Introduction
As PANORAMA TEKNOLOJİ ANONİM ŞİRKETİ (hereinafter referred to as the "Company"), we attach great importance to the processing of the data of our customers and employees in accordance with the law. With the Personal Data Protection and Processing Notice ("Notice"), we aim to comply with the national and international legislation in force, especially the Personal Data Protection Law No. 6698 ("Law") and the European Union General Data Protection Regulation ("GDPR").
First and foremost, we take care to ensure the security of the personal data of our customers and employees. In order to store our customers' personal data securely and to prevent any unlawful access or leakage of this data, we share our customers' data only with our trusted business partners, at a minimum level and take security measures in accordance with the legislation in force.
Transparency is one of the most important topics for us in the field of personal data protection. We have prepared this Notice in order to provide you with the necessary information both while fulfilling our obligations arising from the law and when we process your personal data in order to provide you with a better customer experience. You can find detailed explanations about which of your personal data is processed and for what purposes under the headings "Which personal data we process" and "For what purposes we process your personal data".
Another important issue for us is the right of our customers or employees to control their personal data. We take the necessary measures for our customers to manage their preferences about their own data and we respect their preferences to the maximum extent. In this context, you can send us your requests through the communication channels under the heading "Exercise of rights by data subjects". You can also find detailed explanations on this subject under the heading "Rights of data subjects". You can find explanations of the terms used in the Notice under the heading "Definitions".
Data security, transparency and individuals' right to control over their personal data constitute the most important foundations for us in terms of compliance with the Law. In this context, we provide you with detailed information about the processing of your personal data in this Notice.
How do we collect your personal data?
The Notice contains our statements and explanations regarding the processing of personal data of our customers, employees and natural persons who come into contact with us in accordance with the provisions of national and international legislation, in particular the Law and GDPR.
We reserve the right to make changes to the Notice in order to provide up-to-date information on practices and legal regulations within the framework of personal data protection. However, in the event of material changes to the Notice, we will notify data subjects through appropriate channels.
The Notice has been prepared in order to provide information on which personal data the Company processes while carrying out its commercial activities, for what purpose it processes this data and to which third parties for which purposes this data may be transferred. The Notice mainly covers personal data collected through the following channels.
Personal data collected through telephone calls, customer documents, contracts, job request and information forms, order records, verbal, written or electronic media, automatic or non-automatic methods.
Personal data collected through other ("Digital Media") such as the Company's websites ("Site"), software and applications ("Application") offered for use on computers or some smart devices, social media accounts ("Social Media") managed by persons authorized to provide services on behalf of the Company.
Which personal data do we process?
Your personal data collected by us may vary depending on the nature of the legal relationship you have established with us. Your personal data collected through all channels, including digital media, are categorically as follows.
Identity information (personal data such as name, surname, ID number, date of birth, place of birth, etc. that you have provided when creating an account on our website, that you have provided when you apply to purchase products or services, that you have provided in accordance with the business and sales contract)
Contact information (your personal data such as e-mail address, telephone number, mobile phone number, social media contact information, address, etc. that you have provided while creating an account on our website, that you have provided when you apply to purchase products or services, that you have provided in accordance with the business and sales contract)
Location data (location information provided by our company employees in order to carry out marketing activities)
Information on family members and relatives (identity information, contact information, occupation, education information, etc. regarding the data subject's children, spouses, etc.)
Customer transaction information (your personal data such as credit card slips, payment receipts, invoices, checks, promissory notes, customer instructions, records recorded in channels for this purpose, etc.)
Transaction security information (your IP address and cookie information during your visit to our website offered in digital environments)
Risk management information (various query results and records associated with the personal data subject and provided by public institutions, address registration system records, etc.)
Financial information (credit/debit card information, bank account information, IBAN information, balance information, receivable balance and other financial information)
Physical space security information (entry/exit records, visit information, camera and sound recordings, etc.)
Legal proceedings and compliance information (personal data included in information requests or decisions from judicial and administrative authorities, legal follow-up associated with the data owner and information on all kinds of records and transactions related to asserting our rights, etc.)
Special categories of personal data (data on religion, association membership information, criminal convictions and security measures, especially information on your health status as required by the legal legislation of the company personnel)
Marketing information (reports and evaluations showing the habits and tastes of the person associated with the data subject and to be used for marketing purposes, targeting information, cookie records, information derived through data enrichment activities, information and evaluations obtained as a result of surveys, satisfaction surveys, campaigns and direct marketing activities, etc.).
For what purposes do we process your personal data?
Pursuant to the Law, personal data may be processed only in the cases specified in Articles 5 and 6 of the Law and/or in the presence of at least one of the conditions required by the provisions of international legislation. In this context, as the Company, we process the personal data of our customers within the scope of our legitimate interests, especially to perform the services we offer to them (fulfillment of product sales and delivery processes, bush), to carry out employee satisfaction and loyalty processes for our employees, to fulfill the obligations arising from the employment contract and legislation for employees, to carry out the fringe benefits and benefits processes for employees, to fulfill the obligations we are subject to in accordance with the applicable national and international legislation and provided that it does not have a negative consequence on the fundamental rights and freedoms of our customers.
In addition to the personal data processing conditions, in some cases we may request your explicit consent to process your personal data. In such cases, your personal data will be processed limited to the scope of the explicit consent you have freely given. You have the possibility to withdraw your explicit consent at any time.
In this context, your personal data obtained may be processed by the Company within the framework of national and international legislation, within the scope of the personal data processing conditions specified in Articles 5 and 6 of the Law and for the purposes listed below.
For what purposes do we process your personal data?
Ensuring communication regarding our operations
In some cases, we need to communicate certain information to our customers about the products you have purchased. For example, we may need to contact you, our customers, via SMS, e-mail or telephone to communicate quantity, price, delivery information, to share confirmation of your purchase or to provide you with payment or delivery information.
We would like to remind you that messages that do not contain marketing purposes and are sent only for the above purposes or to provide similar service information are not subject to consent pursuant to Article 6 of the Regulation on Commercial Communication and Commercial Electronic Messages, and may be sent to you by the company even if you have not given consent to receive messages.
Your personal data may be processed in order to take necessary steps regarding questions, requests or complaints submitted by you through digital media or other written or verbal media.
Your opinions are extremely important to us. For this reason, your personal data may be processed within the scope of survey or evaluation studies in order to evaluate the service we provide.
In order to provide you with a personalized customer experience, we process your personal data in order to customize our products or services according to your tastes, preferences and needs. In this context, information about your past purchases, the transactions and communications you have made and the information obtained in connection with the segmentation activities carried out by us may be processed in order to predict your shopping preferences and to offer you special opportunities.
In addition, your personal data may be processed for the purpose of realizing marketing communications regarding campaigns, promotions, promotions and event invitations determined in line with such segmentation activities.
Your personal data may be processed in order to provide information about our products, to promote products and to carry out marketing communications to keep you informed about campaigns in line with your consent. In line with your consent, we may also inform you about the products of our corporate business partners.
We may process the personal data of the parties if you have provided contact information as a person to be called in case of emergency within the scope of the product / service procurement process or the management of emergencies and incidents for our employees, in order to provide the necessary intervention, information and support in the event of an emergency.
Your personal data may be processed for the preparation of records and documents that must be prepared in order to carry out commercial operations in accordance with the legislation, and to comply with information retention, reporting, record keeping, information, tax, international sanctions and other obligations stipulated by national and international legal legislation.
In this context, due to our obligations regarding identification and verification of identity, your personal data may be processed for the prevention, detection and investigation of crime, including fraud and money laundering.
In terms of personal data owners who are in an employer-employee relationship with us, personal data that must be processed in terms of labor law and insurance legislation may be processed due to and limited to the obligations arising from these legislation.
Within the scope of fulfilling the obligations arising from international and national trade legislation and realizing the trade operation, your personal data may be processed regularly or upon request, for the purposes of providing the information and documents requested by the competent public institutions and organizations and regulatory authorities in Turkey and abroad, or providing access to information and documents by such persons and organizations, and only limited to the subject and scope of the legally valid request.
Your personal data may be processed for the purposes of identification, verification and prevention of fraudulent transactions, fulfillment of information obligations, receipt of payments and, where necessary, refunds to you.
Your personal data may be processed for the purposes of complying with internal policies and procedures regarding information security, including those related to the management and supervision of our infrastructure operations, management of information technology systems and making necessary improvements and developments on such systems, ensuring the operational accessibility and reliability of our infrastructure and systems within the scope of backups and tests (including tests that may require the use of live data), statistical analysis and research carried out for the development of systems and programs related to order and delivery operations, and conducting the necessary studies to improve the products and services offered.
Prevention of counterfeiting and fraud
Your personal data may be processed for the purposes of preventing and investigating fraudulent activities, reporting in line with legal requirements and carrying out the necessary work to take legal actions.
Personal data may be processed for the purposes of providing business partners with access to the necessary information and documents within the framework of corporate cooperation relations within the scope of the activities carried out with business partners, and providing access to the information and documents necessary for the fulfillment of such services by the officials and employees of third party supplier companies from which outsourcing services are provided in matters such as sales planning, travel organization, customer relationship management, research and development, product shipment and delivery.
Transfer of personal data
Your personal data may be shared with our suppliers and business partners from whom we receive support in the establishment, execution and termination of your relationship with us, including parties that provide products or services on our behalf and parties we cooperate with to make you benefit from products and services. Your personal data may also be shared with legally authorized public institutions and private persons within the scope of their authority. In these cases where your personal data is shared, we take the necessary measures to ensure that the party with whom the data is shared carries out processing and transfer activities in accordance with the rules in the Notice and the provisions of the legislation.
Your personal data may be shared with our affiliates, business partners, suppliers, legally authorized public institutions and organizations and legally authorized private institutions within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law.
Your personal data is not transferred abroad.
Personal Data processing principles
"To act in accordance with the law and good faith", "Accuracy and timeliness", "To process data for specific, explicit and legitimate purposes", "To be connected, limited and proportionate to the purpose for which personal data is processed", "To keep it for the period stipulated in the relevant legislation or required for the relevant purpose" are our basic principles regarding our personal data processing activities.
Use of cookies
As a company, we use some technologies such as cookies, pixels, gifs ("Cookies") to improve your experience during your visits to our online channels. The use of these technologies is carried out in accordance with the legislation we are subject to, especially the Law and GDPR.
For detailed information about cookies, we kindly ask you to review the Cookie Clarification Text available at https://www.kulturmedya.com.tr/cerez-politikasi.
Use of digital media
Your personal data obtained during your use of digital media may be processed for the purposes of operating and managing the site, conducting studies to improve and develop the user experience on the site and the application, tracking the ways in which the site is used, ensuring and supporting the use of location-oriented tools, managing your online accounts, if any, and informing you about the services available in your location. If you wish to benefit from the products or services offered within the scope of the application, your personal data will be processed only for the limited purpose of ensuring that you benefit from such products or services.
CCTV (closed circuit camera system) usage
In our Company's premises, visual and auditory data are obtained through the closed circuit camera system and stored only for the necessary period of time for the purposes of preventing and monitoring anti-social behavior and criminal behavior, ensuring the security of our premises a
nd the tools and equipment in our premises, protecting the health and safety of visitors and employees visiting our premises. All necessary technical and administrative measures are taken by us to ensure the security of your data obtained through the closed circuit camera system.
Rights of data subjects
According to Article 11 of the Law, data subjects have the following rights against the data controller
To learn whether personal data about him/her is processed or not. To request information if personal data about him/her has been processed. To learn the purpose of processing personal data and whether they are used in accordance with their purpose. To know the third parties to whom personal data is transferred domestically or abroad. To request correction of personal data in case of incomplete or incorrect processing. To request the deletion or destruction of personal data within the framework of the conditions stipulated in the relevant legislation. To request notification of the transactions made as a result of correction, deletion and destruction requests to third parties to whom personal data are transferred. To object to the emergence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems. To request compensation for damages in case of damage due to unlawful processing of personal data.
Exercise of rights by data subjects
We respond to data subjects who wish to exercise such rights within the limits stipulated in the Law within a maximum period of thirty days as stipulated in the Law. In order for third parties to make an application request on your behalf, you must have a special power of attorney issued through a notary public on behalf of the person who will make the application.
Although your applications are processed free of charge as a rule, if a fee tariff is stipulated by the Personal Data Protection Board, a fee may be charged based on this tariff. In order to determine whether the applicant is the Data Owner or not, we may request information from the relevant person, and in order to clarify the matters specified in the application, we may ask questions to the Data Owner about his/her application.
You can contact us via our contact information below to exercise the rights mentioned above.
PANORAMA TEKNOLOJİ ANONİM ŞİRKETİ - Denizli OSB Mah. Ali Rıza ÖZTÜRK Cad. Bereket Enerji Üretim A.Ş. Sitesi No: 14 Honaz / DENİZLİ / TURKEY
Data security
In order to ensure the security of your personal data, we take reasonable technical and administrative measures to prevent unauthorized access risks, accidental data loss, deliberate deletion or damage to data.
We ensure data security by using software and hardware that includes virus and similar malware protection systems, firewalls and intrusion prevention systems.
We carry out access to personal data within the company within the framework of unit/role/application-based authorizations and with a controlled process in accordance with the nature of the data.
In accordance with Article 12 of the Law, we ensure that the necessary audits are carried out to ensure the implementation of the provisions of the Law.
We ensure compliance of data processing activities with the Law through internal policies and procedures.
We subject access to special categories of personal data to stricter measures.
In case of access to personal data from outside the company for reasons such as outsourcing, we obtain commitments from the external service provider to ensure compliance with the Law.
We take the necessary actions to inform all our employees, especially those authorized to access personal data, about their duties and responsibilities under the Law.
We organize confidentiality undertakings for the security of your personal data that we transfer as required by law, legislation or legitimate interest.
Definitions
Recipient Group: The category of natural or legal person to whom personal data is transferred by the data controller
Explicit Consent: Consent on a specific subject, based on information and expressed with free will.
Employee: Company personnel
Electronic Media: Media in which personal data can be created, read, changed and written with electronic devices.
Non-Electronic Media: All written, printed, visual, etc. media other than electronic media.
Service Provider: A natural or legal person who provides services under a specific contract with the Personal Data Protection Authority.
Relevant Person: The natural person whose personal data is processed.
Relevant User: Persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data.
Destruction: Deletion, destruction or anonymization of personal data.
Law: Law No. 6698 on the Protection of Personal Data
Recording Medium: Any medium containing personal data that is fully or partially automated or processed by non-automated means, provided that it is part of any data recording system.
Destruction: Deletion, destruction or anonymization of personal data.
Personal Data: Any information relating to an identified or identifiable natural person.
Personal Data Processing Inventory: The inventory that data controllers create by associating the personal data processing activities they carry out depending on their business processes with the purposes and legal reason for processing personal data, data category, transferred recipient group and data subject group, and detailing the maximum retention period required for the purposes for which personal data are processed, personal data foreseen to be transferred to foreign countries and the measures taken regarding data security.
Processing of Personal Data: Any operation performed on personal data such as obtaining, recording, storing, storing, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.
Board: Personal Data Protection Board
Sensitive Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
Periodic Destruction: The process of deletion, destruction or anonymization to be carried out ex officio at recurring intervals specified in the personal data retention and destruction policy in the event that all of the conditions for processing personal data specified in the Law are eliminated.
Policy: Personal Data Retention and Destruction Policy
Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller.
Data Recording System: The recording system where personal data is structured and processed according to certain criteria.
Data Controller: A natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Data Controllers Registry Information System: The information system created and managed by the Presidency, accessible via the internet, which data controllers will use in the application to the Registry and other related transactions regarding the Registry.
VERBIS: Data Controllers Registry Information System
Regulation: Regulation on Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017.
Denizli OSB Mahallesi Ali Rıza Öztürk Cad. Bereket Enerji Üretim A.Ş. Sitesi NO: 14 Honaz / DENIZLI / TURKEY