Personal Data Policy

As MechSoft;

In order to protect fundamental rights and freedoms of individuals—primarily the right to privacy—MechSoft collects and processes personal data in compliance with the laws of Türkiye and the Member States of the European Union.

All personal data processing activities fall within the scope of this policy. This includes the processing of personal and special category personal data of employees, job applicants, customers, and suppliers, as well as any data collected and processed from any source.

MechSoft takes the necessary technical and administrative measures to prevent the unlawful processing of personal data and to ensure their protection, provides an appropriate level of security, and conducts or commissions the required audits within this scope.

Personal data is processed in accordance with the principles of lawfulness and fairness; accuracy and, where necessary, being kept up to date; for specific, explicit, and legitimate purposes; and in a manner that is relevant, limited, and proportionate to those purposes.

Personal data is retained for the period stipulated by law or for as long as required by the purpose of processing.

MechSoft informs personal data subjects and provides the necessary information upon their request.

With respect to the processing of special category personal data, MECHSOFT acts in compliance with applicable regulations and does not carry out any processing activities without explicit consent, except in cases expressly permitted by law.

Personal data transfers are carried out in accordance with the regulations stipulated by applicable legislation.

MechSoft raises awareness among its internal and external stakeholders regarding the protection of personal data and communicates the relevant obligations to them..

In order to increase awareness of personal data protection, MechSoft organizes training programs aimed at improving technical and behavioral competencies.

MechSoft manages personal data breaches, evaluates them in accordance with disciplinary procedures, and promptly informs the relevant authorities of the Board in cases of offenses and violations requiring sanctions.

Through a process-based asset inventory and process-based risk assessment, MECHSOFT continuously monitors the confidentiality, integrity, accuracy, and authorized access to personal data.

MechSoft commits to the implementation of practices related to the Personal Data Protection Management System, the systematic management of the system, its continuous improvement, and the allocation of the necessary resources required by the system.

These principles are adopted as the core policies of our personal data management system..