KVKK Aydınlatma Metni

  • Home
  • KVKK Aydınlatma Metni
#

KVKK Aydınlatma Metni

Personal Data Protection Law

CONTENTS


SECTION ONE: Purpose and Enforcement of the Policy .................................................. .................................................................. .... 0

SECTION TWO: Scope of the Law and Our Company's Rights and Obligations arising from the Law .................................. one

General Principles Regarding the Processing of Personal Data ....................................... ......................................... one

Purposes of Personal Data Processing and Sharing within the Scope of the Law.................................. .......................... one

Purposes of the Processing of Personal Data ....................................... .............................................. one

Purposes of Sharing Personal Data ....................................... ............................................... 2

Circumstances Outside the Scope of the Law ............................................. .................................................................. ..... 2

SECTION THREE: Processing of Personal Data by Our Company ............................................. ...................... 3

Classification of Personal Data Processed by Our Company ............................................. ...................... 3

Purposes of Processing Personal Data by Our Company ............................................. .............................. 5

Transfer of Personal Data by Our Company and Classification of Data Transferred Parties..................................... ............ ........................................ 6

Procedure for Processing Personal Data by Our Company .................................................. ................................. 6

Personal DataSecurity.................................................... .................................................................. ........................ 7

SECTION FOUR: Rights of Data Owners Arising from Law ........................................ ........... 7

Rights of Data Owners .................................................. .................................................................. ................................ 8

Exercise of Rights .................................................. .................................................................. .8

  SECTION ONE Purpose and Enforcement of the Policy

Law on the Protection of Personal Data No. 6698 (“Law”), which entered into force on 07.04.2016, regarding the processing of personal data by real or legal persons, who are classified as “data controller”, determine the purposes and means of processing personal data, and are responsible for the establishment and management of the data recording system. sets out the principles and procedures.

This document (“Policy”) has been prepared in order to enlighten the real persons whose personal data our Company processes as the data controller within the scope of the above-mentioned article.

Within the scope of the law, personal data is defined as “any information relating to an identified or identifiable natural person”; Processing refers to “obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system. or any kind of operation performed on the data, such as preventing its use.

The law, among other regulations, imposes an obligation on data controllers to inform / enlighten the data owners whose personal data will be processed during the acquisition of personal data. According to Article 10 of the Law, data controllers;

Identity of the data controller and its representative, if any,

For what purpose personal data will be processed,

To whom and for what purpose the processed personal data can be transferred,

Method and legal reason for collecting personal data,

He/she should inform about other rights listed in Article 11 of the Law.

The subject of this Policy is our Company's customers, corporate customers' shareholders, officials and employees, potential customers, shareholders, officials and employees of our business partners and suppliers, and our candidates, former employees and interns in our Company, retirees of our Company, visitors, company officials and shareholders, business partner and our supplier candidates and other third parties, matters regarding the processing of personal data regarding our employees are regulated within the scope of a separate policy text presented to the employees in accordance with the Law.

SECTION TWO Scope of the Law and Our Company's Rights and Obligations arising from the Law

Link 1. General Principles Regarding the Processing of Personal Data

Pursuant to Article 4 of the Law, personal data is processed in accordance with the procedures and principles stipulated in the Law and other relevant legislation.

should be taken. In this context, data controllers are obliged to comply with the following general principles regarding the processing of personal data, except for the fulfillment of the obligation to inform in the First Section:

Compliance with the law and honesty rules.

Being accurate and up-to-date when necessary.

Processing for specific, explicit and legitimate purposes.

Being relevant, limited and proportionate to the purpose for which they are processed.

To be kept for the period required by the relevant legislation or for the purpose for which they are processed.

Link 2. Purposes of Personal Data Processing and Sharing Under the Law

To the link. Purposes of Processing Personal Data

Our company does not process Personal Data without the explicit consent of the data owner. Our company may process Personal Data without seeking the explicit consent of the data owner, in the presence of one of the following conditions. Within the scope of Articles 5 and 6 of the Law, certain situations in which data can be processed without express consent in terms of personal data and sensitive personal data have been determined.

Personal data pursuant to Article,

Data processing is clearly stipulated in the law,

It is necessary to process the relevant data in order to protect the life or bodily integrity of the person or someone else, who is unable to express his or her consent due to actual impossibility or whose consent is not legally valid,

Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract,

Data processing is mandatory in order for the data controller to fulfill its legal obligations,

The personal data has been made public by the person concerned,

Data processing is mandatory for the establishment, exercise or protection of a right,

Provided that it does not harm the fundamental rights and freedoms of the data subject, in cases where data processing is mandatory for the legitimate interests of the data controller, it can be processed even if there is no prior explicit consent of the data owner (provided that the necessary illumination has been made).

On the other hand, the Law includes biometric data regarding the race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures. and genetic data as "special quality" or "sensitive" personal data and stipulated more severe conditions for their processing. Accordingly, special categories of personal data can only be processed under the following conditions, except in cases where explicit consent has been obtained from the data owner:

Data regarding race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership of associations, foundations or trade unions, criminal convictions and security measures, and biometric and genetic data of individuals may be processed in the cases stipulated by the laws.

Personal data related to health and sexual life can only be processed by persons or authorized institutions and organizations that are under the obligation of confidentiality for the purpose of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

link b. Purposes of Sharing Personal Data

In accordance with data processing, the sharing (transfer) of personal data with a third party is also subject to the explicit consent of the relevant data owner. However, data transfer can also be carried out under the conditions where data processing is allowed according to Article 8 of the Law, and in this regard, in the presence of the conditions specified in Section 2.2.a above, personal data or sensitive personal data can be transferred even without the consent of the data owner.

Regarding the transfer of personal data to third parties, the law makes the transfer abroad subject to special conditions. Accordingly, personal data;

In case of explicit consent of the data owner, or

In cases where there is no explicit consent of the data owner, but one or more of the other conditions mentioned above are met;

If there is sufficient protection in the country to which the data is transferred and there is not enough protection in the country where the data is transferred, it can be transferred abroad provided that the data controller undertakes in writing together with the data controller in the relevant foreign country and the permission of the Personal Data Protection Board is obtained.

Connection 3. Circumstances Outside the Scope of the Law

Pursuant to Article 28 of the Law, the Law will not be applied in the following cases:

Processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with.

Processing personal data for purposes such as research, planning and statistics by making it anonymous with official statistics.

National defense of personal data, national security 

It is processed for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate public security, public order, economic security, privacy or personal rights or constitute a crime.

Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security.

Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.

Link THIRD PART Processing of Personal Data by Our Company


Link 1. Classification of Personal Data Processed by Our Company

Data Category:

Personal Data Categorization Disclosure

Credential:

Information contained in documents such as driver's license, identity card, residence, passport, attorney's ID, marriage certificate (eg TCKN, passport no., identity card serial no., name-surname, photo, place of birth, date of birth, age, registered in the population). place of residence, copy of proof of identity card)

Communication information

Information used to contact the person (e.g. e-mail address, telephone number, mobile phone number, address)

Location Data:

Data to identify the location of the data subject (e.g. location data obtained while driving)

Customer information

Information about customers who benefit from our products and services (eg customer number, profession information, etc.)

Customer Transaction Information:

Information regarding all kinds of transactions performed by customers who benefit from our products and services (e.g. requests and instructions, order and basket information, etc.)

Physical Space:

Safety Information

Personal data regarding the records and documents taken during the entrance to the physical space, during the stay in the physical space (e.g. entry-exit logs, visit information, camera recordings, etc.)

Transaction Security Information:

Personal data processed in order to ensure the technical, administrative, legal and commercial security of our company and related parties (e.g. information such as website password and password indicating that the person is authorized to match the transaction associated with the personal data owner and that person and to perform that transaction)

Risk Management Information

Personal data processed in order to manage the commercial, technical and administrative risks of our company (eg IP address, Mac ID, etc. records)

Financial Information:

Personal data within the scope of information, documents and records showing all kinds of financial results created according to the type of legal relationship with the personal data owner (For example: information showing the financial result of the transactions made by the data owner, loan amount, card information, loan payments, interest amount and rate to be paid , debit balance, credit balance, etc.)

Personal Information:

All kinds of personal data processed to obtain information that will be the basis for the protection of personal rights of real persons who are in a working relationship with the Personal Data Owner (any information and document that must be entered in the personnel file by law)

Employee Candidate Information:

Personal data used in the application evaluation process (e.g. CV, interview notes, personality test results, etc.)

Running Process Information:

Personal data regarding all kinds of work-related transactions carried out by the Company's supplier employees (e.g. entry-exit records, business trips, information about meetings attended, security inquiries, e-mail traffic monitoring information, vehicle usage information, company card spending information)

Employee Performance and Career Development

information

Personal data processed for the purpose of measuring the performance of the Company's supplier employees and planning and carrying out their career development within the scope of human resources policies (e.g. performance evaluation reports, interview results, career development trainings)

Benefits and

Benefits Information:

Personal data processed for the follow-up of the Company's fringe benefits and benefits offered to supplier employees and for supplier employees to benefit from them (e.g. private health insurance, vehicle allocation)

Marketing Information:

Data to be used by our company in marketing activities (e.g., reports and evaluations showing the habits and tastes of the person collected for marketing purposes, targeting information, data enrichment activities)

Legal Action and Compliance Information:

Determination and follow-up of legal receivables and rights, debt and legal

Personal data processed for the purpose of fulfilling obligations (e.g. data contained in documents such as court and administrative authority decisions)

Audit and Inspection

Information:

Personal data processed within the scope of our company's compliance with its legal obligations and company policies (eg audit and inspection reports, relevant interview records and similar records)

abstract 

l Qualified Personal

Data

Data about race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.

Request/Complaint

Management

information

Personal data regarding the receipt and evaluation of all kinds of requests or complaints directed to our company

Visual and Audio Data

Visual and audio recordings associated with the personal data owner (eg.

photographs, camera recordings and audio recordings)

 

Link 2. Purposes of Processing Personal Data by Our Company

Our company processes personal data within the scope specified above for the following purposes:

Planning, auditing and execution of information security processes

Creation and management of information technology infrastructure

Planning and execution of fringe benefits and benefits for employees

Planning and/or execution of corporate communication for employees and/or corporate social responsibility and/or non-governmental organizations activities in which employees participate

     Planning and execution of employees' access rights to information

     Monitoring and/or supervision of employees' business activities

     Follow-up of finance and/or accounting works

     Follow-up of legal affairs

     Planning of human resources processes

     Planning and/or execution of efficiency/efficiency and/or appropriateness analyzes of business activities

     Planning and execution of business activities

Planning and execution of information access authorizations of business partners and/or suppliers

Management of relations with business partners and/or suppliers

Planning and/or execution of occupational health and/or safety processes

Planning and/or execution of business continuity activities

Planning and execution of corporate communication and management activities

Planning and execution of logistics activities

Planning and execution of customer relationship management processes

Planning and/or execution of customer satisfaction activities

Follow-up of customer requests and/or complaints

Execution of personnel procurement processes

Fulfillment of obligations arising from employment contracts and/or legislation for company employees

Planning and execution of company audit activities

Planning and execution of external training activities

Planning and execution of necessary operational activities to ensure that company activities are carried out in accordance with company procedures and / or relevant legislation

Planning and/or execution of in-company training activities

Ensuring the security of company operations

Ensuring the security of company premises and/or facilities

Planning and/or execution of the processes of establishing and/or increasing loyalty to the products and/or services offered by the company

Planning and/or execution of the company's production and/or operational risk processes

Realization of corporate and partnership law transactions

Follow-up of contract processes and/or legal requests

Execution of strategic planning activities

Planning and execution of supply chain management processes

Compensation Management

Planning and execution of production and/or operation processes

Planning and execution of market research activities for sales and marketing of products and services

Planning and execution of marketing processes of products and/or services

Planning and execution of sales processes of products and / or services

Ensuring data is accurate and up-to-date

Giving information to authorized institutions based on legislation

Creating and tracking visitor records

Link 3. Transfer of Personal Data by Our Company and Classification of Data Transferred Parties

Personal data may be transferred by our company to our Company officials, affiliates, business partners, suppliers, shareholders, legally authorized public institutions and organizations and private institutions for the above-mentioned purposes.

Link 4. Procedure for Processing Personal Data by Our Company

Our company, as the data controller, informs the data owners in line with Article 10 of the Law before obtaining their personal data from the data owners within the scope of its obligations arising from the Law. If any data processing process carried out by our company does not meet the conditions specified in the Law and detailed in Sections 2.2.a and b above, explicit consent is obtained from the data owners and the related processes are carried out within the framework of the aforementioned express consent.

Within the scope of the law, express consent is defined as “consent related to a certain subject, based on information and expressed with free will”, and accordingly, our Company provides their explicit consent after informing the data owners in accordance with Article 10 of the Law.

Although no period has been determined for the storage of personal data within the scope of the law, 

In accordance with the general principles, it is essential to keep personal data for as long as required by the relevant legislation or for the purpose for which they are processed. Our company makes an evaluation based on the legislation in force regarding each data processing process and the purpose of the process, in order to determine the retention periods in accordance with the said principle. Accordingly, our Company keeps personal data at least for the period required by its legal obligations, and in any case, until the relevant statute of limitations expires.

Our company anonymizes, deletes or destroys personal data in accordance with the Law when the purpose of processing the relevant personal data disappears within the scope of any process, including the expiration of the aforementioned periods. Within the scope of the law, anonymization is defined as “making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching them with other data”. Our Company's anonymization activities are carried out in accordance with the current legislation.

Link 5. Personal Data Security

In order to ensure the security of personal data, our company takes reasonable technical and administrative measures to prevent unauthorized access risks, accidental data loss, deliberate deletion or damage to data. In this context, at least the following actions are taken by our Company:

Taking software and hardware security measures in accordance with the processed personal data

Carrying out the inspections stipulated under the law

Ensuring compliance of the Company and employees with the Law through in-company trainings, policies and procedures

Ensuring and recording access to information on the basis of necessity with in-house authorizations

Follow-up of personal data processing activities on a process basis

Obtaining contractual commitments regarding the protection and security of personal data in relations with suppliers

CHAPTER FOUR

Rights of Data Owners Arising from Law

           1. Rights of Data Subjects

According to Article 11 of the Law, personal data owners;

To learn whether personal data about himself is processed,

If personal data about him/her is processed, requesting information about it,

Learning the purpose of processing personal data and whether they are used in accordance with its purpose,

Knowing the third parties to whom personal data is transferred at home or abroad,

Requesting correction of personal data in case of incomplete or incorrect processing,

Requesting the deletion or destruction of personal data in the event that the reasons requiring processing disappear, although it has been processed in accordance with the provisions of the law and other relevant laws,

Requesting the notification of the transactions made as a result of the correction, deletion and destruction requests to the third parties to whom the personal data has been transferred,

Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,

It has the right to demand the compensation of the damage in case of loss due to the unlawful processing of personal data.

Paragraph 2 of Article 28 of the Law regulates that in certain circumstances, the data owner cannot make a claim from the data controller other than the compensation of his losses. According to this,

Personal data processing is necessary for the prevention of crime or for criminal investigation,

Processing of personal data made public by the person concerned,

Personal data processing is necessary for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institution, based on the authority given by the law,

Personal data processing is necessary for the protection of the economic and financial interests of the State with regard to budget, tax and financial matters,

In such cases, the above-mentioned rights cannot be exercised for the relevant data.

         2. Exercise of Rights

Data owners will be able to use the Application Form to exercise the above-mentioned rights.

Applications must be submitted by hand or through a notary public or other methods specified in the Law, together with the documents that will identify the relevant data owner, with a wet signed copy of the form. ……………………… address or signed with a secure electronic signature issued under the Electronic Signature Law No. 5070, by sending an e-mail registered to the address …………………………………….. or to our Company. It can be done by e-mail to be sent from the e-mail address previously notified and registered in our Company's system. If a method other than the aforementioned methods is foreseen by the Personal Data Protection Board, applications can also be submitted by this method.

up 

Requests of data subjects transmitted by one of the methods mentioned above are evaluated and answered by our Company within a maximum of thirty days. Our company reserves the right to request additional information and documents from the applicant, especially in order to evaluate whether the applicant is the relevant data owner.

As a rule, data subject applications are evaluated by our Company free of charge. However, if a fee has been determined by the Personal Data Protection Board regarding the request of the data owner, our Company will have the right to demand payment over this fee.

Discover!

Browse our yachts to realize your dreams

Support