Arsan Kauçuk Plastik Makine Sanayi ve Ticaret Şirketi’ne ait tüm Kişisel Verilerin Korunması Kanunu dökümanlarına erişebilirsiniz.
Personal data owners defined as the person concerned in the Personal Data Protection Law No.6698 (“KVK Law”) (hereinafter referred to as the “Applicant”) are granted the right to make requests regarding the processing of their personal data in Article 11 of the KVK Law.
Pursuant to the first paragraph of Article 13 of the KVk Law; The applications to be made to our company regarding these rights must be submitted to us in writing or by other methods determined by the Personal Data Protection Board ("Board").
In this context, the applications to be made to our Company in "written" form, by printing this form;
Application of the owner personally and personally application
by means Notary
ApplicationOWNER 50270 No. electronic signature defined in the law "secure electronic signature" and signed the company registered e-mail address by sending
Using the application form completed and signed or previously reported to the responsible data by the person concerned and data responsible for the address e-mail stored in the system sending it to the e-mail address of email@example.com by e-mail
Below, information is given on how to deliver written applications, specific to written application channels.
If the following ways are not followed, if identification cannot be made or if malicious third parties are suspected of identity fraud, false applications will not be answered. In the event that no response is given due to incorrect and incomplete applications, the responsibility belongs to the applicant, and it will be accepted that information is not shared with unidentified or malicious third parties within the scope of our obligation to protect personal data arising from the law as Arsan Kauçuk A.Ş.
|Application Method||Address to apply||Information to be Specified in Application Submission|
|Personal Application [Application by the applicant to come in person and apply with a document certifying his / her identity]||Şerifali Mahallesi Söyleşi Sok. Maysa Plaza No 15/2 Kat 1 34775 Umraniye / Istanbul||The application form will be filled and delivered by writing "Information request under the Law on Protection of Personal Data" on the envelope.|
|Application by means of a notary||Şerifali Mahallesi Söyleşi Sok. Maysa Plaza No 15/2 Kat 1 34775 Umraniye / Istanbul||" Information request within the scope of personal data protection law" will be written in the notification envelope .|
|Application with Secure Electronic Signature [will be signed with a secure electronic signature and sent to the registered electronic mail (KEP) firstname.lastname@example.org||"Personal Data Protection Law Information Request" will be written in the subject part of the e-mail.|
|Application by mobile signature or e-mail [ will be made by using the e-mail address previously notified by the person concerned to the data controller and registered in the data controller's system]||email@example.com||"Personal data protection law information request" will be written in the subject part of the e- mail .|
In addition, after the announcement of other methods to be determined by the Board, our Company will announce how the applications will be received through these methods.
Your applications submitted to us will be answered within thirty days from the date your request is received by us in accordance with paragraph 2 of Article 13 of the KVK Law. Our responses will be sent to you in writing or electronically in accordance with the provision of Article 13 of the relevant KVK law .
a) Data Supervisor and Representative
In accordance with the Law No. 6698 on the Protection of Personal Data ("Law No. 6698"), your personal data; As the data controller, Arsan Kauçuk Plastik Makine Sanayii ve Ticaret Anonim Şirketi ("Company" or "Arsan Kauçuk") can be processed, stored, deleted and destroyed within the scope described below.
b) Purpose of Personal Data Processing:
Your collected personal data is the subject of your disclosure of your personal data to us; Ensuring the legal, technical and commercial-business security of the Company and the related persons who have a business relationship with the Company; Planning and execution of the activities required for the recommendation and promotion of the products and services offered by the company to the relevant people by customizing them according to the tastes, usage habits and needs of the relevant people; Carrying out the necessary work by our business units to make use of the products and services offered by the company and carrying out the relevant business processes; Planning and execution of the commercial and / or business strategies of the Company; Carrying out the necessary work by our relevant business units for the realization of the commercial activities carried out by the company and carrying out the related business processes; For the purposes of planning and executing the company's human resources policies and processes, personal data will be processed within the scope of the processing conditions and purposes specified in Articles 5 and 6 of the Law No. 6698. Detailed information on the purposes of processing your personal data by our Company; You can access Arsan Kauçuk Plastik Makine Sanayii ve Ticaret Anonim Şirketi, which is disclosed to the public on the website www.arsankaucuk.com.tr, from the Personal Data Protection and Processing Policy.
c) What are the Processed Personal Data? to whom and for what purpose it can be transferred?
Your collected personal data; Planning and execution of the activities required for the recommendation and promotion of the products and services offered by the company according to the tastes, usage habits and needs of the relevant people; Carrying out the necessary work by our relevant business units for the realization of the commercial activities carried out by the company and carrying out the related business processes; Carrying out the necessary work by our business units to make use of the products and services offered by the company and carrying out the relevant business processes; Planning and execution of the commercial and / or business strategies of the Company; For the purpose of ensuring the legal, technical and commercial-business security of the company and the related persons who have a business relationship with the company ; To our dealers, business partners, suppliers, shareholders, affiliates, legally authorized public institutions and private persons, within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of Law No.6698, it was shared with the public at www.arsankaucuk.com.tr Arsan Kauçuk Plastik Makine Sanayii ve Ticaret Anonim Şirketi, can be transferred for the purposes specified in the Personal Data Protection and Processing and Destruction Policy. Processed Personal data is not limited to these and changes according to the current law provisions and the requirements of the relationship between the Company and those whose Personal data is processed, identity, communication, location , personnel, legal transaction, customer transaction, Health, Physical Space security, transaction security, risk management, marketing, professional It accepts and undertakes to process, store, destroy and delete records of experience, audio and visual records, and all other types of personal data within the framework of the rules determined by law. Persons cannot object to the storage and processing of Personal data required by law and for the functionality of contracts.
d) Method and Legal Reason for Collecting Personal Data:
Your personal data are collected by our Company through different channels and based on different legal reasons; It meets in order to improve the products and services we offer and to carry out our commercial activities. In this process, your personal data; It is collected through information and request forms on our websites and mobile applications or in a physical environment. Your personal data collected for this legal reason can also be processed and transferred for the purposes specified in articles (b) and (c) of this Information Text within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698 .
e) Rights of Personal Data Owner as enumerated in Article 11 of Law No. 6698 :
As personal data owners, your requests regarding your rights have been shared with the public at www.arsankaucuk.com.tr, Arsan Kauçuk Plastik Makine Sanayii ve Ticaret Anonim Şirketi, Protection and Processing of Personal Data If you submit it to Arsan Kauçuk using the methods specified in its policy, Arsan Kauçuk will finalize the request as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, Arsan Kauçuk will charge the tariff determined by the Personal Data Protection Board. In this context, personal data owners;
- Learning whether personal data is processed,
- If personal data has been processed, to request information regarding this,
- Learning the purpose of processing personal data and whether they are used appropriately for their purpose,
- To know the third parties to whom personal data are transferred domestically or abroad,
- To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data have been transferred,
- Although it has been processed in accordance with the provisions of Law No. 6698 and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear and to request the third parties to whom the personal data has been transferred,
- Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
- In case of damage due to unlawful processing of personal data, it has the right to demand the compensation of the damage.
- To request the destruction of personal data in case the relationship with the company is terminated and the legal retention periods expire
f) Final provisions
It is accepted that the persons are fully and clearly enlightened in the event that this text, which includes all the provisions and articles specified within the scope of the clarification text, is given to the persons, verbally notified, transmitted via message and e-mail, asked during sales and marketing and informed by other means. and it is accepted that the infroming obligation sought by the law has been fulfilled. If the Explicit Consent form is signed, it is accepted that the notification has been made about the Clarification text. The parties cannot claim that they are not Disclosed under any circumstances and under any circumstances they sign, accept or declare that they accept the Explicit Consent form.
I. DATA PRIVACY COMMITMENT, DESTRUCTION AND PROTECTION POLICY
1.1. This Policy on the Protection of Personal Data ("Policy"), Arsan Kauçuk Plastik Makine Sanayii ve Ticaret A.Ş ("Company" or "Arsan"), while fulfilling its obligations to protect Personal Data in accordance with the provisions of the relevant legislation, especially the Personal Data Protection Law No. 6698 and determines the principles to be followed within the Company and / or by the Company when processing Personal Data.
1.2. The Company undertakes to comply with this Policy and the procedures to be applied in connection with the Policy in terms of Personal Data within its own structure.
The main purpose of this Policy is to determine the principles regarding the methods and processes for the processing and protection of Personal Data by the Company. Likewise, it has been accepted and published in order to determine how the destruction and deletion processes will function in cases where there is no need to keep personal data and if it is destroyed for other reasons arising from the law.
III. SCOPE OF THE POLICY
3.1. This Policy covers all activities such as processing, storage, deletion, storage, transportation, transfer and destruction of Personal Data that the Company is processing and is applied to such activities.
3.2. This Policy does not apply to data that is not Personal Data.
3.3. This Policy may be changed from time to time with the approval of the Board of Directors if required by the KVK Regulations or if deemed necessary by the Company's Data Responsible Representative and / or the Committee. In case of incompatibility between the KVK Regulations and this Policy, the KVK Regulations are taken as basis.
The definitions in this Policy contain the following meanings;
"Explicit Consent" refers to the consent based on information on a specific subject and expressed with free will.
"Anonymization" refers to making Personal Data that cannot be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
“Disclosure Obligation” refers to the obligation of the Data Supervisor or the person authorized to inform the Data Subject within the scope of Article 10 of the KVKK during the acquisition of Personal Data.
"Personal Data" refers to all kinds of information related to an identified or identifiable natural person (within the scope of this Policy, the term "Personal Data" will include "Special Qualified Personal Data" as defined below as appropriate).
"Processing of Personal Data" Obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making the Personal Data fully or partially automatic or non-automatic, provided that it is part of any data recording system refers to any action performed on the data, such as classifying or preventing its use.
["Committee" refers to the committee responsible for the fulfillment of this Policy and the KVKK Procedures to be applied depending on the Policy.]
"Board" refers to the Personal Data Protection Board.
"Institution" refers to the Personal Data Protection Authority.
"KVKK" refers to the Personal Data Protection Law No. 6698.
"KVK Regulations" Law No. 6698 on the Protection of Personal Data and other relevant legislation on the protection of Personal Data, binding decisions, resolutions, provisions, instructions issued by regulatory and supervisory authorities, courts and other official authorities and applicable international agreements on data protection and other Refers to all kinds of legislation.
“KVK Procedures” refers to the procedures that determine the obligations that the Company, employees, [Committee and / or Data Responsible Representative] must comply with under this Policy.
"Special Qualified Personal Data" With data about the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures express biometric and genetic data.
“Deletion or Deletion” means making Personal Data inaccessible and unavailable in any way for related users.
"Data Processor" refers to the real or legal person who processes Personal Data on behalf of the Data Controller, with the authorization of the Data Controller.
“Data Subject” refers to all natural persons whose Personal Data is processed by or on behalf of the Company.
"Data Supervisor" refers to the natural or legal person who determines the purposes and means of Processing Personal Data and who is responsible for the establishment and management of the data recording system.
"Contact Person for Data Controller" refers to the real person who is notified by the Data Controller during registration to the registry for communication to be established with the Authority.
["Data Responsible Representative" refers to the Company employee who is elected from the Committee, manages the Company's relations with the Corporation and is appointed by the decision of the Board of Directors.
"Destruction" refers to the process of making Personal Data inaccessible, retrieved and reusable in any way.
V. PRINCIPLES OF PERSONAL DATA PROCESSING
5.1. Processing of Personal Data in Accordance with Law and Good Faith Rules
The Company processes Personal Data in accordance with the law and honesty rules and on the basis of proportionality.
5.2. Taking Necessary Precautions To Keep Personal Data Accurate And Updated When Necessary
The Company takes all necessary measures to ensure that the Personal Data is complete, accurate and up-to-date, and updates the Personal Data in case the Data Subject requests a change in the Personal Data within the scope of the KVKK Regulations.
5.3. Processing of Personal Data for Specific, Clear and Legitimate Purposes
Before the Processing of Personal Data, the Company determines the purpose for which Personal Data will be processed. In this context, the Data Subject is enlightened within the scope of the KVK Regulations and their Explicit Consent is obtained when necessary.
5.4. Being Connected, Limited and Measured for the Purpose of Processing Personal Data
The Company processes Personal Data only in exceptional cases within the scope of the KVK Regulations (Article 5.2 and Article 6.3 of the KVKK) or in accordance with the purpose within the scope of the Data Subject (Article 5.1 and Article 6.2 of the KVKK) and in accordance with the principle of proportionality. The Data Controller processes the Personal Data in a way that is suitable for the achievement of the specified purposes and refrains from processing Personal Data that are not related or needed to achieve the purpose.
5.5. It is ensured that Personal Data are Preserved for the Period Stipulated in the Relevant Legislation or for the Time Required for the Purpose for which they are Processed. If the required period expires and there is no legal obligation, the unnecessary data in question is destroyed during the first periodic destruction inspection.
5.5.1. The Company maintains Personal Data as necessary for the purpose. If the company wishes to retain Personal Data for a period longer than the duration stipulated in the KVK Regulations or required by the purpose of Personal Data Processing, the Company complies with the obligations specified in the KVK Regulations.
5.5.2. After the expiry of the period required by the purpose of Personal Data Processing, Personal Data is Deleted or Made Anonymous. In this case, it is ensured that third parties to whom the Company transfers Personal Data are also provided with Deletion, Destruction or Anonymization of Personal Data.
5.5.3. The [Data Responsible Representative and / or Committee] is responsible for the operation of the Deletion, Destruction and Anonymization processes. In this context, the necessary procedure is created by the [Data Responsible Representative and / or Committee].
VI. PROCESSING OF PERSONAL DATA
Personal Data can only be processed by the Company within the scope of the procedures and principles stated below.
6.1. Open Consent
6.1.1. Personal Data are processed after the notification to be made within the framework of fulfillment of the Obligation of Disclosure to Data Subjects and if the Data Subjects give Explicit Consent.
6.1.2. Data Subjects are informed of their rights prior to obtaining Explicit Consent within the framework of the Disclosure Obligation.
6.1.2. Data Subjects are informed of their rights prior to obtaining Explicit Consent within the framework of the Disclosure Obligation.
6.1.4. [Data Responsible Representative and / or the Committee] is obliged to fulfill the Disclosure Obligation in terms of all Personal Data Processing processes and to ensure that Explicit Consent is obtained when necessary and that the Explicit Consent received is maintained. All department employees that process Personal Data are obliged to comply with the instructions of the [Data Responsible Representative and / or Committee], this Policy and the KVK Procedures annexed to this Policy.
6.2. Processing of Personal Data without Explicit Consent
6.2.1. In cases where the Processing of Personal Data without Explicit Consent within the scope of KVK Regulations (Article 5.2 of the KVKK), the Company may process Personal Data without obtaining the Explicit Consent of the Data Subject. In the event that Personal Data is processed in this way, the Company processes Personal Data within the limits set by the KVK Regulations. In this context:
188.8.131.52. Personal Data can be processed by the Company without Explicit Consent, if explicitly stipulated in the laws.
184.108.40.206. Personal Data may be processed by the Company without Explicit Consent if it is mandatory for the protection of the life or body integrity of the Data Subject himself or someone other than the Data Subject, who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid.
220.127.116.11. Provided that it is directly related to the establishment or execution of a contract, Personal Data may be processed by the Company without the Explicit Consent of the Data Subjects, if it is necessary to process Personal Data belonging to the parties to the contract.
18.104.22.168. If Processing of Personal Data is mandatory for the Company to fulfill its legal obligation, Personal Data may be processed by the Company without the Explicit Consent of the Data Subjects.
22.214.171.124. Personal Data made public by the Data Subject can be processed by the Company without express consent.
126.96.36.199. If the Processing of Personal Data is mandatory for the establishment, use or protection of a right, Personal Data may be processed by the Company without express consent.
188.8.131.52. Provided that it does not harm the fundamental rights and freedoms of the Data Subject, Personal Data may be processed by the Company without Explicit Consent if data processing is necessary for the legitimate interests of the Company.
VII. PROCESSING SPECIAL QUALITY PERSONAL DATA
7.1. Special Quality Personal Data can only be processed if the Data Subject has the Explicit Consent or if it is explicitly required by the law for Special Qualified Personal Data other than sexual life and personal health data.
7.2. Personal Data on health and sexual life can only be used by persons ( e.g. Company physicians) or authorized institutions and organizations under the obligation of secrecy for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. can be processed by organizations without explicit consent.
7.3. When processing Special Personal Data, the measures determined by the Board are taken.
7.4. For employees involved in the processing of Special Personal Data,
7.4.1. He will regularly train on KVK Regulations and the security of Special Personal Data.
7.4.2. Confidentiality agreements will be made.
7.4.3. It will clearly define the authorization scope and duration of users who are authorized to access Special Quality Personal Data.
7.4.4. It will periodically carry out authorization checks.
7.4.5. Employees who have a job change or leave their job will immediately remove their authority in this area and immediately take back the inventory allocated to the relevant employee.
7.5. Regarding the electronic media where Special Quality Data is processed, stored and / or accessed, in case of transfer to Special Quality electronic media, the Company:
7.5.1. It will preserve Special Qualified Personal Data using Encryption methods.
7.5.2. It will keep cryptographic keys in a secure and different environment.
7.5.3. It will keep secure log records of all transactions performed on Special Qualified Personal Data .
7.5.4. It will continuously monitor the security updates of the environments where Special Quality Personal Data is located, will regularly perform / have the necessary security tests, and record the test results.
7.5.5. If Special Qualified Personal Data is accessed through a software, it will make user authorizations of this software, will regularly perform / have the security tests of these software, and record the test results.
7.5.6. In case of remote access to Private Personal Data, it will provide at least a two-step authentication system.
7.6. In the event that Special Quality Personal Data is processed in a physical environment, regarding the physical environments in which the Data is processed, stored and / or accessed, the Company: According to the nature of the environment where the Special Quality Personal Data is located, adequate security measures (electricity leakage, fire, flood, theft, etc. ) will make sure it is received. By ensuring the physical security of these environments, it will prevent unauthorized entry and exit.
7.7. In the event of the transfer of Private Personal Data, the Data Controller will use an encrypted corporate e-mail address or a Registered Electronic Mail (“KEP”) account if Special Qualified Personal Data need to be transferred via e-mail.
7.7.2. If it is necessary to transfer Private Personal Data via removable memory, CD, DVD, etc., it will encrypt it with cryptographic methods and keep the cryptographic key in a different environment.
7.7.3. If Special Quality Personal Data needs to be transferred between servers in different physical environments, it will transfer between servers by establishing VPN or SFTP method.
7.7.4. If it is necessary to transfer Special Quality Personal Data via paper environment, it will take necessary precautions against the risks such as theft, loss or being seen by unauthorized persons and send the document in the "confidentiality grade documents" format.
7.8. In addition to the above regulations, the Company will comply with the KVK Regulations, especially the Personal Data Security Guide published by the Board regarding the security of Personal Data, including Special Quality Data.
7.9. In any case that requires the processing of Special Quality Personal Data, the relevant employee is informed by the [Data Responsible Representative and / or Committee].
7.10. If it is not clear whether a data is Special Quality Personal Data or not, the opinion of the relevant department [from the Data Responsible Representative and / or Committee] is taken.
VIII. STORAGE PERIOD OF PERSONAL DATA
Personal Data are kept within the Company for the duration of the relevant legal retention periods and are kept for the period required to fulfill the activities related to this data and the purposes specified in this Policy. Personal Data whose purpose of use has expired and the legal storage period has expired, are deleted, destroyed or anonymized by the Company in accordance with Article 7 of the KVK law.
IX. DELETING, DESTRUCTING AND ANONYMIZING PERSONAL DATA
9.1. When the legitimate purpose of the Processing of Personal Data disappears, the relevant Personal Data is Deleted, Destroyed or Anonymized. Situations where Personal Data needs to be Deletion, Destroyed or Anonymized are followed by [Data Responsible Representative and / or Committee].
9.2. The [Data Responsible Representative and / or Committee] is responsible for the operation of the Deletion, Destruction and Anonymization processes. In this context, the necessary procedure is created by the [Data Responsible Representative and / or Committee].
9.3. The Company does not store Personal Data in view of the possibility of future use.
9.4. All Deletion, Destruction and Anonymization activities of the Company on Personal Data will be carried out in accordance with the principles specified in the Personal Data Storage, Destruction and Anonymization Policy.
9.5 The company periodically scans every 6 months and deletes, destroys or destroys the personal data that has become unnecessary. Whatever the terms and conditions of the day require to be performed, this process is carried out to make the data inaccessible.
X. TRANSFER OF PERSONAL DATA AND PROCESSING OF PERSONAL DATA BY THIRD PARTIES
The Company may transfer Personal Data to a third natural or legal person located at home and / or abroad in accordance with the KVK Regulations by taking the necessary measures in line with the purposes of Personal Data Processing. In this case, the Company ensures that third parties to whom Personal Data has been transferred comply with this Policy.
In this context, necessary protective regulations are added to the contracts concluded with the third party. The item to be added to the contracts concluded with third parties to whom any Personal Data transfer is made is obtained from [Data Responsible Representative and / or Committee].
Each employee is obliged to go through the process stated in this Policy in case of Personal Data transfer. In case the third party to whom the Personal Data is transferred requests a change in the article communicated by the [Data Responsible Representative and / or Committee], the situation is immediately notified by the employee to the [Data Responsible Representative and / or Committee].
10.1. Transfer of Personal Data to Third Parties Found in Turkey
10.1.1. Personal Data REIT Act in Article 5.2 and adequate measures taken to record with without the express consent in cases exceptional set out in Article 6.3 or in other cases the data subject of the condition that it be open Reza (KVK Code Article 5.1 and Article 6.2) Company to third parties in Turkey can be transferred by.
10.1.2. Personal Data REIT Regulations of the Company's employees to ensure the proper transfer to third parties in Turkey and the [Data Specialist Representative or Company] are jointly and severally responsible.
10.2. Personal Data Transfer to Third Parties Abroad
10.2.1. Personal Data may be transferred by the Company to third parties abroad, in exceptional cases specified in Article 5.2 and Article 6.3 of the KVKK, without Explicit Consent or in other cases, provided that the Data Subject's Explicit Consent is obtained (Article 5.1 and Article 6.2 of the KVKK).
10.2.2. In the case that Personal Data is transferred without express consent in accordance with the KVK Regulations, one of the following conditions must be present in terms of the foreign country to which it will be transferred:
10.2.2.1. The foreign country to which the Personal Data is transferred is in the status of countries with sufficient protection by the Board (please follow the current list of the Personal Data Protection Board for a list),
10.2.2.2. If the foreign country to which the transfer will take place is not included in the Board's list of safe countries, the Company and the Data Controllers in the relevant country must obtain a written commitment from the Board in accordance with the principles set by the Board to ensure adequate protection.
10.2.3. Company employees and [Data Responsible Representative or Company] are jointly responsible for ensuring that the transfer of Personal Data abroad to third parties is in compliance with KVK Regulations.
XI. COMPANY'S INFORMING OBLIGATION
11.1. The Company enlightens the Data Subjects before the Processing of Personal Data, in accordance with Article 10 of the KVK law. In this context, the Company fulfills its Disclosure Obligation during the acquisition of Personal Data. The notification to be made to Data Subjects within the scope of the Disclosure Obligation includes the following elements, respectively:
11.1.1. The identity of the Data Supervisor and its representative, if any, the purpose for which Personal Data will be processed, to whom and for what purpose the Processed Personal Data can be transferred, the method and legal reason for collecting Personal Data, the rights of the Data Subjects specified in Article 11 of the KVKK.
11.2. The Company, in accordance with the Constitution of the Republic of Turkey and KVK law 20. Article 11 Upon the request of the data subject knowledge makes the necessary information.
11.3. If requested by the Data Subjects in accordance with the KVKK Regulations, the Company notifies the Data Subject of the Personal Data processed by the Data Subject.
11.4. The employee and the [Data Responsible Representative or the Company] are jointly responsible for ensuring that the necessary Disclosure Obligation is fulfilled before the Processing of Personal Data. In this context, the required KVK Procedure is formed by the [Data Controller Representative and / or Committee] to report each new data processing process [to the Data Responsible Representative and / or the Committee].
11.5. If the Data Processor is a third party other than the Company, it must be committed by the third party before the Personal Data Processing begins with a written agreement that the third party will comply with the above-mentioned obligations. In cases where third parties transfer Personal Data to the Company, the item to be added to the contracts is obtained from [Data Responsible Representative and / or Committee]. Each employee is obliged to go through the process stated in this Policy in case of Personal Data transfer to the Company by a third party. In the event that the third person who transfers Personal Data requests a change in the article communicated by the [Data Responsible Representative and / or Committee], the employee immediately informs the [Data Controller Representative and / or Committee].
XII. RIGHTS OF DATA SUBJECTS
12.1. The Company responds to the following requests of the Data Subjects whose Personal Data is in their possession, in accordance with the KVK Regulations:
12.1.1. Learning whether Personal Data is Processed by the Company,
12.1.2. To request information regarding the processing of Personal Data,
12.1.3. Learning the purpose of processing Personal Data and whether they are used appropriately for their purpose,
12.1.4. To know the third parties to whom Personal Data is transferred domestically or abroad,
12.1.5. Requesting correction of Personal Data in case of incomplete or incorrect processing by the Company,
12.1.6. To request the Deletion or destruction of Personal Data by the Company in case the reasons requiring the Processing of Personal Data to be evaluated within the principles of purpose, duration and legitimacy,
12.1.7. In case of correction, deletion or destruction of Personal Data by the Company, requesting that these transactions be notified to third parties to whom Personal Data is transferred,
12.1.8. Objection to this result in the event of a result against the Data Subject in the event that the processed Personal Data is analyzed exclusively through automated systems,
12.1.9. To request the compensation of the damage in case the Personal Data is processed illegally and the Data Subject is damaged for this reason.
In cases where Data Subjects want to exercise their rights and / or think that the Company does not act within the scope of this Policy while processing Personal Data, they can submit their requests and applications by filling out the Application Form on our website or by creating their own requests to meet the conditions determined by the Personal Data Protection Authority, and send a wet-signed With a petition, you can send it to our company by hand, by a notary or by registered mail or by using a registered electronic mail (KEP) address, secure electronic signature, mobile signature or your e-mail address previously notified to us and registered in our system. Please confirm the current application methods with the legislation before applying. Application conditions and methods to our company are also stated on our company's website.
Postal adress: Şerifali Mahallesi Söyleşi Sok. Maysa Plaza No: 15/2 Kat: 1 (34775) Umraniye / ISTANBUL
Kep adress: firstname.lastname@example.org
12.2. In case Data Subjects submit their requests regarding their rights listed above to the Company in writing, the Company finalizes the request free of charge within thirty days at the latest from the date of receipt of the request. In the event that there is an additional cost related to the finalization of the requests by the Data Controller, the charges in the tariff determined by the Personal Data Protection Board may be requested by the Data Controller.
XIII. DATA MANAGEMENT AND SECURITY
13.1. The Company [appoints a Data Responsible Representative and / or creates a Committee] in order to fulfill its obligations within the scope of the KVK Regulations, to ensure and supervise the implementation of the KVK Procedures required for the implementation of this Policy, and to make suggestions for their functioning.
13.2. All employees involved in the relevant process are jointly responsible for the protection of Personal Data in accordance with this Policy and KVK Procedures.
13.3. Personal Data Processing activities are audited by the company with technical systems according to technological possibilities and implementation costs.
13.4. Personnel who are knowledgeable in technical matters regarding Personal Data Processing activities are employed.
13.5. Company employees are informed and trained for the protection and legal processing of Personal Data.
13.6. The necessary KVK Procedure is created in order to ensure that employees who need to access Personal Data in the company have access to such Personal Data.
13.7. Company employees can access Personal Data only within the authority defined to them and in accordance with the relevant KVK Procedure. Any access and processing performed by the employee beyond his / her authority is unlawful and is the reason for the termination of the employment contract for a just cause.
13.8. If the employee suspects that the security of Personal Data is not adequately secured or detects such a security vulnerability, the Company immediately notifies the situation to the [Data Responsible Representative and / or Committee ].
13.9. The detailed KVK Procedure for the security of Personal Data is created by the [Data Responsible Representative and / or Committee].
13.10. Each person assigned a Company device is responsible for the security of the devices allocated for his own use.
13.11. Each Company employee or person working within the Company is responsible for the security of physical files in his / her area of responsibility.
13.12. In case there are security measures requested or additionally requested for the security of Personal Data within the scope of KVK Regulations, all employees are obliged to comply with additional security measures and to ensure the continuity of these security measures.
13.13. In the company, software and hardware including virus protection systems and firewalls are installed in accordance with technological developments in order to keep Personal Data in secure environments.
13.14. In the company, backup programs are used to prevent the loss or damage of Personal Data and adequate security measures are taken.
13.15. Necessary measures will be taken to protect the documents containing Personal Data in the company with encrypted (encrypted) systems. In this context, Personal Data will not be stored in common areas and on the desktop. Files and folders containing Personal Data, etc. documents will not be moved to desktop or public folder, information on company computers will be stored via USB, etc. It cannot be transferred to another device or taken out of the Company.
13.16. [Data Responsible Representative and / or the Committee] is obliged to take technical and administrative measures for the protection of all Personal Data within the Company, to continuously monitor the developments and administrative activities, to prepare the necessary KVK Procedures and to announce within the Company and to ensure and supervise compliance with them. In this context, the [Committee and / or Data Responsible Representative] organizes the necessary trainings to increase the awareness of the employees.
13.17. If a department within the company processes Special Qualified Personal Data, this department will be informed by the [Committee and / or Data Responsible Representative] about the importance, security and confidentiality of the Personal Data they process and will act in accordance with the instructions of the relevant department [Committee and / or Data Responsible Representative]. Access to Special Qualified Personal Data will only be given to limited employees and their list and follow-up will be made by the [Committee and / or Data Responsible Representative].
13.18. All of the Personal Data processed within the company are considered as "Confidential Information" by the Company.
13.19. Company employees have been informed that their obligations regarding the security and confidentiality of Personal Data will continue after the termination of the business relationship and a commitment has been received from Company employees to abide by these rules.
14.1. The Company provides its employees with the necessary training on the protection of Personal Data within the scope of the Policy and the KVK Procedures and KVKK Regulations.
14.2. Particular attention is paid to the definition and protection of Special Quality Personal Data in the trainings.
14.3. If the Company employee accesses Personal Data physically or in a computer environment, the Company provides training to the relevant employee on these access (for example, a computer program accessed).
The Company has the right to regularly and ex officio inspect that all employees, departments and contractors of the Company comply with this Policy and KVK Regulations at all times and perform the necessary routine inspections within this scope. [Committee and / or Data Responsible Representative] establishes the KVK Procedure for these audits, submits it to the Board of Directors for approval and ensures the implementation of the mentioned procedure.
16.1. Each employee of the company reports the work, transaction or action that he / she thinks is contrary to the procedures and principles specified in the KVK Regulations and within the scope of this Policy [to the Data Responsible Representative and / or the Committee]. In this context, the [Data Responsible Representative and / or the Committee] creates an action plan in accordance with this Policy and KVK Procedures.
16.2. As a result of the information made, [Data Responsible Representative and / or Committee] prepares the notification to be made to the Data Subject or the Institution regarding the violation, taking into account the provisions of the current legislation, especially the KVK Regulations. In this case, the Data Controller Contact Person carries out the correspondence and communication with the Authority.
XVII. CHANGES TO THE POLICY
17.1. This Policy may be changed from time to time by the Company with the approval of the Board of Directors.
17.2. The Company shares the updated Policy text so that the changes on the Policy can be reviewed with its employees via e-mail or makes it available to the employees and Data Subjects via the following web address.
17.3 The Company keeps a written and stamped copy of the policies published on the website, as well as for the duration of their validity and for 2 years after they expire.
XVIII. EFFECTIVE DATE OF THE POLICY
This version of the Policy was approved by the Board of Directors of the Company on 01/01/2020 and entered into force.