Law on Protection of the Personal Data

  • Main Page
  • Law on Protection of the Personal Data

Law on Protection of the Personal Data

POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA OF THE ÖZALTIN İNŞAAT TİCARET VE SANAYİ ANONİM ŞİRKETİ

SECTION 1 - INTRODUCTION

1.1.      INTRODUCTION

Protection of personal data is among the most important priorities of the Özaltın İnşaat Ticaret ve Sanayi Anonim Şirketi (the “Company”). Within the framework of this Policy on the Protection and Processing of Personal Data of the Özaltın İnşaat Ticaret ve Sanayi Anonim Şirketi (the “Policy”), the principles adopted in performing the personal data processing activities by our Company, and the basic principles adopted in terms of the compatibility of the data processing activities with the regulations within the Law on Protection of Personal Data numbered 6698 (the “Law”) are explained and thusly our Company provides the necessary transparency by informing the owners of the personal data. With the full awareness of our responsibility in this regard, your personal data is processed and protected within the scope of this Policy.

The activities that our Company conducts regarding protection of the personal data of our employees are governed under the Policy on the Protection and Processing of Personal Data of the Employees of the Özaltın İnşaat Ticaret ve Sanayi Anonim Şirketi which is penned down parallel to the principles within this Policy.

1.2.      SCOPE

This Policy is about all personal data of the individuals other than the employees of our Company who are processed through automatic or non-automatic means, provided that they are part of a data recording system. Detailed information regarding the aforementioned owners of the personal data may be accessed from the Appendix 2 of this Policy (“Appendix 2 – Owners of Personal Data”).

1.3.      APPLICATION OF THE POLICY AND THE RELATED REGULATIONS

The legal regulations will primarily find an area for application that are in effect regarding the processing and protection of the personal data. In the event that there is a discrepancy between the regulations that are in effect and the Policy, our Company accepts that the regulations in effect would find an area for application. The Policy sets the rules that are determined by the related regulations by embodying them within the scope of the applications of the Company.

1.4.      ENFORCEMENT OF THE POLICY

This Policy, issued by our Company is dated as of 22.11.2019 In the event that part of or entirety the articles of the Policy are renewed, the effective date of the Policy will be updated. The Policy is published at the website of our Company (GDPR Policy) and submitted for the access of the related persons upon the request of the owners of the data.

SECTION 2 – MATTERS REGARDING PROTECTION OF PERSONAL DATA

2.1.      PROVIDING SECURITY OF THE PERSONAL DATA

In accordance to the 12th Article of the Law, our Company takes the necessary measures to prevent the disclosure, access, transfer of the data against the law or the security breaches that might take place in other ways in accordance to the characteristics of the data to be protected. In this scope, our Company takes the administrative measures and conducts inspections or have these inspections made regarding maintaining the necessary security level in accordance to the guidelines prepared by the Board of Protection of Personal Data of our Company (the “Board”).

2.2.   PROTECTION OF PERSONAL DATA WITH SPECIAL CHARACTERISTICS

Special importance is attached to the personal data which is considered sensitive due to the risk of causing unjust personal circumstances and discrimination when the data is processed against the law. This “personal data with special characteristics” is the data containing race, ethnic

origin, political orientation, philosophical beliefs, religion, sectarian origin or other beliefs, attire, membership in associations, foundations or unions, health, sexual orientation, criminal conviction, and security measures alongside with biometric and genetic data.

Within this scope, the technical and administrative measures taken by our Company for the protection of the personal data are implemented with care in terms of the personal data with special characteristics and the necessary inspections are provided within our Company.

Detailed information regarding processing the personal data with special characteristics may be found in section 3.3 of this Policy.

2.3.   INCREASING THE AWARENESS OF THE BUSINESS UNITS REGARDING PROTECTION AND PROCESSING OF PERSONAL DATA AND INSPECTION OF THE BUSINESS UNITS

Our Company provides the necessary training for the business units to increase the awareness and prevention of unlawful processing and unauthorized access to data and providing the protection of the data.

Our Company establishes the necessary systems for creating the awareness regarding protection of the personal data of the current and the new recruited employees and works with the consultants in the event that a need arises regarding the subject matter. In this regard, our Company evaluates the participation into the related training, seminars and informational meetings and arranges new training sessions parallel to the updating of the related regulations.

SECTION 3 – MATTERS REGARDING PROCESSING PERSONAL DATA

3.1.      PROCESSING PERSONAL DATA IN ACCORDANCE TO THE PRINCIPLES SET FORTH IN THE REGULATIONS

3.1.1.   Processing in Accordance to the Law and the Rule of Honesty

The personal data is processed in accordance to the rule of general trust and honesty in a way that the basic rights and freedoms of the individuals are not harmed. Within this framework, personal data are processed to the extent required by the business activities of our Company and limited to these.

3.1.2.   Providing Accuracy and Currency of the Personal Data When Needed

Our Company takes the necessary measures for the personal data to be accurate and current for the duration of their processing and establishes at regular intervals the necessary mechanisms regarding the accuracy and currency of the personal data.

3.1.3    Processing Data for Specific, Clear and Legitimate Purposes

Our Company clearly reveals the purposes for processing the personal data and also processes the personal data in regards to the business activities within the scope of the purposes related to these activities.

3.1.3.   Being Connected, Limited and Measurable With the Purpose for Which the

Personal Data Is Processed

Our Company collects the personal data only such as to and to the extent that is required by the business activities and processes the personal data by being limited by the determined purposes.

3.1.4.   Maintaining the Personal Data For The Amount Of Time Stipulated In the Related

Regulations or For the Purpose for Which the Personal Data Is Processed

Our Company maintains the personal data for the amount of time that is necessary for the purpose for which the personal data is processed and for the amount of minimum time stipulated in the related legal regulations. Within this scope, our Company initially determines whether a time frame is stipulated for keeping the personal data in the relevant regulations and if a time frame is stipulated, our Company acts accordingly. If there is no legal time frame, the personal data is kept for the duration of the time which is required for the purpose for which the data is processed. The personal data is destroyed in accordance to the periodical data destruction times at the end of the determined time for keeping the data or in accordance to the application of the owner of the data and with the determined destruction methods (erasure and/or destruction and/or anonymization).

3.2.      CONDITIONS FOR PROCESSING PERSONAL DATA

Except providing express consent by the owner of the personal data, the basis for processing the personal data may either be only one of the conditions indicated below or more than one condition may be the basis for the activity of processing the same personal data. In the event that the processed data is personal data with special characteristics, the conditions within

Article numbered 3.3 of this Policy (“Processing Personal Data with Special Characteristics”) will be implemented.

(i)   Having Express Consent of the Owner of the Personal Data

One of the conditions of processing personal data is the express consent of the owner of the data. The express consent of the owner of the personal data must be stated regarding a specific subject matter based on being informed and by free will.

In the event of existence of personal data processing conditions provided below, the personal data will be able to be processed without having the need for the express consent of the owner of the data.

(ii)  Express Stipulation in the Laws

In the event that the personal data owner is expressly stipulated in the law, namely in the event that there is an express term in the related law regarding processing the personal data, the existence of this data processing condition may be considered.

(iii) Failure to Obtain the Express Consent of the Related Individual Due to Actual Impossibility

In the event that it becomes mandatory to process the personal data for the purpose of protecting the life or the bodily integrity of the individual, who is unable to state his/her consent due to actual impossibility or whose consent would not be recognized as valid, the personal data owner will be able to be processed.

(iv) Having a Direct Relationship with the Establishment or Enforcement of an Agreement

Provided that it is directly related to the establishment or enforcement of an agreement of which the owner of the data is a party, in the event that the processing of the personal data is necessary, this condition will be able to be deemed as fulfilled.

(v)  Performance of the Legal Obligation by the Company

In the event that it becomes mandatory to process the data for our Company to fulfill its legal obligations, the personal data owner will be able to be processed.

(vi) Publicization of the Personal Data by the Owner of the Data

In the event that the owner of the data publicizes his/her personal data, the related personal data will be able to be processed by being limited by the purpose of publicization.

(vii)      Having Mandatory Data Processing for the Purpose of Establishment or Protection of a Right

In the event that it becomes mandatory to process the data for establishment, use or protection of a right, the personal data owner will be able to be processed.

(viii)     Having Mandatory Data Processing for the Legitimate Interest of our Company

Provided that the basic rights and freedoms of the owner of the data are not infringed, in the event that it becomes mandatory to process the data for the legitimate interests of our Company, the personal data owner will be able to be processed.

3.3.      PROCESSING PERSONAL DATA WITH SPECIAL CHARACTERISTICS

The personal data with special characteristics is processed by our Company in accordance to the principles indicated in this Policy by taking all administrative and technical measures including the methods to be determined by the Board in the event of existence of the following conditions:

(i)        Personal data with special characteristics other than health and sexual orientation data will be able to be processed without seeking the express consent of the owner of the data in the event that it is expressly stipulated in the laws, namely in the event that there is an express term in the law regarding processing the personal data. Otherwise, the express consent of the owner of the data will be obtained.

(ii)       Personal data with special characteristics regarding health and sexual orientation will be able to be processed without seeking the express consent by the persons who are under the confidentiality obligation or by the authorized institutions and organizations for the purposes of protecting public health, preventive medicine, execution of medical diagnosis, treatment and care services, planning and managing the health services and financing.

3.4.      INFORMING THE OWNERS OF THE PERSONAL DATA

In accordance to the 10th Article of the Law and the secondary regulations, as the responsible entity for the personal data, our Company informs the owners of the personal data regarding who processes the data for which purposes, and who shares the data with whom for which purposes, by which methods the data is collected and its legal reason, and the rights that the owners of the data have in regards to processing the personal data.

3.5.      TRANSFER OF THE PERSONAL DATA

Our Company may transfer the personal data and the personal data with special characteristics of the owners of the personal data to the third persons (public institutions, suppliers and the like) by taking the necessary security measures for the purposes of personal data processing that are in accordance to the Law. In this regard, our Company acts in accordance to the

regulations stipulated in the 8th Article of the Law. Additional information may be obtained from Appendix 4 of this Policy (“Appendix 4 – Third Persons to whom the Personal Data Is Transferred by Our Company and the Purposes of Transfer”) in this regard.

3.5.1.   Transfer of the Personal Data

Even if the owner of the personal data does not have express consent, in the event that one or more than one condition indicated below exists, the personal data will be able to be transferred to the third persons by exercising due care by our Company and by taking all necessary measures including the methods stipulated by the Board.

  • The related activities regarding the transfer of the personal data are stipulated in the laws expressly.
  • The transfer of the personal data by the Company are directly related and necessary for the establishment or execution of an agreement.
  • The transfer of the personal data is mandatory for our Company to carry out its legal obligations.
  • Provided that the personal data is publicized by the owner of the data, the personal data is transferred by our Company with the limited purpose of publicization.
  • The transfer of the personal data by the Company is mandatory for establishment, use or protection of the rights of the Company or the owner of the data or the third persons.
  • Provided that the basic rights and freedoms of the owner of the data are not harmed, it is mandatory for the Company to perform the transfer of the personal data for its

legitimate interests.

  • The transfer of the personal data is mandatory for the life or protection of the bodily integrity of the individual or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not recognized validly by the law.

In addition to the conditions above, the personal data will be able to be transferred to the foreign countries which are announced by the Board as having the sufficient protection

(“Foreign Country Having Sufficient Protection”) in the event of existence of any one of the conditions above. In the event of not having the sufficient protection, the data will be able to be transferred to the foreign countries in regards to the data transfer conditions stipulated in the regulations where the data supervisor in Turkey and in the related foreign country undertakes the sufficient protection in writing and to the foreign countries which the Board has approved

(“Foreign Country Having the Data Supervisor Undertaking the Sufficient Protection”).

3.5.2.   Transfer of the Personal Data with Special Characteristics

The personal data with special characteristics is transferred by our Company in accordance to the principles indicated in this Policy by taking all administrative and technical measures including the methods to be determined by the Board in the event of existence of the following conditions:

(i)        Personal data with special characteristics other than health and sexual orientation data will be able to be processed without seeking the express consent of the owner of

the data in the event that it is expressly stipulated in the laws, namely in the event that there is an express term in the law regarding processing the personal data. Otherwise, the express consent of the owner of the data will be obtained.

(ii)       Personal data with special characteristics regarding health and sexual orientation will be able to be processed without seeking the express consent by the persons who are under the confidentiality obligation or by the authorized institutions and organizations for the purposes of protecting public health, preventive medicine, execution of medical diagnosis, treatment and care services, planning and managing the health services and financing.

In addition to the conditions above, the personal data will be able to be transferred to the Foreign Countries Having Sufficient Protection in the event that any one of the conditions above exists. And in the event that the sufficient protection does not exist, the personal data will be able to be transferred to the Foreign Countries Having the Data Supervisor Undertaking the Sufficient Protection in regards to the data transfer conditions stipulated in the regulations.

SECTION 4 – CATEGORIZATION OF THE PERSONAL DATA PROCESSED BY OUR COMPANY AND THE PURPOSES OF PROCESSING

The personal data is processed by our Company by informing the related persons in accordance to the 10th Article of the Law and the secondary regulations, in line with the personal data processing purposes of our Company based on and limited by at least one of the conditions of processing personal data indicated in the 5th and 6th Articles of the Law in accordance to the general principles indicated in the Law, primarily the principles indicated in the 4th Article of the Law regarding processing personal data. Within the framework of purposes and conditions indicated in this Policy, information on the categories of processed personal data and detailed information on the categories may be accessed in Appendix 3 of this Policy (“Appendix 3 – Categories of Personal Data”).

Detailed information regarding the mentioned purposes of processing personal data is in

Appendix 1 of this Policy (“Appendix 1 Purpose of Processing Personal Data”).

SECTION 5 – STORAGE AND DESTRUCTION OF THE PERSONAL DATA

Our Company keeps the personal data for the duration of time which is necessary for the purpose for which the data is processed and the minimum time stipulated in the related legal regulations. Within this scope, our Company initially determines whether a time frame is stipulated for keeping the personal data in the related regulations and if a time frame is stipulated, our Company acts accordingly. If there is no legal time frame, the personal data is kept for the duration of the time which is required for the purpose for which the data is processed. The personal data is destroyed in accordance to the periodical data destruction times at the end of the determined time for keeping the data or in accordance to the application of the owner of the data and with the determined destruction methods (erasure and/or destruction and/or anonymization).

SECTION 6 - RIGHTS OF THE OWNERS OF PERSONAL DATA AND USE OF THOSE RIGHTS

6.1. RIGHTS OF THE OWNERS OF PERSONAL DATA

The owners of the personal data have the following rights:

(1)           Learning about whether the personal data is processed or not,

(2)           Requesting information regarding processing of the personal data if the personal data is processed,

(3)           Learning about the purpose of processing the personal data and whether the personal data is used in accordance to its purposes or not,

(4)           Learning about the third persons to whom the personal data is transferred domestically and internationally,

(5)           Requesting the correction of the personal data in the event that the personal data is processed incompletely or wrongly and requesting the notification of the procedure conducted in this scope to the third persons to whom the personal data is transferred,

(6)           Requesting the erasure or destruction of the personal data in the event that the reasons that require the processing of the personal data are eliminated despite the fact that the personal data is processed in accordance to the Law and terms of other Laws, and requesting the notification of the procedure conducted in this scope to the third persons to whom the personal data is transferred,

(7)           Objecting to the emergence of an outcome which is against the individual by analyzing the processed data exclusively through the automated systems,

(8)           Requesting elimination of the losses in the event that losses are incurred due to processing of the personal data against the law.

6.2. USE OF THE RIGHTS BY THE OWNER OF PERSONAL DATA

The owners of personal data will be able to submit their requests to our Company regarding

their rights listed in Section 6.1 (“Rights of the Owner of Personal Data”) through the methods determined by the Board. In this regard, the owners of personal data may benefit from the Özaltın İnşaat Ticaret ve Sanayi A.Ş. Owner of Data Application Form which may be accessed at the address of https://www.ozaltin.com.tr/en/veri-sahibi-basvuru-formu-en.pdf

6.3. RESPONDING TO THE APPLICATIONS BY OUR COMPANY

Our Company takes the necessary administrative and technical measures for finalizing the applications to be made by the owner of personal data in accordance to the Law and the secondary regulations.

In the event that the owner of personal data duly submits his/her requests to our Company regarding their rights listed in Section 6.1 (“Rights of the Owner of Personal Data”), our Company will finalize the related request for free as soon as possible and within 30 (thirty) days to the latest according to the nature of the request. However, in the event that the procedure requires an additional fee, a fee will be able to be taken in accordance to the tariff determined by the Board.

APPENDIX 1 – Purpose of Processing Personal Data

MAIN PURPOSE (PRIMARY)

SUB PURPOSE (SECONDARY)

Planning or executing the human resources policies and processes of our Company

Planning or executing the processes regarding obtaining the applications of employees / internship candidates

Planning or executing the processes regarding obtaining and evaluating the applications of disabled candidate workers

Evaluation of the resume information of the employee candidates or internship candidates in terms of the position that already exist in the Company or that may be opened in the future

Planning or executing the activities regarding evaluation of and making the necessary interviews with the employee / internship candidates whose applications are received

Planning or executing the necessary internal / external communication activities (checking out the references and the like) for placement of the employee candidates or students / interns.

Planning or executing the activities for providing legal and technical safety of our Company and the related persons who are in a business relationship with our Company

Planning or executing the necessary operational activities that are required for providing execution of the Company’s activities in accordance to the Company procedures or the related regulations

Planning or execution of the necessary activities for compatibility with the security policies and procedures of the Company

Planning or execution of the activities for creating, inspecting or following up the personnel records of the workers of the subcontractors

Planning or execution of the activities that are required to be performed regarding occupational health and safety

Planning or execution of the emergency situation or event management processes

Ensuring that the data is accurate, singular or up-to- date

Planning or execution of the activities for providing and recording the information, documentation and requests demanded from the official institutions or organizations

Planning or execution of the internal / external auditing, inspection, investigation or control activities of our Company

Planning or execution of the activities regarding providing legal opinions or obtaining legal services

Arranging, making and revising the agreements or following up the agreement processes

Planning or execution of the network follow up and management activities

Providing security of the inventory or resources of the Company

Providing security of the Company’s premises or facilities

Creating or follow up of the visitor records

Performing the necessary work by our related business units for realization of commercial or operational activities conducted by our Company and the execution of related business processes

Planning or execution of corporate communication activities

Planning or execution of sponsorship activities

Planning or execution of social responsibility or civil society activities

Planning or execution of activity / invitation / fair / meeting organizations for promoting our Company.

Planning or execution of career days, conferences or other activities regarding providing recognition of our Company in terms of potential employee candidates.

 

Planning or execution of activities regarding business / process / system design, development or improvement

Planning or execution of processes regarding creating software regarding information systems, software testing and maintenance alongside with providing information support systems

Planning or execution of risk evaluation activities or feasibility studies for selection of potential business partners / suppliers / subcontractors

Planning or execution of communication activities regarding procurement of services with the business partners / suppliers of our Company and the workers of the mentioned organizations

Planning or execution of activities of performing work / performance follow up of the real person third parties who are in a business relationship with our Company

Performance of the studies / controls of the budget or the financial table

Planning or execution of purchasing processes

Defining, allowing the use or inspection of authority to have access to information by our employees and the third parties.

Planning or execution of operation or efficiency processes

Execution of activities for providing business continuity

Planning or execution of reporting activities in / out of the Company

Planning or execution of activities regarding sale or leasing movables / real estate properties owned by our Company

APPENDIX 2 – Owners of Personal Data

CATEGORIES OF PERSONAL DATA OWNERS

DEFINITION

Visitor

Real persons who have entered into the physical premises owned by our Company for various purposes or who have visited our internet sites

Third Party

Third party real persons who are related with the parties who are within the scope of this Policy of our Company for the purpose of providing business transaction security with the parties or to

protect the rights of the mentioned persons and to provide interests for them (for instance, family members and relatives, individuals who are subjected to the social responsibility projects, members of the public sector, individuals who provide references for the employee candidates, our former employees and social media users) or other real persons who are not under the scope of this Policy and the Policy for Protection and Processing of the Personal Data of Özaltın İnşaat Ticaret ve Sanayi Anonim Şirketi Employees

Employee Candidate

Real persons who have made a job application to our Company through any means or who have opened their resumes and related information for the inspection of our Company (including internship candidates)

Employees, Shareholders and Representatives of the Organizations with Whom We Cooperate

Real persons working in the organizations with whom our Company is in any kind of business relationship including the shareholders and representatives of those organizations (including but not limited to business partners, suppliers, group companies, media representatives, celebrities and similar individuals)

Request / Complaint Owner

Real persons providing opinions / complaints / suggestions and information to our Company, authorized public institutions and organizations in the digital venues regarding our Company or the products or services of our Company

APPENDIX 3 – Categories of Personal Data

CATEGORIES OF PERSONAL DATA

DESCRIPTION

Identity Information

Data including information regarding the person’s identity (for instance, full name, Turkish National Identification Number, nationality information, place of birth, date of birth, sex, workplace information, employee number, tax number, title, information such as biography and documentation such as driver’s license, professional identification, id card and passport)

Correspondence Information

Information regarding the person’s correspondence information (for instance, phone number, address, e-mail  fax number)

Location Data

Information detecting the location of the person regarding emergency situation processes

Information Regarding Family Members and Relatives

Information regarding the products and services that we offer and the products and services within the operations of our Company or information regarding the family members and relatives of the owner of the personal data  for the purpose of protecting the legal and other interests of the Company and the owner of the data

Physical Space Security Information

Records that are obtained at the entrance of the physical location and during the stay at the physical location and personal data regarding documents (for instance, records obtained at the security point)

Transaction Security Information

Your personal data processed for providing our technical, administrative, legal and commercial security while conducting our activities (for instance, log records, IP information, identity verification information)

Financial Information

Personal data requested regarding information, documentation and records indicating all kinds of financial outcome created according to the type of the legal relationship that our Company has established with the owner of the personal data (for instance, data such as bank account number, IBAN number, revenue information, debts / receivables information)

Employee Candidate Information

Resume information regarding the employees and/or internship candidates who have made a job application to our Company by any means

Personal Data with Special Characteristics

Persons’ race, ethnic origin, political orientation, philosophical beliefs, religion, sectarian orientation or other beliefs, attire, membership for associations, foundations or unions, health information, sexual orientation, criminal conviction, and security measures alongside with biometric and genetic data

Request / Complaint Management Information

Personal data regarding obtaining and evaluating all kinds of requests, opinions or complaints directed towards our Company

Audiovisual Data

Photographs, camera and audio records

Legal Transaction and Compliance Information

Personal data processed within the scope of determination of our legal receivables and rights and payment of our debts alongside with our legal obligations and compliance with our Company’s policies

Vehicle Information

Information regarding vehicles that openly belong to a real persons whose identity is or may be determined and may be related with the owner of the data

Management Information

Personal data, which clearly belongs to a real person whose identity is or may be determined and are processed regarding marketing of our products and services in regards to the usage habits, likes and needs of the owner of the personal data and the reports and evaluations created in the consequence of this processing

Travel Information

Travel information regarding the customers of our Company or the employees of the third party organizations with whom our Company cooperates (for instance transfer hour and transfer vehicle)

Risk Management Information

Personal data processed for minimizing risks due to the policies of our Company and the obligations in terms of the regulations

APPENDIX 4 – Third Persons to whom the Personal Data Is Transferred by Our Company and the Purposes of Transfer

Our Company may transfer the personal data of its customers to the individual categories listed below in accordance to the 8th and 9th Articles of the Law:

(i)            Business Partners,

(ii)           Suppliers,

(iii)          Shareholders,

(iv)          Private Law Persons Who Are Legally Authorized,

(v)           Public Institutions and Organizations That Are Legally Authorized.

The scope of the persons indicated below to whom the transfer is made and the purposes of the data transfer are indicated below.

Persons to Whom the Data Transfer May Be Performed

Description

Purpose of Data Transfer

Business Partner

Data supervisor parties with whom our Company has established a business partnership.Business partner banks for the purpose of making the payments .

Limited by the purpose of providing the performance of the purposes of establishing the business partnership

Supplier

Parties that provide services to our Company in regards to the data processing purposes and instructions of our Company within the scope of performance of the business activities of our Company

Limited by the purpose of providing necessary services for performing the business activities of our Company procured from outside sources through the suppliers by our Company

Our Shareholders

Özaltın Holding A.Ş. which is authorized in regards to designing the strategies and inspection activities regarding the commercial activities of our Company in accordance to the terms of the related regulations

Limited by providing maintenance of the corporate communication, strategic planning, human resources, business and inspection activities regarding the commercial activities of our Company

Public Institutions and Organizations That Are Legally Authorized

Public institutions and organizations that are authorized to obtain information and documentation from our Company in accordance to the terms of the related regulations

Limited by the purposes that the related public institutions and organizations requested within their legal authority

Private Law Persons Who Are Legally Authorized

Organizations and institutions that are established in accordance to certain conditions determined by the Law in accordance to the terms of the related regulations and maintain their activities within the framework determined by the Law (for instance, independent auditors)

Limited by the subject matters that are under the scope of the activities that the related private organizations and institutions have been carrying out

Organizations with Whom Reference Sharing Is Made In Terms of Human Resources

Potential employees that are given a reference based on the approval of our employees who quit the work or the new employees with whom information sharing is made within the scope of occupational health and safety

Limited by the purpose of sharing the necessary documentation within the scope of the reference and the regulations

** In the event that there is a discrepancy between the version of this policy in Turkish in which this policy is prepared and its translated version into any other language, the Turkish version must be taken into consideration.

**This document may not be duplicated  and distributed without written  approval  of the Özaltın İnşaat Ticaret ve Sanayi Anonim Şirketi.