Privacy Policy

This policy (“Policy”) has been prepared by GYES DEFENSE INDUSTRY LIMITED COMPANY (“GYES” or the “Company”) in order to inform you about the protection of your personal data. In this context, we would like to inform you about your personal data and processing processes as a “data controller” in accordance with the Personal Data Protection Law numbered 6698 (“PDPL”).

With this Policy, the sustainability of the principle of “conducting company activities transparently” is aimed. In this context, the basic principles adopted by the Company regarding compliance with the regulations in the Personal Data Protection Law numbered 6698 (“PDPL”) regarding the Company’s data processing activities are determined, and the practices carried out by the Company are explained.

The Policy is intended for members/visitors of the www.gyes.com.tr website, GYES customers, and suppliers.

The Policy has been made publicly available on the company’s website. In case of any inconsistency between the regulations contained in this Policy and the applicable legislation, primarily the Law shall prevail. The Company reserves the right to amend the Policy in parallel with legal regulations.

DEFINITIONS

Company: GYES DEFENSE INDUSTRY LIMITED COMPANY

Personal Data/Data: Any kind of information relating to an identified or identifiable natural person.

Sensitive Personal Data: Data related to race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction, and security measures, as well as biometric and genetic data.

Processing of Personal Data: Any operation performed on data, including but not limited to, collection, recording, storage, retention, alteration, rearrangement, disclosure, transfer, takeover, making available, classification, or preventing the use of data by fully or partially automatic means or by non-automatic means that form part of any data recording system.

Data Subject/Related Person: Refers to individuals whose personal data is processed by the Company, Business Partners of the Company, Company Officials, website visitors, Company Customers, Potential Customers, Third Parties, and individuals whose personal data is processed by the company.

Data Recording System: Refers to the record system in which personal data is processed according to specific criteria.

Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Data Processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by them.

Explicit Consent: Consent based on informed consent and freely given will.

Data Destruction: Removal, deletion, and destruction of personal data from the data recording system in a manner that cannot be recovered again.

Anonymization: Rendering data that was previously associated with an individual, in such a way that it can never be associated with or identified with any identifiable natural person by any means.

Law: Refers to the Personal Data Protection Law numbered 6698.

PDPL Board: Personal Data Protection Board.

CATEGORIES OF RELATED PERSONS

Category of Related Person	Explanation
1. Customer (For Current Commercial Relations)	Refers to legal or natural person buyers and sellers who are in a commercial-legal-contractual relationship with the Company.
2. Potential Customer	Refers to real or legal persons who show interest in using the products or services offered by the Company, demonstrate the potential to become a customer through the website or other channels, and request a quote.
3. Visitor	Refers to individuals who visit the Company’s website.
4. Business Partners/Suppliers and their employees	Refers to parties with whom the COMPANY has established business partnerships for the purposes of conducting commercial activities, or within this scope, parties who provide goods or services to the COMPANY in compliance with the Company’s instructions and contract-based relationships, and their employees.
5. Company Partner/Shareholder	Refers to individuals who are partners or shareholders of the Company.
6. Real Person Business Partner	Refers to individuals with whom the Company has any kind of business relationship.

PERSONAL DATA PROCESSED

We process the following data categories depending on your commercial and/or contractual relationship with the COMPANY:

a. Identity Information: This data category includes Name-Surname, TC Identity No.
b. Contact Information: This data category includes Address, phone number, email address.
c. Contract Information: This data category includes signatures, signature circulars, tax numbers, real person company information processed in the database as a result of contractual relationships established with the company’s legal or commercial relationships, business partners, suppliers, and external resources.
d. Financial Information: This data category includes all information, documents, and records showing any financial outcome created depending on the type of legal relationship established between the company and the Personal Data Subject Related Person, and processed personal data such as bank account number, receipt, payment information, fee, IBAN number.
e. Marketing Information: This data category includes all data related to the number of products, amount, sales rates, stock availability, and reports created regarding the Personal Data Subject Related Person.
f. Visual and Audio Data: This data category includes all image and video data of the Personal Data Subject Related Person that may be collected during the use of the website, during visits to the company, or during events organized by the company, as well as audio data.

COLLECTION METHODS AND LEGAL REASONS

Personal data is collected through the methods listed below in accordance with the provisions of the Law and in accordance with the basic principles of the law.

Data Subject’s Explicit Consent: Your personal data may be processed based on your express consent. In this case, the explicit consent request form will be presented to you, and after the relevant information is provided to you, you will be asked to express your consent explicitly.
Legal Reason: Your personal data may also be processed without your explicit consent, provided that it is directly related to the establishment or performance of a contract and it is necessary to process personal data for the performance of the contract, provided that it is mandatory for the data controller to fulfill its legal obligation, provided that the processing is mandatory for the establishment, use, or protection of a right, and provided that the data processing is mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed.

THE PURPOSES OF PROCESSING PERSONAL DATA

The purposes of processing your personal data by the company are as follows:

Ensuring the legal and commercial security of the company,
Establishment and management of commercial and legal relations,
Ensuring the technical security of the company and the relevant website,
Follow-up of requests and complaints,
Ensuring the security of the company’s operations,
To ensure the execution and follow-up of business processes,
Execution of activities for the purpose of fulfilling legal obligations,
Execution of customer relations management processes,
Execution of marketing and sales operations,
Execution of the procurement and supply chain processes,
Execution of corporate communication activities,
Execution of reporting activities,
Execution of budget and financial affairs,
To follow up on legal affairs,
Execution of logistics activities.

TRANSFER OF PERSONAL DATA

Your personal data can be transferred in accordance with the purposes specified in Article 8 and Article 9 of the Law, provided that it is transferred to the domestic and foreign business partners of the company, suppliers, legally authorized public institutions, and private legal entities, within the framework of the conditions and purposes specified in the 8th and 9th Articles of the Law, and the principles set forth in Articles 4 and 5.

DATA SECURITY

Our Company takes the necessary administrative and technical measures to protect personal data and prevent unauthorized access to this data, to ensure the appropriate level of security, to protect personal data from illegal processing, and to provide data protection. Our Company takes the necessary precautions against the risks of processing personal data such as preventing unlawful access to personal data, preventing the loss of personal data, ensuring the protection of personal data, ensuring the confidentiality and integrity of personal data.

PERIOD OF RETENTION OF PERSONAL DATA

Your personal data processed by our company will be kept for the period specified in the relevant legislation or for the period required by the processing purpose.

RIGHTS OF THE RELATED PERSON

In accordance with Article 11 of the Law, related persons have the following rights regarding their personal data:

Learn whether personal data is processed,
Request information if personal data has been processed,
Learn the purpose of processing personal data and whether they are used appropriately for their purpose,
To know the third parties to whom personal data is transferred domestically or abroad,
Request correction of personal data in case of incomplete or incorrect processing and request notification of the transaction made within this scope to third parties to whom personal data is transferred,
Request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear, despite being processed in accordance with the provisions of the Law and other relevant laws, and request notification of the transaction made within this scope to third parties to whom personal data is transferred,
Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
To demand the compensation of the damage in case of damage due to the unlawful processing of personal data.

CONTACT INFORMATION FOR RELATED PERSONS

You can contact us for your questions and requests regarding your rights under Article 11 of the Law and your requests regarding the exercise of your rights in accordance with the procedures specified in the Policy.

CONTACT INFORMATION

GYES DEFENSE INDUSTRY LIMITED COMPANY
Address: Ankara 06909
Phone: 0312 999 99 99
Fax: 0312 999 99 98
E-mail: [email protected]