Menu

1. Purpose of This Policy

With awareness of the importance of confidentiality and security of personal data obtained within the scope of the Law No. 6698 on the Protection of Personal Data (“KVKK”) and other relevant legislation, FELTOUCH YAPI TASARIM SANAYİ TİCARET ANONİM ŞİRKETİ aims to ensure full compliance with legal obligations as a data controller and to establish a personal data processing and protection policy aligned with international standards.

This Policy sets out the principles adopted by the Company regarding lawful, fair, and transparent processing of personal data.

It also explains the purposes of processing, data collection methods, legal grounds, data transfers, and the rights of data subjects.

2. Purpose, Scope and Definitions

2.1 Purpose

This Personal Data Processing and Protection Policy (“Policy”) is the main policy document regulating the principles that FELTOUCH YAPI TASARIM SANAYİ TİCARET ANONİM ŞİRKETİ shall comply with while fulfilling its obligations under KVKK and other relevant legislation.

2.2 Scope

This Policy covers personal data processed or shared during the Company’s activities, including those of employees, job applicants, business partners, customers, potential customers, suppliers, service providers, visitors, and website visitors.

The Policy is binding for all Company departments and employees.

2.3 Definitions

  • Recipient Group: The category of natural or legal persons to whom personal data is transferred.
  • Relevant User: Persons who process personal data within the organization under authorization, excluding those responsible for technical storage.
  • Destruction: Deletion, destruction, or anonymization of personal data.
  • Law: Law No. 6698 on the Protection of Personal Data.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Data Subject: The natural person whose personal data is processed.
  • Processing of Personal Data: Any operation performed on personal data such as collection, recording, storage, disclosure, transfer, or destruction.
  • Explicit Consent: Consent given freely, based on information, and for a specific purpose.
  • Special Category Personal Data: Data relating to race, ethnicity, political opinions, religious beliefs, health, sexual life, biometric and genetic data.
  • Data Controller: The entity determining the purposes and means of processing personal data.

3. Processing of Personal Data

3.1 Principles

  • Processing in compliance with law and good faith
  • Accuracy and, where necessary, being kept up to date
  • Processing for specific, explicit, and legitimate purposes
  • Being relevant, limited, and proportionate
  • Retention for the period required by legislation or processing purpose

3.2 Collection and Processing Methods

Personal data may be collected verbally, in writing, or electronically through automatic or non-automatic methods, including commercial activities, recruitment processes, employment relationships, website visits, events, and communications.

3.3 Explicit Consent

Personal data shall be processed after informing the data subject and obtaining explicit consent where required.
Health data requires written explicit consent unless legally exempt.

3.4 Special Category Personal Data

Special category personal data shall only be processed with explicit consent or in cases permitted by law.
Health and sexual life data may be processed without consent only for public health and medical service purposes.

4. Transfer of Personal Data

Personal data may be transferred to third parties within Türkiye with explicit consent or under legal exceptions.
International transfers require adequate protection or written assurance and approval from the Data Protection Board.

5. Rights and Obligations

5.1 Rights of Data Subjects

  • To learn whether personal data is processed
  • To request information if processed
  • To learn the purpose of processing
  • To know third parties to whom data is transferred
  • To request correction or deletion
  • To object to automated decision-making
  • To claim compensation for unlawful processing

5.2 Obligations of the Data Controller

The Company takes necessary technical and administrative measures to ensure data security, prevent unauthorized access, and ensure compliance with legal obligations.

6. Deletion, Destruction and Anonymization

Personal data shall be deleted, destroyed, or anonymized in accordance with the Personal Data Retention and Destruction Policy once processing purposes cease to exist.

7. Periodic Destruction

Periodic destruction shall be carried out within 180 days following the occurrence of the obligation, extendable by 30 days if necessary.

8. Departmental Data Protection Officer

A Departmental Personal Data Protection Officer is appointed in each department to ensure compliance and awareness.

9. Amendments and Effective Date

This Policy may be updated and published on the Company website when required. Amendments take effect on the publication date.

Data Controller Information

Company: FELTOUCH YAPI TASARIM SANAYİ TİCARET ANONİM ŞİRKETİ
Address: Burhaniye Mah. Bahçeler Sok. No: 8/2 Istanbul, Türkiye
Website: www.feltouch.tr
KEP: [email protected]