Protection of Personal Data
1.Data Controller’s Identity
At Gediz Elektrik Perakende Satış A.Ş. (“Gediz” or the “Company”), we exercise due care to ensure safety and confidentiality of your personal data. Therefore, as the data controller as per the Personal Data Protection Law No. 6698 (the “Law”), we kindly bring the following to your attention under our liability to inform you to ensure that we can act in accordance with the Law with regards to the personal data we hold:
2. Processing of Personal Data and the Purposes for Processing
Your personal data is processed to ensure that our Company can offer the best services possible, although the purpose may vary depending on the services and commercial activities offered by Gediz. To this end:
If you are a natural person customer of our Company/ an employee/contact person/partner/authorized person or, in some situations, guardian/custodian/representative, guarantor or potential customers of legal entity or natural person commercial customers of our Company:
Your personal data (identity, contact details, customer transaction data) and sensitive personal data (as per the Regulation on Electricity Market Consumer Services, such data can be indirectly obtained from medical reports, and the religion and blood type details can be indirectly obtained from identity card and/or driver’s license copy, if shared by natural person customers) are processed in a limited manner for
Carrying out the subscription contract processes; following up the after-sales support services, customer relations management processes, customer satisfaction activities, legal/financial/accounting processes, and any requests/complaints; ensuring that the activities are in compliance with the Electricity Market Law and the secondary legislation, as well as other relevant legislations; conducting advertising/campaing/promotion/survey activities as part of the marketing analysis efforts and the marketing processes for the services offered; carrying out/auditing business activities; making audits; conducting activities to ensure business continuity; carrying out risk management processes; carrying out strategic planning activities; receiving and assessing the recommendations to improve business processes; following up and carrying out social responsibility and civil society activities; informing the authorized persons, entities and organizations if requested; carrying out communications activities; carrying out storage and archiving activities; carrying out information security processes and ensuring compliance with the policies and procedures of the Company and of the Aydem Holding group companies which the Company is affiliated with.
If you are an employee/contact person/partner/authorized person of our legal entity or natural person commercial customers/suppliers/business partners/subcontractors:
Your personal data (identity, contact and financial details and personnel information) and if shared, your sensitive personal data (medical and criminal sentence data) may also be processed to carry out contractual processes and product and service sales processes; to follow up legal, financial and accounting procedures; to carry out risk management processes; to carry out occupational health and safety processes; to carry out/audit businesses activities; to carry out performance assessment processes; to inform the authorized persons, entities and organizations if requested; to carry out communication activities and to conduct information security processes.
Furthermore:
- If you visit the workplaces of our Company, your identity data and physical location security data may be processed in a prudent and limited manner to ensure safety of the physical location, create visitor records and ensure compliance with the policies and procedures of Gediz;
- If you visit our website, your processing security data may be processed in a prudent and limited manner to keep logs on the electronic environment to fulfill the regulatory liabilities stipulated by Law No. 5651, ensure compliance with the policies and procedures of Gediz and carry out information security processes;
- If you log on to the free wireless network system provided by our Company, your personal data related to your identity, contact details and processing security may be processed in a prudent and limited manner to allow you to access the system, fulfill regulatory liabilities, prevent unlawful and unethical use of the system, ensure compliance with the policies and procedures of Gediz and carry out information security processes.
- Your personal data may also be transferred to physical archives and information systems to be stored in both digital and physical environments.
3. Parties to Whom the Personal Data Processed may be Transferred, and the Related Purposes
For the purposes set out in Article 2 of this Clarification Text, and depending on and limited to the reasons for transfer within the scope of the Law and the related regulations, your personal data collected may be transferred to the governmental bodies and organizations; independent audit companies; attorneys, law offices and mediation firms; banks; our business partners; systems of domestic and overseas information technology companies that we receive services from and collaborate with, including our suppliers; our Company’s domestic shareholders and group companies to carry out the operational processes and to get support from them and to databases used jointly with these companies.
4. Method and Legal Basis for Collecting Personal Data
For the purposes stated in Article 2 of this Clarification Text and depending on and limited to the legal reasons of performance of a contract, establishment and exercise of a right, legitimate interests of the data controller and presence of express consent as stated in Article 5 of the Law in accordance with the basic principles stipulated in the Law, your personal data may be collected via automated or non-automated methods, verbal or written information directly communicated to our electronic mail address by your employer or by you, applications and software used as part of the Company activities and through closed circuit camera systems.
5. Your Rights under Personal Data Protection
As per the legislation on personal data protection, you have the rights to find out if your personal data has been processed; request information regarding the processing of your personal data if processed; find out the purpose for processing the personal data and if the data is used by us in line with such purposes; find out the third parties to whom your personal data is transferred at home and abroad; request correction if your personal data was processed incompletely or incorrectly and request that the third parties to whom the data was transferred (if transferred) be informed of such procedure; request deletion or destruction of your personal data if the conditions that require processing of such data are no longer valid and request that the third persons to whom the data was transferred (if transferred) are informed of such procedure; raise an objection if you believe that there is a consequence to the detriment of you due to the fact that the processed data was analyzed by automated systems exclusively; and request compensation if you incur any loss due to unlawful processing of your personal data.
You can fill out the form at www.gedizperakende.com.tr to send your requests related to Article 11 of the Law, which sets out the rights of the relevant person, to Adalet Mahallesi, Anadolu Caddesi, Megapol Tower No:41 İç Kapı No:211 Bayraklı/İzmir in writing and by person with approved identity, or to kvk.gediz@aydemenerji.com.tr from your email address through which your membership was approved, as per the “Communiqué on the Procedures and Principles for Application to the Data Controller”.
As per Article 13 of the Law, our Company will conclude application requests as soon as possible and, in any case, within 30 (thirty) days at the latest depending on the nature of the request. If the process incurs any cost, the tariff determined by the Personal Data Protection Board shall apply. If the request is rejected, the reason(s) for rejection shall be justified in writing or in electronic environment. You can read our Company’s Policy on Protection and Processing of Personal Data for further information on the evaluation of application requests.
1.Data Controller’s Identity
At Gediz Elektrik Perakende Satış A.Ş. (“Gediz” or the “Company”), we kindly bring the following to your attention under our liability to inform you to ensure that we can act in accordance with the Personal Data Protection Law No. 6698 (the “Law”) and the related regulations regarding the personal data we obtain from you as the data controller:
2.Processing of Personal Data and the Purposes for Processing
Your personal data is processed to ensure that our Company can offer the best services possible, although the purpose may vary depending on the services and commercial activities offered by Gediz. To this end:
Your personal data (identity, contact details, customer transaction data) and sensitive personal data (as per the Regulation on Electricity Market Consumer Services, such data can be indirectly obtained from your medical reports, and the religion and blood type details can be indirectly obtained from your identity card and/or driver’s license copy, if shared by you) are processed in a limited manner for carrying out the subscription contract processes; following up the after-sales support services, customer relations management processes, customer satisfaction activities, legal/financial/accounting processes, and any requests/complaints; ensuring that the activities are in compliance with the Electricity Market Law and the secondary legislation, as well as other relevant legislations; conducting advertising/campaing/promotion/survey activities as part of the marketing analysis efforts and the marketing processes for the services offered; carrying out/auditing business activities; making audits; conducting activities to ensure business continuity; carrying out risk management processes; carrying out strategic planning activities; informing the authorized persons, entities and organizations if requested; carrying out communications activities; carrying out storage and archiving activities; carrying out information security processes and ensuring compliance with the policies and procedures of the Company and of the Aydem Holding group companies which the Company is affiliated with. Your personal data may also be transferred to physical archives and information systems to be stored in both digital and physical environments.
3.Parties to Whom the Personal Data Processed may be Transferred, and the Related Purposes
For the purposes set out in Article 2 of this Clarification Text, and depending on and limited to the reasons for transfer within the scope of the Law and the related regulations, your personal data collected may be transferred to the Energy Market Regulatory Authority and other governmental bodies and organizations; independent audit companies; law offices and attorneys; agencies; banks; our business partners; systems of Turkey-based information technology companies that we receive services from and collaborate with, including our suppliers; our Company’s domestic shareholders and group companies to carry out the operational processes and to get support from them and to databases used jointly with these companies.
4.Method and Legal Basis for Collecting Personal Data
As you are a customer of our Company, your personal data may be collected from the verbal or written information you provided to our Company through automated or non-automated means, from governmental bodies and agencies, from social media platforms, from the applications and software and the closed circuit camera systems used for the Company’s activities; for and limited to the legal reasons stipulated in Article 5 of the Law including express stipulation by law, establishment and performance of contracts, legal liabilities of the data controller, presence of an express consent, and legitimate interests of the data controller.
5.Your Rights under Personal Data Protection
As per the legislation on personal data protection, you have the rights to find out if your personal data has been processed; request information regarding the processing of your personal data if processed; find out the purpose for processing the personal data and if the data is used by us in line with such purposes; find out the third parties to whom your personal data is transferred at home and abroad; request correction if your personal data was processed incompletely or incorrectly and request that the third parties to whom the data was transferred (if transferred) be informed of such procedure; request deletion or destruction of your personal data if the conditions that require processing of such data are no longer valid and request that the third persons to whom the data was transferred (if transferred) are informed of such procedure; raise an objection if you believe that there is a consequence to the detriment of you due to the fact that the processed data was analyzed by automated systems exclusively; and request compensation if you incur any loss due to unlawful processing of your personal data.
1. Data Controller’s Identity
At Gediz Elektrik Perakende Satış A.Ş. (“Gediz” or the “Company”), we kindly bring the following to your attention under our liability to inform you to ensure that we can act in accordance with the Personal Data Protection Law No. 6698 (the “Law”) and the related regulations regarding the personal data we obtain from prospective employees as the data controller:
2. Processing of Personal Data and the Purposes for Processing
As you are a prospective employee, your personal data including your identity, contact details, professional experience, physical location security, family member details, visual data and your resumé that you provided to our Company, and your sensitive personal data including your medical and association membership data (if you have submitted) shall be processed, as part of the job application processes, to carry out the employee application processes and the selection, offer and recruitment processes; obtain camera recordings to ensure physical location security should you visit our Company; check references; ensure information and data security and to make sure that, if you are not recruited, we can assess your resumé for a potential future position or for an appropriate position at our group companies and that we can contact you in this regard. In addition, if you give your express consent, the said data shall be transferred to physical archives and information systems to be stored for 12 months in both digital and physical environments.
3. Parties to Whom the Personal Data Processed may be Transferred, and the Related Purposes
For the purposes set out in Article 2 of this Prospective Employee Clarification Text, and depending on and limited to the reasons for transfer within the scope of the Law and the related regulations, your personal data collected may be transferred to references, to Aydem Holding group companies which the Company is affiliated with, to databases used jointly with these companies and, if required, to governmental bodies and organizations.
4. Method and Legal Basis for Collecting Personal Data
Your personal data is collected in physical or electronic environments from the verbal or written applications made using our Company’s website or email address or made in person, from consultancy firms and from the information provided during interviews, from information provided by references and through closed circuit camera systems, in line with the basic principles stipulated in the Law and for and limited to the legal reasons stipulated in Article 5 of the Law including establishment of contracts, legitimate interests of the data controller, and presence of an express consent.
5. Your Rights under Personal Data Protection
As per the legislation on personal data protection, you have the rights to find out if your personal data has been processed; request information regarding the processing of your personal data if processed; find out the purpose for processing the personal data and if the data is used by us in line with such purposes; find out the third parties to whom your personal data is transferred at home and abroad; request correction if your personal data was processed incompletely or incorrectly and request that the third parties to whom the data was transferred (if transferred) be informed of such procedure; request deletion or destruction of your personal data if the conditions that require processing of such data are no longer valid and request that the third persons to whom the data was transferred (if transferred) are informed of such procedure; raise an objection if you believe that there is a consequence to the detriment of you due to the fact that the processed data was analyzed by automated systems exclusively; and request compensation if you incur any loss due to unlawful processing of your personal data.