info@famecltd.com
0 264 3595404
0 264 3595405
FAMEC Railway Systems Ind. and Trade Co. Joint Stock Company INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA WITHIN THE SCOPE OF MARKETING ACTIVITIES
FAMEC Railway Systems Ind. and Trade Co. (“Company”, “Famec”) attaches great importance to ensuring that your personal data is processed in compliance with the law and principles of good faith, in a secure and transparent manner. This Information Notice has been prepared to explain how and for what purposes your personal data is processed and how you can manage your preferences in this regard.
Below, you can find detailed explanations regarding for what purposes and to whom your personal data is processed and transferred, as well as your rights regarding your personal data, in accordance with the Law on the Protection of Personal Data No. 6698 (“Law”), for which our Company, Famec, is the data controller within the scope of the marketing activities offered to you.
Which of your personal data does our Company process and for what purposes?
Based on Articles 5 and 6 of the Law, your personal data (“Personal Data”) is processed in connection with, limited to, and proportionate to the following purposes:
Customer Satisfaction Surveys
Your identity information, contact details, customer transaction information, marketing data, transaction security information, and call center voice recordings are processed within the scope of customer satisfaction survey activities for the following purposes:
- Conducting customer satisfaction surveys regarding the services provided to you, to gather opinions and complaints,
- Contacting you for the purpose of conducting customer satisfaction surveys,
- Evaluating and reporting the responses you provide in customer satisfaction surveys,
- Planning and executing improvement and development activities to increase satisfaction in products and services subject to the survey, based on your responses.
Promotional Activities, Market Research and Analysis
Your identity information, contact details, marketing data, employment data, customer transaction information, and call center voice recordings are processed within the scope of discounts, campaigns, promotional activities, and market research and analysis conducted by our Company for the following purposes:
- Planning and executing the promotion and marketing processes of products and services,
- Contacting you to provide information regarding promotional, market research, and analysis activities.
Your personal data is also processed within the scope of carrying out the business and management activities of our Company’s marketing operations and complying with applicable legislation for the following purposes:
- Ensuring that all marketing activities are carried out in compliance with applicable legislation,
- Following up legal matters and exercising our right to defense when necessary,
- Storing personal data collected in relation to marketing activities within the scope of these processes,
- Ensuring information security processes in the environments where personal data collected in marketing activities is stored.
The data you share may also be processed for the purpose of evaluating and following up requests, complaints, applications, and offers of persons who wish to become suppliers.
You can find detailed information regarding the purposes of processing your personal data by our Company at ……… [website link].
To whom and for what purposes may our Company transfer your personal data?
All personal data collected as described in this Information Notice may be transferred to the following persons and organizations, within the framework of the personal data processing conditions specified in Articles 8 and 9 of the Law:
Transfers within the scope of customer satisfaction surveys
Your identity information, contact details, customer transaction information, marketing data, and transaction security information are transferred to domestic supplier companies providing services for conducting customer satisfaction surveys, for the purpose of carrying out such activities and contacting you in this regard.
Your identity information, contact details, marketing data, employment data, and customer transaction information may also be transferred to our Company’s business partners and group companies.
By which methods and on what legal grounds does our Company obtain your personal data?
All your personal data processed for the purposes mentioned above are obtained by our Company through the “update your information” form, request form, supplier form, job application form available on our Company websites and microsites, via SMS, e-mail and other communication channels, and/or directly provided by you during interviews.
The personal data collected by our Company for the above-mentioned purposes and methods may be processed and transferred based on the following legal grounds under Articles 5 and 6 of the Law:
- All personal data obtained within the scope of customer satisfaction surveys are processed by our Company with your explicit consent and, likewise, transferred to the above-mentioned domestic persons and organizations provided that you give your explicit consent.
- Your personal data processed for the purposes of carrying out marketing activities in compliance with applicable legislation, providing information to legally authorized institutions and organizations, following up legal proceedings, and exercising our right to defense when necessary are processed and transferred based on the legal grounds of “explicitly provided for by law,” “fulfillment of our legal obligations,” and “establishment, exercise, or protection of a right.”
Rights of the Personal Data Owner under Article 11 of the Law
According to Article 11 of the Law, personal data owners have the right to:
- Learn whether personal data is being processed,
- Request information if their personal data has been processed,
- Learn the purpose of processing personal data and whether it is used in accordance with its purpose,
- Know the third parties to whom personal data is transferred, domestically or abroad,
- Request the correction of personal data if it is incomplete or incorrectly processed, and request that the correction be notified to the third parties to whom the personal data has been transferred,
- Request the deletion or destruction of personal data in the event that the reasons requiring its processing cease to exist, even if it has been processed in compliance with the Law and other relevant legislation, and request that the deletion/destruction be notified to the third parties to whom the personal data has been transferred,
- Object to the occurrence of a result against themselves by means of the exclusive analysis of processed data through automated systems,
- Request compensation if they suffer damage due to the unlawful processing of personal data.
Requests by personal data owners will be finalized as soon as possible and within 30 (thirty) days at the latest, free of charge. However, if the process requires an additional cost, Famec may charge the fee determined in the tariff set by the Personal Data Protection Board, in accordance with the relevant legislation.
INTRODUCTION
Data privacy is extremely important for FAMEC Railway Systems Ind. and Trade Co., and we would like to state that we follow a clear and transparent policy regarding the processing of your personal data.
Therefore, please read our company Policy on the processing and Protection of personal data carefully and make sure you control your privacy. We would like to emphasize that:
We take your privacy seriously.
We commit to protecting your personal data through the cyber security measures we will implement.
We act in accordance with data privacy laws when using your personal data.
We use your personal data only in the ways we disclose. We do not collect your personal data unless necessary.
We will explain in detail all the rights you have regarding your personal data.
1.1. According to the Constitution of the Republic of Turkey, every citizen has the right to request the protection of personal data concerning them. Also, the Constitution states that personal data can only be processed in cases stipulated by law or with the explicit consent of the individual. This right also includes being informed about personal data, accessing such data, requesting correction or deletion, and learning whether it is used for its intended purposes. Within the scope of this constitutional right, Law No. 6698 on the Protection of Personal Data was published to regulate the protection of fundamental rights and freedoms in the processing of personal data, as well as the obligations and procedures for real and legal persons processing personal data. FAMEC Railway Systems Ind. and Trade Co. takes necessary care to comply with the relevant law and establishes this as a company policy through this Personal Data Protection Policy.
This Policy covers all personal data processed by our Company, including data of our customers who are natural persons, authorized representatives of legal entity customers, potential customers, their employees, our interns and employees, intern and employee candidates, shareholders, officials, and the authorities, shareholders, and employees of organizations with which we have commercial relations, as well as physical and virtual visitors and third parties, whether processed automatically or manually as part of any data recording system. In addition, the principles adopted in this Policy apply to all employees, employee candidates, subcontractors, current and potential business partners, employees of our subsidiaries, and their officials who process, access, provide, or receive personal data from our Company.
Data Controller: FAMEC Railway Systems Ind. and Trade Co.
Postal Address: ÇAYBAŞI YENİKÖY MAH. 36 NOLU SOK. NO:37 ERENLER/SAKARYA TAX NUMBER: 385 118 55 96
Tel: 0 264 3595404
E-mail: info@famecltd.com
2. DEFINITIONS
EXPLICIT CONSENT: Consent given freely and based on information regarding a specific matter,
DATA SUBJECT: The natural person whose personal data is processed,
PERSONAL DATA: Any information relating to an identified or identifiable natural person,
PERSONAL DATA OWNER: The natural person whose personal data is processed (including legal entity representatives),
PROCESSING OF PERSONAL DATA: Any operation performed on data, such as obtaining, recording, storing, preserving, altering, reorganizing, disclosing, transferring, acquiring, making accessible, classifying, or preventing use, whether partially or entirely by automatic means or as part of any data recording system,
DATA PROCESSOR: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller,
DATA RECORD SYSTEM: A recording system in which personal data is structured and processed according to specific criteria,
DATA CONTROLLER: A natural or legal person who determines the purposes and means of processing personal data, and is responsible for establishing and managing the data recording system.
ANONYMIZATION: Making data, previously associated with a person, untraceable to any identified or identifiable individual even if combined with other data.
COMPANY: FAMEC Railway Systems Ind. and Trade Co., Tax ID 385 118 55 96.
WEBSITE: The website owned entirely by the Company, including www.famecltd.com domain and its subdomains.
SERVICES: Through the FAMEC Railway Systems Ind. and Trade Co. website, you can obtain information about the services provided by our company, establish business partnerships, collaborations, requests, and quick access, and access the necessary information regarding the company's mission and activities.
Listing and selling the products of third-party companies that have agreements with FAMEC Railway Systems Ind. and Trade Co.,
Enabling content uploaded to the Database by Sellers to be viewed, listed, and searched by all Users including Visitors and Members via Famec,
The Company may change the definition of Services at any time and without any notice, and may restrict access to the Services for third parties.
VISITOR: Refers to any natural or legal person accessing FAMEC Railway Systems Ind. and Trade Co. The definition of Visitor includes all definitions of Member, User, and Applicant. The Company may request additional documents such as a copy of identity, tax number, address, and other information for verification when necessary.
USER: Refers to any natural or legal person benefiting from the services via the FAMEC Railway Systems Ind. and Trade Co. website. Users may also be referred to as “Visitor,” “Member,” “Buyer,” or “Applicant.” The Company may request additional documents, including a copy of identity, for verification purposes when necessary.
CONTENT: Refers to all kinds of information, texts, files, images, videos, and similar visual, written, and audio materials accessible via Famec, uploaded by the Company or Users, including but not limited to information regarding Products. Hereafter, Content may also be referred to as “Product.”
DATABASE: Refers to all data stored, classified, queried, and accessed, owned by the Company, protected under Law No. 5846 on Intellectual and Artistic Works, and processed in accordance with Law No. 6698 on the Protection of Personal Data.
3. TYPES OF PERSONAL DATA COLLECTED
The personal data we collect from you varies depending on the purpose of processing, and we may require several different types of your data.
These include:
CONTACT AND IDENTITY INFORMATION: For example, name, surname, date of birth, place of birth, ID number, identity information, mother’s name, father’s name, ID serial number, ID validity date, nationality, signature, ID photo, gender, email, postal address, residential address, phone number, passport information, driver’s license information, and other personal data.
FINANCIAL INFORMATION: For example, bank/payment institution details, tax number, etc.
MARKETING INFORMATION: For example, phone and email correspondence with customers, communication history, purchase history, survey responses, cookie records, information obtained through campaign studies, etc.
LOCATION INFORMATION: For example, location data where the transaction takes place.
TRANSACTION SECURITY INFORMATION: For example, customer IP address, website login/logout information, password information, instant photos, transaction receipts, residential address, population registry certificate, internet provider, operating system and browser used, device type such as laptop or smartphone, mobile application or website, device cookie settings, other device-related details, geographic area reported by customer device, etc.
4. PURPOSE OF PROCESSING PERSONAL DATA
We process certain personal data based on legal grounds and legitimate interests, including contract execution, verification of up-to-date information regarding our products and services, evaluation of applications and requests related to products and services with our customers/potential customers, getting to know our customers better, developing our products and services accordingly, ensuring transaction security, and fulfilling legal obligations and maintaining legal and commercial safety. These include:
- Conducting membership contract processes,
- Managing commercial relations within agreements with partner institutions and/or suppliers,
- Providing social media, marketing, and training consultancy services to member institutions,
- Evaluating job applications submitted to the Company,
- Managing legal processes,
- Meeting user and member requests,
- Evaluating customer requests and complaints,
- Conducting marketing and campaign activities,
- Carrying out application procedures,
- Conducting research and analyses to present products and services in the most appropriate way to customers,
- Providing necessary information to authorized institutions and organizations,
- Creating and tracking Famec visitor analysis,
- Conducting accounting operations,
- Performing necessary analyses for sales and marketing,
- Improving product and service quality and variety,
- Ensuring the accuracy and currency of data provided on Famec,
- Meeting mutual needs of members and individual users,
- Conducting user, member, and supplier analyses by country, city, and region,
- Keeping identity and contact information up-to-date,
- Identifying visitors to our website,
- Conducting data analytics and market research,
- Resolving your questions and complaints,
- Requesting information/documents from customers to ensure account security,
- Performing legal and technical services under KVKK, and occupational health and safety information management system services,
- Sending marketing communications about our services, news, information, offers, special events, and other marketing communications that may be of interest. Additionally, we may use the data we collect about you to assist with advertisements of our products and services on third-party websites.
4. RECIPIENTS AND PURPOSES OF PERSONAL DATA PROCESSING
4.1. Your personal data collected by the Company may be transferred domestically and abroad to third parties and institutions, limited to the purposes specified in this document and within the scope of Personal Data Processing conditions specified in Articles 5 and 6 of the KVKK Law No. 6698, in compliance with Articles 8 and 9 of the same Law.
5. METHOD AND LEGAL BASIS FOR COLLECTING PERSONAL DATA
5.1 These personal data are processed by the Company officials via the www.famecltd.com internet portal with the explicit consent of the Member/User, based on the legal basis in Article 5, Paragraph 1 of Law No. 6698 on the Protection of Personal Data, which states that "Personal data cannot be processed without the explicit consent of the relevant person."
5.2 Your personal data is collected during submitting requests to Famec, through quick access forms, application forms, or the supplier application process. If you do not wish to share your personal data with Famec, please do not fill out Famec’s forms.
General Principles in Personal Data Processing
- Compliance with law and fairness principles
- Ensuring personal data is accurate and up-to-date when necessary
- Processing with specific, explicit, and legitimate purposes
- Being relevant, limited, and proportionate to the purpose for which they are processed
- Retaining data for the period required by relevant legislation or for the purpose for which they are processed
Famec commits to complying with laws in line with the general principles stated above.
6. TRANSFER OF PERSONAL DATA ABROAD
6.1 In accordance with Article 9 of the Personal Data Protection Law (KVK), one of the following conditions must exist when transferring personal data abroad:
- Obtaining the explicit consent of the relevant person,
- Meeting one of the conditions listed in Articles 5 and 6 of the KVK Law as exceptions to explicit consent,
- The country to which the transfer will be made is among the countries declared by the KVK Board as having adequate protection,
- If adequate protection does not exist in the country to which the transfer is made, the data controllers in Turkey and the relevant foreign country must provide a written commitment of sufficient protection, and the KVK Board must grant permission for this transfer.
6.2 Famec transfers data with the explicit consent of the applying user. User data of applicants/members registered to Famec may be stored on servers of third-party companies with adequate protection as declared by the KVK Board. If you do not approve this, please do not fill out Famec’s forms.
Your personal data may be shared with our international partners for business development services, statistical and technical services, and managing customer relations. Personal data may be transferred to electronic environments such as servers, hosting companies, programs, and cloud computing located abroad for archiving and storage purposes, provided appropriate security measures are taken, where it may be processed and stored.
The personal data subject to domestic and international transfer mentioned above is legally protected through KVK-compliant clauses in our contracts, considering the data controller or processor status of the other party, as well as through technical security measures.
During data sharing abroad, personal data is transferred in accordance with this policy and the applicable laws on data protection.
7. DOMESTIC TRANSFER OF PERSONAL DATA
According to the definitions in the Law, the transfer of personal data is also considered as 'processing of personal data.' Accordingly, transfers comply with Articles 8 and 9 of the Law.
Within the scope of the data types and purposes specified in this policy, the Company transfers data to third parties (subsidiaries, business partners, employees, subcontractors or suppliers, public institutions, and legally authorized private persons or entities) in accordance with the purpose of processing and taking necessary security measures. These personal data transfers are carried out via secure channels and environments provided by the relevant third party.
Member customers’ phone numbers and/or email addresses may be shared with commercial electronic communication service providers based on the consent for commercial electronic messages to enable promotion, advertising, and offer delivery.
8. RIGHTS OF THE PERSONAL DATA OWNER
8.1 You can exercise your rights defined under the Law by submitting a written request to us or contacting us via email at ……. to obtain information about the processing of your personal data. Requests are concluded as soon as possible, and no later than thirty days. Requests submitted by other means will not be considered. Under these rights, you can obtain information in the following areas:
- Learn whether personal data is processed,
- Request information if personal data has been processed,
- Learn the purpose of processing personal data and whether it is used in accordance with its purpose,
- Know the third parties in Turkey or abroad to whom personal data has been transferred,
- Request correction of personal data if it has been processed incompletely or incorrectly,
- Request deletion or destruction of personal data under the conditions outlined in Article 7 of the KVK Law,
- Request notification of the third parties to whom personal data has been transferred about the corrections or deletions made,
- Object to outcomes that may arise against you through exclusively automated systems,
- Request compensation for damages resulting from unlawful processing of personal data.
9. DURATION OF PERSONAL DATA PROCESSING
Famec specifies the purposes and duration for which personal data will be processed before starting the processing. Personal data is retained in accordance with the relevant legislation that the Company is obliged to comply with and/or for as long as necessary for the purpose for which it is processed.
Your information will be kept as long as you remain a customer/member/user of FAMEC Railway Systems Ind. and Trade Co. If you wish to become a customer/member, you can contact our customer service team to request the deletion of all information we hold about you.
Famec may retain necessary information about you even after closing your account or after this information is no longer needed to provide these services, in accordance with legal regulations, for resolving disputes, preventing fraud, or enforcing other policies.
10. OBLIGATION TO INFORM
Famec, in accordance with Article 10 of the Personal Data Protection Law, provides data subjects with information during the collection of personal data about the purposes of processing, to whom and for what purposes the data may be transferred, the method and legal basis for collecting personal data, and the rights of the data subject under Article 11 of the Law. By accepting the terms of use on the site and registering as a member, each person acknowledges that this notification has been made to them.
In addition, when explicit consent is required for processing personal data, comprehensive disclosures are made to ensure that data subjects freely provide specific consent regarding certain matters.
11. DELETION, DESTRUCTION, OR ANONYMIZATION OF PERSONAL DATA
Even if personal data has been processed in accordance with the Personal Data Protection Law and other relevant legislation, if the reasons requiring processing no longer exist, personal data shall be deleted, destroyed, or anonymized ex officio or upon the request of the relevant person by the data controller.
Famec, upon the expiration of the retention periods specified by relevant legislation or necessary for the purpose of processing, deletes or anonymizes the personal data it processes using one or more techniques most suitable for its business processes and activities, as outlined in the “Guide on Deletion, Destruction, or Anonymization of Personal Data” published by the KVK Board.
Regarding the processes of deletion, destruction, and anonymization of personal data;
- Unnecessary or unlawfully retained data in the Company's records are identified, and access channels are closed by determining who accessed the data and through which means,
- If services are provided by third-party service providers, such as cloud storage providers, it is checked whether these providers have the technical ability to recover the data, and the data is deleted accordingly.
- Data stored on portable recording devices is encrypted and can be deleted,
- Personal data in paper form is cut whenever possible, and if not possible, obscured/unreadable using permanent ink by crossing out/painting/deleting,
- Office files on central servers are deleted using the operating system's delete command, or access rights of the relevant user are removed from the file or its directory,
- Relevant rows containing personal data in databases are deleted using database commands (DELETE, etc.),
- For destruction, simply deleting from records is insufficient; data is broken into pieces small enough to be unrecognizable, encryption keys are destroyed, and storage media are made irrecoverable via demagnetization, physical deformation, or overwriting,
- Data destruction or dismantling of the storage medium where data is processed,
- For anonymization, data is made unidentifiable by removing or altering all direct and/or indirect identifiers related to the individual. Depending on the situation, anonymization methods that do not provide value disorder (removing variables/records, regional masking, generalization, top/bottom coding, sampling) or that do (microaggregation, data swapping, noise addition) can be applied. Statistical techniques such as K-Anonymity, L-Diversity, and T-Closeness may also be used.
12. ENSURING THE SECURITY OF PERSONAL DATA
Our Company takes technical, administrative, and physical measures to prevent the unlawful processing of personal data, unauthorized access to personal data, and to ensure the protection of personal data.
You can reach us using the attached KVK application form and personal data breach notification forms.
