CLARIFICATION ON THE PROCESSING OF PERSONAL DATA
İDEA Moda Konf.San.Ve Tic.Ltd Şti, which operates under the brand of PARTNERS OF TOMORROW, has the title of "data controller" within the scope of the Personal Data Protection Law (KVKK) numbered 6698. This text has been prepared in order to provide clarification on personal data processing activities carried out in accordance with Article 10 of KVKK.
What Are Your Personal Data Processed?
Your personal data are collected by our Company through different channels and on the basis of legal reasons to comply with the legislation and Company policies in order to carry out our activities. Your personal data may be processed and transferred; In accordance with the basic principles stipulated by KVKK and within the personal data processing conditions and purposes specified in Articles 5 and 6 of the KVKK, for the purposes stipulated under this clarification text. In this context, the following personal data are processed.
Identity information (name-surname, place of birth, date of birth, age, RT ID number, etc.), contact information (e-mail address, telephone number, mobile phone number, address), technical, administrative, legal and commercial Personal data processed in order to ensure our company’s and related party’s security (e.g. information such as the website password that shows that the transaction associated with the personal data owner and that person is authorized to perform that transaction), personal data processed in order to manage the commercial, technical and administrative risks of our company (eg. IP address, Mac ID etc.) and financial information regarding payment and health records for our employees are processed within the scope of personal data.
Reasons for Personal Data Processing:
Your personal data collected; In accordance with the basic principles stipulated by KVKK and within the personal data processing conditions and purposes specified in Articles 5 and 6 of the KVKK, for the following purposes:
-
To be able to execute works and transactions as a result of contracts and protocols signed
-
To ensure the fulfillment of legal obligations as compulsory or required by legal regulations.
-
To carry out human resources processes.
-
To provide corporate communication.
-
To ensure the security of the institution,
-
To be able to perform statistical studies.
-
To be in contact with real / legal persons who have a business relationship with the institution.
-
To issue legal reports.
-
For obligation to prove as evidence in future legal disputes
Our Personal Data Collection Method
Your personal data is collected with non-automatic means, on condition to be part of fully or partially automated data recording system. We would like to state that permission is obtained for all kinds of personal data transactions, except where the relevant legislation allows processing (including transfers) without express consent from the person concerned, and that unauthorized processing is not performed.
To Whom and For What Purpose the Processed Personal Data Can Be Transferred
Your personal data collected; In accordance with the basic principles stipulated by KVKK and within the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVKK, for the following purposes; can be transferred to our business partners, suppliers, legally authorized public institutions and private persons by our institution:
-
To be able to execute works and transactions as a result of contracts and protocols signed
-
To ensure the fulfillment of legal obligations as compulsory or required by legal regulations.
-
Carrying out the necessary works by the relevant business units and carrying out related business processes,
-
Planning and execution of the services and business strategies provided by our institution,
-
Ensuring the legal, technical and commercial business security of our institution and the persons who are in business relations with our institution,
-
Following op of finance, accounting and legal affairs.
Personal Data Retention Period
Although no period has been determined for the storage of personal data within the scope of the KVKK, it is essential that personal data are kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed, in accordance with general principles. Our company makes an assessment based on the legislation in force regarding each data processing process and the purpose of the process in order to determine the retention periods in accordance with the aforementioned principle. In this respect, our Company keeps personal data at least for the period required by legal obligations and in any case until the relevant statute of limitations expires. Our company anonymizes, deletes, or destroys personal data in accordance with the Law, when the purpose of processing the relevant personal data is eliminated within the scope of any process, including the expiration of the aforementioned periods. Within the scope of the law, anonymization is defined as "Making personal data unrelated to an identified or identifiable real person in any way, even by matching it with other data" and our Company's anonymization activities are carried out in accordance with the applicable legislation.
Your Rights as Data Subject and Exercise of Rights
As a data subject in accordance with Article 11 of KVKK; you have right to;
(a) to learn whether your personal data has been processed,
(b) To demand information in case the personal data has been processed,
(c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose, (ç) To know the third parties to whom personal data are transferred in land or abroad
e) To request correction of your personal data in case your data is incomplete or incorrectly processed,
f) To request the deletion or destruction of your personal data within the conditions stipulated in article 7 of the Law,
(f) to request notification of the circumstance to third parties to whom personal data are transferred, in case of correction or deletion / destruction of data
(g) To make objection in the event of an occurrence of an unfavorable result in case your personal data is processed exclusively by means of automated systems,
(ğ) To claim for your loss in case you have damages because your personal data has been processed in illegal manner.
You are required to submit your requests regarding the implementation of the KVKK in writing personally or through a notary or other methods determined by the Personal Data Protection Board to our Institution. The requests included in your application will be finalized as soon as possible, within thirty days at the latest, from the date the request is received and depending on the nature of the request and will be notified to you in writing or electronically by our institution. Our company reserves the right to charge a fee on the fee schedule (if any) determined by the Personal Data Protection Board regarding the requests. You may forward your applications related with your rights listed above by using KVKK Application Form accessible at [email protected] address, mersis no:0470056793900011.
Protection of Your Data
In order to prevent unlawful processing of your personal data, to prevent unauthorized access to personal data and to ensure the protection of personal data, our Institution or the relevant institution has taken the necessary precautions according to the nature of the information and transaction, in the systems and internet infrastructure, within the technological possibilities and cost elements, with appropriate technical and administrative methods. Our institution conducts internal audits within the scope of Article 12 of the KVKK. Necessary information has been provided to our data processing personnel within the scope of KVKK, and studies are carried out to raise awareness on the protection of personal data.
It is respectfully announced to the entire IDEA family.
İDEA MODA
PERSONAL DATA RETENTION AND DESTRUCTION
PROCEDURE
PREPARED BY : Human Resources
APPROVED BY : COMPANY DIRECTOR
- PURPOSE AND SCOPE
Personal data of employees, employee candidates, employees of third parties, institutions, or organizations with whom they are in contact as customers and service providers, and personal data of other third parties are processed by İDEA
This procedure has been prepared as a guide in order to ensure that the retention and destruction processes of the data processed by IDEA in accordance with the law are carried out in accordance with the regulations in the Personal Data Protection Law No.6698 (“KVK Law”).
All departments of IDEA are responsible for complying with and observing this procedure prepared in accordance with IDEA Personal Data Retention and Destruction Policy (IDEA KVK Policy).
This procedure, prepared in accordance with the IDEA KVK Policy, will be a source of advice and guidance for Human Resources in the implementation of standards and training activities within IDEA. All personnel in İDEA MODA are obliged to comply with IDEA procedure and cooperate with Human Resources in preventing risks / dangers.
B. DEFINITIONS
The terms used in the legislation, IDEA KVK Policy and procedure are listed below.
- Personal Data: All kinds of information pertaining to an identified or identifiable real person.
- Sensitive Personal Data: Individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
- Biometric Data: One or more physical or behavioral characters that enable the identification or verification of the person, such as fingerprint, palm print, face, iris, retina, ear, voice, signature, gait, hand vein, body odor or DNA information.
- Data subject / Relevant Person: The real person whose personal data is processed. For example; Customers
- Explicit Consent: A consent based on information on a particular subject, which is stated with free-willed and in informed manner in advance.
- Processing of Personal Data: Any action taken on the data, such as blocking, obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying, or using personal data through fully or partially automatic means or non-automatic means provided that they are part of any data recording system.
- Data processor: The natural or legal person who processes personal data on behalf of the data controller based on the authority given by him.
- Destruction: Deletion, destruction, or anonymization of personal data.
- Anonymizing: Making personal data unrelated to a certain or identifiable natural person under any circumstances, even by matching other data.
- Recording Media: All kinds of media, where personal data is processed fully or partially automated or part of any data recording system, provided that the non-automatic means of processing.
- The Board: Personal Data Protection Board.
C. BASIC PRINCIPLES ADOPTED BY IDEA MODA IN THE PROTECTION OF PERSONAL DATA
Due to the fact that the legal order is one of the cornerstones of social life, IDEA complies with the general rules of law since its establishment and makes maximum effort to protect the rights and interests of individuals.
All employees, whether they are involved in data processing, protection, or transmission activities within the scope of IDEA activities, should adopt the basic principles listed below and act in accordance with these principles.
Personal Data is information that needs to be highly protected within the scope of human rights. Personal data includes all kinds of information that belongs to the person and enables the identification of the person, and therefore, its protection constitutes the superior benefit of the data subject. Therefore, care and attention must be paid to data collection, processing, transfer, storage and destruction stages, and maximum compliance with the information provided in both training and this procedure is required.
D. IMPLEMENTATION OF THE POLICY AND RESPONSIBILITIES
All units and employees of İDEA actively support the responsible departments of the policy in the appropriate implementation of the technical and administrative measures taken within the scope of the Policy, the training and awareness of the employees of the unit, their monitoring and continuous auditing, preventing the illegal processing of personal data, preventing unlawful access to personal data and personal data, and the units in charge of taking technical and administrative measures to ensure data security in all environments where personal data are processed in order to ensure legal retention.
The titles and job descriptions of those involved in the retention and destruction processes of personal data are as follows:
- Company Director : He/she is responsible for the employees to act in accordance with the policy and procedure.
- IT expert: He/she is responsible for providing the technical solutions needed in the implementation of the policy.
- Personnel of other units: They are responsible for the execution of the Policy in accordance with their duties.
- STORAGE MEDIA
Personal data is stored securely in accordance with the law in the media listed below:
- Non-electronic Media
- Paper
- Manual data recording systems (survey forms, visitor logbook)
- Written, printed and visual media
- Electronic media
- Servers (Domain, backup, e-mail, database, web, file sharing etc.);
- Software (office software, Nebim, VCloud.)
- Information security devices (firewall, intrusion detection and blocking, log file, antivirus, etc.)
- Personal computers (Desktop, laptop);
- Mobile Devices (phone, tablet, etc.);
- Optical discs (CD, DVD, etc.)
- Removable sticks (USB, Memory Card etc.)
- Printer, scanner, copier
- PRINCIPLES REGARDING THE RETENTION OF PERSONAL DATA
By IDEA; Personal data belonging to employees, candidates for employees, customers and employees of third parties, institutions or organizations with whom they are related as service providers are retained in accordance with the Law and are destroyed after being kept for the period stipulated in the relevant legislation or for the purpose for which they are processed.
-
- Processing Purposes Requiring Retention: IDEA retains the personal data it processes within the framework of its activities for the following purposes. Personnel will not process or store data that will not be used for these purposes.
- To carry out human resources processes.
- To provide corporate communication.
- To ensure the security of the institution,
- To be able to perform statistical studies.
- To be able to execute works and transactions as a result of contracts and protocols signed
- To ensure the fulfillment of legal obligations as compulsory or required by legal regulations.
- To be in contact with real / legal persons who have a business relationship with the institution.
- To issue legal reports.
- For obligation to prove as evidence in future legal disputes
-
- Ensuring the Security of Personal Data
IDEA personnel should take all necessary precautions according to the nature of the data to be protected, within the bounds of possibility, in order to prevent the unlawful disclosure and transfer of personal data, unauthorized access to personal data, or any security deficiencies that may occur in other ways. In this context;
- Administrative Measures are as follows:
- Before starting to process personal data, the obligation to inform the relevant persons must be fulfilled by the personnel.
- Personnel must perform data processing and transfer in accordance with the Personal Data Processing and Protection procedure.
- Personnel should immediately report any violations and vulnerabilities of administrative and / or technical security to the Company Manager or HR.
- Technical Measures: Personnel will apply the following safety rules.
Mail Usage Rules
- E-mail addresses name[email protected] defined for employees should definitely be used for communication about workplace affairs.
- Emails containing chain messages and any executable files attached to the messages should be deleted immediately when received and never forwarded to others.
- Employees must prevent their messages from being read by unauthorized persons. Therefore, a password should be used, and hardware / software systems used for e-mail access should be protected against unauthorized access.
- The users are responsible for the security of the password of the e-mail address defined to them by the employer and the legal proceedings arising from the e-mails sent. They are obliged to contact the authorities and inform them about the situation ss soon as they realize that the passwords have been intruded.
- Employees who quit cannot use the corporate e-mail system. The user to whom a e-mail address is defined should notify the HR unit as soon as possible of the change in the workplace due to unit change, retirement or leaving the job.
Password Usage Rules
- All user level passwords (eg, e-mail, web, desktop computer, etc.) must be changed at least every six months. Recommended changing period is every three months.
- Passwords should not be attached to e-mail messages or any electronic form.
- Passwords should not be shared with anyone else and should not be written on paper or electronic media.
- Passwords must include lowercase and uppercase characters (eg, az, AZ), both digit and punctuation characters, as well as letters (eg 0-9,! '^ +% & / () =? _; *).
- Passwords must have at least six alphanumeric characters.
- It should not be a slang, dialect or technical word in any language.
- Family names should not be used.
- No password should be given to any person on the phone.
- Password should not be typed in e-mail messages.
- Passwords should not be shared with family members.
- Passwords should not be given to colleagues when you are away from work.
- A username and password should not be used on more than one computer.
- Password cracking and guessing operations can be done periodically. In case the passwords are guessed or broken as a result of the security scan, the user will be asked to change their password.
Antivirus Policy
- Licensed antivirus software of the workplace must be installed on the whole computer and its operation should not be prevented.
- No user can uninstall the antivirus program from the system for any reason and cannot install any other antivirus software on the system.
Internet Usage Policy
- No user will be allowed to use the services on the internet via peer-to-peer connection. (For example;KaZaA, iMesh, eDonkey, Gnutella, Napster, Aimster, Madster, FastTrak, Audiogalaxy, MFTP, eMule,Overnet, NeoModus, Direct Connect, Asquisition, BearShare, Gnucleus, GTK- Gnutella, LimeWire,Mactella, Morpheus, Phex, Qtella, Shareaza, XoLoX, OpenNap, WinMX. etc)
- Chat programs such as Messenger, whatsapp etc. massaging and chat programs should not be used over network except for official conversations, and exchanging files over these chat programs should not be allowed.
- Software that is not approved by the workplace cannot be downloaded over the Internet and this software cannot be installed or used on workplace systems.
General Usage Policy
- In case the computer should be left unattended for a long time, the computer should be locked and the access of third parties to the information should be prevented.
- Laptop computers should be more carefully protected against security breaches. Operating system passwords must be activated.
- In case the company has a domain structure, it must be logged in. In this case, computers that are not connected to the domain should be removed from the local network, and information should not be exchanged between devices on the local network and such devices.
- In case the laptop is stolen / lost, the Human Resources department should be informed as soon as possible.
- All users are responsible for the security of their own computer system. The owner of the system is responsible for the attacks (eg electronic banking, e-mail with insult-politics content, user information, etc.) that may arise from these computers.
- It should not be engaged in any actions that would disrupt network security (for example, if a person wants to access servers although he is not authorized) or network traffic (packetsniffing, packetspoofing, denial of service, etc.).
- No port or network scanning should be performed.
- Any activity that threatens the security of the network should be avoided. DoS attack, port-network scan, etc. should not be done.
- Company information should not be transmitted to third parties outside the company.
- No peripheral connection should be made on the users' personal computers without the consent of the HR unit.
- It is forbidden to take device, software, and data outside the workplace without permission
- It is forbidden to install and use programs that are of unknown origin (magazine CDs or programs downloaded from the internet, etc.), except for the software used by the company.
- Unauthorized personnel are prohibited from seeing or obtaining confidential and sensitive information in the company.
- Special attention should be paid to the confidentiality and privacy of corporate or personal data. Such data cannot be given to third parties and institutions in electronic or paper environment, without prejudice to the provisions of the relevant legislation in the workplace.
- Personnel are responsible for the security of the corporate information on their desktop and laptop computers allocated to them and used for company works.
- Personnel authorized by the HR department can access the employee's computer and perform security, maintenance, and repair operations on-site or remotely without notifying the user. In this case, authorized personnel providing remote maintenance and support services cannot view, copy, or change personal or corporate information on the personal computer.
- There should be no computers and devices in the Network System (web hosting, e-mail service, etc.) in the form of a server without the knowledge of the HR unit in the company.
- Network settings, user definitions, resource profiles etc. existing settings on computers should not be changed in any way, except for the responsible Human Resources personnel in the units and the relevant technical personnel.
- Unlicensed programs should not be installed on computers in any way. The personnel who keeps the unlicensed software on their computers shall be responsible for this personally against the relevant laws.
- Unless necessary, computer resources should not be shared, and if the resources are shared, the rules of password use must be observed.
- When a problem occurs on the computer, it should not be intervened by unauthorized persons, and HR personnel should be notified.
-
- Retention Periods of Personal Data
The retention periods of personal data based on processes are as follows. Following the expiration of this period, they are destroyed in the first periodic destruction period.
Contracts
|
10 years following termination of the contract
|
All Records Regarding Accounting and Financial Transactions
|
10 years
|
Commercial Electronic Mail Confirmation Records
|
1 Year from the date of withdrawal of approval
|
|
|
Personal Data Regarding Suppliers
|
10 years after the legal relationship ends
|
Data kept within the scope of SSI Legislation (Ex: Employment declarations, premium / service documents etc.)
|
10 years from the termination of the employment relationship
|
Data Regarding Personal File Stored Under Labor Law
|
10 years from the termination of the employment relationship
|
Data Stored within the Scope of Labor Law (For example, severance pay, notice pay, malicious intent compensation, information that may be subject to compensation for violation of the principle of equal treatment, payroll records, number of annual leave days, etc.)
|
5 years from the termination of the employment relationship
|
Data Collected Within the Scope of Occupational Health and Safety Legislation (For example: Recruitment health tests, health reports, OHS Trainings, Occupational Health and Safety activities records etc.)
|
15 years from the termination of the employment relationship
|
Pursuant to the Labor Law: Responding to court / executive information requests regarding the employee
|
10 years from the termination of the employment relationship
|
Job Application / Internship Application / Data Regarding Candidate Applications If Application Is Not Accepted (For example: CV, Resume, Cover Letter, Application Form etc.)
|
3 months
|
Log in records of Employees' Access to Media Containing Personal Data
|
10 years from the termination of the employment relationship
|
Personal Data Regarding Tax Records
|
5 years
|
Personal Data Processed with Documents such as Invoice / Expense receipts/ Receipt to be Kept in Accordance with the Tax Procedure Law
|
5 years
|
Fiscal Books to be kept in Accordance with Company Activities, Documents Created Based on Records in Fisal Books, Financial Statements etc. Personal Data Processed
|
10 years
|
Personal Data Processed for Security Purposes by CCTV Cameras (Camera Records)
|
3 months
|
Records of Seminar / Meeting Participants
|
2 Years From The End Of The Event
|
Corporate Communication Activities
|
10 Years From The End Of The Activity
|
Human Resources Processes
|
10 Years From The End Of The Activity
|
Personal Data Protection Board Transactions
|
10 years
|
- DESTRUCTION OF PERSONAL DATA
- Causes Requiring Destruction: Personal data are deleted, destroyed or ex officio deleted, destroyed or anonymized by IDEA upon request of the person concerned in the following cases;
- The amendment or abolition of the relevant legislation provisions that form the basis of its processing,
- Disappearance of the purpose requiring the processing or retention of personal data,
- In cases where the processing of personal data takes place only on the basis of express consent, the person concerned withdraws his explicit consent,
- In accordance with Article 11 of the Law, the application made by IDEA regarding the deletion and destruction of personal data within the framework of the rights of the person concerned,
- In cases where the İDEA rejects the application made by the person concerned with the request for deletion, destruction or anonymization of his/her personal data, or in case his/her response is found to be insufficient or does not respond within the period stipulated in the Law; Making a complaint to the Board and approval of this request by the Board,
- Maximum period for the retention of personal data has passed, there are no conditions that would justify the retention of personal data for a longer period.
- Destruction Techniques: At the end of the period stipulated in the relevant legislation or the retention period required for the purpose for which they are processed, the personal data is destroyed by İDEA, either on its own initiative or upon the application of the relevant person, using the following techniques in accordance with the provisions of the relevant legislation.
b.a. Deletion of Personal Data
- Personal Data on Servers; For those who have expired from the personal data on the servers, the system administrator (HR) removes the access authorization of the relevant users and deletes them.
- Personal Data in Electronic Environment: Those who have expired from personal data in electronic environment are made inaccessible and unavailable in any way for other employees (relevant users), except for the database manager (HR).
- Personal Data in Physical Environment: Personal Data It is made inaccessible and unavailable in any way for other employees, except for the department manager responsible for the document archive, for those who require the retention of personal data kept in a physical environment. In addition, the blackening process is also applied by scratching / painting / wiping it in an illegible way.
- Personal Data on Portable Media: Of the personal data kept in flash-based storage media, those that have expired are stored in secure environments with encryption keys, encrypted by the system administrator (HR) and the access authority is given only to the system administrator (HR).
b.b. Destruction of Personal Data
- Personal Data in Physical Environment: Those who have expired from the personal data in the paper environment, are irreversibly destroyed in the paper shredding machines.
- Personal Data on Optical / Magnetic Media: Physical destruction, such as melting, burning or pulverizing the personal data in optical media and magnetic media, is applied for those retained in optical and magnetic media and the term for retention is expired. In addition, magnetic media is passed through a special device and exposed to a high magnetic field, making the data on it unreadable.
b.c. Making Personal Data Anonymous
Personal data are rendered unrelated to a natural person whose identity is known or can be determined even by the use of appropriate techniques in terms of the recording medium and the relevant field of activity, such as the return of the data by the data controller or third parties and / or matching the data with other data.
- Destruction Process and Periods
c.a. The process of ex officio deletion, destruction or anonymization for personal data whose retention periods have expired in IDEA is carried out by Human Resources.
c.b. Unless a contrary decision is taken by the Board, the appropriate method of ex officio deletion, destruction, or anonymization of personal data whose retention periods have expired in IDEA are selected. In case of destruction of personal data at the request of the person concerned, the appropriate method is selected and applied by explaining the reason.
c.c. Periodic destruction period : In accordance with Article 11 of the Regulation concerned with the Deletion, Destruction or Anonymization of Personal Data, IDEA performs periodic destruction in April and October every year.
In the first periodic destruction process following the date when the obligation to delete, destroy or anonymize personal data is emerged, personal data are deleted, destroyed or anonymized.
c.d. All transactions regarding the deletion, destruction and anonymization of personal data are recorded, and the said records are kept for at least 3 years, excluding other legal obligations.
c.e. Periods for deletion and destruction of personal data, if requested by the data subject: In case the person concerned requests the deletion or destruction of his/her personal data by applying to IDEA pursuant to Articles 11 and 13 of the Law;
-
-
- In case all the conditions for processing personal data have disappeared ; Within thirty days at the latest, the personal data subject to the request is deleted, destroyed or anonymized and the relevant person is informed.
- In case all the conditions for processing personal data have disappeared and the personal data subject to the request is transferred to third parties , the request of the relevant person is notified to the third party; It is ensured that the necessary procedures are carried out within the scope of the Regulation on the Deletion, Destruction or Anonymization of Personal Data before the third party.
- In case all the conditions for processing personal data are not eliminated; It is rejected within thirty days at the latest, with the explanation of the reason, and the response is notified to the relevant person in writing or electronically.
F- DISCIPLINARY PROVISIONS
The provisions of this procedure are in the form of an annex to the employment contract and the provisions regarding disciplinary practices and termination of the contract are applied in the "HR DIRECTIVE", which is an annex to the employment contract and received and signed by the personnel, for the personnel who do not comply with the rules of the procedure.
G- UPDATING
This procedure, which is prepared in accordance with the IDEA Personal Data Processing, Protection and Privacy Policy (IDEA KVK Policy) and takes effect from the moment it is approved by the Company Director, is reviewed and the necessary sections are updated as needed. With the approval of the Company Director, this Procedure may be amended and put into effect. In case of conflict with the legislation in force, especially the KVK Law, and the regulations included in this Procedure, the provisions of the legislation are applied.
CLARIFICATION FOR THE APPLICATION FORM
IN ACCORDANCE WITH THE LAW ON PROTECTION OF PERSONAL DATA
In case Data data subject desires to exercise his/her following right/rights under article 11 of KVKK,
(a) to learn whether your personal data has been processed,
(b) To demand information in case the personal data has been processed,
c) To learn the purpose of processing your personal data and whether they are used accordingly,
(ç) To know the third parties in which your personal data is transferred in land or abroad,
(d) To request correction of your personal data in case your data is incomplete or incorrectly processed,
(e) To request the deletion or destruction of your personal data within the conditions stipulated in article 7 of the Law,
(f) to request notification of the circumstance to third parties to whom personal data are transferred, in case of correction or deletion / destruction of data
(g) To make objection in the event of an occurrence of an unfavorable result in case your personal data is processed exclusively by means of automated systems,
(ğ) To claim for your loss in case you have damages because your personal data has been processed in illegal manner.
The data subject is required to submit his/her relevant requests in writing personally or through a notary or other methods determined by the Personal Data Protection Board to our Institution.
The requests included in your application will be finalized as soon as possible, within thirty days at the latest, from the date the request is received and depending on the nature of the request, and will be notified to you in writing or electronically by our company. Our company reserves the right to charge a fee on the fee schedule (if any) determined by the Personal Data Protection Board regarding the requests.
* It is mandatory for the persons who will apply personally to submit documents proving their identity.
|
|
|
** We kindly ask you to write "Personal Data Protection Law Relevant Person Request" in the notification envelope of the application form or in the subject part of the e-mail.
|
Our application addresses
Application Method
|
Application Address
|
Written application in person
|
Fatih Mah. Yakakent Cad. Beşyol Mevkii Alaçam Samsun
|
Application through a notary
|
Fatih Mah. Yakakent Cad. Beşyol Mevkii Alaçam Samsun
|
Application to our registered electronic mail (KEP) address by signing with secure electronic signature or mobile signature
|
|
Application from your e-mail address previously notified to our company and registered in the system
|
|
Please click for the Application Form