As Zeray Makine Mühendislik İnşaat Turizm Sanayi ve Ticaret A.Ş. (“Zeray A.Ş.”), we would like to inform you that we attach importance to the protection of your Personal Data and that we have taken measures and steps in accordance with legal regulations in this area.
LEGAL BASIS AND GENERAL PRINCIPLES
Protection of personal data is particularly regulated in Law No. 6698, Law No. 5651 on Regulation of Publications Made on the Internet and Combating Crimes Committed Through These Publications, Law No. 6563 on Regulation of Electronic Commerce and relevant secondary legislations. In addition, a number of penal sanctions have been envisaged for the protection of personal data in the Turkish Penal Code No. 5237.
Data processing means all kinds of processes that can be performed on personal data including obtaining, recording, storing, keeping, changing, re-arranging, disclosure, transmission, acquisition, making available, classification or prevention of use in whole or in part, automatically or in non-automatic ways, being part of any personal data recording system.
i. Complying with the law and rules of good faith,
ii. Being accurate and up-to-date when necessary,
iii. Being processed for specific, clear and legitimate purposes,
iv. Being connected, limited and measured with the purpose of processing,
v. Retaining them for the period of time stipulated by the relevant legislation or the period deemed necessary for the purpose of the processing.
DATA PROCESSED BY ZERAY A.Ş.
i. Data for recognizing the data owner, such as name, surname, profession, title, information about the institution/organization worked, educational background, employment history, sex, marital status, citizenship status, tax liability status and, if any, information about the parent, guardian and attorney status,
ii. Data such as date of birth, place of birth, identity number, blood group, religion and photograph included in identification documents such as ID card, passport, driver’s license,
iii. Contact information such as address, telephone, e-mail and fax number of home, workplace or temporary residence,
iv. In case the data owner (customer-member) connects to our Company’s Internet address via social media accounts, the information that the data owner approves to be shared through those channels,
v. Communication records such as telephone calls, e-mail correspondence and other audio and video data regarding the products purchased by the data owner,
vi. Internet protocol (IP) address, device ID, unique identifier information, device type, advertising ID, unique device icon, statistics on web page views, inbound and outbound traffic information, redirecting URL, Internet log information, location information, websites visited and information on transactions and actions performed through our websites, platforms, internet network, and advertising and e-mail contents.
Purposes of Use of Personal DataZeray A.Ş. may process personal data for the purposes specified below, in cases and to the extent permitted by the legislation, and may retain data for as long as these purposes require.
i. Fulfilling legal and administrative obligations and exercising the rights arising from the current legislation,
ii. Giving information to public officials on matters related to public safety upon request and in accordance with the legislation,
iii. Negotiating, establishing and performing of agreements concluded/planned to be concluded (for example, establishment of a distance sales agreement between our Company and its member customers and performance of the obligations assumed pursuant to the agreements concluded under the relevant articles of the distance sales agreement and the Consumer Protection Law),
iv. Confirming the identity information of the Customers who shop/have done shopping through the website/mobile applications, and recording the address and other necessary information required for communication,
v. Providing customers with a better shopping experience, determining suitable products that customers may be interested in by taking into account their interests, informing customers about suitable products, informing them about campaigns, promotions and advantages, providing an effective customer service,
vi. Providing suggestions and solutions to our customers by our contracted institutions and solution partners, and informing our customers about the services we provide,
vii. Providing necessary information by communicating with our customers about the conditions, current status and updates of the contracts we have concluded under the relevant articles of Distance Sales Contract and Consumer Protection Law,
viii. Issuing all records and documents that will be the basis of the transaction in electronic (Internet/mobile etc.) or printed media,
ix. Increasing customer satisfaction, getting to know our customers who shop from websites and/or mobile applications and using them in customer environment analysis, using them in various marketing and advertising activities, and conducting surveys in electronic and/or physical environment through contracted institutions in this context,
x. Evaluating customer complaints and suggestions about our products and services,
xi. Ensuring and improving coordination, cooperation and efficiency within or between units within our company,
xi. Ensuring the security of the website and other electronic systems and physical environments used by our company,
xiii. Notifying the changes in the legislation or the rules and policies accepted by our Company or making other notifications concerning the data owner,
xiv. Investigation, detection, prevention of violations of the contract and the law, and reporting them to the relevant administrative or judicial authorities,
xv. Resolving current and future legal disputes,
xvi. Answering requests and questions,
xvii. Providing the employee needs, and executing, developing and improving the recruitment processes within the framework of our company’s human resources policies,
xviii. Evaluating and finalizing the suitability of job applications and communicating with job applicants,
xix. Developing and improving our company’s human resources, public relations and marketing policies,
xx. In the event that data processing is mandatory for the establishment, use or protection of a right,
xxi. Protecting the legitimate interests of our Company, provided that it does not harm the fundamental rights and freedoms of the data owner.
Protection, Security and Control of Your Personal Data
Within the scope of the relevant legislation, our company takes the necessary technical and administrative measures to ensure the appropriate level of security as a data controller in order to prevent the legal processing of personal data and illegal access to the data, and to ensure the preservation of personal data. In this context, it is ensured that the business processes and activities of our Company are carried out in accordance with the internal policies and rules prepared for the protection of personal data.
Works are carried out to raise awareness among employees about the personal data protection legislation and the internal policies and rules prepared in this direction, necessary statements and commitments are taken from the employees and individuals and institutions that process data on behalf of our Company for the confidentiality and protection of data, and violations of these statements and commitments are subject to certain sanctions. Necessary information security measures are implemented to prevent unauthorized access to personal data, and the adequacy of the measures taken is subject to regular checks and it is aimed to continuously improve the existing data security system.
Sharing Personal Data with Domestic/Foreign 3rd Persons and Storage Duration
In this context, your personal data can be collected with program partner institutions and organizations that we cooperate with in order to carry out our activities, domestic/foreign persons and institutions whose services we use for data storage and from which we receive physical server and/or cloud services, domestic/foreign companies from which we receive services for sending commercial electronic messages, inter-bank card center, contracted banks, internationally certified payment organizations, and various domestic/foreign advertising companies, agencies and survey companies or other domestic/foreign business partners within the scope of marketing activities in order to provide better services.
Rights of Data Owners under the Protection of Personal Data LawAs a data owner, in accordance with Article 11 of the PDP Law:
i. Learning whether the personal data have been processed or not,
ii. Requesting information if your personal data has been processed,
iii. Learning the purpose of processing personal data and whether they are used in line with their purpose,
iv. Being informed about the third parties to whom personal data are transferred domestically or abroad,
v. Being able to request the rectification of incomplete or inaccurate data processing, if any,
vi. Requesting the deletion or destruction of personal data if the reasons requiring the processing of personal data are eliminated;
vii. Requesting notification of correction and deletion processes to third parties to whom personal data has been transferred
viii. Objecting a consequence arising to the detriment of the person by analyzing the processed data exclusively by automatic means.
ix. Requesting compensation for damages in cases where damage is caused due to unlawful processing of personal data,
Requests from data owners will be evaluated and finalized within thirty days at the latest, according to the nature of the request, within the framework of article 13 of the PDP Law. Positive or negative responses to requests from data owners may be reported to the data owners in writing or electronically. While as a rule the requests of the data owners will be responded free of charge, the fees determined in the relevant legislation may be demanded in the event that the response to the request requires an additional cost.
Personal Data Collection Method and Legal Reason
Although we generally obtain personal data from data owners, data can also be obtained through business partners with whom we work within the framework of the conditions specified in Articles 5 and 6 of the PDP Law as well as persons, institutions and organizations that are referenced in job applications or included in the applicant’s work and education history, recruitment platforms, and persons and institutions represented by the data owner/representing the data owner.
While accessing our Company’s websites, electronic platforms, applications or e-mail messages or advertisements sent by our Company, small data files can be placed on users’ computers, mobile phones, tablets or other devices used to record and collect certain data. These data files placed on computers and other devices may be cookies, pixel tags, flash cookies and web markers, as well as other technologies for data storage purposes. The term “cookie” is used to express cookies and similar technologies that can be used by our company.
Cookies stores the information it collects through log files, blank gif files and/or third-party sources to create a summary of your preferences and can monitor your browsing information and/or your usage history on the site in order to provide you with special promotions, promotions and marketing offers, to improve the content of websites or mobile applications for you, and/or to determine your preferences.
Zeray A.Ş. analyzes and interprets the visitor movements and preferences, which it monitors during the use of the site, apart from the e-mail addresses and the personal information requested in the membership forms through “cookies” on the websites. Cookies are files consisting mostly of letters and numbers, being stored in the internet browser or on the hard disk of the device in order to allow such device to be recognized.
In order to provide better service to its visitors on the websites and within the framework of its legal obligation, Zeray A.Ş. will collect, process, share with third parties and securely store your browsing information, provided that it is not used outside of the purposes and scope specified in this Protection of Personal Data Text.
Types of Cookies and Use of Third Party Cookies
Our company may match information collected from you through different means or at different times on the website, including, for example, information collected online and offline on our websites, and use such information along with information obtained from other sources, including third parties.
Cookies can be classified in terms of duration or according to the domain name they belong to. Cookies are divided into two as session cookies and permanent cookies in terms of duration. Session cookies refer to cookies that are deleted when the user closes the browser, while permanent cookies are cookies that remain on the user’s computer/device for a predetermined period of time. Our company uses session cookies and permanent cookies on the websites and mobile applications of its brand (Zeray A.Ş.).
If cookies are classified according to the domain name they belong to, they are categorized into two groups as related party cookies and third party cookies. Cookies placed by the visited domain are called related party cookies while cookies placed by a different domain visited are referred to as third party cookies. In the event that people outside the visited domain place a cookie on the user’s device through the visited area, a third party cookie is in question.
To offer you specific advertisements, advertising technology uses information about your previous visits to the website/mobile application and to the websites/mobile applications that the website advertises. In the course of offering these advertisements, a unique third-party cookie may be stored on your browser so that the website can recognize you.
However, our Company may benefit from the cookies it uses on its websites, platforms, applications, advertisements and messages for the following purposes.
iv. Uses for advertising purposes: Our company or third parties may use related party cookies and third party cookies for the purpose of transmitting advertisements and similar content related to the interests of users through websites, platforms and applications. Examples of uses for advertising purposes are cookies that measure the effectiveness of advertisements, and cookies that show whether a particular ad has been clicked or how many times the ad has been viewed.
Rejecting and Deleting Cookies
However, the method of changing the settings varies according to the browser used, and how to disable cookies should be learned from the service provider for the browser used.
If cookies are disabled, You may continue to use the website, mobile application, but you may not be able to access all functions of the website or mobile application, or since your access may be limited, some features of our Company’s websites, applications, platforms and services may not be available.
Authorized Service ProvidersWe may receive assistance from certain service providers that we have authorized for the execution and promotion of our company’s websites, platforms and applications, and services. These service providers will also be able to place cookies and similar technologies (third party cookies) on users’ computers/devices and collect information such as IP address, unique identifier and device identifier to identify the user’s device.
THIRD PARTY SITES, PRODUCTS AND SERVICESOur company’s websites, platforms and applications may contain links to third-party websites, products and services. These links are subject to the privacy policies of third parties, and we would like to inform you that third parties and websites belonging to third parties are independent of our Company and our Company is not responsible for the privacy practices of third parties. In case of visiting the linked websites, we recommend that you read the privacy policies of these websites.