Protection and Processing of Personal Data Policy
1. Purpose and Scope
Fresh Food Arts Food Industry And Trade A.Sh. ("Fresh Food” or the "Company"), makes the utmost effort to act in compliance with all applicable legislation related to the processing and protection of personal data.
“Fresh Food Arts Food Industry And Trade A.Sh.“Within the framework of the Personal Data Protection and Processing Policy (”Policy"), the principles adopted in carrying out the personal data processing activities carried out by Fresh Food are explained.
The policy aims at the sustainability of the principle of conducting Fresh Food's company activities in transparency. In this context, the basic principles adopted in terms of compliance of Fresh Food data processing activities with the regulations contained in the Personal Data Protection Law No. 6698 (“KVK Law”) are determined and the practices fulfilled by Fresh Food are explained.
Although the Policy is aimed at natural persons whose personal data are processed by Fresh Food automatically or performed by non-automatic means provided that they are part of any data registration system, the issues related to the protection of the personal data of Fresh Food employees are “Fresh Food Arts Gıda Sanayi Ve Ticaret A.Sh. It is regulated separately within the ”Employee Personal Data Protection and Processing Policy".
2. Policy Principles
2.1. General Principles
The policy is published on the Fresh Food website in a way that will be accessible to personal data owners “doyuyo.com/yasal-metin/gizlilik-sozlesmesi " is published. In parallel with the changes and innovations to be made in the legislation, the changes to be made in the Policy will be opened to access in a way that data owners can easily access. In case of Deciency between the legislation in force regarding the protection and processing of personal data and this Policy, Fresh Food accepts that the legislation in force will be applied.
Groups of People Covered by the Policy
The groups of data subjects covered by the Policy and whose personal data are processed by Fresh Food are as follows:
Employee Candidates
Persons who have not established a service agreement with Fresh Food, but who have been taken into the Fresh Food evaluation to be established.
Business Partners Officials, Employees
Real person officials, shareholders, employees of the organizations with which Fresh Food has commercial relations.
Holding Visitors
Real people who visit the Fresh Food center or the websites operated by Fresh Food.
Other Real People
Fresh Food Employees are all natural persons who are not covered by the Personal Data Protection and Processing Policy.
3. Clarification of Personal Data Owners
Fresh Food, KVK Law 10. in accordance with its article, it carries out the necessary processes to ensure that data owners are informed during the acquisition of personal data. In this context, the following information is included in the lighting texts provided by Fresh Food to the data owners:
(1) The title of our company,
(2) For which purpose the personal data of the data owners will be processed by Fresh Food,
(3) To whom and for what purpose the processed personal data may be transferred,
(4) The method and legal reason of collecting personal data,
(5) The rights of the data owner are;
To learn whether his/her personal data is processed or not,
If your personal data has been processed, requesting information about it,
To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
To know the third parties to whom personal data are transferred at home or abroad,
To request correction of the personal data in case of incomplete or incorrect processing and to request notification of the transaction to the third parties to whom the personal data are transferred,
Requesting the deletion or destruction of personal data within the framework of the stipulated conditions and requesting that the transaction be notified to the third parties to whom the personal data are transferred,
Objecting to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
To request compensation of the damage in case of suffering damage due to the unlawful processing of personal data.
4. Conclusion of the Requests of the Personal Data Owners
In case the data owners submit their requests regarding their personal data to our Company in writing, in the capacity of Fresh Food data controller, 13 of the KVK Law. in accordance with its article, it carries out the necessary processes to ensure that the request is finalized as soon as possible and no later than thirty (30) days, depending on the nature of the request. Within the scope of ensuring data security, Fresh Food may request information in order to determine whether the applicant is the owner of the personal data subject of the application. Our company may also ask questions about the application of the personal data owner in order to ensure that the application of the personal data owner is finalized in accordance with the request. In cases where the data owner's application is likely to interfere with the rights and freedoms of other people, requires disproportionate effort, and the information is public information, the request may be rejected by Fresh Food by explaining the reason.
4.1. Rights of Personal Data Owners
11 Of the KVK Law. in accordance with the article, you can make a request for the following issues by applying to our Company:
(1) To learn whether your personal data has been processed or not,
(2) If your personal data has been processed, requesting information about it,
(3) To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
(4) To learn about the third parties to whom your personal data is transferred domestically or abroad,
(5) To request correction of your personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to the third parties to whom your personal data are transferred,
(6) To request the deletion, destruction or anonymization of your personal data in case the reasons requiring its processing disappear, despite the fact that it has been processed in accordance with the KVK Law and other relevant provisions of the law, and to request that the transaction carried out in this context be notified to the third parties to whom your personal data has been transferred,
(7) To object to the occurrence of a result against you by analyzing your processed data exclusively through automated systems,
(8) To request compensation of the damage in case you suffer damage due to the unlawful processing of your personal data.
4.2. Cases That are Outside the Rights of Personal Data Owners in Accordance with the Legislation
28 Of the KVK Law. in accordance with the article, due to the fact that the following situations are not covered by the KVK Law, it will not be possible for personal data owners to assert their rights on the following issues:
(1) Processing of personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or do not constitute a crime.
(2) Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.
(3) Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations assigned duties and authority by law in order to ensure national defense, national security, public security, public order or economic security
(4) Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution procedures.
In accordance with Article 28/2 of the KVK Law, it will not be possible for personal data owners to assert their rights, except to request compensation for the damage in the following cases:
(1) The fact that the processing of personal data is necessary for the prevention of the commission of a crime or for the investigation of a crime.
(2) Processing of personal data made public by the personal data owner by himself.
(3) Personal data processing is necessary for the performance of supervisory or regulatory duties and disciplinary investigation or prosecution by authorized and authorized public institutions and organizations, as well as professional organizations that are public institutions, based on the authority granted by law.
(4) Personal data processing is necessary for the protection of the economic and financial interests of the State in relation to budgetary, tax and financial issues.
5. Ensuring The Security and Confidentiality of Personal Data
Fresh Food takes all necessary measures to prevent the unlawful disclosure, access, transfer or security deficiencies that may occur in other ways, within the scope of the possibilities, according to the nature of the data to be protected, in order to prevent the unlawful disclosure, access, transfer or security deficiencies that may occur in other ways.
In this context, all kinds of necessary (i) administrative and (ii) technical measures are taken by Fresh Food, (iii) an audit system is established within the company and (iv) in case of disclosure of personal data by illegal means, actions are taken in accordance with the measures provided for in the KVK Law.
(1) Administrative Measures Taken by Fresh Food Restaurant to Ensure the Lawful Processing of Personal Data and to Prevent Unlawful Access to Personal Data
Fresh Food trains its employees regarding the law on the protection of personal data and ensures that they are raised awareness.
In cases where personal data is the subject of transfer, records are provided to be added to the contracts concluded by Fresh Food with the persons to whom personal data is transferred, that the party to whom personal data is transferred will fulfill Jul-tain obligations to ensure data security.
The personal data processing activities carried out by Fresh Food are examined in detail, and in this context, the steps to be taken to ensure compliance with the personal data processing requirements stipulated in the KVK Law are determined.
Fresh Food determines the practices that need to be fulfilled in order to ensure compliance with the KVK Law and regulates these practices with internal policies.
(2) Technical Measures Taken by Fresh Food to Ensure the Lawful Processing of Personal Data and to Prevent Unlawful Access to Personal Data
Regarding the protection of personal data, technical measures are taken by Fresh Food to the extent possible by technology, and the measures taken are updated and improved in parallel with the developments.
In technical matters, expert personnel are employed.
Regular December inspections are carried out for the implementation of the measures taken.
Software and systems to ensure security are installed Jul.
The authority to access the personal data being processed within Fresh Food is limited to the relevant employees in accordance with the specified processing purpose.
(3) Conducting Audit Activities related to the Protection of Personal Data by Fresh Food
The functioning of the technical and administrative measures taken by Fresh Food within the scope of ensuring the protection and security of personal data are monitored and applications are carried out to ensure the continuation of the functioning. The results of the audit activities carried out within this scope are reported to the relevant department within Fresh Food. In line with the audit results, activities are carried out to ensure the development and improvement of the measures taken for the protection of data.
(4) Measures to be Taken in Case of Disclosure of Personal Data by Unlawful Means
Within the scope of the personal data processing activity carried out by Fresh Food, if personal data is obtained by unauthorized persons in violation of the law, the situation will be notified to the KVK Board and the relevant data owners without loss of time.
6. Identification of the Unit Responsible for The Protection and Processing of Personal Data
A “Personal Data Protection Unit” has been established by Fresh Food, which will provide the necessary coordination within the Company within the scope of ensuring, storing and maintaining compliance with the legislation on the protection of personal data. Dec Jul is responsible for ensuring unity between the Personal Data Protection Unit, Fresh Food units, and for carrying out and improving the systems established to ensure that the activities carried out comply with the personal data protection legislation.
In this context, the basic duties of the Personal Data Protection Unit are stated below:
Preparing and putting into effect the basic policies related to the protection and processing of employee personal data,
To decide how the implementation and supervision of the policies related to the protection and processing of employee personal data will be carried out and to make internal assignments within this framework and to ensure coordination,
To determine the issues that need to be done in order to ensure compliance with the KVK Law and related legislation; to monitor its implementation and ensure its coordination,
To raise awareness about the protection and processing of personal data within the Company and within the institutions with which it cooperates,
To ensure that the necessary measures are taken by identifying the risks that may arise in the Company's personal data processing activities; to present improvement suggestions Jul,
To design and ensure the implementation of trainings on the protection of personal data and the implementation of policies,
To decide on the applications of the personal data owners at the highest level,
To coordinate the execution of information and training activities in order to ensure that the personal data owners are informed about the Company's personal data processing activities and Jul rights,
To prepare and put into effect the changes in the basic policies related to the protection and processing of personal data,
To follow the developments and regulations on the protection of personal data; to advise the senior management on what should be done in the company's operations in accordance with these developments and regulations,
To manage the relations with the KVK Board and KVK Institution,
To perform other duties to be assigned by the company management regarding the protection of personal data.
7. The Purposes of Processing Personal Data and the Personal Data Groups that are the Subject of Data Processing Activities
7.1. Categories of Personal Data
Personal data in the following groups are processed by Fresh Food in a partially or completely automatic way or in a non-automatic way as part of the data registration system.
CATEGORIES OF PERSONAL DATA | EXPLANATION |
| Identity Information: | Personal data containing information regarding the identity of the person; name surname, T.R. Documents such as driver's license, identity card and passport containing information such as identity number, nationality information, mother's name-father's name, place of birth, date of birth, gender, as well as tax number, SSI number, signature information, vehicle license plate, etc. information. |
| Contact Information: | Contact information; Personal data such as telephone number, address, e-mail address, fax number. |
| Physical Space Security Information: | Personal data regarding records and documents taken upon entering the physical location and during the stay in the physical location; camera records, fingerprint records and records taken at security points, etc. |
| Transaction Security Information: | Personal data processed to ensure the technical, administrative, legal and commercial security of both the data owner and the Company while carrying out Fresh Food's commercial activities. |
| Risk Management Information: | Personal data processed through methods used in accordance with generally accepted legal, commercial customs and honesty rules in these areas to manage commercial, technical and administrative risks. |
| Financial Information: | Personal data processed regarding information, documents and records showing all kinds of financial results created within the scope of the legal relationship between Fresh Food and the data owner, and personal data such as bank account number, IBAN number, credit card information, financial profile, asset data, income information. |
| Legal Action and Compliance Information: | Personal data processed within the scope of determining and pursuing Fresh Food's legal receivables and rights, and fulfilling its debts, and compliance with legal obligations and Fresh Food policies. |
| Audit and Inspection Information: | Personal data processed within the scope of Fresh Food's legal obligations and compliance with Company policies. |
| Special Personal Data: | Data specified in Article 6 of the KVK Law (for example, health data including blood type, biometric data, religion and membership information, etc.) |
| Request/Complaint Management Information: | Personal data regarding the receipt and evaluation of any requests or complaints directed to Fresh Food. |
| Reputation Management Information: | Personal data associated with the person and collected for the purpose of protecting Fresh Food's commercial reputation (for example, posts about Fresh Food) |
7.2. Purposes of Processing of Personal Data
Personal data are processed by Fresh Food for the purposes listed below in accordance with the data processing conditions and principles. The existence of the purposes listed below may vary for each personal data owner.
The personal data obtained by Fresh Food is subject to Section 5 of the KVK Law. and 6. it is processed by taking into account the conditions of processing of personal data specified in the articles.
Tracking of Financial and/or Accounting Affairs
Banking Transactions
Operator Candidate evaluation
Planning and Execution of Business Activities
Follow-Up of Legal Affairs
Recruitment / Employment
Planning of Human Resources Processes
Execution of Personnel Procurement Processes Jul.
Planning and Execution of Sales Processes of Products and/or Services
Planning and Execution of Customer Relationship Management Processes
Planning and Execution of Marketing Processes of Products and/or Services
Performing Efficiency/Efficiency and/or Appropriateness Analyses of Business Activities Planning and/or Execution of Activities
Planning of Information Security Processes
Ensuring Business Continuity Planning and/or Execution of Activities
Planning and/or Execution of the Processes of Creating and/or Increasing Loyalty to the Products and/or Services Offered by the Company
Business Administration Application
Planning and/or Execution of After-Sales Support Services Activities
Creation and Management of Information Technology Infrastructure
Planning and Execution of Production and/or Operation Processes
Management of Relations with Business Partners and/or Suppliers
Follow-up of Contract Processes and/or Legal Requests
Planning and Execution of the Operational Activities Necessary to Ensure that the Company's Activities are Carried Out in Accordance with the Company's Procedures and/or Relevant Legislation Jul.
Planning and/or Execution of Customer Satisfaction Activities
Planning and Execution of Corporate Communication Activities
Ensuring that the Data is Accurate and Up-to-Date
Planning and Execution of Sunday Research Activities for the Sale and Marketing of Products and Services
Planning and Execution of Access Authorizations to Information Systems of Business Partners and/or Suppliers
Creation and Tracking of Visitor Records
Providing Information to Authorized Organizations Based on Legislation
Planning and Execution of Company Audit Activities
Planning and Execution of Logistics Activities
Planning and/or Execution of the Company's Financial Risk Processes
Planning and/or Execution of the Company's Production and/or Operational Risk Processes
Planning and/or Execution of In-House Training Activities.
7.3. Shared Party Categories
Fresh Food is based on the principles set out in the KVK Law and, in particular, Article 8 of the KVK Law. and 9. in accordance with the provisions of the data owners who are within the scope of the Policy in accordance with the articles (See Section 5.2.) personal data may be transferred to the contact groups listed below for the specified purposes:
To the Companies of the Fresh Food Community,
Fresh Food suppliers,
Fresh Food subsidiaries,
For Fresh Food business partners,
Authorized public institutions and organizations and authorized private legal persons,
In accordance with the data transfer terms, to other third parties
The scope of the above-mentioned persons being transferred and the possible data transfer purposes are indicated below.
| PERSONS TO WHICH DATA CAN BE TRANSFERRED | DEFINITION | PURPOSE OF DATA TRANSFER |
| Business Partner: | Parties with which Fresh Food establishes business partnerships for purposes such as carrying out its commercial activities | Limited to ensure the fulfillment of the purposes for which the business partnership was established. |
| Supplier: | Within the scope of carrying out Fresh Food's commercial activities, parties that provide services to Fresh Food in accordance with Fresh Food's orders and instructions and on a contract basis | Limited to ensure that the services outsourced by the Company from the supplier and necessary to carry out the Company's commercial activities are provided to the Company. |
| Affiliates: | Companies in which the Company is a shareholder | Limited to ensuring the execution of commercial activities that require the participation of the Company's subsidiaries. |
| Fresh Food Community Companies: | All companies that make up the Fresh Food Community | Limited to purposes such as planning the Company's strategies regarding its commercial activities and maintaining its activities and auditing. |
| Legally Authorized Public Institutions and Organizations: | Public institutions and organizations authorized to receive information and documents from the Company in accordance with the provisions of the relevant legislation | Limited to the purpose requested by the relevant public institutions and organizations within their legal authority |
| Legally Authorized Private Legal Persons: | Private law persons authorized to receive information and documents from the Company in accordance with the relevant legislation provisions | Limited to the purpose requested by the relevant private law persons within their legal authority |
8. Definitions
The definitions of the terms used in the Policy are listed below:
| Explicit Consent | : | Consent regarding a specific issue, based on informed consent and expressed with free will. |
| Anonymization | : | Making personal data impossible to associate with an identified or identifiable natural person in any way, even by matching it with other data. |
| Regulation on the Processing of Personal Health Data | : | Regulation on the Processing and Ensuring the Privacy of Personal Health Data, published in the Official Gazette dated 20 October 2016 and numbered 29863. |
| Personal Health Data | : | Any health information regarding an identified or identifiable natural person. |
| Personal Data | : | Any information regarding an identified or identifiable natural person. |
| Personal Data Owner | : | The real person whose personal data is processed. For example; Customers and employees. |
| Processing of Personal Data | : | Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. Any action performed on data, such as blocking. |
| KVK Law | : | Personal Data Protection Law No. 6698, dated 24 March 2016, published in the Official Gazette No. 29677, dated 7 April 2016. |
| KVK Board | : | Personal Data Protection Board |
| KVK Institution | : | Personal Data Protection Authority |
| Special Personal Data | : | Data regarding race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data. |
| Policy | : | Fresh Food Arts Food Industry and Trade Inc. Personal Data Protection and Processing Policy |
| Fresh Food / Company | : | Fresh Food / Fresh Food Arts Gıda Sanayi Ve Ticaret A.Ş. |
| Fresh Food Partners | : | Parties with which Fresh Food establishes business partnerships for various purposes while carrying out its commercial activities. |
| Fresh Food Suppliers | : | Parties providing services to Fresh Food on a contract basis. |
| Fresh Food Companies/Group Companies | : | Fresh Food Arts Food Industry and Trade Inc. companies included |
| Constitution of the Republic of Türkiye | : | Published in the Official Gazette dated 9 November 1982 and numbered 17863; Constitution of the Republic of Türkiye dated 7 November 1982 and numbered 2709. |
| Turkish Penal Code | : | Published in the Official Gazette dated 12 October 2004 and numbered 25611; Turkish Penal Code No. 5237 dated 26 September 2004. |
| Data Processor | : | It is a real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller. |
| Data Controller | : | The person who determines the purposes and means of processing personal data and manages the place where the data is systematically kept. |