LEGAL DOCUMENTS

CAMERA RECORDING DISCLOSURE

CAMERA RECORDING DISCLOSURE TEXT

  1. Data Controller

This Disclosure Text outlines the principles regarding the processing of your personal data by the data controller Galata Wind Enerji Anonim Şirketi (“Company”), located at “Burhaniye Mahallesi Kısıklı Cad. No:65/1 Üsküdar/İstanbul,” in compliance with the Law on the Protection of Personal Data No. 6698 (“Law”) and related regulations.

 

  1. Purpose of Processing Your Personal Data

Your personal data collected will be processed in accordance with the fundamental principles stipulated under the Law to ensure physical security within the building and workplace, the security of the operations of the data controller, and to safeguard the legal, technical, and commercial-business security of the Company and the individuals with whom the Company has business relations.

 

  1. Recipients of Your Personal Data and Purposes of Transfer

Your personal data collected may be transferred, in compliance with the fundamental principles outlined in the Law and through the data transfer methods specified under Articles 8 and 9 of the Law, to our business partners, suppliers, and legally authorized public institutions upon request/necessity.

 

  1. Method and Legal Basis for Collecting Your Personal Data

Your personal data is collected via automatic means through closed-circuit cameras in physical spaces for the purposes explained above. The legal basis for this processing is grounded in Article 5/2(f) of the Law, which states: “It is necessary for the processing of data for the legitimate interests of the data controller, provided that such processing does not harm the fundamental rights and freedoms of the data subject.”

 

  1. Application Methods to the Data Controller and Your Rights

Pursuant to Article 11 of the Law, you have the right to request from our Company:


a) to learn whether your personal data is processed,
b) to request information if it has been processed,
c) to learn the purpose of processing and whether it is used in accordance with its purpose,
d) to know the third parties to whom it is transferred domestically/internationally,
e) to request correction if it is incomplete or incorrect,
f) to request deletion/destruction within the framework of the conditions specified under Article 7 of the Law,
g) to request notification of the actions taken under (e) and (f) to third parties to whom the data is transferred,
h) to object to the emergence of a result against you due to analysis solely by automated systems,
i) to demand compensation for damages incurred as a result of unlawful processing.

 

You may submit your requests and inquiries regarding your above-mentioned rights to our Company in accordance with the "Communiqué on the Procedures and Principles of Application to the Data Controller.” Applications can also be submitted via mail to the address “Burhaniye Mahallesi Kısıklı Cad. No:65/1 Üsküdar/İstanbul” or via email to [email protected].

Our Company will conclude your requests free of charge within the shortest time possible and no later than thirty days, depending on the nature of the request. However, a fee may be charged for subsequent requests concerning the same subject or if the initial request requires additional costs. Our Company may accept and process the request or reject it in writing with an explanation.

 

In cases where the application is rejected, the response is deemed insufficient, or the application is not answered within the prescribed time, you have the right to file a complaint with the Personal Data Protection Board (“Board”) within thirty days of notification of the response or within sixty days from the date of application, in any case. However, the complaint path cannot be pursued without exhausting the application procedure.

 

The Board may conduct necessary investigations on matters within its jurisdiction upon a complaint or upon learning of a violation. The Board will respond to the request upon examination. If the request is not answered within sixty days, it will be deemed rejected. Following the investigation, if a violation is determined, the Board may require the data controller to rectify the identified unlawful acts and notify the relevant parties. Such decisions must be implemented immediately and within a maximum of thirty days from notification. In cases of irreparable or impossible damages and clear illegality, the Board may decide to halt the processing or transfer of data abroad.

We emphasize that your data is meticulously safeguarded by our Company and thank you for the trust you place in us.