Protection of Personal Data in Accordance with Law No. 6698 on the Protection of Personal Data (“KVKK”)

In accordance with Law No. 6698 on the Protection of Personal Data (“KVKK”), the personal data you provide will be processed by Epsa Insulation and Packaging Products Industry and Trade Joint Stock Company (“EPSA”) as the Data Controller for business purposes, in the manner described below, including being used, recorded, stored, updated, transferred, and/or classified.

EPSA takes all necessary technical and administrative measures to prevent unlawful processing and access to personal data, aiming to protect individuals’ fundamental rights and freedoms, particularly the privacy of private life.

Scope

The target audience of this text includes all real persons whose personal data are processed by EPSA, excluding EPSA employees or employee candidates.

Processed Personal Data

Name, surname, Turkish ID number, address, phone number, email address, signature, physical premises/security video recordings, call center/service quality voice recordings, bank account number, cookie records.

Purposes of Processing Personal Data

• To enable the use of products and services provided by EPSA
• To determine and implement commercial and business strategies
• To conduct marketing, business development, and planning activities
• To carry out administrative operations
• To ensure physical security
• To establish partner/customer/supplier relationships
• To fulfill contract requirements and ensure financial reconciliation
• To implement human resources policies
• Call center and website operations
• To enable participation in training, seminars, or events organized by EPSA

Collection, Storage, and Transfer of Personal Data

Your personal data may be collected verbally, in writing, or electronically through offices, branches, call centers, websites, social media platforms, mobile applications, etc. Security measures are applied for storage in electronic and/or physical environments.

Your personal data will only be used for the stated purposes, retained for the legally required period, and upon expiration, deleted, destroyed, or anonymized from the systems.

Transfer of Personal Data

Your personal data may be transferred within the scope of laws and regulations to:

• Representatives operating on behalf of EPSA
• Regulatory authorities
• Business partners
• Suppliers
• Banks
• Consultants
• Legal authorities
• Service providers within Turkey and abroad

Your Rights under KVKK

As the owner of personal data, you have the following rights under Article 11 of KVKK:

• To learn whether personal data is being processed
• If personal data has been processed, to request information about it
• To learn the purpose of processing personal data and question whether it is used in accordance with its purpose
• To know the third parties to whom it is transferred domestically or abroad
• To request correction if personal data is incomplete or inaccurately processed
• To request deletion or destruction of personal data
• To request notification of correction or deletion requests to third parties
• To object if the result of automated processing adversely affects you
• To claim compensation if you suffer damage due to unlawful processing

Application Methods

In accordance with Article 13 of the KVKK, you can submit your requests in writing or through the methods specified by the Personal Data Protection Board to EPSA. Applications will be concluded free of charge within 30 days. However, if the process requires additional costs, a fee determined by the Personal Data Protection Board may apply.

You can make your applications with documents identifying your identity through the following contact channels:

Address: Taşpınar Mah. Teknosab 20. Cadde No:17 Karacabey/Bursa
Email: info@epsa.com.tr

Our Information Security Policy

EPSA is committed to ensuring information security at the highest level for sustainable success and customer trust. In this context:

• The confidentiality, integrity, and availability of information are protected
• Current cyber threats are monitored
• Compliance with legal requirements is ensured
• Information security awareness is integrated into corporate culture

You can access more information about EPSA’s quality certificates and information security policies here.