PRIVACY NOTICE ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

1 - Introduction

As CRN ENERJI TAAH. MUH. INS. TUR. SAN. VE TIC. A.S. and our affiliates (collectively referred to as the "Group of Companies", "Group" or "Company"), the privacy and security of the personal data of our clients, business partners, suppliers, job candidates, and visitors are among our highest priorities. Our Group processes your personal data in strict compliance with the Personal Data Protection Law No. 6698 ("PDPL") and its secondary legislation.

We would like to inform you about the processing of your personal data collected through our corporate offices, manufacturing plants, construction sites, websites, mobile applications, or ongoing commercial relations within the scope of the sectors in which our Group operates: Construction, Human Resources, Energy, Prefabricated & Modular Structures, Containers, Light Gauge Steel (LGS) Structures, and Creative/Digital Agency Services.

2 - Which Personal Data Do We Process?

Depending on the nature of your relationship with our Group (e.g., Client, Supplier, Business Partner, Visitor, or Job Seeker), the following categories of personal data may be processed:

  • Identity and Contact Information: Name, surname, Turkish ID Number (or passport number for foreign nationals), telephone number, email address, corporate signature, job title/position; (where strictly required by HR or sector-specific regulations) date of birth, gender, and physical attributes (height/weight).
  • Client and Supplier Transaction Data: Inquiries, orders, contract details, invoice records, technical project specifications (for prefabricated, container, or steel structures), purchase history, requests, complaints, quotation forms, and project briefs/feedback related to agency services.
  • Logistics and Site Delivery Data: Assembly and delivery addresses for prefabricated buildings, containers, or light gauge steel structures; construction site coordinates, on-site contact persons, and delivery dispatch details.
  • Financial and Payment Data: Information regarding payments and payment methods, bank account/IBAN details, letters of guarantee, progress payment reports (hakediş), and current account records.
  • Operational and Physical Venue Security Data: Closed-circuit television (CCTV) video/audio recordings during your visits to our factories, construction sites, energy plants, and corporate headquarters; site entry-exit logs; IP addresses, device identifiers, log data, and cookie information collected via your digital interactions with our websites.
  • Legal Transaction Data: Correspondence with judicial, regulatory, and administrative authorities; data contained in litigation, execution, or mediation files; and compliance audit records.
  • Audio Recording Data: Voice recordings captured during your interactions with our corporate switchboard or customer service hotlines.
  • Human Resources Consulting and Candidate Data: Curricula vitae (CVs), educational background, professional experience, interview notes, reference checks, and professional competency test results processed through our HR consultancy division.

3 - Legal Grounds, Purposes, and Methods of Processing Personal Data

Your personal data is collected by our Company via automated or non-automated means (provided that it forms part of a data filing system) through contract negotiations, quotation forms, physical site/office visits, factory order tools, digital agency channels, email, telephone, and official notifications from legal authorities.

The purposes and legal grounds for processing based on our operational sectors are detailed below:

3.1 Project, Sales, Manufacturing, and Assembly Processes (Construction, LGS, Prefabricated, Container, Energy)
  • Processed Data: Identity, contact, client transaction, delivery/site location, and financial data.
  • Purposes: Executing the design, engineering, manufacturing, shipping, and installation of prefabricated, container, and light gauge steel structures; fulfilling construction and turn-key contracting commitments; managing energy generation and distribution operations; providing after-sales support and maintenance.
  • Legal Grounds: Necessary for the performance of a contract to which the data subject is party, and fulfillment of the Company’s legal obligations.
3.2 Human Resources Consultancy and Recruitment Services
  • Processed Data: Identity, contact, professional experience, educational background, CV data, and interview records.
  • Purposes: Evaluating job applications for open positions; fulfilling the talent acquisition and payroll needs of our Group companies or third-party corporate clients; managing recruitment cycles.
  • Legal Grounds: Necessary for the establishment or performance of a contract, establishment or protection of a right, or your explicit consent (specifically for talent pool retention or special categories of data).
3.3 Agency, Media, and Digital Marketing Services
  • Processed Data: Identity, contact, client transaction data, visual/audio records, and social media/web analytics data.
  • Purposes: Managing brand strategies, creative design, advertising campaigns, media production, digital marketing, and corporate communication events.
  • Legal Grounds: Performance of a contract, and the legitimate interests of our Company.
3.4 Physical Venue Security, Risk Management, and Auditing
  • Processed Data: CCTV recordings, facility/site logs, identity, and contact data.
  • Purposes: Ensuring compliance with Occupational Health and Safety (OHS) legislation; securing factories, construction sites, energy power plants, and headquarters; preventing fraudulent activities; performing financial and operational risk assessments.
  • Legal Grounds: Necessary for the legitimate interests of the data controller, and explicitly stipulated in the laws.
3.5 Management of Legal Proceedings
  • Processed Data: All relevant data categories (to the extent applicable to the dispute).
  • Purposes: Conducting litigation and execution processes; providing mandatory disclosures to regulatory bodies (e.g., EPDK, Ministry of Environment and Urbanization, İŞKUR); protecting contractual rights before judicial bodies.
  • Legal Grounds: Necessary for the establishment, exercise, or protection of a right, and fulfillment of the Company’s legal obligations.
3.6 Marketing and Commercial Communications (Subject to Explicit Consent)
  • Processed Data: Identity, contact, and sector-specific preference data.
  • Purposes: Sending newsletters, project updates, ready-made structure portfolios, energy solution brochures, trade fair invitations, and authorized commercial electronic messages.
  • Legal Ground: Explicit Consent of the data subject.

4 - To Whom and For What Purposes Do We Transfer Your Personal Data?

In line with the principles of "need-to-know" and "need-to-use", our Company implements data minimization and enforces technical and administrative security measures before transferring data to domestic or international third parties.

4.1 Intra-Group Transfers
  • Recipients: Affiliates, subsidiaries, and joint ventures under our Group of Companies.
  • Purpose & Legal Ground: Streamlining joint ERP, HR, and financial software platforms; executing corporate reporting, internal auditing, and integrated business operations (Legitimate interest and Performance of a contract).
4.2 Project Partners, Subcontractors, and Suppliers
  • Recipients: Subcontractors, assembly crews, architectural/engineering firms, logistics/freight companies, and customs brokers.
  • Purpose & Legal Ground: Delivering raw materials, executing civil/structural work on-site, providing infrastructure services, and ensuring the timely delivery of construction and manufacturing projects (Performance of a contract).
4.3 Corporate Clients (For HR Consultancy Services)
  • Recipients: Third-party corporate clients and employers utilizing our HR firm's recruitment, placement, or executive search services.
  • Purpose & Legal Ground: Submitting candidate profiles for employer evaluation and vacancy matching (Performance of a contract / Establishment of a contract and Explicit Consent).
4.4 Authorized Public Authorities
  • Recipients: Government Ministries (e.g., Ministry of Labor, Ministry of Environment, Urbanization and Climate Change), EMRA (EPDK), ISKUR, SGK, courts, and enforcement offices.
  • Purpose & Legal Ground: Fulfilling statutory notification mandates and complying with legally binding information requests (Explicitly stipulated in laws and Legal obligation).
4.5 International Data Transfers
  • For international construction tenders, export processes of prefabricated/LGS units, global energy investments, or international agency representations; personal data may be transferred to overseas clients, project stakeholders, or cloud-based infrastructure providers in accordance with Article 9 of the PDPL (via Standard Contractual Clauses or binding undertakings).

5 - How Does Our Company Protect Your Personal Data?

Our Company implements rigorous administrative and technical measures across our industrial facilities, construction sites, and digital networks:

  • Network security is maintained via advanced firewalls, intrusion prevention systems, and enterprise anti-virus solutions.
  • Hard copies containing personal data at construction sites and factories are kept in secure, restricted-access cabinets.
  • Data processing policies, OHS procedures, and role-based access authorization matrices are periodically reviewed and updated.

6 - Your Rights Under the PDPL

Pursuant to Article 11 of the PDPL, you may apply to our Company to: learn whether your data is being processed; request information if processed; learn the purpose of processing; know the third parties to whom data is transferred domestically or internationally; request rectification of incomplete/inaccurate data; request erasure or destruction; and claim compensation for damages sustained due to unlawful processing.

7 - Contact Information for Your Requests

You may submit your requests regarding your personal data by preparing a petition in compliance with the Communiqué on the Principles and Procedures for Requesting to the Data Controller via the following channels:

Application Method Submission Address
In Person (With Identity Verification) Mansuroglu Mah. 283/1 Sokak No:2 Daire:301 Bayrakli / IZMIR
Via Notary Public Mansuroglu Mah. 283/1 Sokak No:2 Daire:301 Bayrakli / IZMIR
Registered Electronic Mail (KEP) crn_gruop@hs02.kep.tr
Registered E-mail Address info@crngrp.com

Note: Please explicitly state "Request Under the Personal Data Protection Law (PDPL)" on the envelope or in the subject line of your email. Your requests will be concluded free of charge within 30 (thirty) days at the latest.

8 - About This Privacy Notice

Our Group reserves the right to modify this Privacy Notice at any time to reflect updates in corporate structures or regulatory developments governing the construction, energy, modular structures, LGS, agency, and HR sectors.

Last Updated: June 2, 2026

WhatsApp ile iletişime geç