Working Hours Monday - Friday 08:00-18:30

Privacy and security policy

Privacy and Personal Data Protection Policy

Buser Enerji Dış Ticaret Limited Şirketi fulfills its obligations arising from the Law regarding the processing, deletion, destruction, anonymization, transfer of personal data, enlightenment of the person concerned and ensuring data security, within the scope of the principles stipulated by the Law.

This Privacy and Personal Data Protection Policy, which has been prepared in accordance with the Law, is made available to natural persons whose personal data are processed (“data owner”).

As Buser Enerji Dış Ticaret Limited Şirketi (“[COMPANY-BUSER]”), it will be referred to as the Law on Protection of Personal Data No. 6698 (“Law”).

1. Scope and Purpose of Privacy and Personal Data Protection Policy

This Privacy and Personal Data Protection Policy, BUSER's;
  • Methods and legal reasons for collecting personal data,
  • Which individual groups' personal data are processed (Data Owner Categorization),
  • In which category personal data of data subjects are processed (Data Categories) and sample data types,
  • For what purposes the relevant personal data is used,
  • Technical and administrative measures taken to ensure the security of personal data,
  • To whom personal data can be transferred and for what purposes,
  • Personal data sharing with public institutions and organizations and official authorities,
  • Storage periods of personal data,
  • It details the rights of data owners over their personal data and how they can exercise these rights.

a. Personal Data Collection Methods and Legal Reasons

BUSER's personal data can be transmitted in audio, electronic or written form through the information provided by the data subjects themselves, websites, social media accounts, e-mail, mail, cookies, fax, notifications from administrative and judicial authorities and other communication channels. in accordance with the personal data processing conditions specified and in accordance with the legal reasons specified in this Privacy and Personal Data Protection Policy.

b. Data Owner Categorization

BUSER groups the data owners whose personal data it processes as follows, and these person groups may expand in the light of the process and legal reasons specified in this policy.

  • I. Worker,
  • ii. Business Solution Partner / Supplier

c. Data Categories and Example Data Types

No

Data Owner

Data Category

Data Types

one.

Worker

Credentials

Name-Surname, Gender, TR Identity Number, TR Identity Information (Wallet serial number, family serial number, etc.), Date of Birth, Place of Birth, Marital Status,

Communication information

Address (home/work), Email, Phone / Mobile Phone

Financial Information

Bank Account Information, Financial Movement Information, IBAN Number, Payment Information

 

Personnel and Profession Information

Pension Information, Insurance Information, Educational Status, Graduation Information, Organization

Legal Process and Compliance Information

Official Minutes (Police, etc.), Power of Attorney

Special Qualified Personal Data

Criminal Record, Hospital Reports

Family Members and Close Information

Name-Surname, Affinity Degree, Occupation, School, Date of Birth, Mobile Phone

2

Employee Relative

Credentials

Name-Surname, Gender, TR Identity Number, TR Identity Information (Wallet serial number, family serial number, etc.), Date of Birth, Place of Birth, Marital Status, Passport Number, Driver's License Information

3.

 

 

Business Solution Partner / Supplier

Communication information

Address (home), Email, Phone / Mobile Phone

Financial Information

Income Information

Personnel and Profession Information

Affinity Degree, Occupation, School, Date of Birth, Mobile Phone, Gender, Affiliate, Graduation Information

Legal Process and Compliance Information

Signature Circular, Activity Information, Power of Attorney

Other

License Plate, CCTV, Photo



D. For What Purposes Personal Data Is Used

Personal data is used by BUSER for the following purposes;
  • Fulfillment of employment contract/legislation obligations for employees
  • Compliance with Occupational Health and Safety Legislation
  • For the realization of commercial activities carried out by the company, necessary work is carried out by the relevant business units and the execution of related business processes
  • Planning and/or Execution of Efficiency/Efficiency and/or Appropriateness Analysis of Business Activities
  • Execution of finance and accounting works,
  • Execution of goods/service sales processes
  • Planning and/or Execution of Business Continuity Activities
  • Planning and Execution of Logistics Activities
  • Planning and Execution of Corporate Communication Activities
  • Planning and Execution of Supply Chain Management Processes
  • Planning, Auditing and Execution of Information Security Processes
  • Follow-up of Company Finance and Accounting Affairs
  • Planning and Execution of Company Operation Processes
  • Planning and Execution of External and Internal Training Activities
  • Management of Relationships with Business Partners and/or Suppliers
  • Planning and Execution of Sales Processes of Products and/or Services
  • Planning and/or Execution of After Sales Support Services Activities
  • Follow-up of Legal Affairs and Fulfillment of Legal Responsibilities
  • Planning and Execution of Operational Activities Necessary for Ensuring Company Activities to be Conducted in Compliance with Company Procedures and/or Related Legislation
  • Giving Information Based on Legislation to Authorized Institutions
  • Planning and Execution of Company Audit Activities
  • Ensuring the Security of Company Campuses and/or Facilities
  • Ensuring the Security of Company Operations
  • Supply of Company Sites and Movables
  • Security of Company Fixtures and/or Resources

to. Technical and Administrative Measures Taken to Ensure the Security of Personal Data

BUSER undertakes to take all necessary technical and administrative measures and to show due diligence to ensure the confidentiality, integrity and security of your personal data. In this context, it takes the necessary measures to prevent the misuse, unlawful processing, unauthorized access to data, disclosure, modification or destruction of personal data.

BUSER takes the following technical and administrative measures to prevent unlawful access to the personal data it processes, to prevent illegal processing of this data and to ensure the protection of personal data:

Anti-Virus

Periodically updated anti-virus application is installed on all PCs and Servers in BUSER's information technology infrastructure.

Firewall

Data Center and Disaster Recovery Centers hosting BUSER servers are protected by periodically updated software-loaded firewalls, and the relevant new generation firewalls control the internet connections of all personnel and provide protection against viruses and similar threats during this control.

User Definitions and Need to Know

The authorities of BUSER employees to BUSER systems are limited only to the extent necessary with their job descriptions, and their systemic authorizations are updated immediately in case of any change in authority and duty.

Information security Threat and Incident Management

Events occurring on BUSER servers and firewalls are transferred to the "Information Security Threat and Incident Management" system. This system warns the responsible personnel when a security threat occurs and provides the opportunity to respond to the threat immediately.

Apart from these, BUSER implements the necessary and appropriate measures according to the type of data and process by the information security personnel and information security experts from whom it receives service.

Although BUSER has taken the necessary information security measures, if personal data is damaged as a result of attacks on the platforms operated by BUSER or the BUSER system, or in the hands of unauthorized third parties, BUSER immediately notifies you and the Personal Data Protection Board and takes the necessary measures.

f. To Whom Personal Data Can Be Transferred And For What Purpose

BUSER transfers personal data to third parties and foreign shareholders only for the purposes specified in this Privacy and Personal Data Protection Policy and in accordance with Articles 8 and 9 of the Law.

Personal data transfers within this scope are carried out through the secure environment and channels provided by the relevant third party. Depending on the content and scope of the service received from third parties; In all cases where there is no need to transfer the personal data of the data owner, the transfer is made using Pseudonymous data (pseudonymous data).

In addition to the technical measures to ensure their security, the personal data subject to domestic and international transfer we mentioned above; Considering that the other party of the legal relationship is a data controller or a data processor, it is also legally protected thanks to the Law-compliant provisions included in our contracts.

No

Data Owner

With whom and for what purpose is Personal Data Shared?

one.

Worker

Sharing contact information with the supplier or customer or their officials; Sharing identity and financial information with the relevant bank in order to pay the employee; Sharing identity information and health data with occupational health and safety personnel, Sharing employee personal data with BUSER shareholders within the scope of reporting and statistical studies; processes such as

2.

Business Solution Partner / Supplier

When it comes to any work to be done with BUSER, there are processes such as sharing the identity data with the business owner and sharing it with the suppliers in order to keep the physical and electronic business solution partner / supplier data. 



g. Personal Data Sharing with Public Institutions and Organizations and Official Authorities



No

Data Owner

With whom and for what purpose is Personal Data Shared?

one.

Worker

Sharing employee personal data with SGK and other relevant institutions in accordance with SGK and Revenue Administration regulations; There are processes such as reporting unlawful situations within the scope of work to relevant official institutions such as the prosecutor's office and sharing invoices and collection receipts with the representatives of the Ministry of Finance during tax audits.

3.

Business Solution Partner / Supplier

Sharing the current cards opened within the scope of the relations with the Business Solution Partner / Suppliers with the Trade Registry Offices and notary public; Sharing personal data with relevant public institutions and notaries for the purpose of realizing the legal notifications required by accounting; Sharing invoices and collection receipts with representatives of the Ministry of Finance during tax audits; and There are processes such as sharing financial data with the bank in order to fulfill the payment obligation arising from the existing commercial relationship.



h. Retention Periods of Personal Data

BUSER preserves the personal data it processes in accordance with the Law for the periods stipulated in the relevant legislation or required by the purpose of processing. In the Personal Data Storage and Disposal Policy, these periods are approximately as follows:



Data Type

Storage Time

Legal Basis

Personal Data Regarding Employees

10 years from the end of the legal relationship; 6563 3 years in accordance with the Law and the relevant secondary legislation

Law No. 6563, Law No. 6102, Law No. 6098, Law No. 213, Law No. 6502,

Personal Data Regarding Business Solution Partner / Suppliers

10 years from the end of the legal relationship

Law No. 6102, Law No. 6098 and Law No. 213

All Records Related to Accounting and Financial Transactions

10 years

Law No. 6098



j. What are the Rights of Data Owners on their Personal Data and How They Can Use These Rights

The rights of data owners pursuant to Article 11 of the Law are as follows:
(1) To learn whether personal data is processed,
(2) To request information about personal data if it has been processed,
(3) To learn the purpose of processing personal data and whether they are used in accordance with its purpose,
(4 ) Knowing the third parties to whom personal data is transferred in the country or abroad,
(5) Requesting correction of personal data in case of incomplete or incorrect processing,
(6) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVK Law,
(7) to request that the transactions made pursuant to subparagraphs (d) and (e) be notified to the third parties to whom the personal data has been transferred,
(8) The processed data shall be exclusively automated Objecting to the emergence of a result against the person by analyzing the data through his/her means,
(9) Requesting the compensation of the damage in case of loss due to unlawful processing of personal data.

In order to exercise your rights over your personal data; “Contact Form” which you can access from BUSER head office or https://www.buserproject.com/ website, and necessary changes via BUSER official e-mail address kvkk@buserproject.com and official phone number +90 212 256 93 90, You can perform operations such as updating and/or deletion and related requests.