LAPEX® PERSONAL DATA PROTECTION POLICY
As LAPEX END.SAN.TİC.A.Ş. , we aim to inform our employees, partners, authorities, customers, potential customers, visitors of our website (www.lapex.com.tr) and third parties like real and legal persons about the processes of protection of personal data with the "Lapex® Personal Data Protection Policy". Personal data that we obtain from different sources during our commercial activities ,carried out by our company, are processed and protected in accordance with the law, in accordance with the General Data Protection Regulation and the Law on the Protection of Personal numbered 6698. Administrative and technical information on this subject is presented to you in the content of our policy.
In the presence of Istanbul Trade Registry Management;
Data Supervisor: LAPEX END. SAN.TİC.A.Ş.
Registration number: İZMİR-106049
Central Registiration System No: 0608122512900001
Head Office Address: Ataşehir Mahallesi, 8229/2 Sok. No: 19, 35620 Çiğli / İzmir
This policy involves all kinds of all personal data records recorded automatically or not automatically of our employees, shareholders, authorities, customers, potential customers, employees, shareholders and authorities of the organizations we work with, our website visitors and third parties in all our physical locations and digital platforms where we conduct our commercial activities as Lapex®.
This policy, prepared by our company, has been prepared in order to comply with the provisions of the General Data Protection Regulation (GDPR) and the legal regulations within the scope of the protection of personal data. In case of any law and regulation change that may occur in this regard, we indicate that we will care about all changes and will implement the necessary renewals as soon as possible as Lapex®.
As Lapex®, we process personal data based on the Personal Data Protection Law (KVKK) and relevant legal regulations. Thus, we fully comply with all principles within the scope of the Personal Data Protection Act (KVVK).
As Lapex®, we carry out all our processing processes by complying with all honesty rules within the scope of the Constitution and Personal Data Protection Law (KVVK).
As Lapex®, we take all necessary measures for the accuracy and currency of all the data we process. In order to ensure the authenticity of the data we process, we provide information and provide opportunities to data owners.
As Lapex®, we only process data for clear and categorically defined legal purposes and do not take any other data processing action except these purposes. Based on this, we only process personal data in the context of the business relationships we have established with data owners and if necessary.
As Lapex®, we process personal data in accordance with the realization of the specified purposes. We do not perform any out of purpose or escapable personal data processing. We do not perform any personal data processing relative to meeting the possible need which is thought to occur later.
As Lapex®, we keep personal data only for the time required for the purpose specified in the relevant constitution or processed. Based on this, we first determine whether any period is specified in the constitution regarding the storage of personal data. If a period is specified, we will keep personal data in accordance with that period. In cases where no period is specified, we keep personal data in accordance with the purpose for which they were processed as much time as required. Our company deletes, destroys or anonymizes the personal data recorded when the period ends or the reasons for processing the data disappear. We do not consider the possibility of using personal data in the future and we do not keep any personal data except for the specified period.
As Lapex®, we define groups of persons in the process of personal data processing as stated below, adhering to the content of the Regulation on the Data Controllers Registry numbered 30286 published in the official newspaper on December 30, 2017.
Data Subject Groups and Explanations:
Employed Personnel: Real persons we employ within the scope of labor law within our company.
Candidate Personnel: Real persons whose application we receive for employment within our company or that we provide by human resources companies / platforms that are third parties.
Intern: Real persons that we have employed part-time within our company in order to support professional practical knowledge and theoretical training.
Partners: Real persons who own the shares that constitute the tangible assets of our company.
Shareholder: Real persons who become stakeholders of the company in order to purchase the shares of our company.
Managers: Real persons in charge of the management of our company.
Public Official: The real person who is responsible for the relations with official institutions and organizations (audit, trial, investigation, etc.) of our company.
Supplier: Real and legal persons who supply the services we provide from outside in order to carry out the activities of our company.
Supplier Personnel: A natural person who works for the supplier or supplier candidate who is in relation with our company.
Online Visitor: Real persons who visit the content of our website and our other sales channels in electronic environment without creating a membership registration or purchasing any product.
Online Members: Real persons who visit the content of our website and our other sales channels electronically by creating a membership record.
Customer: Real persons who purchase products through our website or other electronic sales channels.
Visitor: Real persons visiting the physical locations of our company without any contract.
Applicant: Real persons who submit their requests, requests and complaints to our company without being subject to any contract.
As Lapex®, in order to carry out our commercial activities, we process some personal and private data of our employees’, suppliers’ and customers’ in accordance with the principles specified in this policy.
As Lapex®, we perform data processing according to the data category stated below.
Data Category Description:
Identity Data: The information we need in documents such as identity book, marriage certificate, passport, residence address, driving license.
Communication Data: Information that we can reach the person such as phone number, mobile phone number, e-mail address, address.
Location Data: Data to determine the location of the data owner using our website.
Customer Data: Information such as customer number, occupation information we receive from our customers who benefit from our products and services.
Customer Transaction Data: Information based on all kinds of transactions such as order information, requests, basket information made by our customers using our products and services.
Physical Space Security Data: Records and information taken at the entrance to our physical locations and during the stay at our physical locations, such as camera records, visit information, entrance exit logs
Transaction Security Data: Personal data we process such as website password and password in order to ensure legal, technical, administrative and commercial security between our company and our parties.
Risk Management Data: Processed personal data such as IP address, MAC address that we can manage the administrative, technical and commercial risks of our company.
Financial Data: Processed personal data such as information and invoices showing the financial transactions performed by the data owner.
Personal Data: All kinds of personal information and documents that we obtain from our employees and suppliers in our company that must be entered in the personal file by law.
Employee Candidate Data: Personal data shared by the candidate when applying for a job in our company, such as the CV, personality test, and interview notes, which we evaluate during the application process.
Employee Transaction Data: Personal data such as business trips, work entry-exit records, meeting notes, tracking of mail traffic, vehicle use, and the state of the company's card for any transaction related to the business performed by our company's employees and suppliers.
Employee Performance and Career Development Data: Processed personal data such as performance evaluation data of our employees in our company, interview evaluation data, training data on career development within the scope of human resources policy.
Fringe Benefits and Benefits Data: Personal data that we process for the follow-up of the benefits and benefits of our employees, such as private health insurance, vehicle allocation, and for our employees to benefit from these rights.
Marketing Data: Collected by our company for use in marketing activities; data such as reports showing the habits and tastes of the person, goal setting information, cookie records.
Legal Transaction and Compliance Data: Personal data that we process for the purpose of fulfilling legal obligations, such as data included in court and administrative authority decisions regarding the follow-up and determination of our legal claims and rights.
Audit and Inspection Data: Personal data such as audit reports, inspection reports, related interview records that we process within the framework of our company's compliance with company policies and legal obligations.
Special Qualified Personal Data: The race, origin, political opinion, religion, sect, belief, dress and dress, union or association membership, health, sexual life, whether or not to be punished, data on security measures, biometric and genetic data of the persons related to our company. .
Request / Complaint Management Data: The personal data we process regarding the requests and complaints received by our company and the reports regarding these requests and complaints.
Visual and Audio Data: Visual and audio data we process, such as camera recordings, sound recordings, photographs, of people related to our company.
As Lapex®, we ensure that data is processed according to the data category we explain in this policy we offer you. We process personal data with the explicit consent of the data owner as required by law.
Our data processing; It aims to fulfill the obligations of state laws such as Labor Law, Code of Obligations, Commercial Code, Tax Law. However; As Lapex®, we explain our purposes for processing personal data as follows.
As Lapex®, we make provisions for technical and managerial to prevent illegal arrival to personal data we process in accordance with the laws regarding the protection of personal data and to provide the necessary security system in order to protect the data appropriately. In this context, we make and have the necessary audits done.
Data considered as special qualified personal data; Biometric and genetic data regarding race, ethnicity, political opinion, belief, religion, sect, dress and clothing, health, sexual life, membership of any association or union, criminal conviction and security measures.
As Lapex®, we protect the special qualified personal data indicated in our policy regarding the protection of personal data by taking administrative and technical measures in accordance with the law.
As Lapex®, we process personal data in accordance with legal obligations regarding the protection of personal data. If the processing requirements of the data we process are eliminated, personal data are officially deleted, anonymized or destroyed by our data officer at the request of the person concerned.
We regularly conduct research and scans of personal data that need to be deleted, anonymized or destroyed every 6 months. We keep the log records of automatic or manual deletion, anonymization or annihilation for 3 years.
As Lapex®, we perform the annihilation methods of personal data as explained below.
Personal data can sometimes be processed in non-automatic ways. When deleting or destroying personal data processed by non-automatic means, we physically destroy personal data so that they will not be used again later.
When it is necessary to destroy personal data processed in our digital environments, our technical experts make the related physical hardware and devices completely unusable.
We completely destroy the personal data on paper with paper shredders, whose activities are terminated, at the request of the data owners or the storage period stipulated by the law has expired.
As Lapex®, we collect and process data in accordance with our personal data protection policy by using different application software on various digital platforms in order to conduct our activities.
We perform inventory studies in databases containing personal data we keep in application software. We prepare an inventory on databases with personal data, at tables related to these databases and in which areas these tables are kept. In the inventory we have prepared, we also indicate tables and fields that do not contain direct personal data, but are likely to match any person when matching.
There may be times when data owners request data deletion. At such times, we delete all personal data from the relevant tables, except for the personal data in the groups whose retention periods are not expired, which are determined in accordance with legal provisions and specified in our company's policy.
However, during the process of deleting personal data, there may be situations where we can not access other data or use the data within the system. In such cases, provided that certain conditions are met, we archive the data by making it unrelated to the person and we consider that the archived data have been deleted. These conditions;
We perform the destruction of equipment on digital platforms by demagnetizing, physically destroying and overwriting.
In some cases, as Lapex®, we agree with a technical expert who we have made the necessary confidentiality and supplier agreements to ensure that personal data is deleted. Personal data that is securely deleted by technical experts becomes unusable again.
While making personal data anonymous, we take advantages of three methods such as masking, subtraction of variance and data modification.
We only change the values without changing the format of personal data and we ensure this change is never detected and recycled.
We remove one or more columns with high descriptors in the database tables in which we store personal data and private personal data.
7.3.3 Data Modification
We randomly change the places of the lines of personal data or special qualified personal data in columns of the same type that we keep in database tables.
As Lapex®, we explain the rights of data owners mentioned in our policy regarding the protection of personal data we present to you as follows.
As Lapex®, we finalize the incoming requests free of charge within 30 (thirty) days at the latest. However, if a cost arises regarding the requests we have finalized, we may demand the fees determined by the Personal Data Protection Board. In cases where personal data are processed with explicit consent, if explicit consent is withdrawn, persons will be removed from the membership system required by the transaction based on explicit consent and will not be able to benefit from the advantages they have benefited since that date.
You can follow the changes within the framework of our regulation and policy regarding personal data from our website.
Working Hours: 09.00-18.00 on weekdays
Data Supervisor: LAPEX ENDÜSTRİYEL SANAYİ TİCARET ANONİM ŞİRKETİ
Address: Ataşehir Mahallesi, 8229/2 Sok. No: 19, 35620 Çiğli / İzmir
For your requests regarding your personal data, e-mail: kvkk@lapex.com.tr
Customer Contact Center: +90 555 685 44 65
Data Contact Person: Burçin Kanat
E-Mail: lapex@lapex.com.tr
Our data contact person evaluates the requests you have submitted to us and, depending on the nature of the request, reaches the relevant person through our communication channels within 30 days at the latest.
For your support and information requests on other issues, e-mail: info@lapex.com.tr