top of page

HOME PAGE > KVKK

Cengiz Enerji Logo
Güneş enerjisi

SHARE

KVKK

Privacy Notice on the Processing of Personal Data

Data Controller: Cengiz Enerji Sanayii ve Ticaret A.Ş.

Address: Altunizade Mah., Kısıklı Cad., No: 37, 34662, Üsküdar, Istanbul / TÜRKİYE

As Cengiz Enerji Sanayii ve Ticaret Anonim Şirketi (“Cengiz Enerji” or the “Company”), we have prepared this Privacy Notice in order to inform you regarding the processing of your personal data in accordance with the Turkish Personal Data Protection Law No. 6698 (“Law No. 6698”) and the relevant secondary legislation.

Through this Privacy Notice, you may obtain information regarding:

  • our identity as the data controller,

  • the purposes for which your personal data are processed,

  • to whom and for what purposes your personal data may be transferred,

  • the methods and legal grounds for collecting your personal data, and

  • your rights under Law No. 6698.


Purposes of Processing and Legal Grounds

Within the scope of our corporate activities, your personal data are processed for the purposes described below and based on the applicable legal grounds set out under Law No. 6698. The categories of personal data processed, the purposes of processing, and the corresponding legal grounds are grouped and explained below.

  • Detailed information regarding the processing of personal data of our employees is provided through internal communication channels accessible to Cengiz Enerji employees. If you are a former employee of Cengiz Enerji, you may exercise your rights by using one of the methods specified in this Privacy Notice.

  • Detailed information regarding the processing of personal data of our job applicants is provided to the applicants during the recruitment and candidate evaluation processes through appropriate channels. If you are a former job applicant of Cengiz Enerji, you may exercise your rights by using one of the methods specified in this Privacy Notice.

  • Identity Information

    • Personal Data Processed

    First Name, Last Name, Turkish Identification Number, Date of Birth

    • Purposes of Processing

    Ensuring information security processes / Conducting audit and ethics activities / Managing access authorisations / Conducting internal audit and investigation activities / Managing communication processes / Conducting and supervising business activities / Ensuring the security of movable property and company resources / Providing information to authorised persons, public institutions and organisations

    • Legal Grounds for Processing Personal Data

    Your identity data are processed pursuant to Article 5 of the Turkish Personal Data Protection Law No. 6698 (“Law No. 6698”) based on the legal ground that processing is necessary for the legitimate interests of the data controller, provided that such processing does not infringe your fundamental rights and freedoms.

    Physical Premises Security Information

    • Personal Data Processed 

    CCTV Recordings

    • Purposes of Processing 

    Ensuring compliance with applicable legislation / Ensuring physical premises security /  Conducting retention and archiving activities / Creating and monitoring visitor records

    • Legal Grounds for Processing 

    Physical premises security data are processed pursuant to Article 5 of Law No. 6698 based on the legal ground that processing is necessary for the legitimate interests of the data controller, provided that such processing does not infringe your fundamental rights and freedoms.

    • Method of Collection

    Physical premises security data are collected through closed-circuit television (CCTV) systems.

  • Within the scope of the business activities carried out by Cengiz Enerji, personal data processed regarding individuals whose data are obtained through official channels due to legal disputes (e.g., mediators, legal representatives of parties, authorised representatives of relevant institutions), as well as individuals who contact Cengiz Enerji Sanayii ve Ticaret A.Ş. via the contact form available on our website or via email, are grouped as follows:

    Identity Information

    • Personal Data Processed 

    First Name, Last Name, Turkish Identification Number

    • Purposes of Processing Personal Data

    Ensuring information security processes / Conducting audit and ethics activities / Managing access authorisations / Conducting internal audit and investigation activities / Managing communication processes / Conducting and supervising business activities / Ensuring the security of movable property and company resources / Providing information to authorised persons, public institutions and organisations

    • Legal Grounds for Processing

    Your identity data are processed pursuant to Article 5 of the Turkish Personal Data Protection Law No. 6698 (“Law No. 6698”) based on the following legal grounds:

    Processing is necessary for the data controller to fulfil its legal obligations;

    Processing is necessary for the establishment, exercise or protection of a legal claim;

    Processing is necessary for the legitimate interests of the data controller, provided that such processing does not infringe your fundamental rights and freedoms.

    • Methods of Collection

    Your identity data are collected through printed documents, e-mails and information and documents provided by you.

    Contact Information

    • Personal Data Processed 

    E-Mail Address, Mobile Phone Number

    • Purposes of Processing Personal Data

    Ensuring information security processes / Conducting audit and ethics activities / Conducting training activities / Managing access authorisations  / Ensuring compliance with applicable legislation / Managing finance and accounting processes / Ensuring physical premises security / Managing assignment processes  / Following and conducting legal affairs / Conducting internal audit and investigation activities /  Managing communication processes / Conducting and supervising business activities / Conducting occupational health and safety activities / Receiving and evaluating suggestions for business process improvement / Ensuring business continuity / Conducting logistics activities / Managing procurement processes / Managing after-sales support services / Managing sales processes / Managing production and operational processes / Managing organisation and event processes / Conducting performance evaluation processes / Managing risk management processes / Conducting retention and archiving activities  / Managing contract processes / Conducting sponsorship activities / Conducting strategic planning activities / Following up requests and complaints / Ensuring the security of movable property and company resources / Managing supply chain processes / Managing remuneration policies / Providing information to authorised persons, public institutions and organisations / Conducting corporate governance and management activities

    • Legal Grounds for Processing

    Your contact data are processed pursuant to Article 5 of Law No. 6698 based on the following legal grounds:

    Processing is necessary for the data controller to fulfil its legal obligations;

    Processing is necessary for the establishment, exercise or protection of a legal claim;

    Processing is necessary for the legitimate interests of the data controller, provided that such processing does not infringe your fundamental rights and freedoms.

    • Methods of Collection

    Your contact data are collected through printed documents, emails, and information and documents provided by you.

    Legal Transaction Information

    • Personal Data Processed 

    Information contained in correspondence with judicial and administrative authorities, Information contained in formal notices, Litigation and enforcement file information

    • Purposes of Processing Personal Data

    Conducting audit and ethics activities / Ensuring compliance with applicable legislation / Following and conducting legal affairs / Conducting internal audit and investigation activities / Conducting retention and archiving activities / Managing contract processes / Providing information to authorised persons, public institutions and organisations / Conducting management activities

    • Legal Grounds for Processing

    Your legal transaction data are processed pursuant to Article 5 of Law No. 6698 based on the following legal grounds:

    Processing is necessary for the data controller to fulfil its legal obligations;

    Processing is necessary for the establishment, exercise or protection of a legal claim;

    Processing is necessary for the legitimate interests of the data controller, provided that such processing does not infringe your fundamental rights and freedoms.

    • Methods of Collection

    Your legal transaction data are collected through printed documents.

    Other Information

    • Personal Data Processed

    Message Content, E-mail Content, Ethics Hotline Notification Contents, Request-Suggestion-Complaint Information

    • Purposes of Processing Personal Data

    Conducting audit and ethics activities / Ensuring compliance with applicable legislation/ Following and conducting legal affairs / Providing information to authorised persons, public institutions and organisations / Conducting occupational health and safety activities / Conducting and supervising business activities/ Following up requests and complaints / Conducting retention and archiving activities

    • Legal Ground for Processing

    The above-mentioned data are processed pursuant to Article 5 of Law No. 6698 based on the legal ground that processing is necessary for the legitimate interests of the data controller, provided that such processing does not infringe your fundamental rights and freedoms.

    • Methods of Collection

    Such data are collected through information provided by you and via email communications.

Transfer of Personal Data

Your personal data may be transferred in accordance with the Turkish Personal Data Protection Law No. 6698 (“Law No. 6698”) and the applicable legislation, limited to the purposes of processing and in compliance with the principles of data minimisation and proportionality.

Within this scope, your personal data may be transferred to the following parties:

  • Public Authorities and Legally Authorised Institutions

Your personal data may be shared with persons and institutions expressly authorised under applicable legislation, including but not limited to the Social Security Institution (SSI). In addition, your personal data may be disclosed to authorised public institutions and organisations upon a court order or upon a lawful request of authorised administrative authorities.

  • Suppliers

Your personal data may be shared with our suppliers, limited strictly to the services provided under the relevant service agreement and only to the extent necessary for the following purposes:

Managing employee satisfaction and engagement processes

Managing employee benefits and fringe benefit processes

Conducting audit and ethics activities

Managing finance and accounting processes

Following and conducting legal affairs

Conducting and supervising business activities

Conducting occupational health and safety activities

Managing procurement processes

Managing organisation and event processes

Managing contract processes

Managing supply chain processes

Processing work and residence permit applications for foreign personnel

Such transfers are carried out strictly on a need-to-know basis and in compliance with the principle of data minimisation.

Group Companies

Your personal data may be shared with Cengiz Holding A.Ş. and/or its Group Companies, solely to the extent necessary and limited to the purposes of:

Conducting company activities

Managing finance and accounting processes

Conducting and supervising business activities

Managing contract processes

Such transfers are performed in accordance with the principle of data minimisation.

Natural or Legal Persons under Private Law

Your personal data may be shared with natural persons or private legal entities for the purposes of:

Managing communication activities

Conducting and supervising business activities

Managing sales processes of goods and services

Managing organisation, event and contract processes

Such transfers are limited strictly to the requirements of the relevant business relationship and the specific data processing purposes.

Transfer of Personal Data Abroad

Your personal data may be transferred abroad in accordance with the Turkish Personal Data Protection Law No. 6698 (“Law No. 6698”) and the applicable legislation, limited to the purposes of processing.

Within this scope, your personal data may be transferred:

  • To relevant group companies, projects or business units for the purpose of carrying out the Company’s overseas projects and operations;

  • To technical service providers located abroad (such as cloud service providers) for the purposes of providing information technology infrastructure and conducting data storage and archiving activities;

  • Within the scope of international communication and corporate promotion activities, to social media platforms headquartered abroad, provided that your explicit consent has been obtained.

Sharing via social media platforms is carried out either based on the explicit consent of the data subject or where the relevant personal data have been made public by the data subject.

Retention of Personal Data

Where a retention period is stipulated under applicable legislation, your personal data are retained for at least the minimum period required by such legislation.

Where no retention period is specified by law, your personal data are retained for reasonable periods determined in accordance with the purposes of processing, provided that such retention is limited, proportionate and relevant to those purposes.

Your Rights as a "Data Subject"

Pursuant to Article 11 of the Turkish Personal Data Protection Law No. 6698 (“Law No. 6698”), as a data subject, you have the right to:

  • Learn whether your personal data are processed;

  • Request information if your personal data have been processed;

  • Learn the purpose of processing of your personal data and whether they are used in accordance with their purpose;

  • Learn the third parties to whom your personal data are transferred, whether domestically or abroad;

  • Request the rectification of your personal data if they are incomplete or inaccurately processed;

  • Request the erasure or destruction of your personal data within the framework of the conditions stipulated under the applicable legislation;

  • Request notification of third parties to whom your personal data have been transferred regarding the rectification, erasure or destruction of your personal data;

  • Object to a result against you arising from the analysis of processed data exclusively through automated systems;

  • Claim compensation for damages arising from the unlawful processing of your personal data.

Exercising Your Rights

You may submit your requests regarding your rights set out under Article 11 of the Turkish Personal Data Protection Law No. 6698 (“Law No. 6698”) to our Company in accordance with Article 13 of Law No. 6698 and Article 5 of the Communiqué on the Procedures and Principles of Application to the Data Controller, by completing the Data Subject Application Form and using one of the methods described below:

Ekran Resmi 2026-02-10 10.56.29.png

Pursuant to the Communiqué on the Procedures and Principles of Application to the Data Controller, the data subject must include the following information in the application:

  • First and last name;

  • Signature (if the application is submitted in writing);

  • Turkish Identification Number (or nationality and passport number or identification number, if the applicant is a foreign national);

  • Residential or workplace address for notification purposes;

  • If available, email address, telephone number and fax number;

  • The subject matter of the request.

The data subject must clearly and explicitly state the right they wish to exercise. Relevant information and supporting documents must be attached to the Application Form.

The subject matter of the request must relate to the applicant personally. If the application is submitted on behalf of another person, the applicant must be duly authorised and such authorisation must be documented.

If the application concerns special categories of personal data, authorisation must be provided in accordance with Article 10 of the Regulation on Personal Health Data.

Applications must include identity and address information and be accompanied by documents verifying the identity of the applicant.

Requests submitted by unauthorised third parties on behalf of another person will not be evaluated.

Response to Your Requests

Your requests regarding your personal data will be responded to as soon as possible and in any event within thirty (30) days from the date on which your application is received by our Company.

bottom of page