ON THE PROTECTION AND PROCESSING OF PERSONAL DATA
GENERAL INFORMATION STATEMENT
As MEFA ENDÜSTRI ANONIM SIRKETI (Tax ID No.: 6130854885) (“MEFA” or “the Company”), located at “Mekik Plaza, Kızılırmak Mahallesi, 1450. Sokak, No. 5/1, Çankaya-ANKARA”, we take the security of your personal data with the utmost care. Considering this, we attach great importance to ensuring that the personal data of the individuals with whom we interact is processed and stored in accordance with the Law on the Protection of Personal Data No. 6698 (“Law” or “KVKK”), the secondary regulations (regulations, circulars, etc.) enacted pursuant to the Law, and the binding decisions issued by the Personal Data Protection Board.
Fully aware of this responsibility, and in our capacity as the “Data Controller” as defined by the Law, we process your personal data as explained below and within the limits prescribed by law, to prevent the unlawful processing of personal data, to prevent unlawful access to personal data, and to ensure the appropriate level of security necessary to safeguard personal data, we implement and maintain all necessary technical and administrative measures.
With this information statement, MEFA aims to disclose the personal data processed regarding the individuals with whom it comes into contact while conducting its core business activities, in full compliance with the principle of transparency on its website; through this notice, the Company provides an information statement regarding its personal data processing activities within the scope of its core business operations and processes.
Information About the Data Controller
MEFA, which began operations in 2006, has become one of the leading brands in the supporting industries sector today through the environmentally conscious investments it has implemented over the past 18 years, characterized by high levels of integration and automation.
MEFA, acting as a data controller based in Türkiye, is one of Europe’s largest manufacturers of wire-based products for the home appliance sector—such as dishwasher baskets and oven racks—and upholds values of environmental responsibility, respect for people, customer focus, flexibility, creativity, and innovation.
Purposes of Processing Personal Data
Your personal data is processed by the Company in accordance with the law and the principles of good faith, within the limits specified in the Law, for the purposes listed below, and is always processed in a manner that is relevant, limited, and proportionate to those purposes.
- Ensuring that the Company’s business units carry out the necessary work and conduct operations in accordance with applicable laws and regulations and Company policies,
- Determining, planning, and implementing the Company’s short-, medium-, and long-term business policies,
- Managing customer relations, corporate communications, and information security processes,
- Ensuring the commercial and legal security of the natural and legal persons with whom the Company has business relationships,
- The management of product/service sales processes and post-sales support services,
- Identifying product and service marketing initiatives through marketing analysis,
- Executing business and business continuity activities, as well as service production and operational processes,
- Conducting processes to ensure the security of the data controller’s operations through risk management.
Method of Collecting Personal Data and Legal Basis
Your personal data is processed by the Company through information provided directly by you—whether verbally, in writing, or electronically—as well as through the Company’s website and similar applications and software used in the course of its operations, using fully or partially automated methods or non-automated methods that form part of a data recording system. In this context, the general categories of personal data listed below are processed based on the legal grounds set forth in Article 5, Paragraph 2 of the Law.
The following classification was developed with consideration given to both the execution of the Company’s business processes and the operation of the Company’s website; the necessary privacy notices and/or consent requests for each of the Company’s processes and operations are separately communicated to the relevant groups of individuals through phased notifications or various other means.
| Data Category | Data Type | The Legal Basis for Data Processing | |
| 1. | Identity | First & last name, date & place of birth, gender, personal ID-Number | The data is processed based on the legal grounds set forth in Article 5, Paragraph 2 of the Law of the Protection of Personal Data (KVKK): (a) explicit provision in laws; (c) the necessity of processing personal data belonging to the parties to a contract due to its direct relevance to the conclusion or performance of the contract; (ç) the necessity of data processing for the data controller to fulfill its legal obligations; d) the data has been made public by the data subject themselves. |
| 2. | Communication | Postal address, e-mail address, phone number | |
| 3. | Client Process | Invoice, order, and request information | The data is processed based on the legal grounds set forth in Article 5, Paragraph 2 of the KVKK: (a) explicit provision in laws; (c) the necessity of processing personal data belonging to the parties to a contract due to its direct relevance to the conclusion or performance of the contract; (ç) the necessity of data processing for the data controller to fulfill its legal obligations. |
| 4. | Process Safety | IP address data, website signing in-out data | Data is processed based on the legal grounds set forth in Article 5, Paragraph 2, Subparagraph (f) of the KVKK, which states that “data processing is necessary for the Company’s legitimate interests, provided that it does not infringe upon the fundamental rights and freedoms of the data subject”. |
| 5. | Risk Management | Information processed for the management of commercial, technical, and administrative risks | |
| 6. | Finance | Financial performance information | The data is processed based on the legal grounds set forth in Article 5, Paragraph 2 of the KVKK: (a) explicit provision in laws; (c) the necessity of processing personal data belonging to the parties to a contract due to its direct relevance to the conclusion or performance of the contract; (ç) the necessity of data processing for the data controller to fulfill its legal obligations. |
The purpose of processing each category and type of personal data will be detailed and can be provided to you through the Company’s personal data inventory record in response to your request.
Under the “KVKK” heading on our website, you can access all privacy notices specific to our website processes.
Transfer of Personal Data and the Purpose of the Transfer
In order to achieve the purposes specified above and to ensure the uninterrupted conduct of the Company’s commercial operations and business processes, based on your explicit consent as specified in Article 8, Paragraph 1 of the Law is required where necessary, and, in accordance with Article 8(2)(a) of the Law, “where explicitly provided for by law, where it is necessary for the data controller to fulfill its legal obligations, the transfer of data is necessary for the establishment, exercise, or protection of a right, and the processing of data is necessary for the legitimate interests of the data controller, provided that such processing does not infringe upon the fundamental rights and freedoms of the data subject,” and by implementing all necessary technical and administrative measures to ensure data security, your personal data may be transferred to the institutions or individuals listed below.
- To public institutions and organizations authorized by law, judicial and administrative authorities,
- To private legal entities and individuals permitted under other legislation,
- To private organizations and public institutions and agencies authorized to audit the Company,
- To business partners from whom services are obtained or with whom the Company collaborates for the purpose of conducting and developing its operations,
- To the Company’s suppliers, only when necessary,
- To the Company’s subsidiaries, partners, group companies, and shareholders, for the purpose of ensuring coordination within the current joint management and operational structure.
You may withdraw the explicit consent you have provided for the transfer of data within the country at any time, and you may consult with Company representatives. The relevant privacy notices and consent forms are communicated to individuals involved in the Company’s processes and activities either through a phased disclosure process or via various other means.
Rights of Data Subjects Under the Law
You may contact MEFA at any time using the following methods to exercise your rights under Article 11 of the Law:
a) The right to know whether personal data is being processed,
b) The right to request information regarding the processing of personal data,
c) The right to know the purpose of the processing of personal data and whether such data is being used in accordance with that purpose,
ç) The right to know the third parties to whom personal data is transferred, whether within the country or abroad,
d) The right to request the correction of personal data that has been processed inaccurately or incompletely,
e) The right to request the erasure or destruction of personal data in accordance with the conditions set forth in Article 7,
f) The right to request that the third parties to whom personal data has been transferred be notified of the processing carried out in accordance with subparagraphs (d) and (e),
g) The right to object to a decision made solely through the automated processing of personal data that produces an adverse effect on the individual,
ğ) The right to claim compensation for damages suffered as a result of the unlawful processing of personal data. You may submit requests regarding your rights and the enforcement of the Law by visiting the mefaendustri.com website, by filling out the application form available from us, or by providing the minimum information listed below:
By sending a request bearing your signature to the address “Mekik Plaza, Kızılırmak Mahallesi, 1450. Sokak, No. 5/1, Çankaya-ANKARA” via a notary public, by certified mail for ease of proof, by regular mail, or by submitting it in person,
By sending your application via email to mefaendustri@hs03.kep.tr using the registered electronic mail (KEP) address assigned to you;
By sending an email to kvkkiletisim@mefaendustri.com using the email address you provided to the Company, which is registered in the Company’s system.
As the data subject, when submitting a request to exercise the rights listed above—which must include a clear explanation of the specific right you are seeking—the matter you are requesting must be clear and understandable, and must pertain to you; if you are acting on behalf of another person, you must submit a notarized power of attorney. In accordance with the “Communication on the Procedures and Principles for Applications to the Data Controller,” applications must include your first and last name, signature, personal identification number (for foreigners: citizenship, passport number, or identification number if available), a residential or business address for service of notice, email address, telephone and fax numbers, and details regarding the request. Applications that do not include the required elements will be rejected by MEFA and/or redirected to the appropriate application channels.
All intellectual property rights, whether registered or unregistered, including but not limited to trademarks, trade names, brand names, patents, logos, designs, information, and methods on this site belong to the company operating and owning the site or to the designated party, and are protected under national and international law. Visiting this Site or using the services provided on this Site does not grant any rights with respect to the intellectual property rights in question; the information on this Site may not be reproduced, copied, published, displayed, and/or transmitted in any manner. The Site may not be used, in whole or in part, on another website without permission.
All MEFA employees have received training on the Law on the Protection of Personal Data, and they are regularly updated on the subject and instilled with a sense of confidentiality. MEFA operates with awareness and sensitivity in all its activities and throughout the lifecycle of personal data within the Company. In this information statement, MEFA reserves the right to make changes at any time for reasons arising from the Law, secondary regulations, and Board decisions. Due to operational requirements, no prior notice is required for updates that will be performed from time to time, and this information statement applies to all services, products, pages, information, and visual elements.
Anyone visiting the website at ecopolymer.com is deemed to have accepted the terms and conditions set forth above. MEFA reserves the right to modify all products and services, pages, information, and visual elements on the site without prior notice.
This text was updated in 2024.
