ESTUZ ESKİŞEHİR TUZ GIDA SANAYİ VE TİCARET ANONİM ŞİRKETİ

PROCEDURE OF PROTECTION OF PERSONAL DATA OF THE PRODUCT OR SERVICE RECEIVER ACCORDING TO THE LAW ON PROTECTION OF PERSONAL DATA

 

  1. PURPOSE: Ensuring the protection of customer’s personal data and data with special qualifications during the provision of service.
  2. SCOPE: This procedure covers all customers who apply to our company and all those who buy products or services from our company.
  3. DEFINITIONS:
    • Related Person: The actual person whose personal data is processed.
    • Personal Data: All kinds of information regarding an identified or identifiable actual person.
    • Personal Data with Special Qualifications: Individuals’ race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, association, foundation or union membership, health information, sexual life, criminal conviction and security measures, and biometric and genetic data.
    • Data Processor: The actual or legal person who processes personal data on behalf of the data controller based on the authority given by the data controller.
    • Product or Service Buyer: Customer
  4. RESPONSIBILITY: All personnel working in the company have a responsibility.
  5. FLOW OF ACTIVITIES:
    • It is essential to protect all kinds of personal data belonging to customers in the storage, especially during the sharing of data internally. The customer may explicitly request that his personal data be stored securely.
    • It is not possible to share personal data of customers between individuals or departments within the institution other than its intended use.
    • Personal data of the customer cannot be kept in electronic media such as personal phone, computer etc. belonging to the personnel. Personal data about the customer belonging to the personnel cannot be shared or disclosed from telephone, computer, external e-mail address, social media account etc.
    • Unless the customer gives his express consent, personal data about the customer should not be shared with the customer relatives. In case of legal obligations aside from received express consent of the customer, personal data about the customer may be shared with the permission of the department officer.
    • Care is taken to protect the personal data of the customer during the information flow between the staff.
    • Printed forms, files, folders and notebooks containing the customer’s personal data should not be kept on desktops, cabinets, etc. Forms, files, folders should be protected in a way that can only be accessed by relevant personnel.
    • At the kiosks and desks where customer registration procedures are carried out and forms containing personal data about the customer are filled, transactions must be carried out in such a way that the information about the customer cannot be heard or seen by anyone other than the customer.
    • All personnel using automation systems, software, portals and websites have their own access authority. Personnel should not share the username and password approved by the unit manager with a second person. Personnel cannot request another employee’s username and password.
    • Personal data of the customer cannot be taken outside the institution except for legal obligations.
    • In case of breach of customer’s personal data, legal process will be initiated by the institution.