Privacy Policy

Nurus Group Companies (Numaş- Nurus-Nupa) Privacy & Security Policy and Disclosure Text in Accordance with the Law on Protection of Personal Data

This “Privacy & Security Policy and Disclosure Text in Accordance with the Law on Protection of Personal Data” on the website https://www.nurus.com (hereinafter referred to as the Nurus Website) by Nurus Group Companies, has been prepared to inform you, our valuable visitors, about the legal reasons and methods we collect your personal data, how we process your obtained data, and the methods we use to ensure your data security, in accordance with our Obligation to Inform as a Data Controller, aiming to protect your fundamental rights and freedoms.

The Law on Protection of Personal Data No. 6698 (KVKK) was published in the Official Gazette numbered 29677 on 07.04.2016 and entered into force. KVKK aims to protect the fundamental rights and freedoms of individuals whose personal data are processed, including the confidentiality of private life protected by the Constitution, and to determine the obligations of real and legal persons who process personal data as data controllers.

Nurus Group Companies reserve the right to update and change this Privacy & Security Policy and Disclosure Text in accordance with the KVKK and applicable legal regulations.

PERSONAL DATA

According to KVKK, personal data refers to any information relating to an identified or identifiable real person. These details include, but are not limited to, a person’s name, surname, date of birth, gender, identity number, email address, residential/delivery address, and phone number, which can identify the person, and are thus defined as personal data in our legal regulations.

PROCESSING OF PERSONAL DATA AND PURPOSE OF PROCESSING

Processing personal data refers to any operation performed on personal data, whether wholly or partly by automated means, such as collecting, recording, storing, preserving, altering, reorganizing, disclosing, transferring, taking over, making available, classifying, or preventing the use of data.

Nurus Group Companies process your personal data limited to the purposes specified in this Privacy & Security Policy and Disclosure Text, and in accordance with the obligations arising from the applicable legal regulations, including but not limited to the Law on the Regulation of Electronic Commerce No. 6563, the Law on Protection of Personal Data No. 6698, the Law on Consumer Protection No. 6502, and the Distance Contracts Regulation, for the period specified by the laws.

Our main purposes for processing personal data include:

a) Planning or executing customer satisfaction activities,

b) Planning or executing marketing processes and market research activities,

c) Planning or executing sales processes of products or services,

d) Planning or executing after-sales support services activities,

e) Following up on customer requests or complaints,

f) Following up on contract processes or legal claims,

g) Planning and executing necessary operational activities to ensure the proper conduct of company activities in accordance with company procedures or relevant legislation and ensuring their security,

h) Ensuring the accuracy and up-to-dateness of personal data,

i) Providing information to authorized institutions as required by legislation,

j) Planning and executing marketing activities such as promotions, special offers, discounts, and campaigns.

When you access the NURUS website, if you freely provide your phone number or email address by filling out the “We Are Here for You If You Want to Consult Us.” section on the homepage or the “Let Us Inform You – Join Our Email Group Where We Share the Most Valuable Information We Selected for You.” section at the bottom right of the website, it is assumed that you have given explicit consent for the processing of your phone number and email address (personal data). The processed personal data is used solely for the purposes of contacting you and informing you about advertisements and campaigns, in accordance with the laws and relevant legislation, and for the duration connected to these purposes.

When you fill out the membership information on the NURUS website through the online system, and if you freely check the “I Have Read and Accept the Membership Agreement, Privacy & Security Policy, and Disclosure Text in Accordance with the Law on Protection of Personal Data” box and complete the membership process, your personal data related to the formation and performance of the distance sales contract, consumer contract, and other relevant contracts will be processed, recorded, stored, and preserved by Nurus Group Companies.

GENERAL PRINCIPLES IN PROCESSING PERSONAL DATA

Nurus Group Companies acknowledge, declare, and undertake to comply with the following fundamental principles while processing personal data:

a. Compliance with the law and honesty rules,

b. Ensuring that personal data is accurate and up-to-date when necessary,

c. Processing for specific, explicit, and legitimate purposes,

d. Processing in a way that is relevant, limited, and proportionate to the intended purpose,

e. Storing personal data for the duration necessary for the intended purpose.

DATA SECURITY

Nurus Group Companies accept, declare, and undertake to establish necessary systems and control mechanisms for the deletion, destruction, or anonymization of obtained personal data, to prevent the unlawful processing of data, to prevent unlawful access to data, to ensure the preservation of data, and to take all necessary technical and administrative measures both within its organization and when personal data is processed by another real or legal person. If personal data processed by Nurus Group Companies is obtained unlawfully by others, Nurus Group Companies will notify the affected individuals and the Board and, if personal data is obtained by unlawful means, Nurus Group Companies will inform the affected individuals in writing or via registered email and notify the Personal Data Protection Board as soon as possible.

TRANSFER OF PERSONAL DATA

5.1. DOMESTIC DATA TRANSFER

Nurus Group Companies can transfer obtained personal data to third real or legal persons within the country only with the explicit consent of the relevant person.

Without explicit consent, personal data can only be transferred to third real or legal persons in the following cases in compliance with the law and related purposes:

a) If it is explicitly stipulated by law,

b) If it is necessary to protect the life or physical integrity of the person or someone else when the person is unable to express consent due to actual impossibility or if the consent is not legally valid,

c) If it is necessary to process personal data related to the formation or performance of a contract directly involving the parties to the contract,

d) If it is mandatory for the data controller to fulfill its legal obligation,

e) If the person concerned has made the data public themselves,

f) If it is necessary for the establishment, use, or protection of a right,

g) If it is necessary to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.

5.2. INTERNATIONAL DATA TRANSFER

Nurus Group Companies can transfer obtained personal data to third real or legal persons abroad only with the explicit consent of the relevant person.

For the transfer of personal data abroad, the conditions for domestic transfer mentioned above and the existence of adequate protection in the foreign country where the personal data is to be transferred are required.

If adequate protection is not available, Nurus Group Companies can transfer personal data abroad without seeking the explicit consent of the relevant person, provided that the data controllers in Turkey and the relevant foreign country undertake adequate protection in writing and obtain the permission of the Board.

The countries with adequate protection will be determined and announced by the Personal Data Protection Board. In cases where safe countries are announced by the Board, personal data can be transferred abroad without the need for permission from the Personal Data Protection Board or written assurance of protection by the data controllers in the foreign country.

RIGHTS OF THE RELEVANT PERSON

Real persons whose personal data are processed have the right to apply to Nurus Group Companies as data controllers, in order to implement the provisions of KVKK and other relevant legislation, and the rights you have as a relevant person are listed below:

a. To learn whether personal data is processed or not,

b. To request information if personal data has been processed,

c. To learn the purpose of processing personal data and whether they are used in accordance with the purpose,

d. To know the third parties to whom personal data is transferred within the country or abroad,

e. To request correction of personal data if it is incomplete or incorrectly processed,

f. To request deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,

g. To request notification of the transactions made pursuant to subparagraphs (e) and (f) to third parties to whom personal data has been transferred,

h. To object to a result that arises against the person exclusively through automated systems that process analyzed data,

i. To demand compensation for damages in case of unlawful processing of personal data.

APPLICATION TO THE DATA CONTROLLER

The relevant person, whose personal data is processed, accepts that they are obliged to apply to Nurus Group Companies as data controllers within the most appropriate timeframe connected to the use of their rights related to personal data processed or learned to be processed by Nurus Group Companies.

The relevant person accepts that they are obliged to submit their applications by registered mail/through a notary or via email with the subject “Request for Information on the Law on Protection of Personal Data” to Nurus Group Companies.

In order to exercise the rights mentioned under the heading of rights of the relevant person listed above, the necessary information that must be included in the application in accordance with Article 5/2 of the Communiqué on the Principles and Procedures for Application to the Data Controller, which was published in the Official Gazette No. 30356 on 10.03.2018, is presented below for your information:

a) Name, surname, and if the application is in writing, signature,

b) For Turkish citizens, T.C. identification number, for foreigners, nationality, passport number, or if any, identification number,

c) Residential or workplace address for notification,

d) If any, email address, phone, and fax number for notification,

e) Subject of request.

In the application, information and documents related to the request must be attached. Nurus Group Companies will respond to your requests as soon as possible, within thirty days at the latest, free of charge depending on the nature of the request. However, if the transaction necessitates an additional cost, the fee determined by the Personal Data Protection Board may be charged.

APPLICATION ADDRESS

Applications must be submitted in writing by the relevant persons to the addresses below:

  1. Registered email (KEP) address: numas@hs03.kep.tr
  2. Email address: kvkk@nurus.com

Applications must be made by the person concerned. Nurus Group Companies reserve the right to verify your identity before responding to your application.

Kamera Kullanma Talimati (DOCX)

Başvuruların Alınması ve Değerlendirilmesi Proseduru (DOCX)

Müşterilerin Talep ve Şikayet Aydınlatma Metni (DOCX)

Başvuru Formu (DOCX)

İnternet Erişimlerine İlişkin Aydınlatma Metni (DOCX)

CCTV Uzun Aydınlatma Metni (DOCX)

Çalışanların KVKK ve İşlenmesi Politikası (DOCX)

Kişisel Verilerin Saklanması ve İmha Politikası (DOCX)

Kişisel Verilerin Korunması ve İşlenmesi Politikası (DOCX)

OUR ETHICAL VALUES

1. OBJECTIVE

The purpose of this policy is to clearly outline the practices regarding anti-bribery and anti-corruption within Nurus Companies.

2. PURPOSE

This policy; Nurus Companies include their employees and all third parties acting on behalf of our company.

All Nurus Company employees, including the members of the Board of Directors,

Companies providing support services such as Consultancy, Advocacy or Consultancy and their employees,

Outsourced sub-suppliers, subcontractors and their employees,

Persons and organizations working directly or indirectly on behalf of the Company, such as representatives, distributors, dealers, agents are covered by this policy.

3. DEFINITIONS

Gift: Refers to a product that does not require any financial payment and is given publicly, in good faith and unconditionally as a thank you or commercial courtesy by people or customers with whom there is a business relationship.

Representation and Hospitality: Nurus’ social events, accommodation, dinner invitation, education, conference, symposium and seminars etc. It refers to the activities performed within the scope of its activities.

Bribery: It refers to providing material and moral benefits to a person directly or indirectly within the framework of verbal or written agreement from the other party in order to do, not do, accelerate, slow down a job related to the performance of his duty.

Corruption: It is the abuse of the authority held due to the position, directly or indirectly, for any kind of gain.

Bribery and corruption can be carried out in many different ways. These;

Gift and / or donation

Cash payments

Commission

Promotion

Other Benefits etc. countable.

4. DUTIES AND RESPONSIBILITIES

It is obligatory for all our employees and all third parties acting on behalf of our company to know the rules contained in this policy and to act in accordance with these rules and the applicable legislation on anti-bribery and corruption while conducting their business.

In order to protect the reputation of our institution, it is the responsibility of everyone stated above to report any situation regarding the fight against bribery and corruption.

Within the scope of anti-bribery and corruption policy, activities are carried out to fulfill the following issues and necessary measures are taken:

Nurus prohibits any kind of payment to be made to facilitate and speed up any work. Nurus Company employees do not tolerate the other party’s offering, promising, requesting, requesting, giving or accepting it in their relations with third parties.

Nurus establishes business relationships with parties that are deemed to protect its reputation and work in accordance with its anti-bribery and anti-corruption policy. People, suppliers, dealers and contractors who establish a relationship with Nurus and work on its behalf must agree to comply with the applicable legal regulations and our anti-bribery and corruption policy.

Employees may not be compelled to act in violation of this policy under any circumstances or by anyone.

Safe and accessible communication channels are provided where employees can report violations of this policy and suspicious situations.

4.1 ANTI-CORRUPTION RESPONSIBLE

The Human Resources Manager as the Anti-Bribery and Anti-Corruption Officer, the Human Resources Specialist as the deputy in his absence, is responsible for the following:

It provides information programs to employees and business partners about the anti-bribery and anti-corruption program.

It gives an opinion on anti-corruption.

It investigates any reported acts of corruption.

In case of suspected or actual acts of corruption, it has the authority to investigate the issue, request and examine all kinds of documents and carry them to the CEO when necessary.

5. POLICY


Nurus Companies have implemented the Anti-Bribery and Anti-Corruption Policy as an indicator of their sensitivity to business ethics. Employees and all business partners are expected to be sensitive to this issue, since the issue is a legally punitive act in addition to business ethics.

Nurus has adopted as a principle to comply with the laws and regulations within the scope of bribery and corruption, universal legal rules, ethical and professional principles in all countries where it operates and is represented.

Our policy as Nurus Group companies with the vision of being a pioneering company in the office furniture sector, which produces products that are internationally recognized, desired and “lifestyle”, and can always offer the most competitive and creative solutions in all markets; To design products that shape the future with an innovative approach based on development,

To follow economic, cultural and social changes closely, to listen to users, to understand their needs correctly, to offer products that are human-oriented, functional, and that can respond to changing emotions and habits,

To increase our knowledge and experience by following technological developments and to develop our stakeholders in this direction,

To work with great enthusiasm to share our knowledge, suggestions and solutions in order to maximize the satisfaction of our customers with the principle of continuous improvement by following the entire process from supply to production, from production to delivery,

To produce permanent solutions to make the world we live in a better place by caring for its employees as well as its customers with its human-oriented approach,

By making the necessary investments for sustainability with our knowledge and experience, to share this awareness with our suppliers and stakeholders as well as our employees, to prevent environmental pollution by minimizing our waste amount and environmental impacts with efficient and applicable waste management,

To protect, process and monitor the information shared with our stakeholders in terms of confidentiality, integrity and accessibility in accordance with the necessary legal regulations and contracts,

To evaluate hazards and take precautions in order to prevent occupational diseases and occupational accidents that may arise from our activities and to minimize the effects of risks,

To strengthen our position in the office furniture market of the countries with our design and products, as well as with our foreign units.

6. NOTIFICATION AND RESOLUTION OF VIOLATIONS

If there is any opinion or suspicion that an employee or a person acting on behalf of Nurus is acting against this policy, it should be conveyed to the communication channels regarding “Anti-Bribery and Anti-Corruption”. No employee can be subjected to pressure or maltreatment (disciplinary action, dismissal, mobbing, threats, etc.) due to a report made because they believe there is a violation. The identity of the persons who make a notification about Anti-Corruption is kept confidential and the issues conveyed are examined within the scope of confidentiality rules.

Our communication channels to report questions about our anti-bribery and anti-corruption policy and those who violate the rules set forth in this policy or suspicious situations that could damage our reputation and trust are as follows:

E-mail: ik@nurus.com.tr

Phone: 0 (312) 589 00 00

Address: Sincan Organize San. Böl.. Oguz Cad. No: 25 Sincan / Ankara / Turkey

7. POLICY VIOLATIONS

All employees and persons acting on behalf of Nurus are obliged to comply with this policy, relevant legal regulations and all applicable anti-bribery and anti-corruption laws while conducting their business.

Not knowing the rules in this policy cannot be accepted as an excuse for violation.

8. ENFORCEMENT AND REVIEW

This policy has been published with the approval of the Board of Directors, it is regularly reviewed, the necessary updates are made and announced by way of announcement.