Personel Data Protection

Homepage » Personel Data Protection

ISTANBUL ENERGY CO. WEBSITE CLARIFICATION TEXT

One of the most important principles of Istanbul Energy Co. (“Company”) is to protect confidentiality of visitors of https://www.enerji.istanbul/ website it operates. In this Clarification Text, the principles regarding the data controller Company located at the address “Istanbul Dünya Ticaret Merkezi (IDTM) Blokları A2 Blok No:10 Kat: 17 Ofis No: 467 34149 Yeşilköy – Bakırköy / ISTANBUL” processing your personal data pursuant to Law no. 6698 on Protection of Personal Data (“Law”) and relevant legislations are stated below.

  1. Purpose of Processing Personal Data

Your personal data obtained from your visit to our website may be processed by our Company in accordance with Articles 5 and 6 of the Law for the purposes listed below:

  • Having our relevant business departments carry out the work required for the actualization of the commercial activities run by the Company and conducting the associated business processes,
  • Planning and execution of the company’s commercial and business strategies,
  • Planning and executing the activities necessary for recommending and promoting the services offered by the company to the relevant persons by customizing them according to preferences, usage habits and needs of relevant persons,
  • Including in the customer relations service in order to provide a better service to you,
  • Ensuring the legal, technical and commercial-occupational safety of the Company and the persons who have a business relationship with the Company.
  • Performance of the services to be performed within the scope of the duties and responsibilities of the Istanbul Metropolitan Municipality (“IMM”) in accordance with the Metropolitan Municipality Law No. 5216 and the relevant legislation,
  • Fulfilling our contractual obligations in accordance with the relevant laws,
  • Preparing our Company’s commercial books, invoices, tenders, checks and payrolls and ensuring accurate performance of relevant processes pursuant to the legislation,
  • Taking the necessary measures for occupational health and safety, planning and conducting training processes, and ensuring early intervention in health-related matters, within the scope of our obligations arising from the legislation,
  • Carrying out the necessary quality and standard inspections or fulfilling our other obligations determined by laws and regulations,
  • Notifying the changes in the legislation or the policies we accept or making notifications that concern the data owner,
  • Taking photographs and videos taken at meetings, seminars, training and other social organizations, award ceremonies, corporate meetings organized/participated by our company; promoting our company and the event, making announcements and informing the public,
  • Creating and tracking visitor records,
  1. Locations Where Personal Data Is Transferred, and Transfer Purpose

Your personal data obtained can be transferred to the following parties in line with the purposes of processing your personal data and within the framework of the conditions determined by PDPL:

  1. To our business partnerships or IMM and IMM Affiliates, in order to fulfill our public services/commercial activities, ensure their continuity and coordination,
  2. To our IMM and IMM Affiliates, our suppliers and solution partners, to which we are affiliated institutionally, in order to establish a common database and facilitate its operability, provide ease of communication, ensure brand and reputation management,
  3. To IMM, the Court of Accounts and authorized public institutions and organizations, audit firms, private integrator firms, independent audit firms within the scope of relevant contracts, for the purpose of auditing our public service activities pursuant to the provisions of the relevant legislation,
  4. To legally authorized public institutions and organizations in line with the demands of the relevant public institutions and organizations and limited to the purpose of the request,
  5. To our suppliers in order to prepare and implement strategies regarding our public services and commercial activities,
  6. To private and public legal entities in order to increase the awareness and value of the company, to improve the internet infrastructure and to keep it updated,
  7. To third parties and institutions requesting reference based on valid legal reason,
  8. To natural/legal persons and public institutions and organizations that we cooperate with in order to duly perform the fields of activity and public services of our company,
  9. To banks and financial institutions and our business partners in order to carry out banking and financial transactions,
  10. To consultancy firms specialized in financial, commercial, management, human resources and various fields in order to increase our quality standards, reduce costs and fulfill legal obligations,
  11. To our business partners and suppliers in order to carry out advertising and promotion processes,
  12. To IMM, IMM Affiliates and companies operating in this field for the purpose of organizing events, conferences, celebrations and similar social events,
  13. To the solution partner companies which conduct repair, maintenance, repair and service services, our suppliers and companies operating in this field,

To our business partners in general (outsourcing service providers, hosting service providers), company subsidiaries and legally authorized public institutions under personal data processing conditions and purposes specified in Articles 8 and 9 of the Law.

  1. Personal Data Collection Method and Legal Reason

Your personal data is collected automatically by our Company through cookies, which are technical communication files, due to your visit to our website, and through the forms you fill in for the purposes specified in this Clarification Text. Please see the Cookie Policy for detailed information about cookies. Your personal data, which is collected by means other than cookies, is collected by non-automatic means by filling in the forms on the website.

Your personal data is processed in accordance with the following legal reason:

  • Data processing being mandatory for legitimate interests of the company provided that it does not cause harm to your fundamental rights and freedoms pursuant to provision of art. 5/2 (f) of PDPL,

 

  1. Storage and Disposal of Personal Data

Our company stores personal data in a proportionate manner for the purpose of processing personal data. Personal data is stored until the end of the period required by the relevant legislation, if the purpose and/or reason for processing has terminated. Personal data will be disposed when the purpose and reason for the processing of personal data ceases to exist, and when the statute of limitations required to fulfill our obligations arising from the law is completed. The destruction and anonymization of personal data within the scope of the exception arising from public service will be carried out within the framework of the applicable legislation.

  1. How to Apply to the Data Controller and Your Rights

Pursuant to article 11 of the Law, by applying to our Company, you may exercise your right to; a) learn whether or not your personal data have been processed, b) request information as to processing if your data have been processed, c) Learn the purpose of processing of the personal data and whether data have been used in accordance with their purpose, d) know the parties in the country or abroad to whom personal data have been transferred, e) request rectification in case personal data have been processed incompletely / inaccurately, f) request deletion / destruction of personal data within the framework of the conditions set forth under article 7 of the PDPL, g) request notification of the operations made as per subparagraphs (e) and (f) to third parties to whom personal data have been transferred, h) object to occurrence of any result that is to your detriment by means of analysis of personal data exclusively through automated systems, and i) request compensation for the damages in case the you incurs damages due to unlawful processing of personal data. In addition, you can use the right to unsubscribe from the e-bulletin list free of charge by clicking the link in the e-mail content.

You can submit your information and application requests regarding your rights mentioned above to our Company in accordance with the Communiqué on Application Procedures and Principles to the Data Controller. You can fill the Application Form in our website and send it to the address “İstanbul Dünya Ticaret Merkezi (İDTM) Blokları A2 Blok No:10 Kat:17 Ofis No: 467 34149 Yeşilköy – Bakırköy / ISTANBUL” or e-mail address kvkk@enerji.istanbul.

Our company will finalize your requests as soon as possible and within thirty days at the latest, with the first request free of charge, depending on the nature of the request. However, a fee may be charged for subsequent requests on the same subject or in the first request, if the process requires an additional cost. Our company may accept and process the request or reject the request in written form by explaining the reason.

In cases where the application made by following the abovementioned procedure is rejected, the response provided is found to be insufficient, or the application is not replied in due time; you have the right to file a complaint with the Personal Data Protection Board (“Board”) within thirty days following the notification of the response, and in any case within sixty days from the date of application. However, a complaint cannot be made without exercising the application method.

Upon complaint or learning the violation claim ex officio, the Board makes the necessary examination on the matters under its area of responsibility. Upon complaint, the Board examines the request and provides a response to the relevant parties. If no response is provided within sixty days from the date of the complaint, the request is deemed to have been rejected. In the event that the existence of a violation is found as a result of the examination made upon the complaint or ex officio, the Board decides that the illegalities it detects will be eliminated by the data controller and notifies the issue to the relevant parties. This decision shall be exercises without delay and within thirty days at the latest, following the notification. The Board may decide to suspend the processing of data or the transfer of data abroad in the event of irreparable damage and if there is an explicit violation of the law.

We assure you that your data is protected sensitively by our Company, and thank you for trusting us.