Muradiye Electricity Generation Inc.
Information Notice within the Scope of the Law on the Protection of Personal Data No. 6698
Muradiye Elektrik takes all necessary technical and legal measures in accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”) to protect your personal data processed within the scope of its activities. Data subjects can access detailed information regarding the categories of personal data processed, the legal grounds for processing personal data, the data transferred to third parties and the purpose of such transfers, as well as their rights under KVKK and GDPR, in the information notice below.
Here’s a **professional English translation** of your text: ---I. Data Controller
Title: Muradiye Elektrik Üretim A.Ş.
MERSIS No: 0624039013400013
Website: www.muradiyeelektrik.com.tr
Phone Number: +90 (212) 267 4206
E-Mail: info@muradiyeelektrik.com.tr
Address: İlkbahar Mahallesi 610 Sk. No:2 Çankaya, ANKARA
II. Purposes of Processing Personal Data
Your personal data is processed by Muradiye Elektrik, as the data controller, for the purposes listed below and within the scope of Articles 5 and 6 of the Law on the Protection of Personal Data (KVKK):
* To improve, develop, diversify our products and services and to offer alternatives to natural/legal persons with whom we have a business relationship, * To ensure communication and cooperation among Muradiye Elektrik group companies, establish coordination, conduct joint business areas, determine the needs of our customers and employees, fulfill contractual obligations, carry out advertising and marketing activities, ensure customer follow-up, and provide business security and continuity, * To raise and improve our service standards, * To define and implement our commercial business strategies, * To ensure the complete performance of contracts to which Muradiye Elektrik is a party and to verify that counterparties fulfill their obligations, * To ensure the legal security of natural/legal persons engaged in business relations with Muradiye Elektrik, * To prepare commercial books, invoices, bank checks, and payrolls that Muradiye Elektrik is required to keep under applicable laws, * To ensure the security of employees, visitors, and Muradiye Elektrik premises and to control entries and exits, * To evaluate recruitment processes of job candidates, create personnel files, and sustain Muradiye Elektrik’s human resources policies, * To increase the morale, motivation, performance levels, satisfaction, interactions, and commitment of our employees to the company, * To provide internet access to guests in public areas of Muradiye Elektrik, * To carry out Muradiye Elektrik’s commercial procurement activities, * To carry out corporate correspondence of Muradiye Elektrik, * To generate statistical data, record visitor information, and ensure feedback when our website is visited, * As well as for purposes such as conducting necessary quality and standard audits or fulfilling other obligations stipulated by laws and regulations.III. Transfer of Personal Data
Within the framework of the purposes stated above, and in accordance with Articles 8 and 9 of KVKK, the personal data we process may be transferred to:
* Our business partners, to carry out our commercial activities and ensure continuity, * Our suppliers, in a limited manner for the provision of products and services, * Relevant public institutions and organizations, primarily the Social Security Institution (SGK), to fulfill legal obligations and ensure security, * Banks and other private/public legal entities, to ensure the social and financial rights of employees within Muradiye Elektrik, * Competent public authorities and judicial bodies, limited to their legal requests and purposes, * Affiliated subsidiaries, to establish a common database, ensure coordination, and foster cooperation, * Domestic and international software and technology companies, for the establishment, operation, maintenance, and repair of databases and software systems used by our company and its subsidiaries, * Domestic and international cloud service providers from whom we receive cloud technology services, * Subsidiaries, business partners, dealers, and suppliers of our company and its affiliated companies, located domestically and abroad, for customer tracking and meeting customer needs, * Subsidiaries and service providers in the organization of events, conferences, and similar social and cultural activities, * Relevant healthcare institutions and insurance companies, to ensure a healthy work environment within the scope of occupational health and safety measures, by processing employees’ health data.IV. Method and Legal Basis for Collecting Personal Data
Your personal data is collected by Muradiye Elektrik, or natural/legal persons authorized to process data on behalf of Muradiye Elektrik, through declarations, application forms, forms completed on our website, documents requested for personnel files, various contracts, all kinds of information forms, surveys, job application forms, call centers, and via oral, written, or electronic channels, either based on your explicit consent or within the scope of personal data processing conditions stipulated by law. These data are collected to carry out our commercial and administrative activities in compliance with laws, to enable Muradiye Elektrik to provide its services, sustain its commercial life, and duly fulfill its legal obligations.
V. Retention Periods of Personal Data
Our company retains personal data it processes in compliance with the Law, for the periods stipulated in relevant legislation or as required for the purpose of processing.
---| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Identity | 10 years from the termination of the legal relationship | Law No. 6098 |
| Contact | 10 years from the termination of the legal relationship | Law No. 6563 and relevant secondary legislation |
| Legal Transaction | 10 years from the termination of the legal relationship | |
| Customer Transaction | 10 years from the termination of the legal relationship | Law No. 6563, Law No. 6102, Law No. 6098, Law No. 213, Law No. 6502 |
| Transaction Security | 10 years | |
| Risk Management | 10 years | |
| Finance | 10 years from the termination of the legal relationship | Law No. 6102, Law No. 213 |
| Visual and Audio Records | 10 years | Law No. 6563 and relevant secondary legislation |
VI. Technical and Administrative Measures Taken by Our Company
The measures taken by our company to ensure the security of personal data are presented below for your information:
- Network and application security are ensured. - A closed system network is used for personal data transfers via network. - Key management is implemented. - Security measures are taken within the scope of IT system supply, development, and maintenance. - Disciplinary regulations including provisions on data security are in place for employees. - Regular training and awareness activities are conducted on data security for employees. - An authorization matrix has been created for employees. - Access logs are regularly maintained. - Data masking measures are applied when necessary. - Confidentiality agreements are executed. - Access rights of employees who change positions or leave the company are revoked. - Up-to-date antivirus systems are used. - Firewalls are used. - Contracts include provisions on data security. - Data security policies and procedures are established. - Data security issues are promptly reported. - Monitoring of data security is conducted. - Necessary security measures are taken for physical environments containing personal data. - Physical environments containing personal data are secured against external risks (fire, flood, etc.). - Security of environments containing personal data is ensured. - Personal data is minimized as much as possible. - Personal data is backed up, and the security of backups is ensured. - User account management and authorization control systems are implemented and monitored. - Internal periodic and/or random audits are conducted. - Log records are maintained without user intervention. - Existing risks and threats are identified. - Special categories of personal data sent via e-mail are encrypted and transmitted through KEP or corporate accounts. - Intrusion detection and prevention systems are used. - Penetration tests are carried out. - Cybersecurity measures are implemented and continuously monitored. - Encryption is applied. - Data processors are regularly audited on data security. - Awareness on data security is ensured for data processors.
V. Rights of Data Subjects under KVKK
Individuals whose personal data is processed within Muradiye Elektrik have the following rights pursuant to Article 11 of KVKK:
- To learn whether personal data is processed, - To request information if their personal data has been processed, - To learn the purpose of processing personal data and whether they are used in accordance with their purpose, - To know the third parties, recipients, or recipient categories to whom personal data is transferred within or outside Turkey, - To request the correction of incomplete or inaccurate personal data, and to request notification of such corrections to third parties to whom the data has been transferred, - To request the deletion or destruction of personal data or the cessation of processing in case the reasons requiring processing cease to exist, and to request notification of such actions to third parties to whom the data has been transferred, - To object to the occurrence of a result to their detriment by means of analysis of the processed data exclusively through automated systems, - To request compensation in case of damage due to unlawful processing of personal data.
If you wish to contact us, provide feedback, or submit questions under KVKK, you may complete the Data Controller Application Form and deliver it together with identity-verifying documents (ID card, driver’s license, etc.) as follows:
By submitting in person to the address: Muradiye Elektrik, İlkbahar Mahallesi 610 Sk. No:2, Çankaya, Ankara, or by sending via notary to the same address, or via Registered Electronic Mail (KEP) to muradiyeelektrik@hs02.kep.tr, or, if you have a registered e-mail address with our systems, to muradiyekvkkbasvuru@enerturk.com together with identity-verifying documents.
Please note that written applications will only be accepted following identity verification.
Requests will be evaluated and finalized free of charge as soon as possible, and no later than thirty (30) days. If responding to your request requires additional costs, the tariff determined by the Communiqué on the Procedures and Principles of Application to the Data Controller will apply. If you are not satisfied with the response provided by our company, you may lodge a complaint with the Personal Data Protection Authority.