Tufan Demir Celik A.S. Privacy Statement


Effective as of May 25th, 2018

Tufan Demir Celik A.S. aims to take part in ways today’s exemplary companies responsibly communicate through making our communication built on trust, transparency and authenticity with our customers. Our efforts towards ensuring our customers’ and website visitors’ privacy parallel to European Union’s GDPR guidelines is outlined in this privacy statement.

1      Purpose and Scope

1.1     Purpose

This Privacy Statement will help you understand what Personal Data we collect about you, how we use your Personal Data, and what choices you have about our use of your Personal Data.

When we refer to “Tufan” “we” or ‘us” in this Privacy Statement, we are referring to Tufan Demir Celik A.S. We are committed to maintaining the accuracy, confidentiality, and security of your Personal Data. The purpose of this Privacy Statement is to describe how Tufan implements the Privacy Principles parallel to European Union’s GDPR Privacy Regulation.

This Privacy Statement includes a description of the purposes for which we collect and use Personal Data, the types of Personal Data we collect, the types of third parties to which we may disclose your Personal Data and the purposes for doing so, the rights and choices you have for limiting the use and disclosure of your Personal Data, and how to contact us about our practices concerning Personal Data.

1.2     Scope

This Privacy Statement applies to the Personal Data of individuals who seek to be, are, or were customers of Tufan Demir Celik Ltd A.S. (“Customers”), including any Personal Data of individuals collected, used, or disclosed while using our website’s contact form or visit our website (“Site Visitors”).

Revisions to this Privacy Statement. We may revise this Privacy Statement to reflect changes in our legal or regulatory obligations or in the manner in which we deal with your Personal Data. We will communicate any revised version of this Privacy Statement and such revisions will be effective from the time they are communicated, provided that any change that relates to why we collect, use or disclose your Personal Data will not apply to you, where your consent is required to such collection, use or disclosure, until we have obtained your consent to such change.

2      Policy

2.1     Notice

2.1.1   What is Personal Data?

For the purposes of this Privacy Statement, Personal Data is information, including Sensitive Data, that is: (1) about an identified or identifiable individual, (2) received by us in Turkey from the EU or Switzerland, and (3) recorded in any form. Personal Data does not include anonymous or non-personal information (i.e., information that cannot be associated with or tracked back to a specific individual).

2.1.2   What Personal Data Do We Collect?

We may collect and maintain Personal Data from Customers or Site Visitors, who provide us with information on Contact Form. In addition to Personal Data, such as your Internet Protocol (“IP”) address, Tufan may also collect anonymized information from your web browser (such as browser language and browser type), and the actions you take on our website (i.e; web pages viewed and the links clicked).

2.1.3    For What Purposes Do We Collect Personal Data?

The Personal Data we collect is used and disclosed, as required for our business purposes, including complying with our legal obligations and for marketing and product functionality purposes.

  •      We use cookies to make your interactions with Tufan Demir Celik A.S.’s tufaniron.com website easy and useful. When you visit our website, our servers send a Google Analytics cookie to your device. By using Google Analytics pixel, we collect information about our Site Visitors’ utilization and navigation on our website. Such information helps us to better our website design to better suit our Site Visitors’ and customers’ needs. We may also use your IP address to help diagnose problems with our server(s) and to administer our website, analyze new user trends, track Site Visitor movements across internal pages, and gather anonymized broad demographic information, which assists us in identifying Site Visitor preferences on our website. We do not collect User IDs, or pseudonymous identifiers through Google Analytics.
  •    We use anonymized and aggregated data only as a statistical measure. Such data enables us to determine how often certain parts of our website are used and how we can improve them to serve our customers better.
  •    Our contact form is designed to ask for your consent, and will require your Name, and email address, if you choose to provide them, in order to be able to respond to your inquiries effectively. As we may maintain such information, we offer you -European Union and Swiss citizens- the control of such data, and we will respond to data requests within one-month period.
  •    We have taken necessary steps, such as moving our hosting server to EU, set up protection and encryption levels, to reflect our commitment to protecting your privacy.

2.1.4   What Types of Third Parties May Receive Your Personal Data and for

What Purposes?

Service Providers

  •        We may share Personal Data with our service providers to ensure the quality of information provided for conducting our business and services. Unless described in this Privacy Statement, we do not share, sell, rent, or trade any information in any way with third parties for their promotional purposes.

Compelled Disclosure

  • It may be necessary for us to disclose your Personal Data, either by law, legal process, litigation, and or requests from public and governmental authorities within or outside your country of residence. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate. We may also disclose Personal Information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or website visitors.

Relevant information also may be found in notices pertaining to specific data processing activities.

2.2

Choice

We offer Site Visitors and Customers who provide contact information the means to choose how we use the information provided. You may send a request specifying your communications preferences to [email protected].

To update your Personal Data or have your information deleted, please email [email protected] and we will honor your request within one-month period.

Tufan obtains opt-in consent for certain uses and disclosures of Data you provide on our Contact Form. You have a right to withdraw such consent at any time. If we decide to use Personal Data for a purpose other than those that are materially the same as those indicated in this Privacy Statement, individuals shall be offered the opportunity to opt-in to the use. Tufan Demir Celik will make reasonable efforts to accommodate individual privacy preferences to our best ability.

Exceptions. We may disclose your Personal Data without offering an opportunity to opt out, when (1) we retain third-party processors to perform services on our behalf and pursuant to our instructions, (2) required by law or legal process, or (3) responding to lawful requests from public authorities, including to meet online security, public interest or law enforcement requirements.

2.3     Accountability for Onward Transfer

We comply with European Union’s GDPR guidelines for all onward transfers of Personal Information from the EU and Switzerland, including the onward transfer liability provisions.

2.4     Security

We take reasonable and appropriate measures to protect Personal Data from misuse, loss, unauthorized access, disclosure, destruction and alteration, taking into account the nature of the Personal Data. Tufan Demir Celik A.S.’s website security audit performed regularly to independently assess and attest to the effectiveness of website encryption, and security in order to avoid data breaches.

2.5     Data Integrity and Purpose Limitation

We limit the Personal Data we process to ensure relevancy for the purposes of the particular processing. We do not process your Personal Data inconsistently with the purposes for which the information was collected or subsequently authorized by you. Tufan takes reasonable steps to ensure that the Personal Data we process is (1) accurate, complete and current (2) reliable for its intended use. You may contact us as indicated in the Subject Access procedure in section 2.9 below to request that we update or correct relevant Personal Data.

Parallel to GDPR’s rules, we solely retain Personal Data in a way that identifies only for a purpose that is compatible with the purposes for which the Personal Data was collected or subsequently authorized by you.

2.6     Access

You generally have the right to access your Personal Data. Accordingly, where appropriate, we provide you with reasonable access to the Personal Data we maintain about you.

We may limit or deny access to Personal Data where the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question, or where the rights of persons other than you would be violated. Other reasons for denying or limiting access include (1) interference with the execution or enforcement of the law or with private causes of action, including the prevention, investigation or detection of offenses or the right to a fair trial; (2) disclosure where the legitimate rights or important interests of others would be violated; (3) breaching a legal or other professional privilege or obligation; (4) prejudicing employee security investigations or grievance proceedings or in connection with employee succession planning and corporate re-organizations; or (5) prejudicing the confidentiality necessary in monitoring, inspection or regulatory functions connected with sound management, or in future or ongoing negotiations involving the organization.

2.7     Recourse, Enforcement, and Liability

We have mechanisms in place designed to help assure compliance with the European Union’s GDPR Principles. We are conducting series of self-assessments of our Personal Data protection practices in order to review and strengthen our approaches.

You may file a complaint concerning the processing of your Personal Data. Tufan will take steps to remedy issues arising out of our alleged failure to comply with the current principles outlined under GDPR. You may contact us as specified in the Grievance procedure in section 2.10 below about complaints regarding our Personal Data practices.

If your complaint regarding Personal Data cannot be resolved through our internal processes, we will cooperate with a panel of EU data protection authorities to address your complaints and provide you with appropriate recourse.

2.8     Third-Party Controller Transfers

With respect to transfers of your Personal Data to third-party data processors, we will:

  1.      enter into a contract with each relevant service provider as data processor,
  2.      transfer Personal Data to each such data processor only for limited and specified purposes,
  3.      ensure that the data processor is obligated to provide the Personal Data with at least the same level of privacy protection as is required by the EU GDPR Principles,
  4.      take reasonable and appropriate steps to ensure that the data processor effectively processes the Personal Data in a manner consistent with privacy obligations stated under this Privacy Statement.

2.9   Subject Access

To correct, amend, or delete the Personal Data where it is inaccurate or has been processed in violation of the GDPR Principles, [email protected]

If access cannot be granted, Tufan Demir Celik A.S. will respond with a reason for denying your request.

2.10   Grievance procedure

You may file a complaint concerning Tufan Demir Celik’s processing of Personal Data by email at [email protected]. If a failure to comply with the EU GDPR Principles is found, we will take steps to remedy the issue within our best ability.

If a complaint regarding Personal Data cannot be resolved through our internal processes, we will ensure cooperation with EU Data Protection Authorities to address a complaint and provide appropriate recourse free of charge.

2.11 Data Breach

If a breach of Personal Data occurs, we will notify the relevant Data Protection Authorities within 72 hours, subject to likelihood of risk to the Customer or Site Visitor. Affected Customers or Site Visitors who have provided us information via the Contact Form will also be notified regarding the breach.

2.12 Auditing compliance

To verify that this Privacy Statement has been implemented as represented, we will conduct self-assessments of our Personal Data security and privacy practices regularly to ensure privacy protection of our customers and site visitors.

2.13 Record-keeping

We maintain records of:

  1.      the purposes of Personal Data processing;
  2.      the categories of data subjects and of Personal Data processed;
  3.      the categories of recipients, including those in other countries outside of EU and Switzerland;
  4.      the third countries to which Personal Data will be transferred and the instrument used to provide an adequate level of protection;
  5.      a general description of the security measures used to protect Personal Data.

These records shall be provided to the EU Data Protection Authorities upon request.

Inquiries or Concerns? In compliance with the European Union’s GDPR Principles, we are committed to resolving complaints about our collection or use of your Personal Data.  European Union and/or Swiss individuals with inquiries or complaints regarding our Privacy Statement policy should first contact us at: [email protected]

We will endeavor to answer your questions and advise you of any steps taken to address the issues raised by you. If you are unsatisfied with our response, you may be entitled to make a written submission to the EU or Swiss data protection authorities to address your complaints applicable for your jurisdiction.

Here at Tufan Demir Celik A.S., we warmly welcome European Union’s efforts to protect internet users’ privacy while clarifying users’ rights to protect their own data.