Personal Data Protection Law

Home > Personal Data Protection Law

This policy explains the principles for processing personal data of individuals by Melden Turz. San. ve Tic. A.Ş. and its subsidiaries, affiliates, or affiliated partnerships, as the Data Controller, and is necessary for individuals whose personal data is processed, such as suppliers, visitors, or users of the website (http://www.melden.com).

In this policy:

Melden: Refers to MELDEN TURZ.SAN.VE TIC.A.Ş., its subsidiaries, and affiliated partnerships,
Data Subject/Individual: Refers to the personal data owner,
Record Medium: Refers to any environment containing personal data processed fully or partially through automated means or as part of any data recording system, not automated,
Site: Refers to the website located at http://www.melden.com,
Data Processor: Refers to the natural or legal person who processes personal data on behalf of the Data Controller,
Data Controller: Refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,
Law No. 5651: Refers to the Internet Regulation Law, and
Law No. 6698/KVKK: Refers to the Personal Data Protection Law.

Processing of Personal Data of Website Users (Online Visitors) and WIFI Service Users

1.1. Processing of Personal Data of Website Users (Online Visitors)

Users of the website may submit their requests and suggestions by filling out the form available at http://www.melden.com/contact with information such as name, email, message, sector, and the subject of the form.

Users acknowledge that they share this personal data voluntarily when they submit their requests and suggestions on the website. This personal data will only be processed for the evaluation of the requests and suggestions directed by users.

In addition, the IP address, start and end time of the provided service, the type of service used, the amount of data transmitted, and any subscriber identity information, if available, of the users visiting the website are processed in accordance with Law No. 5651.

1.2. Processing of Personal Data of WIFI Service Users

For visitors physically present at the Melden premises who wish to use WIFI service, Melden processes their cell phone numbers and traffic information to provide this service and comply with Law No. 5651 and related secondary legislation.

Processing of Personal Data of Suppliers:
Melden processes personal data of natural person suppliers, supplier employees, and/or supplier representatives for the monitoring and execution of product, service, or goods supply processes.

Melden processes the following personal data within the scope of supply processes:

Identity information such as name, surname, Turkish ID number for the natural person supplier; financial information such as bank details; contact information such as address, email, mobile phone,
Identity information such as name, surname, Turkish ID number for the supplier representative; special category personal data such as signatures found in documents such as power of attorney/circular; contact information such as address, email, mobile phone,
Identity information such as name, surname, Turkish ID number for the supplier employee; personal data including but not limited to Social Security Institution payroll, occupational health and safety documents; special category personal data such as health reports, criminal records; education status, certificates, education/professional experience and expertise information such as bank details; contact information such as address, email, mobile phone.

2.2. Purpose of Processing Personal Data in Supply Processes

Compliance with obligations arising from legislation such as the Occupational Health and Safety Law, Social Security Institution, Labor Law, Turkish Commercial Code, Tax Procedure Law,
Monitoring and execution of contract processes related to product, service, or goods supply,
Ensuring compliance with corporate company rules.

2.3. Methods of Collection and Processing of Personal Data of Suppliers

This personal data is collected from:

The supplier representative, supplier employee, or the supplier himself/herself,
Documents such as circular/power of attorney,
Communication channels such as email, phone, website,
Contract,
Reference Control Form.
and processed.

2.4. Rights of Supplier Representative, Supplier Employee, or Supplier Individual Concerning Their Personal Data

Supplier representatives, supplier employees, or supplier individuals who wish to exercise their rights under Law No. 6698 can apply to Melden within the scope of the procedures and principles set forth in this policy.

2.5. Security of Personal Data of Supplier Representative, Supplier Employee, or Supplier Individual

Detailed information on the security of personal data is included in the section of this document related to the security of personal data.

Processing of Personal Data of Physical Visitors

Melden processes personal data of individuals who visit the Melden Group premises and branches, including:

Identity information (such as Turkish ID card, driver’s license, passport, lawyer ID),
Information about the person to be visited,
Entry and exit times of visitors,
Vehicle brand and license plate,
The company from which the person came,
Image recordings, referred to as “traffic information,” consisting of CCTV.
Melden takes image recordings through cameras inside and outside the building to ensure the safety of employees and visitors. Visitors are informed of the camera recordings within the building.

3.2. Purpose of Processing Personal Data of Visitors

Melden processes personal data of individuals visiting the Melden Group premises and branches for the following purposes:

Ensuring the Security of the Premises,
Obtaining identity information and documents in accordance with the applicable legislation,
Issuing visitor entry cards and creating visitor numbers,
Recording entry and exit times of visitors,
Creating a weapon delivery report for visitors carrying firearms,
Sharing the interior and exterior layout of the building and necessary security information with the visitor card.
Planning and execution of emergency management processes (terrorism, fire),
Performing security scans of individuals/products entering the building,
Notifying law enforcement authorities in case of crime or illegal activity.

3.3. Methods of Collection and Processing of Personal Data of Visitors

These personal data are processed through:

Official identity documents of visitors themselves (such as Turkish ID, driver’s license, passport, lawyer ID),
CCTV image recordings.

3.4. Ensuring the Security and Sharing of Personal Data of Visitors

Both identity information and CCTV recordings of visitors are kept in systems accessible only by authorized personnel. These personal data can be shared with public institutions and organizations authorized to request data when necessary.

Processing of Personal Data of Social Responsibility Project Participants

Identity information,
Contact information,
Educational information,
Financial information.

4.2. Purpose of Processing Personal Data of Project Partners and Participants

Increasing the visibility of the company,
Creating social benefit and awareness,
Planning and executing corporate communication activities,
Event management,
Planning and executing social responsibility and/or civil society activities,
Planning and executing sponsorship activities.

4.3. Methods of Collection and Processing of Personal Data of Project Partners and Participants

This personal data is directly collected from the project partners and/or participants themselves within the scope of the project.

Security, Transfer, and Exercise of Your Rights on Personal Data
The personal data mentioned above is stored in the database of Melden Bilişim Teknolojileri in compliance with confidentiality and security requirements pursuant to Article 12 of Law No. 6698, and will not be shared with third parties for commercial purposes.

Melden takes the following minimum precautions to ensure the security of personal data, prevent unauthorized access, and prevent unlawful data processing:

All pages where personal data is collected on the website are protected with SSL certificates.
Measures such as hashing, encryption, transaction logging, access management, and physical security are taken to protect personal data hosted in information systems.
Networks hosting the website and all systems containing personal data are protected by firewalls.
No cookies are used on our website to track online visitor usage habits.
Melden stores personal data of online and physical visitors in accordance with the legislation and may share them with the relevant public institutions and organizations when requested. Personal data of suppliers may be shared with Melden’s companies and subsidiaries, as well as relevant public institutions, for products, goods, or services procured. Personal data of project participants and/or partners organized by Melden may be shared in print, visual, and social media with the explicit consent of the individual. For Melden’s companies and subsidiaries, you can obtain information from http://www.melden.com.

Within the framework of Article 11 of Law No. 6698, you have the following rights regarding your personal data shared with us within the purposes and methods of processing personal data specified in this Personal Data Protection Policy:

a) To learn whether personal data is processed,
b) To request information if personal data has been processed,
c) To learn the purpose of processing personal data and whether they are used appropriately for their purpose,
d) To know the third parties in the country or abroad to whom personal data is transferred,
e) To request correction of personal data if it is incomplete or incorrectly processed,
f) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7/f.1 and Article 17 of the Turkish Penal Code,
g) To request that the operations carried out as per paragraphs (d) and (e) be notified to third parties to whom personal data has been transferred,
h) To object to the occurrence of a result against the individual by analyzing the processed data exclusively through automated systems,
i) To claim compensation for the damages arising from the unlawful processing of personal data.
You can always contact us using the “Application Form” on our website and the methods specified in this form to exercise these rights.

Correct and Up-to-Date Storage of Your Personal Data
The relevant individual groups, whose personal data we process on the website and/or directly provided by them due to the contract relationship, have acknowledged that they are aware of the importance of ensuring that the personal data shared is accurate and up-to-date in terms of exercising their rights over personal data under the Personal Data Protection Law and other relevant legislation, and that they fully accept and declare that the responsibility arising from providing incorrect information will be entirely theirs. You can reach us at kvkk@melden.com to make changes and/or updates to your shared personal data.

Personal Data Retention Period
The retention period for personal data of online visitors is 2 years in accordance with Law No. 5651. The retention period for CCTV recordings of physical visitors is 90 days. Personal data related to identity information is stored in accordance with the periods stipulated in the relevant legislation. Personal data of suppliers are kept for 10 years from the end of the legal relationship in accordance with the legislation.

Deletion, Destruction, or Anonymization of Your Personal Data
Personal data processed for the purposes stated in this Personal Data Protection Policy will continue to be used after being anonymized by us, following the expiration of the obligation to process under Article 7/f.1 of Law No. 6698 and the periods stipulated by the Laws and in accordance with the method of anonymization specified in the Personal Data Protection Board’s Guide on Deletion, Destruction, or Anonymization of Personal Data, and as long as there is no need for storage under Article 138 of the Turkish Penal Code.

Changes and Updates to the Policy

Melden Turz. San. ve Tic. A.Ş. may make changes or updates to this Policy in accordance with legal regulations and Company Policy. Necessary notifications about the new Policy text reflecting all these changes and updates will be made to the relevant individuals through the website.