Who We Are

Mission

Vision

Quality

Environment

Sliding Systems

Sliding Door Systems

Accessories
Starax Corporate KVKK Policy

PERSONAL DATA PROTECTION AND PROCESSING POLICY

Contents

Explicit ConsentConsent related to a specific subject, based on information and expressed with free will.
AnonymizationMaking personal data impossible to associate with a specific or identifiable natural person, even by matching it with other data.
Personal DataAny information pertaining to an identified or identifiable natural person.
Sensitive Personal DataData regarding race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, clothing, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data are sensitive personal data.
Processing of Personal DataAny operation performed on personal data, whether wholly or partially automated or non-automated, provided that it is part of any data recording system, such as obtaining, recording, storing, preserving, changing, re-arranging, disclosing, transferring, taking over, making available, classifying, or preventing the use of data.
BoardPersonal Data Protection Board
PolicySTAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. Personal Data Protection and Processing Policy
Data ProcessorA natural or legal person who processes personal data on behalf of the data controller, based on the authority granted by the data controller.
Data ControllerThe person who determines the purposes and means of processing personal data and manages the place where the data is systematically kept (data recording system).

DEFINITIONS

Explicit ConsentConsent related to a specific subject, based on information and expressed with free will.
AnonymizationMaking personal data impossible to associate with a specific or identifiable natural person, even by matching it with other data.
Personal DataAny information pertaining to an identified or identifiable natural person.
Sensitive Personal DataData regarding race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, clothing, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data are sensitive personal data.
Processing of Personal DataAny operation performed on personal data, whether wholly or partially automated or non-automated, provided that it is part of any data recording system, such as obtaining, recording, storing, preserving, changing, re-arranging, disclosing, transferring, taking over, making available, classifying, or preventing the use of data.
BoardPersonal Data Protection Board
PolicySTAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. Personal Data Protection and Processing Policy
Data ProcessorA natural or legal person who processes personal data on behalf of the data controller, based on the authority granted by the data controller.
Data ControllerThe person who determines the purposes and means of processing personal data and manages the place where the data is systematically kept (data recording system).
  • Purpose

This Policy has been established by STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. (“STARAX”) for the purpose of determining the fundamental principles and application guidelines to be adopted in ensuring compliance with the obligations imposed on data controllers under the Law on Protection of Personal Data No. 6698 (“PDPL”), which entered into force upon its publication in the Official Gazette dated April 7, 2016.

  • Scope and Amendments

This Policy, prepared in accordance with the PDPL, pertains to all personal data of our current and potential customers, employees, as well as the employees, shareholders, and officials of institutions we cooperate with, and third parties, processed through automated means or non-automated means provided that it is part of a data recording system. STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. reserves the right to make changes to the Protocol in line with amendments to the PDPL and related regulations.

  • Principles to be Applied in the Processing of Personal Data

STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. has adopted the following principles in the collection, processing, and analysis of personal data.

  • Acting in Compliance with the Law and Rules of Honesty

STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. will collect and process personal data lawfully and fairly to protect the rights of data subjects. The principles of proportionality and necessity will be considered in carrying out these activities.

  • Purpose Limitation

Personal data can only be processed for purposes defined before data collection. Additional changes to the purpose are possible only to a limited extent and with justification.

  • Transparency and Information

Data subjects must be informed in detail before their personal data is collected and processed. Before data collection, right holders must be informed about the following:

  • The identity of the data controller and, if any, its representative
  • The purpose of processing personal data
  • To whom and for what purpose the processed personal data is transferred
  • The method and legal basis for collecting personal data,
  • The rights of the data subject whose personal data is processed, pursuant to Article 11 of the PDPL.
  • Data Minimization

Before processing personal data, it must be determined whether the processing is necessary to achieve the purpose and to what extent it is necessary. If the purpose is acceptable and proportionate, anonymous or statistical data may be used.

  • Deletion of Personal Data

Personal data that is no longer necessary after the expiration of the periods stipulated in the relevant laws for record-keeping obligations and record-keeping procedures required for proof is deleted, destroyed, or anonymized.

  • Accuracy and Data Up-to-dateness

Personal data must be accurate, complete, and, if known, up-to-date. Inaccurate

or incomplete data must be deleted, corrected, completed, or updated.

  • Confidentiality and Data Security

Personal data must be stored and maintained as confidential information. Personal Data must be protected by taking necessary administrative and technical measures to prevent unauthorized access, unlawful processing, sharing, accidental loss, alteration, or destruction, and kept confidential at a personal level.

  • Personal Data Processing Purposes

The collection and processing of personal data will be carried out within the scope of the Information Notice and the purposes

specified below.

  1. Customer and Business Partner Data
  • Data processing for contractual relationship:Personal data of existing and potential customers and business partners (in the case of a legal entity business partner, its authorized person) may be processed without separate consent for the establishment, execution, and termination of a contract. In the pre-contractual phase, personal data may be processed to prepare offers, create purchase forms, or to fulfill the data subject's requests regarding the execution of the contract. Data subjects may be contacted during the contract preparation process based on the information they provide.
  • Data processing for advertising purposes:Personal data is processed for advertising or market and public opinion research only if the purpose of collecting this information is consistent with such purposes. The data subject is informed that their information will be used for advertising purposes. Data subjects may refuse to provide their data declared to be used for advertising purposes or to consent to its processing. The explicit consent of the data subject is required for data processed for advertising purposes. The data controller may obtain the data subject's explicit consent in this regard via mail, email, or telephone. The use of personal data for advertising purposes is prevented without the explicit consent of the data subject.
  • Data processing due to our legal obligations or as expressly stipulated by law: Personal data may be processed without separate consent if the processing is expressly stated in the relevant legislation or for the fulfillment of a legal obligation determined by legislation. The type and scope of data processing must be necessary for the legally permitted data processing activity and must comply with the relevant legal provisions.
  • Principle of legitimate interest in the processing of Personal Data: Personal data may also be processed without separate consent when necessary for a legitimate interest of STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. Legitimate interests are generally legal interests.
  • Processing of sensitive data: Sensitive personal data is processed provided that adequate measures determined by the Board are taken and within the framework of PDPL provisions. Sensitive personal data of the data subject, other than health and sexual life, is processed with explicit consent, or in the absence of explicit consent, within the scope of exceptions stipulated in the PDPL. Sensitive personal data concerning individuals' health and sexual life may be processed without explicit consent only by persons or authorized institutions and organizations under the obligation of secrecy for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
  • Data processed exclusively through automated systems: The processing of personal data obtained through automated systems will not justify or legalize the use of this data in businesses and transactions that negatively affect the data subject. The data subject has the right to object to the occurrence of a result against them through the analysis of processed data exclusively by automated systems. STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. will endeavor to take the necessary measures upon the request of the data subject.
  • User information and internet:In cases where personal data is collected, processed, and used on websites or applications, data subject users must be informed about the use of the information they register on the site, the privacy notice, and cookies. The privacy notice and cookie information are integrated in a way that is easily identifiable, directly accessible, and continuously appropriate for the data subject.
  • Principles Regarding the Processing of Employees' Personal Data

It is mandatory to collect and process employees' personal data during the period from the establishment, execution, and termination of the employment contract. Separate explicit consent may not be obtained from employees for these. Personal data of potential employee candidates is also processed in job applications. If a candidate's job application is rejected, the personal data obtained during the application is retained for a suitable data retention period for a subsequent selection phase, and at the end of this period, it is deleted, destroyed, or anonymized. The following principles must be considered in the processing of employees' personal data.

  • Data processing expressly stipulated by law and due to legal obligations: Employee's personal data may be processed without separate consent if the processing is expressly stated in the relevant legislation or for the fulfillment of a legal obligation determined by legislation.
  • Processing of data in accordance with legitimate interest: Employees' personal data may be processed without separate consent in cases where STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. has a legitimate interest. Legitimate interests are generally legal or economic interests. In personal situations where employees' interests need to be protected, personal data is not processed for legitimate interest purposes. Before processing data, it is determined whether there are interests requiring protection. If employees' data is processed based on the legitimate interest of STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş., it must be examined whether this processing is proportionate, and it must be checked that the legitimate interest does not violate a right of the relevant employee that needs to be protected.
  • Processing of sensitive data: Sensitive personal data is processed only under certain conditions. Data related to race and ethnic origin, political opinion, religion, philosophical belief, sect or other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are defined as sensitive data. Sensitive personal data can be processed only with the employee's explicit consent and by taking the necessary administrative and technical measures. The following cases constitute an exception to this provision, and in these cases, sensitive personal data may be processed even without the employee's explicit consent.
    • Sensitive personal data of the employee other than health and sexual life, in cases stipulated by law,
    • Sensitive personal data of the employee concerning their health and sexual life, however, only for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of secrecy.
  • Data processed exclusively through automated systems: If employees' personal data is processed exclusively through automated systems as part of the employment relationship, the employee has the right to object to the occurrence of a result against them or to the resulting outcome by using this data.
  • Telecommunications and internet: Telephone equipment, email addresses, internal networks along with the intranet and internet, are primarily provided by STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. for work-related tasks. These are work tools and resources of STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. These tools must be used in accordance with legal regulations and STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş.'s internal regulations. There is no general monitoring of telephone and email communication or intranet and internet usage. To prevent attacks on the IT infrastructure or individual users, protective measures are taken at the gateways to the STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. network, which block technically harmful content or analyze attack patterns. The usage of telephone equipment, email addresses, intranet/internet, and/or internal social networks is stored for a limited period for security reasons. Evaluations of this data concerning individuals are only made if there is a concrete suspicion. These controls are carried out by the relevant departments only provided that the principle of proportionality is maintained.
  • Access Prohibition:STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. makes utmost effort to process, protect, and preserve the personal data it collects through legal obligations, legitimate interests, and the explicit consent of its employees, in accordance with their collection purposes, and shares personal data only with relevant employees. Employees will be held personally responsible for any actions and transactions they perform concerning personal data for which they do not have access permission or necessity within the scope of their job descriptions and in cases where there is no explicit written authorization from STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş., and legal measures will be taken accordingly. Therefore, employees must receive regular training on preventing the unlawful disclosure and sharing of personal data, and a disciplinary process must be established to be activated if employees fail to comply with security policies and procedures.
  • Transfer of Personal Data

The transfer of personal data to a third party outside of STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. will be carried out within the scope of the purposes stated in the Information Notice and specified below. Accordingly, STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. may transfer personal data to the persons and institutions specified below for certain purposes;

  • To STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. business partners, limited to ensuring the fulfillment of the purposes for establishing the business partnership,
  • To suppliers from whom STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. procures outsourced products and services necessary for carrying out its commercial activities,
  • To STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. affiliates, limited to ensuring the execution of commercial activities requiring the participation of STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. affiliates,
  • To STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. shareholders, limited to the design of strategies related to STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş.'s commercial activities and for audit purposes, in accordance with PDPL provisions,
  • To legally authorized public institutions and organizations, limited to the purpose requested within their legal authority,
  • To legally authorized private law persons, limited to the purpose requested within their legal authority.

Your personal data processed by STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. will be transferred to foreign countries declared by the Board to have adequate protection. Personal data may be transferred to countries and regions declared not to have adequate protection only if the data subject consents, or if data controllers in Turkey and the relevant foreign country provide a written undertaking of adequate protection and the Board's permission is obtained. STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. may also use cloud storage services in the processing of your personal data.

  • Rights of the Data Subject

Personal Data Subjects:

  • To learn whether their personal data is processed,
  • If their personal data has been processed, to request information regarding this,
  • To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
  • To know the third parties to whom personal data is transferred domestically or abroad,
  • If personal data is processed incompletely or inaccurately, to request their correction and to request that the transaction carried out in this context be notified to third parties to whom personal data is transferred,
  • Although processed in accordance with the PDPL and other relevant law provisions, if the reasons requiring processing cease to exist, to request the deletion or destruction of personal data and to request that the transaction carried out in this context be notified to third parties to whom personal data is transferred,
  • To object to the occurrence of a result against the person themselves by analyzing the processed data exclusively through automated systems,
  • To request compensation for damages in case of suffering damage due to the unlawful processing of personal data, have rights and authorities, and if such a request reaches STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş., STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. must respond to the incoming request within the period. Therefore, STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. will also provide data subjects with the necessary information about the use of the above-mentioned rights and the manner in which incoming requests are evaluated.

The exceptions to the above rights granted to data subjects in the PDPL are listed below, and in these cases, STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. has no obligation to respond to requests from data subjects:

  • Processing of personal data for purposes such as research, planning, and statistics by anonymizing them with official statistics,
  • Processing of personal data for artistic, historical, literary, or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life, or personal rights, or constitute a crime,
  • Processing of personal data within the scope of preventive, protective, and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order, or economic security.
  • Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial, or execution proceedings.

Pursuant to the PDPL, in the following cases, relevant persons cannot assert their other rights except for the right to request compensation for damages:

  • If personal data processing is necessary for the prevention of crime or for a criminal investigation.
  • Processing of personal data made public by the data subject themselves.
  • If personal data processing is necessary for the execution of supervisory or regulatory duties and for disciplinary investigation or prosecution by authorized and competent public institutions and organizations and professional organizations with public institution status, based on the authority granted by law.
  • If personal data processing is necessary for the protection of the State's economic and financial interests in relation to budget, tax, and financial matters.

Data subjects can exercise their above-mentioned rights by filling out the Personal Data Application Form available on the STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. website, signing it, and submitting the original along with a copy of their ID to Velimeşe O.S.B. Mh. 236.Sk. No:18 Ergene 59930 Tekirdağ - TURKEY by hand, by registered mail with return receipt, or securely to our email address kvkk@starax.com.tr. In applications made on behalf of someone other than the data subject, a power of attorney duly issued by the right holder must be available. STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. may request additional information from the relevant person to determine if the applicant is the data subject and may ask the data subject questions about their application to clarify the matters stated in the application.

STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. will conclude the request free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the request.

  • Confidentiality

Personal data is subject to confidentiality. It is prohibited for employees to collect, process, or use data without authorization. Unauthorized use is unauthorized data processing carried out by employees outside their legitimate duties. Employees can access personal data only if it is appropriate for the scope and nature of the said task.

It is prohibited for employees to use personal data for private or commercial purposes, distribute it to unauthorized persons, or otherwise make it accessible. Managers must inform employees about data protection obligations at the beginning of the employment relationship. This obligation continues even after the termination of the employment relationship.

  • Security

STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. takes the necessary measures and controls to ensure an appropriate level of security to prevent the unlawful processing of personal data it processes, to prevent unlawful access to data, and to ensure the preservation of data, and conducts or has conducted necessary audits in this context. This applies regardless of whether data processing is done electronically or in writing. Especially before starting new methods of data processing when transitioning to new IT systems, technical and organizational measures for the protection of personal data are defined and implemented. These measures are based on the latest developments, the risks of the processing, and the need for data protection determined by the information classification process. Technical and organizational measures for the protection of personal data are part of the company's information security management and are continuously adapted to technical developments and organizational changes.

  • Controls and Audits

Compliance with the Personal Data Protection and Processing Policy and the PDPL is ensured through regular data protection audits and other controls.

  • Data Breach Management

STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. will promptly implement the necessary security measures for the protection of personal data obtained in violation of this Policy and PDPL provisions and will notify the relevant person and the Board of this situation as soon as possible. For this purpose, it is the responsibility of STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. to establish systems and application methods that enable data subjects to communicate their requests and complaints regarding their personal data to it in the most effective and shortest time. If deemed necessary by the Board, this situation may be announced on the Board's website or by another method.

  • Obligation to Register with the Data Controllers Registry

STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. is obliged to register with the Data Controllers Registry specified in Article 16 of the PDPL and will register with the Data Controllers Registry by submitting the application information and documents listed in the PDPL within the period to be determined and announced by the Board. Accordingly, the information and documents to be submitted to the Board for registration in the registry are as follows:

  • Identity and address information of STAR MUTFAK ve MOBİLYA AKSESUARLARI SAN. TİC. A.Ş. as the data controller and, if any, its representative,
  • The purpose for which personal data will be processed,
  • Explanations about the data subject group and groups and the data categories belonging to these persons,
  • Recipient or recipient groups to whom personal data may be transferred,
  • Personal data envisaged to be transferred to foreign countries,
  • Measures taken regarding personal data security,
  • The maximum period required for the purpose for which personal data is processed.