1. ARTICLE 1 - INTRODUCTION

​

Protection of personal data is among the most important priorities of MECCTİ HAVACILIK İSTİHDAM DANIŞMANLIK HİZMETLERİ LTD. ŞTİ. (“Company” or “MECCTİ HAVACILIK”). Protection and processing of personal data of our customers, potential customers, employee candidates, company shareholders, company executives, visitors, and employees, shareholders and executives of the partner organizations, and of the third parties; which is managed by this Policy, constitutes the most important stage of this matter.
Pursuant to the Turkish Republic Constitution; everyone is entitled to request the protection of their personal data. With respect to the protection of personal data, which is an Constitutional right, MECCTİ HAVACILIK, exercises due care on protection and processing of personal data of its customers, potential customers, employee candidates, company shareholders, company executives, visitors, and employees, shareholders and executives of the partner organizations, and of the third parties; which is managed by this Policy and makes this a Company policy.
Within this scope, the necessary administrative and technical measures are taken by MECCTİ HAVACILIK and Foreign Shareholders in order to protect the processed personal data, pursuant to the relevant legislation.
This Policy shall provide detailed explanations on the basic principles, which MECCTİ HAVACILIK adopts on processing the personal data and which are listed below

• To process the personal data according to the law and in good faith,

• To keep the personal data correct and updated, when required,

• To process the personal data for certain, explicit and legal purposes,

• To process the personal data in connection with the processing purposes, limitedly and prudently,

• To keep the personal data for a period stipulated in the relevant legislation or required for the processing purpose,

• To notify and inform the owners of personal data,

• To establish the required system in order to enable the owners of personal data to exercise their rights,

• To take the required measures in respect to keeping the personal data,

• To comply with the relevant legislation and regulations of the Board of PDP (Personal Data Protection) with respect to transferring them to the third parties in line with the requirements of processing purposes of personal data,

• To be sensitive on processing and protection of private qualified personal data.

 

1.2. PURPOSE OF THE POLICY

The main purpose of this Policy is to explain the systems adopted by MECCTİ HAVACILIK for personal data processing activity and personal data protection performed in accordance with the law; within this scope, to ensure transparency by informing the persons, whose data is processed by our company, primarily our customers, potential customers, employees, employee candidates, company shareholders, company executives, visitors, and employees, shareholders and executives of the partner organizations, and of the third parties.

1.3 SCOPE

This Policy is related to all personal data of our customers, potential customers, employees, employee candidates, company shareholders, candidate job applicants, company executives, visitors, and employees, shareholders and executives of the partner organizations, and of the third parties, which are processed automatically or in un-automatic ways for being a part of any data recording system.
The scope of implementation of this Policy may be either the whole Policy (e.g. such as our Active Customers who are also our visitors) or only some provisions of it (e.g. only our visitors) with respect to the personal data owners’ groups in the abovementioned categories.

1.4 IMPLEMENTATION OF THE POLICY AND THE RELEVANT LEGISLATION

The relevant legal regulations in force on processing and protection of personal data shall have the priority in implementation. In case there are discrepancies between the legislation in force and the Policy, our Company acknowledges the implementation of the effective legislation.
The Policy is generated by embodying and arranging the rules, which are revealed by the relevant legislation, within the scope of MECCTİ HAVACILIK applications. Our Company carries out the required system and preparations in order to act in compliance with the enforcement periods stipulated in the PDP Act

1.5 ENFORCEMENT OF THE POLICY

This Policy, which has been issued by our Company is dated on 16/11/2018. In case the whole of the Policy or the certain articles are replaced, the effective date of the Policy shall be updated. The Policy is published on our Company’s web sites addressed as www.inflightcrewjobs.com and www.mecabincrew.com and is made accessible to the relevant persons upon the request of the owners of personal data.

 

2. ARTICLE 2 – PROVISIONS OF THE PERSONAL DATA PROTECTION

​

Our Company takes the necessary technical and administrative measures for ensuring the suitable safety level in order to prevent the processed personal data from being processed unlawfully, to prevent unlawful access to the data, and to provide protection of the data, and performs or have the necessary audits performed by purchasing domestic audits and with our technical IT team.

2.1. ENSURING THE SAFETY OF PERSONAL DATA

2.1.1. The Technical and Administrative Measures Taken in Order to Ensure Lawful Personal Data Processing
Our Company takes technical and administrative measures according to the technological possibilities and implementation costs in order to provide lawful personal data processing.
(i) The Technical Measures Taken in Order to Ensure Lawful Personal Data Processing The primary technical measures were taken in order to ensure lawful personal data processing are listed below:
• The personal data processing activities which are performed within our Company are audited. • The technical measures taken are reported to the concerned person pursuant to the internal audit mechanism periodically.
(ii) The Administrative Measures Taken in Order to Ensure Lawful Personal Data Processing
The primary administrative measures are taken in order to ensure lawful personal data processing are listed below:
• The employees are informed and trained about the law on personal data protection and lawful processing of personal data.
• All activities performed by the Company are analyzed as specific to all business units in detail, and the personal data processing activities are revealed as specific to the commercial activities performed by the relevant business units as a result of this analysis.
• With respect to the personal data processing activities carried out by our Company’s business units; the requirements to be met in order to ensure the compliance of these activities with the personal data processing terms sought by the Act No. 6698, are determined specific to each business unit and the detailed activity performed by it.
• In order to ensure the determined legal compliance requirements of our business units, the awareness is raised specific to the relevant business units and implementation rules are determined. The administrative measures required for ensuring the continuity of auditing these matters and implementation are put into practice through In-Company policies and training.
• Records, which impose an obligation on not processing, disclosing and using the personal data, except the Company instructions and the exemptions specified by law, are included in the contracts and documents which governs the legal relationship between our Company and the employees, and the awareness arises in respect of the employees and audits are carried out.
2.1.2. The Technical and Administrative Measures Taken in Order to Prevent Unlawful Access to the Personal Data
Our Company takes technical and administrative measures according to the quality of the data to be protected, technological possibilities and implementation costs in order to prevent imprudent or unauthorized disclosure, access, transfer of or otherwise all unlawful access to the personal data.
(i) The Technical Measures Taken in Order to Prevent Unlawful Access to the Personal Data
The primary technical measures taken by our Company in order to prevent unlawful personal data access are listed below:
• The technical measures suitable for technological developments are taken; the measures are updated and renewed periodically.
• Based on the business unit, technical access and authorization solutions are initiated according to the legal compliance requirements
• The implemented technical measures are reported to the concerned person periodically pursuant to the internal audit mechanism, the issues which pose a risk are reassessed and the necessary technological solution is produced.
• The software and hardware covering the virus protection systems and firewall are installed.
• Entire data management is made central.
(ii) The Administrative Measures Taken in Order to Prevent Unlawful Access to the Personal Data
The primary administrative measures taken by our Company in order to prevent unlawful personal data access are listed below:
• The employees are trained on the technical measures to be taken in order to prevent unlawful access to personal data.
• Access and authorization processes of personal data are designed and implemented within the Company in accordance with the legal compliance requirements based on the business unit.
• The employees are informed that they may not disclose the personal data which they have learned to the third parties unlawfully and use it with purposes other than processing and this obligation survives even after resigning, and the necessary commitments are obtained from them accordingly.
• The provisions stating that the persons whom the personal data is transferred to shall take the necessary safety measures in order to protect the personal data and shall ensure that these measures shall be followed within their own organizations are included in the lawful contracts executed with the relevant persons that the personal data is transferred to.
2.1.3. Keeping the Personal Data in Safe Environment
Our Company takes technical and administrative measures according to the technological possibilities and implementation costs in order to ensure the personal data is kept in a safe environment and to prevent the unlawful destruction, loss or alteration.
(i) The Technical Measures Taken in Order to Keep the Personal Data in Safe Environment
The primary technical measures taken by our Company in order to keep personal data in a safe environment are listed below:
• In order to keep personal data in a safe environment, the systems suitable for technological developments, are used.
• The technical safety systems are installed in the storage areas, the technical measures taken are reported to the concerned person periodically pursuant to the internal audit mechanism, and the issues which pose a risk are reassessed and the necessary technological solution is produced.
• Backup programs are used according to the laws in order to ensure the personal data are kept safely.
(ii) The Administrative Measures Taken in Order to Keep the Personal Data in Safe Environment
The primary administrative measures taken by our Company in order to keep personal data in a safe environment are listed below:
• The employees are trained on ensuring the personal data is kept in a safe environment.
• In case an external service is provided to our Company due to the technical requirements on the storage of the personal data, the provisions stating that the persons whom the personal data is transferred to shall take the necessary safety measures in order to protect the personal data and shall ensure that these measures shall be followed within their own organizations, are included in the lawful contracts executed with the relevant firms that the personal data is transferred to.
2.1.4. Audit of the Measures Taken on the Protection of Personal Data Our Company performs or have the necessary audit performed within its structure in accordance with Article 12 of the PDP Act. The results of these audits are reported to the relevant department within the scope of the internal operation of the Company, and the necessary activities are carried out to improve the measures taken.
2.1.5. Measures to be Taken in Case of Unauthorized Disclosure of Personal Data Our Company operates a system, which enables to notify the situation to the relevant personal data owner and the Board of PDP as soon as possible, in case the personal data, which is processed according to the Article 12 of the PDP Act, is obtained by other persons unlawfully. In case the Board of PDP deems necessary, this situation may be announced on the internet site of the Board of PDP or otherwise.

2.2. PROTECTION OF THE DATA OWNERS’ RIGHTS; COMMUNICATION CHANNELS OF THE DATA OWNERS’ WITH THE COMPANY AND CLAIMS EVALUATION

Our Company executes the necessary channels, internal operations, administrative and technical arrangements in accordance with the Article 13 of the PDP Act, in order to assess the rights of the owners of personal data and to give the necessary information to the personal data owners.
In case that the personal data owners forward their written claims on their rights which are listed below to MECCTI HAVACILIK, Our Company concludes the claim as soon as possible and at the latest within thirty days free of charge according to the qualification of the claim. However, in case the process requires an additional cost, a fee, which is in the tariff specified by the Board of PDP, shall be charged by our Company. Personal data owners have the following rights:

• To learn whether the personal data is processed or not,
• If the personal data is processed, to request information in relation to this subject,
• To learn the aims of processing their personal data and investigating if their personal data were used relevantly,
• To learn the third parties to whom the personal data is transferred to inland or abroad,
• To ask for corrections if their personal data were processed incompletely or inaccurately, and within this scope to request the transaction be notified to the third parties whom the personal data has been transferred to,
• To ask for canceling or deleting their personal data in case the reasons for processing personal data no longer exists, and within this scope to request the transaction be notified to the third parties to whom the personal data has been transferred to,
• To object to a negative outcome for them in case their personal data are exclusively analyzed via automatic systems
• In case suffering a loss due to the unlawful processing of personal data, to request for compensation. Detailed information related to the rights of the data owners is provided in Section 10 of this Policy.

​

2.3. PROTECTION OF PRIVATE QUALIFIED DATA

Some of the personal data has been given a special attention by the PDP Act, due to the risk of causing unjust treatment of the persons or discrimination in case of unlawful processing.
This data is information about race, ethnic origin, political opinion, philosophic belief, religion, communion or other beliefs, appearance, membership of the association, foundation or union, health, sexual life, punishment sentence and safety measures, and biometric and genetic data.
Our Company acts sensitively on the protection of specific personal data which is specified as “private qualified” in the PDP Act and processed lawfully. In this context, the technical and administrative measures taken to protect the personal data are applied by our Company with caution with respect to private qualified personal data, and required audits are maintained within MECCTİ HAVACILIK.
The detailed information related to processing the private qualified personal data is provided in Article 3 of this Policy.

2.4. INCREASING AWARENESS OF PROTECTION AND PROCESSING OF PERSONAL DATA AMONG BUSINESS UNITS

Our Company provides the necessary training to its business units in order to raise awareness to prevent unlawful processing of the personal data and unlawful access to the same, and to ensure the protection of data.
MECCTİ HAVACILIK establishes the systems required for creating awareness of the protection of personal data among its existing and new employees and works with professionals in case of need related to the matter.

2.5. INCREASING AWARENESS OF PROTECTION AND PROCESSING OF PERSONAL DATA AMONG BUSINESS PARTNERS AND SUPPLIERS

Our Company provides the necessary training and seminars for the business partners in order to raise awareness to prevent unlawful processing of the personal data and unlawful access to the same, and to ensure the protection of data.
MECCTİ HAVACILIK establishes the systems required for creating awareness of the protection of personal data among its existing and new employees and works with professionals in case of need related to the matter.
All activities performed in order to raise awareness of the protection and processing of personal data for MECCTİ HAVACILIK business partners and our candidates, who made job applications, are reported to the MECCTİ HAVACILIK management and shareholders. Our Company executes confidentiality agreements with all business partners and maintains its sensitivity on Protection of Personal Data with its business partners pursuant to the relevant provisions of the agreement.

Our Company engages with processing activity of the personal data in compliance with law and good faith rules, corrected and updated when required, related with the purpose, limited and prudently, by pursuing certain, explicit and legal aims, in accordance with the Article 4 of PDP Act with regards to the processing of the personal data. Our Company keeps the personal data for a period stipulated in the law or required by the personal data processing purpose.
Our Company processes the personal data based on one or more terms on processing personal data in the Article 5 of the PDP Act, pursuant to the Article 5 of the PDP Act.
Our Company notify the personal data owners and gives the necessary information in case they request information, in accordance with the Article 10 of the PDP Act.
Our Company acts in compliance with the regulations stipulated on processing the private qualified personal data, according to the Article 6 of the PDP Act.
Our Company acts in compliance with the regulations stipulated in law and set forth by the Board of PDP on transferring the personal data, according to the Articles 8 and 9 of the PDP Act.

 

3. ARTICLE 3 – PROVISIONS OF PERSONAL DATA PROCESSING

​

3.1. PROCESSING OF PERSONAL DATA IN COMPLIANCE WITH THE PRINCIPLES STIPULATED IN THE LEGISLATION 3.1.1. Processing in Compliance with Law and Good Faith Rule
Our Company acts in compliance with the principles brought by legal regulations on protection of personal data, general trust, and good faith rule. In this context, while processing personal data our Company pays attention to the proportionality necessities and does not use the personal data for other purposes than required by its purpose.
3.1.2. Ensuring the Personal Data Are Correct and Updated When Necessary
Our Company ensures the processed personal data are corrected and updated, taking into consideration the basic rights of the personal data owners and its own legal interests. A system that enables the personal data owners to correct and verify their personal data, is established by MECCTİ HAVACILIK. Detailed information related to this subject is provided in Article 10 of this Policy.
3.1.3. Processing for Certain, Explicit and Legal Purposes
Our Company determines the legal and lawful purpose of personal data processing explicitly and exactly. Our Company processes the personal data in connection with the service it renders, and in the amount required for these. The purpose of personal data processing is set forth by our Company before the personal data processing activity begins.
3.1.4. Being Related with the Processing Purpose, Limited and Prudent
Our Company processes the personal data adequate to accomplish the specified purposes and avoids processing the personal data which are not related to accomplishing the purpose or not needed. For instance, personal data processing activity intended for meeting the subsequent possible needs.
3.1.5. Maintaining Data for a Period Stipulated in the Relevant Legislation or Required by the Processing Purpose
Our Company maintains the personal data only for a period stipulated in the relevant legislation or required by its processing purpose. In this context, we first determine whether the period for keeping personal data is stipulated in the relevant legislation. In case a period is specified, we act in compliance with this period. In case a period is not specified, we keep personal data for a period required by its processing purpose. In the case of expiration of the period or the reasons which require processing of data, then the personal data is deleted, destroyed or anonymized by our Company. The personal data are not kept by our Company for the future using possibilities. Detailed information related to this subject is provided in Article 9 of this Policy.

3.2. PROCESSING OF PERSONAL DATA BASED ON ONE OR MORE PERSONAL DATA PROCESSING TERMS SPECIFIED IN ARTICLE 5 OF THE PDP ACT

Protection of personal data is a Constitutional right. The basic rights and freedoms may be limited only by law and depending on the causes specified in the relevant articles of the Constitution. As per the third paragraph of Article 20 of the Constitution, the personal data may only be processed in cases stipulated in the law or with the explicit consent of the person. In accordance and compliance with the Constitution, our Company only processes the personal data in case of the situations stipulated in the law or with the explicit consent of the person. Detailed information related to this subject is provided in Article 7 of this Policy.

3.3. NOTIFYING AND INFORMING THE OWNER OF PERSONAL DATA

Our Company notifies the personal data owners at the time of acquiring their personal data in accordance with Article 10 of the PDP Act. Within this scope, MECCTİ HAVACILIK makes notifications on the identity of itself and its representative if any, the purpose for which the personal data shall be processed, to whom and for what purpose would the processed personal data be transferred, personal data collection method, and legal purpose, and rights of the personal data owner. Detailed information related to this subject is provided in Article 10 of this Policy.
In Article 20 of the Constitution, it is set forth that everyone has a right to being informed on the personal data related with him/her. In this respect, “to request information” is also listed among the rights of personal data owner in Article 11 of the PDP Act. In this context, our Company provides necessary information according to Article 11 of the PDP Act, in case that the personal data owner requests for information. Detailed information related to this subject is provided in Article 10 of this Policy.

3.4. PROCESSING THE PRIVATE QUALIFIED PERSONAL DATA

Our Company acts sensitively and in compliance with the regulations stipulated in the PDP Act, on processing the private qualified personal data which is specified as “private qualified” in the PDP Act.
In Article 6 of the PDP Act some of the personal data, which pose a risk for causing unjust treatment or discrimination of the persons when processed unlawfully, is identified as “private qualified”. This data is information on race, ethnic origin, political opinion, philosophic belief, religion, communion or other beliefs, appearance, membership of the association, foundation or union, health, sexual life, punishment sentence and safety measures, and biometric and genetic data.
Our company may process the private qualified personal data of the personal data owner in the line with the legal and lawful personal data processing purposes by exercising due diligence, by taking the necessary safety measures and by taking the adequate measures stipulated by the board of PDP, in the following cases
• If the personal data owner gives explicit consent, or
• If the personal data owner does not give explicit consent;
– The private qualified personal data, except the ones on health and sexual life of the personal data owner, is processed in cases stipulated in laws,
– The private qualified personal data on health and sexual life of the personal data owner are only processed by persons or authorized institutions and organizations subject to confidentiality obligation in order to protect public health, to carry out preventive medicine, medical diagnosis, treatment, and care services, plan and manage the health services and its financing.

3.5. TRANSFERRING PERSONAL DATA

Our Company may transfer personal data and private qualified data of the personal data owner to the third parties (to the third companies, business partners, third-party real persons) by taking the necessary measures in line with the lawful personal data processing purposes. In this direction, our Company acts in compliance with the regulations stipulated in Article 8 of the PDP Act. Detailed information related to this subject is provided in Article 6 of this Policy.

3.5.1. Transferring Personal Data

Our Company may transfer the personal data to the third parties as limited and based on one or more personal data processing terms stated in the Article 5 of the PDP Act, which is listed below, in line with the legal and lawful personal data processing purposes pursuant to the Article 5 of the PDP Act:
• If the personal data owner gives explicit consent;
• If there is a clear regulation on the transfer of the personal data in the law;
• If it is mandatory to protect the life or physical integrity of the personal data owner or others, and if the personal data owner is not able to express its consent due to actual impossibility, or the legal validity of its consent is not recognized;
• If the transfer of personal data of the contractual parties is required, providing to be directly related to the establishment of the contract or its implementation;
• If the transfer of personal data is mandatory for our Company to fulfill its legal obligation;
• If the personal data are made public by the personal data owner;
• If the transfer of personal data is mandatory to establish, exercise or protect a right;
• If the transfer of personal data is mandatory for our Company’s legal interests, provided not to give harm to the basic rights and freedom of the personal data owner;

3.5.2. Transferring the Private Qualified Personal Data

Our Company may transfer the private qualified data of the personal data owner to the third parties in line with the legal and lawful personal data processing purposes by exercising due diligence, by taking the necessary safety measures, and by taking the adequate measures stipulated by the Board of PDP, in the following cases:
• If the personal data owner gives explicit consent, or
• If the personal data owner does not give explicit consent;
– In cases stipulated by the law, the private qualified personal data, except the ones on health and sexual life of the personal data owner, (data related with race, ethnic origin, political opinion, philosophic belief, religion, communion or other beliefs, appearance, membership of association, foundation or union, punishment sentence; and safety measures, and biometric and genetic data)
– Private qualified personal data on health and sexual life of the personal data owner; only by persons or authorized institutions and organizations subject to confidentiality obligation in order to protect public health, to carry out preventive medicine, medical diagnosis, treatment, and care services, plan and manage the health services and its financing.

3.6. TRANSFERING PERSONAL DATA ABROAD

Our Company may transfer the personal data and private qualified personal data of the personal data owner to the third parties in line with the lawful personal data processing purposes by taking the necessary safety measures. The personal data are transferred by our Company to the foreign countries, which are announced by the Board of PDP as having sufficient protection (ANNEX – 3 “ A Foreign Country With Sufficient Protection”) or in case there is not sufficient protection, to the foreign countries which the Board of PDP gives permission and which the data supervisors in Turkey and relevant foreign country undertake a sufficient protection in writing (“ A Foreign Country undertaking a Sufficient Data Protection by Data Supervisor”). In this direction, our Company acts in compliance with Article 9 of the PDP Act. Detailed information related to this subject is provided in Article 6 of this Policy.

3.6.1. Transferring Personal Data Abroad

Our Company may transfer the personal data to the Foreign Countries with Sufficient Protection or Which Have A Data Supervisor Undertaking a Sufficient Protection, in line with the legal and lawful personal data processing purposes, if the personal data owner gives explicit consent or if the personal data owner does not give explicit consent in case of the presence of the following situations:
• If there is a clear regulation on the transfer of personal data in the law,
• If it is mandatory to protect the life or physical integrity of the personal data owner or others, and if the personal data owner is not able to express its consent due to actual impossibility, or the legal validity of its consent is not recognized,
• If the transfer of personal data of the contractual parties is required, providing to be directly related to the establishment or performance of the contract,
• If the transfer of personal data is mandatory for our Company to fulfill its legal obligation,
• If the personal data are made public by the personal data owner,
• If the transfer of personal data is mandatory to establish, exercise or protect a right,
• If the transfer of personal data is mandatory for our Company’s legal interests, provided not to give harm to the basic rights and freedom of the personal data owner.

3.6.2. Transferring the Private Qualified Personal Data Abroad

However, although our Company does not transfer the private qualified personal data to our foreign shareholders or third parties, it may transfer the private qualified personal data to the Foreign Countries With Sufficient Protection or Which Have A Data Supervisor Undertaking a Sufficient Protection, in line with the legal and lawful personal data processing purposes, by exercising due diligence, by taking the necessary safety measures, and by taking the adequate measures stipulated by the Board of PDP, in the following cases, when it is forced to do so:
• If the personal data owner gives explicit consent, or
• If the personal data owner does not give explicit consent;
– In cases stipulated in the law, the private qualified personal data, except the ones on the health and sexual life of the personal data owner, (data related with race, ethnic origin, political opinion, philosophic belief, religion, communion or other beliefs, appearance, membership of association, foundation or union, punishment sentence; and safety measures, and biometric and genetic data),
– Special quality personal data on health and sexual life of the personal data owner; only by persons or authorized institutions and organizations subject to confidentiality obligation in order to protect public health, to carry out preventive medicine, medical diagnosis, treatment , and care services, plan and manage the health services and its financing.

​

4. ARTICLE 4 – CLASSIFICATION, PROCESSING PURPOSES AND PRESERVATION PERIOD OF THE PERSONAL DATA PROCESSED BY OUR COMPANY

 

Our Company notifies the personal data owner on the classification of personal data of the personal data owner, the processing purposes of personal data of the personal data owner, and preservation period of personal data, in accordance with the Article 10 of the PDP Act

 

4.1. CLASSIFICATION OF PERSONAL DATA

Within our Company the personal data is processed in the following categories, limited by the periods within the scope of this Policy, by informing the relevant persons pursuant to the Article 10 of the PDP Act, in line with our Company’s legal and lawful personal data processing purposes, as limited and based on one or more personal data processing terms specified in the Article 5 of the PDP Act, and by complying with general principles specified in the PDP Act, in particular with the principles specified in the Article 4 of the PDP Act related with processing the personal data, and all obligations regulated by the PDP Act. In Article 5 of this Policy, it is indicated the connection of the personal data owners with the personal data classification regulated within the scope of this Policy.

​

​

DESCRIPTION OF PERSONAL DATA CLASSIFICATION

​

Identity Information: All information on the documents such as Driving License, Identity Card, Residency Certificate, Passport, Attorney Identity, Marriage Certificate which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part.

​

Contact Information: Information such as telephone number, address, e-mail which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part.

​

Location Data: Information which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part; which determines the location of the personal data owner during its use of our products and services or while our employees and the employees of the establishments which we cooperate with use our Company’s tools.

​

Job Applicants Information: Information which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data recording system in whole or part; and which is obtained and produced by a relevant person as a result of our business activities and the operations performed by our business units within this framework.

​

Information on Family Members and Relatives: Information about the family members and relatives of the personal data owner in relation with the products and services that we provide and which are intended for protecting the legal interests of the Company and personal data owner; which is clear to be a belonging of a physical person whose identity is determined or determinable and existing in a data recording system.

​

Information on Customer Transaction: Records intended for using our products and services and information such as the instructions and requests necessary for the use of our products and services, which is clear to be a belonging of a physical person whose identity is determined or determinable and existing in a data recording system.

​

Security Information on Physical Location: Data on records and documents taken during entering into a physical place and staying in a physical place, which is clear to be a belonging of a physical person whose identity is determined or determinable and existing in a data recording system.

​

Information on Transaction Security: Personal data which is processed in order to protect our technical, administrative, legal and commercial security while performing our commercial activities; which is clear to be a belonging of a physical person whose identity is determined or determinable and existing in a data recording system.

​

Information on Risk Management: Personal data which can be processed via methods used according to the approved legal, commercial practice and good faith rule in order to manage our commercial, technical and administrative risks; which is clear to be a belonging of a physical person whose identity is determined or determinable and existing in a data recording system.

​

Financial Information: Processed personal data in relation with the information, document and records showing all kinds of financial results created according to the legal relation type established by our Company with the personal data owner; which is clear to be a belonging of a physical person whose identity is determined or determinable, and processed automatically or non-automatically as a part of a data record system in whole or part.

​

Personnel Information: All kinds of personal data processed while obtaining information which shall lay the foundation of formatting the personnel rights of our employees and of the physical persons who are in a work relationship with our Company; which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part.

​

Information on Employee Transaction: Personal data which is processed in relation with all kinds of transactions performed by our employees or of the physical persons who are in a work relationship with our Company; which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part.

​

Information on Employee Candidate: Personal data which is processed in relation with the persons who applied to be an employee of our Company or assessed as an employee candidate in line with the human resources needs of our Company as per the commercial practice and good faith rule or in relation with the persons who are in a work relationship with our Company; which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part.

​

Information on Employee’s Performance and Career Development: Personal data which is processed in order to measure the performance of our employees or of the physical persons who are in a work relationship with our Company and to plan and implement their career development under our company’s human resources policy; which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part.

​

Information on Reward Benefits: Personal data which is processed in order to plan the reward benefits which we offer or shall offer to the employees or to the physical persons who are in a working relationship with our Company, to determine the objective criteria related with being entitled to them and to follow up allowances; which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part.

​

Information on Legal Acts and Compliance: Personal data which is processed within the scope of determining and pursuing our legal receivables and rights, and discharging of our debts, and our legal liabilities, and complying with our company’s policies; which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part.

Audit and Investigation InformationPersonal data which is processed within the scope of complying with legal liabilities and company policies; which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part.

​

Personal Qualified Personal Data: Data specified in Article 6 of the No. 6698 Act; which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part.

Marketing InformationPersonal data which is processed for customizing and marketing our products and services in line with the habits, admiration and needs of the personal data owner, and the reports and evaluations produced as a consequence of these processing results; which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part.

​

Claim/Complaint Management Information: Personal data received with all kinds of requests or complaints directed to our Company; which is clear to be a belonging of a physical person whose identity is determined or determinable and processed automatically or non-automatically as a part of a data record system in whole or part.

​

​

4.2. PURPOSES OF PROCESSING PERSONAL DATA

According to the categorization prepared by Our Company, major purposes on personal data processing are shared below:

• To carry out the necessary business activities by our relevant business units and to implement the work processes related to this in order to realize the commercial activities implemented by Our Company,
• To plan and to execute our Company’s trade and/or work strategies,
• To carry out the necessary business activities by our relevant business units and to implement the work processes related with this in order to enable the relevant persons to benefit from the products and services offered by Our Company,
• To plan and to execute Our Company’s human resources policies and processes,
• To provide legal, technical and commercial transaction safety support to the persons who are in a business relationship with our Company.
The purposes of personal data processing within the scope of the above listed superior purposes:
• Activity Management
• To Plan and to Execute Research and Development Activities
• To Plan and To Execute Business Activities
• To Plan and To Execute Corporate Communication Operations
• To Plan and To Execute Secure Information Processes
• To Establish and to Manage the Infrastructure of Information Technologies
• To Plan and to Execute the Access Authorization of the Business Partners and/or Suppliers to the Information and Facilities
• To Plan and to Execute the Reward Benefits and Interests of the Employees of Supplier and/or Business Partner
• To Pursue the Finance and/or Accounting Transactions
• To Create Service Planning for the Candidates Who Made Job Applications
• Management of the Relations with the Business Partners and/or Suppliers
• To Manage, to analyze and to execute personal background, CV and other necessary private qualified data of the candidates who made job applications
• To Perform Activities Intended for Determining the Financial Risks of the Customers
• To Plan and to Execute the Information Management Processes for Customer Relations / Candidates Who Made Job Application
• To Pursue the Contract Processes and/or Legal Request
• To Pursue the Requests and/or Complaints of the Customers / Candidates Who Made Job Application
• To Plan the Human Resources Processes
• To Execute the Staff Procurement Processes
• To Plan and to Execute the Market Research Activities for Sales and Marketing of the Services
• Legal Pay rolling Process
• To Plan and to Execute the Marketing Processes of the Services
• To Plan and/or to Execute the Customer Satisfaction Activities
• To Pursue Legal Affairs
• To Plan and to Execute the Operational Activities Necessary to Ensure the Company Activities Are Carried Out According to the Company Procedures and/or Relevant Legislation
• To Collect the Entry-Exit Records of the Employees of the Business Partner / Supplier
• To Collect the information about the candidates who made a job application
• To Plan and to Execute the Company’s Auditing Activities
• To Plan and/or to Execute the Occupational Health and/or Safety Processes
• To Manage and/or to audit the Relations with the Affiliates
• To Ensure the Safety of Company Compounds and/or Facilities
• To Ensure the Safety of Company’s Assets and/or Resources
• To plan and/or to execute the Financial Risk processes
Our Company refers to the explicit consent of the personal data owners to perform personal data processing activities under the personal data processing purposes out of the abovementioned situations; the below mentioned personal data processing activities are performed by the relevant business units depending on the mentioned explicit consent of the personal data owners. Within this framework; in case that the abovementioned conditions are not present, personal data processing purposes which the explicit consent of the personal data owners are referred to may be listed as follows;

• To Plan and to Execute the Access Authorization of the Business Partners and/or Suppliers to the Information and Facilities
• To manage, to Analyse and to Execute the personal background, CV and other necessary private qualified data of the candidates who made job applications
• To Manage the Relations with the Business Partners and/or Suppliers
• To Plan and to Execute the Sales Processes of the Services
• To Collect the information of the candidates who made a job application
• To Plan and to Execute the Customer Relations Management Processes
• To Pursue the Contract Processes and/or Legal Request
• To Plan the Human Resources Processes
• To Execute the Staff Procurement Processes
• To Execute the Legal Pay Rolling Processes
• To Plan and to Execute the Market Research Activities for Sales and Marketing of the Services
• To Plan and/or to Execute the Processes of Creating and/or Increasing Loyalty for the Products and/or Services Provided by the Company
• To Plan and to Execute the Marketing Processes of the Products and/or Services
• To Plan and/or to Execute the Customer Satisfaction Activities
• To Plan and to Execute the Operational Activities Necessary to Ensure the Company Activities Are Carried Out According to the Company Procedures and/or Relevant Legislation
• To Collect the Entry-Exit Records of the Employees of the Business Partner / Supplier
• To Plan and To Execute the Company’s Auditing Activities
• To Plan and/or to Execute the Occupational Health and/or Safety Processes
• To Ensure the Safety of Company Compounds and/or Facilities.

​

4.3. PRESERVATION PERIOD OF PERSONAL DATA

In case it is stipulated in relevant law and legislation, our Company keeps the personal data for a period specified in this legislation.
In case that the necessary period for keeping the personal data is not specified in the legislation, then our Company keeps the personal data for a period required by the processing purpose. In the case of expiration of the period or the reasons, which require processing are no longer present, then the personal data is deleted, destroyed or anonymized by our Company. Detailed information related to this subject is provided in Article 9 of this Policy.
If the processing purpose is ended, and the preservation period specified by the relevant legislation and company is also expired; the personal data may be kept only for constituting evidence in case of legal disputes or to be able to claim for the right connected with the personal data or to establish defense. In establishing the periods herein, the period of limitation in order to be able to claim the mentioned right, and although the period of limitation is expired, the preservation period is set based on the previous similar requests directed to Our company. In this case, the preserved personal data is not accessed with a different purpose, however, access to the relevant data is provided when the use of them is needed for legal disputes. After the period mentioned herein, the personal data is deleted, destroyed or anonymized.

​

5. ARTICLE 5 – PERSONAL DATA OWNERS CATEGORIZATION

​

While our company processes personal data listed in the below personal data owners’ categories, the scope of application of this Policy is limited with our customers, our potential customers, our employee candidates, our shareholders, company executives, our visitors; the employees, shareholders and executives of the partner organizations, and third parties.
Protection and data processing activities of our employees’ personal data, shall be evaluated under MECCTİ HAVACILIK Policy of Protection and Processing Employees’ Personal Data.
Although the categories of the owners of the personal data which are processed by our Company are within the above context, the persons out of these categories may also direct their requests to our Company under the PDP Act, and the requests of these persons shall be evaluated under this Policy.
In the scope of this Policy, the customers, potential customers, employee candidates, shareholders, company executives, visitors, the physical persons in the partner organizations and third parties in relation with these persons are classified as below

​

​

Personal Data Category Description

​

Customer: Regardless of whether they have any contractual relationship with our Company, the physical persons who use or used the products and services offered by our Company

​

Potential Customer: The physical persons who requested or had an interest in using our products and services or may have interest according to the commercial practices and good faith rule

​

Visitor: The physical person who entered to the Physical Compounds owned by our Company for various reasons, or visited our web sites

​

Third Party: The physical persons who are related with these persons to ensure the safety standard of the commercial procedures between our Company and abovementioned persons or to protect the rights of the abovementioned persons and establish interests (e.g., Warrantor, Companion, Family Members and Relatives or the physical persons who are not covered by MECCTİ HAVACILIK Policy of Protection and Processing Employees’ Personal Data)

​

Employee Candidate: The physical persons who made job applications to our Company by any method, or made available their backgrounds and related information to be assessed by our Company

​

Company Shareholder: The physical persons and legal entities who are shareholders of our Company

​

Company Executive: The physical persons who are members of our Company’s Executive Board and the other authorized physcial persons

​

Employees, Shareholders, and Executives of the Partner Companies: The physical persons who work in the organizations which our Company has all kinds of business relationship with (including, but not limited with business partner, suppliers, etc.), including the employees, shareholders, and executives of these organizations

​

The below table enlarge upon the abovementioned categories of the personal data owners and which type of personal data is being processed based on these categories.

​

​

DATA OWNER CATEGORY RELATED WITH THE RELEVANT PERSONAL DATA

​

Identity Information: Customer, Potential Customer, Employee Candidate, Company Shareholder, Company Executive, Visitors; the Employees, Shareholders, and Executives of the Partner Organizations, Third Party

​

Contact Information: Customer, Potential Customer, Employee Candidate, Company Shareholder, Company Executive, Visitors; the Employees, Shareholders, and Executives of the Partner Organizations, Third Party

​

Location Data: Customer, Employee, Employees of the Partner Organizations

​

Customer Information: Customer

​

Information on Family Members and Relatives: Customer, Visitor, Employee Candidate, Third Party, The Employees, Shareholders and Executives of the Partner Organizations

​

Candidate Job Applicant: Candidates who apply for finding a job, and share personal data

​

Physical Space Security Information: Visitor, Company Executives, the Employees, Shareholders, and Executives of the Partner Organizations

Process Security InformationCustomer, Visitor, Third Parties, Company Executives, the Employees, Shareholders, and Executives of the Partner Organizations

​

Risk Management Information: Customer, Potential Customer, Employee Candidate, Company Shareholder, Company Executive, Visitor, the Employees, Shareholders, and Executives of the Partner Organizations, Third Party

​

Financial Information: Customer, Employee, Company Shareholder, Company Executive, the Employees, Shareholders, and Executives of the Partner Organizations

​

Personnel Information: the Employees, Shareholders, and Executives of Partner Organizations

​

Information on Candidate: EmployeeEmployee Candidate, the Employees of the Partner Organizations

​

Information on Employees’ Transactions: Employees of the Partner Organizations

​

Information on Employee Performance and Career Development: Employees of the Partner Organizations

​

Information on Legal Action and Compliance: Customer, Potential Customer, Employee Candidate, Company Shareholder, Company Executive, Visitor, the Employees, Shareholders and Executives of the Organizations that We Cooperate with, Third Party

​

Information on Audit and Investigation: Customer, Potential Customer, Employee Candidate, Company Shareholder, Company Executive, Visitor, the Employees, Shareholders, and Executives of the Partner Organizations, Third Party

​

Private Qualified Personal Data: Customer, Employee Candidate, Company Shareholder, Company Executive, Employees, Shareholders and Executives of the Partner Organizations

​

Marketing Information: Customer, Potential Customer

​

Information on Claim / Complaint Management: Customer, Potential Customer, Employee Candidate, Company Shareholder, Company Executive, Visitor, the Employees, Shareholders, and Executives of the Partner Organizations, Third Party

​

​

6. ARTICLE 6 – THE THIRD PARTIES WHOM THE PERSONAL DATA ARE TRANSFERRED TO BY OUR COMPANY AND TRANSFERING PURPOSES

 

Our Company notifies the personal data owner on the groups of entities whom the personal data are transferred to, in accordance with Article 10 of the PDP Act.
Our Company may transfer the personal data of the customers to the persons in categories listed below, in accordance with the Articles 8 and 9 10 of the PDP Act (Section 3 /Caption 3.5):

(i) MECCTİ HAVACILIK business partners,
(ii) MECCTİ HAVACILIK suppliers,
(iii) MECCTİ HAVACILIK affiliates,
(iv) MECCTİ HAVACILIK and its Foreign Shareholders,
(v) Legally competent public institutions and organizations,
(vi) Legally competent private legal entities.
The extent of the abovementioned entities whom the transfer is made to, and the data transferring purposes are stated below:

​

​