+90 262 781 8000 green@green-chemicals.com

# Creating an English translation HTML for the provided KVKK Employee Privacy Notice
content = r"""




INFORMATION NOTICE FOR EMPLOYEES OF GREEN CHEMICALS KİMYASAL MADDELER SANAYİ TİCARET ANONİM ŞİRKETİ

Dear Employee,

As GREEN CHEMICALS KİMYASAL MADDELER SANAYİ TİCARET ANONİM ŞİRKETİ (“GREEN”), we attach great importance and sensitivity to your personal data. Within the scope of our obligation to inform regulated under the Law on the Protection of Personal Data No. 6698 (“Law”), we would like to provide the following information to you by means of this information notice (“Employee Information Notice”) regarding all personal data (including “Special Categories of Personal Data” as defined in the Law) retained within GREEN:


  1. INTRODUCTION


    Protecting your personal data is among GREEN’s top priorities. As a matter of general policy, GREEN has adopted the principle of acting in full compliance with the regulations on the protection of personal data in Turkish legislation and shows utmost effort in this regard. Our Company’s Personal Data Protection and Processing Policy (“PDP Policy”) and Personal Data Retention and Destruction Policy (“Retention & Destruction Policy”) (together referred to as the “Company PDP Policies”) set out the procedures and principles to be followed by Employees, natural and legal persons acting on behalf of GREEN, GREEN’s suppliers, solution partners and business partners, so that GREEN can put this principle into practice. With the Company PDP Policies, the fundamental principles adopted to ensure compliance of the data processing, protection, deletion, destruction and anonymization activities carried out by our Company with the provisions of the Law are explained; our Employees and other personal data subjects are informed about the procedures and principles concerning the activities performed by our Company on their personal data in order to ensure the necessary transparency. Our Company is fully aware of its responsibilities and obligations within the scope of personal data protection and processes and protects your personal data in accordance with the Company PDP Policies and the Law No. 6698.


    GREEN undertakes to keep personal information private and confidential and to take all appropriate measures and exercise due care to prevent all or any part of such information from entering the public domain, from being used without authorization, or disclosed to a third party. This obligation shall not apply where the exceptions set forth herein or statutory exceptions exist, or where you make your personal information publicly available.


  • PROCESSING OF YOUR PERSONAL DATA


    This section contains specific provisions regarding the processing of our Employees’ personal data.


  1. Personal Data Collected and Processed


    The following information of you, our Employees, as well as, without limitation, other personal data for the purposes set out in Article 2.2 and the Company PDP Policies, may be collected and processed by our Company.

Personal Data Categories Description Types of Personal Data Falling within the Category
Identity Information Information clearly belonging to an identified or identifiable natural person and contained in documents such as driver’s license, ID card, residence certificate, passport, attorney ID, marriage certificate, etc. Data containing information regarding the person’s identity; name–surname, Turkish ID number, nationality, place and date of birth, gender, workplace information, registry no., tax number, title, biography, etc., and documents such as driver’s license, professional ID, ID card and passport.
Contact Information Information clearly belonging to an identified or identifiable natural person used to contact the person Phone number, address, e-mail address, fax number, etc.
Location Information Data clearly belonging to an identified or identifiable natural person used to determine the data subject’s location E-mail address, phone number, mobile phone number, address, etc.
Education Information Information such as education, certificates, foreign languages etc. of data subjects who share their information to apply for a job within GREEN Diplomas, certificates, language certificates, etc.
Special Categories of Data Data regarding a person’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, attire, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data Blood type, medical report, illness and accident reports, criminal record, religion, body measurements.
Family Members and Relatives Information Information about the personal data subject’s family members and relatives processed to protect the legal interests of the relevant company and the data subject Identity, contact, professional and educational information regarding the data subject’s children and spouse, etc.
Transaction Security Information Personal data processed to ensure GREEN’s and relevant parties’ technical, administrative, legal and commercial security Information associating the transaction with the personal data subject and showing the person’s authority to perform the transaction (e.g., website username and password)
Financial Information Personal data within information, documents and records showing any financial result created depending on the type of legal relationship with the personal data subject Information showing the financial results of the data subject’s transactions, credit card debt, loan amount, loan payments, payable interest amount and rate, debt balance, receivable balance, bank account information, etc.
Personnel File Information Personal data forming the basis of employees’ personnel rights All information and documents legally required to be included in the personnel file (e.g., salary amount, tax form, medical report, criminal record, residence certificate, military status certificate, diploma, photograph, CV, social security premiums, payrolls, signature, etc.)
Employee Candidate Information Personal data used in the application evaluation process belonging to data subjects who share their information to apply for a job within GREEN CV, interview notes, education information, personality test results, etc.
Employee Transaction Information Personal data regarding any transaction performed by employees or related to work Employee clock-in/out records, business trips, information on attended meetings, security checks, e-mail traffic monitoring information, IP addresses, company credit card spending information, etc.
Employee Performance and Career Development Information Personal data processed for the purpose of measuring employees’ performance and planning and executing career development within the scope of HR policies Performance evaluation reports, interview results, trainings for career development, etc.
Legal Transaction and Compliance Information Personal data processed for the purpose of determination and pursuit of legal receivables and rights and fulfillment of debts and legal obligations Data contained in documents such as court and administrative authority decisions
Audit and Inspection Information Personal data processed within the scope of GREEN’s legal obligations and compliance with company policies Audit and inspection reports, related meeting records and similar records
Physical Space Security Information Personal data processed within the scope of GREEN’s legitimate interests and compliance with company policies Camera recordings
Request and Complaint Management Information Personal data regarding receiving and evaluating any kind of request or complaint addressed to GREEN All requests and complaints addressed to GREEN and related records and reports


  • Purposes of Collection and Processing of Employees’ Personal Data


    Your personal data may be processed for the purposes listed below and, without limitation, for the purposes set out in the Company PDP Policies:

  • Planning and Execution of GREEN’s Human Resources Policies and Processes

      • Managing Personnel Recruitment Processes


  • Planning and Execution of GREEN Human Resources Policies and Processes

      • Fulfilling Employment Contract and/or Statutory Obligations for GREEN Employees

      • Managing Employee Requests and Complaints

      • Planning Analyses and Improvement Activities Regarding GREEN’s Compensation Management

      • Planning and Supporting Processes for Providing Fringe Benefits and Advantages to GREEN Employees

      • Supporting Activities for Planning Compensation Management for GREEN Employees

      • Planning and Supporting Processes Regarding GREEN Employees’ Training and Career Development

      • Planning and Managing Processes to Increase GREEN Employee Satisfaction and Engagement

      • Planning and/or Execution of Intern and/or Student Supply, Placement and Operations within GREEN

      • Planning and Execution of GREEN Employees’ Access Authorizations to Information

      • Planning and Execution of Employee Satisfaction and/or Engagement Processes

      • Planning and/or Execution of Occupational Health and/or Safety Processes


  • Supporting Strategic HR Planning, Succession Processes and Organizational Development Activities

      • Managing Processes Related to GREEN Employees’ Performance Evaluations

      • GREEN’s Development and Succession Planning Activities

      • Supporting the Management of Appointment and Promotion Processes for Personnel and Managers within GREEN


  • Ensuring GREEN’s and the Related Persons’ Legal, Technical and Commercial/Business Security

      • Follow-up of Legal Affairs

      • Planning and Execution of Necessary Operational Activities to Ensure Company Activities are Carried Out in Accordance with Company Procedures and/or Relevant Legislation

      • Ensuring the Security of Company Operations

      • Providing Information to Authorized Institutions as Required by Legislation

      • Carrying Out Company and Partnership Law Transactions

      • Ensuring the Accuracy and Up-to-Date Nature of Data

      • Ensuring the Security of Company Premises

      • Planning and Execution of Company Audit Activities

      • Planning and/or Execution of Occupational Health and/or Safety Processes







  • PRINCIPLES ADOPTED FOR PROCESSING YOUR PERSONAL DATA


    GREEN informs its employees about which personal data concerning them are processed, for what purposes and reasons the data will be processed, from which sources the personal data are collected, with whom these personal data will be shared and how they will be used.


  1. Processing in Accordance with Law and the Rule of Good Faith


    In processing personal data, the principles introduced by legal regulations and the general rule of trust and good faith are observed. In this context, personal data are processed proportionately and limited to the purpose for which they are processed.


  • Ensuring that Personal Data are Accurate and, Where Necessary, Up-to-Date


    Taking into account the legitimate interests of employees, periodic checks and updates are carried out to ensure the processed data are accurate and up-to-date, and necessary measures are taken accordingly. Systems for checking the accuracy of personal data and making necessary corrections are established within the Company.


    GREEN takes necessary measures to ensure that Employees’ personal data are current. In this context, particular attention is paid to the following:



      • Personal data of employees that may change (address, phone, family/relative information, etc.) are identified.

      • Measures are taken to ensure such data can be easily viewed electronically.

      • Access to such data in electronic media is restricted so that it can be seen only by the relevant Employee and other authorized persons, not by everyone.

      • If electronic viewing is not possible, measures are taken to display such data in physical media.

      • Employees are enabled to keep such personal data up-to-date. In this context, active follow-up is carried out by HR through awareness activities.


    In addition to the above method, GREEN takes necessary measures to keep processed personal data of Employees up-to-date according to its specific circumstances.


  • Processing for Specific, Explicit and Legitimate Purposes


    Personal data are processed based on clear and definite purposes. Data are processed only to the extent necessary for these purposes. The purpose for which the data will be processed is identified before the personal data processing activity begins.


  • Being Relevant, Limited and Proportionate to the Processing Purposes


    Personal data are processed in a way suitable for achieving the specified purposes, and processing of personal data that are not related to or not needed for the purpose is avoided. In this context, GREEN has adopted the principle of processing as much personal data as necessary in line with its needs and always collects personal data from employees based on a clear and foreseeable need and ensures that the data collected are suitable for meeting such needs.


    To ensure compliance with this principle, every form and input method in which Employees enter personal data is audited. This audit is completed as soon as possible for existing forms and input methods and before they are put into use for newly created ones. As a result of the audit, parts that cause unnecessary data collection are removed from the relevant form and input method. Personal data obtained through such parts are immediately deleted, destroyed, or anonymized.


  • Storage for the Period Prescribed by Legislation or Required for the Processing Purpose


    The Company stores personal data only for the period specified in the relevant legislation or required for the purpose for which they are processed. In this context, it is first determined whether a period is stipulated in the legislation for storing personal data; if so, this period is complied with; if not, personal data are stored for as long as necessary for the processing purpose. Upon expiry of the period or elimination of the reasons requiring processing, unless there is a legal reason permitting longer processing, personal data are deleted, destroyed or anonymized in accordance with our Company’s Retention & Destruction Policy.




  • CONDITIONS FOR PROCESSING YOUR PERSONAL DATA


    The explicit consent of the personal data subject is one of the legal grounds that allow lawful processing of personal data. Apart from explicit consent, personal data may also be processed if any of the conditions below exist. A personal data processing activity may rely on only one or more than one of the conditions below. If the data processed are special categories of personal data, in addition to these rules, the conditions under the heading “Cases Where Special Categories of Personal Data May Be Processed” below shall apply.


  1. Processing Based on Employees’ Explicit Consent


    Where not based on another condition, our Employees’ personal data are processed based on explicit consent. Through this Employee Information Notice, Employees are informed about which personal data are processed, for what purposes and reasons, from which sources they are collected, with whom they will be shared and how they will be used, and their explicit consent is obtained accordingly. The manner of obtaining explicit consent is tailored to each data collection source, considering the source concerned.


  • Expressly Foreseen by Laws


    Where processing of personal data is expressly stipulated by law, the Company processes the personal data of the Employee without obtaining explicit consent.


  • Inability to Obtain the Data Subject’s Consent due to Actual Impossibility


    If processing of personal data is mandatory to protect the life or physical integrity of the Employee or another person who is unable to express consent or whose consent cannot be deemed valid due to actual impossibility, the data may be processed without the Employee’s explicit consent.


  • Being Directly Related to the Establishment or Performance of a Contract


    If processing of personal data of the parties to a contract is necessary provided that it is directly related to the establishment or performance of a contract, data may be processed.


  • Fulfillment of the Company’s Legal Obligation


    If processing is mandatory for the data controller to fulfill its legal obligations, the Employee’s data may be processed without explicit consent.


  • Personal Data Made Public by the Employee


    If the Employee has made personal data public, the data may be processed without explicit consent.


  • Processing is Mandatory for the Establishment, Exercise or Protection of a Right


    If processing is mandatory for the establishment, exercise or protection of a right, the Employee’s data may be processed without explicit consent.


  • Processing Based on Legitimate Interests


    Provided that fundamental rights and freedoms of the Employee are not harmed, if data processing is mandatory for the Company’s legitimate interests, the Employee’s data may be processed without explicit consent.




  • CASES WHERE SPECIAL CATEGORIES OF PERSONAL DATA MAY BE PROCESSED


    Some personal data are separately regulated as “special categories of personal data” and are subject to special protection due to the risk of causing victimization or discrimination if processed unlawfully.


  1. Processing Special Categories of Personal Data Based on Explicit Consent


    Special categories of personal data may be processed if the Employee gives explicit consent. If explicit consent exists, such data may be processed by taking the principles set out in the Company PDP Policies and the necessary administrative and technical measures into account, depending on the nature of the data.


  • Processing Special Categories of Personal Data without Explicit Consent


    In the absence of the Employee’s explicit consent, special categories of personal data may be processed in the following cases, provided that adequate measures to be determined by the Personal Data Protection Board (“Board”) are taken:



      1. For special categories of personal data other than those relating to the Employee’s health and sexual life, where stipulated by laws;

      1. For special categories of personal data relating to the Employee’s health and sexual life, only for purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, and by persons under the obligation of confidentiality or by authorized institutions and organizations.





  • DATA RELATING TO EMPLOYEES’ HEALTH


  1. General Approach to Processing Employees’ Health Data




      1. Not Processing Health Data Unless Necessary and Keeping Separately


        Health data are among special categories of personal data. In particular, employees’ accident and illness reports and other health data are stored separately from other personal data. When using information about days not worked or incidents/accidents involving the employee, use of health data is avoided as far as possible.



      1. Processing Health Data in Connection with, Limited to and Proportionate to the Stated Purpose


        In health surveys to be conducted with employees, GREEN ensures only truly necessary information is collected and takes care not to request unnecessary information.


        GREEN does not request that employees give a blanket consent to share all their health data with the company. Our Company may request sharing with the company only those health data genuinely deemed necessary for the stated purpose.



      1. Designation of Persons Who Will Process Health Data


        GREEN ensures that employees who will process or be authorized to process employees’ health data are informed about the relevant legislation and the confidentiality policy established.


        Employees’ health data are analyzed by persons competent to do this work. GREEN takes care to inform employees clearly about the purposes for which health data are used and who accesses such data for what purposes.



      1. Sharing and Access to Health Data


        In sharing health data, the legal obligations set for special categories of personal data are taken into account and sharing is carried out in compliance with these obligations.


        GREEN ensures that persons dealing with employees’ health data are informed and trained at regular intervals on the above matters.


        As a rule, GREEN does not make Employees’ health data available to other Employees. However, if, by law and GREEN’s legitimate interests, processing such data is mandatory for a task and related transaction, access is granted to the personnel assigned to the task, limited to fulfilling the task, by taking necessary administrative and technical measures.


        Health data that managers must necessarily know in order to fulfill their managerial roles may be disclosed to managers. GREEN managers are informed about the sensitivity of health data and the conditions for processing such data under the Law before health data are shared with them.




  • Processing Health Data Obtained from Examinations and Tests




      1. Informing Employees about the Company Policy on Processing Health Data


        GREEN pays attention to transparency of policies followed regarding processing of Employees’ health data.


        GREEN determines the conditions regarding the locations where health tests will be carried out, the nature of the tests, and how the data obtained from the tests will be used and protected. It takes care to inform Employees about these conditions.



      1. Processing Health Data of Candidates Likely to be Hired via Examinations and Tests


        GREEN may request that tests be performed on candidates likely to be hired to decide whether the candidate is suitable for the relevant job. Such tests may also be carried out to fulfill any legal obligation or to determine the type of insurance to which the prospective employee will be subject.


        GREEN determines in advance the purposes for which examinations and tests will be carried out.


        Considering its purposes, GREEN follows methods that are less intrusive to the person’s health data where possible.


        In the recruitment process, medical examination or health testing is performed only if the person has a truly high likelihood of being hired.


        At the early stages of the job application process, GREEN informs the candidate that, if the likelihood of being hired is high, a medical examination or test may be performed.



      1. Collecting Employees’ Health Data via Examinations and Tests


        Within the scope of the occupational health and safety program, GREEN may collect Employees’ health data through medical examinations and tests. Participation in examinations and tests other than those required by law is at the employee’s discretion.


        GREEN determines in advance the purposes for which examinations and tests will be carried out.


        Considering its purposes, GREEN follows methods that are less intrusive to the person’s health data. For example, instead of reviewing examination results, a health survey may be conducted to learn the employee’s health data.



      1. Not Using Samples Obtained from Examinations for Purposes other than the Stated Processing Purpose


        GREEN clearly informs Employees about the purpose for which health checks and tests are performed.


        Under no circumstances does GREEN secretly collect biometric/genetic samples (fingerprints, hair strands, etc.) belonging to an employee. Activities carried out based on legal reasons constitute an exception.






  • SPECIAL SITUATIONS IN WHICH YOUR PERSONAL DATA ARE PROCESSED


  1. Processing Employees’ Personal Data in Cases where Fringe Benefits and Advantages are Provided


    Private health insurance, life insurance, personal accident insurance, company car, private pension, flexible benefits program or similar benefits are referred to as fringe benefits and advantages under this heading.


    In sharing Employees’ personal data with third parties from whom services are received to provide fringe benefits and advantages, GREEN exercises care to share data at a minimum level. Only personal data necessary for providing the relevant fringe benefit/advantage are shared. Further, measures are taken to ensure that personal data collected within this scope are not used for another purpose.


    Before sharing, it is assessed whether the personal data to be shared with third parties are special categories of personal data.


    Employees are informed about personal data to be shared with third parties from whom services are received. In this context, which personal data of Employees are shared and for what purposes they will be used are explained to the employee.


  • Processing Employees’ Personal Data in Company Mergers and Acquisitions and Other Transactions Changing the Company Structure


    All transactions changing the company structure, including mergers and acquisitions, are covered under this section.


    1. Sharing Employees’ Personal Data for Company Structure Changes


      Where GREEN needs to share Employees’ personal data for the purpose of a change in company structure, it ensures, first and foremost, that such personal data are shared in anonymized form to the extent possible.


      For personal data that cannot be anonymized, undertakings are obtained from the counterparty that the data will be used solely for transactions relating to the change in company structure, will be protected in accordance with the Law’s data security provisions and processed in compliance with the relevant provisions of the Law, will not be transferred to third parties, and will be deleted or destroyed after completion of the relevant transactions.


    1. Providing Information


      If informing would not have any adverse effect on GREEN’s interests (for example, where learning that personal data were shared within the framework of a merger could be used by the employee to influence share prices), employees are informed about which personal data are shared and for what purpose they will be used.


      Employees are also informed as to which personal data will be transferred to their new employer as a result of a change in company structure.


  • Processing Employees’ Personal Data in Disciplinary Investigations


    GREEN must fully comply with obligations regarding protection of employees’ personal data during disciplinary investigations as well. In this scope, in particular, the following actions are taken:



      • Aligning policies and procedures concerning disciplinary investigations with obligations on protection of personal data,

      • Informing persons authorized to conduct disciplinary investigations that personal data within the scope of such investigations are also accessible under the right of employees to access their personal data,

      • Taking measures to ensure that personal data are not obtained by unlawful methods during disciplinary investigations,

      • Ensuring that personal data used during disciplinary investigations are accurate and up-to-date,

      • Storing personal data and records related to disciplinary investigations securely,

      • Ensuring that unfounded allegations about employees are deleted from employees’ files unless there is a legal reason for not deleting them.


    GREEN prevents arbitrary access to Employees’ personal data solely due to the existence of a disciplinary investigation. In this context, if accessing personal data does not comply with the purposes for which the data were obtained or is considered a disproportionate action in view of the seriousness of the investigation, employees’ personal data cannot be accessed solely due to the disciplinary investigation. Those conducting the investigation are informed by GREEN management before each investigation process about their authority to access employees’ personal data.


  • Processing Personal Data Related to Electronic Communications Performed in Connection with Employees’ Business Activities


    1. Use of Electronic Communication Tools


      Phones, faxes, e-mails, laptops, internet and similar electronic communication tools and means provided by GREEN to Employees are monitored by GREEN and personal data related to the use of such means for business activities may be processed. It is essential that employees are clearly informed about the scope and purpose of these personal data processing activities.


      If personal use of electronic communication tools is permitted, the limits of permitted personal use are determined and communicated to the employee.


      It is important that employees are aware that communications related to work may be monitored at any time and that they are informed in this regard.


    1. Processing of Personal Data Related to Use of Corporate E-mail


      GREEN may process personal data related to employees’ use of corporate e-mails. It is essential that employees are clearly informed about the scope and purpose of these processing activities. In addition, a legal assessment is necessarily conducted regarding the legal nature and scope of these processing activities.


    1. Processing of Personal Data Related to Internet Use


      GREEN may impose restrictions on internet use at the workplace and monitor compliance with such restrictions.


      In processing personal data related to internet use, GREEN clearly informs its Employees about the personal data processing activities carried out within this scope.


      If monitoring internet use is required to fulfill a legal obligation, or if the relevant data processing meets another condition specified in the Law, explicit consent from Employees is not required. However, if such personal data are processed for purposes other than the non-consent-based legal grounds specified in the Law, explicit consent is obtained from the Employee.


    1. Retention Period of Personal Data Processed in Relation to Electronic Communication Transactions


      GREEN determines which of the personal data related to electronic communications performed in connection with employees’ business activities will be retained and the procedures regarding their retention period.


      Unless there is another obligation arising from legislation, personal data processed for the purposes specified in this Employee Information Notice and the Company PDP Policies may be retained during the term of the employment contract and, following termination, for the statute of limitation period required by the potential legal dispute depending on the nature of the activity carried out. Considering legal regulations permitting retention of these data, the retention period is reviewed. This period may be extended in exceptional circumstances. In the event of an extension, employees are informed about the extension period, the justification and the types of personal data retained.





  • TRANSFER OF YOUR PERSONAL DATA TO THIRD PARTIES


    Your personal data and special categories of personal data may be transferred to third parties in line with the purposes of processing, by taking necessary security measures.


  1. Transfer of Your Personal Data


    Personal data may be transferred to third parties in line with the purposes of processing if you, our Employee, have given explicit consent.


    In the absence of explicit consent, personal data may be transferred to third parties in the following cases:



      • Where there is an explicit provision in laws regarding the transfer of personal data,

      • Where it is mandatory for the protection of the life or physical integrity of the employee or another person and the personal data subject is unable to express consent due to actual impossibility or consent cannot be deemed valid,

      • Where it is necessary to transfer personal data of the parties to a contract, provided that it is directly related to the establishment or performance of the contract,

      • Where transfer of personal data is mandatory for the Company to fulfill a legal obligation,

      • If personal data have been made public by the Employee,

      • Where transfer of personal data is mandatory for the establishment, exercise or protection of a right,

      • Provided that the fundamental rights and freedoms of the Employee are not harmed, where transfer is mandatory for the Company’s legitimate interests.



  • Transfer of Your Special Categories of Personal Data


    Your special categories of personal data may be transferred to third parties in the following cases:



      • If the Employee has given explicit consent, or

      • If the Employee has not given explicit consent;


        • For special categories of personal data other than those relating to the Employee’s health and sexual life (race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, attire, association, foundation or union membership, data regarding criminal conviction and security measures, and biometric and genetic data), where stipulated by laws,

        • Special categories of personal data relating to the Employee’s health and sexual life may be transferred only to be processed by persons under the obligation of confidentiality or authorized institutions and organizations for purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, and planning and management of health services and financing.




  • Third Parties to Whom Personal Data are Transferred and Purposes of Transfer


    In accordance with Articles 8 and 9 of the Law, as GREEN, we may transfer our Employees’ personal data to the following categories of persons:



      1. GREEN business and solution partners,

      1. GREEN suppliers,

      1. GREEN shareholders, authorized persons, employees,

      1. Legally authorized public institutions and organizations,

      1. Legally authorized private legal entities,

      1. Other third parties in accordance with the conditions for data transfer.


    The scope of the persons indicated above and the purposes of data transfer are set out below; in transfers carried out by GREEN, matters related to data security stipulated in Section 7 of the Company PDP Policy are observed.

Persons to Whom Data May Be Transferred Description Purpose of Transfer
GREEN Business and Solution Partners Parties with whom a business partnership is established to obtain support for the sale, promotion and marketing of GREEN products and services, accounting, finance, recruitment & human resources, and legal matters; GREEN’s main contractor within subcontracting relationships; GREEN branches. Limited to ensuring fulfillment of the purposes for which the business/solution partnership is established.
GREEN Suppliers Parties that provide services to GREEN on a contractual basis in line with GREEN’s instructions while GREEN conducts its commercial activities. Limited to enabling the provision to GREEN of services procured from the supplier on an outsourced basis and necessary for carrying out GREEN’s commercial activities.
GREEN Shareholders, Authorized Persons, Employees Our shareholders and employees authorized, under the provisions of relevant legislation, to design strategies and audit activities regarding GREEN’s commercial activities. Limited to designing strategies and audit purposes regarding GREEN’s commercial activities in accordance with relevant legislation.
Legally Authorized Public Institutions and Organizations Public institutions and organizations authorized to obtain information and documents from GREEN under relevant legislation Limited to the purpose requested within the legal authority of the relevant public institutions and organizations
Legally Authorized Private Legal Entities Private legal entities authorized to obtain information and documents from GREEN under relevant legislation Limited to the purpose requested within the legal authority of the relevant private legal entities





  • TRANSFER OF YOUR PERSONAL DATA ABROAD


    Personal data may be transferred to foreign countries declared by the Board to have adequate protection, or, where adequate protection is not present, to foreign countries where the data controllers in Turkey and the relevant foreign country undertake to provide adequate protection in writing and the Board’s permission is obtained.


  1. Transfer of Personal Data Abroad


    Personal data may be transferred abroad if the Employee has given explicit consent or, in the absence of explicit consent, if one of the following conditions exists:



      • Where there is an explicit provision in laws regarding the transfer of personal data,

      • Where it is mandatory for the protection of the life or physical integrity of the employee or another person and the personal data subject is unable to express consent due to actual impossibility or consent cannot be deemed valid,

      • Where it is necessary to transfer personal data of the parties to a contract, provided that it is directly related to the establishment or performance of the contract,

      • Where transfer of personal data is mandatory for the Company to fulfill a legal obligation,

      • If personal data have been made public by the Employee,

      • Where transfer of personal data is mandatory for the establishment, exercise or protection of a right,

      • Provided that the fundamental rights and freedoms of the Employee are not harmed, where transfer is mandatory for the Company’s legitimate interests.



  • Transfer of Special Categories of Personal Data Abroad


    Special categories of personal data may be transferred abroad in the following cases:



      • If the Employee has given explicit consent, or

      • If the Employee has not given explicit consent;


        • For special categories of personal data other than those relating to the Employee’s health and sexual life (race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, attire, association, foundation or union membership, data regarding criminal conviction and security measures, and biometric and genetic data), where stipulated by laws,

        • Special categories of personal data relating to the Employee’s health and sexual life may be transferred only to be processed by persons under the obligation of confidentiality or authorized institutions and organizations for purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, and planning and management of health services and financing.






  • RETENTION PERIODS FOR YOUR PERSONAL DATA


    The procedures and principles regarding retention and destruction of personal data are regulated in the Personal Data Retention and Destruction Policy. When determining the retention period, obligations arising from legal regulations are taken into consideration. Apart from legal regulations, the retention period is determined by considering the purposes of processing personal data. Personal data of our Employees are processed and retained in compliance with the Labour Law No. 4857 Article 75, the Social Insurance and General Health Insurance Law No. 5510, the Occupational Health and Safety Law No. 6331 and other relevant legislation, during the term of the Employee’s employment contract and for 10 years following termination, and for other statute of limitation periods required by potential legal disputes depending on the nature of the activity carried out. If the purpose of data processing ceases, unless there is another legal reason or basis enabling retention, the data are deleted, destroyed or anonymized.


    If the purpose of processing personal data has ended and the retention periods set by the relevant legislation and the Company have also expired, personal data may only be retained for the purpose of serving as evidence in possible legal disputes or for asserting a right dependent on personal data or establishing a defense.


    In establishing such periods, limitation periods for asserting the mentioned right and examples of previous requests made to the Company on the same issues despite expiration of limitation periods are taken as basis. In this case, the personal data retained are not accessed for any other purpose, and access is provided only when necessary in the relevant legal dispute. After the mentioned period ends here as well, personal data are deleted, destroyed, or anonymized.


  • SECURITY OF YOUR PERSONAL DATA


    The procedures and principles regarding the security of your personal data are regulated in the Company PDP Policies. Reasonable measures are taken to prevent unauthorized access risks, accidental data loss, intentional deletion of data or damage to data in order to ensure the security of personal data. All necessary technical and physical measures are taken to prevent access to personal data by persons other than those authorized to access them. In this context, in particular, the authorization system is designed so that no one can access more personal data than necessary. Stricter measures than those for other personal data are taken when ensuring the security of special categories of personal data such as health data. Authorized persons undergo necessary security checks. In addition, these persons are trained regarding their duties and responsibilities.


    Access logs for personal data are kept to the extent allowed by technical means and are reviewed at regular intervals. An investigation is initiated immediately in case of unauthorized access.


    GREEN employees who process personal data comply with the following obligations to ensure the security of processed data:



      • Acting lawfully and in good faith regarding protection of personal data,

      • Processing personal data accurately, fully and completely,

      • Carrying out necessary work to update personal data that have lost currency,

      • Informing the relevant manager when detecting any unlawfulness in personal data processing,

      • Providing necessary guidance for exercising legal rights related to personal data.



  • SPECIAL RULES REGARDING HEALTH DATA PROCESSED AND COLLECTED




      1. Separate Storage of Health Data and Employees Authorized to Process Health Data


        To the extent company capabilities allow, health data are stored separately from other personal data to protect against unauthorized access and to provide higher security. The Company pays attention to processing health data in the narrowest possible scope. Where health data must be processed, persons authorized to perform such processing are informed so that they understand the sensitivity of such data and take necessary care.



      1. Treatment of Health Data as Special Categories of Personal Data


        Employees’ health data are considered special categories of personal data. All measures applied for special categories of personal data are also applied to health data.



      1. Access to Health Data


        Access to health data may be provided only by Company employees authorized in this regard and only when necessary. In addition, managers may be informed of health data to the extent necessary to fulfill their managerial roles.




  • OUR EMPLOYEES’ LEGAL RIGHTS AND METHODS OF EXERCISING THEM


  1. Legal Rights Regarding Personal Data


    Employees may exercise the following legal rights regarding their personal data:



      1. To learn whether personal data are processed,

      1. If personal data have been processed, to request information regarding this,

      1. To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

      1. To know the third parties in Turkey or abroad to whom personal data are transferred,

      1. If personal data are processed incompletely or inaccurately, to request their correction,

      1. To request deletion or destruction of personal data within the framework of the conditions stipulated in the relevant legislation,

      1. To request notification to third parties to whom personal data have been transferred regarding the actions carried out pursuant to subparagraphs (e) and (f),

      1. To object to the emergence of a result against the person by analyzing processed data exclusively through automated systems,

      1. To request compensation for damage arising from unlawful processing of personal data.



  • Principles Regarding the Exercise of Legal Rights Related to Personal Data


    Our Employees may submit their requests regarding the rights listed in Section 13.1 (“Legal Rights Regarding Personal Data”) to our Company by the methods determined by the Board. In this respect, they may use the “GREEN Data Subject Application Form” given in Annex-1 of this Employee Information Notice. Respectfully submitted for your information.


    I have read and understood the matters set out in this Employee Information Notice and confirm that a copy of this Employee Information Notice has been given to me.




ANNEX-1 APPLICATION FORM FOR EXERCISING RIGHTS UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA NO. 6698

In order for your request within the scope of the Law on the Protection of Personal Data No. 6698 to be fulfilled, please complete the following application form in full and submit it:

    • If you will submit the application form by post: send the wet-signed version together with a notarized copy of your Turkish ID to the address of Green Chemicals Kimyasal Maddeler Sanayi Ticaret Anonim Şirketi by post; or

    • If you will submit the application form by using one of a registered e-mail (KEP) address, secure electronic signature, mobile signature, or the e-mail address previously notified to Green Chemicals Kimyasal Maddeler Sanayi Ticaret Anonim Şirketi and registered in its system, you may send it to kvkk@green-chemicals.com.

IDENTITY AND CONTACT INFORMATION OF THE PERSONAL DATA SUBJECT (AND, IF ANY, THE REPRESENTATIVE)

Name – Surname: (*)

(If any) Representative’s Name – Surname: (*)

Turkish ID No.:

(If any) Representative’s Turkish ID No.:

Phone Number: (*)

Address: (**)

E-mail Address (***):

Other E-mail (****)

(*): Mandatory fields to be completed in this table.

(**): Mandatory for applications made by post.

(***): To apply by regular e-mail, the e-mail address previously notified to Green Chemicals Kimyasal Maddeler Sanayi Ticaret Anonim Şirketi and registered in its system must be used.

(****): Refers to registered e-mail (KEP) address, secure electronic signature and mobile signature.

INFORMATION ABOUT THE DATA CONTROLLER

The personal data you have provided to us above are processed solely for the purposes of evaluating and concluding this Application Form and contacting you.

Company to Which I Wish to Apply

My Relationship with Your Company ☐ Business Partner

☐ Supplier

☐ Employee
Related Department:

☐ Former Employee
Years Worked:

☐ Employee Candidate
Date:

☐ Third-Party Company Employee
Company and ☐ Other

MY REQUEST UNDER THE LAW ON THE PROTECTION OF PERSONAL DATA

If the personal data subject submits his/her request to Green Chemicals Kimyasal Maddeler Sanayi Ticaret Anonim Şirketi in accordance with the Law on the Protection of Personal Data No. 6698 and secondary legislation, the Green Chemicals Kimyasal Maddeler Sanayi Ticaret Anonim Şirketi Information Notices and this application form, Green Chemicals Kimyasal Maddeler Sanayi Ticaret Anonim Şirketi will conclude the request within thirty days at the latest, depending on the nature of the request. Green Chemicals Kimyasal Maddeler Sanayi Ticaret Anonim Şirketi may request information and documents from the relevant person in order to determine whether the applicant is the personal data subject.

FINALIZATION OF THE DATA SUBJECT’S REQUEST

Depending on its nature, your request will be answered as soon as possible and at the latest within thirty (30) days following the date it reaches us under the KVKK. Our responses and evaluations will be communicated to you in writing or electronically, according to your choice indicated in this Application Form, pursuant to Article 13 of the KVKK.

If you have a priority preference for delivery of the application result by post or e-mail, please indicate below (please select only one method):

☐ I want it to be sent to my address.

☐ I want it to be sent to my e-mail address.

☐ I want to receive it in person. (In case of receipt by proxy, a notarized power of attorney or letter of authorization is required.)

Your requests will be concluded free of charge by Green Chemicals Kimyasal Maddeler Sanayi Ticaret Anonim Şirketi; however, if the response process entails an additional cost, a fee may be charged in the amounts determined within the framework of the relevant legislation.

DECLARATION AS DATA SUBJECT (RELEVANT PERSON) / REPRESENTATIVE

I hereby declare that I am legally authorized to make this application as the “Data Subject” or the “legal representative of the Data Subject”; that the information and documents in the application are current and accurate; and that I have not provided any unlawful, incorrect or misleading information.

I accept that, in case of an unauthorized application, I may cause unlawful or unjust sharing of information regarding personal data upon my application and that I will be responsible, as the applicant, for any damages that may arise to your Company and the relevant persons.

Personal Data Subject (Relevant Person) / Person Applying on Behalf of the Personal Data Subject (Relevant Person)

Name – Surname:

Application Date:

Signature:

PERSONS APPLYING ON BEHALF OF THE PERSONAL DATA SUBJECT (RELEVANT PERSON):

In applications to be made by third parties on behalf of the data subject, a notarized special power of attorney must be sent to us together with this Application Form; in applications to be made on behalf of children under custody/guardianship, a copy of the documents proving the custody/guardianship relationship must be sent along with this Application Form.

IMPORTANT EXPLANATIONS REGARDING THE DATA SUBJECT APPLICATION FORM AND RIGHT TO APPLY:

1. The Data Subject’s Right to Apply

Article 11 of the Law on the Protection of Personal Data (“KVKK”) regulates that personal data subjects may make requests on the following matters:

    • To learn whether personal data are processed,

    • If personal data have been processed, to request information regarding this,

    • To learn the purpose of processing personal data and whether they are used in accordance with their purpose,

    • To know the third parties in Turkey or abroad to whom personal data are transferred,

    • If personal data are processed incompletely or inaccurately, to request their correction,

    • To request deletion, destruction or anonymization of personal data in case the reasons requiring processing cease to exist, although they have been processed in accordance with the KVKK and other relevant laws,

    • To request notification to third parties to whom personal data have been transferred regarding correction, deletion, destruction or anonymization,

    • To object to a result against the person arising from analyzing the processed data exclusively through automated systems,

    • To request compensation for damage in case of damage due to unlawful processing of personal data.

Exceptions to the Right to Apply

Pursuant to Article 28 of the KVKK, personal data subjects will not be able to assert their rights on the following matters:

    • Processing personal data for purposes such as research, planning and statistics, by anonymizing them with official statistics,

    • Processing personal data for artistic, historical, literary or scientific purposes, or within the scope of freedom of expression, provided that such processing does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights, and does not constitute a crime,

    • Processing personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order and economic security,

    • Processing personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings. Pursuant to Article 28/2 of the KVKK, except for the right to request compensation for damage, personal data subjects will not be able to assert their rights in the following cases:

    • Where processing of personal data is necessary to prevent the commission of a crime or for criminal investigation,

    • Processing of personal data made public by the personal data subject,

    • Where processing of personal data is necessary for the performance of supervisory or regulatory duties by public institutions and organizations and professional organizations in the nature of public institutions, based on the authority granted by law, as well as for disciplinary investigation or prosecution,

    • Where processing of personal data is necessary for protection of the state’s economic and financial interests relating to budget, tax and financial matters.



"""
path = "/mnt/data/green_kvkk_employee_notice_en.html"
with open(path, "w", encoding="utf-8") as f:
f.write(content)
path