Castimo Kimya İnşaat Yapı Malzemeleri Sanayi Ve Ticaret Limited Şirketi (Castimo) values protecting the fundamental rights and freedoms of individuals, especially the right to privacy, which is regulated in Article 20 of the Constitution. Therefore, it values protecting and processing personal data according to the laws, and acts with this understanding in all of its planning and activities.
Castimo, does not only consider the protection of personal data, which is the basis of the right to privacy, and its processing under the law only within the scope of compliance with the legislation but values the person as an approach to data protection. Acting with this awareness, Castimo takes all necessary administrative and technical measures to prevent the illegal processing of personal data and storing the personal data securely.
In this context, information about the processing and transfer conditions of personal data produced or shared during the use of the website “(https://www.castimo.de/)”under the Personal Data Protection Law No: 6698 is provided below.
Law: Personal Data Protection Law No: 6698
Personal Data: Any information related to an identified or identifiable natural person.
Online Visitor/Data Subject: Any person accessing the website. Included as “Visitor” category in relevant company policies.
Board: Personal Data Protection Board.
Company: Castimo Kimya İnşaat Yapı Malzemeleri Sanayi Ve Ticaret Limited Şirketi
Hosting Provider: Natural or legal persons who provide or operate systems that host services and content on the Internet.
2. Processed Personal Data
Processed personal data of the Online Visitor depending on the access to the Website and the transactions performed on the Website are presented below:
For Online Visitors who visit the Website,
– Process Security Information (IP address, website traffic information, etc.)
For Online Visitors who fill out the forms on the Website,
– Identity Information (name, surname, TC identification number, gender)
– Contact Details (e-mail address, phone number, full address information, address number, residence information)
– Personnel Information (the firm that he/she works, occupation)
– Finance (credit card information)
In addition to those above, it is possible to process other data that may be mandatory for the operation, development, and security of the Website under the Law.
3. Method and Cause of Action of Collecting Personal Data
Personal data is collected by using the Website or filling out the communication form to store it for the time required for processing by wholly or partly automated means.
Personal data is processed based on the explicit consent of the Online Visitor. However, under the Article 5(2) of the Law, personal data may be processed without the explicit consent of the data subject if it is (i) expressly permitted by any law (ii) necessary for the data controller to comply with legal obligations (iii) necessary for the institution, usage or protection of a right (iv) necessary for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed.
4. Purposes of Processing Personal Data
Personal data is processed depending on the transactions made by Online Visitor on the Website, in the case of expressly permitted by any law or under the other conditions specified in the Article 5(2) of the Law for;
- Execution/Supervision of Work Activities (execution of business activities by us and ensuring the supervision of our business activities), execution of Customer Relationship Management Process (managing our relations with customers regarding the products and services offered, meeting the demands), Prosecution of Demand/Complaint (responding to incoming complaints, requests, thanks and suggestions) conducting communication activities within this scope (contacting you in accordance with the information provided, when necessary); in case the “identity and contact information” form is filled.
- Within the scope of “Cookie Registration”, your personal data in the Process Security category are processed for the purposes of Execution of Information Security Process (ensuring transaction security in form creation processes), Execution of Access Authorization (providing authorized access to restricted data), Execution/Supervision of Work Activities, and Creating and Prosecuting Visitor Records.
- Within the scope of “Website Visitor Records”, your personal data in the categories of Identity, Communication, Process Security are processed for the purposes of Execution of Information Security Process, Execution of Access Authorization, Execution/Supervision of Work Activities, Execution of Communication Activities, and Creating and Prosecuting Visitor Records. On the other hand, in accordance with the Law No. 5651 and other legislation, the Hosting Provider is obliged to record and keep the site traffic information.
Processing personal data to send commercial electronic messages is subject to the explicit consent of the Online Visitor
5. Cookie Information
The following links contain information on how to manage (and disable) cookies in some commonly used browsers:
- To perform the basic functions required for the operation of the Website and the application. For example, logged in members do not need to enter their password again while visiting different pages on the Website.
- To analyze the Website and the application, to increase the performance of the Website and the application. For example, the integration of the different servers that the Website operates on, determining the number of visitors to the Website and adjusting the performance accordingly, or making it easier for visitors to find what they are looking for.
- To increase the functionality of the Website and the application and to provide ease of use. For example, sharing to third-party social media channels on the Website, remembering the username information or search queries on the next visit of the visitor to the Website.
5.2. Cookies Used on Our Website
Only mandatory cookies are used on our Website. The use of these cookies is mandatory for our Website and application to function correctly. For example, authentication cookies, which are activated when you log on to our Website, ensure that your active session continues when you switch from one page to another on our Website.
5.3. How Can I Control the Use of the Cookies?
Information on how you can manage your preferences for cookies used on the platform are as follows:
- Although the preferences on this subject vary according to the browser used, a general explanation can be reached at https://www.aboutcookies.org/. Cookies preferences may need to be made separately for each device from which the visitor accesses the Platform.
- Click (https://tools.google.com/dlpage/gaoptout) to turn off cookies managed by Google Analytics.
- Click (https://myaccount.google.com/not-supported) to manage the personalized ad experience provided by Google.
- Preferences in terms of cookies used by many companies for advertising activities can be managed through Your Online Choices (https://www.youronlinechoices.com/tr/advertisements-preferences)
- The mobile device’s settings menu can be used to manage cookies on mobile devices.
- By changing the settings of your browser, you may customize your preferences for cookies.
6. Whom and For What Purpose the Processed Personal Data Can Be Transferred
Personal data may be transferred to natural persons or private law legal entities (cargo companies and banks) and authorized public institutions and organizations, in case the one of the conditions set out in the article 5(2) of the Law is met, with the purposes limited to the ones specified in the article 4 of this text, provided that necessary security measures are taken within the framework of the conditions specified in Articles 8 and 9 of the Law.
In the absence of any of the conditions in paragraph 2 of Article 5 of the Law, the transfer of Personal Data is subject to the online visitor’s explicit consent.
7. Measures Taken for Data Security
Castimo has to take all necessary administrative and technical measures to prevent personal data from being processed and accessed unlawfully, to ensure the protection of personal data and the appropriate level of security.
In the case of redirecting to other sites or applications through the website, Castimo does not have information about the compliance of the directed sites and applications with the legislation for the protection of personal data and is not under any responsibility for their privacy policies and contents.
7.1. Administrative Measures
As Castimo, we provide our personnel with the necessary trainings for the legal processing and protection of your personal data and regularly audit their employees to measure their level of compliance with the Law. We adopt the compliance and care shown by our personnel to the Law as a criterion in the performance evaluation of our personnel.
Although these measures are taken within the company, we ensure your data security by signing confidentiality agreements and commitments with the persons (suppliers, business partners) with whom we share your personal data in accordance with the law, and ensure that our stakeholders show sufficient sensitivity for your personal data.
In addition to these training, audits and precautions, in case of a violation of your personal data, intervention plans have been prepared to remedy this violation, and the necessary preparations have been made to remedy the violation by working with the Board as the Company.
7.2. Technical Measures
In order to ensure data security and to prevent unlawful access to your data, an informatics infrastructure equipped with security measures in accordance with international standards has been established. For the smooth functioning of the system built on this infrastructure, it is constantly inspected from within.
We comply with the technical precautions provided by the Personal Data Protection Authority, such as encryption, authorization matrix, application and network security, data masking, firewalls, backup, key management and up-to-date anti-virus systems in our IT infrastructure, where the data we collect with our website are processed and stored.
In addition, intrusion detection and prevention systems have been established to prevent attacks on our IT infrastructure, and the security of the system is regularly checked by performing risk analysis, data classification, vulnerability scans and penetration tests. In order to carry out all these transactions, software programs and support in accordance with international standards are also taken as a requirement of the importance we attach to your personal data.
8. The Rights of the Data Subject Under the Article 11 of the Law
Under Article 10 of the Law, Castimo informs the data subjects about their rights and provides guidance on how to exercise these rights and performs the necessary internal procedures, administrative and technical arrangements for all these.
According to the Article 11 of the Law, the Data Subjects have the right to;
- Learn whether their data is processed,
- Request related information if their data is processed,
- Learn the purposes for the processing of personal data and whether it is used accordingly,
- Know the third parties to whom their data is transferred domestically or abroad,
- Request the rectification of their data if it is processed incompletely or improperly,
- Request the deletion or destruction of personal data under the Article 7 of the Law,
- Request the third parties who received the personal data of the Data Subject to be notified about the transactions made (rectification and destruction) under Article 11(d) and (e) of the Law,
- Object to the outcome against the persons themselves by analyzing the processed data exclusively through automated systems,
- Claim for damages if personal data is damaged due to illegal processing.
Requests and applications regarding the enforcement of the law can be submitted in person or can be sent via notary to the address “Fatih Mahallesi 1185/1 Sokak No:2, 35410 Gaziemir/İzmir” by filling out the Data Subject Application Form They can also be sent the registered electronic mail address (email@example.com) or using a secure electronic signature or mobile signature.
Requests and applications can also be sent to ……………….. if there is an e-mail address previously reported to Castimo by the data subject and registered in Castimo’s system.
The following information is obligatory in requests and applications:
- First name, last name, and signature if the application is in writing,
- Turkish National Identity Number for the citizens of the Republic of Turkey; nationality and passport number (national identification number if applicable) for other nationalities.
- Permanent address or business address for notifications,
- E-mail address, phone and fax number if applicable to the notification
Information and related documents should be attached to the application.
Castimo shall respond to the requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, in case the action in question requires an additional cost, the fee in the tariff determined by the Board may be charged.
Castimo may accept the request or reject it by explaining the reason and informs the data subject in written or electronically. If the request in the application is accepted, Castimo shall fulfil the requirements as soon as possible and inform the data subject. If the application is caused by the error of Castimo, the fee shall be refunded to the data subject.
If the application is rejected, the response is insufficient or the application is not responded in due time; the data subject has the right to make a complaint to the Board within thirty days from the date of receipt and, in any case, within sixty days from the date of application.