GDPR & Data Protection Compliance Statement

At Arkas Packaging Industry and Trade LLC ("Arkas Packaging" or the "Company"), the stringent security of your corporate and personal data is our utmost priority. As a B2B manufacturing entity operating within global supply chains, we recognize our critical obligation to process, defend, and preserve data strictly aligned with European General Data Protection Regulation (GDPR) frameworks and the Turkish Personal Data Protection Law (KVKK No. 6698).

This Compliance Statement acts as our formal declaration of how corporate procurement data, communication metadata, and individual details are processed, secured, and localized within our server architecture.

1. Legal Identity of the Data Controller

Under the statutes of GDPR and KVKK, any data transmitted to us through B2B inquiries, procurement requests, technical specifications, or supplier contracts will be assessed and protected under the absolute authority of Arkas Packaging Industry and Trade LLC, acting as the "Data Controller."

2. Scope and Objective of Data Processing

Any corporate or personal data absorbed by our systems will be processed exclusively to lubricate and secure our commercial operations. This includes:

• Architecting, finalizing, and executing B2B sales contracts for corrugated cartons, honeycomb panels, and edge protectors.
• Executing robust supply chain logistics including customs clearance, freight forwarding, and final-mile delivery synchronization.
• Executing rigorous corporate compliance obligations (financial auditing, international tax law, border controls).
• Evaluating B2B supplier performance and maintaining long-term vendor matrixes.
• Enforcing rigid physical security protocols at our Gebze and Bursa manufacturing complexes (CCTV, visitor logs).

3. Authorized Data Transmission (Third Parties)

To execute massive intercontinental logistics, your data must selectively flow through authorized channels. We may securely transmit procurement data to trusted forwarders, customs brokers, ISO auditors, and legal consultants strictly under binding non-disclosure agreements (NDAs). Arkas Packaging structurally refuses to sell, lease, or weaponize your data for external marketing entities.

4. Collection Vectors and Legal Basis

Data entry points include: our corporate portal (www.arkasambalaj.com), encrypted B2B email channels, physical procurement contracts, EXPO registrations, and factory audit visitations.

We process your data strictly under the legal precedents of:

• The absolute necessity to draft and execute a commercial B2B contract (Article 6(1)(b) GDPR).
• Compliance with binding international and domestic legal obligations (Article 6(1)(c) GDPR).
• The legitimate operational interests of Arkas Packaging, balanced cautiously against fundamental executive rights (Article 6(1)(f) GDPR).

5. Your Fundamental Data Rights

As an international entity or individual, you retain absolute authority over your data matrix. You possess the right to:

• Request transparent confirmation of whether your data is actively being processed by our servers.
• Demand absolute erasure ("Right to be Forgotten") of your records once commercial contracts gracefully terminate.
• Request immediate rectification of any asymmetric or rapidly changing data points (e.g., changes in corporate billing addresses).
• Object to targeted automated profiling.
• Demand a standard electronic export of your data for seamless transitioning between vendors.

6. Formal Communication Desk

To actively assert any of the rights listed above, you are required to submit a verified corporate communique to our Data Protection Officer. Written requests shall be directed to: Çalı Mh. 31. Sk. No:14/1, Nilüfer / BURSA, TURKEY. Alternatively, rapid electronic inquiries from a verified corporate domain can be executed via info@arkasambalaj.com. Our legal desk will process compliance requests within 72 hours.