Privacy policy
1. Text of Personal Date Protection
NOTICE REGARDING THE LAW NUMBER 6698 ON THE PROTECTION OF PERSONAL DATA
As Magnolia Gıda Tic. A.Ş. ("Magnolia Bakery"), we are very sensitive to your personal data. As Magnolia Bakery, we attach importance to processing and protection of all personal data of all relevant persons including those benefiting our products and services in accordance with The Law Number 6698 On The Protection Of Personal Data (“PDPL”). Therefore, we would like to inform you with this text within the scope of PDPL in order to protect your basic rights and freedoms.
1. Why has PDPL been issued ?
Both public institutions and private organizations have been processing the information described as personal data in relation to performance of a duty or provision of a service. This may be arisen from laws and sometimes, is based on the consent of persons or a contract. And, sometimes, it may be arisen depending on the nature of the transaction. Protection of basic rights and freedoms of persons during data processing is one of the primary issues.
PDPL has become into force with the purpose of disciplining personal data protection, protection of basic rights and freedoms, protection of privacy right of a person and information safety right and determining the obligations of real and legal persons who process personal data and the principles and procedures to be followed by them.
2. What is Personal Data?
Personal data refers to any information relating to a real person whose identity is either defined or can be identified. Not only the information that provides the definitive diagnosis of the person, such as name and surname, but also information about the physical, economic, social and other characteristics of the person is personal data.
The fact that a person is defined or identifiable means making that person identifiable by associating existing data with a natural person in any way. This includes all situations that enable the person to be identified as a result of holding a concrete content expressing the physical, economic, cultural, social or psychological identity of the person or associating it with any record such as identity, tax, insurance number.
3. What is Sensitive Personal Data ?
Sensitive personal data consists of data about race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric data. and genetic data. Such data categories have been issued restrictively in PDPL; personal data other than these categories will not be considered to be sensitive personal data within the relevant legislation.
4. What is Processing Personal Data?
Acquiring personal data through completely or partly automatic methods or non-automatic means provided that it is part of any data recording system, recording, storing, maintaining, changing, rearranging, disclosing, transferring, taking over, making such personal data available, classification or prevention of such personal data from usage and all similar processes on the data are considered to be processing of personal data. All activities carried out in the process up to deletion, disposal or anonymization after personal data is collected as defined are considered to be processing personal data within the scope of the relevant Law.
5. Who is the Relevant Person?
Relevant person means the real person whose personal data is processed. PDPLM protects only the rights and freedoms of real persons but does not cover legal persons.
6. Who is Data Controller?
Data controller means real or legal person being responsible for determining the purpose and means of processing personal data, establishing and managing data recording system. Legal persons are themselves described as “data controller” within the scope of the activities carried out by them regarding processing personal data, and the legal responsibility set forth in the relevant regulations will be borne by the legal person. There is not any difference in terms of public law legal persons and private law legal persons in this respect.
Data controller is the person who determines the purpose and method of processing personal data according to the law. In other words, s/he is the person who will answer the questions of “why” and “how” the activity of processing personal data will be carried out.
7. What is Express Consent and Under Which Circumstances should it be Obtained?
Express consent is the declaration of the consent of the relevant person for processing of his/her personal data as having sufficient knowledge regarding the issue and being limited only to that transaction. In this sense, express consent must include declaration of his/her positive will of the persons who give consent; and express consent does not have to be obtained in written provided that the regulations within the other legislation are reserved.
For example, as per PDPL; health information of real persons may be processed by the persons who are not obligated to keep secret except for protection of public health, carrying out the activities of preventive medicine, medical diagnosis, treatment and care only based on the express consent.
2. PDPL Application Form
Your personal data which you have shared with Magnolia Gıda Tic. A.Ş. ("Magnolia Bakery") within the scope of employee/employer, customer and our commercial relationships are under the protection of Magnolia Bakery. Your personal data which we have requested you to share with us and/or you have shared with us based on the purpose of processing it and such that it is limited and only to the extent of processing purpose may be recorded, stored, possessed , rearranged within the framework of the purpose which require processing of it and may be shared with the authorities authorized to require such personal data to be disclosed to them within the scope of the relevant law; transferred, assigned to domestic and foreign third persons under the conditions stipulated by The Law Number 6698 On The Protection Of Personal Data (“PDPL”) and classified and processed in other ways set forth in PDPL. Magnolia Bakery takes all necessary technical and administrative measures through all technological and infrastructure facilities in order to ensure that your personal data is kept securely, processed and accessed legally as per PDPL.
In this scope, you can use the following rights by applying to our Company as Data Controller within the scope of article no.11 of PDPL. In this context, those whose data is processed have the right to:
· learn whether or not personal data has been processed,
· if any, make a request concerning processed data,
· learn for which purpose their personal data has been processed and whether or not these personal data has been used in accordance with its intended use,
· know the third persons to whom personal data has been transferred, request correction of the mistakes in the personal data and if it has been transferred, request third persons to correct the relevant mistakes,
· If the reasons for processing personal data are not available anymore; request deletion, disposal or anonymization of these data or if such data has been transferred, request such demand to be communicated to the relevant third person,
· raise objection to the negative result related to the person after data is processed,
· request payment of damages within the framework of the laws in case such damages occur due to data processing contrary to the Law.
Applications in relation to such rights to our Company being the data controller must be made in written in accordance with the article number 13 of PDPL or by other methods set forth by the Board of Personal Data Protection (“Board”).
In this context, printout of the Application Form provided in the following link will be obtained and the applications to be made to our Company in “written” may be made by;
· the Applicant in person,
· Notary,
· sending an e-mail to [email protected] though personal e-mail of the applicant,
· sending to the registered electronic mail address of the Company by signing it with “secure electronic signature” defined in Electronic Signature Law No.5070.
Please, tick to download PDPL Application form.
3. Camera Surveillance and Recording Clarification Text
The purpose of this Clarification Text and Camera Recording Policy is to inform you that surveillance cameras are installed and recording in Magnolia Gıda Tic AŞ Coffee Shops and in other areas (hereinafter referred to as the “Company Premises” in this clarification text) with the following warning sign.
(1)Data Controller and Contact Person
According to the provisions of the Personal Data Protection Law No 6698 (PDPL), your personal data is processed by our Magnolia Gıda Tic. A.Ş (hereinafter referred to as “the Company” in this Clarification Text), acting as the Data Controller within the scope designated below.
(2)Personal Data Collection Methods and Legal Reasons
The camera surveillance system, records and processes images of individuals and objects passing through the range of these systems. The system works continuously 24 hours a day, 7 days a week. Visual information and camera recordings are processed by the video surveillance system. These data are processed based on the relevant legislation, especially Personal data processing conditions specified in Articles 4, 5 and 6 of the Law, Law No. 5188 on Private Security Services, Labor Law No. 4857, Occupational Health and Safety Law No. 6331, and Law No. 5179 on Production, Consumption and Inspection of Foods.
(3)Purpose of Processing Personal Data
Personal data subject to your explanation above may be processed for the purposes listed below:
· Protection of company premises, individuals, goods and products in these premises from all kinds of attacks, theft, robbery or any kind of damage,
· Ensuring the security of company premises, their infrastructure, products, and operations and taking precautions against all kinds of security violations,
· Providing information to authorized institutions and organizations,
· Ensuring the legal, technical and commercial business safety of the Company and the persons who have a business relationship with the Company,
· Planning, auditing and execution of information security processes,
· Controlling the entrance and exit to the workplace,
· Planning and/or execution of occupational safety and/or health processes and fulfillment of obligations related to these purposes,
· Prevention of fire and similar disasters,
· Management of the areas (such as parking lot, private areas) where the company premises are located,
· Detecting and investigating violations related to workplace rules.
(4) The persons to whom and the purposes for which the processed personal data may be transferred.
Camera records collected in line with the realization of the above-mentioned objectives and limited to the fulfillment of these purposes, can be transferred to our shareholders, affiliates and subsidiaries, business partners, suppliers and legally authorized public institutions, private persons or organizations or third parties within the framework of the personal data processing conditions and purposes as defined by the Articles 8 and 9 of the Personal Data Protection Law limited to purposes specified in this clarification text and can be processed at home and abroad.
With whom and for which purposes your personal data can be shared have been provided in detail below:
· Sharing data such as camera records with the security company and the company which has established and operated the technical infrastructure in order to ensure security of the Company and its premises;
· External providers authorized to manage and store the data;
· Sharing the date with the suppliers in order to store the physical and electronic employee data;
· Sharing personal data with the experts, law offices and audit companies for audit and fact finding activities and with public authorities, insurance companies, social benefit support funds, business consultants in order to fulfill regulatory and contractual obligations;
· Cases required by the legitimate interest of the data controller.
Personal data sharing with the public authorities and organizations and official institutions will be as follows:
· If camera records are required, sharing such data with the official authorities such as police department, prosecution office and court,
· Sharing the date with authorized administration and supervisory boards and/or authorized supervisory institutions.
(5) Storage Periods of Personal data
Company will keep the processed personal data in physical and/or electronic environment during the periods stipulated in the relevant legislation or the periods required by the purpose of processing and in line with the Law. These periods in the Personal Data Storage and Disposal Policy are nearly as follows:
Data Type | Storage Period | Legal Basis |
Camera Records | 30 days | Ensuring Security |
(6) As Personal Data Controller, Our Rights set forth in article number 11 of the Law
If, as personal data owners, you communicate your requests related to your rights in this Clarification Text by the following methods, our Company will respond to your request free of charge within thirty days at the latest depending on the nature of the request. However, if a fee is stipulated by the Board of Personal Data Protection, fee set forth in the tariff by our Company will be collected. You can reach all information related to these data to be processed by us over [email protected] .
In this scope, personal data owners have the right to:
· learn whether or not personal data has been processed,
· if any, make a request concerning processed data,
· learn for which purpose their personal data has been processed and whether or not these personal data has been used in accordance with its intended use,
· know the third persons to whom personal data has been transferred in the country or abroad,
· request correction of the personal data with missing or inaccurate items and in this scope, if it has been transferred, request third persons to correct the relevant mistakes,
· If the reasons for processing personal data are not available anymore despite the fact that such personal data is processed in line with the Law and the provisions of other relevant law; request deletion or disposal of these data or if such data has been transferred, request such demand to be communicated to the relevant third persons,
· raise objection to the negative result related to the person after data is processed and by analyzing the processed data through exclusively automatic systems
· request payment of damages within the framework of the laws in case such damages occur due to personal data processing contrary to the Law.