Mail : info@ilknak.com Phone: (+90) 232 330 4086 EN | TR

OUR CORPORATE VALUES

“ Our corporate values ​​form the foundation of all our operations and social policies.

Responsibility

We fulfill our duties on time, accurately, and to the best of our ability.

Trust

We act with integrity, transparency, and consistency.

Team Spirit

We work collaboratively and achieve success together.

Communication

We communicate openly, respectfully, and effectively.

Solution-Oriented Approach

We remain persistent in the face of challenges and focus on producing solutions.

Agility

We adapt quickly to change and take timely action.


Through our social policies shaped by these values, we aim to create sustainable value for our employees, stakeholders, and society.”

This policy emphasises our corporate social responsibility principles as İLKNAK SU ÜRÜNLERİ SAN. TİC A.Ş, and importance and priority of the subject matter for all our employees and shareholders.

Ilknak considers acting with social responsibility consciousness in all its activities as one of the fundamental and unchangeable elements of management understanding and we determine our understanding of Social Responsibility and our priorities in this regard by taking into account what is best for society and the environment. The fundamental principles, on which we ground for our social responsibility practices are as follows;

Social Practices Policy - İlknak

CORPORATE POLICIES

This policy emphasizes the corporate social responsibility principles of İLKNAK SU ÜRÜNLERİ SAN. TİC A.Ş and highlights the importance and priority of this matter for the management, employees, and all our stakeholders. İlknak accepts acting with social responsibility awareness in all its activities as one of the fundamental and unchanging elements of its management approach.
We respect Human Rights. We are against forced labor and human trafficking. We treat everyone equally and fairly. We do not accept discrimination among employees within the institution based on language, race, color, gender, political opinion, belief, religion, sect, age, physical disability, or similar reasons. We approach employees honestly and fairly, and we commit to a non-discriminatory, safe, and healthy working environment. Ensuring and protecting the safety of our employees is our primary business goal.
Child labor cannot be employed at any stage of production. İlknak is obliged to comply with the age limits stipulated by ILO practices regarding the employment of children.
Since we are in the dangerous class in terms of occupational safety, young workers are not employed. The age limit at İlknak Su Ürünleri San Tic. A.Ş. is 18.
Wages and social services must be determined in accordance with the applicable fundamental principles regarding minimum wage, overtime, and social services mandated by law. Working hours must comply with applicable laws. Overtime should only be performed when the employee is voluntary, and the employee must be granted at least 1 day of rest after 6 consecutive working days.
Forced labor or compulsory labor is prohibited. Employees must have the right to terminate the employment contract within a reasonable period of time. No form of slave, trafficked, or involuntary labor is utilized.
A staff member is authorized and appointed among the employees for the protection and execution of social rights within the facility. This personnel selection is determined by a vote in a meeting attended by all staff and management regularly every year. The Employee Representative freely reports the requests and complaints of the employees to the senior management without personal sanctions.
Employees have the right to clearly express their requests and complaints on any subject to the senior management, both verbally and in writing. They shall not be subjected to any punishment or ill-treatment.
Our employees should be able to meet frequently with the business management about working conditions without fear of negative consequences of any kind. They have the right to unite among themselves to become a member of a union, appoint a representative, or be elected as a representative.
The institution ensures the safety of the employees in the workplace at least within the framework of the laws, protects their health, and strives for continuous improvement to enhance the working environment. Occupational health and safety training is provided to all personnel. Our company has the "ISO 45001 Occupational Health and Safety Management System."
The highest level of integrity is expected in all business activities and relationships. All forms of corruption, bribery, fraud, embezzlement, extortion, and abuse are strictly prohibited. Company employees cannot request or imply gifts from customers/subcontractor/supplier companies; they cannot accept any gifts, money, or special discounts that would put the company under obligation.
It is prohibited to practice discrimination of any kind against employees. This includes putting individuals at a disadvantage due to their gender, race, social group, color, disability, union affiliation, political opinion, origin, religion, age, or pregnancy.
It manages the environmental impacts that may arise from all kinds of our activities with a sense of responsibility. İlknak is obliged to determine and implement all kinds of improvement and development efforts that will minimize the environmental impacts of its activities. Our company has the "ISO 14001 Environmental Management System."
It evaluates the suppliers, subcontractors, and business partners in terms of Social Responsibility, monitors the reasonable and adequate measures they take, and supports a mutual cooperation approach to continuously improve their Social Responsibility levels. Their willingness for BSCI codes of conduct is questioned.
All our managers and employees, especially the senior management, are responsible for corporate social responsibility practices. Any violation or suspicion should be reported to: etik@ilknak.com. We commit that anyone who reports any violation will not be subjected to ill-treatment or sanctions.
Turkish Labor Law No. 4857 ILO Fundamental Conventions (No. 29, 87, 98, 99, 100, 105, 111, 138, 182) - No. 29: Forced Labour - No. 87: Freedom of Association - No. 98: Right to Organise and Collective Bargaining - No. 100: Equal Remuneration - No. 105: Abolition of Forced Labour - No. 111: Discrimination (Employment and Occupation) - No. 138: Minimum Age - No. 182: Worst Forms of Child Labour GRASP (GlobalG.A.P. Risk Assessment on Social Practice) ETI (Ethical Trading Initiative) Universal Declaration of Human Rights
As ILKNAK SU ÜRÜNLERİ SAN. VE TİC. A.Ş., we are committed to the highest standards of integrity. This policy is an inseparable part of our Business Ethics Rules and our commitment to the United Nations Global Compact.
The aim of this Policy is to outline the anti-bribery and corruption policies of ILKNAK SU ÜRÜNLERİ SAN. VE TİC. A.Ş., which are also included in our Business Ethics Rules.
This policy covers senior management, all employees, and all business partners (suppliers, subcontractors, consultants, etc.) acting on behalf of İLKNAK SU ÜRÜNLERİ SAN. VE TİC. A.Ş.
Corruption: The misuse of authority for personal gain. Bribery: Offering, promising, or demanding a benefit to influence the performance of a duty. This includes cash, political donations, commissions, gifts, or hospitality.
Senior Management is responsible for establishing an ethical, reliable, and lawful work environment. Employees are required to comply with policies, effectively manage risks in their areas, and report any suspicious behavior.
İLKNAK only works with partners who meet our ethical standards. We do not engage with any organization that has negative intelligence regarding bribery or corruption. Agreements include clauses for termination in case of policy violation.
6.1 Bribery: Absolutely unacceptable regardless of purpose. 6.2 Gifts: Only symbolic, low-value gifts are permitted infrequently; others must be reported to HR. 6.3 Facilitation Payments: Strictly prohibited to secure routine government processes. 6.4 Donations: Charitable activities must comply with İlknak’s Donations policy and be independent of business gain.
All accounts and documents must be maintained accurately and reliably. Regular training programs are provided to raise employee awareness across HR, Accounting, and Management departments.
Violations or suspicions must be reported to senior management. Notifications are kept confidential, and good-faith reporting is encouraged. Non-compliance results in disciplinary action or contract termination for just cause.
At İlknak Aquaculture, we strive to contribute to economic, environmental, and social sustainability. This policy is based on international standards including the Universal Declaration of Human Rights, UN Global Compact, and ILO Conventions. It covers all our facilities and operations.
We provide equal opportunities for all employees. We do not tolerate discrimination based on race, language, gender, sexual orientation, age, physical disability, religious belief, or political opinion. We see diversity as a strength.
We have zero tolerance for physical, verbal, sexual, or psychological harassment and violence in the workplace. We protect the dignity of our employees and ensure they are treated with respect.
We encourage diversity among our employees and create an environment where everyone from different cultural, social, and individual backgrounds can contribute equally to an innovative culture.
Forced labor, human trafficking, and modern slavery are unacceptable in any form. We maintain a zero-tolerance policy against such activities.
We respect our employees' rights to freely organize, unionize, and engage in collective bargaining without fear of discrimination or pressure.
Working hours, wages, and benefits are determined in accordance with legal regulations and international standards. We implement fair wage policies and respect our employees' right to rest and vacation.
Ensuring the safety and protection of our employees is our top priority. We provide a safe, healthy, and non-discriminatory environment with continuous improvement processes.
We treat our employees honestly and fairly. Communication, transparency, and mutual respect are the essential pillars of our management style.
All managers and employees are responsible for the implementation of this policy. Necessary measures and corrective actions are implemented in case of violations.
1. AIM: This procedure aims to regulate the ethical principles that employees of İLKNAK SU ÜRÜNLERİ SAN. VE TİC. A.Ş. must adhere to, and to ensure compliance with laws, universal legal principles, and professional ethics. 2. SCOPE: It covers all ethical principles with a "zero tolerance" approach against bribery and corruption. 3. DEFINITIONS: EYS stands for Integrated Management System (Sedex, BRCGS, ISO, etc.). 4. RESPONSIBILITIES: Senior management and the Human Resources Manager are responsible for implementation.
A. Honesty: Primary value in all business processes. B. Privacy: Protection of trade secrets, personal data, and inside information ("insider trading" is unacceptable). C. Conflict of Interest: Avoiding personal gain through family, relatives, or the İlknak name. D. Our Responsibilities: 1. Legal Responsibilities (Republic of Turkey and International Law). 2. Customers (Satisfaction, respect, and fairness). 3. Employees (Personal rights, non-discrimination, safe environment). 4. Partners (Sustainability, financial discipline, and value creation). 5. Suppliers/Business Partners (Fairness and confidentiality). 6. Competitors (Ethical competition). 7. Society and Humanity (Democracy, human rights, and environmental protection). 8. "İlknak" (Maintaining reputation and professional competence).
Activities That May Create Conflict: - Doing business with family members or friends (Purchasing, etc.). - Working for another institution for remuneration without approval. - Serving as a board member in competing companies. - Using authority (Abuse of Office) for personal gain. - Misuse of Company resources (Time, assets, personnel). - Accepting personal loans from customers or subcontractors. - Media relations must follow the Company Communication Protocol.
1. No gifts that influence impartiality may be accepted. 2. Gifts must comply with legislation and business objectives. 3. Meals and refreshments are acceptable within business standards. 4. Gifts under 2000 TL (per year/person) may be accepted without approval; New Year items (books, chocolates) are excluded. 5. Bribery and commissions are strictly prohibited. 6. Cash loans or event coverage by suppliers/customers are not permitted.
- Confidential information (trade secrets, financial data, personal data) may not be disclosed to third parties unless required by law. - Files and passwords must be kept secure; confidential topics should not be discussed in public places (elevators, cafeterias). - Sharing information with third parties requires a confidentiality agreement. - Confidentiality obligations continue even after an employee leaves the company.
- Compliance with all employment laws and fair HR practices (recruitment, promotion). - Zero tolerance for discrimination based on race, gender, religion, etc. - Protection of physical, sexual, and emotional inviolability. - Prevention of workplace harassment and mobbing (systematic intimidation). - Ensuring a healthy and safe work environment with sensitivity to environmental impacts.
- Comply with laws and learn company policies. - Promptly report potential violations to the Ethics Committee. - Cooperate in ethical investigations and keep information confidential. Ethical Decision-Making Steps: 1. Identify the problem. 2. Think before deciding. 3. Decide on an action plan. 4. Test the decision. 5. Persevere.
Managers: Must set an example, support employees in reporting, and minimize ethical risks in business processes. Senior Management & HR: Responsible for reviewing the Code of Ethics, providing training, guaranteeing the confidentiality of reports, and protecting whistleblowers from retaliation.
Senior Management: Responsible for the effective implementation of ETHICS and fostering a supportive culture. Human Resources Manager: Reviews and documents the Code of Business Ethics based on Ethics Committee recommendations. Employee Awareness: HR is responsible for informing employees, providing periodic training, and maintaining continuous communication. Confidentiality & Safety: Management guarantees the confidentiality of notifications and ensures the occupational safety of whistleblowers, protecting them from any retaliation.
Employees are obligated to report violations to their direct supervisor, the Code of Ethics Advisor, the Hotline, or the General Manager. If unresolved, the matter reaches the Ethics Committee. - Violators face disciplinary sanctions, including termination. - Sanctions also apply to those who approve or fail to report inappropriate behavior. - False or defamatory statements are considered ethical violations and may lead to legal action under the Turkish Penal Code and Labor Law.
The committee resolves conflicts of interest and evaluates ethical violations: - Chairman: Georgios Meletiadis (General Manager) - Member: Aslı Oğuz (Human Resources Manager) - Member: Attorney Ali Can Kahyaoğlu (Legal Advisor)
1. Confidentiality: Identities and reports are kept strictly confidential. 2. Protection: Whistleblowers are protected from pressure, discrimination, or mobbing. 3. Authority: Investigators can request any relevant information/documents directly. 4. Documentation: All processes are recorded in writing and signed. 5. Urgency: Investigations are handled as quickly as possible and decisions are implemented immediately. 6. Independence: Committee members act independently of the organizational hierarchy.
Email: etik@ilknak.com Telephone: +90 232 330 40 86 (Weekdays 07:30-16:30) Mail Address: İlknak Seafood Industry and Trade Inc. To the attention of the Ethics Committee Çavuş Neighborhood, Çavuş Yolu Street, İlknak Site No: 14, 35660, Menemen, Izmir
Process Owners: Senior Management and Human Resources Manager. Appendices: - P23-TA01: Instruction on Child Labor Prevention - P23-TA02: Prevention of Cruel Treatment, Violence and Abuse - P23-RA01: Corruption Risk Analysis Table System References: GLOBAL GAP, BRCGS, IFS, ASC, ISO 14001, ISO 45001, ISO 9001, ISO 22000, Smeta Sedex.
Rev 01 (June 11, 2015): Transition to BRC v7 and GlobalGap v5; logo update and document re-coding. Rev 02 (Dec 01, 2021): General revision and updating of documents. Rev 03 (Aug 23, 2023): Expanding business ethics rules and defining application areas.
1. AIM: To prevent child labor at İLKNAK SU ÜRÜNLERİ SAN. VE TİC. A.Ş. and to ensure remediation processes comply with national legislation, ILO guidelines, and Sedex/SMETA requirements. 2. IMPLEMENTATION MANAGER: General Manager, Department Managers, and HR Officer.
Child Labor: A person under the age of 15 employed in any capacity (Turkish Labor Law Art. 71 / ILO No. 138). • Young Worker: A person aged between 15 and 18. • Remediation: Implementing a sustainable support plan prioritizing safety, education, and well-being instead of simple dismissal.
4.1 Preventive Measures: - Age verification via national ID or passports during recruitment. - "No child labor" commitments in subcontractor contracts. - Annual internal social compliance audits. 4.2 Detection Protocol: If child labor is detected: 1. Immediate removal from production to a secure location. 2. Verification of age, identity, and family details. 3. Ensuring physical/psychological safety (no criminal proceedings against the child). 4. Reporting to the local Labour Directorate and/or Social Services Agency.
Support over Dismissal: Children are not dismissed; they are supported in their best interest. • Education: Encouragement and support for school registration and continued education. • Family Cooperation: Alleviating economic hardship through local institutions (NGOs, municipalities). • Financial Alternatives: Exploring adult employment opportunities for the family members. • Monitoring: Periodic observation until the individual reaches the age of 18. • Record Keeping: Confidential storage of all records for at least 5 years.
References: - ILO Convention No. 138 (Minimum Age) & No. 182 (Worst Forms). - Turkish Labor Law Article 71. - Sedex/SMETA 4-Pillar Standards. Revision History: Current Revision: 01 - Initial release and integration with the social compliance system.
1. AIM: To ensure that no employee at İLKNAK SU ÜRÜNLERİ SAN. VE TİC. A.Ş. is subjected to physical, psychological, or sexual violence, coercion, force, or degrading treatment, including gender-based violence and harassment. 2. IMPLEMENTATION MANAGER: General Manager, Department Managers, and HR Manager.
Harassment: Verbal, physical, or behavioral actions that damage dignity or create a hostile environment. • Gender-based Violence: Assault against a person because of their gender, sexual orientation, identity, or expression. • Inhuman/Abusive Treatment: Physical punishment, threats, insults, humiliation, forced labor, or mistreatment under the guise of discipline.
- All employees receive and sign the "Human Rights Procedure" upon starting employment. - The policy is displayed on notice boards, in common areas, and in the employee handbook. - "Human Rights Policy and Discrimination Training" is conducted at least once a year.
Employees can report incidents through the following channels: • Internal: Human Resources Department, Suggestion/Complaint Boxes, or managers. • Email: etik@ilknak.com • Tesco Protector Line: Call 0800 621 2345 or visit protectorline.ourtesco.com. • Intertek Compliance Officer: Burcu Turhan Uzuner (Phone: 0212 496 4613 | Email: burcu.turhan@intertek.com). Confidentiality: All complaints are recorded and evaluated confidentially. Temporary reassignment or leave may be provided for the victim's safety.
Investigation Process: - Evidence is gathered and parties are heard within 10 business days. - Parties are granted the right to a fair trial. - Final report leads to disciplinary actions (warning, reprimand, or termination). Support Measures: - Victims are provided with psychological counseling or health support. - Privacy and the prohibition of retaliation are strictly guaranteed. - Cooperation with the Ministry of Family and Social Services is established when necessary.
• ILO Convention No. 190 (Violence and Harassment) • Company Code of Ethics and Human Rights Policy • Turkish Labor Law • Sedex/SMETA 4 Pillar Standards

The purpose of this Personal Data Retention and Destruction Policy (“Policy”) is, within the scope of our Constitution, the Law No. 6698 on the Protection of Personal Data (“KVKK”), and the Regulation on the Erasure, Destruction or Anonymisation of Personal Data dated 28 October 2017 (“Regulation”), to regulate the principles and procedures regarding the determination of retention periods of personal data processed by İlknak Su Ürünleri Sanayi ve Ticaret A.Ş. (“İlknak” or the “Company”), in its capacity as data controller, and the erasure, destruction or anonymisation of personal data whose retention period has expired.

This Policy covers the personal data of İlknak’s representatives, employees, job applicants, subcontractor employees, business partner representatives and employees, customer representatives and employees, supplier representatives and employees, and visitors. It applies to all recording environments in which personal data is processed, as well as all activities related to the processing of personal data. This Policy does not apply to legal persons or to data relating to legal persons. The data subjects covered under this Policy are as follows:

DATA SUBJECT DESCRIPTION
İlknak Representatives and Partners Natural persons who are shareholders, stakeholders, partners, board members, and authorized signatories of İlknak.
İlknak Employee Natural persons working under an employment contract within İlknak.
Job Applicant Natural persons who apply for a job at İlknak by any means or submit their CV information.
Subcontractor Personnel Natural persons employed by a company providing services to İlknak under a contract and who perform activities on behalf of İlknak at İlknak’s workplace.
Representatives and Employees of Business Partners Representatives and employees of natural or legal persons with whom İlknak has a business relationship.
Supplier Representative Natural persons authorized to act on behalf of a supplier company that has a commercial relationship with İlknak.
Supplier Employee Natural persons employed by a supplier company with which İlknak has a contractual relationship and who are involved in providing services to İlknak.
Customer Representative Natural persons authorized to act on behalf of a customer company with which İlknak has a commercial relationship in processes such as contracts, orders, payments, and similar transactions.
Customer Employee Natural persons employed by a customer company with which İlknak has a commercial relationship and who are involved in processes related to the business relationship with İlknak.
Visitor Natural persons who physically enter İlknak facilities for various purposes, access İlknak’s network, or visit its websites for any purpose.
Family Members of İlknak Representatives and Employees Family members of İlknak’s shareholders, partners, board members, authorized signatories, and employees working under an employment contract within İlknak.
TERM DESCRIPTION
Categories of Recipients The category of natural or legal persons to whom personal data is transferred by the data controller.
Explicit Consent Consent that is specific to a particular subject, based on being informed, and freely given.
Data Subject A natural person whose personal data is processed.
Anonymisation Making personal data such that it cannot be associated with an identified or identifiable natural person in any way, even by matching with other data.
Personal Data Any information relating to an identified or identifiable natural person.
Destruction The erasure, destruction, or anonymisation of personal data.
Recording Environment Any environment where personal data is processed fully or partially by automated means or non-automated means provided that it is part of a data recording system.
Electronic Environment Environments where personal data can be created, read, modified, and written using electronic devices.
Non-Electronic Environment All written, printed, visual, and other non-electronic environments.
Processing of Personal Data Any operation performed on personal data such as obtaining, recording, storing, retaining, altering, reorganizing, disclosing, transferring, taking over, making available, classifying, or preventing the use of data, whether fully or partially by automated means or non-automated means provided that it is part of a data recording system.
Data Processing Inventory An inventory created by data controllers based on their business processes, detailing personal data processing activities by linking processing purposes and legal grounds, data categories, recipient groups, and data subject groups, and specifying maximum retention periods, data transfers abroad, and data security measures.
Special Categories of Personal Data Data relating to a person’s race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.
Periodic Destruction The erasure, destruction, or anonymisation of personal data carried out at recurring intervals specified in the personal data retention and destruction policy, when all conditions for processing no longer exist.
Data Controller Registry (VERBİS) The registry of data controllers maintained by the Personal Data Protection Authority.
Data Processor A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
Data Filing System A system in which personal data is structured and processed according to specific criteria.
Data Controller The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system. Under this Policy, İlknak Su Ürünleri Sanayi ve Ticaret A.Ş. is the data controller.

Personal data may only be processed for the purposes specified in the personal data processing disclosure notice provided to the relevant data subject. Personal data must be:

  • Processed in a lawful, fair, and transparent manner;
  • Collected and recorded for specific, explicit, and legitimate purposes, and processed in a manner compatible with those purposes in any further processing activities;
  • Accurate and, where necessary, kept up to date;
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed, and not processed in a manner exceeding those purposes or for subsequent processing activities;
  • Retained in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
  • Stored with appropriate technical and organizational measures to ensure adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

The Law No. 6698 stipulates that data subjects must be informed regarding the processing of their personal data, and that explicit consent based on informed disclosure must be obtained for the processing of personal data where none of the legal grounds specified under Articles 5 and 6 of Law No. 6698 exist.

Article 20/(3) of the Constitution secures the protection of personal data by stating that personal data may only be processed in cases prescribed by law or with the explicit consent of the individual. In accordance with the rights afforded to data subjects and pursuant to Article 4 of the Law, personal data are processed in accordance with the law and principles of honesty, in an accurate and up-to-date manner where necessary, for specific, explicit, and legitimate purposes, and are processed in a manner that is relevant, limited, and proportionate to the purpose for which they are processed. They are retained for the period stipulated by applicable legislation or required for the purposes of processing, as set out in this Policy.

Data subjects are informed by İlknak in accordance with Article 10 of the Law regarding personal data processing activities. İlknak monitors and complies with all regulations set forth under the Law and by the Board regarding the processing and transfer of personal data and implements the necessary technical and administrative measures.

As a general rule, personal data shall not be processed without the explicit consent of the data subject. However, in the cases listed under Article 5 of the Law, personal data may be processed without explicit consent:

  • Where expressly provided by law,
  • Where it is necessary for the protection of life or physical integrity of a person who is unable to express consent due to physical impossibility or whose consent is not legally valid,
  • Where processing is necessary for the establishment or performance of a contract to which the data subject is a party,
  • Where processing is necessary for the fulfilment of a legal obligation of the data controller,
  • Where the data subject has made the personal data public,
  • Where processing is necessary for the establishment, exercise, or protection of a right,
  • Where processing is necessary for the legitimate interests of the data controller, provided that such processing does not harm the fundamental rights and freedoms of the data subject.

İlknak informs data subjects in accordance with Article 10 of the Law and provides necessary information upon request regarding personal data processing activities.

Special categories of personal data are processed in accordance with the legal obligations arising from the Law and the Decision of the Personal Data Protection Board No. 2018/10 dated 31 January 2018 regarding adequate measures to be taken by data controllers in the processing of special categories of personal data.

Personal data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and appearance, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data, are considered special categories of personal data.

İlknak complies with the Law and other relevant legislation in the processing of special categories of personal data. Accordingly, such data are processed in accordance with the following principles:

  • Compliance with law and good faith,
  • Accuracy and, where necessary, keeping up to date,
  • Being relevant, limited, and proportionate to the purposes for which they are processed,
  • Processing for specific, explicit, and legitimate purposes,
  • Retention for the period required by law or necessary for the purpose of processing.

In all cases, explicit consent must be demonstrable and documented via paper, electronic records, or system-based tracking to prevent unlawful processing of personal data under Law No. 6698. Data subjects may withdraw their consent at any time.

İlknak takes the necessary technical and administrative measures at an appropriate security level in both physical and electronic recording environments to prevent unlawful processing of personal data, prevent unauthorized access, and ensure secure storage. In this context, the measures taken are as follows:

TECHNICAL MEASURES ADMINISTRATIVE MEASURES
Network and application security controls are implemented, Corporate policies have been prepared and implemented regarding the processing and protection of personal data, including access, information security, usage, storage, and destruction,
Security measures are implemented in the procurement, development, and maintenance of information technology systems, Personal data security policies and procedures have been established,
Security of personal data stored in cloud environments is ensured, Existing risks and threats related to personal data have been identified,
An authorization matrix is established for employees, Access rights of employees whose duties change or who leave the company are revoked,
Access logs are systematically retained, Signed contracts include data security provisions,
Data masking measures may be applied when necessary, A personal data inventory has been prepared,
Up-to-date antivirus systems are used, Employees are provided with periodic training and awareness activities regarding data security issues such as the unlawful disclosure or sharing of personal data,
Personal data security monitoring is carried out, Necessary security measures are implemented regarding entry and exit to physical environments containing personal data,
Personal data and the information systems in which such data are stored are backed up, and the security of backup data is ensured through encryption and other relevant measures, Security of physical environments containing personal data against external risks (such as fire, flood, etc.) is ensured,
User account management and access control systems are implemented, Procedures have been established to notify relevant data subjects and the Board in the event of unlawful acquisition of personal data by third parties,
Log records are maintained in a manner that prevents user intervention, Policies and procedures regarding the security of special categories of personal data are being established,
Penetration testing is performed periodically, Periodic audits are carried out on data processors regarding data security compliance.
Cybersecurity measures are implemented and continuously monitored,
Information systems are kept up to date,
To ensure the security of information systems against environmental threats, both hardware (such as access control systems restricting entry to authorized personnel only in server rooms, 24/7 monitoring systems, physical security of network switches, fire suppression systems, air conditioning systems, etc.) and software-based measures (such as firewalls, intrusion prevention systems, network access control, malware protection systems, etc.) are implemented,
Access to personal data stored in both electronic and non-electronic environments is restricted based on authorization and access principles,
Systems and infrastructure are established to report unlawful data processing incidents to the relevant data subject and the supervisory authority,
If special categories of personal data are to be sent via email, they are transmitted in encrypted form and through corporate email accounts,
Strong passwords are used in electronic environments where personal data are processed, and log records are maintained with time stamps in appropriate systems,
Necessary measures are taken to ensure the physical security of the company’s IT equipment, software, and data,
Risks, threats, vulnerabilities, and security gaps related to information systems are identified and necessary measures are implemented accordingly.

Personal data are retained in accordance with the principle set forth in the Law that “personal data shall be stored for the periods stipulated in the relevant legislation or for the period required for the purpose for which they are processed.” In this context, where a specific retention period is prescribed under applicable legislation, such period is strictly complied with. Where no statutory retention period is specified, personal data are retained for the duration required for the purposes for which they are processed, and upon the expiry of such period, they are destroyed in accordance with this Policy.

As İlknak, our legal obligations regarding the retention of personal data primarily arise from the following legislation:

  • Law No. 6698 on the Protection of Personal Data,
  • Turkish Code of Obligations No. 6098,
  • Turkish Commercial Code No. 6102,
  • Labour Law No. 4857 and related regulations and communiqués,
  • Occupational Health and Safety Law No. 6331 and related regulations and communiqués,
  • Social Insurance and General Health Insurance Law No. 5510 and related regulations and communiqués,
  • Corporate Tax Law No. 5520,
  • Tax Procedure Law No. 213 and related regulations and communiqués,
  • Code of Civil Procedure No. 6100,
  • Secondary legislation in force under the above-mentioned laws.

Personal data processed within İlknak are stored in different recording media depending on the nature of the data, the environment in which they are created, İlknak’s technical capabilities, the manner of transfer to third parties, and the level of security measures required. In this context, İlknak’s recording media include the environments listed below within the scope of this Policy, as well as any other recording media used in personal data processing activities in addition to those specified herein, even if not explicitly stated in this Policy.

ELECTRONIC RECORDING MEDIA PHYSICAL RECORDING MEDIA
Computers Paper-based records
Servers Physical data recording systems (printed forms and registers)
Network devices Company archive
Cloud computing systems General archives and employee lockers
Software applications Other written, printed, and visual materials
Email environment  

İlknak processes the personal data it obtains for the following purposes:

CATEGORY PURPOSES
Production, Sales and Marketing Activities
  • Execution of our company’s production, sales, and marketing activities and operations,
  • Execution of goods/service production and operational processes,
  • Execution of after-sales support services, customer relationship management, and satisfaction activities,
  • Conducting marketing analysis, advertising, campaign, and promotional processes,
  • Execution of sponsorship activities.
Human Resources and Employee Processes
  • Execution of job application, recruitment, and placement processes for candidates,
  • Fulfilment of obligations arising from employment contracts and legislation,
  • Execution of fringe benefits, entitlements, and remuneration policy processes,
  • Execution of performance evaluation, talent/career development, and training activities,
  • Execution of occupational health and safety activities,
  • Handling requests and complaints from data subjects.
Corporate Governance and Audit
  • Enforcement and supervision of company policies, risk management, and audit activities,
  • Ensuring compliance with applicable legislation in business operations,
  • Execution of investment processes and corporate communication activities,
  • Ensuring internal communication and collaboration within the company.
Finance, Accounting and Legal Affairs
  • Execution of finance, accounting, and financial reporting processes,
  • Execution of contract management and monitoring of legal affairs,
  • Monitoring of litigation, enforcement proceedings, and administrative/criminal investigations,
  • Fulfilment of legal obligations and provision of information to public institutions (Tax Office, SSI, İŞKUR, etc.).
Procurement and Purchasing
  • Execution of goods/service procurement processes,
  • Management of relationships with business partners and suppliers,
  • Organization and management of corporate events and activities.
Security and Access
  • Ensuring physical premises security and monitoring visitor records,
  • Ensuring security of facilities, company-owned premises, and transportation vehicles,
  • Execution of information security processes and management of access authorizations,
  • Ensuring data security within storage and archiving activities (servers, networks, software).

The techniques applied for the destruction of personal data are, where appropriate, erasure, destruction, and anonymisation.

In the event that one or more of the reasons requiring the destruction of personal data arise, the appropriate method for erasure, destruction, or anonymisation is determined, and the destruction process is initiated no later than the next periodic destruction date.

Unless otherwise decided by the Board, İlknak shall determine ex officio the appropriate method among erasure, destruction, or anonymisation of personal data. İlknak shall delete, destroy, or anonymize personal data by selecting the most appropriate method depending on the nature of the data, its technical capabilities and resources, and the environment in which the data are stored. Upon request of the data subject and if the request is deemed justified, the selected destruction method shall be communicated to the data subject together with the justification for its selection.

In case of ex officio destruction of personal data, unless otherwise decided by the Board, the data shall be destroyed in the first periodic destruction process following the date on which the obligation to destroy arises. The periodic destruction interval is specified in this Policy and shall in any case not exceed one year.

If the data subject exercises their right to request the erasure or destruction of personal data in accordance with Article 13 of the Law or the Communiqué on Procedures and Principles for Application to the Data Controller:

  • If all conditions for processing personal data no longer exist, the personal data shall be destroyed, and the applicant shall be informed in writing or electronically of the result of the request and the actions taken, within the shortest time and in any case within thirty days.
  • If all conditions for processing personal data have not ceased, the request may be rejected with justification, and the rejection shall be communicated to the applicant in writing or electronically within a maximum of thirty days.
  • If the personal data subject to the request has been transferred to third parties, such third parties shall also be informed, and all necessary actions regarding destruction shall be completed within thirty days. The same principles set out in this Policy shall also apply to the destruction of personal data held by third parties on behalf of İlknak.

Below are explanations regarding erasure, destruction, and anonymisation of personal data. For further technical details, reference may be made to the Guidelines on Erasure, Destruction or Anonymisation of Personal Data published by the Authority.

1.1. Erasure of Personal Data

Erasure of personal data refers to making personal data inaccessible and unusable for relevant users in any way. While deleting personal data, the environment in which the data is stored and the nature of the data must be taken into account.

If erasure is preferred, the Company is obliged to take all necessary technical and administrative measures to ensure that deleted data is inaccessible and unusable for relevant users.

Main erasure methods include:

  • Personal data in paper form may be deleted using the “redaction method,” whereby data is rendered invisible by cutting, covering with indelible ink, or otherwise making it unreadable in a way that cannot be reversed or reconstructed.
  • Personal data in cloud systems may be deleted via deletion commands, ensuring that users have no ability to restore deleted data.
  • Personal data in databases may be deleted by removing relevant rows using database commands (e.g., DELETE).
  • Personal data stored in other digital environments may be deleted using system commands in a way that prevents recovery, access, or reuse.

1.2. Destruction of Personal Data

The destruction of personal data is the process of rendering personal data inaccessible, irrecoverable, and unusable by anyone in any way. When destroying personal data, the environment in which the personal data is stored and the nature of the data must first be taken into consideration.

In cases where the method of destruction of personal data is applied, the Company is obliged to take all necessary technical and administrative measures to ensure that the deleted personal data becomes inaccessible and unusable for all relevant users.

The main methods of personal data destruction are as follows:

  • Personal data in paper and microfiche environments, being permanently and physically recorded on the medium, require destruction of the physical medium itself. During this process, the materials must be destroyed using paper shredding or destruction machines into small, unreadable fragments, using cross-cut or micro-cut shredding, in a manner that prevents reassembly.
  • Personal data stored in cloud computing systems must be encrypted using cryptographic methods during storage and use. Where possible, separate encryption keys should be used for each cloud service provider. Upon termination of the cloud service relationship, all copies of encryption keys required to render the personal data usable must be destroyed.

1.3. Anonymisation of Personal Data

Anonymisation of personal data refers to rendering personal data in such a way that it can no longer be associated with an identified or identifiable natural person, even when matched with other data, under any circumstances.

The purpose of anonymisation is to eliminate the link between personal data and the individual to whom such data relates. All methods applied to break this link within data records in data storage systems are referred to as anonymisation techniques. As a result of applying the anonymisation methods detailed in the Authority’s Guidelines on Erasure, Destruction or Anonymisation of Personal Data, the resulting data must not be capable of identifying a specific individual.

When determining retention periods, the Company takes into account personal data processing activities, the personal data processed within the scope of such activities, and the relevant data categories. Accordingly, retention periods are specified in this Policy on a processing basis.

Processes Retention Period Destruction Period
Execution of Production, Sales, and Marketing Activities 10 years following the termination of the activity At the first periodic destruction period following the expiry of the retention period
Preparation of Orders, Offers, and Contracts 10 years following the termination of the activity At the first periodic destruction period following the expiry of the retention period
Execution of Financial, Accounting, and Audit Processes 10 years following the termination of the activity At the first periodic destruction period following the expiry of the retention period
Execution of Human Resources and Occupational Health and Safety Processes 15 years following the termination of the activity At the first periodic destruction period following the expiry of the retention period
Execution of Internal Corporate Communication Processes 3 years following the termination of the activity At the first periodic destruction period following the expiry of the retention period
Job Interview and Candidate Registration Processes 2 years following the termination of the activity At the first periodic destruction period following the expiry of the retention period
Establishment and Management of Information Technology Infrastructure, and Ensuring System Security 10 years following the termination of the activity At the first periodic destruction period following the expiry of the retention period
In-vehicle Camera Recordings and Location Tracking Records of Company Vehicles 1 week following the termination of the activity At the first periodic destruction period following the expiry of the retention period
Company CCTV Recordings 20 days At the first periodic destruction period following the expiry of the retention period
Execution of Quality Management and Food Safety Processes 10 years following the termination of the activity At the first periodic destruction period following the expiry of the retention period
Execution of Hygiene Compliance Processes in Production Areas 3 years following the termination of the activity At the first periodic destruction period following the expiry of the retention period
Visitor Registration Processes 10 years following the termination of the activity At the first periodic destruction period following the expiry of the retention period

The periodic destruction period for personal data has been determined by the Company as six (6) months. Periodic destruction processes are carried out in accordance with this Policy in June and December of each year.

Anyone who becomes aware of a breach of this Policy is obliged to report the situation by sending an email to kvkk@ilknak.com with the subject line “Confidential”.

This Policy is shared via SMS with İlknak employees and contractor personnel and is also made publicly available on İlknak’s website.

This Policy is reviewed as needed and the necessary sections are updated accordingly.

To exercise your rights regarding your personal data, you can download the application form below:

PDF APPLICATION FORM FOR DATA SUBJECTS TO EXERCISE THEIR RIGHTS (PDF)

* After filling out the form, you can send it to kvkk@ilknak.com or deliver it to our company headquarters.


ILKNAK SU ÜRÜNLERİ A.Ş. customers, suppliers and business partners can send their notifications covering ethical issues by sending an e-mail to etik@ilknak.com .

 

Certificates