EN
Shop

Detailed Product Search

Collection
Dimensions
Surface
Concept
Usage
Product Type
Color
Relief
Anti-slip
Thickness
Color Tone

Policy on the Processing of Special Categories of Personal Data

1. Purpose

a. This Special Categories of Personal Data Processing Policy (“Policy”) sets forth the approach of Ege Seramik Sanayi ve Ticaret A.Ş. (“Ege Seramik”) regarding the processing of special categories of personal data and defines the following terms:

  1. Personal Data: Any information relating to an identified or identifiable natural person;
  2. Special Categories of Personal Data: Data relating to a person’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data;
  3. Processing of Special Categories of Personal Data: Any operation performed on such data, whether fully or partially by automated means or, provided that it forms part of a data recording system, by non-automated means, including collection, recording, storage, preservation, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or prevention of use;
  4. Data Controller: The natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system;
  5. Data Processor: A third-party natural or legal person who processes Personal Data on behalf of Ege Seramik based on its authorization;
  6. Data Subject: The natural person to whom the Personal Data relates;
  7. Data Recording System: The recording system in which Personal Data is processed by being structured according to specific criteria;
  8. Board: The Personal Data Protection Board;
  9. Authority: The Personal Data Protection Authority;
  10. Law: The Law on the Protection of Personal Data published in the Official Gazette dated 7 April 2016 and numbered 29677;
  11. Decision: The decision of the Board dated 31.01.2018 and numbered 2018/10, issued pursuant to Articles 6(4) and 22(1) of the Law, regarding the measures to be taken by data controllers in the processing of special categories of personal data.

b. This Policy aims to establish the system for ensuring the security of Special Categories of Personal Data collected by Ege Seramik during their processing.

2. In Terms of Employees During the Processing Process

The data policy system to be applied to employees (“Employees”) during the processing of Special Categories of Personal Data within Ege Seramik is as follows:

  1. Providing training to Employees on the security of Personal Data in accordance with relevant legislation once a year and once during orientation for new hires;
  2. Executing confidentiality agreements with Employees;
  3. Clearly defining the scope of Employees’ authorizations;
  4. Periodically reviewing Employees’ authorizations by Ege Seramik;
  5. Immediately revoking authorizations in the event of Employees’ change of position and/or termination of employment.

3. In Terms of the Storage Environment

a. Electronic Environments

  1. Storing the relevant data using cryptographic methods and keeping cryptographic keys securely and in separate environments;
  2. Securely logging transaction records of activities performed on the relevant data;
  3. Continuously monitoring security updates of the environments where the relevant data are stored, conducting security tests regularly once a year, and recording the test results;
  4. Implementing user authorization for data accessed via software systems and conducting security tests once a year;
  5. Providing two-factor authentication for data accessed remotely.

b. Physical Environments

  1. Taking adequate security measures appropriate to the nature of the physical environment;
  2. Preventing unauthorized entry and exit to ensure the security of the physical environment.

4. In Terms of Transfer

a. The processing and transfer of Special Categories of Personal Data are possible only with the explicit consent of the relevant persons. In the absence of explicit consent, such data may be processed under the following conditions:

  1. Special Categories of Personal Data other than those relating to health and sexual life may be processed without explicit consent in cases explicitly provided for by law.
  2. Special Categories of Personal Data relating to health and sexual life may only be processed for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and planning and management of health services and financing, by persons under a duty of confidentiality or authorized institutions and organizations.

b. If Special Categories of Personal Data are to be transferred within Ege Seramik:

  1. Encrypted corporate email or a Registered Electronic Mail (KEP) account shall be used for transfers via email;
  2. Secure methods shall be used for transfers via portable memory devices, CD, DVD, etc.;
  3. For transfers in paper format, necessary measures shall be taken against risks such as theft, loss, or unauthorized access, and documents shall be sent in the format of “confidential documents”.