Search
Close this search box.

POLICY ON PROCESSING AND PROTECTION OF PERSONAL DATA

POLICY ON PROCESSING AND PROTECTION OF PERSONAL DATA

ASPENDOS TERCÜME VE DANIŞMANLIK HİZMETLERİ A.Ş.

  1. INTRODUCTION

1.1 Introduction

1.2. Scope

1.3 Implementation of the Policy and KVKK Legislation

1.4 Enforcement of the Policy

2. ISSUES REGARDING THE PROTECTION OF PERSONAL DATA

2.1. Ensuring the Security of Personal Data

2.2. Protection of Sensitive Personal Data

2.3. Expanding and Supervision of Awareness at Business Units on the Protection and Processing of Personal Data

3. ISSUES REGARDING PERSONAL DATA PROCESSING

3.1. Processing Personal Data in Compliance with the Principles Stipulated in the Legislation

3.2. Terms of Personal Data Processing

3.3. Sensitive Personal Data Processing

3.4. Clarification of Personal Data Owner

3.5. Processing of Data Processed by XXX Company by XXX

3.6. Transfer of Personal Data

4. CATEGORIZATION OF PERSONAL DATA PROCESSED BY OUR COMPANY AND THE PURPOSE OF PROCESSING

5. RETENTION AND DESTRUCTION OF PERSONAL DATA

6. RIGHTS OF PERSONAL DATA OWNERS AND EXERCISE OF THESE RIGHTS

6.1. RIGHTS OF THE RELATED PERSON

7. SPECIAL CASES WHERE PERSONAL DATA ARE PROCESSED

7.1. Building, Facility Entrances and Personal Data Processing Activities within the Building Facility and Website Visitors

7.2 Camera Surveillance Activities Carried Out at Company Buildings, Facility Entrances and Inside

7.3. Monitoring of Guest Entry and Exit at the Entrances of Company Buildings, Facilities and Inside

8. MEASURES RELATED TO THE SECURITY OF PERSONAL DATA

1.          INTRODUCTION

Introduction

Since it is a fundamental human right, protection of personal data is among the most important priorities of ASPENDOS TERCÜME VE DANIŞMANLIK HİZMETLERİ A.Ş. (“Company”). In order to secure the right of personal data protection, the Company makes maximum efforts to comply with all applicable legislation in this regard. the principles adopted in the execution of personal data processing activities carried out by our Company and the basic principles adopted in terms of compliance of our Company’s data processing activities with the regulations in the Personal Data Protection Law No. 6698 within the framework of this CompanyPersonal Data Protection and Processing Policy (“Policy”) are explained, and thus our Company provides the necessary transparency by informing the relevant persons. With full awareness of our responsibility in this context, your personal data is processed and protected within the scope of this Policy.

Scope

CompanyPersonal Data Protection and Processing Policy (“Policy”) has been drafted with the express purpose of disciplining data processing within the framework of personal data legislation and protecting the right of privacy and other fundamental rights and freedoms as stipulated in the Constitution.

While drafting the “Policy”, it has been determined as the basic principle to determine which data the business units collect and why, and why they need to transfer this data to third parties within the Company’s organizational chart, and to understand the personal data processing method of the Company. While importing the requirements of the relevant legislation into the Policy, it has been adopted as a principle within the framework of the sensitivity of the protection of personal data, to explain in a simple and understandable language which data the Company provides and why it processes this data by customizing it. In addition, it is aimed to take the necessary administrative and technical measures to protect data confidentiality within and outside the organization of the Company, and to inform and clarify the individuals whose data is processed.

All real persons whose data are processed by the “Company” fall into the scope of the “Policy”.

Customized information about the data processed within the framework of the processes and activities in the “Company” organization, the categorization of the data, the data recipient groups, the legal reason and method of data collection, the third-party groups data is transferred, the processing times of the data, and the deletion periods of the data are included within the scope of this “Policy”. However, apart from current processing activities, in case of current or future data processing by the “Company”, it is possible to execute processing and clarification activities within the scope of an external clarification text on the condition that the basic principles set forth in this policy are followed. In this case, the clarification will constitute an integral part of this “Policy” and it cannot be claimed that it is not included in this “Policy”. As a matter of fact, within the scope of Article 5 of the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation of Clarification, it is possible to execute clarification by using physical or electronic mediums such as verbal, written, audio recording or call center.

Implementation of the Policy and KVKK Legislation

Regarding the processing and protection of personal data, the relevant legal regulations in force will be applied first. In case of a conflict between the applicable legislation and the Policy, our Company acknowledges the application of the applicable legislation. The policy regulates the rules set forth by the relevant legislation by embodying them within the scope of Company practices.

Enforcement of the Policy

The effective date of this Policy is 01.01.2020. It is drafted by the Company.

This Policy is published on the website of the Companyat {……………………..}.

2.          ISSUES REGARDING THE PROTECTION OF PERSONAL DATA

Ensuring the Security of Personal Data

Pursuant to article 12 of the Law, our Company takes the necessary measures considering the nature of the data to be protected in order to prevent possible unlawful disclosure, access, transfer, or security breaches of personal data. In this context, our Company takes administrative measures to ensure the required level of security in accordance with the guidelines published by the Personal Data Protection Board (“Board”), carries out inspections or has them made.

Protection of Sensitive Personal Data

With the law, special importance is attached to certain personal data due to the risk of causing victimization or discrimination when processed unlawfully. These data are race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions, and security measures related, and biometric and genetic data.

Company acts sensitively in the protection of sensitive personal data, which is determined as “sensitive” by the Law and processed in accordance with the law. In this context, the technical and administrative measures taken by the Company for the protection of personal data are carefully implemented in terms of sensitive personal data and the necessary controls are conducted within the Company.

Note: Detailed information on the technical and administrative measures taken in the processing of personal data is given in section “8” of this policy.

Expanding and Supervision of Awareness at Business Units on the Protection and Processing of Personal Data

Company organizes trainings at regular intervals in order to prevent the illegal processing of personal data, to prevent unlawful access to personal data, and to increase awareness on ensuring the protection of personal data.

The Company establishes the necessary systems to expand awareness of its employees on the protection of personal data and works with consultants if required. In this direction, our Company participates in the relevant trainings, seminars, and information sessions, especially those prepared by the Personal Data Protection Authority, through its employees, and renews its trainings in parallel with the updating of the relevant legislation.

3.          ISSUES REGARDING PERSONAL DATA PROCESSING

Processing Personal Data in Compliance with the Principles Stipulated in the Legislation

In the processing of personal data, the Company acts in accordance with the principles introduced by legal regulations and the general rule of trust and integrity. In this context, personal data is processed to the extent and limited to the business activities of our Company.

Ensuring Personal Data Is Accurate and Up to Date When Necessary

The Company takes the necessary measures to ensure that personal data is accurate and up to date throughout the period of processing and establishes the necessary mechanisms to ensure the accuracy and up-to-dateness of personal data for certain periods.

Processing for Specific, Explicit, and Legitimate Purposes

The Company clearly reveals the purposes of processing personal data and processes it within the scope of purposes related to these activities in line with its business activities.

Being Connected, Limited and Proportional to the Purpose of Processing

The Company collects personal data only in the quality and extent required by its business activities and processes it limited to the determined purposes.

Terms of Personal Data Processing

Except for the explicit consent of the personal data owner, the basis of the personal data processing activity may be only one of the following conditions, or more than one condition may be the basis of the same personal data processing activity. In the event that the processed data is sensitive personal data, the conditions set out in section 3.3 of this Policy (“Sensitive Personal Data Processing”) shall apply.

i.            Explicit Consent of the Personal Data Owner

One of the conditions for processing personal data is the explicit consent of the data subject. The explicit consent of the personal data subject must be related to a specific subject, based on information and free will.

In the presence of the following personal data processing conditions, personal data may be processed without the explicit consent of the data subject.

ii.          Explicitly Stipulated in the Laws

If the personal data of the data subject is explicitly stipulated in the law, in other words, if there is a clear provision in the relevant law regarding the processing of personal data, it will be possible to talk about the existence of this data processing condition.

iii.         Failure to Obtain the Explicit Consent of the Relevant Person Due to Actual Impossibility

The personal data of the data subject may be processed if it is mandatory to process the personal data of the person who is unable to disclose his/her consent due to actual impossibility or whose consent cannot be recognized as valid, in order to protect the life or physical integrity of himself/herself or another person.

iv.         Direct Relevance to the Making or Execution of the Contract

Provided that it is directly related to the establishment or execution of a contract to which the data subject is a party, this condition may be deemed to be fulfilled if the processing of personal data is necessary.

v.          Fulfillment of the Company’s Legal Obligation

Personal data of the data subject may be processed if processing is mandatory for our Company to fulfill its legal obligations.

vi.         Publicization of Personal Data by the Personal Data Owner

In case the data owner has made his/her personal data public, the relevant personal data may be processed limited to the purpose of publicization.

vii.        Mandatory Data Processing for the Establishment or Protection of a Right

If data processing is mandatory for the establishment, exercise or protection of a right, the personal data of the data subject may be processed.

viii.      Mandatory Data Processing for the Legitimate Interest of our Company

Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is mandatory for the legitimate interests of our Company.

Sensitive Personal Data Processing

Sensitive personal data are processed by our Company in accordance with the principles set forth in this Policy and by taking all necessary administrative and technical measures, including the methods to be determined by the Board, and in the presence of the following conditions:

  • Sensitive personal data other than health and sexual life may be processed without the explicit consent of the data subject if it is explicitly stipulated in the law, in other words, if there is an explicit provision regarding the processing of personal data in the law to which the relevant activity is subject. Otherwise, the explicit consent of the data subject shall be obtained in order to process such sensitive personal data.

  • Sensitive personal data relating to health and sexual life may be processed without seeking explicit consent by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment, and care services, planning and management of health services and financing. Otherwise, the explicit consent of the data subject shall be obtained in order to process such sensitive personal data.

Clarification of Relevant Persons

The Company informs personal data subjects in accordance with Article 10 of the Law and secondary legislation. In this context, the Company informs the relevant persons about the purposes for which personal data are processed by the Company as the data controller, the purposes for which they are shared with whom, the methods by which they are collected and the legal reason and the rights of the data subjects within the scope of the processing of their personal data.

Transfer of Personal Data

Our Company may transfer the personal data and sensitive personal data of the personal data owner to third parties (third party companies, official and private authorities, third real persons) by taking the necessary security measures in line with the personal data processing purposes in accordance with the law. In this respect, our Company acts in compliance with the regulations stipulated in Article 8 of the Law. Detailed information on this subject can be found in Annex X (“Annex x- Third Parties to whom Personal Data is Transferred and Purposes of Transfer”) of this Policy.

Transfer of Personal Data

Even without the explicit consent of the personal data owner, if one or more of the following conditions exist, personal data may be transferred to third parties by our Company by taking all necessary care and taking all necessary security measures, including the methods stipulated by the Board.

  • The relevant activities regarding the transfer of personal data are clearly stipulated in the laws,
  • The transfer of personal data by the Company is directly related and necessary for the making or execution of a contract,
  • The transfer of personal data is mandatory for our Company to fulfill its legal obligation,
  • Transfer of personal data by our Company limited to the purpose of publicization, provided that the personal data has been made public by the data owner,
  • The transfer of personal data by the Company is mandatory for the establishment, use or protection of the rights of the Company or the data subject or third parties,
  • It is mandatory to carry out personal data transfer activities for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the data subject,
  • It is necessary for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid.

Transfer of Sensitive Personal Data

Sensitive personal data may be transferred by our Company in accordance with the principles set forth in this Policy and by taking all necessary administrative and technical measures, including the methods to be determined by the Board, and in the presence of the following conditions:

  • Sensitive personal data other than health and sexual life may be processed without seeking the explicit consent of the data subject if it is explicitly stipulated in the law, in other words, if there is a clear provision in the relevant law regarding the processing of personal data. Otherwise, the explicit consent of the data subject shall be obtained.

  • Sensitive personal data relating to health and sexual life may be processed without seeking explicit consent by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment, and care services, planning and management of health services and financing. Otherwise, the explicit consent of the data subject shall be obtained.

4.          CATEGORIZATION OF PERSONAL DATA PROCESSED BY OUR COMPANY AND THE PURPOSE OF PROCESSING

In accordance with Article 10 of the Law and secondary legislation, personal data are processed by our Company by informing the relevant persons in accordance with Article 10 of the Law and secondary legislation, in line with the personal data processing purposes of our Company, based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, in accordance with the general principles specified in the Law, especially the principles specified in Article 4 of the Law regarding the processing of personal data. Within the framework of the purposes and conditions specified in this Policy, the categories of personal data processed and detailed information about the categories can be found in Annex 3 (“Annex 3- Personal Data Categories”) of the Policy.

Detailed information on the purposes of processing such personal data is provided in Annex 1 of the Policy (“Annex 1- Purposes of Processing Personal Data”).

5.          RETENTION AND DESTRUCTION OF PERSONAL DATA

Our Company retains personal data for the period required for the purpose for which they are processed and in accordance with the minimum periods stipulated in the legal legislation to which the relevant activity is subject. In this context, our Company first determines whether a period of time is stipulated for the storage of personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period. If there is no legal period, personal data are stored for the period required for the purpose for which they are processed. Personal data are destroyed at the end of the specified storage periods in accordance with the periodic destruction periods or the data owner’s application and with the specified destruction methods (deletion and/or destruction and/or anonymization).

6.          RIGHTS OF THE RELATED PERSON

Rights Of the Related Person

 

Within the scope of KVKK, you have the right to:

           i.               Learn whether your Personal Data is being processed,

          ii.               Request information if your Personal Data has been processed,

        iii.               Learn the purpose of processing your Personal Data and whether they are used in accordance with their purpose,

        iv.               Know the third parties to whom your Personal Data is transferred domestically or abroad,

          v.               Request correction of your Personal Data if it is incomplete or incorrectly processed,

        vi.               Request the deletion or destruction of your Personal Data within the framework of the conditions stipulated in the KVKK legislation,

       vii.               Request notification of the procedures conducted within the scope of sub-articles v and vi to third parties to whom your Personal Data has been transferred,

         viii.         Object to the occurrence of a result against you by analyzing the processed data exclusively through automated systems,

            ix.         Demand the compensation of this damage in case you suffer damage due to unlawful processing of your Personal Data.

 

How Can You Exercise Your Rights?

You can fill in the Application Form, which you can download by using the link {…………………………}, in line with your request / complaint and send it to us via {…………………………} or you can fill in the form physically and send it to TARIM MAH. ASPENDOS BULV. NO. 80 MURATPAŞA ANTALYA TURKEY via cargo / mail.

If you submit your request to us by using one of the methods shown above, your request will be evaluated, and you will be informed within 30 days at the latest in accordance with Article 13/2 of the KVKK. If your request is accepted, the necessary procedures will be carried out immediately by the data controller Company.

 

As a rule, requests are fulfilled without charge, but if fulfilling the request costs an amount, a fee may be charged by the Company in accordance with the provision of article 7 of “Communiqué on Application Procedures and Principles to Data Controller”: “If the application of the related person is to be replied in writing, no fee is charged up to 10 pages. A transaction fee of 1 TL may be charged for each page over 10 pages. If the reply to the application is issued with a recording medium such as CD or flash memory, the fee that may be requested by the data controller cannot exceed the cost of the recording medium.”

 

7.          SPECIAL CASES WHERE PERSONAL DATA ARE PROCESSED

Building, Facility Entrances and Personal Data Processing Activities Conducted within the Building Facility and Website Visitors

In order to ensure security, the Company carries out personal data processing activities for the monitoring of guest entrances and exits with security cameras in the Company buildings and facilities.

 

Camera Surveillance Activities Carried Out at Company Buildings, Facility Entrances and Inside

The Company carries out camera surveillance activities in accordance with the Law on Private Security Services and the relevant legislation in order to ensure security in its buildings and facilities. The Company carries out security camera surveillance activities in order to ensure security in its buildings and facilities, for the purposes stipulated in the relevant legislation in force and in accordance with the personal data processing conditions listed in the Law.

In accordance with Article 10 of the Law, the personal data owner is informed by the Company by more than one method regarding the camera surveillance activity. In addition, in accordance with Article 4 of the Law, the Company processes personal data in a limited and measured manner in connection with the purpose for which they are processed.

The purpose of the Company’s video camera surveillance activities is limited to the purposes listed in this Policy. Accordingly, the monitoring areas, the number, and the time of surveillance of the security cameras are sufficient to achieve the security purpose and are limited to this purpose. Areas that may result in interference with the privacy of the person in a way that exceeds the security purposes (for example, toilets) are not subject to monitoring.

Only a limited number of Company employees have access to live camera feeds and the digital records. The limited number of people who have access to the records declare that they shall protect the confidentiality of the data they access with a confidentiality undertaking.

Monitoring of Guest Entry and Exit at the Entrances of Company Buildings, Facilities and Inside

Personal data processing activities are carried out by the Company for the purposes of ensuring security and for the purposes specified in this Policy, for the monitoring of guest entrances and exits in the Company buildings and facilities.

While the names and surnames of the persons who arrive at the Company premises as guests are obtained, the related personal data owners are clarified within this scope or through the texts posted in the Company or otherwise made available to the guests. The data obtained for the purpose of monitoring guest entry-exit are processed only for this purpose and the relevant personal data are physically recorded in the data recording system.

8.          KİŞİSEL VERİLERİN GÜVENLİĞİNE İLİŞKİN TEDBİRLER

The Company provides all reasonable care and attention to ensure the confidentiality and security of the personal data it processes, with the awareness of its responsibility as a well-established Company. In addition to the requirements of the relevant legislation, the Company takes reasonable technical and administrative measures to ensure data confidentiality and security within the framework of Article 12 of the KVKK. With these administrative and technical security measures, it is aimed to prevent unlawful processing of personal data, to prevent unlawful access to personal data and to maintain personal data at an appropriate security level.

In the event that personal data is processed by another natural or legal person (data processor) on its behalf, the Company shall take the necessary measures to ensure that the above-mentioned measures are also taken by the relevant data processors.

In the event that personal data is unlawfully obtained by third parties, it will notify the data owners, the Board and other relevant public institutions and organizations in accordance with the provisions of the relevant legislation.

While taking measures regarding the security of personal data, the Personal Data Security Guide (Technical and Administrative Measures) published by the Board is taken into consideration.

Administrative Measures

  • Establishment and operation of an information security management system within the Company,
    • Signing undertakings and confidentiality agreements with Company personnel and related parties,
    • Performing risk analysis on business processes,
    • Creation of personal data inventories,
    • Operation of information security policies and procedures,
    • Organizing and evaluating trainings on information security and personal data processing activities,
    • In order to prevent unauthorized access to employee computers, etc., use of the tools and equipment in question by only authorized persons,
    • Review of activities through internal or independent audits,
    • Creation of records that will produce objective evidence for the actions taken,

Technical Measures

  • Through penetration tests, risks, threats, vulnerabilities, and vulnerabilities, if any, against the Company’s information systems are revealed and necessary measures are taken.
    • Risks and threats that will affect the continuity of information systems are continuously monitored as a result of real-time analysis through information security incident management.
    • Access to information systems and authorization of users are carried out through access and authorization matrix and security policies through the corporate active directory.
    • When software changes and/or updates are to be made on the systems, trials are carried out in the test environment, security gaps, if any, are identified, necessary measures are taken and the final version of the change to be made is given after these procedures.
    • Necessary measures are taken for the physical security of Company information systems equipment, software, and data.
    • In order to ensure the security of information systems against environmental threats, hardware (access control system that allows only authorized personnel to enter the system room, ensuring the physical security of the components that make up the area network, fire extinguishing system, air conditioning system, etc.) and software (firewalls, intrusion prevention systems, network access control, malware prevention systems, etc.) measures are taken.
    • Risks to prevent unlawful processing of personal data are identified, technical measures are taken in accordance with these risks and technical controls are carried out regarding the measures taken.
    • Access procedures are established within the Company and reporting and analysis studies are carried out regarding access to personal data.
    • The Company takes necessary measures to ensure that deleted personal data is inaccessible and non-reusable for the relevant users.
    • In the event that personal data is unlawfully obtained by others, the Company has made appropriate preparations to notify the relevant person and the Board.
    • Security vulnerabilities are monitored, appropriate security patches are installed, and information systems are kept up to date.
    • Strong passwords are used in electronic environments where personal data are processed.
    • Secure logging systems are used in electronic environments where personal data are processed.
    • Data backup programs are used to ensure that personal data is stored securely.
    • Access to personal data stored in electronic or non-electronic media is restricted according to access principles.
    • Access to the company website is encrypted with SHA 256 Bit RSA algorithm using secure protocol (HTTPS).
    • Trainings on sensitive personal data security were provided for employees involved in sensitive personal data processing procedures, confidentiality agreements were made, and the authorizations of users authorized to access data were defined.
    • Electronic media where sensitive personal data are processed, stored and/or accessed are maintained using cryptographic methods, cryptographic keys are kept in secure environments, all transaction records are logged, security updates of the environments are constantly monitored, necessary security tests are regularly carried out / conducted, and test results are recorded.
    • Adequate security measures are taken for the physical environments where sensitive personal data are processed, stored and/or accessed, and unauthorized entry and exit are prevented by ensuring physical security.
    • If sensitive personal data needs to be transferred via e-mail, it is transferred encrypted with a corporate e-mail address or using a KEP account. If it needs to be transferred via media such as portable memory, CD, DVD, it is encrypted with cryptographic methods and the cryptographic key is kept in different media.
    • If the document must be transferred via paper media, necessary precautions are taken against risks such as theft, loss or unauthorized viewing of the document and the document is sent in “confidential” format.

ANNEX 1 – Definitions

Explicit ConsentIt refers to consent on a specific subject, based on information and expressed with free will.
CompanyTARIM MAH. ASPENDOS BULV. NO:80 MURATPAŞA (ASPENDOS TERCÜME VE DANIŞMANLIK HİZMETLERİ A.Ş.)
CookieThey are small files saved on users’ computers or mobile devices that help store preferences and other information about the web pages they visit.
Relevant UserPersons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection, and backup of the data.
DestructionDeletion, destruction, or anonymization of personal data.
Contact PersonThe real person notified by the data controller during the registration to the Registry for the communication to be established with the Authority regarding the obligations of the legal entities resident in Turkey and the non-resident legal entity data controller representative within the scope of the Law and the secondary regulations to be issued based on this Law. (The contact person is not authorized to represent the Data Controller. As it can be understood from the name, it is only the person assigned to provide “contact” for the communication of the data controller, the relevant persons, and the Authority).
The Law/KVKKLaw on the Protection of Personal Data dated March 24, 2016, and numbered 6698, published in the Official Gazette dated April 7, 2016, and numbered 29677.
Recording MediumAny medium containing personal data that is fully or partially automated or processed by non-automated means, provided that it is part of any data recording system.
Personal DataAny information relating to an identified or identifiable natural person.
Personal Data ProcessingAny operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying, or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.
Anonymization of Personal DataMaking personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
Erasure of Personal DataErasure of personal data; making personal data inaccessible and non-reusable in any way for the Relevant Users.
Destruction of Personal DataThe process of making personal data inaccessible, irretrievable, and non-reusable by anyone in any way.
The BoardPersonal Data Protection Board.
Sensitive Personal DataData on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of a company, foundation or trade union, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
Periodic DestructionIn the event that all of the conditions required for the processing of personal data disappear, the deletion, destruction, or anonymization process to be carried out ex officio at recurring intervals specified in the personal data retention and destruction policy.
The PolicyPersonal data protection policy set up by the Company.
Data ProcessorA natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller
Data Recording SystemA recording system where personal data is structured and processed according to certain criteria.
Data Subject/Related PersonThe natural person whose personal data is processed.
Data ControllerThe natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
The RegulationRegulation on Deletion, Destruction or Anonymization of Personal Data.
Source:Law No. 6698 on the Protection of Personal Data – Regulation on the Deletion, Destruction or Anonymization of Personal Data – Regulation on the Registry of Data Controllers – Communiqué on the Procedures and Principles to be Followed in the Fulfillment of the Disclosure Obligation – Communiqué on the Principles and Procedures of Application to the Data Controller

 

ANNEX 2 – Purposes of Personal Data Processing

 
PERSONAL DATA CATEGORYDESCRIPTION OF CATEGORIZATION
Identity DataPersonal data of natural persons regarding identity information will be evaluated under this category (name, surname, mother’s and father’s name, mother’s maiden name, date of birth, place of birth, marital status, T.R. ID no.).
Contact DataAll kinds of personal data that can be used for communication with individuals will be evaluated under this category (address no., e-mail address, contact address, registered electronic mail address (KEP), telephone no.).
Location DataLocation information of where individuals are located, etc.
Personnel File DataWithin the scope of the relevant legislation, the data in the personnel file of the company employees (payroll information, disciplinary investigation, employment-exit document records, property declaration information, leave information, resume information, diploma, maternity leave, inability to work report, military service, performance evaluation reports and criminal convictions and security measures records (criminal record), health information are included. In general, the following documents are found in personnel files. 1. Criminal record 2. Family status notification form 3. Certificate of Employment / Certificate of Service 4. Report that you can work in heavy and dangerous work for very dangerous jobs 5. Photocopy of diploma 6. Petitions for maternity leave, workable/unworkable reports, breastfeeding leave, 7. If it is a disabled worker, disability report, İŞKUR application registration certificate 8. Documents showing military service status for male workers 9. İŞKUR application registration document of ex-convict, terrorism victim worker 10. Photocopy of marriage certificate 11. Worker approval letter for overtime work 12. Document showing the consent of the worker to be temporarily transferred to another workplace 13. If there is a justified termination, documents proving this situation, resignation petition or notice of termination 14. Quittance 15. Proof of residence 16. Labor contract 17. All correspondence and records kept about the worker 18. A letter stating that workers have been informed about occupational health and safety, occupational risks, necessary precautions to be taken and legal rights and responsibilities. 19. Payrolls of the worker and documents related to payment 20. Employment and termination notices 21. Unauthorized absence from work / late arrival report and warning notice 22. Blood group card 23. Severance and notice payrolls 24. Photocopy of identity card 25. Population registration sample 26. Resume 27. Health report and periodic health examination reports 28. Image 29. Health Report 30. For those who will benefit from the disability discount, a letter from the Revenue Administration stating that the discount will be applied 31. Documents related to administrative procedures (work accident report, work accident notification, etc.) that should be done in insurance incidents 32. If there are tools and equipment delivered, their embezzlement certificate 33. Petitions, forms and schedules related to unpaid leave and annual paid leave 34. Training certificates, if any 35. Work permit for foreign workers
Data on Education, Work and Professional LifeAll kinds of data related to the education and working life of individuals will be included under this category (Education – Diploma – Certificate, Transcript, Vocational Training Information)
Legal Proceedings DataInformation in correspondence with judicial authorities, information in the case file, etc.
Financial DataAccount, bank, invoice information of individuals
Audio/Visual RecordsAudio/visual records kept for the purpose of customer satisfaction
Digital Media Utilization DataAll kinds of personal data obtained as a result of tracking the activities of users in the digital environment will be classified under this category.
Sensitive Personal DataHealth, Criminal Conviction – Security Measures

 

Annex 4 – Personal Data Categories

 
PERSONAL DATA CATEGORYDESCRIPTION OF CATEGORIZATION
Company StaffAdministrative staff.
Board of Directors, Senate MembersData on the members involved in the Company’s organs and activities
Third Parties Involved in Company ActivitiesThird parties involved in company commissions, working groups and organizations
Invitees to Company ActivitiesReal persons invited to the Company’s events
Participants of Company ActivitiesParticipants in company events
Payment Addressee/Service ProviderThird parties to whom payments should be made for Company Activities
Relatives of Company EmployeesRelatives of Company Employees, Persons residing in the same residence and dependents
Potential EmployeesPotential employees applying to work for the company 
SupplierPersons, organizations, or persons associated with them who provide goods or services to the Company.
Project PartnerPersons involved in the projects carried out by the company
ConsultantPersons, organizations, or persons associated with them who provide external consultancy services to the Company.
Potential Product and Service Buyer, Product or Service RecipientIndividuals who receive and are likely to receive products and services from the company.
OtherPersons, organizations, or persons related to them who have established a permanent or incidental, direct, or indirect relationship with the Company, other than the above.

ANNEX 5 – Third Parties to whom Personal Data is Transferred by our Company and Purposes of Transfer

In accordance with Articles 8 and 9 of the KVK Law, the Company may transfer the personal data of the data owners governed by this Policy to the categories of persons listed below:

  • Company partners,
  • Company suppliers,
  • Companies with which data are shared,
  • Legally Authorized public institutions and organizations,
  • To legally authorized private law persons.

The scope of the above-mentioned persons to whom data is transferred and the purposes of data transfer are stated below.

Persons to whom data can be transferredDefinitionPurpose of the transfer
Business partnerDefines the parties with which the Company has established business partnerships for purposes such as conducting various projects and receiving services, either personally or with XXX Companies while conducting its commercial activities. Banks, Pension and Relief Fund FoundationLimited to ensure the fulfillment of the purposes for which the joint venture was established.
SupplierDefines the parties that provide services to the Company on a contractual basis in accordance with the Company’s orders and instructions while carrying out the Company’s commercial activities.Limited to the purpose of ensuring that the services outsourced from the supplier and necessary to fulfill the Company’s commercial activities are provided to the Company.
Legally Authorized Public Institutions and OrganizationsPublic institutions and organizations authorized to receive information and documents from the Company in accordance with the provisions of the relevant legislationLimited to the purpose requested by the relevant public institutions and organizations within the legal authority
Legally Authorized Private Law PersonsPrivate law persons authorized to receive information and documents from the Company in accordance with the provisions of the relevant legislationLimited to the purpose requested by the relevant private law persons within their legal authority

APPENDIX – 6 Data Controller Identity

APPENDIX – 6 Data Controller Identity       :        ASPENDOS TERCÜME VE DANIŞMANLIK

HİZMETLERİ A.Ş.

Address                                                           :        TARIM MAH., ASPENDOS BULVARI, NO. 80,

MURATPAŞA, ANTALYA, TÜRKİYE.

Telephone                                                       :        +90 542 665 82 20

MERKEZ OFİS
  • (1. Noter Yanı)
Yol Tarifi Al
MELTEM OFİS
  • (22. Noter Yanı)
Yol Tarifi Al
KONYAALTI OFİS
  • (29. Noter Yanı)
Yol Tarifi Al
WhatsApp

© All rights reserved

dijitaledestek.com

Hemen İletişime Geç!