This The Data Subject Application Procedure have been prepared by Şampiyon Filtre Pazarlama Ticaret ve Sanayi A.Ş. (“Company”) in accordance with the Law on the Personal Data Protection Law No. 6698 ("LPPD") and the Communique on Application Procedures and Principles for the Data Controller, in order to determine the management and notification processes of the applications of the data subjects as the Data Controller.
Written application: Article 13 of the LPPD stipulates that the application needs be made "in writing or by other methods to be determined by the Personal Data Protection Board (“Board”)". Other application methods that should be determined by the Board have not been determined yet. Therefore, the application process has been preferred by our company over “written” methods. Applications to our company needs be made using the application form attached to this Procedure. In order to comply with the written form, applications to our Company must be made as follows: • Physical application: Application will be received by hand delivery at the Company's headquarters. • Application through notary public: Applications for personal data subjects sent to the Company's address through a notary public needs to be delivered to the Personal Data Officer Contact Person (“Contact Person”) on the same day. • Electronically signed application: Needs to be sent by the applicant using the "secure electronic signature" or “mobile signature” defined in the Law on Electronic Signature No: 5070 or it needs to be sent to Company's registered e-mail address firstname.lastname@example.org via electronic mail address previously notified by the data subject to the data controller and registered in our Company’s system. • Application via Registered Electronic Mail (KEP): Needs to be sent to the registered e-mail address (KEP) of the Company email@example.com by the applicant in written form.
The data subject's application must include the following information:
If the application of the data subject will be answered in writing, no fee shall be charged for up to ten pages related to that application. A transaction fee of 1 Turkish Lira may be charged for each page above ten pages by the Data Controller. If the answer to the application is given in a recording medium such as CD or flash memory, the fee that may be requested by the Data Controller cannot exceed the cost of the recording medium.
Data subject requests must be evaluated and concluded as soon as possible and within 30 days from the date of application at the latest. For the applications submitted through registered mail, the date which the document is notified to the data controller or representative; for applications submitted through other means, the date which the document reaches to the data controller is deemed the application date. In order for the applications to be answered in a timely manner, the following periods and processes will be operated within the Company for processing requests.
(i) The application needs to be recorded and examined by the Customer Services Management Unit. (ii) It needs to be determined whether the person is authorized to apply by checking his / her identity information. (iii) Transactions made in the above-mentioned stages, transaction and time facts, incident records, documents and query results needs be recorded by the Data Controller Contact Person.
All applications are answered by the Data Controller Contact Person after getting approval of the legal department. Reply within 30 days: The company reviews the requests included in the application. Depending on the nature of the request, the Company is obliged to fulfill the request as soon as possible or, in any case, within thirty (30) days at the latest. If no answer is given within this period, the applicant may file a complaint to the Board.
Explanations regarding the application should include a clear and detailed explanation of the subject requested by the data subject. If the request of the data subject is accepted, the requirement of the request shall be fulfilled as soon as possible and the relevant person shall be informed. If the request of the data subject is rejected, the reason for the rejection shall be specified in accordance with the LPPD.
Replies to applications made through physical application and notary: The answer shall be printed on the Company's letterhead paper and signed in two copies by the person appointed as authority within the scope of the Company's Personal Data Protection and Processing Policy. The answer shall be given to the correspondence to be forwarded to the applicant via mail. Replies made by electronic signature: Replies needs to be signed using secure electronic signature by the authorized person appointed within the scope of the Company's Personal Data Protection and Processing Policy on a letterhead paper. The answer shall be sent to the applicant's e-mail account. The coverage documents and results related to the relevant application are stored in the electronic directory created in this regard. A copy of the written submission record is also kept in the archive. Applications made through the registered electronic mail (KEP) method: The answer needs to be printed on the Company's letterhead paper and sent to the applicant's registered electronic mail address by the person appointed as the authority within the scope of the Company's Personal Data Protection and Processing Policy.
In case the application is rejected, the response given by the data controller is found to be insufficient or the application is not responded in time; data subject can make a complaint to the Board within 30 (thirty) days from the date of learning the response of the Company, and in any case within 60 (sixty) days from the date of application. For this reason, incoming applications should be examined carefully and answered as soon as possible.
If it is determined that the personal data of a data subject has been illegally obtained, processed or transferred to third parties, this situation will be immediately reported to the General Manager in writing and with the relevant documents. Pursuant to Article 12/5 of the LPPD, in case the processed personal data is obtained by others illegally, the procedures and rules specified in the Personal Data Violation Notification Procedure, especially the notification obligation, will be applied. The Contact Person will report to the General Manager every 3 months regarding the incoming applications and the answers given to such applications and submit his/her suggestions if there are any.