İREKS GIDA SANAYİ A.Ş.
DISCLOSURE FOR THE PROCESSING OF PERSONAL DATA

As İREKS GIDA SANAYİ A.Ş. (“İREKS A.Ş.”), we prioritise protection of the privacy and security of personal data pursuant to the Law on the Protection of Personal Data number 6698. In this context, we ensure that necessary technical and administrative measures are taken for the protection of personal data against unauthorized access, damage, loss or disclosure and necessary system access necessary data access controls, secure transfer controls, business continuity controls and other corporate controls are implemented.

This disclosure applies to persons who make job applications to İREKS A.Ş. and real persons, customers and potential customers, suppliers, potential employees, former employees, dealer employees and officials, subcontractors and subcontractor employees, İREKS A.Ş. business partners, and corporate customer representatives who visit the İREKS A.Ş. website to get information about our products and services.

DEFINITIONS

Personal Data: All information related to a real person whose identity is known or could be identified.

Private Personal Data: Biometric and genetic information concerning race, ethnicity, political opinions, philosophical opinions, religion, sect or other beliefs, appearance, subscriptions to associations, foundations or syndicates, health, sex life, convictions, and data concerning security measures.

Data Controller: A natural or legal person who defines the purpose and the means of processing personal data and who is responsible for the set-up and management of the data recording system.

Personal Data Processing: Any kind of transaction performed on the data such as obtaining, saving, storing, protecting, modifying, editing, describing, transferring, receiving, making available, classifying or blocking the use of the data, provided that such data are totally or partially included in an automatic ot any other data recording system.

PRINCIPLES OF PERSONAL DATA PROCESSING

Pursuant to article 4 of the Law, in the processing of personal data, İREKS A.Ş. complies with the principles of law and honesty in relation to the storage of personal data for accurate, up-to-date, clear and legitimate purposes, in a limited manner, in line with the specified purposes of processing and for the term required for the specified purposes of processing or stipulated by the applicable legislation.

MEANS OF COLLECTION FOR THE DATA PROCESSED BY IREKS GIDA SANAYI A.S. AND PERSONAL DATA

Means of data collection may vary depending on the relationship between İREKS A.Ş. and data owner, the communication channels used and related purposes of use.

• Cookies ensuring data scanning during the visiting of the İREKS A.Ş. website and the identity, contact and profession and industry information declared by the data owner by use of the contact form at the website,
• Identity and contact information verbally obtained from the data owner for the management of wishes, suggestions and complaints for through an effective customer services.,
• Identity, contact and visual data declared in printed, verbal or electronic form by participants of exhibitions and events organised by İREKS A.Ş. or other institutions to the press, websites of local administrations, blogs, websites used for campaigns or other various purposes, İREKS A.Ş. employees and all kinds of media including the social media,
• All kinds of personal data directly declared by employee candidates through the submission of their printed or electronic curriculum vitae and identity, contact, professional experience, association membership, reference, health and citizenship information obtained through companies operating in the field of human resources,
• Main contact and identity information, financial information, association membership information, travel and expenditure information, previous professional experience information, family and relatives information and health information obtained from persons who were employed by İREKS A.Ş. in the past, as required to be collected by the applicable legislation,
• Identity and contact information of suppliers, subcontractors, dealers and business partners who are in contract relationship with İREKS A.Ş. and identity and contact information of subcontractor and dealer employees,
• Main contact information of existing customers who use the products of İREKS A.Ş. or potential customers who will use the products of İREKS A.Ş., obtained through ant means of communication including phone calls and e-mail correspondences,

are processed in line with the principles defined above.

PURPOSES OF PERSONAL DATA PROCESSING

Personal data can be processed by İREKS A.Ş. for the following purposes and stored for the term required by such purposes and stipulated by the applicable legislation:

For website visitors,

• To record the communication with personal data owners, for ensuring service/transaction security,
• To ensure the security of websites,

For employee candidates and their references,

• To determine suitable candidates for vacant positions,
• To check the references declared by candidates,
• To implement necessary human resources policies and processes,

For customers/business partners/consumers,

• To fulfil contractual obligations,
• To respond to questions, demands and claims for effective customer services, identify problems experienced by customers and eliminate the problems identified,
• To organise events and invite customers to such events, follow-up participation to the events organised, perform necessary booking procedures for the events organised,
• To provide services to customers, deliver products, ensure that services are accurately provided to customers and render aftersales support services,
• To perform business development activities, carry out market analyses and establish customer portfolios,
• To manage necessary publicity / campaign / promotional processes,
• To carry out communication activities for any matter related to products,
• To perform finance and accounting transactions after product sales,
• To carry out storage and archiving activities,
• To investigate, identify, prevent and review breaches of contract and law, and notify relevant administrative or judicial authorities for the same,

For the representatives and employees of suppliers/subcontractors/dealers,

• To follow-up payments to suppliers/subcontractors, review their financial conditions, manage related processes such as pricing and invoicing,
• To organise events and invite suppliers to such events, follow-up participation to the events organised, perform necessary booking procedures for the events organised,
• To carry out and audit the product, service, production and operational processes,
• To investigate, identify, prevent and review breaches of contract and law, and notify relevant administrative or judicial authorities for the same,
• To exercise and protect the rights granted to İREKS A.Ş. by the law and carry out the contract management processes,

TRANSFER OF PERSONAL DATA

Personal data may be shared with the following parties based on the operations of İREKS A.Ş. and the purposes defined above.

• Companies providing support for the technology systems used by İREKS A.Ş.. and related system administrators,
• Logistics companies, for the delivery of products to customers,
• Related industry associations and customs clearing companies, for the performance of product sales processes,
• Legal advisor, for the performance of legal and compliance processes,
• Collection and payment company, tax office, banks, auditing firms and public authorities for the performance of payment and collection and invoicing processes,
• Legal authorities, in relation to legal obligations for the following purposes,
  • When required by an applicable law,
  • Upon investigational demands of government officials,
  • For the verification and implementation of applicable policies,
  • For the identification and elimination of any technical or security gaps or potential fraud,
  • For responding to emergency situations,
  • For the protection of İREKS A.Ş. websites and rights, property and security of İREKS A.Ş. or the public or third persons.

TRANSFER OF PERSONAL DATA ABROAD

In line with the purposes defined in this disclosure, İREKS A.Ş. may transfer data abroad, and personal data may be processed and stored in servers and electronic environments used for this purpose. Personal data may be transferred to foreign countries announced to have sufficient protection by the Personal Data Protection Board or when sufficient security is not present, to foreign countries permitted by the Personal Data Protection Board, for which the data controllers located in Turkey or the related foreign countries undertake sufficient protection in written. In such transfers, necessary measures are taken to ensure that personal data are properly protected.

TERM OF STORAGE OF PERSONAL DATA

Personal data are kept by İREKS A.Ş. during the terms stipulated by the applicable legislation and for the time necessary to perform the activities related to such data and realize the purposes defined in his disclosure. Personal data are deleted, destroyed or anonymised by İREKS A.Ş. when their purpose of use becomes inapplicable or legal term or storage expires.

SECURITY OF PERSONAL DATA

IREKS A.S. undertakes to take necessary technical and administrative security measures for preventing the unauthorised processing of and access to personal data, pursuant to article 12 of the Law on the Protection of Personal Data. In this context, information security controls are adopted as the basis and implemented for the protection of personal data.

For the purpose of ensuring the security of personal data, in all premises of İREKS A.Ş., related controls are improved from the point of physical and peripheral security, and certain awareness programs are developed to define the duties and responsibilities of employees and suppliers in the protection of personal data. In addition to administrative methods, implementation of technical security measures is prioritised. In this context, authorisation and approval mechanisms are established and regularly reviewed for processes related to access authorisation, related activities and transactions are ensured to be recorded, regular audits are carried out to define any security gaps in the systems implemented, cryptographic methods are implemented to prevent unauthorised access during the transfer of data, risk analyses are carried out for potential security incidences and actual security incidences are recorded and solved. 

RIGHTS OF DATA OWNERS UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA

Rights of real persons whose personal data are processed are regulated by the applicable legislation and you, as the data owners, have the following rights related to the personal data practices of İREKS A.Ş.:

• To be informed whether your data is being processed,
• To request related processing information, if your personal data have been processed,
• To learn the purpose of any processing of your personal data and whether it is being used in line with such purpose,
• To be informed about any local or international third persons to whom the data have been transferred,
• To request for correction or updating, if personal data have been processed incorrectly or inaccurately,
• To request for the deletion or destruction of personal data, if the reasons for processing have become inapplicable,
• To request that third persons to whom the data have been transferred are informed about the any correction or deletion,
• To object to an outcome against you, which has been caused by the analysing and processing of your personal data exclusively through automated systems,
• To request compensation if you suffer any loss as a result of the unlawful processing of your personal data.

In order to exercise any of the rights specified above, data owners need to fill the application form at "Personal Data Request Management Form" and make an application by,

• sending it to the following address through notary,
• personally applying to the following premises by presenting their identity cards,
• sending an e-mail to ireks@hs03.kep.tr

İREKS A.Ş. will evaluate such demands of data owners and respond in written or in the electronic environment in 30 days at the latest.

Contact Information of the Data Controller:

İREKS Gıda Sanayi A.Ş

İsmet Paşa Mah. 4.Sk Çerkezköy OSB
No:559510 Kapakli/ Tekirdağ, Turkey
Phone:  +90 282 758 20 20