Privacy Notice and Data Protection Policy for Personal Data Protection

As VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch, we process personal data within the limits and powers permitted by laws and regulations to deliver our services to you accurately and effectively.

Particularly considering the security of your personal data and aiming to protect the privacy of private life, fundamental rights, and freedoms, we would like to inform you in accordance with the Law on the Protection of Personal Data No. 6698. As the data controller in accordance with the legislation, we take maximum effort and sensitivity to ensure the security of your personal data as VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch. In accordance with the Personal Data Protection Law, all kinds of special and general personal data obtained within the scope of our service relationship and accreditation processes will be recorded, stored, updated, disclosed to third parties, transferred, classified, and processed in accordance with other procedures and principles specified in the legislation.

Principles of processing personal data

As VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch;

• a) We adopt processing in accordance with the law and honesty rules,
• b) We strive to ensure accuracy and currency,
• c) We adopt processing for specific, clear, and legitimate purposes,
• ç) We adopt processing that is related, limited, and proportionate to the purpose for which they are processed,
• d) We have adopted keeping them for the period stipulated in the relevant legislation or the period required for the purpose for which they are processed.

What Data Do We Collect? What Is Our Purpose of Collecting Data?

Personal data is any kind of information that can be used to identify you, directly or indirectly, or to define your identity. We collect your personal data through your use of VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch Environmental Laboratory Services.

The categories of personal data we collect from you depend on the nature of your interaction with us or the service and may include one or more of the following:

Your collected Personal Data;

Identity (data types such as name and surname),

Contact (data types such as email address and mail signature information, contact address, phone number),

Customer Transaction (data types such as customer requests and requests, information on invoices, bills, and checks, order information),

Physical Space Security (entry and exit record information of guests and visitors, camera records),

Transaction Security (IP address information in case you use our guest network at our location, data types such as website login and exit information),

Finance (payment information, bank account information, financial performance information, Credit and risk information),

Marketing (past service purchase information, survey, cookie records),

Visual and Auditory Records (data types such as visual and auditory records).

In accordance with Articles 5 and 6 of the Personal Data Protection Law, as VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch, we collect special and general qualified personal data within the scope of our company purposes, within the framework of the TURKAK ISO/IEC 17025 Test and Calibration Laboratory Accreditation, Ministry of Family, Labor, and Social Services, ISGUM authorizations, in parallel with our legal obligations, to ensure that all our relevant parties receive correct and quality service, to provide security, to ensure legal compliance, to fulfill our commercial requirements and obligations in case of existing contracts, as the data controller, to fulfill our legal obligation, to fulfill our legitimate interest, to establish, use and protect the right, operational processes, and other purposes specified below. We process them in accordance with the legislation, up to the necessary limits and powers:

Realization of Environmental Measurement and Analysis and Occupational Safety Measurements services, realization of activities and services such as marketing, sales, shipment, control, and customer communication, realization of accounting, finance, and collection transactions, tracking legal processes when necessary, conducting processes with official institutions and organizations, responding to requests from official institutions and organizations, conducting emergency management processes, conducting information security processes, conducting audit/ethical activities, conducting access authorization processes, ensuring compliance of activities with legislation, ensuring physical space security, conducting task assignment processes, conducting communication activities, conducting operational activities, including operational processes for improvement proposals and evaluation, ensuring business continuity, conducting post-service support services, conducting customer relationship management processes, conducting activities related to customer satisfaction, conducting contract processes, tracking requests/complaints, fee policy, ensuring the security of data controller operations, ensuring the management of administrative activities, creating and tracking visitor records, and other purposes, and your personal data are processed within the framework of the purposes mentioned above.

Method and Legal Basis of Personal Data Collection

Your personal data is collected through automated or non-automated methods, in accordance with the basic principles stipulated in the Law and the processing conditions specified in Article 5 of the Law, through all service points of our company, information conveyed by you directly in writing or verbally, through channels such as telephone, fax, e-mail, etc., through social media, the website, from official institutions, and from business partners within the scope of support services.

In addition, in accordance with the obligations of the Regulation on Competence of Environmental Measurement and Analysis Laboratories No. 28862, the Regulation on Occupational Hygiene Measurement, Testing and Analysis Laboratories No. 29958, the Turkish Ministry of Foreign Affairs Turkish Accreditation Agency, the Turkish Commercial Code No. 6102, the Turkish Code of Obligations No. 6098, the Law on the Regulation of Electronic Commerce No. 6563, the Regulation on Commercial Communication and Commercial Electronic Messages No. 30998, Occupational Health and Safety, and Tax Legislation, your personal data may be processed through automated or non-automated methods, as long as the processing purpose is valid, within the framework of our legal obligations, to fulfill the business and transactions to be carried out in accordance with the obligations of reporting and informing in relation to the quality and accurate presentation of the services covered by the contract.

To Whom and for What Purposes Processed Personal Data Can Be Transferred

Your collected personal data, limited and proportionate to the purposes specified in the Information Text and required by the reasons requiring transfer within the scope of the Law and relevant legislation, and limited to these reasons; may be transferred to official institutions and organizations, information technology and security companies, logistics companies, related business partners including consulting firms, audit companies, lawyers, suppliers, and group companies in cooperation. In addition, due to the technological storage and transfer infrastructure used, it is considered within the scope of transfer abroad.

Also, your personal data may be shared with authorized individuals or institutions with a court order or at the request of an administrative authority explicitly authorized by law.

Cases Where We Can Process Your Personal Data Without Your Explicit Consent According to Laws

Although explicit consent is one of the personal data processing conditions in Article 5 of the Law, it is not the only factor that gives legality to data processing activities. In the Law, conditions other than explicit consent are also stipulated for data processing activities. Accordingly, if one of the following conditions exists, personal data can be processed without the explicit consent of the relevant person:

• a) Clearly stipulated in the laws,
• b) Being mandatory for the protection of life or bodily integrity of the person or someone else who is unable to express his consent due to actual impossibility or whose consent is not legally valid,
• c) Being necessary for the conclusion or performance of a contract, provided that it is directly related to the parties of the contract,
• ç) Being mandatory for the data controller to fulfill its legal obligation,
• d) Having been made public by the relevant person himself,
• e) Being mandatory for the establishment, exercise, or protection of a right,
• f) Being necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person.

Retention Period and Protection of Your Personal Data

The retention periods of personal data are determined based on the following criteria:

• If a period is specified by law, relevant regulations, or the contract between us for the storage of data, the data will be stored for at least that period.
• If no specific period for the retention of processed data is specified by law, relevant regulations, or the contract, the data will be stored until the reasons and purposes requiring processing come to an end.
• When relationships end or the designated period is completed, the data will be deleted without any need for your request.

How do we protect?

Necessary technical and administrative measures for the security of personal data are taken by VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch. In this context, measures are taken against unauthorized access, misuse, disclosure, or alteration of data, in compliance with the Personal Data Security Guide, ISO/IEC 27001 Information Security, ISO/IEC 27017 Cloud Services Information Security, ISO/IEC 27701 Privacy Information Management standards, and the General Data Protection Regulation (GDPR) of the European Union.

Your Rights Regarding Personal Data

You have the following rights regarding your personal data:

• Learn whether your personal data is being processed or not.
• Request information about your processed personal data.
• Learn the purpose of processing personal data and whether they are used for that purpose.
• Be informed about third parties, domestically or internationally, to whom your personal data is transferred.
• Request correction if your personal data is incomplete or inaccurately processed.
• Request the deletion or destruction of your personal data (within the framework of legislation).
• Request that your correction or deletion requests be notified to third parties to whom your data has been transferred.
• Object to any result that arises against you due to automated systems' analysis.
• Request the remedy of damages if you have suffered harm due to the unlawful processing of personal data.

How to Exercise Your Rights Regarding Personal Data?

In accordance with Article 13, Paragraph 1 of the Personal Data Protection Law, you can make a request to exercise your rights as stated above using the methods and information provided below, based on the announcement dated March 10, 2018, and the "Regulation on Application Procedures and Principles to the Data Controller.

Required information in the application:

1. Name and surname of the applicant.
2. If the applicant is a Turkish citizen, their Republic of Turkey Identity Number; if not, their passport number along with their nationality.
3. Residential or business address for notification.
4. Electronic mail address, phone number, or fax number for notification.
5. Subject of the request.
6. Information and documents related to the subject of the request.

Application Methods:

1. The applicant can personally submit the completed "Application Form" in a sealed envelope to VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch, with a delivery note.
2. The applicant can send a notarized notification through a notary to VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch, but the notation "Request for Information Pursuant to the Personal Data Protection Law" must be added to the notification envelope.
3. Using a "Secure Electronic Signature" as defined in the Electronic Signature Law No. 5070, the applicant can submit the request personally to our company's Registered Electronic Mail at stakalitekontrolgida@hs01.kep.tr, with the subject line "Request for Information Pursuant to the Personal Data Protection Law."

How Long Does It Take to Respond to Your Requests Regarding the Processing of Your Personal Data?

Requests for rights regarding personal data will be evaluated and responded to within a maximum of 30 (thirty) days from the date they reach us. In case of a negative evaluation of your application, the reasons for refusal will be sent to the address you specified in the application via email or post.

Veltia Antalya VISITOR INFORMATION NOTICE

In accordance with the Personal Data Protection Law, the "Data Controller" within the scope of the Law is VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch.

In our company, CCTV (Closed Circuit Monitoring System) camera recordings and access records related to the internet provided to you by STA upon your request are obtained for the purpose of ensuring security and public order. Through these recording activities, personal data processing activities are carried out for tracking guest entrances and exits and access.

With this text, we aim to fulfill our obligation to inform you about the processing purposes, legal bases, and your rights arising from Article 10 of Law No. 6698 on the Protection of Personal Data.

Purpose of Processing and Transfer of Personal Data

Your personal data may be processed by STA within the personal data processing conditions specified in Articles 5 and 6 of Law No. 6698 for the purposes of ensuring security and public order on our campus, managing access records, and fulfilling our obligations arising from legislation.

Processed personal data may be transferred to persons and parties authorized by law within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of Law No. 6698.

Method and Legal Basis of Personal Data Collection

Your personal data is collected by STA in accordance with our company principles and our legal responsibility as the data controller, based on reasons such as our legitimate interests, establishment, protection, and use of rights.

During this process, your collected personal data is obtained by STA through electronic closed-circuit monitoring systems, through your access to the internet within STA premises, or verbally based on the information you provide to our institution.

Personal data collected through these methods may be processed and transferred within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698.

Rights of the Data Subject Whose Data is Collected and Processed

Article 11 of the Personal Data Protection Law defines your rights:

• a) Learn whether personal data is being processed,
• b) Request information if personal data has been processed,
• c) Learn the purpose of processing personal data and whether they are used appropriately for that purpose,
• d) Know the third parties to whom personal data is transferred domestically or abroad,
• e) Request correction of personal data in case of incomplete or incorrect processing,
• f) Request deletion or destruction of personal data within the framework of conditions stipulated by the law,
• g) Request notification of corrections and deletions to third parties to whom personal data has been transferred under (d) and (e),
• h) Object to the emergence of a result against the person by analyzing the processed data solely through automatic systems,
• ı) In case of harm due to the unlawful processing of personal data, demand the compensation of damages.

Methods of Application Within the Framework of the Rights of the Data

In accordance with Article 13, Paragraph 1 of the Personal Data Protection Law, you can exercise your rights mentioned above by making a request using the methods specified in the "Notification Text" of STA (VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch), dated March 10, 2018, and published under the number 30356, "Communiqué on Application Procedures and Principles to the Data Controller.

As STA, we act in accordance with the Constitution and Law No. 6698 on the Protection of Personal Data in the processing and storage of your personal data, and we take maximum care to ensure the security of your personal data by taking the highest level of security measures.

Data Controller and Representative

In accordance with Law No. 6698 on the Protection of Personal Data ("Law No. 6698"), the Data Controller is VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch.

Principles for Processing Personal Data of Employees

As VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch;

• a) We undertake to process in accordance with the law and honesty,
• b) We strive to ensure accuracy and currency,
• c) We aim to process for specific, clear, and legitimate purposes,
• ç) We adhere to processing that is related, limited, and proportional to the purpose for which they are processed,
• d) We undertake to keep them for the period required by legislation or for the purpose for which they are processed.

Notification and Scope

In line with our activities, we process the personal and general qualified personal data of our employees/employee candidates and interns within the framework of the data processing conditions specified in Articles 5 and 6 of Law No. 6698 on the Protection of Personal Data, with due measure and limitation, in line with our legitimate interests and the company principles we have adopted, for the establishment, protection, and use of rights, and for our legal responsibility as the data controller, and for the obligations of data controllers such as legal obligations, performance of the contract.

With this awareness, VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch attaches great importance to the processing (storage, deletion, destruction, backup, etc.) of personal and general qualified personal data of employees and employee candidates in accordance with Law No. 6698 on the Protection of Personal Data, secondary regulations (regulations, communiqués, directives) enacted and to be enacted in connection with the Law, and decisions to be taken by the Personal Data Protection Board with binding force.

Processed Personal Data

As an employee or employee candidate, your personal data that may be processed during job application, recruitment, and subsequent business processes may include one or more of the following:

Identity Information; All identity information, nationality, marital status, place, and date of birth, Turkish ID number, gender, signature information, SGK (Social Security Institution) number, etc.

Contact Information; Phone number, backup person's phone number in necessary cases, address, email address, etc.

Educational Information; Educational status, details of courses and seminars attended, language skills, training received during the working life and performance information, diploma details, resume information, etc.

Financial Information; Financial and salary details, bonus list, execution follow-up and debt information, bank details, information about the minimum subsistence allowance, etc.

Visual Data; Photograph, camera recording images, etc.

Audio Data; Voice recordings, etc.

Special Qualification Personal Data; Disability status, health reports, health declaration form, health reports, pregnancy information, occupational disease records, pre-employment examination form, daily patient complaints and records, blood type information, criminal record, information about legal proceedings, religion information in the old ID card, etc.

Special qualification personal data is not processed without explicit consent.

Work Data; Registration number, position name, department and unit, title, date of the last entry to the job, entry and exit dates, insurance entry/retirement, social security number, working conditions in flexible hours, travel status, number of working days, projects worked, monthly total overtime information, seniority compensation base date, seniority compensation additional day, days spent on strike, employee internet and intranet access logs, etc.

Leave Data; Leave seniority base date, leave seniority additional day, leave group, exit/return date, days, reason for leaving,

Other; Military service status, license plate, performance information, family declaration, parent information, etc.

Purpose of Processing Your Personal Data

The collected personal data will be processed for the purpose of evaluating your job application and suitability for the relevant position within the framework of the company's human resources policies. It will be used for the execution and conclusion of the recruitment processes, as well as for communication with you. Additionally, the data will be processed for determining and implementing the company's commercial and business strategies, improving and enhancing recruitment principles, fulfilling legal obligations, establishing and performing contracts, protecting and using legitimate interests, establishing and protecting rights, and disclosure with explicit consent. These processing activities will be carried out in accordance with the personal data processing conditions specified in Articles 5 and 6 of the Law No. 6698 on the Protection of Personal Data.

To Whom and for What Purpose Your Processed Personal Data May be Transferred

Your collected personal data will be used by our business units for the planning and execution of the company's human resources policies, the performance of activities in accordance with the relevant legislation, and the execution of operational activities for the purpose of fulfilling contractual obligations. In this context, your data may be transferred, in a limited manner for the purposes specified in Articles 5 and 6 of Law No. 6698 on the Protection of Personal Data, to legal parties responsible, business partners, subsidiary companies, company officials, shareholders, customers from relevant parties depending on business operations, suppliers, employees, legally authorized public institutions and private individuals.

Method of Collecting Personal Data and Its Legal Basis

Your personal data is collected directly or indirectly through the company website, email, or physically by means of your resume, application form, and personality inventory form enabling you to apply. The collection method of this data complies with the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698 on the Protection of Personal Data, as well as in accordance with 4857 Labor Law, 6102 Turkish Commercial Code, SGK Legislation, 6098 Turkish Obligations Law, Occupational Health and Safety, Tax Legislation, and other related regulations.

Rights of the Personal Data Owner Under Article 11 of Law No. 6698

As personal data owners, you have the following rights, and if you submit your requests regarding these rights to VELTIA TÜRKİYE - Veltia Antalya Special Food Laboratory - STA Quality Control Food Laboratory Ind. and Trad. Inc. Antalya Branch using the methods specified in the Information Text, our company will conclude the request free of charge within a maximum of thirty days, depending on the nature of the request. However, if a fee is envisaged by the Personal Data Protection Board, our company will charge the fee specified in the tariff determined by the Personal Data Protection Board. In this context, personal data owners have the right to:

• Learn whether personal data is being processed.
• Request information if personal data has been processed.
• Learn the purpose of processing personal data and whether they are used in accordance with this purpose.
• Know third parties to whom personal data is transferred, whether domestically or abroad.
• Request correction of personal data in case it is incomplete or incorrectly processed and request notification of the correction made to third parties to whom personal data has been transferred.
• Request the deletion or destruction of personal data in accordance with the conditions specified in the Law No. 6698, even if it has been processed in accordance with the relevant laws, and request notification of this process to third parties to whom personal data has been transferred.
• Object to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems.
• In case of damage due to the unlawful processing of personal data, request the remedy of the damage.

How Do We Protect?

All necessary technical and administrative measures are taken for the security of all personal data collected by our institution. In this context, we take physical, technical, organizational, and managerial measures against unauthorized access, misuse, disclosure, or alteration in accordance with the requirements of the Personal Data Security Guide published by the Personal Data Protection Authority, ISO/IEC 27001 Information Security, ISO/IEC 27017 Cloud Services Information Security, ISO/IEC 27701 Privacy Information Management standards, in line with GDPR (General Data Protection Regulation) applicable to the European Union.

Application Methods:

1. The applicant can submit the application form in person by filling out the "Application Form" to VELTIA TÜRKİYE - Veltia Antalya Special Food Laboratory - STA Quality Control Food Laboratory Ind. and Trad. Inc. Antalya Branch with a closed envelope, and by delivering it in person with a report.
2. The applicant can send a notification via a notary to VELTIA TÜRKİYE - Veltia Antalya Special Food Laboratory - STA Quality Control Food Laboratory Ind. and Trad. Inc. Antalya Branch, but the phrase "Request for Information According to the Personal Data Protection Law" should be added to the notification envelope.
3. The applicant, using the "Secure Electronic Signature" defined in the Electronic Signature Law No. 5070, can make an application to our company by sending an email to our company's Registered Electronic Mail at stakalitekontrolgida@hs01.kep.tr, with the note "Request for Information According to the Personal Data Protection Law" in the subject line.

Changes in Our Privacy Notice:

If we change our Privacy Notice, we will publish the revised notification here along with the updated revision date. If we make significant changes that substantially alter our privacy practices, we may notify you through email or by posting a notice on our corporate website and/or social media accounts before the changes take effect.

Data Controller and Representative:

In accordance with Law No. 6698 on the Protection of Personal Data ("Law No. 6698"), the Data Controller is VELTIA TÜRKİYE - Veltia Antalya Special Food Laboratory - STA Quality Control Food Laboratory Ind. and Trad. Inc. Antalya Branch.

Principles of Processing Personal Data Related to Our Business Partners:

As VELTIA TÜRKİYE - Veltia Antalya Special Food Laboratory - STA Quality Control Food Laboratory Ind. and Trad. Inc. Antalya Branch, we have adopted the following principles for processing all kinds of personal data obtained within the scope of our business relationships in accordance with Articles 5 and 6 of Law No. 6698 on the Protection of Personal Data:

• a) Complying with the rules of law and honesty,
• b) Striving to ensure accuracy and currency,
• c) Being processed for specific, clear, and legitimate purposes,
• ç) Being processed in connection with the purpose for which they were collected, limited, and proportionate,
• d) Being retained for the period required by legislation or for the purpose for which they were processed.

Illumination and Scope

As the data controller under the title of VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch, all kinds of specific and general personal data acquired within the scope of our business relationships are processed in accordance with the data processing conditions specified in Articles 5 and 6 of the Law on the Protection of Personal Data No. 6698, in line with our company principles, for the establishment, protection, use, and fulfillment of legal responsibilities as the data controller, as well as for the fulfillment of data controller obligations arising from the contract and legal requirements, in a measured and limited manner.

With this awareness, the parties attach great importance to the processing (storage, deletion, destruction, backup, etc.) of special and general personal data acquired within the scope of business relationships in accordance with the Law No. 6698 on the Protection of Personal Data, secondary regulations (regulation, communiqué, directive) enacted and to be enacted in connection with the Law, and decisions taken and to be taken by the Personal Data Protection Board with binding nature.

Processed Personal Data

The personal data that may be processed by us within the scope of the business relationship and their explanations are as follows:

Identity Information; All identity information such as nationality, marital status, place and date of birth, T.C. identification number, gender, signature information, SGK number, etc.

Contact Information; Phone number, backup person's phone information when necessary, address information, email address, etc.

Education Information; Educational status, information about courses and seminars attended, training received within the scope of the relevant job, and reference information, diploma information, resume information, etc.

Financial Information; Financial information, execution follow-up and debt information, bank information, etc.

Visual Data; Photographs and camera recording images processed for the security of business processes at our location.

Auditory Data; Voice recordings processed for the purpose of fulfilling quality and request/complaint processes.

Special Qualified Personal Data; Information such as resume details, health reports, health declaration documents, blood type found in ID/driver's license copy, etc.

Employment Data; Registration number, position name, department and unit, title, SGK entry declaration, assignment documents, start date of employment, title, signature circulars, projects worked on, internet and company access logs, etc.

Others; Vehicle information, military service status, etc.

The processed data may include one or more of these within the scope of our business relationship.

Purpose of Processing Personal Data

As the data controller, your special and general qualified personal data acquired within the scope of our business relationships may be processed for the following purposes and legal reasons:

Conducting and maintaining the business relationship, conducting emergency management processes, conducting information security processes, conducting audit/ethical activities, conducting training activities, conducting access authorization processes, conducting activities in accordance with the legislation, conducting financial and accounting operations, conducting processes related to loyalty to the company/product/services, ensuring physical space security, conducting assignment processes, tracking and conducting legal affairs, conducting audit/investigation/intelligence activities, conducting communication activities, conducting business activities/control, conducting occupational health/safety activities, conducting business continuity activities, conducting logistics activities, conducting purchase processes of goods/services, conducting operations of goods/services, conducting business relationship management processes, conducting satisfaction-oriented activities, organization and event management, conducting analysis and evaluation studies, conducting performance evaluation processes, conducting risk management processes, conducting storage and archive activities, conducting contract processes, tracking requests/complaints, ensuring the security of movable assets and resources, conducting supply chain management processes, ensuring the security of data controller operations, providing information to authorized individuals, institutions, and organizations, conducting management activities, creating and tracking visitor records, etc.

For these purposes, your personal data will be processed within the framework of the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698, taking into account the obligations in SGK Legislation, Turkish Commercial Code, Labor Law, Turkish Code of Obligations, Electronic Commerce Regulation Law No. 6563, and other relevant legislation.

To Whom and for What Purpose Processed Personal Data Can Be Transferred

Your personal data acquired within the scope of the business relationship may be shared with relevant legal parties, professional consultants that our institution receives services from, banks and insurance companies, institutions with which our institution has commercial, administrative, or contractual relations, business partners and affiliated offices for the purpose of conducting our business relationship, to the extent required by the activity and in compliance with the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698.

In these sharing activities, actions are taken within the framework of data processing conditions and purposes, including data security rules.

Method and Legal Basis of Personal Data Collection

Your personal data, which we request from you and/or other representatives/employees representing your company, are collected by us verbally, physically, or electronically, and by cameras placed in our company buildings physically or electronically.

The legal basis for obtaining personal data is to fulfill our legal obligations, perform the contract between your company and/or you, establish and protect the right, fulfill the legal and contractual obligations of the Company in full and properly, and obtain personal data for the Company to provide services within the legal framework, to fulfill its contractual and legal obligations.

Personal Data Owner's Rights Listed in Article 11 of Law No. 6698

As personal data owners, if you submit your requests regarding your rights to VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch, in accordance with the methods specified in the Information Document, the company will respond to your request within thirty days at the latest, free of charge, depending on the nature of the request. However, if a fee is foreseen by the Personal Data Protection Board, the fee specified in the tariff determined by the Personal Data Protection Board will be charged by our company. In this context, personal data owners have the right to:

• Learn whether personal data is processed,
• Request information if personal data has been processed,
• Learn the purpose of processing personal data and whether they are used in accordance with their purpose,
• Know the third parties to whom personal data are transferred, domestically or abroad,
• Request correction of personal data if it is incomplete or incorrectly processed, and request notification of the transaction made within this scope to third parties to whom personal data have been transferred,
• Request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear, despite the fact that it has been processed in accordance with the Law No. 6698 and other relevant laws, and request notification of the transaction made within this scope to third parties to whom personal data have been transferred,
• Object to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,
• In case personal data is processed unlawfully and as a result of this, the person is harmed, request the compensation of the damage.

How Do We Protect?

All personal data collected by our institution is subject to technical and administrative measures to ensure security. In this context, we take physical, technical, organizational, and managerial measures in line with the requirements of the Personal Data Security Guide published by the Personal Data Protection Authority, ISO/IEC 27001 Information Security, ISO/IEC 27017 Cloud Service Information Security, ISO/IEC 27701 Privacy Information Management standards, and GDPR, in order to prevent unauthorized access, misuse, disclosure, or alteration.

Application Methods:

1. The applicant can personally submit the "Application Form" by filling it out to VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch at the address. The submission should be made in a sealed envelope, and the envelope should be marked with "Request for Information in Accordance with the Law on the Protection of Personal Data." The applicant can deliver it in person to our central location with a protocol.
2. The applicant can submit a notification through a notary to VELTIA TÜRKİYE - Veltia Antalya Private Food Laboratory - STA Quality Control Food Laboratory Industry and Trade Inc. Antalya Branch. However, the notation "Request for Information in Accordance with the Law on the Protection of Personal Data" must be added to the notification envelope.
3. Using the "Secure Electronic Signature" defined in Law No. 5070 on Electronic Signature, the applicant can personally submit the application to our company's Registered Electronic Mail at stakalitekontrolgida@hs01.kep.tr. The subject line should include the notation "Request for Information in Accordance with the Law on the Protection of Personal Data."

Changes in Our Privacy Notice

If we change our Privacy Notice, we will publish the revised notice here, along with the updated revision date. In the event of significant changes that will substantially alter our privacy practices, we may inform you through methods such as sending an email or publishing a notification on our corporate website and/or social media accounts before the changes take effect.