legal basis applies, processing is not carried out.

 

3. Transfer of Personal Data to Third Parties


Personal data is transferred:

 

  • Domestically in accordance with Article 8 of the KVKK,
  • Internationally in accordance with Article 9 of the KVKK and the Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad.


Transfers are carried out only after ensuring adequate safeguards.
No personal data is transferred without meeting the required legal conditions.
All necessary measures are taken to prevent unauthorized third-party access.


4. Informing Data Subjects


As the Data Controller, the Company informs data subjects in accordance with Article 10 of the KVKK and the applicable Communiqué, including:

 

  • The identity of the Data Controller,
  • The purposes of data processing,
  • Recipients and purposes of data transfers,
  • The method and legal basis of data collection,
  • The rights of the data subject under Article 11 of the KVKK.
     

5. Ensuring Data Security


In compliance with Article 12 of the KVKK, and with full awareness of our responsibility to protect fundamental rights and freedoms, the Company implements all necessary technical and administrative measures to:

 

  • Prevent unlawful processing of personal data,
  • Prevent unlawful access to personal data,
  • Ensure secure storage and protection of personal data.
     

6. Deletion, Destruction, And Anonymization of Personal Data


In accordance with Article 7 of the KVKK and the Regulation on Deletion, Destruction, or Anonymization of Personal Data:
Where the reasons requiring processing cease to exist, personal data is deleted, destroyed, or anonymized either:

 

  • Ex officio, or
  • Upon request of the data subject.


The Company has established and implemented a Data Retention and Destruction Policy to fulfill these obligations.
 

7. Application to The Company


In accordance with Article 13 of the KVKK and the relevant Communiqué:
Requests submitted by data subjects are resolved as soon as possible and no later than thirty (30) days.


Requests may be submitted:

 

  • Via email to: kvkk@saritas.com.tr
  • In writing to: Barbaros Mahallesi Begonya Sokak Nidakule Kuzey No: 3/203 Ataşehir, Istanbul, Türkiye
  • Or through other legally prescribed methods.
     

Rights of Data Subjects


As a data subject, you have the right to:

 

  • Learn whether your personal data is processed,
  • Request information regarding processing,
  • Learn the purpose of processing and whether data is used accordingly,
  • Learn third parties to whom data is transferred domestically or internationally,
  • Request correction of inaccurate or incomplete data,
  • Request deletion or destruction of data when legal grounds cease,
  • Request notification of corrections or deletions to third parties,
  • Object to outcomes resulting exclusively from automated processing,
  • Request compensation for damages arising from unlawful processing.
     

Company Information (Data Controller)


Company Name: Sarıtaş Çelik Sanayi ve Ticaret A.Ş.
Address: Barbaros Mah. Begonya Sok. Nidakule Kuzey Ataşehir Apt. No: 3/203
Ataşehir, Istanbul, Türkiye
Trade Registry Office: Istanbul Trade Registry
Trade Registry No: 186045
Phone: +90 216 466 49 00
Email: kvkk@saritas.com.tr

Personal data is processed on our Website through cookies. Strictly necessary cookies are used for the provision of information society services. Other cookies are used, subject to your explicit consent, for limited purposes such as analyzing and understanding how our Website operates, determining which pages attract more interest, identifying which resources are viewed most frequently, and monitoring Website traffic in order to provide services tailored to such traffic. You may manage your cookie preferences through the panel. To access the Information Notice and the Explicit Consent Text, please click the buttons/links below:

Detailed Info