AHSS

YOUR NEW GUN!

FXS 9

AHSS

YOUR NEW GUN!

1. INTRODUCTION

Protection of personal data, AĞAOĞLU AVIATION and DEFENSE INDUSTRY LTD. ŞTİ. (The "Company"), is among the Values ​​and Policies that our Company institutionally attaches importance to. The most important part of this issue is managed by this Policy; It consists of the protection and processing of personal data of customers, customer candidates, employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of our business partners, suppliers, third parties and employees.

According to Article 20 of the Constitution of the Republic of Turkey, all natural persons have the right to the protection of personal data associated with it. Regarding the protection of personal data, which is a constitutional right, the "Company" is governed by this Policy; It takes due care to protect the personal data of our customers, prospective customers, employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of our business partners, our suppliers, third parties and our employees, and makes this a company policy.

In this context, necessary administrative and technical measures are taken by the "Company" to protect the personal data processed in accordance with the relevant legislation.

2. THE PURPOSE OF THE POLICY

The main purpose of this policy is to make explanations about the personal data processing activities carried out by the "Company" in accordance with the law and the systems adopted for the protection of personal data, within this scope; To ensure transparency and transparency by informing the personal data of customers, customer candidates, employee candidates, company shareholders, company officials, visitors, employees, shareholders and officials of our business partners, our suppliers, third parties and employees, especially those whose personal data are processed by our company.

3) SCOPE OF THE POLICY

This Policy; By automatic or non-automatic means provided that they are part of any data recording system; It has been prepared for people whose personal data is processed by our Company, especially Customers, Potential Customers, Employee Candidates, Visitors, Business Partners, Employees, and this will be applied within the scope of the specified persons. This Policy will in no way apply to legal entities and legal entity data.

Our company informs the Personal Data Owners about the Law by publishing this Policy on the website. This Policy will not apply if the data is not included in the scope of "Personal Data" within the scope of the Law or the Personal Data processing activity carried out by our Company is not in the above-mentioned ways.

 

4) DATA OWNERS

In general, in line with the scope mentioned above, the data owners are as follows;

Customer: Real persons benefiting from the products and services offered by the company

Potential Customer: Real persons in the position of potential customers who show an interest in the products and services offered by the company

Employee Candidate: Real persons who stated that they would like to send a CV from digital media, fill out a job application form by applying personally or work with other methods

Visitors: Real persons visiting the company's physical premises and website for any purpose.

Third Parties: Real persons other than the above-mentioned data category owners, employees and company partners.

Business Partners: Real persons who are business partners of the company and real persons who use or have used the services of business partners.

Employees: Real persons who work in the company on a contract basis.

 

5- DEFINITIONS

"Explicit Consent": Consent that is based on information and expressed with free will regarding a specific subject.

“Employee”: A real person who has an employee-employer-like relationship with Ağaoğlu Aviation and Defense Industry LTD. ŞTİ. depending on the employment contract or service contract.

"KVK Law": Law No. 6698 on Protection of Personal Data

“Personal Data”: All kinds of information about real persons whose identity is known or can be determined.

"Making Personal Data Anonymous": The process of rendering personal data unrelated to an identified or identifiable natural person, even by matching other data.

Relevant Person / Data Owner: The real person whose personal data is processed.

"Processing of Personal Data": Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making personal data fully or partially automatic or non-automatic, provided that it is part of any data recording system All kinds of operations performed on the data such as bringing them, classifying them and preventing their use.

"Board": Personal Data Protection Board

"Authority": Personal Data Protection Authority

"Special Quality Personal Data": Data on the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and dress, membership in associations, foundations or trade unions, health, sexual life, criminal conviction and security measures. with biometric and genetic data.

“KVK Policy”: Ağaoğlu Aviation and Defense Industry LTD. ŞTİ. Data Protection Policy

“Company”: Ağaoğlu Aviation and Defense Industry LTD. ŞTİ.

Data Processor: Real or legal person who processes personal data on behalf of the data controller based on the authority given by him.

Data Supervisor: Real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Company Website: https://ahss.com.tr/

Company REP Address: agaoglu@hs01.kep.tr

Anonymization: It is the rendering of data previously associated with a person that cannot be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

 

6-GENERAL PRINCIPLES ON THE PROCESSING OF PERSONAL DATA

Our company, in accordance with Article 4 of the KVK Law, regarding the processing of personal data; in accordance with the law and honesty rules; accurate and up-to-date when necessary; by pursuing specific, explicit and legitimate purposes; performs personal data processing activities in a limited and measured manner related to the purpose. Our company retains personal data for the period stipulated by law or required by the purpose of processing personal data.

Processing of personal data in accordance with the law and honesty rules: The Company acts in accordance with the laws, secondary regulations and general principles of the law in the processing of your personal data; attaches importance to processing personal data limited to the purpose of processing and considering the reasonable expectations of data owners.

Accurate and up-to-date personal data: We pay attention to whether your personal data processed by the company is up-to-date and controls are made regarding this. In this context, applications for correction or deletion of correct and outdated data are meticulously evaluated and concluded by the data owners.

Processing of personal data for specific, explicit and legitimate purposes: The Company determines the data processing purposes before each personal data processing activity and pays attention to the compliance of these purposes with the purposes specified in the Law and the law.

Being linked, limited and measured to the purpose for which personal data are processed: The data processing activity is limited by the company to the personal data required to realize the purpose of collecting and the necessary steps are taken to prevent the processing of personal data not related to this purpose.

• Storing personal data for the period required by the legislation or processing purposes: Personal data are deleted, destroyed or anonymized after the personal data processing purpose by the company ceases or when the period stipulated in the legislation expires. Regular checks are carried out within the company whether the purpose of data processing has been eliminated.

 

7-CONDITIONS OF PROCESSING PERSONAL DATA

The "Company" processes personal data with express consent or in cases deemed in accordance with other data processing conditions. The conditions mentioned are listed below:

• Personal data processing is clearly stipulated in the laws

• Inability to obtain the explicit consent of the data owner due to the actual impossibility and the necessity of personal data processing:

• The personal data processing activity is directly related to the establishment or performance of a contract:

• It is mandatory to carry out personal data processing activity in order to fulfill the legal obligation of the data controller.

• The data owner has made his personal data public

• When personal data processing is mandatory for the establishment, use or protection of a right:

• Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner.

• In cases where the personal data owner has explicit consent and other data processing conditions do not exist, in accordance with the general principles specified in the Law and this policy, the personal data of the data owner by the Company, with sufficient information about the personal data processing activity, After the obligation is fulfilled, it can be processed without any hesitation and only if it gives approval limited to that transaction.

 

8-PURPOSE OF PROCESSING PERSONAL DATA

"Company" processes personal data for the following purposes within the framework of the legal reasons included in Article 5 and 6 of the KVK Law:

 

  Within the scope of planning and execution of human resources activities; Personal data of employee candidates, in order to evaluate the suitability for the job and to carry out the personnel recruitment processes, the personal data of employees, the execution of the employment contract, the establishment of fringe benefits, the execution of the promotion / premium / increase processes, the fulfillment of the obligations arising from the legislation that the Company is subject to, and realization of insurance processes, evaluation of employee performance, etc. is processed for purposes.

  In addition, the Company uses personal data within the scope of ordinary company activities and services provided to its customers; planning and execution of corporate sustainability activities, event management, management of relations with business partners or suppliers, execution / follow-up of financial reporting and risk management procedures, execution / follow-up of legal affairs, planning and execution of corporate communication activities, execution of corporate governance activities, corporate and partnership law performing transactions, demand and complaint management, managing investor relations, ensuring the security of Ağaoğlu Aviation and Defense Industry buildings and facilities, creating and monitoring visitor records, determining and implementing the company's commercial and business strategies, Resolving the problems and complaints of the relevant persons, ensuring satisfaction and to provide an effective service, to respond to information requests from administrative and judicial authorities, to comply with legal processes and legislation, to provide information and transaction security and to prevent malicious use. works for purposes.

  If the processing activity carried out for the aforementioned purposes does not meet any of the other data processing conditions stipulated under the KVK Law, the explicit consent of the relevant person is obtained by Ağaoğlu Aviation and Defense Industry regarding the relevant data processing process.

 

9- COLLECTION METHODS OF PERSONAL DATA

Personal data, in line with the regulations in the Law and the purposes stated above by our company cookies etc. that our system uses to recognize you during website visits. or orally, in writing and electronically.

 

10-STORAGE AND DISPOSAL OF PERSONAL DATA

Our company keeps personal data only for the period specified in the relevant legislation or for the purpose for which they are processed. In this context, in the event of a dispute, the Company keeps personal data for the duration of the statute of limitations determined in accordance with the relevant legislation within the framework of the special regulations in the law and to be limited in order to carry out administrative or judicial processes within the scope of the dispute. Personal data are deleted, destroyed or anonymized by the Company in the event that the period ends or the reasons requiring the processing of the data disappear. Personal data are not stored by the Company with the possibility of future use.

11- TRANSFER OF PERSONAL DATA

The company can transfer personal data domestically with the express consent of the person concerned or in accordance with the additional regulations listed in Article 8 of the Law and determined by the Personal Data Protection Board. In this manner; Personal data by the company domestically; It can be transferred to authorized public institutions and organizations, company shareholders and private institutions and organizations for the purpose of requesting information in a limited way.

 

12- ADMINISTRATIVE AND TECHNICAL MEASURES TAKEN TO ENSURE THE LEGAL PROCESSING OF PERSONAL DATA

• It organizes regular trainings and awareness studies on the protection of personal data for its employees.

• The company creates policies based on the personal data processing inventory and establishes the necessary processes for the implementation of the policies.

• The company determines the risks within the scope of the personal data protection law and carefully carries out the activities to eliminate the risks. In this context, it creates active lighting and open consent channels.

• Internal audits are carried out periodically in order to fulfill the obligations regarding the protection of personal data.

• Continuously provides legal consultancy services regarding compliance with updated legislation.

• Creates a separate policy for the protection of personal data of special nature and implements additional measures determined by the Board.

• Data sharing agreement etc. required for the management of relations with data processors. It implements the measures.

• Establishes a secure technical infrastructure to ensure the security of databases where personal data will be stored.

• It determines the procedures for reporting the technical measures taken and audit processes.

• Security-related measures are periodically renewed and developed.

• Network security and application security is provided.

• Closed system network is used for personal data transfer via network.

• Key management is implemented.

• Security measures are taken within the scope of procurement, development and maintenance of information technology systems.

• The security of personal data stored in the cloud is ensured.

• An authority matrix has been created for the employees.

• Access logs are kept regularly.

• Corporate policies on access, information security, use, storage and disposal issues have been prepared and implemented.

• Data masking measures are applied when necessary.

• Employees who have a change of position or leave their jobs are removed from their authority in this area.

• Current anti-virus systems are used.

• Firewalls are used.

• Personal data security problems are reported quickly.

• Personal data security is monitored.

• The security of environments containing personal data is ensured.

• Personal data are backed up and the security of backed up personal data is also ensured.

• User account management and authorization control system is implemented and followed up.

• Log records are kept without user intervention.

• Intrusion detection and prevention systems are used.

• Cyber ​​security measures have been taken and their implementation is constantly monitored.

• Encryption is done.

• Penetration test is applied.

• Data loss prevention software is used

 

13-DATA OWNER'S RIGHTS AND APPLICATION

In Article 11 of the Law; The rights of the personal data owner are regulated as follows:

• Learning whether personal data is processed,

• Requesting information if personal data has been processed,

Learning the purpose of processing personal data and whether they are used appropriately for their purpose,

• To know the third parties in the country or abroad to whom personal data have been transferred

• To request correction of personal data in case of incomplete or incorrect processing,

• To request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear, despite the fact that it has been processed in accordance with the Law and other relevant provisions of the law, and to request notification of the transaction made within this scope to third parties to whom personal data has been transferred,

• Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,

• To request the compensation of the damage in case of damage due to the processing of personal data illegally,

Pursuant to the first paragraph of Article 13 of the Law; by the data subject; In the capacity of data controller, the applications to be made to our Company regarding these rights must be submitted to us in writing or by the Personal Data Protection Board ("Board") in accordance with the "Communiqué on Application Procedures and Principles for the Data Controller" published in the Official Gazette. It is stated in the Communiqué that the relevant persons can benefit from this right provided that they make their applications in Turkish, and the applications must be made in Turkish.

 

  Within this framework, the applications to be made to the Company in writing, by taking the printout of the "Application Form" in the annex of this Clarification Text;

 • With the personal application of the applicant,

• Through a notary public,

• It can be signed by the Applicant with the "secure electronic signature" defined in the Electronic Signature Law No. 5070 and sent to the e-mail address agaogluhavacilik@hs01.kep.tr registered in the name of the Company.

 

14-REVISIONS

The "Company" can always make changes in this KVK Policy. These changes take effect on the day the new revised KVK Policy is published. Necessary information will be made to the relevant persons in order to be informed about the changes in this KVK Policy.

 

INFORMATION AND DISCLOSURE TEXT IN THE SCOPE OF KVKK

The Law on Protection of Personal Data ("Law") numbered 6698 was published in the Official Gazette on 07/04/2016 and entered into force. It is processed by AĞAOĞLU AVIATION and DEFENSE INDUSTRY LTD. ŞTİ. ("Company") as the data controller.

1-DATA CONTROLLER

Your personal data is processed by the data controller AĞAOĞLU AVIATION and DEFENSE INDUSTRY LTD. ŞTİ. ("Company") in accordance with the Law on Protection of Personal Data 6698 ("Law").

2-PURPOSE OF PROCESSING YOUR PERSONAL DATA

Personal information, such as identity information, contact information, customer information, customer transaction information, transaction security information, legal transaction and compliance information and marketing sales information, from parties such as customers, employees, potential customers, employee candidates, business partners and suppliers by the data controller. data can be collected.

The purpose of this law is to protect the privacy of your private life, as well as the rights and freedoms of the person, to ensure the legal and commercial security of the persons with whom the business relationship is to be processed, to ensure the security during the company visit and the responsibilities of the real and legal persons who process these personal data and to regulate the principles.

3-TRANSFER OF PROCESSED PERSONAL DATA

   Your personal data can be transferred to official authorities, real or legal persons under the conditions and conditions determined by law.

Due to the industry our company is in, the personal data collected are shared with public institutions and organizations such as the relevant Ministries and District Governorships. For the provision of products and services and after-sales tracking, it is transferred to real or legal persons such as cargo & shipping companies, supplier companies only for these purposes.

4-METHOD OF COLLECTING PERSONAL DATA AND ITS LEGAL REASON

Your personal data are physically carried out by the security personnel, records, contracts, printed forms; In the digital environment, it will be collected via e-mail, phone, SMS, complaint forms, fax, social media accounts.

It is carried out by the company for the purposes stated above within the framework of the legal legislation, within the execution of the contract.

5-RIGHTS OF THE PERSONAL DATA OWNER SET IN ARTICLE 11 OF LAW NO.6698

As a personal data owner, we declare that you have the following rights in accordance with Article 11 of the Law:

 

• Learning whether your personal data is processed,

• If your personal data has been processed, to request information regarding this,

• Learning the purpose of processing your personal data and whether they are used appropriately for their purpose,

• To know the third parties in the country to whom your personal data has been transferred,

• To request correction of your personal data in case of incomplete or incorrect processing, and to request notification of the transaction made within this scope to third parties to whom your personal data has been transferred,

• To request the deletion or destruction of personal data in the event that the reasons for its processing disappear, despite the fact that it has been processed in accordance with the Law and other relevant provisions of the law, and to request notification of the transaction made within this scope to third parties to whom your personal data has been transferred,

• To object to any unfavorable outcome by analyzing the processed data exclusively through automated systems,

• Request compensation in case you suffer damage due to unlawful processing of your personal data.

AĞAOĞLU VERİ BAŞVURU FORMUİndir