Linkedin
contact us

Privacy Policy

ENTRY

Article 20 of the Constitution of the Republic of Turkey and the Personal Data Protection Law No. 6698 (KVKK) essentially stipulate that everyone has the right to request the protection of their personal data. This right includes the right to be informed about personal data concerning oneself, to access such data, to request its correction and/or deletion, and to learn whether it is being used for its intended purposes.

Article 20 of the Constitution of the Republic of Turkey and the Personal Data Protection Law No. 6698 regulate the obligations of natural and legal persons processing personal data and the procedures and principles for protecting the fundamental rights and freedoms of individuals in the processing of personal data.

PURPOSE

The Personal Data Protection and Processing Policy (Policy) of Rönesans Çelik Yapı ve Sanayi A.Ş. (Rönesans Çelik) has been prepared with the aim of protecting individuals’ fundamental rights and freedoms, particularly the privacy of private life, in the processing of personal data, and to regulate the procedures and principles that natural and legal persons processing personal data shall comply with.

The Policy aims to ensure that the activities carried out by Rönesans Çelik are conducted and developed in accordance with the principles set out in the Personal Data Protection Law and to inform the owners of personal data.

Contact Us

Data subjects whose personal data is processed within the scope of this Policy are categorized as follows:

 

– Employees: Real persons who have an ongoing employment relationship with Rönesans Çelik.

 

– Job Applicants: Real persons who have applied for a job at Rönesans Çelik or who have made their resume and relevant information available to Rönesans Çelik by any means.

 

– Former Employees: Individuals whose employment relationship with Rönesans Çelik has ended.

 

– Visitors: Individuals who have entered Rönesans Çelik’s physical facilities for various purposes or who have visited its websites.

 

– Third Parties: Other individuals, including but not limited to family members, whose personal data is processed within the scope of this Policy, even though they are not defined in the Policy.

The definitions used in this Policy are listed below:

 

Explicit Consent: Consent that is specific to a particular matter, based on information provided, and freely given.

 

Anonymization: The process of rendering personal data unidentifiable, such that it cannot be associated with any identifiable or identifiable natural person, even when combined with other data.

 

Application Form: The form that personal data subjects whose personal data is processed within Rönesans Çelik will use when applying for their rights as explained in Article 11 of the Personal Data Protection Law.

 

Employee: Real persons who work for Rönesans Çelik on a dependent basis for a fixed or indefinite period.

 

Job Applicant: Natural persons who apply for a job at Rönesans Çelik or make their resume and relevant information accessible to Rönesans Çelik by any means.

 

Personal Health Data: Any health information relating to a specific or identifiable natural person.

 

Personal Data: Any information relating to a specific or identifiable natural person.

 

Processing of Personal Data: Any operation performed on data, such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, acquiring, making available, classifying, or preventing the use of personal data, whether fully or partially automated or non-automated, provided that it is part of a data recording system.

 

KVK Law: Law No. 6698 on the Protection of Personal Data.

 

KVK Board: Personal Data Protection Board.

 

KVK Institution: Personal Data Protection Institution.

 

Special Category Personal Data: Data related to a person’s race, ethnic origin, political opinion, philosophical belief, religion, sect, or other beliefs, attire, membership in associations, foundations, or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.

 

Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.

 

Data Subject: A natural person whose personal data is processed, referred to as the “relevant person” in the KVK Law.

 

Data Controller: A natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

 

Visitor: Natural persons who have entered the physical facilities of Rönesans Çelik for various purposes or who visit its websites.

Pursuant to Article 3 of the KVK Law, any operation performed on personal data, such as the collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or restriction of use of such data, whether fully or partially automated or non-automated provided it forms part of a data recording system, falls within the scope of the processing of personal data.

 

The following principles must be adhered to when processing personal data:

 

Compliance with the law and principles of fairness: Our company processes personal data in accordance with the Constitution, the Personal Data Protection Law, and related legislation, ensuring that all processing activities comply with the law and principles of fairness.

 

Accuracy and, where necessary, timeliness: While processing personal data, our company takes all administrative and technical measures to ensure the accuracy and timeliness of personal data.

 

Processing for specific, explicit, and legitimate purposes: Before commencing the processing of personal data, our company clearly and definitively determines the legitimate purpose of processing personal data.

 

Processing that is relevant, limited, and proportionate to the purpose: Our company processes personal data only to the extent necessary to achieve the specified purposes. Data processing activities are not carried out on the assumption that the data may be used later.

 

Retention for the period required by the relevant legislation or necessary for the purpose for which they are processed: Our company stores personal data only for the period required by the Personal Data Protection Law and relevant legislation or necessary for the purposes of data processing.

 

Our company may process personal data and special category personal data with the explicit consent of the data subject or, in the cases specified in Articles 5 and 6 of the Personal Data Protection Law, without explicit consent.

 

6.1. Processing of Personal Data

As a rule, our company processes your personal data based on your explicit consent. However, it carries out personal data processing activities without requiring your explicit consent, in accordance with the data processing conditions specified in Article 5 of the Personal Data Protection Law:

It is expressly provided for by law.

It is necessary to protect the life or physical integrity of the person who is unable to express consent due to actual impossibility or whose consent is not legally valid, or of another person.

It is necessary for the establishment or performance of a contract, provided that it is directly related to the contract and the processing of personal data belonging to the parties to the contract.

It is necessary for our company to fulfill its legal obligations.

It has been made public by the personal data owner.

Data processing is necessary for the establishment, exercise, or protection of a right.

It is necessary for our company’s legitimate interests, provided that it does not harm the fundamental rights and freedoms of the personal data owner.

 

6.2. Processing of Special Category Personal Data:

Our company processes personal data specified as sensitive in accordance with the data processing conditions set forth in Article 6 of the Personal Data Protection Law. Furthermore, it is mandatory to take the necessary precautions determined by the Personal Data Protection Board when processing sensitive personal data.

The processing of special category personal data without the explicit consent of the data subject is prohibited. However, special category personal data may be processed without the explicit consent of the data subject in the following circumstances:

 

– Processing of Personal Health Data: Personal health data may be processed under the following conditions, provided that (i) sufficient measures are taken as prescribed by the Ministry of Health, (ii) general principles are complied with, and (iii) confidentiality obligations are observed:

  • The written consent of the data subject.
  • Protection of public health.
  • Preventive medicine.
  • Provision of medical diagnosis, treatment, and care services.
  • Planning and management of health services and their financing.

 

– Processing of Special Category Personal Data Other Than Health and Sexual Life Data: Data falling within this scope may be processed with the explicit consent of the data subject or in cases provided for by law.

Our company takes all necessary technical and administrative measures to ensure an appropriate level of security to prevent the unlawful processing and access of personal data it processes and to ensure the protection of personal data, in accordance with Article 12 of the Personal Data Protection Law.

 

7.1. Technical Measures Taken to Ensure the Lawful Processing of Personal Data and Prevent Unlawful Access

– Renaissance Steel has taken all necessary technical security measures to protect your personal data and safeguards your personal data against potential risks.

– Technical measures are taken in line with technological developments, and the measures taken are periodically updated and audited.

– Software and hardware including virus protection systems and firewalls are in place.

– Systems in line with technological developments are used to store personal data in secure environments.

 

7.2. Administrative Measures Taken to Ensure the Lawful Processing of Personal Data and Prevent Unlawful Access

– Company employees are trained and made aware of the Personal Data Protection Law.

– Employees are informed that they cannot disclose the personal data they learn to others in violation of the provisions of the Law, cannot use it for purposes other than processing, and that this obligation will continue even after they leave their jobs. Accordingly, the necessary commitments are obtained from employees.

 

7.3. Measures to Be Taken in the Event of Disclosure of Personal Data by Illegal Means

If personal data processed is obtained by others through unlawful means despite the necessary security measures taken, our Company will notify the relevant data subject and the Personal Data Protection Board of this situation as soon as possible.

8.1. Purposes of Processing Personal Data

Personal data is processed by our company for the purposes listed below:

 

– Planning and execution of commercial activities,
– Planning, monitoring, and execution of occupational health and safety processes,
– Providing information to authorized institutions and organizations as required by law,
– Managing the recruitment processes of job candidates,
– Fulfilling the obligations arising from employment contracts and legislation for company employees,
– Execution/monitoring of financial reporting and risk management operations,
– Execution/monitoring of legal affairs and transactions,
– Planning and execution of necessary audit activities to ensure that operations are conducted in accordance with our Company’s procedures and relevant legislation,
– Planning and execution of corporate sustainability activities,
– Carrying out activities aimed at protecting our Company’s reputation,
– Planning and execution of corporate governance and -communication activities,
– Creation and tracking of visitor records.

 

8.2. Retention Periods for Personal Data

Our company determines whether the relevant legislation stipulates a period for the storage of personal data. If a period is stipulated in the relevant legislation, it complies with this period; if no period is stipulated, it retains personal data for as long as necessary for the purpose for which it was processed. Personal data may only be retained if the purpose of processing has ended and the retention periods specified in the relevant legislation and/or determined by our Company have expired, for the purpose of serving as evidence in potential legal disputes, asserting rights related to personal data, or establishing a defense. Our Company does not retain personal data based on the possibility of future use.

Pursuant to Article 7 of the KVK Law, even if personal data has been processed in accordance with the relevant legislation, if the reasons requiring its processing cease to exist, the personal data shall be deleted, destroyed, or anonymized by our Company either automatically or upon the request of the personal data owner.

 

The procedures and principles regarding this matter shall be carried out in accordance with the Personal Data Protection Law and the Regulation on the Deletion, Destruction, or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017, and numbered 30224.

 

When you apply to our Company requesting the deletion or destruction of your personal data; If all conditions for processing personal data have ceased to exist; your personal data subject to the request will be deleted, destroyed, or anonymized. Your request will be finalized within thirty days at the latest, and you will be informed accordingly.

 

If all conditions for processing personal data have not ceased to exist, your request may be rejected with an explanation of the reasons in accordance with Article 13, Paragraph 3 of the KVK Law, and the rejection response will be communicated to you in writing or electronically within 30 days at the latest.

 

9.1. Techniques for Deleting and Destroying Personal Data
Deleting personal data is the process of rendering personal data inaccessible and unusable for relevant users. Destroying personal data is rendering personal data unusable by anyone.

 

9.2. Techniques for Anonymizing Personal Data
This refers to rendering personal data incapable of being associated with any identifiable or identifiable natural person, even when matched with other data.

The procedures and principles applicable to the transfer of personal data are regulated in Articles 8 and 9 of the Personal Data Protection Law, and the personal data and special category personal data of the data subject may be transferred to third parties within and outside the country. Your personal data may be processed by Rönesans Çelik in accordance with the Law and other legislation to ensure legal, technical, and commercial business security and to continue operations, and may be shared with legally authorized public institutions and organizations and legally authorized private entities, without being limited to those listed.

 

10.1. Transfer of Personal Data Within the Country

In accordance with Article 8 of the KVK Law, the transfer of personal data within the country shall be possible provided that one of the conditions specified in Section 6 of this Policy titled “Conditions for Processing Personal Data” is met.

 

10.2. Transfer of Personal Data Abroad

In accordance with Article 9 of the KVK Law, in the event of the transfer of personal data abroad, in addition to the conditions for domestic transfers being met, one of the following conditions must be met:

 

– The country to which the transfer will be made must be among the countries declared by the KVK Board to have adequate protection.

 

– If the country to which the transfer will be made does not provide adequate protection, the data controllers in Turkey and the relevant foreign country must commit in writing to provide adequate protection, and the permission of the KVK Board must be obtained.

 

10.3. Groups of Persons to Whom Our Company Transfers Personal Data

– Public Institutions and Organizations: Public institutions and organizations authorized to receive information and documents from our Company in accordance with the provisions of the relevant legislation. Limited to the purpose requested within the framework of the legal authority of the relevant public institutions and organizations.

– Legally Authorized Private Legal Entities: Private legal entities authorized to receive information and documents from our Company in accordance with the provisions of the relevant legislation. Limited to the purpose requested within the legal authority of the relevant private legal entities.

In accordance with Article 10 of the KVK Law, personal data subjects must be informed during the collection of personal data. In this context, our Company fulfills its obligation to provide information on the following matters:

 

  • The title of our Company as the data controller.
  • The purpose for which personal data will be processed.
  • To whom and for what purpose the processed personal data may be transferred.
  • The method and legal basis for collecting personal data.
  • The rights of the personal data subject as specified in Section 12.1 of this Policy titled “Right to Apply.”

In accordance with Article 13 of the KVK Law, the evaluation of the rights of personal data owners and the provision of necessary information to personal data owners is carried out through this Policy as well as the Application Form available at www.ronesanscelik.com.tr. Data subjects may submit their complaints or requests regarding the processing of their personal data to us in accordance with the principles specified in the relevant form.

 

12.1. Right to Apply
Pursuant to Article 11 of the KVK Law, everyone may make requests regarding the following matters:

 

– Learning whether their personal data has been processed.
– Requesting information regarding the processing of their personal data.
– Learning the purpose of the processing of their personal data and whether it is being used for its intended purpose.
– To learn about third parties to whom their personal data has been transferred within or outside the country.
– To request the correction of their personal data if it has been processed incompletely or incorrectly, and to request that the third parties to whom the personal data has been transferred be notified of this action.
– Request the deletion, destruction, or anonymization of your personal data if the reasons for processing them no longer exist, and request that this action be communicated to third parties to whom your personal data has been transferred.
– Object to a result detrimental to the data subject arising from the analysis of processed data exclusively through automated systems.
– To request compensation for any damage suffered as a result of the unlawful processing of their personal data.

 

12.2. Situations Excluded from the Scope of the Right to Apply (Exceptions)
Pursuant to Article 28 of the KVK Law, data subjects shall not be able to assert their rights in the following cases:

 

– Processing of personal data by natural persons solely for activities related to themselves or family members living in the same household, provided that such data is not disclosed to third parties and obligations regarding data security are complied with.
– Processing of personal data for purposes such as research, planning, and statistics by rendering it anonymous through official statistics.
– Processing of personal data for artistic, historical, literary, or scientific purposes, or within the scope of freedom of expression, provided that it does not violate national defense, national security, public safety, public order, economic security, privacy, or personal rights, or constitute a crime.
– Processing of personal data within the scope of preventive, protective, and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order, or economic security.
– Processing of personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial, or enforcement proceedings.

 

Pursuant to Article 28, Paragraph 2 of the KVK Law, data subjects shall not be able to assert their rights as personal data subjects, except for the right to request compensation for damages:

 

– Where the processing of personal data is necessary for the prevention of a crime or for a criminal investigation.
– Where the processing concerns personal data that has been made public by the data subject themselves.
– Where the processing of personal data is necessary for the performance of supervisory or regulatory tasks by public institutions and organizations authorized by law, or by professional organizations with public institution status, or for disciplinary investigations or prosecutions.
– Where the processing of personal data is necessary for the protection of the economic and financial interests of the State in relation to budget, tax, and financial matters.

 

12.3. Response Procedure
In accordance with Article 13 of the KVK Law, our Company will respond to requests made by the personal data owner free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. Pursuant to Article 13 of the KVK Law, your request must be submitted to our Company in writing or by other methods determined by the KVK Board.

 

The data subject’s request may be rejected in the following circumstances:

– If it infringes on the rights and freedoms of others.
– If it requires disproportionate effort.
– If the information is publicly available.
– If it jeopardizes the privacy of others.
– If any of the circumstances excluded under the KVK Law apply.

13.1. Customer Entries and Exits When Visiting the Company

Personal data processing activities are carried out to track the entries and exits of guests visiting our company. The first and last names of individuals visiting our company are obtained, and such data is processed solely for this purpose and recorded in a physical environment.

 

13.2. Website Visitors

The internet activities on the website are recorded in order to display customized content to visitors of our company’s website so that they can achieve their visit objectives appropriately and to engage in online advertising activities.

 

13.3. KVK Project Team
Rönesans Çelik makes the necessary appointments within the company to implement the matters specified in this Policy in order to fulfill its obligations under the KVK Law and establishes procedures accordingly. Rönesans Çelik has formed a Project Team to manage this Policy and the procedures associated with this Policy within the scope of the KVK Law. The Project Team is responsible for distributing the necessary tasks to increase internal awareness within the Company, following up on audits to be conducted, taking the necessary actions to resolve applications from relevant persons, managing relations with the KVK Authority, etc.

This Policy may be revised by Rönesans Çelik when deemed necessary. In the event of a revision, the most current version of the Policy will be posted on the Company’s website.

Located 40 km from Ankara, within the Anadolu Organised Industrial Zone, Rönesans Çelik operates a 40,000 m² production facility where it manufactures structural steel, pressure vessels, bag filters, air-cooled condensers, boilers and fuel systems, as well as flue gas and air ducts and chimneys.

 

Linkedin

© 2026 Rönesans Çelik