GDPR & Privacy Policy

CUSTOMER INFORMATION TEXT

As UMS Uğur Metal Industry Inc. ("Company"), we present the information text we have prepared pursuant to Article 10 of the Personal Data Protection Law No. 6698 ("Law") and which contains information about the Company's personal data processing activities to the public and relevant persons;

ARTICLE 1: DATA CONTROLLER

Your personal data may be processed by UMS Uğur Metal Industry Inc. as the data controller within the scope described below. The concept of the data controller refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. You can contact the data controller through the following channels:

• Address: 1208th Street No: 6-8D-8E Ostim-Ankara / Turkey
• Phone: +90 312 354 01 06
• E-Mail: kvkk@umsmetal.com.tr
• KEP Address: umsmetal@hs01.kep.tr
• Website: www.umsmetal.com.tr

ARTICLE 2: PERSONAL DATA PROCESSED

The data of employees who have a business relationship with our company may include the following:

• Identity Information: Name-surname, ID number, Tax ID number, signature
• Contact Information: Phone number, address information, email address
• Professional Information: Title (position) information
• Transaction Security: IP address information, log records, website entry and exit information
• Financial Information: Bank account information, credit card information, debt-credit information (current accounts)
• Customer Transaction Information: Invoice, check, promissory note information, order information, request information, transaction information
• Visual Data: Photograph, camera recording images
• Legal Transaction Information: Information in correspondence with administrative authorities, information within the scope of warnings, contract information, information in case files
• Others: Vehicle license plate

ARTICLE 3: PURPOSE OF PROCESSING PERSONAL DATA

Personal data are processed by us for the following purposes:

• To conduct information security processes,
• To manage the integrated management system process,
• To conduct finance and accounting operations,
• To manage logistics activities,
• To conduct customer relations processes,
• To carry out activities aimed at customer satisfaction,
• To manage the production and operation processes of goods or services,
• To manage the sales processes of goods or services,
• To manage after-sales support services of goods or services,
• To measure customer satisfaction,
• To conduct corporate communication activities,
• To conduct marketing processes of products and services,
• To manage contract processes,
• To ensure the safety of the company and customers/physical space security,
• To provide information to authorized persons, institutions, and organizations,
• To fulfill legal obligations required or mandated by legal regulations,
• To fulfill the obligation to provide proof as evidence in future legal disputes.

ARTICLE 4: METHODS AND LEGAL REASONS FOR COLLECTING PERSONAL DATA

4.1. By which methods can personal data be collected?

The data controller collects personal data through information request forms and other means in both physical and electronic environments during contract processes.

4.2. On what legal grounds are personal data processed?

The legal grounds for processing personal data are as follows:

• Storing personal data directly related to the establishment and execution of contracts,
• Storing personal data for the establishment, use, or protection of a right,
• Necessity of storing personal data for the legitimate interests of the company, provided that it does not harm the fundamental rights and freedoms of individuals,
• Storing personal data to fulfill any legal obligation of the company,
• Explicitly prescribed by the legislation to store personal data,
• Storing activities that require obtaining the explicit consent of the data subjects, with their explicit consent.

ARTICLE 5: PARTIES TO WHOM PERSONAL DATA MAY BE TRANSFERRED AND PURPOSE OF TRANSFER

Personal data of customers who enter into a contractual relationship with the data controller may be transferred to the following parties within the scope of the Law No. 6698 on the Protection of Personal Data and for the purposes mentioned above:

• Regulatory and supervisory institutions, public institutions and organizations that are legally authorized to request information as stipulated in the relevant laws,
• Suppliers for the execution of production and operation processes of goods or services,
• Cargo companies for the delivery of products,
• Customs brokers,
• External audit firms,
• Insurance companies when it is necessary to insure over the amount of debt-credit,
• Banks.

Your personal data obtained and stored by our companies will be processed and stored with the necessary information security measures taken to ensure that they are not exposed to unauthorized access, manipulation, loss, or damage. Personal data will be processed within the scope of the purposes notified to you and will be stored for the legal retention period or, if no such period is prescribed, for the time required by the processing purpose. At the end of this period, your personal data will be removed from the data flows of our companies by deletion, destruction, or anonymization methods.

ARTICLE 6: RIGHTS OF THE RELEVANT PERSON

6.1. What are your rights as a data subject?

A natural person whose personal data is processed, defined as the relevant person, has the right to request the following from the company:

• Learn whether personal data is processed,
• Request information if personal data has been processed,
• Learn the purpose of processing personal data and whether they are used in accordance with their purpose,
• Know the third parties to whom personal data is transferred domestically or abroad,
• Request correction of personal data if it is incomplete or incorrectly processed,
• Request deletion or destruction of personal data,
• Request notification of the transactions carried out pursuant to (v) and (vi) to third parties to whom personal data have been transferred,
• Object to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems,
• Request compensation for damages in case of unlawful processing of personal data.

6.2. How can you exercise your rights as a data subject?

You can submit your requests and demands related to your personal data by filling out the Data Controller Application form available on our website,

• Sending it with a wet signature along with a copy of your identity card to “1208th Street No: 6-8D-8E Ostim-Ankara / Turkey”,
• Sending it via email after signing it with a mobile signature or secure e-signature to ums@umsmetal.com.tr,
• Sending it to our KEP address umsmetal@hs01.kep.tr using a secure e-signature or mobile signature.

According to the Communiqué on the Procedures and Principles of Application to the Data Controller, the application must include the name, surname, signature if the application is written, T.C. identification number (passport number or identity number if the applicant is a foreigner), residence or workplace address for notification, email address, telephone number, and fax number for notification, and information about the subject of the request. The relevant person must clearly and understandably specify the subject matter of the request and attach the necessary information and documents to the application.

The issue of the request must be related to the applicant's own person, and if acting on behalf of someone else, the applicant must be specially authorized in this regard and document the authority (power of attorney). Additionally, the application must include identity and address information and the identity-verifying documents must be attached to the application.

Requests made by unauthorized third parties on behalf of others will not be considered.

6.3. How long will it take for the requests and demands of the relevant persons to be answered?

The requests of the relevant persons will be concluded free of charge within at most 30 (thirty) days. However, if the transaction requires an additional cost, a fee may be charged according to the tariff determined by the Personal Data Protection Board.

ARTICLE 7: CHANGES

As UMS Uğur Metal Industry Inc., it is possible for us to make changes to this Personal Data Protection Information Text from time to time. In this case, changes that may be made to the text will be announced by the company. As a rule, changes will become effective on the date the announcement is made by the company, but the company may also notify the changes in other ways it deems appropriate.

Respectfully, UMS Uğur Metal Industry Inc.

• UMS Personal Data Protection-Processing Policy Text
• UMS Customer Information Text
• UMS Customer Explicit Consent Text
• UMS Customer Commercial Electronic Message Text
• UMS Data Controller Application Form
• GDPR Contact