As ZORLU TESİS YÖNETİM A.Ş (“ZORLU”), we attach importance to the protection of personal data and show sensitivity to personal data security in all our activities.


This Disclosure text is intended to inform our visitors, within the scope of the Law on Protection of Personal Data numbered 6698 (“KVKK”), about the principles of processing the codes issued by the application “Hayat Eve Sığar (“HES”)” that you shared with ZORLU in order to prevent the spread of the COVID-19 virus epidemic and mitigate its effects.


Purposes and Legal Reasons of Processing Personal Data





-      HES Code (information on whether there is a risk of disease, which serves the purpose of reducing the risk of contamination during the period to be spent at public spaces)

-      PCR test result

-      vaccination card information

-      To ensure a healthy work environment in our company's business and facility buildings

-      To monitor whether our visitors are at risk of disease

-      to plan and execute activities related to occupational health and safety

-      to ensure the continuity and execution of business activities and ensure the security of data controller operations

-      It is explicitly stipulated in laws.

-      It is mandatory for the data controller to fulfill its legal obligation.


Collection of Personal Data

Your HES Code details are collected by officials as a permanent code from you, automatically or non-automatically, in writing, verbally or in electronic form, via mobile applications, or over internet.


Retention Period of Personal Data

Our company will retain personal data for as long as required by the above-mentioned processing purposes. In addition, in case of any disputes that may arise, our Company will be able to retain your personal data for the duration of the statute of limitations determined in accordance with the relevant legislation, for the purpose of making the necessary defenses in connection with such disputes.


Measures and Commitments regarding Data Security

Our company undertakes to take the necessary technical and administrative measures to ensure the appropriate level of security and to make the necessary inspections for the purpose of procuring that


  • personal data is not processed unlawfully;
  • personal data is not accessed unlawfully; and
  • personal data is retained appropriately.


Our company will not disclose any personal data obtained about you to others in violation of the Disclosure text on the Processing of Personal Data and the provisions of the Law on the Protection of Personal Data and the relevant legislation, and will not use such personal data for any purposes other than the purposes of processing thereof.


In case any links are available on our website to any other applications, our Company shall not bear any liability for privacy policies and contents of such applications.


Transfer of Personal Data

Your HES Code details may be transferred to the following parties within the framework of the conditions of transfer specified in Article 8 of the Law, in line with the purposes specified in the section titled "Purposes and Legal Reasons of Processing Personal Data" at Disclosure text:


  • occupational health and safety companies that provide support as part of planning and executing occupational health and safety processes; and
  • authorized bodies and entities to fulfill legal and regulatory obligations and requests.


Rights of Data Subjects and Use of These Rights

Pursuant to Article 11 of the Law, a Data Subject is entitled to:


  • know whether his/her personal data is processed;
  • request information if his/her personal data has been processed;
  • know the purpose of processing his/her personal data and whether such data have been used appropriately for their purpose;
  • know the third parties to whom his/her personal data have been transferred domestically or abroad;
  • request rectification in case his/her personal data have been processed incompletely or inaccurately, to request notification of such activities to any third parties to whom the personal data has been transferred;
  • request the deletion or destruction of personal data in the event that the reasons requiring processing thereof have disappeared, although it has been processed in accordance with the provisions of the KVK Law and other relevant laws, and to request notification of such activities to any third parties to whom the personal data has been transferred;
  • object to the occurrence of any results against himself / herself through analysis of the processed data exclusively through automated systems;
  • demand the compensation of damages and losses suffered due to the unlawful processing of personal data.


As a personal data subject, you may submit your requests within the scope of Article 11 of the Law in writing using the Data Subject Application Form available on our website( accordance with the “Communiqué on Procedures and Principles of Application Filed to Data Controllers”, or using the registered electronic mail (KEP) address, secure electronic signature, mobile signature, or the electronic mail address previously notified to our Company and registered in our Company system.