Clarification About Privacy Rules

The necessary precautions for the security of the data and transactions provided by the visitor / Member have been taken by our Company or the relevant organization in the systems and internet infrastructure, within the technological possibilities and cost elements, with appropriate technical and administrative methods, depending on the nature of the data and transaction.

Data entered to our site for membership and information updates, as well as confidential information about credit and debit cards, cannot be viewed by other internet users.

Your credit card information requested on the payment page cannot be stored on https://www.partnersoftomorrow.com or the servers of the companies that serve it, in order to keep the security of our valued members at the highest level.

However, since the data in question is entered from the Visitor’s/Member’s device, it is the responsibility of the Visitor/Member to take the necessary measures, including those related to viruses and similar harmful applications, in order to be protected by the Visitor/Member and not to be accessed by unrelated persons. 

Except for the situations and reasons stated in our clarification letter regarding the processing of personal data; https://www.partnersoftomorrow.com does not allow your personal information to be shared with third parties and institutions, your personal data that you provided to https://www.partnersoftomorrow.com  is not rented, sold or shared with any person or institution in any way. Click here to reach the clarification text on personal data processing activities carried out by.”İDEAMODA KONFEKSİYON SANAYİ VE TİCARET LTD. ŞTİ̇.

¨ (Access to the KVKK clarification text with a button should be provided)

The SELLER may convey the information obtained during our members’ membership to the INTERNET SITE to the relevant Authorities and Courts when required by law.

Application Addresses:

 

 

İDEA MODA
DATA SUBJECT APPLICATION FORM IN ACCORDANCE WITH ART. 11 OF KVK

  1. INFORMATION OF THE APPLICANT
  • Name-Surname                    :……………………………………………………………………………..
  • R.T. Identification Number   : ……………………………………………………………………………..
  • Mailing Address ……………………………………………………………………………..
  • E-mail address ……………………………………………………………………………..
  • Telephone Number: ……………………………………………………………………………..
  • In case the applicant is a "parent / guardian or other legal representative", the data subject's Name-Surname ……………………………………………………………………………..

2. YOUR RELATIONSHIP WITH IDEA

Customer                                   

Commercial Relationship (Please specify the nature of the commercial relationship)                                                 

☐Former Personnel (Please specify date of your employment)    

Job Application / Resume sharing (specify date)

Other (please specify) ……………………………………

3. YOUR REQUEST

In accordance with the law, you can make a request on the following issues. Mark your request with X. Requests on other matters are not covered by this Law, therefore, we request you to convey requests on other matters to the relevant units. 

I want to know whether your company is processing personal data about me. Personal Data Protection Law Art. 11/1 (a)

If your company has processed personal data about me, I request information on this issue.  Personal Data Protection Law Art. 11/1 (b)

If your company is processing personal data about me, I request information about the purpose of processing and whether they are used for their intended purpose. Personal Data Protection Law Art. 11/1 (c)

If my personal data is transferred to third parties in land or abroad, I want to know these third parties. Personal Data Protection Law Art. 11/1 (ç)

I believe that my personal data was incomplete or incorrectly processed and i request this circumstance be corrected. (If you have selected this option, write your personal data that you want corrected in the field below and send the documents showing correct and supplementary information as attachment. (Photocopy of identity card etc.) Personal Data Protection Law Art. 11/1 (d)

Although my personal data has been processed in accordance with the provisions of the law and other related laws, I think that the reasons for processing have disappeared and within this framework, so, I request my personal data; Personal Data Protection Law Art. 11/1 (e)

I request my personal data that I believe processed incompletely or incorrectly be corrected before third parties to whom my personal data has been transferred. (If you have selected this option, write your personal data that you want to be corrected in the field below and send the documents showing correct and supplementary information as attachment. (Photocopy of identity card etc.) Personal Data Protection Law Art. 11/1 (f)

Although my personal data has been processed in accordance with the provisions of the law and other related laws, I think that the reasons for processing have disappeared and within this framework, so, I request my personal data be deleted before the third party to whom my personal data we transferred; Personal Data Protection Law Art. 11/1 (f)

I believe that my personal data processed by your company are analyzed exclusively through automated systems, and as a result of this analysis, I may encounter a unfavorable consequence. I object to this conclusion. (Write the analysis result that you think is unfavorable to you in the field below and send the documents supporting your objection as attachment.)  Personal Data Protection Law Art. 11/1 (g)

I suffered damages due to the illegal processing of my personal data. I demand compensation for this damage. (Write the subject of the violation in the field below and send the supporting documents as an attachment. Court decision, Board decision, Documents showing the amount of material damage, etc. ) Personal Data Protection Law Art. 11/1 (h)

Please specify your request, which you have marked above within the scope of the KVK Law, in detail below:

Please indicate if you have additional documents that you want to base your application on and send them to us as an attachment to your petition.

5- TO WHICH ADDRESS YOU WANT THE ANSWER TO BE SENT

I request it to be sent to my mailing address.

I request it to be sent to my e-mail address.

I request to receive it by hand. (In case of receipt by proxy, a notarized power of attorney is required.)

İDEA always reserves the right to request additional information and documents certifying your identity in order to prevent unlawful sharing of your personal data with third parties and to ensure the security of your personal data.

I acknowledge, declare and undertake that the personal data I have shared with the Company in this application form are accurate and up-to-date, that I have not made unauthorized applications, and that I know that any legal and / or criminal liability that may arise otherwise will belong to me.

Name, Surname and Signature of the Applicant

 

 

 

İDEA MODA

PERSONAL DATA RETENTION - DESTRUCTION

POLICY

PREPARED BY                       : Human Resources

APPROVED BY                      : COMPANY DIRECTOR

VERSION HISTORY

Version No

Version Date

Amendment Description

1

…/…/… Date of issuance

ALL

 

INDEX

                                                                                                         Page number

A. PURPOSE AND SCOPE .....................................................................................3

B. DEFINITIONS .....................................................................................................3

 

  1. IMPLEMENTATION OF THE POLICY AND RESPONSIBILITIES............................4

 

D. STORAGE MEDIA ................................................ ............................................ 4

  1. Non-electronic media ………………………………………………………………………….4
  2. Electronic media ………………………………………………………………………………….4

E. PRINCIPLES REGARDING THE RETENTION OF PERSONAL DATA…………………..5

  1. Legal Reasons Requiring Retention……………….…………………………………….5
  2.  Processing Purposes Requiring Retention…………………………………………..5
  3. Ensuring the Security of Personal Data………………………………………………..5
  1. Administrative Measures Taken …………………………………………………. 6
  2. Technical Measures Taken ……………………………………………………………6
  1. Retention Periods of Personal Data……………………………………………………..8

  1. DESTRUCTION OF PERSONAL DATA……………………………………………………………9
    1. Causes Requiring Destruction………………………………………………………………9
    2. Destruction Techniques …………………………………………………………………….10

b.a. Deletion of Personal Data……………………………………………………………10

b.b. Destruction of Personal Data……………………………………………………….11

b.c. Anonymizing Personal Data………………………….………………………………11

    1. Destruction Process and Periods…………………………………………………………11

G- PUBLISHING AND STORING THE POLICY ……………………………………………………12

H- UPDATING THE POLICY ……………………………………………………………………………..12

  

  1. PURPOSE AND SCOPE

IDEA MODA Retention-Disposal of Personal Data Policy ("IDEA MODA KVK Policy") has been prepared in order to determine the procedures and principles regarding the operations and transactions related to the retention and disposal activities carried out.

Personal data belonging to IDEA MODA employees, candidates for employees, visitors, and employees of third parties, institutions or organizations with whom they are in contact as service providers and personal data of other third parties are within the scope of this Policy and all records where personal data owned or managed by IDEA MODA are processed and all activities related with processing of such date are subject this Policy.

  1. DEFINITIONS

The terms used in the legislation and also in the IDEA MODA KVK Policy are listed below.

  1. Personal Data: All kinds of information pertaining to an identified or identifiable real person.
  2. Sensitive Personal Data: Individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
  3. Personal Data subject / Relevant Person: The real person whose personal data is processed. For example; Customers and employees.
  4. Explicit Consent: A consent based on information on a particular subject, which is stated with free-willed and in informed manner in advance.
  5. Processing of Personal Data: Any action taken on the data, such as blocking, obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying, or using personal data through fully or partially automatic means or non-automatic means provided that they are part of any data recording system.
  6. Data processor: The natural or legal person who processes personal data on behalf of the data controller based on the authority given by him.
  7. Destruction: Deletion, destruction, or anonymization of personal data.
  8. Anonymizing: Making personal data unrelated to a certain or identifiable natural person under any circumstances, even by matching other data.
  9. Recording Media: All kinds of media, where personal data is processed fully or partially automated or part of any data recording system, provided that the non-automatic means of processing.
  10. Receiver group: The category of natural or legal persons to whom personal data is transferred by the data controller,
  11. Law on Protection of Personal Data: Personal Data Protection Law No.6698, dated 24 March 2016, published in the Official Gazette dated April 7, 2016 and numbered 29677.
  12. KVK Board: Personal Data Protection Board.
  13. KVK Institution: Personal Data Protection Institution.

  1. IMPLEMENTATION OF THE POLICY AND RESPONSIBILITIES

All units and employees of the İDEA MODA actively support the responsible departments of the policy in the appropriate implementation of the technical and administrative measures taken within the scope of the Policy, the training and awareness of the employees of the unit, their monitoring and continuous auditing, preventing the illegal processing of personal data, preventing unlawful access to personal data and personal data, and the units in charge of taking technical and administrative measures to ensure data security in all environments where personal data are processed in order to ensure legal retention.

The titles and job descriptions of those involved in the retention and destruction processes of personal data are as follows:

  • Company Director                    : He/she is responsible for the employees to act in accordance with the policy.
  • HR Officer: He/she is responsible for providing the technical solutions needed in the implementation of the policy.
  • Personnel of other units: He/she is responsible for the execution of the Policy in accordance with his duties.

  1. STORAGE MEDIA

Personal data is stored securely in accordance with the law in the media listed below:

  1. Non-electronic Media
  1. Paper
  2. Manual data recording systems (survey forms)
  3. Written, printed and visual media
  1. Electronic media
  1. Servers (Domain, backup, e-mail, database, web, file sharing etc.);
  2. Software (office software, Nebim, VCloud.)
  3. Information security devices (firewall, intrusion detection and blocking, log file, antivirus, etc.) 
  4. Personal computers (Desktop, laptop);
  5. Mobile Devices (phone, tablet, etc.);
  6. Optical discs (CD, DVD, etc.)
  7. Removable sticks (USB, Memory Card etc.)
  8. Printer, scanner, copier

  1. PRINCIPLES REGARDING THE RETENTION OF PERSONAL DATA

By IDEA MODA; Personal data belonging to employees, candidates for employees, customers and employees of third parties, institutions or organizations with whom they are related as service providers are retained in accordance with the Law and are destroyed after being kept for the period stipulated in the relevant legislation or for the purpose for which they are processed.

    1. Legal Reasons Requiring Retention: İDEA MODA retains personal data for periods prescribed by ;
  2. Turkish Commercial Code No. 6102
  3. Turkish Code of Obligations No. 6098
  4. Social Insurance and General Health Insurance Law No. 5510,
  5. Occupational Health and Safety Law No. 6331,
  6. Labor Law No. 4857,
  7. The Law on the Protection of Personal Data No. 6698;
  8. Tax legislation and other secondary regulations in force pursuant to these laws.

 

  1.  Processing Purposes Requiring Retention: IDEA MODA retains the personal data it processes within the framework of its activities for the following purposes.

  1. To carry out human resources processes.
  2. To provide corporate communication.
  3. To ensure the security of the institution,
  4. To be able to perform statistical studies.
  5. To be able to execute works and transactions as a result of contracts and protocols signed
  6. To ensure the fulfillment of legal obligations as compulsory or required by legal regulations.
  7. To be in contact with real / legal persons who have a business relationship with the institution.
  8. To issue legal reports.
  9. For obligation to prove as evidence in future legal disputes

  1. Ensuring the Security of Personal Data

IDEA MODA personnel should take all necessary precautions according to the nature of the data to be protected, within the bounds of possibility, in order to prevent the unlawful disclosure and transfer of personal data, unauthorized access to personal data, or any security deficiencies that may occur in other ways. In this context;

 

  1. Administrative Measures Taken to Ensure the Legal Processing and Transfer of Personal Data and to Prevent Unauthorized Access to Personal Data are as follows :

  • İDEA MODA educates and raises awareness of its employees regarding the protection of personal data.
  • Confidentiality clause has been added to the contracts of the employees regarding the activities carried out by the institution.
  • The disciplinary procedure to be applied to employees who do not comply with security policies and procedures has been prepared in the HR regulation and delivered to the personnel as an annex to their contract.
  • Before starting to process personal data, the obligation to inform the relevant persons must be fulfilled by the institution.
  • Personal data processing inventory has been prepared.
  • In cases where personal data are subject to transfer, provisions were added to the contracts concluded with the persons to whom the personal data are transferred, stating that the party to whom the personal data is transferred shall fulfill its obligations to ensure data security. In this context, it is undertaken that the transferred party shall take all necessary measures to protect personal data and ensure that these measures are implemented in their own organizations.
  • The security of physical media containing personal data is ensured.
  • Internal audit is carried out.

  1. Technical Measures Taken to Ensure the Legal Processing and Transfer of Personal Data and to Prevent Unauthorized Access to Personal Data are as follows:
  • Regarding the protection of personal data, technical measures are being taken as far as technology allows, and the measures taken are being updated and improved in parallel with the developments.
  • Expert personnel are employed for technical matters.
  • Access authorization to personal data being processed by the personnel is limited to the relevant company personnel in line with the specified processing purpose.
  • To ensure that the technical management activities of the server computer and data storage systems are carried out, within this scope;
    1. Ensuring technical management and documentation functions such as identifying user needs, procurement, installation, configuration, patching, capacity planning, performance adjustments, operation, backup, recovery from backups, etc. of server systems hardware used within the technical substructure of İDEA MODA and MS Windows Operating system that serves over these.
    2. Performing server user activation / de-activation, configuration and authorization works,
    3. Performing virtualization and virtualization performance optimization works on servers,
    4. Performing daily monitoring of storage systems that are integrated with servers or in a SAN / NAS structure, making occupancy / capacity plans, performing backup / recovery from backup,
    5. Performing system integration of the software and hardware of the server and storage systems, testing, quality control works, continuous control of the healthy operation of the commissioned hardware, operating system, or application modules, performing maintenance and operating activities such as correction / development / improvement / productivity increase,
    6. Performing daily monitoring of server systems and all services running on these systems, checking that all server hardware and services are in working condition, taking preventive and corrective measures for abnormally shut down servers or services, performing system logs configuration and control work,
    7. Preparing and updating basic end-user manuals on server hardware, operating systems, storage systems and application software, providing end-user training,
    8. Managing the top authorized access passwords of the server systems and ensuring their security,
    9. The processes of following up new technologies in the field of server hardware and operating systems and adapting them to the infrastructure of the institution are carried out.
  • To fulfill the technical management activities of basic applications and protocols such as e-mail systems, Web Servers, SMTP, POP, IMAP, LDAP, FTP, SNMP, DNS, within this scope;
  1. Performing technical management, operation, and documentation functions such as, user activation / de-activation / routing, configuration, patching, capacity planning, performance adjustments, backup, recovery from backups, etc. of the e-mail server system used within the technical infrastructure of İDEA MODA,
  2. Fulfilling management / configuration and documentation functions of SMTP, POP, IMAP protocols serving in the infrastructure of e-mail systems,
  3. Management of system users and configuration / management / backup / authorization of the LDAP protocol,
  4. Performing operational works such as, FTP domain opening, DNS domain / sub-domain definition, etc.
  5. Ensuring that the end-user requests that require identification such as E-mail, LDAP, FTP, DNS, etc. are fulfilled in accordance with the relevant procedures / policies and standards of İDEA MODA; Taking and implementing necessary measures to prevent non-standard, LDAP, E-mail, sub-domain definitions and data pollution,
  6. Managing the top authorized access passwords of the application systems and ensuring their security,
  7. Following up of new technologies in the field of e-mail servers and applications and adapting them to the infrastructure of the institution are carried out.
  • To fulfill the technical management activities of database management systems, within this scope;
    1. Performing technical management and documentation functions such as, determining user needs of all database management systems such as Oracle/MS-SQL/MYSQL etc., procurement, installation, configuration, patching, capacity planning, performance adjustments, operation, backup, recovery from backups, etc. used within the technical infrastructure of İDEA MODA.
    2. Performing database SQL scripting works,
    3. Performing database user activation / de-activation, configuration and authorization works,
    4. Integration of the data structures of all systems within İDEA MODA, carrying out testing and quality control studies, ensuring data integrity. Taking precautions to prevent data duplication, continuous control of the healthy service of the data infrastructure, performing maintenance and operating activities such as correction / development / improvement / productivity increase,
    5. The processes of managing the most authorized access passwords of database management systems and ensuring their security are carried out.

  1. Retention Periods of Personal Data  

The retention periods of personal data based on processes are as follows.

Contracts

10 years following termination of the contract

All Records Regarding Accounting and Financial Transactions

10 years

Commercial Electronic Mail Confirmation Records

From the date of withdrawal of approval

 1 Year

Personal Data Regarding Suppliers

10 years after the legal relationship ends

Data kept within the scope of SSI Legislation (For example: Employment declarations, premium / service documents etc.)

10 years from the termination of the employment relationship

Data Regarding Personal File Stored Under Labor Law

10 years from the termination of the employment relationship

Data retained within the Scope of Labor Law (For example, severance pay, notice pay, malicious intent compensation, information that may be subject to compensation for violation of the principle of equal treatment, payroll records, number of annual leave days, etc.)

5 years from the termination of the employment relationship

Data Collected Within the Scope of Occupational Health and Safety Legislation (For example: Recruitment health tests, health reports, OHS Trainings, Occupational Health and Safety activities records etc.)

15 years from the termination of the employment relationship

Pursuant to the Labor Law: Responding to court / executive information requests regarding the employee

10 years from the termination of the employment relationship

Job Application / Internship Application / Data Regarding Candidate Applications If Application Is Not Accepted (For example: CV, Resume, Cover Letter, Application Form etc.)

3 Months

Log in records of Employees' Access to Media Containing Personal Data

10 years from the termination of the employment relationship

Personal Data Regarding Tax Records

5 years

Personal Data Processed with Documents such as Invoice / Expense receipts/ Receipt to be Kept in Accordance with the Tax Procedure Law

5 years

Fiscal Books to be kept in Accordance with Company Activities, Documents Created Based on Records in Fiscal Books, Financial Statements etc. Personal Data Processed

10 years

Personal Data Processed for Security Purposes by CCTV Cameras (Camera Records)

3 Months

Records of Seminar / Meeting Participants

2 Years From The End Of The Event

Corporate Communication Activities

10 Years From The End Of The Activity

Human Resources Processes

10 Years From The End Of The Activity

Personal Data Protection Board Transactions

10 years

  1. DESTRUCTION OF PERSONAL DATA
  1. Causes Requiring Destruction: Personal data are deleted, destroyed or ex officio deleted, destroyed or anonymized by IDEA MODA upon request of the person concerned in the following cases;
  • The amendment or abolition of the relevant legislation provisions that form the basis of its processing,
  • Disappearance of the purpose requiring the processing or retention of personal data,
  • In cases where the processing of personal data takes place only on the basis of express consent, the person concerned withdraws his explicit consent,
  • In accordance with Article 11 of the Law, the application made by the institution regarding the deletion and destruction of personal data within the framework of the rights of the person concerned,
  • In cases where the institution rejects the application made by the person concerned with the request for deletion, destruction or anonymization of his/her personal data, or in case his/her response is found to be insufficient or does not respond within the period stipulated in the Law; Making a complaint to the Board and approval of this request by the Board,
  • Maximum period for the retention of personal data has passed, there are no conditions that would justify the retention of personal data for a longer period.

  1. Destruction Techniques: At the end of the period stipulated in the relevant legislation or the retention period required for the purpose for which they are processed, the personal data is destroyed by İDEA MODA, either on its own initiative or upon the application of the relevant person, using the following techniques in accordance with the provisions of the relevant legislation.

b.a. Deletion of Personal Data

  • Personal Data on Servers; For those who have expired from the personal data on the servers, the system administrator removes the access authorization of the relevant users and deletes them.

  • Personal Data in Electronic Environment: Those who have expired from personal data in electronic environment are made inaccessible and unavailable in any way for other employees (relevant users), except for the database manager.

  • Personal Data in Physical Environment: Personal Data It is made inaccessible and unavailable in any way for other employees, for those who require the retention of personal data kept in a physical environment. In addition, the blackening process is also applied by scratching / painting / wiping it in an illegible way.

  • Personal Data on Portable Media: Of the personal data kept in flash-based storage media, those that have expired are stored in secure environments with encryption keys, encrypted by the system administrator and the access authority is given only to the system administrator.

b.b. Destruction of Personal Data

  • Personal Data in Physical Environment: Those who have expired from the personal data in the paper environment, are irreversibly destroyed in the paper shredding machines.

  • Personal Data on Optical / Magnetic Media: Physical destruction, such as melting, burning, or pulverizing the personal data in optical media and magnetic media, is applied for those retained in optical and magnetic media and the term for retention is expired. In addition, magnetic media is passed through a special device and exposed to a high magnetic field, making the data on it unreadable.

b.c. Making Personal Data Anonymous

Personal data are rendered unrelated to a natural person whose identity is known or can be determined even by the use of appropriate techniques in terms of the recording medium and the relevant field of activity, such as the return of the data by the data controller or third parties and / or matching the data with other data.

  1. Destruction Process and Periods

 

 

c.a. The process of ex officio deletion, destruction, or anonymization for personal data whose retention periods have expired in IDEA MODA is carried out by IT Coordination dept.

c.b. Unless a contrary decision is taken by the Board, the appropriate method of ex officio deletion, destruction, or anonymization of personal data whose retention periods have expired in IDEA MODA are selected. In case of destruction of personal data at the request of the person concerned, the appropriate method is selected and applied by explaining the reason.

c.c. Periodic destruction period: In accordance with Article 11 of the Regulation concerned with the Deletion, Destruction or Anonymization of Personal Data, IDEA MODA performs periodic destruction in April and October every year.

In the first periodic destruction process following the date when the obligation to delete, destroy or anonymize personal data is emerged, personal data are deleted, destroyed, or anonymized.

c.d. All transactions regarding the deletion, destruction and anonymization of personal data are recorded, and the said records are kept for at least 3 years, excluding other legal obligations.

 

c.e. Periods for deletion and destruction of personal data, if requested by the data subject: In case the person concerned requests the deletion or destruction of his/her personal data by applying to IDEA MODA pursuant to Articles 11 and 13 of the Law;

      • In case all the conditions for processing personal data have disappeared ; Within thirty days at the latest, the personal data subject to the request is deleted, destroyed or anonymized and the relevant person is informed.
      • In case all the conditions for processing personal data have disappeared and the personal data subject to the request is transferred to third parties , the request of the relevant person is notified to the third party; It is ensured that the necessary procedures are carried out within the scope of the Regulation on the Deletion, Destruction or Anonymization of Personal Data before the third party.
      • In case all the conditions for processing personal data are not eliminated; It is rejected within thirty days at the latest, with the explanation of the reason, and the response is notified to the relevant person in writing or electronically.

G- PUBLISHING AND STORING THE POLICY

The policy document is published in two different media as wet signed (hard copy) and electronically, and disclosed to the public on the website. The printed paper copy is also kept in the file BY THE DATA CONTROLLER.

H- UPDATING THE POLICY

The policy enters into force from the moment it is approved by the Company Director. This Policy is reviewed as needed and required sections are updated. This Policy may be amended and put into effect with the approval of the Company Director. Implementation rules that will be regulated in accordance with this Policy, indicating how the issues specified in this Policy will be executed for certain subjects will be arranged as being added to the relevant regulations. The İDEA MODA KVK policy has been made public by the Company on its website. In case of conflict with the legislation in force, especially the KVK Law, and the regulations included in this Policy, the provisions of the legislation shall be applicable.

 

 

 

cultureSettings.RegionId: 0 cultureSettings.LanguageCode: EN