TOSYALI ONLINE

Personal Data and General Privacy Policy of TOSYALI DEMİR ÇELİK  

Last Update: 14.08.2018    

Tosyalı Demir Çelik will not share, sell or make available with/to third parties personal data that users transmit electronically via the websites www.tosyaliholding.com.tr, www.toscelik.com.tr, eisportal.tosyaliholding.com.tr or Tosyalı Demir Çelik Mobile Applications for purposes other than those described in the Personal Data Protection Law No. 6698 and in relation with the collection of personal data. Tosyalı Demir Çelik's Personal Data Policy is as follows: 

 IP Numbers: Tosyalı Demir Çelik identifies and uses the IP address of the users when necessary to identify problems related to the system and to quickly resolve problems that may arise on websites / mobile applications. IP addresses can also be used to anonymously identify users and collect comprehensive demographic information.  

Anonymous Data: Information requested by Tosyalı Demir Çelik or provided by users or related to transactions via website / mobile application can be used anonymously (without revealing the identity of the user) by Tosyalı Demir Çelik and the persons with whom it cooperates in various statistical evaluations, database creation, delivery of personalized packages / offers, personal data collection, and market research.  

Linking to Other Sites: Tosyalı Demir Çelik may link to other websites in its own websites / mobile application. Tosyalı Demir Çelik does not have any responsibility for the privacy practices and contents of the websites accessed via the link.  

Bank / Credit Card Information: Tosyalı Demir Çelik uses 128-bit encryption algorithm for data transmission with SSL certificate that provides information security. Users' bank / credit card information is used only by the bank or payment institution during the payment process and is not stored in the database. Tosyalı Demir Çelik provides an infrastructure in which card information can be stored through PCI DSS certified institutions to facilitate users' next payment transactions. Thanks to the Card Storage Services, which have PCI DSS standards and are licensed by BRSA, information on the bank / credit cards facilitates Authentication and Authorization steps, enabling bank / credit card holders to use a secure and easy payment tool.  

Data Saved on Mobile Devices: Invoice information and registered user information that users will add after they sign up on the Web Site / Mobile Application can also be saved locally in the Mobile Application on the mobile device for ease of use. Even if the User does not sign in and/or opt out of Membership in the browser or Mobile Application, invoice information and registered user information can be accessed within the Mobile Application on the User’s mobile device.  

 Cookies Status: Tosyalı Demir Çelik can obtain information about the users and their use of the websites by using a technical communication file (cookies) created by Tosyalı Demir Çelik or its 3rd parties. These technical communication files are small text files that a website sends to the user's browser for storage in the main memory. The technical contact file stores the user's login details, password, and preferences, allowing the session to remain open and thus facilitating the use by recognizing the user on his/her next visit. The technical contact file helps to obtain statistical information about how many people use the website, how many times a person visits the website and how long he/she stays, and to generate dynamically advertisements and content from user pages designed specifically for users. The technical communication files are not designed to retrieve data or any other personal information from the main memory or email. Most browsers were originally designed to accept the technical communication file, but users can change the settings so that the technical communication file does not arrive or a warning is given if the technical communication file is sent.  

Tosyalı Demir Çelik User Information and Related Considerations  

General Information About Personal Data Law  

Personal Data Protection Law No. 6698 (hereinafter referred to as PDPL) was adopted on March 24, 2016 and published in the Official Newspaper no 29677 of April 7, 2016. Some parts of the PDPL came into force on the date of publication and some on October 7, 2016. We would like to inform you on our mutual rights and obligations under Personal Data Protection Law No. 6698, including our right as the data owner, to record, classify, process, store, update, and disclose the personal data of our valued customers to third parties in accordance with the legislation and your permission.  

Providing Information as Data Owner  

As Tosyalı Demir Çelik whose detailed corporate information is published below, in accordance with PDPL no. 6698 and in the capacity of Data Owner, we will be able to record, store, update, disclose / transfer to third parties as allowed by PDPL, classify, and process as specified in PDPL.   

Definition of Personal Data Under the Law  

Personal data means any information that makes you identifier or identifiable, including your identity (name, surname, credit card number, etc.), information on the methods used in communication and access to products (IP, mobile phone brand/model, browser type and version, social media information, movements on screens, etc.).  

How Your Personal Data Can Be Processed?  

Pursuant to PDPL No. 6698, your personal data that you share with our company will be processed by obtaining in whole or in part automatically or in non-automatic ways provided that these non-automatic ways are a part of any data recording system,  

by saving, storing, modifying, reorganizing, provided that security and confidentiality are ensured under the legislation, by disclosing, transferring, taking over, making it available, classifying or preventing it from being used; in short, by being subject of any kind of transactions performed on the data. Any transaction performed on the data under PDPL is considered as “processing of personal data.”  

The Purposes and Legal Reasons of Processing Your Personal Data  

The personal data you share will be processed in accordance with PDPL No. 6698 and related secondary regulations for the following purposes:   

 Information About Third Parties or Organizations to Which Your Personal Data May Be Transferred  

Your personal data will be transferred to institutions, organizations, banks, financial institutions, providers or companies which render services/cooperate/are program partners in applying for or comparing products/services; to individuals and organizations from which we receive services in storing information in the cloud environment; to companies with whom we have agreement on sending messages to our customers; and other third parties as part of our respective collaborations.  

Storage and Protection of Personal Data  

Your personal data will be kept confidential in the database and systems of our company in accordance with Article 12 of PDPL and will not be shared with third parties in any way, except for legal obligations and regulations specified in this document. Pursuant to Article 12 of the PDPL, our company is responsible for protecting the systems and databases on which your personal data are stored; preventing unlawful processing of personal data and preventing access by unauthorized persons; and taking software and physical security measures such as hash, encryption, transaction log, and access management. If it is learned that personal data is obtained illegally by others, this will be immediately notified to the Personal Data Protection Board in writing in accordance with the legal regulations.  

Personal data will be retained as long as the purpose of providing this information is valid. Your data will continue to be processed by us beyond the service you receive from us in order to identify your needs, serve you more quickly, and meet your subsequent service requests. If the data has to be kept for the purposes of reporting and notification to the relevant legal and public authorities within legal terms or stored for longer periods pursuant to related legislation, these limits will be complied with. Necessary security measures will be taken by us to ensure that the stored/recorded data is not lost or accessed by unauthorized persons and to prevent unlawful use.  

Keeping Personal Data Up-To-Date and Accurate  

Pursuant to Article 4 of PDPL, our Company is responsible for keeping your personal data accurate and up-to-date. In this context, in order for our Company to fulfill its obligations arising from the legislation in force, our Customers must share accurate and up-to-date data or update them via the website / mobile application.  

Rights of personal data holder in accordance with PDPL No. 6698  

Pursuant to Article 11 of the PDPL No. 6698 entered into force on October 07, 2016, Personal Data Holder's rights are as follows as from this date:  

Personal Data Holder is entitled to contact our company (data owner) to  

1. learn whether personal data are processed,

2. request information if personal data have been processed,  

3. learn the purpose of processing personal data and whether they are used in accordance with their purpose,  

4. know the third parties to which personal data is transferred locally or internationally,  

5. request correction of any missing or incorrectly processed personal data,  

6. request the deletion or destruction of personal data in accordance with the conditions provided for in Article 7 of PDPL,  

7. request that correction, deletion or destruction of personal data is notified to the third parties to which the personal data are transferred,  

8. object to a result obtained against him/herself from the analysis of processed data exclusively  

through automated systems,  

9. request compensation for any damages arising from unlawful processing of personal data.  

Cases in which user’s data can be disclosed: The user’s personal data include the email address and any information identifying the user. Unless otherwise specified in this privacy policy, Tosyalı Demir Çelik will not disclose any of personal data to any third party, except Tosyalı Demir Çelik's affiliated companies and companies with which Tosyalı Demir Çelik cooperate. In the following cases, Tosyalı Demir Çelik may disclose user information to third parties by going beyond the provisions of this privacy policy. These cases are:  

1. Compliance with rules of law which have been issued by the competent legal authority and are in force, including laws, decree laws, regulations, etc.,  

2. Execution and fulfillment of any contract between Tosyalı Demir Çelik and users,  

3. Request of information on users for conducting a proper investigation by the competent administrative and judicial authority and provision of information to protect the rights or security of users. Tosyalı Demir Çelik undertakes to keep confidential information strictly private and confidential; to regard this as an obligation to keep a secret; and to take all necessary measures and due care to protect any or all of the confidential information against falling into the public domain or unauthorized use or disclosure to a third party.