ISO-IEC 27001 Information Security Management System Certificate
January, 0001
ISO-IEC 27001 Information Security Management System Certificate
The ISO-IEC 27001 Information Security Management System Certificate is an international standard designed to ensure the systematic management of information security risks. This certificate aims to safeguard the information assets of organizations, ensuring the confidentiality, integrity, and availability of data. ISO-IEC 27001 provides a framework that defines best practices for information security management and ensures their effective implementation.
As Assan Alüminyum, we continue to strengthen our leading position in the industry with our sensitivity to information security and data protection. The ISO-IEC 27001 Information Security Management System Certificate, which we have obtained with the vision of establishing a reliable information security management system in both our internal processes and our relationships with customers, enables us to protect our information assets and ensure the confidentiality, integrity, and availability of data. In a world where cyber threats are increasingly prevalent, this certificate allows us to systematically manage information security risks and take proactive measures against potential threats.
Manage Cookies
We use mandatory cookies to provide the Website and information society services. In addition, performance and analytical cookies are required to enable you to use the Website more functionally and to improve your experience, and advertising and marketing cookies are required to be used within the scope of personalized product and service promotion for you. Non-mandatory cookies will not be used unless you give your consent. You can review the Cookie Information Text for detailed information on the types and purposes of cookies used on the Website and your preferences regarding these cookies.
Essential cookies are cookies that are placed on your device during your viewing of the Website and are necessary for the proper functioning of the online services offered.
Performance cookies allow us to track and analyze the number of people viewing the Website and Website traffic. By means of these cookies, we may obtain information such as which areas on the Website are most frequently or rarely visited and we may optimize the traffic of the Website.
Personalized advertising cookies are used to promote personalized products and services to you on the Website or in media other than the Website in accordance with your viewing history and visitor profile.
ISO-IEC 27001 Information Security Management System Certificate
The Protection And Processing Of Personal Data
The Protection And Processing Of Personal Data
1. Privacy Policy
Kibar Holding Anonim Şirketi and the group companies (“Kibar Holding”) aim to protect the privacy of the personal data of the users of the web page (“Users”), either if they are a legal person or a real person, by informing them about the terms and conditions of use of the web page named https://www.kibar.com/ (“Web Page”) with this Policy on the Protection and Processing of Personal Data (“Policy”), even if the user provides any kind of information, images, videos or pictures.
Protecting your personal data and using it in accordance with the Law on Protection of Personal Data (LPPD) numbered 6698 is a top priority for us. Therefore, we’d like to inform you about the processing of personal data and your rights regarding this issue.
2. Personal Data that can be Collected
On the website, Kibar Holding may collect the ID information, e-mail address, telephone number or other contact information of the user, which are defined as personal data according to LPPD, with the consent of the user in order to provide services. The user consents to the processing of the personal data that they personally share with Kibar Holding within the scope of this policy.
According to the LPPD, your personal data can only be processed, stored, updated or shared with third parties in the case that it is allowed by the regulations in accordance with the explanations below.
3. Conditions for the Processing of Personal Data
Your personal data will be processed in accordance with the Conditions for the Processing of Personal Data in Articles 5 and 6 of the LPPD; in order to ensure the legal and commercial safety of Kibar Holding and its partners, to carry out the human resources processes of Kibar Holding, and to determine and apply the commercial and business strategies of Kibar Holding.
4. Transfer of Personal Data
In accordance with Articles 5 and 8 of the LPPD, personal data may be processed or transferred to third parties by Kibar Holding without obtaining the explicit consent of the data subject if one of the conditions set forth under the following exists:
- It is expressly permitted by any law,
- It is necessary in order to protect the life or physical integrity of the data subject or another person where the data subject is physically or legally incapable of giving consent,
- It is necessary to process the personal data of parties of a contract, the user and Kibar Holding, provided that the processing is directly related to the execution or performance of the contract,
- It is necessary for compliance with a legal obligation which the controller is subject to, The relevant information is revealed to the public by the data subject herself/himself,
- It is necessary for the institution, usage, or protection of a right,
- It is necessary for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed.
In order to carry out the services that we provide, we may share your personal data with the parties that provide us services or that we collaborate with, the external service providers, the hosting service providers, our shareholders, or any of our direct or indirect subsidiaries in Turkey or abroad.
The aforementioned parties may keep your personal data on their servers in any location of the world, provided that they comply with the conditions in Article 9 regarding the Transfer of Personal Data Abroad.
In accordance with Article 12, your personal data will be kept confidentially in the Kibar Holding database and will not be shared with third parties for commercial purposes.
5. Transfer of Personal Data Abroad
Kibar Holding may only transfer personal data abroad if the foreign country to whom personal data will be transferred has an adequate level of protection according to the Board of Protection of Personal Data, in the case that there is not an adequate level of protection, if the data controllers in Turkey and abroad commit, in writing, to provide an adequate level of protection and the permission of the Board exists.
6. Measure Regarding the Protection of Personal Data
According to Article 12 of the LPPD, Kibar Holding must take all necessary technical and organizational measures for providing an appropriate level of security to prevent unlawful processing of, and access to, personal data, and safeguard them.
Kibar Holding uses accepted security technology standards such as firewalls or Secure Sockets Layer (SSL) while storing personal data. Also, Kibar Holding takes hash, encoding, process record, access management and physical security measures in order to protect the systems that include the personal data against unauthorized access or unlawful processing.
Despite the security measures taken by Kibar Holding, if the processed personal data are acquired or accessed by others through unlawful means, Kibar Holding must notify the data subject and the Data Protection Board of such a situation as soon as possible.
7. Rights of the Data Subject
As the data subject, if you submit your demand regarding your rights to Kibar Holding with the methods explained below, our company shall conclude the requests included in the application free of charge and as soon as possible considering the nature of the request and within 30 days at the latest. However, in the case that the operation necessitates a separate cost, the fee in the tariff designated by the Board may be collected in accordance with Article 13 of the LPPD. In this context, the data subjects have the right:
- to learn whether their personal data is processed,
- to demand information in relation to the processed data (if any),
- to learn the purpose of such data process and to check whether such data processing is suitable for its purpose,
- to obtain information about the third parties in the country or abroad that their personal data is transferred,
- to demand correction for their personal data if there is a mistake, to demand a notification for the third parties to correct such data mistake if the data is transferred,
- to claim a permanent deletion, obliteration or anonymization of their personal data, even if it was processed in accordance with the LPPD, in case there is no longer any reason to process such data, and to demand a notification for the third parties regarding the change,
- to object to any adverse outcome regarding the Member because of the data processing,
- to claim their loss which has occurred due to unlawful data processing.
In accordance with the Article 13 of LPPD, you must submit your demand to exercise your rights mentioned above in written form or in another way that has been defined by the Board of Protection of Personal Data.
In order to use your aforementioned rights, you may send a registered and reply paid letter to the following address by stating the right you wish to exercise in Article 11 of the LPPD, along with your identification.
The Data Collector that you may apply to as part of the LPPD provisions:
Kibar Holding A.Ş.
Zorlu Center, Levazım Mh., Koru Sk. No:2, Ofisler Bölgesi, Kat: T4, 34340, Beşiktaş/İstanbul
8. Cookies
Cookies are the small data files that are saved to your computer when you visit a web page. Cookies are small pieces of text sent by your web browser by a website you visit to be stored in your web browser in order to allow the web page to recognize you and make your next visit easier and the service more useful to you as well as improving the content of the web page.
Cookies do not contain or disclose any personal information about the user. Also, the information contained by cookies cannot be used for purposes of promotion or marketing. Kibar Holding tracks web page use via cookies in order to increase the efficiency of the web page. We will not disclose your personal data or any other personal data provided by cookies to us to any third party. You can change your browser configuration to delete previously sent cookies, refuse all cookies or indicate when a cookie is being sent. However, we’d like to inform you that the cookies may be required for the web page to function properly.
You can change your browser configuration to delete previously sent cookies, refuse all cookies or indicate when a cookie is being sent.
9. Deletion, Destruction or Anonymization of Personal Data
According to the first paragraph of Article 7 of PPD Law, your personal data legally processed must be deleted, destroyed or anonymized by us, once the reason for processing such data in the first place disappears; or when the legal period is over according to Article 82 of the Turkish Commercial Code number 6102 and Article 138 of the Turkish Penal Code.
10. Registering in the Data Controllers Registry
Kibar Holding is required to register in the Data Controllers Registry within the period determined by the Board of Protection of Personal Data before beginning to process data.
The following information should be disclosed during the registration to the Data Controllers Registry:
Identity and address information of the data controller Kibar Holding and of the representative thereof, if any.
- The purposes for which personal data will be processed.
- The group or groups of persons subject to the data and explanations regarding data categories belonging to these persons.
- Recipient or groups of recipients to whom personal data may be transferred.
- Personal data which is envisaged to be transferred abroad.
- Measures taken for the security of personal data.
- The maximum period of time necessitated by the purposes for which personal data are processed.
Changes to the information provided shall be immediately reported to the Board of Protection of Personal Data.
11. Changes in the Policy
The users who use the services on the web page acknowledge that they have read and accepted the terms and conditions. Kibar Holding reserves the right to change the terms and conditions in this policy without prior notice. This policy became effective as of 07.10.2016. In case of a change in the policy, it becomes effective when it is presented to the user in any way.
This document has been prepared in order to inform web page users, investors, customers, and suppliers in accordance with the LPPD.
The Implementation Period of LPPD (Transitional Provisions & Enforcement)
07.04.2016
Except for the transfer of personal data abroad, the rights of the data subjects, and the regulations regarding the crimes and misdemeanors; other articles will become effective as of the date of issue of the law.
07.10.2016
The Board of Protection of Personal Data will be established within 6 months of the date of issue.
The transfer of personal data abroad, the rights of the data subjects, and the regulations regarding the crimes and misdemeanors will become effective 6 months after the date of issue.
07.04.2017
The consent that was given in accordance with the law before the date of issue will be legal unless the data subject files an appeal within a year.
The subsidiary regulations regarding the law will become effective 1 year after the date of issue.
07.04.2018
The data that has been processed before the date of issue (07.04.2016) will be brought into compliance with the relevant articles of the law.