EN

Personal Data Protection Clarification Text

Data Controller
This clarification text has been prepared by NİL UNLU MAMULLER GIDA PASTACILIK SANAYİ VE TİCARET ANONİM ŞİRKETİ (the Company) in its capacity as the data controller, in accordance with Article 10 of the Law on the Protection of Personal Data No. 6698 and the Communique on Procedures and Principles for Fulfillment of the Obligation to Inform. It is provided for our valued visitors, customers, suppliers, business partners, and relevant individuals with whom we have a commercial or business relationship. All personal data shared with our company will be processed in a lawful manner, in connection with our activities and services, and in a proportionate way.

Definitions
Personal Data: Any information related to an identified or identifiable natural person.
Processing of Personal Data: Any operation performed on personal data, such as obtaining, recording, storing, safeguarding, modifying, organizing, disclosing, transmitting, receiving, making available, classifying, or blocking its use, by automated or non-automated means as part of any data recording system.
Recipient Group: The category of natural or legal persons to whom personal data is transferred by the data controller.
Data Subject: The natural person whose personal data is processed.
Data Record System: Any environment where personal data processed either fully or partially automatically, or non-automatically as part of any data recording system, is stored.
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

Purpose of Processing Personal Data
Our company processes the following personal data:

  • Identity Data (e.g., name, surname, copy of ID card, national ID number, signature, etc.)
  • Contact Data (e.g., address, email address, phone number, etc.)
  • Personal Employment Data (e.g., payroll information, disciplinary investigations, employment records, etc.)
  • Physical Security Data (e.g., camera recordings, etc.)
  • Transaction Security Data (e.g., IP address information, website login/logout details, password information, etc.)
  • Financial Data (e.g., bank account information, etc.)
  • Professional Experience Data (e.g., diploma, courses attended, in-service training, certifications, transcript information, etc.)
  • Health Data (e.g., disability status, blood type, personal health data, device and prosthetic information, etc.)

Your personal data is processed for the following purposes:

  • Management of emergency processes
  • Information security processes
  • Auditing/ethics activities
  • Management of access rights
  • Compliance with legal regulations
  • Financial and accounting operations
  • Physical security of premises
  • Legal affairs management
  • Internal audits, investigations, and intelligence activities
  • Communication activities
  • Occupational health and safety activities
  • Improvement of business processes
  • Ensuring business continuity
  • Logistics operations
  • Purchasing processes
  • Post-sale customer support services
  • Sales operations
  • Customer relationship management
  • Customer satisfaction activities
  • Organization and event management
  • Marketing analysis
  • Advertising/campaign/promotion processes
  • Risk management processes
  • Archiving
  • Contract management
  • Strategic planning
  • Complaint handling
  • Asset and resource security
  • Supply chain management
  • Product/service marketing
  • Security of data controller operations
  • Investment processes
  • Providing information to authorized persons, institutions, and organizations
  • Management activities
  • Visitor record creation and follow-up

These processes are carried out in accordance with the provisions of Articles 5 and 6 of the Law on the Protection of Personal Data No. 6698.

Transfer of Personal Data
Our company acts in accordance with the regulations stipulated in the Law on the Protection of Personal Data No. 6698 regarding the transfer of personal data.
Your personal data may be transferred to:

  • Public authorities such as the Personal Data Protection Authority, Ministry of Finance, Ministry of Customs and Trade, Ministry of Labor and Social Security, Information Technologies and Communications Authority, and other public legal entities, as permitted by laws such as the Law on the Regulation of Publications on the Internet and Combating Crimes Committed by Means of Such Publications, the Turkish Commercial Code, the Tax Procedure Law, and the Law on the Protection of Personal Data.
  • Legal, OSGB (Occupational Health and Safety), financial consulting, technical support service providers, banking institutions, etc.
  • As stipulated in the relevant laws and in compliance with the transfer conditions outlined in Articles 8 and 9 of the Law on the Protection of Personal Data.
  • Personal data may be transferred to foreign countries where appropriate security measures are in place, or if not, written assurances will be obtained regarding the adequate level of protection from the data controllers in the respective country and in compliance with the law.

Methods of Collecting Personal Data and Legal Grounds
Your personal data is collected during the establishment and execution of the business relationship with our company through documents, forms, reports, etc., provided by visitors, customers, suppliers, business partners, and other relevant persons, and by automatic or non-automatic means as part of a data recording system.

The legal grounds for processing your personal data include:

  • Explicit legal requirement
  • Necessity for the performance of a contract
  • Fulfillment of the company’s legal obligations
  • Necessity for the establishment, use, or protection of a right
  • Processing is necessary for the legitimate interests of the company, provided it does not harm your fundamental rights and freedoms
  • Your explicit consent, where required, will be obtained for the processing of data in other circumstances.

Rights of the Data Subject
As the data subject, under Article 11 of the Law, you have the following rights:

  • To learn whether your personal data is being processed,
  • To request information if your personal data has been processed,
  • To learn the purpose of processing your personal data and whether it is being used in accordance with its purpose,
  • To know the third parties to whom your personal data has been transferred,
  • To request correction of your personal data if it is incomplete or inaccurate,
  • To request the deletion or destruction of your personal data,
  • To request notification of the correction, deletion, or destruction of your personal data to third parties to whom the data has been shared,
  • To object to the processing of your personal data through automated systems,
  • To seek compensation for damages arising from unlawful processing of your personal data.

You can submit your requests related to the above rights using the Data Subject Application Form, which can be accessed from our website, or by sending them to our company in writing to our address at Altınşehir Mahallesi Uğur Mumcu Bulvarı No: 56 /C1 Nilüfer, Bursa, or by email to info@nevale.com.tr. These requests will be reviewed and concluded within 30 (thirty) days.

In case the response is provided in a written form, a fee may be charged based on the tariff stipulated by the relevant legislation. If the response is provided on a medium such as a CD or flash drive, the cost of the medium will be charged to the data subject.

Changes to this Text
Our company reserves the right to change the provisions in this text at any time. Any changes will be effective when published on our website.