As Ekşi Modern Tarım San. ve Tic. Ltd. Şti. (hereinafter referred to as "Vita Verde"), our priority is to process the personal data of individuals, including our customers, suppliers, and employees, in accordance with the Constitution of the Republic of Turkey, international agreements related to human rights to which our country is a party, and primarily the Law No. 6698 on the Protection of Personal Data ("KVKK"), as well as relevant legislation, and to ensure that the rights of the data subjects are effectively exercised.
Therefore, including but not limited to; the processing, storage, and transfer of all personal data obtained through automatic means or as part of any data recording system, during our activities, including that of our employees, suppliers, customers, and users visiting our website, is carried out in accordance with the Vita Verde Personal Data Protection and Processing Policy (hereinafter referred to as "Policy").
The protection of personal data and the consideration of the fundamental rights and freedoms of individuals from whom personal data is collected is a fundamental principle of our policy on the processing of personal data. Therefore, we conduct all our activities involving the processing of personal data by respecting privacy, confidentiality of communication, freedom of thought and belief, and the right to effective legal remedies. We take all administrative and technical protection measures required by the nature of the data in accordance with the legislation and current technology for the protection of personal data.
This Policy describes the methods we follow regarding the processing, storage, transfer, and deletion of personal data shared during our commercial or social responsibility activities in accordance with the principles mentioned in KVKK.
All personal data processed by the Company, including our customers, business connections, business partners, employees, suppliers, potential customers, and other third parties, fall within the scope of this Policy.
Our Policy applies to all activities related to the processing of personal data that are owned by or managed by the Company and has been prepared in accordance with KVKK, other relevant legislation on personal data, and international standards in this field.
This section briefly explains the special terms, expressions, concepts, abbreviations, etc., used in the Policy.
The Personal Data Protection Committee, composed of representatives from Human Resources, Accounting, IT, Quality, Sales Departments, and Top Management within Vita Verde, is responsible for drafting and updating this policy. In the event of any behavior contrary to the principles outlined in this Policy, the Personal Data Protection Committee will evaluate the situation in accordance with the Personal Data Breach Incident Management Procedure.
Under KVKK, as a data controller, the legal obligations regarding the protection and processing of personal data are listed below:
When collecting personal data as the data controller;
We have an obligation to inform the Data Subject about these matters.
As a company, we strive to ensure that this Policy, which is public, is clear, understandable, and easily accessible.
As a data controller, we take the administrative and technical measures required by the legislation to ensure the security of personal data under our responsibility. The obligations regarding data security and the measures taken are detailed in sections 9 and 10 of this Policy.
Personal data refers to any information relating to an identified or identifiable natural person. The protection of personal data only applies to natural persons, and information that does not relate to natural persons is excluded from personal data protection. Therefore, this Policy does not apply to data related to legal entities.
Special categories of personal data include information about a person’s race, ethnic origin, political opinions, philosophical beliefs, religion, sect, or other beliefs, appearance and attire, membership in associations, foundations, or trade unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.
We process personal data according to the principles outlined below.
As a company, we process personal data for purposes including but not limited to the following:
Special categories of personal data are processed by us only if legally required and if administrative and technical measures mandated by the KVK Board are taken, and with explicit consent, or in cases where the legislation requires it.
Special categories of personal data related to health and sexual life may be processed by persons or authorized institutions who are under the obligation of confidentiality, for purposes such as protecting public health, preventive medicine, medical diagnosis, treatment, and care services, and planning and managing health services and financing. Such data is not processed by us except for our employees' data. Data related to our employees may be processed by those authorized by law.
Personal data you share with us during your application process as a job applicant, including resumes, diplomas, and other documents, is processed, stored, and transferred for the purpose of evaluating your job application. The processing, transfer, and storage of personal data shared by you as a job applicant are governed by this Policy and the Personal Data Protection Policy for Job Applicants.
We may process personal data without explicit consent in the following exceptional cases mandated by law:
Exceptional situations where special categories of personal data may be processed without the data subject's explicit consent are specified in Article 7.4 of this Policy.
As a company, we act in accordance with the decisions and regulations of the KVK Board regarding the transfer of personal data as stipulated by KVKK.
Except for cases specified by legislation, personal data and special categories of personal data are not transferred to other individuals or legal entities by us without the explicit consent of the data subject or, in the case of the data subject being under 18 years old, their guardian or legal representative.
In exceptional cases as stipulated by KVKK and other relevant legislation, personal data may be transferred to authorized administrative or judicial institutions without the explicit consent of the data subject or, if the data subject is under 18 years old, their guardian or legal representative, in accordance with the legislation.
Additionally, in exceptional cases as provided by the legislation and in the cases described in Article 7.7 of this Policy, and for special categories of personal data mentioned in Article 7.4 of this Policy, and provided that the necessary measures prescribed by the KVK Board and relevant legislation are taken, personal data related to health and sexual life of the data subject may be transferred without explicit consent for purposes such as protecting public health, preventive medicine, medical diagnosis, treatment and care services, and planning and managing health services and financing, to persons or authorized institutions under the obligation of confidentiality.
As a rule, personal data is not transferred abroad without the explicit consent of the data subject or, in the case of the data subject being under 18 years old, their guardian or legal representative. However, in cases where the exceptions outlined in Articles 7.4 and 7.7 of this Policy apply, personal data may be transferred to third parties abroad only:
In these cases, personal data can be transferred abroad without explicit consent.
Personal data can be transferred, including but not limited to:
In accordance with the principles and rules mentioned above, the conditions and purposes stated in Articles 8 and 9 of the Law can be applied.
To protect personal data, including but not limited to:
To protect your personal data, including but not limited to:
Personal data will be stored for the period required by the relevant legislation or for the purpose for which it is processed. Except for the retention periods stipulated by the legislation, personal data will be stored for the duration necessary for the purpose of processing. In cases where personal data is processed for multiple purposes, if the purposes of processing the data cease or if the data subject is a person under 18 years of age, personal data will be deleted or destroyed upon request from the data subject's guardian or legal representative, provided that there is no legal obstacle in the legislation. Disposal or deletion of personal data will comply with legal regulations and KVK Board decisions.
Our obligations regarding the security of personal data include taking administrative and technical measures based on technological opportunities and implementation costs to prevent unlawful processing of personal data and to ensure lawful storage.
We take administrative and technical measures to prevent the unlawful disclosure of personal data and update these measures according to our relevant procedures. In the event that we detect unauthorized disclosure of personal data, we create systems and infrastructures to notify the Data Subject or, if the Data Subject is under 18, their guardian or legal representative, and the KVK Board.
Despite all administrative and technical measures taken, in case of unlawful disclosure, the KVK Board may publish this situation on its website or through other methods if deemed necessary.
We inform the Personal Data Subject in line with our obligation to inform and establish systems and infrastructures for this notification. We make the necessary technical and administrative arrangements for the Personal Data Subject to exercise their rights regarding their personal data.
The Personal Data Subject can submit their request regarding their personal data using the "KVKK Application Form" available on our website or by sending it in writing with a wet signature to info@VitaVerde.com.tr. In the application, the request should be clear and understandable, the subject of the request should be related to the applicant's own data, or if acting on behalf of someone else, special authority should be documented, and the application should include identity and address information along with documents proving identity. If the Personal Data Subject is under 18, the guardian or legal representative must send the application with the relevant documents proving the identity of the Personal Data Subject.
Such requests are to be made individually, and requests from unauthorized third parties will not be considered.
The response time for personal data requests, depending on their nature, will be as soon as possible and in any case within 30 (thirty) days free of charge, or if the KVK Board announces a fee in its published tariff, for a fee according to the tariff. Additional information and documents may be requested during the application or evaluation process.
Applications regarding personal data;
will be rejected with justification.
To start the response period mentioned in Article 11.2.1 of this Policy, requests must be sent with the data subject's identification information and documents, written and signed, via other methods determined by the KVK Board. If the data subject is under 18 years old, the parent or legal representative must send the request with identification documents of the data subject along with the aforementioned documents.
If the request is accepted, the relevant process will be applied, and notification will be made in writing or electronically. If the request is rejected, the reason will be explained, and the applicant will be informed in writing or electronically.
In the case of rejection of the application, the response being found inadequate, or no response being provided within the period; the applicant has the right to appeal to the KVK Board within 30 (thirty) days from the date of learning the response and in any case within 60 (sixty) days from the application date.
This Privacy Policy includes our policy regarding your personal data while providing services related to our company's website.
In accordance with the Personal Data Protection Law No. 6698 ("KVKK"), as the Data Controller, we inform you that your personal data requested and shared with us will be recorded, stored, preserved, reorganized, shared with institutions authorized to request this data by law, transferred to domestic or foreign third parties as per KVKK provisions, assigned, classified, and processed in other ways as specified in KVKK within the framework of the purpose and duration of processing.
Users; for the purposes of job application, making requests and suggestions, introducing themselves, and tracking user preferences more closely, acknowledge that they share personal data such as name, surname, email, and job applications on our web page with us voluntarily and with explicit consent in accordance with the Law No. 6698, and that this data is requested for introducing themselves, providing better service, and informing them about their application, complaints, and site activities and innovations. During visits, traffic data may be processed as the provider of the place.
Your personal data may be recorded, stored, and managed for identifying the details of the transaction, preparing and organizing all necessary receipts, records, and documents, maintaining records and documents for legal durations, ensuring transaction security, fulfilling obligations related to information retention, reporting, and informing by public institutions or other authorities, and evaluating personal data shared during job applications. It may be transferred to legally authorized public and private legal entities as permitted by laws and regulations.
All personal data shared with us will be stored in accordance with the privacy principles as per Article 12 of the KVKK. Except for exceptions specified in the law, these personal data will only be shared with authorized employees of the company or public institutions and organizations legally entitled to request this data, based on the users' explicit consent.
For ensuring security and continuity of operations, our company monitors guest entries and exits with security cameras inside and outside the company buildings, and personal data is processed in accordance with the Constitution, KVKK, and other relevant legislation.
Visitor images are recorded through camera systems at building entrances and within the building to ensure security, improve service quality, and protect the security of the company, visitors, and others. Only a limited number of company employees have access to digitally recorded and stored data, and they have signed confidentiality agreements to maintain the privacy of accessed data. Live camera feeds can be monitored by external security personnel.
In accordance with Article 12 of the KVKK, technical and administrative measures are taken to ensure the security of personal data obtained through camera monitoring. Log records of internet access provided to guests are recorded according to Law No. 5651 and relevant regulations; these records are processed only when requested by authorized public institutions or during company audits to fulfill legal obligations.
Access to the obtained log records is limited to a few employees who have signed confidentiality agreements and is used only for requests from authorized public institutions or during audit processes, and is shared with legally authorized persons. Internet activities on the company's websites are recorded in accordance with the law and relevant regulations to ensure that visitors use the sites appropriately.
In accordance with Article 7 of the KVKK and other relevant legal provisions (Article 138 of the Turkish Penal Code), even if personal data has been processed, it will be deleted or destroyed by the data controller upon the company's decision or the data subject's request when the reasons for processing cease to exist. Provisions related to deletion or destruction of personal data in other laws remain reserved.
Our company uses deletion or destruction techniques such as permanent deletion by the company's technical personnel or an expert, physical destruction, or secure deletion from existing software. Anonymization techniques used include aggregation, derivation, masking, and hashing, and if the reasons for processing cease to exist, personal data may be anonymized by our company or its affiliates. Anonymized personal data will not be subject to KVKK and may be processed for purposes such as research and statistics.
This Policy is maintained in both printed and electronic forms.
This Policy is reviewed periodically by the Company and updated as necessary in accordance with laws, regulations, and internal company principles.
This Policy becomes effective upon publication on our company's website.