Privacy
Policy
BILYA HIRDAVAT RULMAN TIC LTD STI
PERSONAL DATA PROTECTION POLICY
Document Information
Document Title: Personal Data Protection Policy
Document Purpose: The purpose of the Personal Data Protection Policy is to define the principles and procedures regarding the planning and implementation of personal data protection processes by Bilya Hırdavat Rulman Tic. Ltd. Şti.
Publication Date: 09.07.2025
Version No: 1
Website: www.bilyahirdavat.com
Contact Email: bilyahirdavat@gmail.com
Reference / Legal Basis: Law No. 6698 on the Protection of Personal Data and related legislation
Approval Authority: Board of Directors of Bilya Hırdavat Rulman Tic. Ltd. Şti.
1. PURPOSE
Each individual has the constitutional right to demand the protection of their personal data. At Bilya Hırdavat Rulman Tic. Ltd. Şti., we regard the fulfillment of this right as one of our most valuable responsibilities. For this reason, we attach great importance to the lawful processing and protection of your personal data. This Corporate Personal Data Protection Policy has been prepared to outline the principles and procedures we adopt when processing and protecting personal data.
2. SCOPE
This Policy applies to all personal data processed by Bilya Hırdavat Rulman Tic. Ltd. Şti., whether fully or partially automated, or manually as part of a data recording system. It covers all processes such as obtaining, recording, storing, preserving, altering, reorganizing, disclosing, transferring, taking over, making data available, classifying, or preventing use. It applies to data related to our shareholders, executives, customers, employees, suppliers, and third parties. Bilya Hırdavat Rulman Tic. Ltd. Şti. may amend the Policy for compliance with legislation and decisions of the Personal Data Protection Authority and to ensure better data protection.
3. DEFINITIONS
| Term | Definition |
|---|---|
| Recipient Group | The category of natural or legal persons to whom personal data is transferred by the data controller. |
| Explicit Consent | Consent that is based on information and expressed with free will regarding a specific subject. |
| Anonymization | The process of rendering personal data unrelated to an identifiable natural person, even by matching with other data. |
| Data Subject | The individual whose personal data is being processed. |
| Authorized User | Persons who process personal data under the authority and instruction of the data controller, excluding those responsible solely for data storage and backup. |
| Destruction | Deleting, destroying, or anonymizing personal data. |
| Law / Privacy Policy | Law No. 6698 on the Protection of Personal Data. |
| Data Recording Medium | Any environment where personal data is processed automatically or manually as part of a data recording system. |
| Personal Data | Any information related to an identified or identifiable natural person. |
| Data Inventory | An inventory detailing the processing activities of personal data, including purpose, legal basis, category, retention period, recipient groups, international transfers, and security measures. |
| Processing of Personal Data | Any operation performed on personal data including collection, storage, alteration, transfer, or erasure, whether automated or manual. |
| Commission | The Personal Data Protection Commission established by Bilya Hırdavat Rulman Tic. Ltd. Şti. to manage the Policy and ensure its enforcement. |
| Board | Personal Data Protection Board. |
| Authority | Personal Data Protection Authority. |
| Special Categories of Personal Data | Data relating to race, ethnicity, political opinion, religious beliefs, appearance, health, sexual life, criminal record, biometric and genetic data, etc. |
| Periodic Destruction | Deletion, destruction, or anonymization carried out periodically as defined in the retention and destruction policy when the lawful basis for processing no longer exists. |
| Policy | This Personal Data Protection Policy. |
| Data Processor | A natural or legal person who processes personal data on behalf of the data controller. |
| Data Controller | The person or entity who determines the purposes and means of processing personal data and is responsible for managing the data recording system. |
4. GENERAL PRINCIPLES
For every new process involving the processing of personal data, Bilya Hırdavat Rulman Tic. Ltd. Şti. checks compliance with the following principles. Any process that does not comply will not be implemented:
- I) Compliance with the law and the rules of good faith.
- II) Ensuring data is accurate and up to date when necessary.
- III) Processing for specified, explicit, and legitimate purposes.
- IV) Processing data that is relevant, limited, and proportionate to the purpose.
- V) Retaining data only as long as necessary or as required by law, and deleting it when no longer needed.
5. ROLES AND RESPONSIBILITIES
A Personal Data Protection Commission has been established within Bilya Hırdavat Rulman Tic. Ltd. Şti. to manage this Policy and ensure its implementation. The company may also obtain consultancy services when necessary to ensure compliance with Law No. 6698. The Commission may invite the consultant to meetings if deemed necessary. Responsibilities of the Commission:
- I) Holds regular meetings every 6 months; extraordinary meetings may be held if required.
- II) Discusses areas of the Policy that need to be updated or improved.
- III) Identifies measures for the lawful processing and protection of personal data.
- IV) Organizes training programs on data protection.
- V) Audits data processing activities and technical security measures.
- VI) Monitors data breaches and identifies incidents that must be reported to the Authority.
6. SECURITY MEASURES FOR DATA PROTECTION
- Personal data is protected against unauthorized access, alteration, disclosure, or destruction.
- Access to data recording systems is restricted to authorized personnel only.
- Data is protected using firewalls, encryption, and access control systems.
- Documents containing personal data are stored in locked cabinets.
- Staff regularly receive data protection training.
- Data processing and access are audited regularly.
7. RIGHTS OF DATA SUBJECTS
- To learn whether personal data is processed.
- To request information if personal data has been processed.
- To learn the purpose of processing and whether it is being used appropriately.
- To learn third parties to whom data is transferred domestically or abroad.
- To request correction if data is incomplete or incorrect.
- To request deletion or destruction in accordance with the law.
- To object to data processing.
- To object to negative outcomes resulting from automated data processing.
Data subjects may exercise their rights by sending a written request to bilyahirdavat@gmail.com.
8. BREACH NOTIFICATIONS
If a personal data breach is identified, necessary notifications will be made promptly to the Personal Data Protection Authority and to the affected individuals.
9. AMENDMENTS
Any amendments to this Policy will take effect upon the approval of the Board of Directors.
10. EFFECTIVE DATE
This version of the Policy has been approved by the Board of Directors and entered into force on 09.07.2025.
Bilya Hırdavat Rulman Tic. Ltd. Şti. Board of Directors
