GDPR Compliance Policy

Effective Date: 01.10.2023

1. Introduction

At Symplast A.Ş. ("Symplast," "we," "our," or "us"), we are deeply committed to protecting your privacy and personal data. This GDPR Compliance Policy outlines our unwavering commitment to adhering to the General Data Protection Regulation (GDPR) and provides an extensive overview of how we collect, process, and safeguard your personal data.

2. Data Collection and Usage

• Minimal Data Collection: Symplast collects a minimal amount of personal data, including names, email addresses, phone numbers, and other information explicitly requested from users. We refrain from collecting excessive or unnecessary data.
• Purpose Limitation: Personal data collected by Symplast is processed solely for the purposes explicitly communicated to the data subject. Any additional processing requires the explicit consent of the data subject.

3. Data Transparency

• Data Protection Officer (DPO): Symplast has appointed a Data Protection Officer who oversees data protection activities, ensures compliance with GDPR regulations, and serves as a point of contact for data subjects.
• Data Register: We maintain a comprehensive record of our data processing activities, as required by GDPR.

4. Data Security

• Data Protection Measures: Symplast employs robust security measures to safeguard your personal data against unauthorized access, disclosure, alteration, or destruction.
• Encryption: All data transmitted between your device and our servers is encrypted to ensure the confidentiality and integrity of your data.

5. Data Sharing and Third Parties

• No Third-Party Sharing: Symplast does not share your personal data with third-party companies unless mandated by law or with your explicit consent.
• Third-Party Data Processors: If we engage third-party data processors, we ensure they meet GDPR compliance standards and maintain the security and confidentiality of your data.
• International Data Transfers: In cases of international data transfers, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or Binding Corporate Rules.

6. Data Subject Rights

• Access, Rectification, and Erasure: You have the right to access, rectify, or request the erasure of your personal data held by Symplast. Requests can be made by contacting us at info@symplast.com.tr.
• Data Portability: Upon request, we will provide you with a copy of your personal data in a structured, commonly used, and machine-readable format.
• Objection: You can object to the processing of your personal data for specific purposes, and we will assess the necessity of such processing.

7. Consent Management

• Explicit Consent: Symplast seeks your explicit consent before collecting and processing your personal data for any purpose other than those originally communicated.
• Withdrawal of Consent: You have the right to withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

8. Data Retention and Deletion

• Retention Period: We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws.
• Data Deletion: Upon the expiration of the retention period or at your request, we will securely delete or anonymize your personal data.

9. Cookies and Analytics

• Cookie Usage: Symplast employs cookies to enhance your user experience on our website. For detailed information, please review our Cookie Policy.
• Analytics: We use analytics tools to monitor website usage for optimization and improvement. Data collected is anonymized and used for statistical analysis.

10. Children's Privacy

• Age Restrictions: Symplast does not knowingly collect personal data from individuals under the age of 16. If you are under 16, please do not submit any personal data to us.

11. Data Breach Notification

• Data Breach Procedure: In the event of a data breach, Symplast will promptly notify affected individuals and the relevant authorities in accordance with GDPR requirements.

12. Data Protection Impact Assessments (DPIAs)

• Risk Assessment: Symplast conducts DPIAs for high-risk processing activities to assess and mitigate data protection risks.

13. Records of Processing Activities

• Documentation: We maintain detailed records of our data processing activities, including purposes, categories of data, recipients, and retention periods.

14. International Data Transfers

• Safeguards: When transferring data internationally, we ensure that adequate safeguards are in place to protect your data, including Standard Contractual Clauses or Binding Corporate Rules.

15. Updates to this Policy

• Policy Changes: Symplast reserves the right to update or modify this GDPR Compliance Policy at any time. The most current version will be posted on our website with the "Effective Date" at the top of the page.

16. Contact Us

• Questions or Concerns: If you have any questions, concerns, or requests related to your personal data or this GDPR Compliance Policy, please contact us at info@symplast.com.tr.