Personal Data Protection Policy

PERSONAL DATA PROTECTION POLICY PURSUANT TO THE PROCEDURE AND PRINCIPLES OF THE LAW ON THE PROTECTION OF PERSONAL DATA WITH NUMBER 6698 (“PERSONAL DATA PROTECTION LAW”)

1.  Introduction

Mateks Makina – DURSUN BAL shows utmost care to the safe protection, processing, transferring, erasure and destruction of personal data in both physical and numerical environments pursuant to the law numbered 6698 and we take the necessary administrative and technical measures in this regard in all our activities. Mateks Makina – DURSUN BAL carries out all the activities with regard to the protection of personal data according to this Personal Data Protection, Processing, Transferring, Destruction Policy (“Policy”).

Mateks Makina shall analyze the personal data processing activities it conducts based on this Policy and take any technical and administrative measures for the compliance with Policy. After the determined action and measures are carried out, the internal control mechanisms shall be processed and the continuance of the compliance with Policy shall be maintained.

2.  Purpose of Policy

The main purpose of this Policy is to inform the persons whose personal data we process and who are identified or identifiable with respect to issues such as the personal data processing, storing, protection, erasure activities of Mateks Makine; measures taken within this scope; rights of data owners and the way of using such rights.

3.  Scope of Policy

The scope of this Policy is all the processed personal data of the persons whose data we process and who are identified or identifiable.

The specified articles in the Policy cover any kinds of information and document which may be associated with an identified or identifiable natural person and the measures taken and regulations made in relation to this.

4.  Validity of Policy

This Policy executed by Mateks Makina entered into force on 14.10.2020.

In case of revision of some or all articles of Policy, the revision date of Policy shall be stated.

In case of a discrepancy between the applicable legislation and Policy, the provisions of legislation shall prevail. In case there is another policy or regulation executed on the same subject for more special purposes except this main Policy, the articles containing more special provisions shall prevail. The provisions of other policies and documents, which conflict with this Policy and the applicable legislation, shall not be applied.

5.  Validity of Policy

DEFINITIONS	EXPLANATION
Explicit Consent	Consent regarding a specific topic, which is based on being informed and explained with one’s free will.
Anonymization	Rendering personal data unassociatable with an identified or identifiable natural person by way of matching with other data.
Employee	Employees of Mateks Makina
Employee Candidate	The candidate who is interviewed for the purpose of employment.
Relevant Person	A natural person whose personal data is processed.
Relevant User	Persons who process the personal data within the data controller organization or pursuant to the authorization and instruction given by data controller, except for the person or department responsible for the technical storage, protection and backing up of data
Destruction	Transaction         of        erasure,         destruction                              or anonymization of personal data
Law	Personal Data Protection Law
Recording Medium	Any medium where personal data which is processed through wholly or partly automatic or non-automatic ways provided that it is part of any data recording system is stored
Personal Data	Any      information      regarding      an            identified          or identifiable natural person
Personal Data Processing Inventory	Personal data processing inventory where the data controllers explain in detail the personal data processing activities they conduct based on their business processes; the maximum period they create by associating with personal data processing purposes, data category, the transferred receiver group and the group of people subject to data and which is necessary for the purposes of processing personal data; personal data which is anticipated to be transferred to abroad and the measures taken with respect to data safety.
Anonymization of Personal Data	Anonymization of personal data, rendering personal data such that it becomes impossible to relate it to an identified or identifiable natural person even if by way of matching the personal data with other data
Destruction of Personal Data	Erasure, anonymization or disposal of personal data
Erasure of Personal Data	The process of rendering personal data inaccessible and nonreusable in any way for the relevant users
Disposal of Personal Data	Disposal of the personal data, rendering  it inaccessible, unrestorable and nonreusable in any way for anybody

Personal Data Protection Law	Personal Data Protection Law published in the Official Gazette dated 7 April 2016 with number 29677
Personal Data Protection Board	Personal Data Protection Board
Sensitive Personal Data	Data about people’s race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, data concerning health, sexual life, criminal convictions and  security  measures,  and  the  biometric  and genetic data
VERBIS (Data Registry Information System)	Information system accessible via the internet, created and administered by the Presidency, which shall be used by data controllers in the application to the Registry and other acts regarding the Registry
Data Processor	Natural or legal person who processes the personal data on behalf of the data controller pursuant to his authorization
Data Controller	Natural or legal person who determines the purposes and means of processing personal data, responsible for establishing and administering data recording system

6.  Rules of Processing Personal Data

6.1.  Processing Personal Data In Accordance with the Principles Set Forth by the Legislation

Mateks Makine processes the personal data in accordance with the provisions and rules laid down by Personal Data Protection Law numbered 6698 (“Law”) and the other applicable legislation.

Personal data processing principles are laid down by the Law. Mateks Makina acts according to such principles in each data processing activity.

6.1.1.  Processing In Accordance with Law and Good Faith

Mateks Makina acts according to legal arrangements and good faith in processing personal data. Within this scope, Mateks Makina processes the personal data in accordance with personal data protection legislation and the rules laid down by the related legislation; does not process personal data for purposes other than those announced to data owners; processes personal data only in the required amount, in a level in compliance with the data processing purposes by applying the principles of proportionality and necessity in processing personal data.

6.1.2.  Ensuring That the Personal Data Is Accurate and Updated When Necessary

Mateks Makina takes the required measures in data processing procedures to ensure that the processed data is accurate and updated. Within this scope, the personal data owner is allowed to apply to Mateks Makina to have its data updated or corrected.

6.1.3.  Processing for Specific, Explicit and Legal Purposes

Mateks Makina processes personal data only for legal purposes. Mateks Makina establishes its personal data processing purposes before starting the data processing activity, except for exceptional cases set forth by Personal Data Protection Law and announces such purposes explicitly to data owners while obtaining their personal data.

6.1.4.  Personal Data being Relevant, Limited and Proportionate to the Purpose for Which They Are Processed

Personal data is processed in relation to the purpose clearly and precisely determined, in a limited and measured manner, and we refrain from the processing of unnecessary personal data.

6.2.  Terms of Personal Data Processing

Mateks Makina processes the personal data according to one or more of the personal data processing terms set forth by the articles 5 and 6 of the Personal Data Protection Law, provided the relevant person gives explicit consent or it is within the scope of exceptions set forth by the Personal Data Protection Law. Our company processes personal data in accordance with the regulations laid down by the Law. Data processing activities outside this scope are terminated.

6.2.1.  Exceptional Cases Where Explicit Consent is not Required for Processing Personal Data

• If there is an explicit regulation in the law regarding the processing of personal data
• If the personal data owner is in a condition where they cannot explain their consent due to de facto impossibility or it is compulsory for the protection of the life or bodily integrity of the person whose consent has legal validity or someone else
• If it is necessary to process the personal data belonging to contracting parties provided that it is directly related to the construction or performance of the agreement
• If our company is obliged to process personal data to fulfill our legal obligation
• If personal data is made public by personal data owner
• If the processing of personal data is compulsory for establishing, exercising or protecting a right
• If Mateks Makina is obliged to process personal data for legitimate interests, provided that it does not violate the fundamental rights and freedoms of the personal data owner

6.2.2.   Exceptional Cases Where Explicit Consent is not Required for Processing Sensitive Personal Data

In the following legal exceptional cases, sensitive personal data is processed without explicit consent:

• In cases set forth by the laws, sensitive personal data of the sensitive personal data owner, except for their health and sexual life (race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, data concerning criminal convictions and security measures, and the biometric and genetic data)
• Sensitive personal data regarding the health and sexual life of the personal data owner may be processed without explicit consent only for the purposes of protection of public health; preventive medicine; giving the services of medical diagnosis, treatment and care; planning and managing of healthcare services and financing by persons who are under the obligation of confidentiality or competent institutions and organizations
• Provided that the necessary measures are taken

6.3.  Transfer of Personal Data

6.3.  Domestic Transfer of Personal Data

Our company may transfer the personal data which we process in accordance with our personal data processing purposes to third parties, except for the above-mentioned exceptional circumstances, provided that the relevant person gives explicit consent. In case of need, Mateks Makine performs the transfer of personal data in accordance with the decisions and regulations laid down by the Personal Data Protection Law and taken by Personal Data Protection Board.

6.3.2.  Transfer of Personal Data Abroad

As a principle, Mateks Makina does not transfer the Personal Data abroad without the explicit consent of data owner.

6.4.  Informing the Personal Data Owner

Mateks Makina informs the personal data owners about how their personal data will be processed during the acquisition of personal data in compliance with the disclosure requirement provided by Law. Within this scope, Mateks Makina informs the data owners about the following matters in minimum:

• Identity of data controller and his representative, if available
• For what purpose the personal data will be processed
• To whom and for what purpose the personal data may be transferred
• Method of personal data collection and legal reasons
• Rights of personal data owner in accordance with the article 11 of Personal Data Protection Law

7.  Storing Personal Data

7.1  Storing the personal data for a period of time as suggested in the related legislation or required for the purpose of processing

Mateks Makina stores personal data, which they process in accordance with the principles set forth by Law, for the period of time as stated in legislations. After the related regulations are put into force by Personal Data Protection Board, a contact person shall be assigned within the scope of personal data processing activities and the registration to VERBIS (Data Registry Information System) shall be carried out.

If a retention period for the related types of personal data is not established by the legislation, personal data shall be retained until the purpose for which they are processed ends.

In case a retention period for the related types of personal data is not established by the legislation, retention periods specific to each data processing purpose are established. Within this scope, retention periods are determined based on the applications of Mateks Makina and the practices of business life.

Personal data may be stored for purposes of constituting evidence in possible legal disputes except for the purpose of processing, claiming something which may be proved with personal data, pleading and responding to the information requests coming from the competent public institutions. In establishing the periods herein, the period of limitation regarding the relevant claims and company practice and general practices in the same subjects is considered.

In case of circumstances where Mateks Makina has a legitimate interest, although the purpose of processing and the periods provided by relevant laws are expired, personal data may be stored until the end of the general period of limitation (ten years) which is regulated by the Turkish Code of Obligations numbered 6098, provided that it does not violate the fundamental rights and freedoms of data owners. After the mentioned period of limitation expires, personal data shall be erased, destructed or anonymized according to the above-mentioned procedure.

7.1.1.  Measures We Take Regarding the Storage of Personal Data

Personal Data Protection Board may bring detailed arrangements with respect to obligations regarding data safety. In case detailed arrangements are brought, a proper effort shall be made and a maximum level of security be maintained to comply with the obligations in the arrangements.

Technical Measures:

• We work with technically authorized personnel and a consulting firm outside the company.
• All procedures regarding data processing activities within Mateks Makine are analyzed by relevant departments, a Personal Data Processing Inventory is prepared by every department within this scope.
• We prepare and use the database and software/hardware storage units and equivalent technical infrastructure where your personal data shall be stored.
• We reconsider risky situations and create the necessary technological solutions.
• We set up the relevant software and systems including software and hardware containing virus protection systems and safety walls.

Administrative Measures:

• We organize awareness activities and trainings regarding lawful storage of personal data.
• In case of cooperating with third parties for the storage of personal data, we include provisions regarding persons to whom personal data is transferred and taking the required safety measures for the protection and safe storage of transferred personal data in the agreements executed with companies to which personal data is transferred.
• We execute confidentiality agreements with subcontractor companies, which transfer personal data to us, and from which we receive service, and we obtain confirmation as to the lawful transfer of such data through such agreements.
• Access to personal data is limited to employees in charge of processing.Employees’ access to personal data, which they do not use due to their duty, shall be restricted.
• For the employees to comply with this Policy, the Policy is published in the internal network (portal) of Mateks Makina and provisions are included in business agreements that they will adhere to the company procedures and rules.
• We include provisions regarding taking the necessary safety measures for the protection of personal data to the agreements executed with persons to whom the personal data is transferred.

8.  Destruction of Personal Data

8.1.  Obligation of Personal Data Destruction

When the specified periods expire, Mateks Makina makes an official report and destructs the relevant personal data by selecting one of the 3 (three) options. They are as follows:

• Erasure of personal data
• Destruction of personal data
• Anonymization of personal data.

The details of these three methods will be explained in the following sections. Also, personal data is erased, destructed or anonymized upon the request of the personal data owner.

Mateks Makina’s “Personal Data Processing Inventory” is controlled by the Data Controller at 6 (six) month intervals and if there are destruction procedures, the necessary actions are taken and logs (details of the destructed documents) shall be retained for 2 years as laid down by Law.

8.2.  Terms of Personal Data Destruction

In the event that the reasons requiring the personal data processing laid down by article 5 and 6 in Personal Data Protection Law no longer exist, Mateks Makina destructs the personal data ex officio or upon the request of the relevant person (data owner), if the request is accepted upon evaluation. Also, in case the terms of personal data processing no longer exist and personal data subject to request are transferred to third parties, Mateks Makina informs the third party on this subject and requests the necessary actions to be taken on behalf of the third party.

8.3 Measures We Take Regarding the Destruction of Personal Data

Technical Measures:

• For the safe destruction of personal data, we set up the technical infrastructure, control mechanisms regarding them and technical measures and determine the appropriate method of destruction.
• We employ employees who are technical specialists in the destruction of personal data.
• Data in paper format are destroyed by paper shredders. These machines are located in places where data processors can easily access them.

Administrative Measures:

• We inform our employees regarding obligations regulated by Personal Data Protection Law and create awareness.
• We check whether the control mechanisms and personal data destruction procedures are performed on time and whether the relevant records are made. Within this scope, we shall establish a personal data protection board; this board shall organize meetings once a year and the destruction procedures of relevant departments shall be controlled. This board in Mateks Makina shall submit the report issued after every meeting for the information and approval of the Data Controller.

8.4.  Erasure and Disposal of Personal Data

Erasure and disposal of personal data in Mateks Makina is carried out through the following methods in accordance with the principles specified by this Policy.

8.4.1.  Erasure of Personal Data

Contact person assigned by Mateks Makina is liable to take any technical and administrative measures so that the erased personal data shall be inaccessible and nonreusable for the relevant users.

8.4.1.1  Process of Erasure for Personal Data

The basic process the Data Controller shall follow in personal data erasure procedures is as follows:

• Determining the personal data, which shall be subject to destruction, in “Personal Data Processing Inventory”
• Detailing the relevant user groups, which have “Personal Data Processing Inventory” on person/role basis.
• Determining the authorizations and methods of the Relevant Users regarding access, restore and reuse.
• Termination and destruction of the authorizations and methods of the Relevant Users regarding access, restore and reuse within the scope of personal data and keeping the logs of data to be destructed.

8.4.1.2  Methods of Personal Data Erasure

As the personal data in Mateks Makina may be stored in different recording mediums, they shall be erased through methods in accordance with their recording mediums. Examples of the methods used by Mateks Makina to erase personal data are as follows:

1.  Application Type Cloud Solutions as Service (Such as Google Suite, Google Drive)

In cloud system applications used by our company, personal data may be erased permanently by Relevant User. Relevant User is not authorized to restore the relevant data in the cloud system.

2.  Personal Data in Paper Format

Personal data in paper format within our Company are destroyed by a paper shredder. However, in exceptional circumstances, they may be erased by using the darkening method. This process is carried out by cutting out the personal data on the relevant document, if possible, and if not, making it invisible to relevant users by using marking ink in a way that cannot be reversed and cannot be read through technological solutions.

3.  Office Files in Master Server

In case the Relevant User is authorized to delete something permanently in the file where personal data is stored, they may delete the relevant file irreversible by the delete command in the operating system of the file. If they are not authorized to delete permanently, the rights of access of the Relevant User regarding the file index where the file is located are removed. During the performance of such procedures, necessary measures are taken so that the Relevant User shall not be the system administrator at the same time.

4.  Personal Data in Transportable Media

Personal data in Flash-based storage mediums within Mateks Makina are stored encoded and deleted by using software appropriate for such mediums.

5.  Databases

Personal data stored in Mateks Makina’s databases are deleted by database commands (DELETE, etc.). While performing this procedure, it should be ensured that the Relevant User is not also the database administrator.

8.4.2 Disposal of Personal Data

Personal data disposed by Mateks Makina are rendered in a way that cannot be accessed, restored and reused by anybody. Data controller is liable to take any technical and administrative measures required for disposal of personal data.

8.4.3 Methods of Personal Data Disposal

In order to dispose of personal data, it is required to determine all the copies where the data exists and dispose of them one by one by using one or more of the following methods according to the type of the systems where data is located.

Mateks Makina, if necessary, may agree with a specialist to have him dispose of personal data on behalf of Mateks Makina. In this case, personal data are safely disposed by a person who is specialized in this matter in a way that cannot be recovered.

1.  Local Systems

Mateks Makina may use one or more of the following methods to dispose of the personal data over the relevant local systems.

1.  Degaussing

The process of destroying the data by passing the magnetic media through a special device and exposing it to a high-powered magnetic field. Mateks Makina may agree with a specialist for this process, if necessary.

2.  Physical Destruction

Process of physical destruction such as the melting, burning or powdering of optical media and magnetic media. Data is rendered inaccessible through processes such as melting, burning and powdering the optical or magnetic media or passing it through a metal grinder. If overwriting or degaussing processes fail with respect to solid-state drives, this media shall also be destroyed physically. Mateks Makina may agree with a specialist for this process, if necessary.

3.  Overwriting

Process of preventing the recovery of old data by writing random data consisting of at least seven ones and zeros over the magnetic media and rewriteable optical media. This process may be performed by using special software. Mateks Makina may agree with a specialist for this process, if necessary.

2.  Environmental Systems

Mateks Makina may use whatever is appropriate among the following methods to destroy the personal data over the relevant environmental systems based on the media type.

1.  Network devices (switch, router, etc.)

Storage mediums in the relevant devices are fixed. Devices mostly have delete commands but they lack destroy commands. It is destroyed by using one or more of the appropriate methods specified in Local Systems section.

2.  Flash-based mediums

Flash-based hard drives with ATA (SATA, PATA, etc.), SCSI (SCSIExpress, etc.) interfaces are destroyed by using their command, if it is supported, and if not, by using the method of destruction

recommended by the manufacturer or one or more of the appropriate methods specified in Local Systems section.

3.  Magnetic Tape

Mediums store the data with the help of micromagnet pieces on elastic tape. It shall be destroyed by degaussing exposing it to high-powered magnetic fields or by physical destruction methods such as burning and melting. Mateks Makina may agree with a specialist for this process, if necessary.

4.  Units such as Magnetic disc

Mediums store the data with the help of micromagnet pieces on elastic (plate) or fixed mediums. It shall be destroyed by degaussing exposing it to high-powered magnetic fields or by physical destruction methods such as burning and melting. Mateks Makina may agree with a specialist for this process, if necessary.

5.  Mobile phones (sim card and permanent memory)

There is a delete command in the permanent memory of portable mobile phones; however, most of them lack of destroy command. It shall be destroyed by using one or more of the appropriate methods specified in Local Systems section.

6.  Optical discs

Data storage mediums such as CD and DVD. It shall be destroyed by physical destruction methods such as burning, cutting up and melting.. Mateks Makina may agree with a specialist for this process, if necessary.

7. Environmental units such as printers, and fingerprint pass systems with removable data recording medium

It shall be destroyed by using one or more of the appropriate methods specified in Local Systems section according to its feature upon verifying that all the data recording mediums are removed. Mateks Makina may agree with a specialist for this process, if necessary.

8. Paper, Microfiche and Equivalent Mediums

While performing the destruction of personal data in Paper, Microfiche and equivalent mediums, paper shredders are used.

Personal data transferred from the original paper format to electronic medium by scanning shall be destroyed by using one or more of the appropriate methods specified in Local Systems section according to the electronic medium they are located in. Mateks Makina may agree with a specialist for this process, if necessary.

9.Cloud Medium

During the storage and use of personal data in cloud systems, they shall be encoded through cryptographic methods and separate encryption keys shall be used for areas available for personal data, especially for each cloud solution from which we receive service. When the cloud information

service relationship is terminated, all copies of encryption keys required for rendering the personal data available shall be destroyed.

In addition to the foregoing mediums, procedure for destroying the personal data in broken or in- repair devices is conducted as follows:

1. Before the relevant devices are transferred to third parties such as manufacturer, seller and service for their repair and maintenance, the personal data in them shall be destroyed by using one or more of the appropriate methods specified in Local Systems section.
2. In cases where destruction is not possible or appropriate, the data storage medium shall be removed and preserved while other broken parts shall be sent to third parties such as manufacturer, seller and service.
3. Necessary measures shall be taken to prevent the personnel coming from outside the company for repair and maintenance purposes to copy and export the personal data.

8.5.  Methods of Personal Data Anonymization

Mateks Makina may anonymize personal data when reasons requiring the lawful processing of personal data no longer exist and when necessary. Methods of anonymization to be used by Mateks Makina in case of need are as follows:

1.  Data Masking

Process of removing the basic identifying information of the personal data out of the data set and anonymizing the personal data through data masking.

“Transforming into a data set where it is impossible to identify the personal data owner by removing identifying information of the personal data owner such as name, T.R. Identity No., etc.”

“ In case of asterisking some of the credit card numbers of the person, it is a case of data masking. (6698**** **** 0006)”

2.  Generalization

Several data is generalized through the method of generalization and personal data are rendered unassociatable with anyone.

“Demonstrating that there is Z number of employees at the age of X without demonstrating the age of employees individually.”

“Data on the number of female employees in the company being Z and 40% of them having bachelor’s degree and 60% of them having master’s degree are anonymized.”

3. Data Derivation

Through data derivation method, a more general content than the content of personal data is established and the personal data is rendered unassociatable with anyone.

“In case of writing the age of the person instead of the Day/Month/Year details of the birth date, it is an example of anonymization by data derivation.”

4. Data swapping

Through the data swapping method, the values in the personal data set are swapped and the values and persons are disconnected.

“Rendering the voices and data owners unassociatable by changing the feature of voice records”

“In case of swapping the values demonstrating the ages of pupils in a class of which age average is to be calculated, it is an example of data swapping.“

9. Titles, Units and Job Descriptions of Those Involved in Personal Data Storage and Destruction Procedures

All procedures regarding data processing activities within Mateks Makine are analyzed by relevant departments, a Personal Data Processing Inventory is prepared by every department within this scope. Persons involved in personal data storage and destruction procedures and those authorized are the top employees of each respective department.

10. Protection of Personal Data

Mateks Makina, in accordance with article 12 of Personal Data Protection Law, takes the necessary technical and administrative measures to maintain the safety of personal data within the corporation and to prevent the illegal access to personal data and the illegal process of such personal data.

Mateks Makina shows maximum effort with respect to the protection of sensitive personal data. Within this scope, technical and administrative measures taken by our Company for the protection of personal data are carried out carefully in terms of sensitive personal data and necessary inspections are made within Mateks Makina.

Mateks Makina, in the event the personal data it processes are obtained by others through illegal ways, shows maximum effort to notify this situation to relevant data owner and Board as soon as possible.

10.1. Safety of Personal Data

1. Inspection of the Measures Taken With Respect to the Protection of Personal Data

Mateks Makina makes in-house inspections in accordance with article 12 of Personal Data Protection Law. The final report of inspection is reported to the relevant Data Controller and in case of a problem, regulative and preventive activities are performed.

10.1.2  Measures to be taken In Case of Unauthorized Disclosure of Personal Data

Mateks Makina carries out the system which enables notifying this situation to relevant data owner and Personal Data Protection Board as soon as possible in the event the personal data it processes in accordance with article 12 of Personal Data Law are obtained by others through illegal ways.

In case deemed necessary by Personal Data Protection Board, such situation may be announced on the website of Personal Data Protection Board or through another method.

10.2 Protection of Sensitive Personal Data

Sensitive personal data are identified in definitions sections.

Mateks Makina shows sensitivity in the protection of sensitive personal data, which is identified as sensitive by Personal Data Protection Board and lawfully processed by Mateks Makina. Within this scope, technical and administrative measures taken by Mateks Makina for the protection of personal data are carried out carefully in terms of sensitive personal data and necessary inspections are made within Mateks Makina.

11. Rights of Data Owner and Rules Regarding Exercising Such Rights

11.1 Rights of Data Owner

Personal Data Owner has the following rights over their personal data.

• To find out whether personal data is processed,
• If processed, to request information in this regard,
• To learn the processing purpose of your personal data and whether they have been used according to the purpose,
• To learn the third parties to whom personal data is transferred in domestic and abroad,
• To request the correction of your personal data in case personal data is processed deficient or wrong,
• To request the erasure or destruction of personal data in case the reasons requiring the processing of personal data no longer exist,
• To request the notification of the foregoing correction, erasure or destruction procedures to third parties to whom personal data is transferred,
• To object to a result emerging to the detriment of the person as a result of the analysis of the processed data exclusively through automated systems,
• To claim compensation in case of incurred loss due to illegal processing of personal data.

11.2  Exercising the Rights of the Personal Data Owner

If a different method is determined by Personal Data Protection Board, Personal Data Owner may submit their requests regarding their Personal data through this method or submit to the address of Mateks Makina in writing with wet signature.

In the application The Personal Data Owner will make to exercise the above-mentioned rights which contains the explanations regarding the right they request to exercise; the requested issue shall be exact and clear; the requested issue shall be related to the applicant or if they act for someone else, they shall be personally authorized in this matter and such authorization shall be certified, also, the identity and address information of the applicant shall be included and documents certifying their identity shall be attached to the application.

Relevant requests shall be made personally and requests to be made by unauthorized third parties shall not be considered.

11.3  Evaluation of Application

Requests regarding personal data are responded as soon as possible and no later than 30 days according to the nature of the request. While evaluating the application, additional documents and information may be requested.

11.4  Our Right to Reject the Application

If not all the reasons for processing personal data are disappeared, this request may be rejected by Mateks Makina by explaining the reason and the answer to rejection shall be notified to the relevant person no later than 30 days in writing or electronically.

11.5  Method of Evaluating the Application

If the request is accepted, the relevant action is taken and a notification is made in writing or electronically.

If our Company, upon the evaluation of accepted applications, decides to destroy the personal data, the destruction is conducted by Data Controller by using the appropriate method among the methods specified in this Policy no later than 30 (thirty) days or within the period set forth by Law and a notification is made to the relevant person.

In case of the rejection of request, it is notified to the application holder in writing or electronically by explaining the reason.