1. PURPOSE:

The purpose of this policy is to make explanations about the personal data processing activities carried out by our legal entity in accordance with Personal Data Protection Law No. 6698, and the programs and systems we have adopted for the protection of personal data. The fact that the law aims to protect the fundamental rights and freedoms of persons, especially the privacy of private life, and to regulate the obligations and procedures and principles to be followed by natural and legal persons processing personal data is regulated under the title of Purpose in Article 1. In this context, the law aims to ensure clarity by informing the persons whose personal data are processed by our company such as our employees who are subject to employment contracts, our real estate appraisers, our assistant real estate appraisers, our housing appraisers, our lawyers, and legal advisors with whom we have a business connection subject to a power of attorney relationship, our customers, employees of institutions we cooperate with, the banks we work with, our shareholders and their officials and representatives, our visitors, interns, and third parties.

2.SCOPE: 

In Article 2 of Personal Data Protection Law No. 6698, it is regulated that it shall apply to natural persons whose personal data are processed and to natural or legal persons processing such data wholly or partially by automated means or by non-automated means which provided that form part of a data filing system. Accordingly, the Personal Data Processing and Protection Policy of Kalme Kurumsal Gayrimenkul Değerleme ve Danışmanlık A.Ş., which is a legal entity, concerns all personal data of as our employees who are subject to employment contracts, our real estate appraisers, our assistant real estate appraisers, our housing appraisers, our lawyers, and legal advisors with whom we have a business connection subject to a power of attorney relationship, our customers, employees of institutions we cooperate with, the banks we work with, our shareholders and their officials and representatives, our visitors, interns, and third parties processing such data wholly or partially by automated means or by non-automated means which provided that form part of a data filing system.

3. RESPONSIBLE:

The law firm from which our company has received legal consultancy services with a power of attorney for the preparation of this policy, Salih Karatepe, who has been appointed as the Kalme Kurumsal Gayrimenkul Değerleme ve Danışmanlık A.Ş. Personal Data Processing and Protection Commission for reviewing and updating, and who has been appointed as the data controller for its enforcement, as well as Esra Demirhan who has been appointed by the company’s Board of Directors’ decision as the person in charge,  are in charge and responsible.

4. DEFINITIONS:

  1. Explicit consent means freely given, specific and informed consent,
  2. Anonymization means rendering personal data impossible to link with an identified or identifiable natural person, even though matching them with other data,
  3. Application form means the “Application Form Regarding the Applications to be made by the Relevant Person (Personal Data Owner) to the Data Controller in accordance with Personal Data Protection Law No. 6698”, which includes the application to be conducted by the personal data owners to exercise their rights and explain the method of the application to which the link is provided within the scope of our policy.
  4. Candidate Employee means natural persons who have applied for a job or internship in our company by any means, or who have submitted their CV and related information to be reviewed by our company.
  5. Employee, Shareholders, and Authorities of the Institutions Cooperated means, natural persons, including the shareholders and officials of these institutions, working in the institutions with which our company has all kinds of business relations (such as but not limited to business partners, suppliers)
  6. Employee means contractual and administrative, accounting, support personnel working within Kalme Kurumsal Gayrimenkul Değerleme ve Danışmanlık A.Ş
  7. Real Estate Appraisers means personnel who are employed full-time (on permanent staff) by the real estate appraisal company to make real estate appraisal in the appraisal staff, or who provide outside valuation services (contracted) to the organization by signing a contract, persons who have a minimum of 4 year-university degrees, at least 3 years of experience in real estate appraisal, and who have a Real Estate Appraisal License granted by the Board, and who take part in the company as permanent, contracted, auditor
  8. Assistant Real Estate Appraisers means personnel employed by the real estate appraisal company to carry out valuation activities accompanied by real estate appraisers in order to teach, train and gain experience in the appraisal profession. Real persons who have a minimum of a 4-year university degree, have a Real Estate Appraisal License issued by the Board but do not yet meet the experience requirements to become a real estate appraiser,
  9. Housing Appraisers means personnel who perform housing appraisal and are employed full-time in appraisal companies when required by the Capital Market Legislation, or who provide housing appraisal services by signing a contract with appraisal companies without being employed full-time and within the framework of the Board’s licensing regulations, persons with a minimum of 4 years of a university degree,  at least 1 year of experience in the field of real estate appraisal and who have been granted a Housing Appraisal License
  10. Processing of personal data means any operation which is performed on personal data, wholly or partially by automated means or non-automated means which provided that form part of a data filing system, such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use thereof
  11. Data Subject means the natural person, whose personal data are processed. For example; employees, candidate employees, company officials, etc.
  12. Personal data means any information relating to an identified or identifiable natural person. For instance; name-surname, T.R. identity number, e-mail address, address, date of birth, credit card number, etc.
  13. Special Quality Personal Data means Data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress code, membership of associations, foundations or trade unions, health, sexual life, criminal conviction, and security measures, and biometric and genetic data.
  14. Official of the company with legal personality is Salih Karatepe
  15. Supplier means parties providing services to our company on a contractual basis in accordance with our company’s orders and instructions while carrying out our company’s activities,
  16. Third-party means natural persons whose personal data are not defined differently within the scope of our policy, and whose personal data are processed within the scope of our policy. For example; Accompanying employees with disabilities, family members and relatives of employees, etc.
  17. Data Processor means the natural or legal person who processes personal data on behalf of the data controller upon its authorization. For example, the cloud computing company that holds our company’s data, the IT company processing our company’s data, etc.
  18. Data Controller means the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system in accordance with Personal Data Protection Law No 6698. Kalme Kurumsal Gayrimenkul Değerleme ve Danışmanlık A.Ş. data controller Kalme Kurumsal Gayrimenkul Değerleme ve Danışmanlık A.Ş. ‘s Personal Data Processing and Protection Commission,
  19. Visitor means natural persons who have entered our physical premises with various purposes or visited our websites
  20. Policy means Kalme Kurumsal Gayrimenkul Değerleme ve Danışmanlık A.Ş. Personal Data Protection and Processing Policy
  21. Our Company is Kalme Kurumsal Gayrimenkul Değerleme ve Danışmanlık A.Ş.
  22. Personal Data Protection Law means Personal Data Protection Law No 6698 dated March 24, 2016, published in the Official Gazette dated 7 April 2016 and numbered 29677
  23. EU means European Union
  24. Constitution means the Constitution of the Republic of Turkey, dated 7 November 1982 and numbered 2709, published in the Official Gazette dated 9 November 1982 and numbered 17863
  25. Institute of Personal Data Protection means Institute of Protection of Personal Data
  26. Personal Data Protection Board means the Personal Data Protection Board established within the Institute of Protection of Personal Data
  27. Turkish Code of Obligations means the Turkish Code of Obligations dated 11 January 2011 and numbered 6098 published in the Official Gazette dated 4 February 2011 and numbered 27836
  28. Turkish Penal Code means Turkish Penal Code dated 26 September 2004 and numbered 5237 published in the Official Gazette dated 12 October 2004 and numbered 25611
  29. Turkish Commercial Code means the definitions of the Turkish Commercial Code dated 13 January 2011 and numbered 6102 published in the Official Gazette dated 14 February 2011 and numbered 27846 within the scope of our company policy and law.

5. APPLICATION:

5.1. Basic Principles

Personal data protection is the priority and among the important issues of our Company. The most important point of this issue is the processing and protection of personal data of employee candidates, employees, interns, officials, visitors, employees of the institutions we cooperate with, real estate appraisers, assistant real estate appraisers, housing appraisers, shareholders, officials and third parties managed by the Personal Data Processing and Protection Policy.

Each person has the right to request the protection of personal data in accordance with the Constitution of the Republic of Turkey. Regarding the protection of personal data, which is a constitutional right, our company makes this a company policy by showing the necessary sensitivity to the protection of personal data of our candidates, employees, visitors, employees of the institutions we cooperate with, real estate appraisers, assistant real estate appraisers, housing appraisers, shareholders and officials, board members and third parties managed by this policy.

In this context, necessary technical and administrative measures are taken by our company in order to protect the personal data processed in accordance with the relevant legislation.

The Turkish text shall prevail in the event of a conflict between the Turkish text of our policy and the foreign language (s) in which it is translated.

In this policy, detailed explanations regarding the main principles adopted by our company in the processing of personal data and specified below will be conducted;

  • Processing in accordance with the provisions of law and good faith,
  • Keeping personal data accurate and up-to-date when necessary,
  • Processing personal data for specific, clear and legitimate purposes,
  • Connected, limited and measured processing of personal data for the purpose for which they are processed,
  • Retaining personal data for the period required for the purpose stipulated in the legislation or for the purpose for which they were processed,
  • Informing personal data owners,
  • Establishing the necessary system for personal data owners to exercise their rights,
  • Taking necessary precautions to protect personal data,
  • Acting in accordance with the relevant legislation and PDP Board regulations within the requirements of the purpose of processing personal data,
  • Displaying the necessary sensitivity to the processing and protection of special quality personal data,

5.2. Method

5.2.1. Implementation of the Policy and Related Legislation

The relevant legal regulations in force on the processing and protection of personal data shall primarily be applied. Our company accepts that the legislation in force shall be applied in the event of a discrepancy between the legislation in force and our policy.

Our policy is designed to embody the rules laid down by the relevant legislation within the scope of our company’s practices. Our company carries out the necessary systems and preparations to act in accordance with the effective periods stipulated in the Personal Data Protection Law No. 6698.

5.2.2. Considerations for the Protection of Personal Data

5.2.2.1. Ensuring the Security of Personal Data

Our company pays a high level of attention and care to data security and takes the necessary technical, administrative, and legal measures regarding data security in the following issues.

The activities and measures taken by our company to ensure data security in accordance with Article 12 of the Personal Data Protection Law No. 6698 are as follows:

  1. Our company takes technical and administrative measures according to technological possibilities and application costs in order to prevent personal data from being stored in safe environments and being destroyed, lost, or changed for unlawful purposes, and to ensure the lawful processing of personal data.
  2. Employees are informed that they cannot disclose the personal data they have acquired in violation of the provisions of Personal Data Protection Law No. 6698 and other relevant laws, cannot use them for purposes other than the purpose of processing, and that this obligation shall continue after the resignation and necessary written commitments are taken in this direction.
  3. Our company takes physical, technical, and administrative measures according to the nature of the data to be protected, technological possibilities, and application costs in order to prevent unauthorized or imprudent disclosure of personal data, unlawful access, transfer to another system, or unlawful access in other ways.
  4. Our company carries out information and other activities in order to increase awareness of data processing institutions such as business partners, solution partnerships, banks, public institutions, and suppliers to whom it has transferred personal data in order to prevent unlawful processing of personal data, to prevent unlawful access to data and to ensure that data is protected in accordance with the law.
  5. As the data controller, the obligations that our company has to comply with when processing personal data and the obligation to comply with the legal, physical, administrative, and technical measures developed in this regard are carried out in accordance with the law by establishing a contractual relationship in line with the nature of the data processing activity carried out by our company to the institutions processing data in which it is related with various attributes such as supplier, business partner, solution partner, bank, public institutions or by adding the relevant issues to the signed contracts.
  6. Our company carries out or has carried out the necessary technical, administrative, and physical inspections within its own body in accordance with Article 12 of Personal Data Protection No. 6698. These audit results are reported to the relevant department, the law office or partnership contracted and the Board of Directors within the scope of the internal operation of our company, and the necessary activities are carried out to improve the measures.
  7. Our company operates a system that allows this situation to be notified to the concerned personal data subject and the Personal Data Protection Board as soon as possible in the case that personal data processed in accordance with Article 12 of the Personal Data Protection Law No 6698 are obtained by others through illegal means.

5.2.2.2. Observing the Rights of the Data Owner; Establishment of Channels to Transmit These Rights to Our Company and Evaluation of the Requests of the Data Holders

Our Company exploits required channels, internal working procedures, administrative and technical regulations in accordance with Article 13 of the Personal Data Protection Law No 6698 to evaluate the rights of personal data subjects and to provide them with necessary information.

Our company shall conclude the request free of charge as soon as possible and within thirty days at the latest, taking into account the nature of the request in case personal data owners submit their requests regarding their rights to our company through the methods stated below. However, our company shall be entitled to the fee in the tariff determined by the Personal Data Protection Board in accordance with the law if the transaction requires an additional cost.

In this scope, owners of personal data have the following rights regarding themselves:

  • Learning whether the personal data have been processed or not,
  • Requesting information if their personal data has been processed,
  • To learn the purpose of processing personal data and whether they are used in line with their purpose,
  • Being informed about the third parties to whom personal data are transferred domestically or abroad,
  • Requesting correction and claiming the notification of the transaction performed to the third persons to whom the personal data have been transferred if the personal data is processed incompletely or incorrectly,
  • Requesting deletion or disposal of personal data in case the reasons requiring processing within the framework of the provisions specified in Article 7 of Law No. 6698 and despite the fact that it has been processed in accordance with Law No. 6698 and other relevant legal provisions have been eliminated as well as requesting notification to the third parties to whom your personal data has been transferred,
  • Objecting to any adverse consequences arising as a result of processed data being analyzed solely by automatic systems,
  • Claiming compensation in case of loss due to unlawful processing of personal data.

Article 13 of Personal Protection Data Law No 6698 Pursuant to paragraph 1 of Article 1 of the Law, our company shall forward the request for exercising the above-mentioned rights to the data controller in writing or by registered electronic mail (Kep) address, secure electronic signature, mobile signature, or by using the electronic mail address previously notified to the data controller by the relevant person and registered in the data controller’s system, or by means of a software or application developed for the purpose of application.

In the application of personal data owners who want to exercise their rights mentioned above;

  • Name, surname, and signature, if the application is written,
  • TR Id No for Turkish Citizens and nationality, passport no or identity no for foreigners,
  • Residential address or workplace address based on the notification;
  • E-mail address, telephone, and fax number, if any, for notices,
  • The subject of the request must be found.
    Information and documents related to the subject are attached to the application.

Regarding the applications, the procedure shall be carried out based on the provision of Article 6 (Response to Application) of the “Communiqué on Procedures and Principles of Application to Data Controller” published in the Official Gazette dated 10.3.2018 and numbered 30356.

Website: https://kalme.com.tr/#

Address: Mutlukent Mahallesi 2027 Sokak No:13 Çankaya/ANKARA

You can personally submit it to the address presented above, submit it via notary public or other methods specified in the Personal Data Protection No. 6698, or submit the relevant form to info@kalme.com.tr with a secure electronic signature.

5.2.2.3. Processing and Protection of Special Quality Personal Data

Special importance has been attached to some personal data due to the risk of violating the confidentiality of private life, and a superior effort has been made to prevent the occurrence of violations with Personal Data Protection Law No 6698.

These special quality data include data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, and clothing, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

Our company shows sensitivity in the protection of special quality personal data determined as “special quality” by Personal Protection Data No. 6698 and processed in accordance with the law. In this context, physical, legal, technical, and administrative measures taken by our company for the protection of personal data are carefully implemented in terms of special quality personal data and necessary audits are provided.

5.2.2.4. Clarification and Information of the Personal Data Owner

In line with the provisions of the “Communiqué on the Procedures and Principles to be Complied with in Fulfilling the Obligation of Illumination” published in the Official Gazette dated 10.03.2018 and numbered 30356, the personal data owner is enlightened and informed.

The protection of the personal data owner is ensured by our company by performing the procedures in accordance with our policy, which is regulated in line with the “Regulation on the Deletion, Destruction or Anonymization of Personal Data” published in the Official Gazette dated 28.10.2017 and numbered 30224.

5.2.3. Matters Regarding the Processing of Personal Data

5.2.3.1. Processing of Personal Data in accordance with the principles stipulated in the Legislation

Our company processes personal data in accordance with the following personal data processing principles in Article 4 of Personal Protection Law No. 6698:

  1. Processing in Compliance with the Law and the Rule of Integrity: Our company acts in accordance with the principles introduced by legal regulations, the rule of good faith, and the general principles of trust in the processing of personal data. In this context, proportionality requirements are taken into consideration in the processing of personal data and the personal data are processed only to the extent required by the relevant purpose.
  2. Ensuring Personal Data Are Accurate and Up-to-Date: Our company takes the necessary measures with administrative and technical mechanisms to keep the personal data processed accurate and up-to-date, taking into account the fundamental rights and legitimate interests of personal data owners.
  3. Processing for Specific, Explicit, and Legitimate Purposes: Our company clearly and precisely determines the legitimate and lawful personal data processing purpose before the personal data processing starts. Our company is associated with the service providing personal data and processing the necessary.
  4. Being Connected, Limited, and Measured with the Purpose of Processing: The personal data processing activity carried out by our company is limited to the processing of personal data necessary to fulfill the collection purpose. Therefore, the processing of personal data that is not related to the purpose in the current situation, such as the processing of personal data to meet possible needs that may arise later, is avoided and should be treated with the necessary sensitivity.
  5. Keeping the Personal Data for the Period Envisioned in the Relevant Legislation or Required for the Purpose of Processing: Our company preserves the personal data for the period required for the purpose for which they are processed or regulated in the relevant legislation. Personal data is deleted, destroyed, or anonymized upon the expiration of this period.

5.2.3.2. Processing Personal Data Based on and Limited to One or More of the Personal Data Processing Conditions specified in Article 5 of the Personal Data Protection Law

Protection of personal data is a constitutional right. Fundamental rights and freedoms can only be limited by law under certain conditions, depending on the reasons stated in the relevant articles of the Constitution. Personal data can only be processed in cases stipulated by the law or with the explicit consent of the person pursuant to the third paragraph of Article 20 of the 1982 Constitution. Our company processes personal data in this direction and in accordance with the Constitution, only in cases stipulated by law or with the explicit consent of the person.

The express consent of the personal data owner is only one of the legal bases that makes it possible to process personal data in accordance with the law. Personal data may also be processed in the presence of any of the other conditions written below apart from explicit consent. The basis of the personal data processing activity can be only one of the conditions stated below, or more than one of these conditions can be the basis of the same personal data processing activity. The following conditions apply in the event that the processed data is sensitive.

All kinds of personal data processing activities are carried out in accordance with the general principles specified in Article 4 of the Personal Data Protection Law No. 6698 although the legal grounds for the processing of personal data by our company differ.

  1. Explicit Consent of the Personal Data Owner: One of the conditions for the processing of personal data is the explicit consent of the owner. Personal data can be processed by our company, provided that the data owner declares that they have sufficient information about the personal data processing activity, without hesitation, and that they have given their consent limited to the transactions for which purpose. The explicit consent of the visitors is obtained by the relevant methods for the processing of personal data subject to the express consent of the personal data owner such as employees, employee candidates, authorized members of the board of directors, solution partner employees, real estate appraisers, assistant real estate appraisers, housing appraisers, employees of persons and institutions with whom the business partnership is established.
  2. Explicitly Provided by Laws: Personal data of the data subject may be processed by our company in accordance with the law, without the explicit consent of the data subject, if it is expressly stipulated in the law.
  3. Failure to Obtain the Explicit Consent of the Related Person due to Actual Impossibility: The personal data of the person whose consent is not legally valid, may be processed by our company if it is necessary to process it in order to protect the life or physical integrity of themselves or another person.
  4. Concerning the Establishment or Performance of the Contract: Provided that it is directly related to the establishment or execution of a contract, it is possible to process personal data if the process of parties’ date is necessary to the contract.
  5. Fulfilling the Legal Obligation of the Legal Entity Company: The personal data of the data subject shall be processed within the limits of the said obligation and if the data processing is mandatory in order for our company to fulfill its legal obligations as the data controller.
  6. Publicizing the Personal Data of the Personal Data Owner: The relevant personal data shall be processed.
  7. Mandatory Data Processing for the Establishment or Protection of a Right: The personal data of the data owner shall be processed if data processing is mandatory for the establishment, exercise, or protection of a right.
  8. Compulsory Processing of Data for the Legitimate Interest of Our Company: The personal data of the data owner shall be processed without their consent in cases where data processing is necessary for the legitimate interests of our company without harming the fundamental rights and freedoms of the personal data owner.

5.2.4. Processing of Special Quality Data

Our company complies with the regulations stipulated in Personal Data Protection Law No. 6698 in the process of processing personal data determined as “special quality” with Personal Data Protection No. 6698. A set of personal data that carries the risk of causing victimization or discrimination when processed unlawfully is determined as a “special quality” in Article 6 of Personal Protection Data Law No. 6698. These data are data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

Our company processes sensitive personal data in the following cases in accordance with the Personal Data Protection Law No. 6698 provided that adequate measures determined by the Personal Data Protection Board are taken:

  • Special quality personal data can be processed if the personal data owner has explicit consent.
  • Personal data other than health and sexual life shall be processed without seeking the explicit consent of the data subject, in cases stipulated by the laws if the personal data owner does not have explicit consent. Personal data related to health and sexual life can only be processed without the explicit consent of the person concerned, or by authorized institutions and organizations, who are under the obligation of secrecy for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. Sufficient measures determined by the Board are also taken by our company in the processing of special quality personal data.

5.2.5. Transfer of Personal Data

Our company can transfer the personal data and sensitive personal data of the personal data owner to third parties (to third party companies, solution partnerships, banks, public institutions, group companies, consultancy or companies with which an agreement is made under the contract, third real persons) by taking the necessary security measures in accordance with the law and in line with the personal data processing purposes.

Accordingly, our company acts in accordance with the regulations stipulated in Article 8 of Personal Data Protection Law No. 6698.

Some persons/organizations to whom personal data can be transferred for the above-mentioned purposes;

  • Turkish Appraisal Experts Association Regulations, Real Estate Appraisal Minimum Wage Tariff and Implementation Principles Regarding the Appraisal Services Provided by TDUB Members for their Customers, Capital Markets Board Regulations, Banking Regulation and Supervision Agency Regulations, Capital Markets Law No. 6362 including Expertise Regulations, Expertise Law, Appraisal of Banks Regulation on Receiving Services and Authorization and Activities of Institutions to Provide Appraisal Services to Banks, Expropriation Law No. 2942, Law No. 5366 on Renewal, Protection and Use of Worn Historical and Cultural Immovable Assets, Law No. 2863 on the Protection of Cultural and Natural Assets, Banking Law No. 5411, Zoning Law No. 3194, Settlement Law No. 5543, Cadastre Law No. 3402, Forest Law No. 6831, Public Procurement Law No. 4734, Social Insurance and General Health Insurance Law No. 5510, Occupational Health and Safety Law No. 6331 Security Law, Acquisition of Information Law No. 4982,
  • Retirement Health Law No. 5434, Social Services Law No. 2828, Law No. 5366 on the Renewal, Protection and Use of Worn-out Historical and Cultural Immovable Assets, Law on the Protection of Cultural and Natural Assets No. 2863, Appraisal of Immovable Property Owned by the Treasury and Changes in the Value Added Tax Law No. 4706, Turkish Commercial Code, Tax Procedure Law, Law on Regulation of Electronic Commerce, Law on Regulation of Publications Made on the Internet and Fighting Against Crimes Committed Through These Publications,
  • Institutions or organizations permitted by the provisions of Protection of Consumer, Enforcement, and Bankruptcy Law No. 2004, Personal Data Protection Law and other legislation and communiqué provisions,
  • Public legal entities such as the Personal Data Protection Board, Turkey Appraisal Experts Association, Ministry of Finance, Ministry of Trade, Information Technologies and Communication Authority, Kalme Kurumsal Gayrimenkul Değerleme ve Danışmanlık A.Ş, which is contracted and collaborated with to carry out our activities, which are jointly and severally responsible in taking data security measures such as the protection of all kinds of personal data, prevention of unauthorized access and unlawful processing, program partner domestic/international organizations and other third persons.

5.2.5.1. Transfer of Personal Data Abroad

Our Company shall transfer personal data to third parties, in line with its purposes of legitimate and lawful processing personal data and in some circumstances in order to increase the data protection. Personal data is transferred by our company to foreign countries that are declared to have adequate protection by the Personal Data Protection Board, or to foreign countries where data controllers in Turkey “Foreign Country with Sufficient Protection” and the relevant foreign country “Foreign Country with Data Controller Undertaking Adequate Protection” undertake in writing to provide adequate protection and where the permission of the Personal Data Protection Board is granted in case of insufficient protection. Accordingly, our company acts in accordance with the regulations stipulated in Article 9  of Personal Data Protection Law No. 6698.

5.2.6. Personal Data Processing Activities Conducted in the Building with Building Entrances and Website Visitors

Our company takes the necessary measures to increase the quality of the services provided, to ensure its reliability, to ensure the safety of the company, visitors, and other people, and to protect the interests of the visitors regarding the service they receive.

Only authorized personnel have access to the records recorded and stored digitally. Authorized persons who have access to the records accept and undertake that they will protect the confidentiality of the data they access with the confidentiality commitment.

Following Article 12 of Personal Data Protection Law No. 6698, necessary physical, legal, technical, and administrative measures are taken by our company to ensure the security of the personal data obtained as a result of the emergence of camera monitoring.

5.2.7. Conditions for Deletion, Demolition, and Anonymization of Personal Data

As regulated in Article 138 of the Turkish Penal Code and Article 7 of Law No. 6698, personal data are deleted, destroyed, or anonymized upon our company’s own decision or upon the request of the personal data owner, in case the reasons requiring processing of personal data have been eliminated despite the fact that personal data has been processed in accordance with the provisions of the relevant law.

In this context, our company develops legal, technical, and administrative mechanisms to fulfill its relevant obligation and operates these mechanisms. It provides training to the relevant administrative and academic personnel in this regard.

The personal data owners in question are informed in this context through the texts hung or otherwise made available to the guests if the names and surnames of the people who come to our company’s buildings as guests are needed to be obtained. Although the data regarding the guests have not been processed by our company until now if deemed necessary by the company legal entity, the data obtained for entry-exit tracking is only processed for this purpose or the relevant personal data is recorded in the data recording system in the physical environment.

Our company records the Internet movements within the site by technical means in order to ensure that the visitors of these sites perform their visits on the websites owned by our company, to show them customized content, and to engage in online advertising activities. These technical tools can be exemplified as “cookies”.

Detailed explanations regarding the protection and processing of personal data related to these activities carried out by our company are included in the “Website Privacy Policy” texts of the relevant websites.

5.2.8. Relation of Our Company’s Policy on the Protection and Processing of Personal Data with Other Policies

Our company ensures that the principles it has set forth with this policy are implemented within our company with the policy, procedure, and application guides it has set forth for the execution of the relevant principles. Compliance is also ensured between the processes that our company operates with different policy principles for similar purposes, in connection with the policies, procedures, and implementation guides set forth on the Protection of Personal Data and the basic policies, procedures, and implementation guides carried out by our company in other areas.

5.2.9. Our Company’s Policy on the Processing and Protection of Personal Data Management Structure

In accordance with the decision of the company’s board of directors, Kalme Kurumsal Gayrimenkul Değerleme ve Danışmanlık A.Ş. Commission on the Processing and Protection of Personal Data” has been established in order to manage this policy and other policies, procedures, and practice guides affiliated to and related to this policy within the company.

The duties of this commission are as follows:

  • To prepare and put into effect the basic policies related to the Protection and Processing of Personal Data and, if necessary, to submit to the Board of Directors for approval,
  • To decide how the policies related to the Protection and Processing of Personal Data will be implemented and how the audit will be carried out, and to make internal assignments within this framework, and to submit the issues of ensuring coordination to the approval of the board of directors,
  • To determine what needs to be done to ensure compliance with the Personal Data Protection Law and the relevant legislation, and to submit the necessary actions to the approval of the board of directors, to ensure its implementation and coordination,
  • To raise awareness about the Protection and Processing of Personal Data within the company and with the company’s business partners,
  • To determine the risks that may arise in the personal data processing activities of the company, to ensure that the necessary measures are taken, and to submit the improvement suggestions to the senior management,
  • To plan and execute training on the protection of personal data and the implementation of policies,
  • To submit the information to be made to the applications of the personal data owners in order to decide on the board of directors,
  • To coordinate the execution of information and training activities to ensure that personal data owners are informed about their personal data processing activities and legal rights,
  • To follow the developments and regulations on the Protection of Personal Data, to advise the board of directors and the authorized person on what should be conducted within the company in accordance with these developments and regulations,
  • To coordinate the relations with the Personal Data Protection Authority and the Board,
  • To fulfill other duties of the Company’s Board of Directors regarding the protection of personal data.

5.3. Policy Enforcement and Review

This policy issued by our company enters into force on the date it is published on the company website. The effective date of the policy shall be updated in case of renewal of our policy or certain articles.

The policy is published on our company’s website (https://kalme.com.tr) and made available to the relevant persons upon the request of personal data owners.

Kalme Kurumsal Gayrimenkul Değerleme ve Danışmanlık A.Ş. is responsible for reviewing and updating this document. It belongs to the Commission on the Processing and Protection of Personal Data. Changes and updates are published with the approval of the representative-authorized person. The review takes place in December of each year.

6. RELATED DOCUMENTS:

  • Personal Data Protection Law No. 6698,
  • Turkish Code of Obligations No. 6098,
  • Regulation on Data Controllers Registry
  • The Regulations on the Deletion, Destruction or Anonymization of Personal Data,
  • Communiqué on the Procedures and Principles of Application to the Data Controller
  • Communiqué on the Procedures and Principles to be Complied with in Fulfilling the Obligation to Light
  • Application Form Regarding the Applications to be Made by the Related Person (Personal Data Owner) to the Data Controller in accordance with Personal Data Protection Law No. 6698
  • Access to Information Law No. 4982,
  • Labor Law No. 4857,
  • Retirement Health Law No. 5434,
  • Welfare Services Law No. 2828
  • Turkey Appraisal Experts Association Regulations, Real Estate Appraisal Minimum Wage Tariff and Implementation Principles Regarding the Appraisal Services Provided by TDUB Members to their Customers,
  • Capital Markets Board Regulations,
  • Banking Regulatory and Supervision Agency
  • Capital Market Law No. 6362 including Expertise Regulations,
  • Expertise Law,
  • Law of Expropriation No 2942
  • Law No. 5366 on the Renewal, Protection, and Use of Worn Out Historical and Cultural Immovable Assets,
  • Law on Protection of Cultural and Natural Assets No. 2863, Banking Law No. 5411,
  • Turkish Commercial Code,
  • Tax Procedural Law,
  • Law on the Regulation of Electronic Commerce,
  • Law on Regulation of Broadcasts on the Internet and Combating Crimes Committed Through These Broadcasts,
  • Consumer Protection Law,
  • Enforcement, and Bankruptcy Law No. 2004,
  • It is stored for the retention periods stipulated within the framework of other secondary regulations in force in accordance with the aforementioned laws.

7. REVISION FOLLOW-UP:

REVISION NUMBER                     DATE               DESCRIPTION