KVKK POLICY
KVKK POLICY
KVKK POLICY
Personal Data Protection Policy
Personal Data Protection Policy
Personal Data
Protection Policy
URBANMEDİA ADVERTISING AND COMMUNICATION SERVICES INC. (“Our Company”) aims to carry out all its activities in compliance with personal data protection legislation and to provide the highest level of protection for the fundamental rights and freedoms of personal data owners.
This Policy covers all of Our Company and applies to all personal data processing activities for which Our Company acts as the data controller.
URBANMEDİA ADVERTISING AND COMMUNICATION SERVICES INC. (“Our Company”) aims to carry out all its activities in compliance with personal data protection legislation and to provide the highest level of protection for the fundamental rights and freedoms of personal data owners.
This Policy covers all of Our Company and applies to all personal data processing activities for which Our Company acts as the data controller.
URBANMEDİA ADVERTISING AND COMMUNICATION SERVICES INC. (“Our Company”) aims to carry out all its activities in compliance with personal data protection legislation and to provide the highest level of protection for the fundamental rights and freedoms of personal data owners.
This Policy covers all of Our Company and applies to all personal data processing activities for which Our Company acts as the data controller.
DEFINITIONS
DEFINITIONS
DEFINITIONS
The concepts used in the implementation of this Policy are defined by the meanings provided below.
The concepts used in the implementation of this Policy are defined by the meanings provided below.
The concepts used in the implementation of this Policy are defined by the meanings provided below.
Employees
Employees
Employees
It refers to our company's employees.
It refers to our company's employees.
It refers to our company's employees.
Personal Data Owner
Personal Data Owner
Personal Data Owner
Processing of Personal Data
The individual whose personal data is being processed is a real person. For example; an employee, a visitor.
The individual whose personal data is being processed is a real person. For example; an employee, a visitor.
The individual whose personal data is being processed is a real person. For example; an employee, a visitor.
Processing of Personal Data
Processing of Personal Data
Any operation performed on personal data that is fully or partially automated, or non-automated as part of any data recording system. For example; obtaining, recording, storing, modifying, transferring.
Any operation performed on personal data that is fully or partially automated, or non-automated as part of any data recording system. For example; obtaining, recording, storing, modifying, transferring.
Any operation performed on personal data that is fully or partially automated, or non-automated as part of any data recording system. For example; obtaining, recording, storing, modifying, transferring.
Commercial Code
Commercial Code
Commercial Code
It refers to the Personal Data Protection Law No. 6698.
It refers to the Personal Data Protection Law No. 6698.
It refers to the Personal Data Protection Law No. 6698.
KVK Board
KVK Board
KVK Board
Refers to the Personal Data Protection Authority. It is the decision-making body of the KVK Institution.
Refers to the Personal Data Protection Authority. It is the decision-making body of the KVK Institution.
Refers to the Personal Data Protection Authority. It is the decision-making body of the KVK Institution.
Chamber of Commerce
Chamber of Commerce
Chamber of Commerce
Refers to the Personal Data Protection Authority. It is an official authority established with administrative and financial autonomy under the KVK Law.
Refers to the Personal Data Protection Authority. It is an official authority established with administrative and financial autonomy under the KVK Law.
Refers to the Personal Data Protection Authority. It is an official authority established with administrative and financial autonomy under the KVK Law.
Special Qualified Personal Data
Special Qualified Personal Data
Special Qualified Personal Data
Refers to individuals' race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress and clothing, membership in a union, foundation, or association, health, sexual life, criminal conviction, and security measures data, as well as biometric and genetic data.
Refers to individuals' race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress and clothing, membership in a union, foundation, or association, health, sexual life, criminal conviction, and security measures data, as well as biometric and genetic data.
Refers to individuals' race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress and clothing, membership in a union, foundation, or association, health, sexual life, criminal conviction, and security measures data, as well as biometric and genetic data.
Data Processor
Data Processor
Data Processor
The real or legal person who processes personal data on behalf of the data controller based on the authority granted by them.
The real or legal person who processes personal data on behalf of the data controller based on the authority granted by them.
The real or legal person who processes personal data on behalf of the data controller based on the authority granted by them.
Data Recording System
Data Recording System
Data Recording System
It is a record system where personal data is processed by structuring it according to certain criteria. For example, archiving documents in folders or files.
It is a record system where personal data is processed by structuring it according to certain criteria. For example, archiving documents in folders or files.
It is a record system where personal data is processed by structuring it according to certain criteria. For example, archiving documents in folders or files.
Data Controller
Data Controller
Data Controller
The natural or legal person responsible for determining the purposes and means of processing personal data, as well as the establishment and management of the data recording system.
The natural or legal person responsible for determining the purposes and means of processing personal data, as well as the establishment and management of the data recording system.
The natural or legal person responsible for determining the purposes and means of processing personal data, as well as the establishment and management of the data recording system.
KVKK Working Group
KVKK Working Group
KVKK Working Group
It is a team composed of certain individuals who are assigned from the company's employees or consultants tasked with ensuring full compliance with the Law.
It is a team composed of certain individuals who are assigned from the company's employees or consultants tasked with ensuring full compliance with the Law.
It is a team composed of certain individuals who are assigned from the company's employees or consultants tasked with ensuring full compliance with the Law.
Data Controller
Data Controller
Data Controller
The data controller for the personal data processing activities covered by this Policy is our company in its corporate identity.
The data controller for the personal data processing activities covered by this Policy is our company in its corporate identity.
The data controller for the personal data processing activities covered by this Policy is our company in its corporate identity.
Inventory and Record Keeping
Inventory and Record Keeping
Inventory and Record Keeping
Our company maintains a personal data processing inventory for the purposes of monitoring and managing personal data processing activities as well as ensuring compliance with our legal obligations. This inventory includes categories of personal data and purposes of processing, along with information such as the recipient groups to which they are transferred and their retention periods, and it is listed in connection with our company's business processes. A summary of the inventory can be reported on the VERBIS platform and can be followed publicly.
Our company maintains a personal data processing inventory for the purposes of monitoring and managing personal data processing activities as well as ensuring compliance with our legal obligations. This inventory includes categories of personal data and purposes of processing, along with information such as the recipient groups to which they are transferred and their retention periods, and it is listed in connection with our company's business processes. A summary of the inventory can be reported on the VERBIS platform and can be followed publicly.
Our company maintains a personal data processing inventory for the purposes of monitoring and managing personal data processing activities as well as ensuring compliance with our legal obligations. This inventory includes categories of personal data and purposes of processing, along with information such as the recipient groups to which they are transferred and their retention periods, and it is listed in connection with our company's business processes. A summary of the inventory can be reported on the VERBIS platform and can be followed publicly.
Education and Awareness
Education and Awareness
Education and Awareness
It ensures that our company's employees who are involved in the processing of personal data and/or have access authorization to personal data receive the necessary legislation and information security training, thus maintaining our company's general awareness of personal data protection and ensuring that newly joined employees are at this level of awareness. Required legislation and information security training for our employees is conducted periodically.
It ensures that our company's employees who are involved in the processing of personal data and/or have access authorization to personal data receive the necessary legislation and information security training, thus maintaining our company's general awareness of personal data protection and ensuring that newly joined employees are at this level of awareness. Required legislation and information security training for our employees is conducted periodically.
It ensures that our company's employees who are involved in the processing of personal data and/or have access authorization to personal data receive the necessary legislation and information security training, thus maintaining our company's general awareness of personal data protection and ensuring that newly joined employees are at this level of awareness. Required legislation and information security training for our employees is conducted periodically.
PROTECTION OF PERSONAL DATA
PROTECTION OF PERSONAL DATA
PROTECTION OF PERSONAL DATA
Personal data processing activities are carried out in accordance with data protection legislation and especially the KVK Law, and all the conditions described in this section are met to the extent that they are appropriate to the characteristics of the situation.
Personal data processing activities are carried out in accordance with data protection legislation and especially the KVK Law, and all the conditions described in this section are met to the extent that they are appropriate to the characteristics of the situation.
Personal data processing activities are carried out in accordance with data protection legislation and especially the KVK Law, and all the conditions described in this section are met to the extent that they are appropriate to the characteristics of the situation.
General Principles
General Principles
General Principles
All personal data processing activities carried out by our company are always conducted in accordance with the following principles.
All personal data processing activities carried out by our company are always conducted in accordance with the following principles.
All personal data processing activities carried out by our company are always conducted in accordance with the following principles.
Compliance with Law and Principle of Integrity
Compliance with Law and Principle of Integrity
Compliance with Law and Integrity
Adherence to Rules
In the processing of personal data, actions must comply not only with the KVK Law but also with all other laws and regulations, and the interests and reasonable expectations of the data subjects must be taken into account.
In the processing of personal data, actions must comply not only with the KVK Law but also with all other laws and regulations, and the interests and reasonable expectations of the data subjects must be taken into account.
In the processing of personal data, actions must comply not only with the KVK Law but also with all other laws and regulations, and the interests and reasonable expectations of the data subjects must be taken into account.
Being Accurate and Up-to-date When Necessary
Being Accurate and Up-to-date When Necessary
Be Accurate and Up-to-Date When Necessary
In order for personal data to be kept accurate and up to date, personal data must be collected in a manner consistent with reality during the acquisition phase, and the accuracy of the information must be ensured. In addition, opportunities should be created to allow data subjects to communicate their requests that may arise from the inaccuracy or outdated nature of the data, and these requests should be addressed carefully.
If a processing activity may have consequences for the data subject, the currency of the personal data should be checked, and if necessary, contact should be made with the data subject to update the data.
In order for personal data to be kept accurate and up to date, personal data must be collected in a manner consistent with reality during the acquisition phase, and the accuracy of the information must be ensured. In addition, opportunities should be created to allow data subjects to communicate their requests that may arise from the inaccuracy or outdated nature of the data, and these requests should be addressed carefully.
If a processing activity may have consequences for the data subject, the currency of the personal data should be checked, and if necessary, contact should be made with the data subject to update the data.
In order for personal data to be kept accurate and up to date, personal data must be collected in a manner consistent with reality during the acquisition phase, and the accuracy of the information must be ensured. In addition, opportunities should be created to allow data subjects to communicate their requests that may arise from the inaccuracy or outdated nature of the data, and these requests should be addressed carefully.
If a processing activity may have consequences for the data subject, the currency of the personal data should be checked, and if necessary, contact should be made with the data subject to update the data.
Processed for Specific, Clear, and Legitimate Purposes
Processed for Specific, Clear, and Legitimate Purposes
Processing for Specific, Clear, and Legitimate
Purposes
The purpose of personal data processing must be clearly and definitively defined before the personal data is obtained, and this purpose must be legitimate, that is, compliant with the law. In this context, personal data should not be collected without a purpose or for a very general purpose. Before using any obtained personal data for a purpose other than the collection purpose, a new basis for processing (such as obtaining consent) should be established; if this is not possible, the processing should not go beyond the collection purpose. Additionally, transparency steps should be taken to ensure that the purpose of processing is made known to the data subject.
Our company determines the purposes of processing within the scope of the personal data processing inventory regarding its processing activities and audits their legitimacy. Additionally, these purposes are communicated to the data subjects within the scope of the obligation to inform.
The purpose of personal data processing must be clearly and definitively defined before the personal data is obtained, and this purpose must be legitimate, that is, compliant with the law. In this context, personal data should not be collected without a purpose or for a very general purpose. Before using any obtained personal data for a purpose other than the collection purpose, a new basis for processing (such as obtaining consent) should be established; if this is not possible, the processing should not go beyond the collection purpose. Additionally, transparency steps should be taken to ensure that the purpose of processing is made known to the data subject.
Our company determines the purposes of processing within the scope of the personal data processing inventory regarding its processing activities and audits their legitimacy. Additionally, these purposes are communicated to the data subjects within the scope of the obligation to inform.
The purpose of personal data processing must be clearly and definitively defined before the personal data is obtained, and this purpose must be legitimate, that is, compliant with the law. In this context, personal data should not be collected without a purpose or for a very general purpose. Before using any obtained personal data for a purpose other than the collection purpose, a new basis for processing (such as obtaining consent) should be established; if this is not possible, the processing should not go beyond the collection purpose. Additionally, transparency steps should be taken to ensure that the purpose of processing is made known to the data subject.
Our company determines the purposes of processing within the scope of the personal data processing inventory regarding its processing activities and audits their legitimacy. Additionally, these purposes are communicated to the data subjects within the scope of the obligation to inform.
Being Related to Purpose, Limited and Measured
Being Related to Purpose, Limited and Measured
Being Purposeful,
Limited and Measured
According to the principle also expressed as the minimum processing principle, personal data should be suitable for achieving the specified purposes, and processing personal data not related to the purpose or not needed for that purpose should be avoided. For example, personal data should not be collected for needs that may arise later.
According to the principle also expressed as the minimum processing principle, personal data should be suitable for achieving the specified purposes, and processing personal data not related to the purpose or not needed for that purpose should be avoided. For example, personal data should not be collected for needs that may arise later.
According to the principle also expressed as the minimum processing principle, personal data should be suitable for achieving the specified purposes, and processing personal data not related to the purpose or not needed for that purpose should be avoided. For example, personal data should not be collected for needs that may arise later.
Preserved as Needed
Preserved as Needed
Maintained as Needed
Personal data should be stored for the duration specified in the relevant legal regulations, if such a period exists, or for as long as necessary for the purposes for which they are processed, whichever is longer. If there is no valid reason to retain a personal data, that data should be destroyed, meaning it should be deleted, eliminated, or anonymized. Our company retains personal data only as long as necessary in this regard.
Personal data should be stored for the duration specified in the relevant legal regulations, if such a period exists, or for as long as necessary for the purposes for which they are processed, whichever is longer. If there is no valid reason to retain a personal data, that data should be destroyed, meaning it should be deleted, eliminated, or anonymized. Our company retains personal data only as long as necessary in this regard.
Personal data should be stored for the duration specified in the relevant legal regulations, if such a period exists, or for as long as necessary for the purposes for which they are processed, whichever is longer. If there is no valid reason to retain a personal data, that data should be destroyed, meaning it should be deleted, eliminated, or anonymized. Our company retains personal data only as long as necessary in this regard.
Compliance with the Law
Compliance with the Law
Compliance with the Law
Fundamentals of Processing
In order for any personal data to be processed in a lawful manner, the processing activity must be based on at least one of the processing grounds specified in the KVK Law. The explicit consent of the data subject is only one of these processing grounds, and it is also possible to process personal data without obtaining the explicit consent of the data subject.
If the personal data processing activity is based on one of the processing grounds other than explicit consent, then there will be no need to obtain explicit consent from the data subject. Indeed, while it is possible to carry out the processing activity on a basis other than explicit consent, relying on explicit consent may be misleading. In this context, it should first be assessed whether the personal data processing activity is primarily based on one of the processing grounds other than explicit consent; if none of the grounds other than explicit consent is applicable, explicit consent from the data subject must be obtained for the processing activity to be carried out.
The personal data processing activities carried out by our company are based on the legal processing grounds specified in Articles 5 and 6 of the KVK Law. However, the transfer of data belonging to individuals outside the company through the e-mail system is considered a data transfer abroad according to corporate decision. Since one of the ways to comply with the law for data transfer abroad requires the explicit consent of the relevant person, explicit consent is requested for this processing activity in accordance with Article 5 (1) of the law.
Fundamentals of Processing
In order for any personal data to be processed in a lawful manner, the processing activity must be based on at least one of the processing grounds specified in the KVK Law. The explicit consent of the data subject is only one of these processing grounds, and it is also possible to process personal data without obtaining the explicit consent of the data subject.
If the personal data processing activity is based on one of the processing grounds other than explicit consent, then there will be no need to obtain explicit consent from the data subject. Indeed, while it is possible to carry out the processing activity on a basis other than explicit consent, relying on explicit consent may be misleading. In this context, it should first be assessed whether the personal data processing activity is primarily based on one of the processing grounds other than explicit consent; if none of the grounds other than explicit consent is applicable, explicit consent from the data subject must be obtained for the processing activity to be carried out.
The personal data processing activities carried out by our company are based on the legal processing grounds specified in Articles 5 and 6 of the KVK Law. However, the transfer of data belonging to individuals outside the company through the e-mail system is considered a data transfer abroad according to corporate decision. Since one of the ways to comply with the law for data transfer abroad requires the explicit consent of the relevant person, explicit consent is requested for this processing activity in accordance with Article 5 (1) of the law.
Fundamentals of Processing
In order for any personal data to be processed in a lawful manner, the processing activity must be based on at least one of the processing grounds specified in the KVK Law. The explicit consent of the data subject is only one of these processing grounds, and it is also possible to process personal data without obtaining the explicit consent of the data subject.
If the personal data processing activity is based on one of the processing grounds other than explicit consent, then there will be no need to obtain explicit consent from the data subject. Indeed, while it is possible to carry out the processing activity on a basis other than explicit consent, relying on explicit consent may be misleading. In this context, it should first be assessed whether the personal data processing activity is primarily based on one of the processing grounds other than explicit consent; if none of the grounds other than explicit consent is applicable, explicit consent from the data subject must be obtained for the processing activity to be carried out.
The personal data processing activities carried out by our company are based on the legal processing grounds specified in Articles 5 and 6 of the KVK Law. However, the transfer of data belonging to individuals outside the company through the e-mail system is considered a data transfer abroad according to corporate decision. Since one of the ways to comply with the law for data transfer abroad requires the explicit consent of the relevant person, explicit consent is requested for this processing activity in accordance with Article 5 (1) of the law.
Processing of Special Qualified Personal Data
Processing of Special Qualified Personal Data
Processing of Special Qualifying Personal
Data
Our company places the utmost importance on the protection of specially qualified personal data and implements the necessary administrative and technical measures in this regard.
Our company places the utmost importance on the protection of specially qualified personal data and implements the necessary administrative and technical measures in this regard.
Our company places the utmost importance on the protection of specially qualified personal data and implements the necessary administrative and technical measures in this regard.
Transparency
Transparency
Transparency
Clarification of Personal Data Owners
It is essential for our company that personal data processing activities occur with the knowledge of the personal data owner. In this context, responsible managers provide information to the personal data owner regarding the identity of the data controller and, if applicable, their representative, the purposes for which personal data will be processed, to whom and for what purposes personal data may be transferred to third parties, the method of collecting personal data, the legal basis for processing personal data, and the rights of the personal data owner as stated in the KVK Law.
However, in accordance with the purpose and fundamental principles of the KVK Law and provided it is proportional, it will not be necessary to inform personal data owners under this article in cases listed in Article 28 of the KVK Law, including the processing of personal data made public by the data subject themselves.
Clarification of Personal Data Owners
It is essential for our company that personal data processing activities occur with the knowledge of the personal data owner. In this context, responsible managers provide information to the personal data owner regarding the identity of the data controller and, if applicable, their representative, the purposes for which personal data will be processed, to whom and for what purposes personal data may be transferred to third parties, the method of collecting personal data, the legal basis for processing personal data, and the rights of the personal data owner as stated in the KVK Law.
However, in accordance with the purpose and fundamental principles of the KVK Law and provided it is proportional, it will not be necessary to inform personal data owners under this article in cases listed in Article 28 of the KVK Law, including the processing of personal data made public by the data subject themselves.
Clarification of Personal Data Owners
It is essential for our company that personal data processing activities occur with the knowledge of the personal data owner. In this context, responsible managers provide information to the personal data owner regarding the identity of the data controller and, if applicable, their representative, the purposes for which personal data will be processed, to whom and for what purposes personal data may be transferred to third parties, the method of collecting personal data, the legal basis for processing personal data, and the rights of the personal data owner as stated in the KVK Law.
However, in accordance with the purpose and fundamental principles of the KVK Law and provided it is proportional, it will not be necessary to inform personal data owners under this article in cases listed in Article 28 of the KVK Law, including the processing of personal data made public by the data subject themselves.
Fulfillment of Personal Data Owners' Requests
Fulfillment of Personal Data Owners' Requests
Fulfillment of Personal Data Owners' Requests
Rights of Personal Data Owners
Personal data owners have the following rights under the KVK Law:
· Learn whether their personal data is being processed,
· Request information regarding the processing of their personal data if it has been processed,
· Learn the purpose of processing their personal data and whether it is being used in accordance with that purpose,
· Know third parties to whom their personal data has been transferred, whether domestically or internationally,
· Request the correction of personal data in case of incomplete or incorrect processing and request that the operations carried out in this scope be notified to third parties to whom the personal data has been transferred,
· Request the deletion or destruction of personal data when the reasons requiring its processing disappear and request that the operations carried out in this scope be notified to third parties to whom the personal data has been transferred,
· Object to the occurrence of a result against themselves by analyzing the processed data exclusively through automated systems,
· Request compensation for damages if they are harmed due to unlawful processing of their personal data.
Except for the right to request compensation for damages, personal data owners cannot assert their other rights in situations listed below, provided that they are in accordance with the purpose and fundamental principles of the KVK Law:
· Necessary processing of personal data for prevention of a crime or for a criminal investigation,
· Processing of personal data that has been made public by the relevant person themselves,
· Necessary processing of personal data by authorized public institutions and organizations based on the authority granted by the law for the execution of their supervisory or regulatory duties as well as for necessary disciplinary investigations or prosecutions,
· Necessary processing of personal data for the protection of the economic and financial interests of the state regarding budget, tax, and financial matters.
Rights of Personal Data Owners
Personal data owners have the following rights under the KVK Law:
· Learn whether their personal data is being processed,
· Request information regarding the processing of their personal data if it has been processed,
· Learn the purpose of processing their personal data and whether it is being used in accordance with that purpose,
· Know third parties to whom their personal data has been transferred, whether domestically or internationally,
· Request the correction of personal data in case of incomplete or incorrect processing and request that the operations carried out in this scope be notified to third parties to whom the personal data has been transferred,
· Request the deletion or destruction of personal data when the reasons requiring its processing disappear and request that the operations carried out in this scope be notified to third parties to whom the personal data has been transferred,
· Object to the occurrence of a result against themselves by analyzing the processed data exclusively through automated systems,
· Request compensation for damages if they are harmed due to unlawful processing of their personal data.
Except for the right to request compensation for damages, personal data owners cannot assert their other rights in situations listed below, provided that they are in accordance with the purpose and fundamental principles of the KVK Law:
· Necessary processing of personal data for prevention of a crime or for a criminal investigation,
· Processing of personal data that has been made public by the relevant person themselves,
· Necessary processing of personal data by authorized public institutions and organizations based on the authority granted by the law for the execution of their supervisory or regulatory duties as well as for necessary disciplinary investigations or prosecutions,
· Necessary processing of personal data for the protection of the economic and financial interests of the state regarding budget, tax, and financial matters.
Rights of Personal Data Owners
Personal data owners have the following rights under the KVK Law:
· Learn whether their personal data is being processed,
· Request information regarding the processing of their personal data if it has been processed,
· Learn the purpose of processing their personal data and whether it is being used in accordance with that purpose,
· Know third parties to whom their personal data has been transferred, whether domestically or internationally,
· Request the correction of personal data in case of incomplete or incorrect processing and request that the operations carried out in this scope be notified to third parties to whom the personal data has been transferred,
· Request the deletion or destruction of personal data when the reasons requiring its processing disappear and request that the operations carried out in this scope be notified to third parties to whom the personal data has been transferred,
· Object to the occurrence of a result against themselves by analyzing the processed data exclusively through automated systems,
· Request compensation for damages if they are harmed due to unlawful processing of their personal data.
Except for the right to request compensation for damages, personal data owners cannot assert their other rights in situations listed below, provided that they are in accordance with the purpose and fundamental principles of the KVK Law:
· Necessary processing of personal data for prevention of a crime or for a criminal investigation,
· Processing of personal data that has been made public by the relevant person themselves,
· Necessary processing of personal data by authorized public institutions and organizations based on the authority granted by the law for the execution of their supervisory or regulatory duties as well as for necessary disciplinary investigations or prosecutions,
· Necessary processing of personal data for the protection of the economic and financial interests of the state regarding budget, tax, and financial matters.
Exercising the Rights of the Personal Data Owner
Exercising the Rights of the Personal Data Owner
Exercising the Rights of the Personal Data Owner
Data subjects can exercise their rights in writing by using registered electronic mail (KEP) addresses, secure electronic signatures, mobile signatures, or the email addresses previously notified to us and registered in our system. Applications made by data subjects are responded to as soon as possible and no later than 30 days.
Data subjects can exercise their rights in writing by using registered electronic mail (KEP) addresses, secure electronic signatures, mobile signatures, or the email addresses previously notified to us and registered in our system. Applications made by data subjects are responded to as soon as possible and no later than 30 days.
Data subjects can exercise their rights in writing by using registered electronic mail (KEP) addresses, secure electronic signatures, mobile signatures, or the email addresses previously notified to us and registered in our system. Applications made by data subjects are responded to as soon as possible and no later than 30 days.
Cost Related to the Application
Cost Related to the Application
Cost Related to the Application
No fee will be charged for the response provided by our company for up to ten pages, but a processing fee of 1 Turkish Lira may be charged for each page over ten. If the response to the application is provided on a recording medium such as a CD or a USB drive, the cost of the relevant recording medium will be requested from the data subject. If the application is due to an error on our company's part, all fees and expenses incurred will be refunded to the data subject.
No fee will be charged for the response provided by our company for up to ten pages, but a processing fee of 1 Turkish Lira may be charged for each page over ten. If the response to the application is provided on a recording medium such as a CD or a USB drive, the cost of the relevant recording medium will be requested from the data subject. If the application is due to an error on our company's part, all fees and expenses incurred will be refunded to the data subject.
No fee will be charged for the response provided by our company for up to ten pages, but a processing fee of 1 Turkish Lira may be charged for each page over ten. If the response to the application is provided on a recording medium such as a CD or a USB drive, the cost of the relevant recording medium will be requested from the data subject. If the application is due to an error on our company's part, all fees and expenses incurred will be refunded to the data subject.
Data Transfers and Third Party Compliance
Data Transfers and Third Party Compliance
Data Transfers and
Third Party Compliance
Compliance with Law
When it is necessary to transfer personal data to third parties, it is checked whether the processing bases can be applied in a manner specific to the transfer, and the requirements of the situation are fulfilled. For example, the legal obligation must be related to the transfer of personal data, or explicit consent must have been obtained for the transfer of personal data.
All necessary measures are taken when it comes to the transfer of special categories of personal data.
Compliance with Law
When it is necessary to transfer personal data to third parties, it is checked whether the processing bases can be applied in a manner specific to the transfer, and the requirements of the situation are fulfilled. For example, the legal obligation must be related to the transfer of personal data, or explicit consent must have been obtained for the transfer of personal data.
All necessary measures are taken when it comes to the transfer of special categories of personal data.
Compliance with Law
When it is necessary to transfer personal data to third parties, it is checked whether the processing bases can be applied in a manner specific to the transfer, and the requirements of the situation are fulfilled. For example, the legal obligation must be related to the transfer of personal data, or explicit consent must have been obtained for the transfer of personal data.
All necessary measures are taken when it comes to the transfer of special categories of personal data.
Administrative and Technical Measures
Administrative and Technical Measures
Administrative and Technical Measures
It is ensured that the other party will demonstrate sufficient care and diligence in processing personal data before any transfer of personal data to a third party occurs or before access permissions to our Company's storage areas are granted to a third party.
Transfer of Personal Data in Physical Environments
Personal data in physical environments include all personal data outside electronic environments where personal data can be read.
This section of the Personal Data Transfer Policy contains the requirements related to the physical transfer of personal data. Company employees must adhere to this Policy whenever they make a physical transfer of personal data unless stated otherwise. If an employee makes a transfer or witnesses a transfer being made, they are obliged to report the situation to the KVKK Working Group.
Employees or departments transferring data in physical environments must be able to prove that the explicit consent of the person was obtained when the personal data to be transferred is taken. In cases where personal data is transferred without explicit consent, the responsibility cannot solely be attributed to the data holder. The person or department conducting the transfer holds a degree of responsibility for the transferred personal data that cannot be separated from the data processor.
The transfer of data without explicit consent is only valid in cases specified in the Law (second paragraph of Article 8). In all other cases, personal data cannot be transferred without the explicit consent of the individual. If the individual is unsure of the validity of the exception, they must consult the KVKK Working Group before making the transfer.
Documents containing Personal Data must remain unprocessed during the transfer. The person conducting the transfer must not even see the personal data on the document during the transfer. Therefore, depending on the physical dimensions of the transfer files, if personal data has been processed before reaching the person to whom it will be transferred, the transfer should be conducted in a way that is traceable during the transfer. This traceability will be ensured by sealing the envelope, box, or container. If sealing cannot be done, the transfer can only be carried out with the knowledge and approval of the KVKK Working Group.
The sending party is obliged to confirm that the personal data has been received by the receiving party at the end of the expected transfer period by contacting them. The receiving party, in turn, informs the sending party that the personal data was not processed during the transfer (that it was kept sealed) and, in cases where they believe otherwise, communicates the situation to the sending party and the relevant person in the KVKK Working Group.
Transfer of Personal Data in Electronic Environments
Personal data in electronic environments includes all personal data that has been made readable using an electronic device.
This section of the Personal Data Transfer Policy describes the requirements regarding the electronic transfer of personal data. Company employees must adhere to this Policy whenever they make a transfer of personal data in electronic environments unless stated otherwise. If an employee conducts a transfer or witnesses a transfer being made, they are obliged to report the situation to the KVKK Working Group.
Employees or departments transferring data electronically must be able to prove that the explicit consent of the person was obtained when the personal data to be transferred is taken. In cases where personal data is transferred without explicit consent, the responsibility cannot solely be attributed to the data holder. The person or department conducting the transfer holds a degree of responsibility for the transferred personal data that cannot be separated from the data processor. The transfer of data without explicit consent is only valid in cases specified in the law (second paragraph of Article 8). In all other cases, personal data cannot be transferred without the explicit consent of the individual. If the individual is unsure of the validity of the exception, they must consult the KVKK Working Group before making the transfer.
Before personal data is transferred electronically, it must be ensured that the recipient is authorized to process the data.
Transfer of personal data electronically can only be done using the following methods and provided that the specified conditions are met; if these methods fall short, the KVKK Working Group must be informed.
1. Email
The transfer process can be carried out only if the department manager conducting the transfer is among the recipients of the email. Even if the department manager is aware, if the email's recipient is not the manager, the employee will be considered to have acted against the policy.
In the text of the email, it must be indicated that the content and/or attachments of the email contain personal data, and the processing of personal data must be prevented by encrypting it. The password should be shared with the recipient via another email or communication method. If the encryption process is not conducted, the relevant employee must inform their unit manager, and the unit manager must obtain approval by informing the KVKK Working Group.
2. Portable Media
Portable media includes all electronic platforms where physical forms of electronic environments can be transported, such as hard drives, CDs, DVDs, tapes, USB flash drives, USB external hard drives, memory cards, and similar.
When transferring personal data with portable media, the portable media can be encrypted. Sensitive personal data cannot be transferred using portable media without encryption. The password is conveyed to the recipient by the sender using a different communication channel.
The employee conducting the data transfer is also responsible for the destruction of the data on the portable media afterwards. The portable media cannot be used for any other process before the personal data contained within it is destroyed.
The physical transfer of the portable media must be done directly from the sender to the recipient. If direct transfer is not possible, it must be carried out with minimum intermediaries. During the transfer, the company's contracted courier service should be used; cargo services cannot be used during the transfer.
3. Cloud Sharing
Cloud sharing encompasses all shares in which personal data is uploaded by the sender to an online storage area and retrieved by the recipient.
Employees transferring personal data using cloud sharing must share information with the company's Information Technologies Department along with the personal data owner's department manager about the most secure method before each transfer. It is mandatory to inform the Company's Information Technologies Department of all situations where personal data will be shared via cloud sharing.
The data shared via the cloud sharing method must be encrypted. The password is conveyed to the recipient by the sender using another communication channel. Cloud sharing can only be conducted using the company's hardware and network; employees are not permitted to share data without utilizing the company's hardware and network.
4. Sharing Over the Network
Personal data can be shared among departments and/or within departments using the company's shared areas. In network-sharing cases, personal data can only be transferred in an encrypted manner, and cryptographic protocols must be applied during the transfer. The password is conveyed from the sender to the recipient using a different communication channel. If the employee believes that the transfer process is not suitable for encryption or the application of cryptographic protocols, they must inform their unit manager, and the transfer can only be conducted with the group's approval.
When sharing over the network, the area used must only be accessible to the receiving department and/or employee, and this control is the sender's responsibility. After the sharing is complete, the recipient must destroy the personal data over the network and inform the sender. The sender who receives the information must verify and ensure that the personal data no longer exists in the shared area of the network.
It is ensured that the other party will show sufficient care and diligence in processing personal data before any transfer of personal data to a third party occurs or before access rights to our Company's storage areas are granted to a third party.
Transfer of Personal Data in Physical Environment
Personal data in physical environments include all personal data outside electronic environments where personal data can be read.
This section of the Personal Data Transfer Policy contains the requirements related to the physical transfer of personal data. Unless otherwise specified, company employees must adhere to this Policy when making a physical transfer of personal data. In cases where an employee witnesses or makes a transfer, they are obliged to inform the KVKK Working Group about the situation.
Employees or departments making data transfers in a physical environment must be able to prove, if necessary, that the person's explicit consent has been obtained when collecting the personal data to be transferred. In cases where personal data is transferred without obtaining explicit consent, the responsibility cannot solely be attributed to the data holder. The person or department making the transfer has a degree of responsibility that cannot be separated from the data processor concerning the transferred personal data.
Transferring data without obtaining explicit consent is only valid in situations where the exceptions specified in the Law (second paragraph of the 8th article) are met. In all other cases, personal data cannot be transferred without the explicit consent of the data subject. If the individual is uncertain about the validity of the exception, they should consult the KVKK Working Group before proceeding with the transfer.
Physical documents containing Personal Data must remain unprocessed during transfer. During the transfer, personal data should not even be seen by the person making the transfer. Therefore, depending on the physical size of the transfer files, if personal data has been processed before reaching the recipient, the transfer should be executed in a traceable manner during the transfer. This traceability will be ensured by sealing the envelope, box, or package. If sealing cannot be performed, the transfer can only be conducted with the knowledge and approval of the KVKK Working Group.
The sender is obliged to confirm with the recipient that the personal data has been received at the expected end of the transfer period. The recipient is also responsible for informing the sender that the personal data was not processed during the transfer (maintained sealed) and, in cases where they think otherwise, informing the sender and the relevant person in the KVKK Working Group about the situation.
Transfer of Personal Data in Electronic Environment
Personal data in electronic environments include all personal data that can be made readable using an electronic device.
This section of the Personal Data Transfer Policy describes the requirements regarding the electronic transfer of personal data. Unless otherwise specified, company employees must adhere to this Policy when making an electronic transfer of personal data. In cases where an employee witnesses or makes a transfer, they are obliged to inform the KVKK Working Group about the situation.
Employees or departments making electronic data transfers must be able to prove, if necessary, that the person's explicit consent has been obtained when collecting the personal data to be transferred. In cases where personal data is transferred without obtaining explicit consent, the responsibility cannot solely be attributed to the data holder. The person or department making the transfer has a degree of responsibility that cannot be separated from the data processor concerning the transferred personal data. Transferring data without obtaining explicit consent is only valid in situations where the exceptions stipulated in the law (second paragraph of the 8th article) are met. In all other cases, personal data cannot be transferred without the explicit consent of the data subject. If the individual is uncertain about the validity of the exception, they should consult the KVKK Working Group before proceeding with the transfer.
Before transferring personal data electronically, it must be ensured that the recipient has the authorization to process the data.
The electronic transfer of personal data can only be carried out using the following methods and only when the specified conditions are met; if these methods are inadequate, the KVKK Working Group should be informed.
1. Email
The transfer process can be carried out if the manager of the transferring department is among the email recipients. Even if the Department Manager is aware, if they are not a recipient of the email, the employee will be considered to have acted contrary to the policy.
In the text of the email, it should be indicated that the content and/or attachments of the email contain personal data, and the processing of personal data must be prevented through encryption. The password should be shared with the recipient through another email or communication method. If encryption is not performed, the relevant employee must inform their unit manager, and the unit manager must obtain approval from the KVKK Working Group.
2. Portable Media
Portable media encompasses all electronic platforms where physical storage can be transported, including hard disks, CDs, DVDs, tapes, USB drives, USB hard drives, memory cards, and similar devices.
When transferring personal data using portable media, the portable media can be encrypted. Special categories of personal data cannot be transferred using portable media without encryption. The password is communicated by the sender to the recipient using a different communication channel.
The employee making the data transfer is also responsible for the subsequent destruction of the data within the portable media. The portable media cannot be used for any other purpose until the personal data within it is destroyed.
The physical transfer of portable media must be done directly from the sender to the recipient. If this direct transfer is not possible, the transfer must be carried out using a minimum intermediary. The company’s contracted courier service should be used for the transfer, and cargo services cannot be used.
3. Cloud Sharing
Cloud sharing includes all data sent by the sender to an online storage area from which the recipient retrieves the data.
The employee transferring personal data via cloud sharing must share information with the Company's Information Technology Department, along with the manager of the personal data owner department before each transfer regarding the most secure method. It is mandatory to inform the Company Information Technology Department in all cases where personal data will be shared via cloud sharing.
Data shared via cloud sharing is encrypted. The password is communicated by the sender to the recipient using a different communication channel. Cloud sharing can only be performed using company equipment and network, and employees are not permitted to perform cloud sharing without using company equipment and network.
4. Sharing Over the Network
Personal data can be shared within and/or between departments using the company’s shared areas. Personal data can only be transferred encrypted in network sharing, and cryptographic protocols are applied during the transfer. The password is communicated from the sender to the recipient through a different communication channel. If the employee believes that the process of transferring personal data is not suitable for encryption or the application of cryptographic protocols, the KVKK Working Group must be informed with the knowledge of the relevant unit manager, and the transfer is only carried out with the Group’s approval.
When sharing over the network, the area used must only be accessible to the receiving department and/or employee, and this control is the responsibility of the sender. Upon completion of the sharing, the recipient must destroy the personal data over the network and inform the sender. The sender receiving the information must check that personal data is no longer present in the shared area on the network and ensure its absence.
It is ensured that the other party will show sufficient care and diligence in processing personal data before any transfer of personal data to a third party occurs or before access rights to our Company's storage areas are granted to a third party.
Transfer of Personal Data in Physical Environment
Personal data in physical environments include all personal data outside electronic environments where personal data can be read.
This section of the Personal Data Transfer Policy contains the requirements related to the physical transfer of personal data. Unless otherwise specified, company employees must adhere to this Policy when making a physical transfer of personal data. In cases where an employee witnesses or makes a transfer, they are obliged to inform the KVKK Working Group about the situation.
Employees or departments making data transfers in a physical environment must be able to prove, if necessary, that the person's explicit consent has been obtained when collecting the personal data to be transferred. In cases where personal data is transferred without obtaining explicit consent, the responsibility cannot solely be attributed to the data holder. The person or department making the transfer has a degree of responsibility that cannot be separated from the data processor concerning the transferred personal data.
Transferring data without obtaining explicit consent is only valid in situations where the exceptions specified in the Law (second paragraph of the 8th article) are met. In all other cases, personal data cannot be transferred without the explicit consent of the data subject. If the individual is uncertain about the validity of the exception, they should consult the KVKK Working Group before proceeding with the transfer.
Physical documents containing Personal Data must remain unprocessed during transfer. During the transfer, personal data should not even be seen by the person making the transfer. Therefore, depending on the physical size of the transfer files, if personal data has been processed before reaching the recipient, the transfer should be executed in a traceable manner during the transfer. This traceability will be ensured by sealing the envelope, box, or package. If sealing cannot be performed, the transfer can only be conducted with the knowledge and approval of the KVKK Working Group.
The sender is obliged to confirm with the recipient that the personal data has been received at the expected end of the transfer period. The recipient is also responsible for informing the sender that the personal data was not processed during the transfer (maintained sealed) and, in cases where they think otherwise, informing the sender and the relevant person in the KVKK Working Group about the situation.
Transfer of Personal Data in Electronic Environment
Personal data in electronic environments include all personal data that can be made readable using an electronic device.
This section of the Personal Data Transfer Policy describes the requirements regarding the electronic transfer of personal data. Unless otherwise specified, company employees must adhere to this Policy when making an electronic transfer of personal data. In cases where an employee witnesses or makes a transfer, they are obliged to inform the KVKK Working Group about the situation.
Employees or departments making electronic data transfers must be able to prove, if necessary, that the person's explicit consent has been obtained when collecting the personal data to be transferred. In cases where personal data is transferred without obtaining explicit consent, the responsibility cannot solely be attributed to the data holder. The person or department making the transfer has a degree of responsibility that cannot be separated from the data processor concerning the transferred personal data. Transferring data without obtaining explicit consent is only valid in situations where the exceptions stipulated in the law (second paragraph of the 8th article) are met. In all other cases, personal data cannot be transferred without the explicit consent of the data subject. If the individual is uncertain about the validity of the exception, they should consult the KVKK Working Group before proceeding with the transfer.
Before transferring personal data electronically, it must be ensured that the recipient has the authorization to process the data.
The electronic transfer of personal data can only be carried out using the following methods and only when the specified conditions are met; if these methods are inadequate, the KVKK Working Group should be informed.
1. Email
The transfer process can be carried out if the manager of the transferring department is among the email recipients. Even if the Department Manager is aware, if they are not a recipient of the email, the employee will be considered to have acted contrary to the policy.
In the text of the email, it should be indicated that the content and/or attachments of the email contain personal data, and the processing of personal data must be prevented through encryption. The password should be shared with the recipient through another email or communication method. If encryption is not performed, the relevant employee must inform their unit manager, and the unit manager must obtain approval from the KVKK Working Group.
2. Portable Media
Portable media encompasses all electronic platforms where physical storage can be transported, including hard disks, CDs, DVDs, tapes, USB drives, USB hard drives, memory cards, and similar devices.
When transferring personal data using portable media, the portable media can be encrypted. Special categories of personal data cannot be transferred using portable media without encryption. The password is communicated by the sender to the recipient using a different communication channel.
The employee making the data transfer is also responsible for the subsequent destruction of the data within the portable media. The portable media cannot be used for any other purpose until the personal data within it is destroyed.
The physical transfer of portable media must be done directly from the sender to the recipient. If this direct transfer is not possible, the transfer must be carried out using a minimum intermediary. The company’s contracted courier service should be used for the transfer, and cargo services cannot be used.
3. Cloud Sharing
Cloud sharing includes all data sent by the sender to an online storage area from which the recipient retrieves the data.
The employee transferring personal data via cloud sharing must share information with the Company's Information Technology Department, along with the manager of the personal data owner department before each transfer regarding the most secure method. It is mandatory to inform the Company Information Technology Department in all cases where personal data will be shared via cloud sharing.
Data shared via cloud sharing is encrypted. The password is communicated by the sender to the recipient using a different communication channel. Cloud sharing can only be performed using company equipment and network, and employees are not permitted to perform cloud sharing without using company equipment and network.
4. Sharing Over the Network
Personal data can be shared within and/or between departments using the company’s shared areas. Personal data can only be transferred encrypted in network sharing, and cryptographic protocols are applied during the transfer. The password is communicated from the sender to the recipient through a different communication channel. If the employee believes that the process of transferring personal data is not suitable for encryption or the application of cryptographic protocols, the KVKK Working Group must be informed with the knowledge of the relevant unit manager, and the transfer is only carried out with the Group’s approval.
When sharing over the network, the area used must only be accessible to the receiving department and/or employee, and this control is the responsibility of the sender. Upon completion of the sharing, the recipient must destroy the personal data over the network and inform the sender. The sender receiving the information must check that personal data is no longer present in the shared area on the network and ensure its absence.
Transfer of Personal Data Abroad
Transfer of Personal Data Abroad
Transfer of Personal
Data Abroad
Personal data can be transferred abroad provided that the processing principles specified under the title of "Lawfulness" in this Policy can be applied in a way specific to the transfer abroad, and the necessary actions are taken accordingly. If the processing basis is not explicit consent, then in addition to the processing basis:
a. It is ensured that there is adequate protection in the foreign country to which the personal data will be transferred or
b. In the absence of adequate protection, a contractual relationship shall be established with the receiver abroad and the content shall include the “Minimum Elements to be Included in the Commitment to be Prepared by Data Controllers in International Data Transfers” published by the KVK Authority.
c. Since one of the legal compliance methods for data transfer abroad requires the explicit consent of the relevant person, explicit consent is requested for this processing activity in accordance with article 5 (1) of the law.
The transfer of personal data in physical environments within the country is carried out directly from the sender to the receiver as much as possible, in addition to meeting the necessary conditions. Indirect or hand-to-hand transfer is preferred only in cases of necessity.
The transfer of personal data in physical environments abroad can only be made to countries where adequate protection will be declared by the Board. If the country to which the transfer will be made is not designated as a country with adequate protection, the information of the KVKK Working Group will be consulted before the transfer.
Personal data can be transferred abroad provided that the processing principles specified under the title of "Lawfulness" in this Policy can be applied in a way specific to the transfer abroad, and the necessary actions are taken accordingly. If the processing basis is not explicit consent, then in addition to the processing basis:
a. It is ensured that there is adequate protection in the foreign country to which the personal data will be transferred or
b. In the absence of adequate protection, a contractual relationship shall be established with the receiver abroad and the content shall include the “Minimum Elements to be Included in the Commitment to be Prepared by Data Controllers in International Data Transfers” published by the KVK Authority.
c. Since one of the legal compliance methods for data transfer abroad requires the explicit consent of the relevant person, explicit consent is requested for this processing activity in accordance with article 5 (1) of the law.
The transfer of personal data in physical environments within the country is carried out directly from the sender to the receiver as much as possible, in addition to meeting the necessary conditions. Indirect or hand-to-hand transfer is preferred only in cases of necessity.
The transfer of personal data in physical environments abroad can only be made to countries where adequate protection will be declared by the Board. If the country to which the transfer will be made is not designated as a country with adequate protection, the information of the KVKK Working Group will be consulted before the transfer.
Personal data can be transferred abroad provided that the processing principles specified under the title of "Lawfulness" in this Policy can be applied in a way specific to the transfer abroad, and the necessary actions are taken accordingly. If the processing basis is not explicit consent, then in addition to the processing basis:
a. It is ensured that there is adequate protection in the foreign country to which the personal data will be transferred or
b. In the absence of adequate protection, a contractual relationship shall be established with the receiver abroad and the content shall include the “Minimum Elements to be Included in the Commitment to be Prepared by Data Controllers in International Data Transfers” published by the KVK Authority.
c. Since one of the legal compliance methods for data transfer abroad requires the explicit consent of the relevant person, explicit consent is requested for this processing activity in accordance with article 5 (1) of the law.
The transfer of personal data in physical environments within the country is carried out directly from the sender to the receiver as much as possible, in addition to meeting the necessary conditions. Indirect or hand-to-hand transfer is preferred only in cases of necessity.
The transfer of personal data in physical environments abroad can only be made to countries where adequate protection will be declared by the Board. If the country to which the transfer will be made is not designated as a country with adequate protection, the information of the KVKK Working Group will be consulted before the transfer.
Data Security
Data Security
Data Security
Administrative and Technical Measures
In all activities carried out by our company, any unlawful processing of personal data, unauthorized access to personal data, and ensuring the protection of personal data will be prevented by taking all necessary technical and administrative measures to ensure an appropriate level of security. Our administrative and technical measures have been publicly declared on the VERBIS platform.
Administrative and Technical Measures
In all activities carried out by our company, any unlawful processing of personal data, unauthorized access to personal data, and ensuring the protection of personal data will be prevented by taking all necessary technical and administrative measures to ensure an appropriate level of security. Our administrative and technical measures have been publicly declared on the VERBIS platform.
Administrative and Technical Measures
In all activities carried out by our company, any unlawful processing of personal data, unauthorized access to personal data, and ensuring the protection of personal data will be prevented by taking all necessary technical and administrative measures to ensure an appropriate level of security. Our administrative and technical measures have been publicly declared on the VERBIS platform.
Data Security Breach
Data Security Breach
Data Security Breach
In the event that personal data processed by our company is acquired unlawfully by third parties, it is required to notify the relevant personal data owners and the KVK Board as soon as possible. To ensure compliance with this obligation, significant incidents regarding personal data security are monitored across our company, and it is assessed whether they constitute a data security breach, and necessary actions are taken. If a data security breach is the case, notification is made to the KVK Board no later than 72 hours from the moment the breach is discovered.
Destruction of Personal Data
The deletion of personal data is the process of making personal data inaccessible in any way for the relevant users.
The destruction of personal data is the process of making personal data inaccessible, irretrievable, and unusable in any way by anyone.
Anonymizing personal data is the process of removing or altering all direct and/or indirect identifiers in a dataset to prevent the identification of the related person or to lose the feature of being distinguishable within a group/crowd in a way that cannot be associated with a real person.
As the data controller, we are obliged to take every technical and administrative measure necessary for the deletion, destruction, or anonymization of personal data. Personal data that have completed their retention period, whether physical or electronic, are identified and destroyed twice a year.
In the event that personal data processed by our company is acquired unlawfully by third parties, it is required to notify the relevant personal data owners and the KVK Board as soon as possible. To ensure compliance with this obligation, significant incidents regarding personal data security are monitored across our company, and it is assessed whether they constitute a data security breach, and necessary actions are taken. If a data security breach is the case, notification is made to the KVK Board no later than 72 hours from the moment the breach is discovered.
Destruction of Personal Data
The deletion of personal data is the process of making personal data inaccessible in any way for the relevant users.
The destruction of personal data is the process of making personal data inaccessible, irretrievable, and unusable in any way by anyone.
Anonymizing personal data is the process of removing or altering all direct and/or indirect identifiers in a dataset to prevent the identification of the related person or to lose the feature of being distinguishable within a group/crowd in a way that cannot be associated with a real person.
As the data controller, we are obliged to take every technical and administrative measure necessary for the deletion, destruction, or anonymization of personal data. Personal data that have completed their retention period, whether physical or electronic, are identified and destroyed twice a year.
In the event that personal data processed by our company is acquired unlawfully by third parties, it is required to notify the relevant personal data owners and the KVK Board as soon as possible. To ensure compliance with this obligation, significant incidents regarding personal data security are monitored across our company, and it is assessed whether they constitute a data security breach, and necessary actions are taken. If a data security breach is the case, notification is made to the KVK Board no later than 72 hours from the moment the breach is discovered.
Destruction of Personal Data
The deletion of personal data is the process of making personal data inaccessible in any way for the relevant users.
The destruction of personal data is the process of making personal data inaccessible, irretrievable, and unusable in any way by anyone.
Anonymizing personal data is the process of removing or altering all direct and/or indirect identifiers in a dataset to prevent the identification of the related person or to lose the feature of being distinguishable within a group/crowd in a way that cannot be associated with a real person.
As the data controller, we are obliged to take every technical and administrative measure necessary for the deletion, destruction, or anonymization of personal data. Personal data that have completed their retention period, whether physical or electronic, are identified and destroyed twice a year.
This Policy has come into effect on the date of .......... The Policy may be updated to comply with changing conditions and legislation.
This Policy has come into effect on the date of .......... The Policy may be updated to comply with changing conditions and legislation.
This Policy has come into effect on the date of .......... The Policy may be updated to comply with changing conditions and legislation.
Contact Us
Hamidiye Neighborhood, Cendere Avenue, No: 103/2 Porta Vadi T3 Block, Floor: 6 No: 52 34398, Kağıthane, Istanbul, Turkey
T- +90 212 979 67 07
F- +90 212 979 27 07
Contact Us
Hamidiye Neighborhood, Cendere Avenue, No: 103/2 Porta Vadi T3 Block, Floor: 6 No: 52 34398, Kağıthane, Istanbul, Turkey
T- +90 212 979 67 07
F- +90 212 979 27 07
Contact Us
Hamidiye Neighborhood, Cendere Avenue, No: 103/2 Porta Vadi T3 Block, Floor: 6 No: 52 34398, Kağıthane, Istanbul, Turkey
T- +90 212 979 67 07
F- +90 212 979 27 07
Contact Us
Hamidiye Mah. Cendere Cad. No: 103/2
Porta Vadi T3 Block Floor: 6 No: 52 34398,
Kağıthane, Istanbul, Turkey
T- +90 212 979 67 07
F- +90 212 979 27 07
Contact Us
Hamidiye Neighborhood, Cendere Avenue, No: 103/2 Porta Vadi T3 Block, Floor: 6 No: 52 34398, Kağıthane, Istanbul, Turkey
T- +90 212 979 67 07
F- +90 212 979 27 07