Customer and Supplier Clarification Text
Dear Interlocutors,
We pay great attention to information security and personal data security. As Rotel İç ve Dış Ticaret A.Ş. we would like to inform you about the Law on the Protection of Personal Data (“KVKK”) numbered 6698, which regulates the obligations of real and legal persons who process personal data and the procedures and principles to be complied with in the processing of personal data and to protect the fundamental rights and freedoms of the persons concerned, especially the privacy of private life.
ROTEL is one of the well-known food ingredients suppliers in Turkey, which was founded in 1985 with the purpose of trading different kinds of food additives and ingredients as well as agricultural commodities. Rotel has two main P&L centres; Agricultural Commodities Division (AGRO) and Food Ingredients and Additives division (GYKM). Finance, administration and execution divisions provide the support services. Since its foundation, AGRO division has been working on a wide range of agricultural commodities and products, such as feedstuff, oil seeds, pulses, rice, vegetable oils and grains.
Your Personal Data Processed / May Be Processed
For customers: Identity Information: Name-Surname, Gender, Turkish ID Number, Turkish ID Information, signature, Passport Number Contact information: Address (home/work), Email, Phone/Cell Phone, Financial Information: Bank Account Information, Financial Movement Information, IBAN Number, Payment Information, Customer Information: Title, Customer Number, Customer Commercial Relationship Start / End Date and Reason, Customer Requests, Customer Satisfaction Information, Services Complaint and Request Information Personal and Professional Information: Insurance Information, Education Status, Graduation Information, Affiliated Organization Legal Procedure and Compliance Knowledge: Official Minutes (Police, etc.), Power of Attorney, Case files, Contracts, Confidentiality Protocols, Sensitive Personal Data: Health information (if necessary) Process Security Information: Call Center Records, Other: Call Center Records, CCTV, Survey Records, For Online Visitors: Process Security Information: Password, Member Number, Cell Phone, IP Address, Logs kept according to Law No. 5651, For Business Solution Partner / Supplier: Name-Surname, Gender, TR Identity Number, TR Identity Information, Address (home/work), Email, Phone/Cell Phone, Bank Account Information, Financial Movement Information, IBAN Number, Payment Information For visitors: Name-Surname, Turkish ID Number, Passport Number, Vehicle License Plate, CCTV
Purpose of the Clarification Text Position as Data Controller
As Rotel İç ve Dış Ticaret A.Ş. we have prepared this text in order to fulfill the disclosure obligation in Article 10 of the Law on the Protection of Personal Data (KVKK) numbered 6698 within the scope of the protection of personal data to our domestic and foreign customers, employees, suppliers, stakeholders, visitors and other persons who have a connection with the institution.
Rotel İç ve Dış Ticaret A.Ş. Clarification text on the protection of personal data will be updated within the framework of changes that may be made in the legislation in force.
We share our disclosure obligation for our Company under the coordination of the KVKK Committee, on our website and on our notice boards.
An Information Security Management System has been established in our organization and is integrated with the KVKK Personal Data Security Management System. Rotel İç ve Dış Ticaret A.Ş. which has made information security a corporate culture, regularly conducts training, internal and external audits in accordance with the relevant national and international laws.
Law on the Protection of Personal Data numbered 6698 lists the conditions that make it possible to process personal data without the explicit consent of the person concerned;
- Processing is clearly stipulated in the laws,
- It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
- Processing of personal data of the parties of a contract is necessary provided that it is directly related to the establishment or performance of the contract,
- It is necessary for compliance with a legal obligation to which the data controller is subject.
It has been made public by the person concerned, - Data processing is necessary for the establishment, exercise or protection of any right,
- Processing of personal data is necessary for the legitimate interests pursued by the controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
Your Personal Data is used by our organization for the following purposes:
- Marketing, offering for sale, distribution of our products, ensuring the security of data controller operations,
- Marketing and sales activities of the our services,
- Selection and evaluation of suppliers that will serve our company,
- Obtaining financial information for payment processing,
- Obtaining personal data to be used in the supply chain for distribution and delivery,
- Ensuring occupational health and safety during workplace, facility, and warehouse visits,
- Collection of some digital data from users who use our website/applications via our website/mobile applications in accordance with the “cookie policy”,
- Obtaining contact information of people who have business ties with our organization,
- Ensuring communication regarding the updating of employment contracts and contract conditions,
- Providing information to public officials on matters related to public security and public health upon request and in accordance with the legislation,
- Evaluating complaints and suggestions about services from our customers, visitors and suppliers, and solving problems, if any,
- Sharing our corporate social media content, and communicating our press releases and news,
- Planning and execution of customer satisfaction activities,
- Providing information needed by business partners and suppliers for the planning and execution of business activities,
- Realization of planning, procurement, logistics and distribution processes,
- Ensuring the security of physical areas such as company facilities, warehouses, branches and offices,
- Ensuring that the data of our customers, suppliers and other relevant stakeholders are up-to-date,
- Realization of company financial activities,
- Planning and realization of internal audit activities,
- Providing information to authorized institutions and organizations due to legislation,
- Use during cooperation, business partnership, procurement and subcontracting business and transactions,
- Fulfillment of contractual obligations; fulfillment of legal obligations and exercise of rights arising from applicable legislation,
- Preventing fraud and other illegal activities,
- Collection of health information results obtained from supplier employees, internship students within the scope of occupational health and safety only within the scope of occupational health and safety in accordance with the law,
- Taking images in our offices, warehouses, workplaces, facilities by means of security cameras and for occupational safety purposes,
- Taking content such as photos and videos for business purposes during your visit to our company,
- Carrying out storage and archive activities,
- Carrying out goods/service operation processes,
- Carrying out information security processes,
- Carrying out social responsibility and civil society activities,
- Carrying out emergency management processes
- Carrying out communication activities through our web page and social media,
- Due to COVID-19, body temperature information, PCR test, Vaccination card information, HES code result information are processed for public health purposes. (If necessary)
Information on Transfer to Third Parties and Reasons for This
The sharing and transfer of personal data belonging to our As Rotel İç ve Dış Ticaret A.Ş. Customers, employees, stakeholders, suppliers with third parties is carried out within the framework of the consent of the persons concerned by obtaining the obligation to inform and explicit consent, and as a rule, your personal data is not transferred to third parties without the consent of our employees, customers, suppliers and stakeholders. We may transfer some personal data to Rotel İç ve Dış Ticaret A.Ş.
Personal data or some special categories of personal data are shared for business purposes, due to our legal obligations and limited to contractors carrying out work on behalf of our organization, social security institutions, law enforcement officers and courts for legal investigations and prosecutions and other authorized public institutions and your personal data are shared and transferred within the legal framework. Some personal data are transferred to our company’s headquarters abroad, if necessary, in accordance with the legislation numbered 6698.
We Take Care to Take All Measures to Ensure Information Security.
Necessary technical, administrative, technological, systemic and legal measures are taken to prevent violations of rights during data transfer to third parties. The goal of all these efforts is to ensure corporate sustainability by complying with national and international legal requirements in the fields of information security and personal data security.
Method and Legal Grounds for Collection of Personal Data
Personal data is collected partially or completely automatically or as part of any recording system through media such as printed media, electronic media, cameras, software, CD, DVD, USB, photocopy, printer, video, camera, phone, tablet, web page. This personal data is collected in accordance with Law on the Protection of Personal Data numbered 6698, Turkish Code of Obligations numbered 6098, General Data Protection Regulation (GDPR), Social Security and General Health Insurance Law numbered 5510, Law on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications numbered 5651, Occupational Health and Safety Law numbered 6331, Law on Access to Information numbered 4982, Turkish Criminal Code, Law on the Exercise of the Right to Petition numbered 3071, Labor Law numbered 4857, and other relevant legislation such as the Regulation on Health and Safety Measures to be Taken in Workplace Buildings and Annexes, as well as other secondary regulations in force under other laws Your personal data is collected and processed for the performance of a contract, if stipulated by law, for the fulfillment of a legal obligation, for the legitimate interest of the data controller or for other legal reasons.
Our Obligations Regarding Personal Data Security
- To prevent unlawful access to personal data,
- It is obliged to take all necessary technical and administrative measures to ensure the appropriate level of security to ensure the protection of personal data.
- In the event that personal data is processed by another natural or legal person on its behalf, the data controller is jointly responsible with these persons for taking the measures specified in the first paragraph.
- The data controller is obliged to carry out or have the necessary audits carried out in its own institution or organization in order to ensure the implementation of the provisions of this Law.
- Data controllers and data processors cannot disclose the personal data they have learned to anyone else in violation of the provisions of this Law and cannot use them for purposes other than processing. This obligation continues after they leave office.
In the event that the processed personal data is obtained by others through unlawful means, the data controller shall notify the relevant person and the Board as soon as possible. If necessary, the Board may announce this situation on its website or by any other method it deems appropriate.
Your Rights of Data Subjects as Personal Data Controllers
Data Subjects Pursuant to Article 11 of Law No. 6698:
- To learn whether personal data about them is being processed,
- To request information if their personal data has been processed,
- To learn the purpose of processing personal data and whether they are used for their intended purpose,
- To know the third parties to whom personal data are transferred domestically or abroad,
- To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
- To request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear, although it has been processed in accordance with the provisions of the Law and other relevant laws, and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
- A person has the right to object to the occurrence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems and to demand the compensation of the damage in case of damage due to unlawful processing of personal data.
Storage and Destruction Periods and Destruction Methods of Your Personal Data
Personal data processed in our company are kept for the period stipulated in the relevant legislation. Data, information and documents that no longer need to be preserved are safely destroyed in accordance with our internal legislation and legal regulations. Your personal data are stored for the retention periods stipulated in the relevant legislation. Destruction is done by recycling paper, cropping, destroying electronic devices and securely erasing digital data. Our Company may use personal data by anonymizing them when necessary.
Communication with the Relevant Person within the Scope of the Law on the Protection of Personal Data numbered 6698
Requests for the use of the aforementioned rights can be submitted by personal data owners, data subjects by the methods specified in the legislation on the Processing and Protection of Personal Data within the scope of Law No. 6698 on the KVKK-GDPR page on the website https://www.rotel.com.tr/kvkk/ Our Company will evaluate the requests of the relevant persons as soon as possible and finalize them within 30 days at the latest.
About Exercising the Right of Non-Acceptance and Cancellation
You can contact us via our contact information for any questions and comments regarding the use of personal data within the scope of the Law. With the explanations we have made above, we have informed you and fulfilled our Disclosure Obligation. You can ask us to erase, update, anonymize, destroy your personal data or make other legal requests regarding your personal data. As the data subject, you will be responded to as soon as possible or within the legal periods in accordance with the Law on the Protection of Personal Data numbered 6698.
In accordance with the data minimization principle of GDPR/KVKK, our company has the principle of processing the minimum personal data that it can do business with before/during/during/after the business.
In principle, our Company does not process personal data of children. When it comes to the processing of children’s personal data (school visits, internship programs, etc.), it will pay great attention to the issue. In order to process personal data of children, the explicit consent of the child’s parent or legal representative will be obtained.
A clarification text has also been prepared for prospective employees and you can access this text on our web page.
Right to Apply and How to Apply
Within the scope of Law No. 6698, you can contact us via our contact information in the field below for any questions and comments regarding the use of personal data. With the explanations we have made above, we have informed you and fulfilled our Disclosure Obligation. Our organization attaches great importance to information security and has established the KVKK Personal Data Security Management System.
When you apply via mail or notary public, “KVKK Relevant Person Application” should be written on the envelope. In case of application via e-mail, “KVKK Relevant Person Application” should be written in the subject section of the e-mail.
After writing your name, surname, Turkish ID number or passport number, contact information and communication preferences, please write us your relationship with our company and the subject of your complaint in detail.
Identity and Full Address of the Data Controller you will apply to
Data Controller: Rotel İç ve Dış Ticaret A.Ş.
Our Address: Akçaburgaz Mahallesi 1585. Sokak No:2/72, Esenyurt, 34538 İstanbul / Türkiye
REM: rotel@hs01.kep.tr
E-mail: kvkk@rotel.com.tr
Contact link: https://www.rotel.com.tr/kvkk