ONTO Logo

Privacy Notice

Information Notice on the Processing of Personal Data and Privacy Policy Purpose**

As Unigen Yapı Malzemeleri A.Ş. (“UNIGEN” or the “Company”), we attach the utmost importance to the security of your personal data. With this awareness, we place great emphasis on processing, recording, transferring, sharing, and storing all kinds of personal data belonging to all individuals associated with our Company, including those benefiting from our products and services, in accordance with the Law No. 6698 on the Protection of Personal Data (“KVKK”).

The protection of personal data is among the fundamental policies of our Company. Since its establishment, our Company has prioritized the confidentiality of personal data, adopted this as a working principle, and instructed its employees to act accordingly. Our Company accepts and undertakes to comply with all obligations imposed by the KVKK. Acting with full awareness of this responsibility and in our capacity as the Data Controller, we process, record, transfer, share, and store your personal data within the scope of the applicable legislation and as explained below.

Identity of the Data Controller

Unigen Yapı Malzemeleri A.Ş.

Address:

İnönü Mahallesi, Kayışdağı Caddesi,

Kandiş İş Merkezi, No:128, Floor:2

34755 Ataşehir / Istanbul, Türkiye

Phone: +90 216 577 04 34

E-mail: unigenyapi@hs01.kep.tr

or kvkk@unigen.com.tr

Our Company reserves the right to update this General Privacy Notice and Privacy Policy at any time in line with amendments to the applicable legislation.

Collection, Processing, Purpose and Legal Basis of Personal Data

This General Privacy Notice and Privacy Policy has been prepared in accordance with the KVKK. Accordingly, your personal data may be collected, processed, and stored by our Company, depending on the services, products, or commercial activities provided, through automatic or non-automatic means, via offices, cameras, websites, and similar tools, in verbal, written, or electronic form.

Separate Privacy Notices and Explicit Consent Forms are prepared and provided to the relevant data subjects whose personal data are processed. Personal data processed without explicit consent are specified under Article 5 of the KVKK.

Processing of Personal Data Due to Legal Obligations or Explicit Provisions of Law

Personal data may be processed without obtaining additional consent where explicitly stipulated by law or where necessary to fulfill a legal obligation. The type and scope of data processing must be necessary for the legally permitted data processing activity and comply with the relevant legal provisions.

Collection and Processing of Data for Contractual Relationships

If a contractual relationship is established with our customers or suppliers, collected personal data may be processed without obtaining separate consent. Such processing is limited to the purposes of the contract and is carried out only to the extent necessary for the proper performance of the contract and provision of services. Data may be updated by contacting customers when required.

Personal data may be collected through our Company’s business units, accounting software databases, PDKS (Personnel Attendance Control System), camera recordings, websites, suppliers, service providers, contracted institutions, business partners, and similar channels, through automatic or non-automatic means, in written, verbal, or electronic form.

Processing of Special Categories of Personal Data

Under the KVKK, data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data, are considered special categories of personal data.

Our Company takes adequate measures determined by the Personal Data Protection Board when processing special categories of personal data. Such data are processed only with the explicit consent of the data subject and solely for purposes related to the reason for their collection.

Recipients and Purposes of Transfer of Personal Data

Your personal data may be transferred without explicit consent in accordance with Article 5(2) and, provided that adequate measures are taken, Article 6(3) of the KVKK. Provisions in other laws regarding the transfer of personal data are reserved.

Collected personal data may be transferred to our shareholders, business partners, suppliers, legally authorized public institutions, and private persons in accordance with Articles 8 and 9 of the KVKK.

Our Company is authorized to transfer personal data abroad in compliance with the conditions set forth by the Personal Data Protection Board and after obtaining the explicit consent of the data subject.

Details regarding recipients of personal data are specified in separate privacy notices prepared for relevant data subjects.

Retention Periods of Personal Data

Personal data processed for the purposes specified in the relevant Privacy Notice and Explicit Consent Forms shall be retained for the period required by the purpose of processing and the applicable legislation. Upon expiration of such periods or when the purpose of processing ceases, personal data shall be deleted, destroyed, or anonymized in accordance with Article 7 of the KVKK.

Processing of Personal Data Without Explicit Consent

Pursuant to Article 5 of the KVKK, personal data may be processed without explicit consent in the following cases:

  • Where explicitly stipulated by law;
  • Where processing is mandatory to protect the life or physical integrity of the data subject or another person when consent cannot be obtained due to physical impossibility;
  • Where processing is directly related to the establishment or performance of a contract;
  • Where processing is mandatory for the Company to fulfill its legal obligations;
  • Where personal data have been made public by the data subject;
  • Where processing is mandatory for the establishment, exercise, or protection of a right;
  • Where processing is mandatory for the legitimate interests of the Company, provided that it does not harm fundamental rights and freedoms.

Processing of Personal Data in Accordance with Legal Principles

Compliance with Law and Good Faith

UNIGEN processes personal data in compliance with legal regulations and principles of good faith, limited to what is necessary for its business activities.

Accuracy and Up-to-Date Data

UNIGEN takes necessary measures to ensure personal data are accurate and up to date and updates them based on official documents or requests from data subjects.

Processing for Specific, Explicit and Legitimate Purposes

Personal data are processed for clearly defined and legitimate purposes related to business activities.

Data Minimization and Proportionality

Personal data are collected and processed only to the extent necessary for the intended purposes.

Retention for the Required Period

Personal data are retained only for the period required by the purpose of processing and applicable legislation and are destroyed using appropriate methods thereafter.

Principle of Data Minimization

Under the principle of data minimization, UNIGEN processes only data that are necessary. Excess data are not recorded, deleted, or anonymized and may be used solely for statistical purposes.

Confidentiality and Data Security

Personal data are confidential, and access is restricted to authorized personnel only. UNIGEN implements all necessary technical and administrative measures to prevent unauthorized access and ensure data security.

Payments made on Onto (www.onto.com.tr

) are processed securely via SSL encryption directly by payment service providers and partner banks. Payment information is not stored, shared, or transferred by our Company.

UNIGEN shall not be held liable for damages caused by malware or viruses unless resulting from its intent or gross negligence.

Audit

UNIGEN conducts internal and external audits regarding the protection of personal data.

Notification of Violations

In case of any personal data breach, UNIGEN takes immediate action, minimizes damage, compensates losses where applicable, and notifies the Personal Data Protection Board without delay.

Your Rights Regarding Personal Data

As a data subject, you have the right to:

  • Learn whether your personal data are processed;
  • Request information if processed;
  • Learn the purpose of processing and whether data are used accordingly;
  • Know third parties to whom data are transferred;
  • Request correction of inaccurate or incomplete data;
  • Request deletion or destruction of data when processing purposes cease;
  • Object to adverse results arising from automated processing;
  • Request compensation for damages caused by unlawful processing.

Requests may be submitted via unigenyapi@hs01.kep.tr

or kvkk@unigen.com.tr

, or through other methods specified by legislation. Requests shall be resolved within 30 days, free of charge, unless additional costs apply as determined by the Personal Data Protection Board.