.png)
GENERAL PRIVACY NOTICE ON PERSONAL DATA OF VERIM AGENCY
DATA CONTROLLER
Pursuant to the Law No. 6698 on the Protection of Personal Data (“KVKK”), your personal data may be processed by Verim Agency (the “Company” or the “Data Controller”) within the scope described below.
Within the framework of the KVKK, we attach great importance to the protection of your personal data. In this respect, we would like to inform you about the purposes for which we process your personal data, to whom and for what purposes it may be transferred, and your rights in this regard.
DEFINITIONS REGARDING THE PROTECTION OF PERSONAL DATA
• Personal Data: Any information relating to an identified or identifiable natural person (e.g., identity information, address, email, telephone number, IP address, etc.).
• Explicit Consent: Consent given freely, based on information, and relating to a specific matter.
• Anonymization: Rendering personal data impossible to associate with an identified or identifiable natural person, even when matched with other data.
• Data Subject: The natural person whose personal data is processed (including employees, employee candidates, customers, visitors, suppliers, business partners, and other third parties).
• Processing of Personal Data: Any operation performed on personal data, whether fully or partially automated or non-automated as part of a data recording system, including collection, recording, storage, preservation, alteration, reorganization, use, disclosure, transfer, sharing, acquisition, making available, classification, deletion, or destruction.
• Data Controller: The Company responsible for determining the purposes and means of processing personal data and for establishing and managing the data recording system.
• Board: The Personal Data Protection Board.
• Website: https://www.verimagency.com
SECURITY OF PERSONAL DATA
Verim Agency ensures that all personal data processed, whether by automated means or non-automated means as part of a data recording system, is stored and processed in a manner that minimizes risks of destruction, loss (including accidental loss), unauthorized access or use, or use inconsistent with the original purpose of collection.
Verim Agency attaches importance to protecting the confidentiality and security of personal data. Accordingly, necessary technical and administrative security measures continue to be implemented to protect personal data against unauthorized access, damage, loss, or disclosure.
System access controls, data access controls, secure transfer controls, business continuity controls, and other necessary corporate safeguards are applied.
DATA SUBJECT GROUPS AND DATA CATEGORIES
Shareholders/Partners: Identity information (name, surname, date of birth, Turkish ID number, blood group), contact information (residential address, mobile and home phone), legal transaction information (lawsuits filed on behalf of the Company), financial information (bank account details, invoice details), transaction security information (user system logs), risk management information (shareholder risk assessments), and other information (information security policies, confidentiality and disciplinary agreements, organizational activities with media institutions, social event photographs, training videos and photographs, company social media posts, educational information, driver’s license class information).
Employees: Identity information (name, surname, date of birth, Turkish ID number, gender, blood group, marital status), contact information (residential address, mobile and home phone), criminal record information, financial information (salary account details), transaction security information (user system logs), personnel records (employment contracts, payroll records, leave records, social security notifications, work accident reports), and other information (passport details, visa information, military status, health eligibility information, family information for tax purposes, educational background, driver’s license class information, social event photographs, company social media posts).
Supplier Employees: Identity information (name, surname, date of birth, Turkish ID number), contact information (mobile phone, address), personnel information (employment start date, diploma), transaction security information, and driver’s license class information.
Employee Candidates: Identity information (name, surname, date of birth, place of birth, gender, marital status), contact information (address, phone, email), professional experience (current employment status, certificates, training), criminal record information, and other information (military status, travel restrictions, availability for overtime, health suitability for work, references, foreign language skills, driver’s license class information).
Persons Receiving Products or Services: Identity information (name, surname) and contact information (email address, company name, phone number).
Trade Fair Visitors: Identity information (name, surname) and contact information (email address, company name, phone number).
PURPOSES OF PROCESSING PERSONAL DATA
Identity information, contact information, financial information, transaction data (website visits, cookies, digital traces), and other data (such as employee health data where required for occupational safety processes) are processed by Verim Agency within the scope of Articles 5 and 6 of the KVKK for the following purposes and retained for the legally required periods:
• Management of Company events and projects, provision of services, execution and supervision of business and communication activities, and public promotion of such activities where necessary.
• Execution of commercial activities and planning and implementation of business strategies.
• Ensuring legal, technical, and commercial security of the Company and related persons.
• Conducting logistics, invoicing, finance, and accounting processes related to the sale and supply of products/services through the Company’s website and platforms.
• Fulfillment of marketing offers published on the Company’s website.
• Sending campaign information, promotional offers, and conducting customer satisfaction processes.
• Resolving technical or legal issues experienced by data subjects and managing contractual processes.
• Planning and execution of human resources policies and processes.
• Conducting statistical evaluations and market research without disclosing the identity of the data subject.
• Customizing and promoting products and services based on usage habits and preferences.
• Ensuring operational and information security.
• Fulfillment of obligations arising from tax and other legislation.
• Conducting legal compliance checks.
METHOD AND LEGAL BASIS FOR COLLECTION
Personal data may be collected verbally, in writing, or electronically via email, fax, letters, website visits, communication forms, contracts, event participation forms, call center communications, social media, mobile applications, and other communication channels.
Processing is carried out in accordance with Articles 5 and 6 of the KVKK based on explicit consent where required, necessity for the establishment or performance of a contract, fulfillment of legal obligations, protection of legitimate interests, and provided that fundamental rights and freedoms are not harmed.
TRANSFER OF PERSONAL DATA
Personal data may be transferred to suppliers, shareholders, business partners (limited to the purpose of the partnership), technology service providers, outsourced service providers (such as accounting and finance services), legally authorized third parties (law firms, audit firms, insurance companies), relevant Company business units, parties involved in mergers or asset transfers, and official authorities where legally required.
Transfers are carried out in compliance with Articles 5, 6, 8, and 9 of the KVKK.
TRANSFER ABROAD
The Company does not transfer personal data abroad within the scope of this notice. However, if transfer becomes necessary due to agreements with international service providers, such transfer will be carried out in accordance with Article 9 of the KVKK and subject to the safeguards determined by the Board.
RETENTION AND STORAGE PERIOD
In accordance with Article 12 of the KVKK, Verim Agency takes measures to prevent unlawful processing and access and to ensure the secure storage of personal data through secure databases, servers, firewalls, encryption systems, and updated information security policies.
Personal data is retained for the periods required under applicable legislation and for as long as necessary for the purposes specified in this notice.
Data whose purpose of processing has ceased and whose legal retention period has expired is deleted, destroyed, or anonymized.
RIGHTS OF THE DATA SUBJECT UNDER THE KVKK
Pursuant to Article 11 of the KVKK, data subjects have the right to:
• Learn whether personal data is processed.
• Request information if processed.
• Learn the purpose of processing and whether it is used accordingly.
• Know the third parties to whom personal data is transferred domestically or abroad.
• Request correction of incomplete or inaccurate data.
• Request deletion, destruction, or anonymization when the reasons requiring processing cease.
• Request notification of such actions to third parties.
• Object to automated decision-making.
• Claim compensation for damages resulting from unlawful processing.
You may submit your requests by completing the “Data Subject Application Form” available at https://www.verimagency.com and sending a signed copy to the Company’s address:
Soğanlık Yeni Mah. Aliağa Sk. Bumerang Kartal No:8/130
34880 Kartal / Ä°stanbul
You may also submit your request via notary, secure electronic signature (in accordance with Law No. 5070), or by sending an email with the subject line “Personal Data Protection Law Information Request” to verimdenizcilik@hs01.kep.tr.
Applications will be concluded free of charge within 30 (thirty) days at the latest. If the request requires additional costs, a fee may be charged in accordance with the tariff determined by the Personal Data Protection Board.