• Personal Data Protection Policy

Personal Data Protection Policy

WORLD CAR AUTOMOTIVE INDUSTRY AND TRADE LIMITED COMPANY

PERSONAL DATA PROTECTION AND PROCESSING POLICY

 

  1. ENTRANCE

1.1.Purpose and Scope of the Policy

The Law on the Protection of Personal Data No. 6698 (“Law” ) entered into force on April 7, 2016; this World Car Automotive Industry and Trade Limited Company Personal Data Processing and Protection Policy ( “Policy” ) aims to ensure World Car Automotive Industry and Trade Limited Company’s ( Company” ) compliance with the Law and to determine the principles to be followed by the Company in fulfilling its obligations regarding the protection and processing of personal data.

The Policy determines the conditions for processing personal data and sets out the main principles adopted by the Company in the processing of personal data. In this context, the Policy covers all personal data processing activities by the Company within the scope of the Law, the owners of all personal data processed by the Company and all personal data processed by the Company.

1.2.Entry into Force and Amendment

The Policy has been published on the Company's website and made available to the public. In the event of conflict between the current legislation, particularly the Law, and the regulations set forth in this Policy, the provisions of the legislation shall apply.

reserves the right to make changes to the Policy in line with legal regulations . The current version of the Policy can be accessed from the Company website https://www.worldcar.com.tr/kvk-politikasi/ .

  1. PERSONS CONCERNED WITH REGARDS TO PERSONAL DATA PROCESSING ACTIVITIES CONDUCTED BY OUR COMPANY, DATA PROCESSING PURPOSES AND DATA CATEGORIES

2.1.Related Persons

The relevant persons within the scope of the Policy are all natural persons other than the Company employees whose personal data are processed by the Company. In this context, the general categories of relevant persons are as follows:

Customer                   :

It refers to real persons who benefit from the products and services offered by the Company.

Potential Customer :

It refers to real persons who show interest in using the products and services offered by the Company and have the potential to become customers.

Visitor                        :

It refers to real persons who visit the company, store, campus and website.

Third Parties             :

Refers to real persons excluding the categories of relevant persons listed above and Company employees.

The categories of relevant persons are specified for the purpose of sharing general information. The fact that the relevant person does not fall into any of these categories does not eliminate his/her qualification as a relevant person as stated in the Law.

2.2.Purposes of Processing Personal Data

Your personal data and special personal data may be processed by the Company for the following purposes in accordance with the personal data processing conditions set out in the Law and relevant legislation:

Conducting Internal Company Operations                                  :

  1. Planning, Auditing and Execution of Information Security Processes
  2. Creation and Management of Information Technologies Infrastructure
  3. Planning and Execution of Employees' Access Authorizations to Information Systems
  4. Event Management
  5. Monitoring of Finance and Accounting Affairs
  6. Planning and Execution of Activities for Performing Effectiveness/Efficiency and Appropriateness Analysis of Business Activities
  7. Planning and Execution of Business Activities
  8. Planning and Execution of Access Authorizations to Information Systems of Business Partners and Suppliers
  9. Planning and Execution of Business Continuity Activities

10.  Planning and Execution of Corporate Communication Activities

11.  Planning and Execution of Corporate Sustainability Activities

12.  Planning and Execution of Corporate Governance Activities

13.  Planning and Execution of Logistics Activities

14.  Planning and Execution of Production and Operation Processes

Activities with Legal, Technical and Administrative Results     :

  1. Planning and Execution of Emergency Management Processes
  2. Planning and Execution of Occupational Health and Safety Processes
  3. Implementation of Credit Process Risk Management
  4. Initiating the Claims Process and Completing the Claims File
  5. Following up on legal matters
  6. Providing Information to Authorized Institutions Regarding Legislation
  7. Creating and Tracking Visitor Records
  8. Planning and Execution of the Company's Production and Operational Risk Processes
  9. Carrying out corporate and partnership law transactions

10.  Ensuring the Security of Company Operations

11.  Ensuring the Security of Company Campuses and Facilities

12.  Planning and Execution of the Company's Financial Risk Processes

13.  Ensuring the Security of Company Assets and Resources

14.  Planning and Execution of Company Audit Activities

15.  Issuance of Insurance Policies

16.  Applications for various transactions by partners, first degree relatives of partners and Board Members

17.  Planning and Execution of Necessary Operational Activities to Ensure That Company Activities Are Carried Out in Accordance with Company Procedures and Relevant Legislation

18.  Ensuring Data is Accurate and Up-to-date

Customer-facing processes and operations                      :

  1. Tracking of Loan Payment Transactions
  2. Planning and Execution of After Sales Support Services Activities
  3. Planning and Execution of Sales Processes of Products and Services
  4. Monitoring Contract Processes and Legal Requests
  5. Planning and Execution of Customer Relationship Management Processes

Financial Operations                                                          :

  1. Banking Transactions
  2. Making Damage Payment
  3. Making Damage Payments to Individuals
  4. Collection of Insurance Policy Premiums of Individuals
  5. Collection of Policy
  6. Pricing of Insurance Policy

Strategy Planning & Business Partners/Supplier Management            :

  1. Management of Relationships with Business Partners and/or Suppliers
  2. Execution of Strategic Planning Activities

Marketing Operations                                                        :

  1. Planning and Execution of Processes to Create and Increase Loyalty to the Products and Services Offered by the Company
  2. Planning and Execution of Market Research Activities for Sales and Marketing of Products and Services
  3. Planning and Execution of Marketing Processes of Products and Services
  4. Planning and Execution of Customer Satisfaction Activities

2.3.Categories of Personal Data

Your personal data, categorized below, is processed by the Company in accordance with the personal data processing conditions set forth in the Law and relevant legislation:

Identity Information                                   :

All information regarding the identity of the person included in documents such as driver's license, identity card, residence, passport, attorney's ID, marriage certificate.

Contact Information                                   :

Information for contacting the relevant person, such as telephone number, address, e-mail.

Customer Information                                :

Information obtained and produced about the relevant person as a result of our commercial activities and the operations carried out by our business units within this framework.

Family Members and Relatives Information       :

Information about the family members and relatives of the relevant person processed in relation to the products and services we offer or to protect the legal interests of the Company and the relevant person.

Customer Transaction Information                      :

Information such as records regarding the use of our products and services and the customer's instructions and requests for use of our products and services.

Physical Space Security Information        :

Personal data regarding records and documents such as camera recordings and fingerprint records taken at the entrance to the physical location and during the stay in the physical location.

Transaction Security Information             :

Your personal data processed to ensure our technical, administrative, legal and commercial security while conducting our commercial activities.

Financial Information                                 :

Personal data processed regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship our company has established with the relevant person.

Legal Procedures and Compliance Information :

Personal data processed within the scope of determining and following our legal receivables and rights, fulfilling our debts, and complying with our legal obligations and our Company's policies.

Audit and Inspection Information                         :

Personal data processed within the scope of our company's legal obligations and compliance with company policies.

Special Quality Data                                    :

Data regarding individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, appearance and dress, membership of associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data are special personal data.

Marketing Information                               :

Personal data processed for the customization and marketing of our products and services in line with the usage habits, tastes and needs of the relevant person, and the reports and evaluations created as a result of this processing.

Request/Complaint Management Information    :

Personal data regarding the receipt and evaluation of any requests or complaints directed to our company.

Reputation Management Information                  :

Information collected for the purpose of protecting the commercial reputation of our company, information on the evaluation reports created in this regard, and information on the actions taken.

Incident Management Information                       :

Personal data processed to take the necessary legal, technical and administrative measures against developing events in order to protect the commercial rights and interests of our company and the rights and interests of our customers.

  1. PRINCIPLES AND CONDITIONS REGARDING THE PROCESSING OF PERSONAL DATA

3.1.            Principles Regarding the Processing of Personal Data

Your personal data is processed by the Company in accordance with the personal data processing principles set forth in Article 4 of the Law. These principles must be complied with for each personal data processing activity:

  • Processing of personal data in accordance with the law and the rules of honesty; The Company acts in accordance with the laws, secondary regulations and general principles of law in the processing of your personal data; attaches importance to processing personal data limited to the purpose of processing and taking into account the reasonable expectations of the relevant person.
  • Personal data is accurate and up-to-date; Care is taken to ensure that your personal data processed by the Company is up-to-date and that checks are carried out in this regard. In this context, the relevant persons are granted the right to request correction or deletion of their inaccurate and out-of-date data.
  • Processing of personal data for specific, clear and legitimate purposes; The Company determines the purposes of data processing before each personal data processing activity and takes care that these purposes are not unlawful.
  • Personal data must be connected, limited and proportionate to the purpose for which it is processed; the Company limits its data processing activity to the personal data necessary to achieve the purpose of collection, and takes the necessary steps to ensure that personal data that is not related to this purpose is not processed.
  • Storing personal data for the period required by legislation or processing purposes; After the purpose of processing personal data by the Company is eliminated or after the period stipulated in the legislation expires, personal data is deleted, destroyed or anonymized.

3.2.            Conditions Regarding the Processing of Personal Data

Your personal data is processed by the Company if at least one of the personal data processing conditions set forth in Article 5 of the Law is present. Explanations regarding the conditions in question are provided below:

  • The explicit consent of the relevant person In cases where other data processing conditions do not exist, the Company may process the personal data of the relevant person in accordance with the general principles set out under heading 3.1, provided that the relevant person gives his/her consent of his/her own free will, with sufficient information regarding the personal data processing activity, in a manner that leaves no room for hesitation and limited only to that transaction.
  • the personal data processing activity is clearly prescribed by law , the Company may process personal data without the explicit consent of the relevant person. In this case, the Company will process personal data within the framework of the relevant legal regulation.
  • the explicit consent of the relevant person cannot be obtained due to a de facto impossibility and personal data processing is mandatory , the personal data of the relevant person who is unable to express his/her consent or whose consent cannot be validated will be processed by the Company if personal data processing is mandatory in order to protect the life or physical integrity of the relevant person or a third party.
  • Personal data processing activity is directly related to the establishment or performance of a contract. In this case, if it is necessary to process personal data of the parties to the contract established or already signed between the relevant person and the Company, personal data processing activity will be carried out.
  • It is mandatory for the data controller to process personal data in order to fulfill his legal obligations. In this case, the Company processes personal data in order to fulfill its legal obligations under the current legislation.
  • The person concerned has made his/her personal data public, Personal data that has been disclosed to the public by the relevant person in any way and made available to everyone as a result of being made public may be processed by the Company for the limited purpose of making it public, even without the explicit consent of the relevant person.
  • Personal data processing is mandatory for the establishment, exercise or protection of a right. in case, The Company may process the personal data of the relevant person without the explicit consent of the relevant person within the scope of necessity.
  • Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person. In this case, personal data may be processed by the Company, provided that the balance of interests between the Company and the person concerned is observed. In this context, in processing data based on legitimate interest, the Company first determines the legitimate interest it will obtain as a result of the processing activity. It evaluates the possible impact of the processing of personal data on the rights and freedoms of the person concerned and carries out the processing activity if it believes that the balance is not disrupted.

3.3.            Special Qualified Personal Data To be processed Related Conditions

Article 6 of the law specifies special personal data in a limited number. These are; data regarding the race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, appearance and dress, membership of associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.

The Company may process special personal data in the following cases, by ensuring that additional measures are taken by the Personal Data Protection Board:

  • Processing of special personal data other than health and sexual life can be done if the person concerned gives explicit consent or if it is clearly provided for in the law.
  • Personal data regarding health and sexual life, However, it may be processed without the explicit consent of the person concerned, by persons or authorized institutions and organizations under a confidentiality obligation, for the purposes of protecting public health, providing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and their financing.
  1. TRANSFER OF PERSONAL DATA

The Company may transfer personal data domestically or abroad if the conditions for transfer of personal data are met, in accordance with the additional regulations listed in Articles 8 and 9 of the Law and determined by the Personal Data Protection Board.

  • Transfer of personal data to third parties within the country : If at least one of the data processing conditions set out in Articles 5 and 6 of the Law and explained under Title 3 of this Policy is present and provided that the basic principles regarding data processing conditions are complied with, your personal data may be transferred by the Company.
  • Transfer of personal data to third parties abroad In cases where the person does not give explicit consent, your personal data may be transferred abroad by the Company, provided that at least one of the data processing conditions set out in Articles 5 and 6 of the Law and explained under Title 3 of this Policy is present and the basic principles regarding data processing conditions are complied with.

If the country to which the transfer will be made is not one of the safe countries declared by the Personal Data Protection Board, personal data may be transferred to third parties abroad, provided that the Company and the data controller in the relevant country undertake in writing to provide adequate protection, and that the Personal Data Board permits this process and at least one of the data processing conditions in Articles 5 and 6 of the Law (see Policy Title 3) is present.

Within the scope of the general principles of the Law and the data processing conditions set forth in Articles 8 and 9, the Company may transfer data to the parties categorized in the table below:

SHARED PARTY CATEGORIZATION

SCOPE

PURPOSE OF TRANSFER

Business Partner

Parties with whom the Company establishes business partnerships while conducting its commercial activities

Sharing of personal data on a limited basis to ensure the fulfilment of the purposes for which the business partnership was established

Supplier

Parties that provide services to the Company to carry out its commercial activities in accordance with the instructions received from the Company and based on the contract between the Company and the Company.

Transfer limited to receiving outsourced services from the supplier

Participation

Companies affiliated with the Company

Transfer of personal data limited to the purpose of carrying out commercial activities requiring the participation of affiliates

Legally Authorized Public Institution

Public institutions and organizations legally authorized to receive information and documents from the Company.

Sharing of personal data limited to the purpose of requesting information from relevant public institutions and organizations

Legally Authorized Private Institution

Private law persons who are legally authorized to receive information and documents from the Company.

Sharing of data limited to the purpose requested by the relevant private legal persons within their legal authority

  1. INFORMATION OF THE RELATED PERSONS AND THE RIGHTS OF THE RELATED PERSONS

According to Article 10 of the Law, before the processing of personal data or at the latest at the time of processing personal data, the relevant persons must be informed about the processing of personal data. In accordance with the relevant article, the necessary internal structure has been established in order to ensure that the relevant persons are informed in every case where the personal data processing activity is carried out by the Company as the data controller. In this context;

  • For the purpose of processing your personal data, please review section 2.2 of the Policy .
  • For the parties to whom your personal data is transferred and the purpose of transfer, please review Section 4 of the Policy .
  • Please see sections 3.2 and 3.3 of the Policy to review the conditions regarding the processing of your personal data, which may be collected through different channels in physical or electronic environments.
  • We would like to point out that, as the relevant person, you have the following rights pursuant to Article 11 of the Law:
  • To learn whether your personal data is being processed,
  • Request information regarding your personal data if it has been processed,
  • To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
  • To know the third parties to whom your personal data is transferred, either domestically or abroad,
  • To request correction of your personal data if it is processed incompletely or incorrectly and to request that the action taken in this context be notified to third parties to whom your personal data has been transferred,
  • Requesting the deletion or destruction of personal data in case the reasons requiring processing are eliminated, even though it has been processed in accordance with the Law and other relevant legal provisions, and requesting that the action taken within this scope be notified to third parties to whom your personal data has been transferred,
  • To object if a result against you arises as a result of the analysis of processed data exclusively through automatic systems,
  • To request compensation in case you suffer damage due to the unlawful processing of your personal data.

your applications regarding your rights listed above to our Company in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller. Depending on the nature of your request, your applications will be finalized free of charge as soon as possible and within thirty days at the latest; however, if the transaction requires an additional cost, you may be charged a fee according to the tariff determined by the Personal Data Protection Board.

During the evaluation of applications, the Company first determines whether the person making the request is the real beneficiary. However, if deemed necessary, the Company may request detailed and additional information to better understand the request.

The Company's responses to applications from relevant persons are notified to the relevant persons in writing or electronically. If the application is rejected, the reasons for rejection will be explained to the relevant person with justification.

If personal data is not obtained directly from the relevant person, the Company carries out activities to inform the relevant persons (1) within a reasonable period of time after the personal data is obtained, (2) during the first communication if the personal data will be used for communication purposes with the relevant person, (3) at the latest when the personal data is transferred, if the personal data is to be transferred .

  1. DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

In the event that the reasons requiring processing of personal data are eliminated, despite the fact that it has been processed in accordance with the law in accordance with Article 7 of the Law, the Company shall delete, destroy or anonymize it ex officio or upon the request of the relevant person, in accordance with the guidelines published by the Institution.

  1. SCOPE OF THE LAW AND RESTRICTIONS ON ITS APPLICATION

The following situations are outside the scope of the Law:

  • Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not disclosed to third parties and that obligations regarding data security are complied with.
  • Processing of personal data by making it anonymous with official statistics for purposes such as research, planning and statistics.
  • freedom of expression, provided that it does not violate national defence, national security, public safety, public order, economic security, privacy or personal rights or does not constitute a crime .
  • Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security .
  • Personal data for investigation , prosecution , trial or execution processes processing by judicial authorities or execution authorities in relation to .

In the cases listed below, the Company is not required to inform the relevant persons and the relevant persons will not be able to exercise their rights specified in the Law, except for their rights regarding compensation for damages:

  • Personal data processing is a crime prevention or investigation of crime be necessary for .
  • Relating to Processing of personal data made public by the person himself .
  • Supervision or regulation of personal data processing by authorized public institutions and organizations and professional organizations with the status of public institutions , based on the authority granted by law . their duties conducting disciplinary investigations or prosecutions be necessary for .
  • Personal data processing It is necessary to protect the economic and financial interests of the State in relation to budget , tax and financial matters .

Whatsapp Telefon
Copyright © 2025 www.worldcar.com.tr - All rights reserved