Personal Data Protection Clarification Text

1. Purpose

As Sağlam Panel (“Company” or “Sağlam Panel”), to ensure the protection of corporate information and personal data in terms of confidentiality, integrity and accessibility, to determine the principles regarding the methods and processes required by the Information Security Management System for the processing and protection of personal data by our company.

2. Scope

All information assets and personal data in the Company are covered by the principles set out in this text.

3. Data Responsible

Pursuant to Law No. 6698 on the Protection of Personal Data (“KVKK”), your personal data may be processed by Sağlam Panel as the data controller within the scope described below.

Data Responsible: Sağlam Panel
Address: Hanlıköy, Nisan Sokak No:4F – Arifiye / SAKARYA
Phone: +90 264 503 04 04
E-Mail: info@saglampanel.com

4. Personal Data Processing Principles

Your personal data are processed in accordance with the following principles within the scope of KVKK and relevant legislation:

• Compliance with the law and good faith
• Being accurate and up to date when necessary
• Processing for specific, explicit and legitimate purposes
• Being relevant, limited and proportionate to the purpose for which they are processed
• Retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed

5. Purposes of Processing Personal Data

Your personal data is processed for the following purposes:

• Offering, selling and delivering our products and services
• Execution of order, offer and contract processes
• Customer relations and customer satisfaction management
• Execution of finance and accounting transactions
• Planning and execution of business activities
• Ensuring internal operations, internal audit and security
• Planning, auditing and execution of information security processes
• Execution of human resources processes
• Conducting communication activities
• Informing authorized persons, institutions and organizations
• Follow-up and execution of legal processes
• Ensuring that the Company’s activities are carried out in accordance with the legislation
• Analyzing and improving website visit data

6. Transfer of Personal Data

Your personal data may be transferred to the following recipient groups within the framework of the conditions specified in Articles 8 and 9 of the KVKK in line with the realization of the above-mentioned purposes:

• To authorized public institutions and organizations for purposes such as legal reporting, sharing information with regulatory and supervisory bodies, and carrying out legal notification processes
• Contracted cargo companies in order to carry out product delivery, cargo and logistics processes
• To banks and financial institutions in order to carry out payment transactions
• Legal advisors, courts and enforcement offices for the follow-up and execution of legal processes
• To our business partners in order to fulfill the purposes for which the business partnership was established
• To our service providers for technical and administrative services

7. Application Principles

7.1. General Application Principles

• All employees are responsible for the protection of personal data and protecting the reliability and image of the organization.
• The PDP Board is responsible for the creation, implementation and effectiveness of policies, procedures and instructions.
• Our Company aims to ensure the security of all physical and electronic information assets used in the realization of information services in order to ensure that basic and supportive business activities continue with minimum interruption.
• Compliance with KVKK requirements is ensured in contracts with third parties.

7.2. Technical and Administrative Measures

• Confidentiality, integrity and accessibility features of information are taken as basis when processing, transmitting and maintaining personal data.
• In the processing of physical/electronic personal data, data is processed according to access authorization matrices. No employee can access personal data without authorization.
• All employees are regularly provided with awareness training on Personal Data Protection.
• The PDP board convenes at least twice a year or whenever there are legal or contractual requirements, takes the necessary decisions, implements them and measures their effectiveness.
• Access and data editing logs of all data processed by the company, including personal data, are kept and their unchangeability is ensured.
• Backups of all company data, including personal data, are taken regularly, and the validity of business continuity is verified by conducting back-up tests.
• Access rights, including the media in which personal data are processed, are regularly checked and their currency is verified.
• Confidentiality of the company’s information is ensured in personal and electronic communications and information exchanges with third parties.
• Personal data inventory is kept up to date as mandated by the law and relevant secondary regulations, and the registry statement is updated within 7 days in case of applications that may change the registry statement.
• Data subject requests are meticulously handled and responded to within the period specified by the law.
• Risks on all kinds of data processed by the company, including personal data, the environment and system in which it is processed are addressed, and action plans are made for the risks that need to be mitigated.
• Administrative and technical measures are taken to prevent data breaches. Despite the measures, possible violations are evaluated within the framework of procedures and managed in accordance with legal requirements.
• All policies, procedures and instructions are easily accessible by employees.
• Internal audits are conducted within the company to identify deficient practices and corrective-preventive actions are planned..

8. Rights of the Personal Data Subject

Pursuant to Article 11 of the LPPD, as a personal data subject, you have the following rights:

• Learn whether your personal data is being processed
• Request information if your personal data has been processed
• To learn the purpose of processing your personal data and whether they are used in accordance with their purpose
• To know the third parties to whom your personal data is transferred domestically or abroad
• To request correction of your personal data in case of incomplete or incorrect processing
• To request the deletion or destruction of your personal data within the framework of the conditions stipulated in Article 7 of the KVKK
• Request notification of your requests for correction, deletion and destruction to third parties to whom your personal data have been transferred
• Object to the occurrence of a result against you by analyzing your processed data exclusively through automated systems
• In case you suffer damage due to unlawful processing of your personal data, to demand compensation for the damage

9. Right of Application

As a personal data owner, you can submit your requests regarding your rights to our company by filling out the Data Owner Application Form. Your request will be finalized free of charge as soon as possible and within 30 (thirty) days at the latest, depending on its nature. However, if the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board may be charged.

You can apply using the following methods:

• You can apply to our company in person.
• You can send a notification through a notary public.
• info@saglampanel.com You can send an e-mail signed with a secure electronic signature.

10. Relevance of Information

It is essential that your personal data is accurate and up-to-date. For this reason, in case of any change in your personal data, we kindly request you to inform our company.

11. Changes

Sağlam Panel may update this disclosure text when necessary. Updates will be published on our website and you will be notified separately when necessary.

Last Updated Date: 17.04.2025