RING A.S. TURKEY, FREIGHT, FLEET, VALE, WMS, MICRO, FINANCE

Within the scope of the principles stipulated by the Personal Data Protection Law No. 6698, it fulfills its obligations arising from the Law regarding the processing, deletion, destruction, anonymization, transfer of personal data, informing the relevant person and ensuring data security. In this Privacy and Personal Data Protection Policy, we will try to provide you with information regarding the processing of personal data and inform you in the best way possible.

1. Personal Data Collection Methods and Legal Reasons

RİNG A.Ş. transfers personal data audibly, electronically or in writing through our branches, websites, social media accounts, e-mail, postal mail, CCTV, cookies, fax, notifications from administrative and judicial authorities and other communication channels, according to the Personal Data Protection Law. It collects personal data in accordance with the personal data processing conditions specified in.

Your personal data, RİNG A.Ş. It is processed for different legal reasons depending on the nature of the legal relationship between you and us (for example, employee, candidate employee, physical visitor, online visitor, business solution partner / supplier). We share with you the legal reason we rely on for each type of processing in the relevant information text.

Visitor Information Text

Cookie Policy

2. Purposes for which Personal Data is Processed

RING A.Ş. We aim to ensure that our activities are carried out in accordance with the legislation in all our processes and to provide you with the best service. RİNG A.Ş. processes personal data for different sub-purposes depending on the process in which it processes personal data and the different groups of people whose personal data are processed. Each information text explains in detail the purposes for which personal data are processed. Please refer to the relevant information texts.

3. To whom and for what purpose personal data may be transferred

RING A.Ş. takes care to process your personal data in accordance with the "need to know" and "need to use" principles, ensuring the necessary data minimization and taking the necessary technical and administrative security measures. However, since the conduct or control of business activities, ensuring business continuity, and the operation of digital infrastructures require continuous data flow with different stakeholders, we have to transfer the personal data we process to third parties for certain purposes. In addition, it is very important that your personal data is accurate and up-to-date in order to fully and properly fulfill its contractual and legal obligations. For this, we have to work with various business partners and service providers. Under all circumstances, personal data transfers are carried out through secure environments and channels.

Your personal data is transferred within the company when required by the purpose of processing and only limited to this, and is shared with natural persons or private law legal entities, business partners, affiliates and subsidiaries, suppliers, authorized public institutions and organizations within the framework of the rules specified in the Law. Each information text details the purposes for which personal data are processed and the purposes for which they are transferred to third parties. Please refer to the relevant information texts.

4. Technical and Administrative Measures Taken to Ensure the Security of Personal Data

RİNG A.Ş. undertakes to take all necessary technical and administrative measures and to show due care to ensure the confidentiality, integrity and security of your personal data. In this context, we take the necessary precautions to prevent misuse of personal data, unlawful processing, unauthorized access to data, disclosure, alteration or destruction of data. RING A.Ş. It takes the following technical and administrative measures to prevent unlawful access to the personal data it processes, to prevent unlawful processing of these data, and to ensure the protection of personal data:

Anti-Virus: Periodically updated anti-virus application is installed on all PCs and Servers in RİNG A.Ş.'s information technologies infrastructure.

Firewall: RING A.Ş. The data centers hosting the servers are protected by firewalls loaded with periodically updated software, and the relevant new generation firewalls control the internet connections of all personnel and provide protection against viruses and similar threats during this control.

VPN: It is connected to server systems outside the company via VPN, and the traffic between 2 points is transmitted in an encrypted manner.

User Definitions and Need to Know: RİNG A.Ş. and its employees RİNG A.Ş. Their authority over the systems is limited only to the extent necessary by their job descriptions, and in case of any change in authority or duty, their systemic authority is updated immediately. A comprehensive Information Security and Confidentiality Agreement has also been signed with all employees.

Information security Threat and Incident Management: RİNG A.Ş. Events occurring on servers and firewalls are transferred to the "Information Security Threat and Event Management" system. This system warns responsible personnel when a security threat occurs and provides the opportunity to respond to the threat immediately.

SSL: All areas on the website where personal data is collected are protected by SSL.

Penetration Test: Periodically RİNG A.Ş. Penetration testing of the servers, computers and a sample application in the system is carried out manually by a supplier company. The security vulnerabilities that arise as a result of this test are closed, and a verification test is performed to verify that the relevant security vulnerabilities are closed.

Clean Desk Principle: RİNG A.Ş. In accordance with internal rules, head office and branch employees are obliged to comply with the clean desk principle. It is ensured that personal data in paper form is kept in locked cabinets and can only be accessed by authorized persons.

Although RİNG A.Ş. has taken the necessary information security measures, RİNG A.Ş. platforms operated by or RİNG A.Ş. In case personal data is damaged or obtained by unauthorized third parties as a result of attacks on the system, RİNG A.Ş. It immediately notifies you and the Personal Data Protection Board of this situation and takes the necessary measures.

5. Conditions for Storage of Personal Data and Deletion, Destruction and Anonymization of Personal Data

RING A.Ş. It retains the personal data it processes in accordance with the Law for the periods stipulated in the relevant legislation or required by the purpose of processing. These periods are determined in detail in the Personal Data Storage and Destruction Policy.

RİNG A.Ş. collects and processes personal data from channels such as physical, electronic, website and e-mail within the scope of its business processes, within the periods stipulated by the relevant laws and/or the periods required by the purpose of processing in accordance with Articles 7, 17 of the Law and Article 138 of the Turkish Penal Code. keeps it throughout. If these periods expire, it will delete, destroy or anonymize it in accordance with the provisions of the Regulation on Deletion, Destruction or Anonymization of Personal Data and the Guide on Deletion, Destruction or Anonymization of Personal Data.

RİNG A.Ş. includes in detail the methods for deletion, destruction and anonymization and the technical and administrative measures taken within the scope of the Personal Data Storage and Destruction Policy that we have prepared in accordance with the Regulation on Deletion, Destruction or Anonymization of Personal Data.

6. What are the rights of the relevant persons on their personal data and how can they exercise these rights?

Relevant persons whose personal data are processed have the right to learn whether personal data is being processed or not; Request information regarding personal data if they have been processed; Learning the purpose of processing personal data and whether they are used for their intended purpose; Knowing the third parties to whom personal data is transferred at home or abroad; Request correction of personal data if they are incomplete or incorrectly processed; Request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVK Law; Request that the transactions carried out in accordance with paragraphs (d) and (e) be notified to third parties to whom personal data is transferred; Object to the emergence of a result that is unfavorable to the person by analyzing the processed data exclusively through automatic systems; In case of damage due to unlawful processing of personal data, they have the right to demand compensation for the damage.