Clarification Text
PERSONAL DATA PROTECTION and PROCESSING POLICY
1. Objective.
This policy aims to describe the personal data processing activity and the methods adopted for the protection of personal data in accordance with the Personal Data Protection Law No. 6698 (KVKK) in all activities carried out by D724 Bilişim Hizmetleri Tic. A.Ş. aims to describe the personal data processing activity and the methods adopted for the protection of personal data in accordance with the Personal Data Protection Law No. 6698 (KVKK) in all kinds of activities carried out by D724 Bilişim Hizmetleri Tic. The Policy on the Protection and Processing of Personal Data aims to describe the methods adopted for the collection and processing of personal data by D724 Bilişim Hizmetleri Tic. A.Ş. includes the principles applied in the processes of collection, use, sharing, storage and destruction of personal data by D724 Bilişim Hizmetleri Tic. D724 Bilişim Hizmetleri Tic. A.Ş. It aims to inform the persons whose personal data are processed by the organization, especially the employees, visitors, citizens, employees of the organizations we cooperate with and third parties.
2. Scope
This Policy covers all personal data processed in the processes of our company by automated means or non-automated means, provided that they are part of any data recording system, by citizens who continue to be associated with our organization, employees of the organization, our visitors, employees of the organizations we cooperate with and third parties.
3. Authorities and Responsibilities
All employees, consultants, external service providers and anyone who stores and processes personal data before the organization in other ways are responsible for fulfilling these requirements in fulfilling the requirements regarding the destruction of data specified by the Law, Regulation and Policy within the organization.
Each business unit is obliged to store and protect the data it generates in its own business processes.
Destructions that will affect business processes and cause disruption of data integrity, data loss and results contrary to legal regulations will be decided by the relevant information systems department, taking into account the type of personal data, the systems in which it is located and the business unit performing the data processing.
It is the responsibility of the data controller contact person to notify or accept the notifications or correspondence made with the PDP Board on behalf of the data controller and to register in the registry.
4. Definitions and Abbreviations
Explicit Consent; Consent on a specific subject, based on information and expressed with free will.
Relevant User; Persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data.
Destruction; Deletion, destruction or anonymization of personal data.
Law; KVKK Personal Data Protection Law No. 6698.
Recording Medium; Any medium containing personal data that is fully or partially automated or processed by non-automated means, provided that it is part of any data recording system.
Personal Data; Any information relating to an identified or identifiable natural person.
Processing of Personal Data; Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.
Anonymization of Personal Data; Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
Deletion of Personal Data; Deletion of personal data, making personal data inaccessible and non-reusable in any way for the Relevant Users.
Destruction of Personal Data; The process of making personal data inaccessible, unrecoverable and non-reusable by anyone in any way.
Board; Personal Data Protection Board.
Sensitive Personal Data; Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
Periodic Destruction; The process of deletion, destruction or anonymization to be carried out ex officio at recurring intervals specified in the personal data storage and destruction policy in the event that all of the conditions for processing personal data specified in the Law disappear.
Data Owner/Related Person; The real person whose personal data is processed.
Data Processor; A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller.
Data Controller; The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Data Controller Contact Person and Assistants; Since the data controller is a legal person resident in Turkey, a data controller contact person has been appointed. Therefore, the main task of the contact person and his/her assistants is to determine the purposes and means of processing personal data and to be responsible for the establishment and management of the data recording system.
Regulation; Regulation on Deletion, Destruction or Anonymization of Personal Abbreviation Definition Data published in the Official Gazette on October 28, 2017.
5. Personal Data Protection and Processing Policy
D724 Bilişim Hizmetleri Tic. A.Ş. sets out the necessary measures and the process applied for the protection and processing of personal data in a concrete manner with the policy. In cases where this policy is incompatible with the relevant laws and regulations or if the policy is outdated in line with the updated legislation, D724 Bilişim Hizmetleri Tic. A.Ş. agrees to comply with the applicable legislation. This policy will be updated according to the changes in laws, regulations and legislation and D724 Bilişim Hizmetleri Tic. A.Ş. is revised to fulfill the legal requirements of the institution.
5.1. Ensuring the Security of Personal Data
D724 Bilişim Hizmetleri Tic. A.Ş. takes all necessary technical and administrative measures to ensure the appropriate level of security required for the protection of personal data.
12. Article 1. provided for in Art;
- To prevent unlawful processing of personal data,
- To prevent unlawful access to personal data,
- To ensure the protection of personal data.
It takes precautions.
D724 Bilişim Hizmetleri Tic. A.Ş. The measures it applies to ensure the security of personal data are detailed in the sub-articles.
5.1.1. Technical Measures
D724 Bilişim Hizmetleri Tic. A.Ş. The organization employs knowledgeable and experienced people to ensure data security and provides the necessary KVKK trainings to its personnel. Necessary internal controls are made for the established systems. Within the scope of the established systems, it operates the processes of risk analysis, data classification, information security risk assessment and business impact analysis. In line with these processes, technical measures are taken in accordance with technological developments. Infrastructure investments are made in accordance with the developing technology. Ensures the installation of software and hardware including virus protection systems and firewalls. It uses the versions of its systems that are up-to-date and have taken the necessary security measures against known vulnerabilities. Ensures that the authorizations of employees working in Technical Support Services to access personal data are kept under control. Makes access and authorization definitions in accordance with the legal compliance requirements determined on a business unit basis. Controls the compliance of accesses with authorizations. Reports the information obtained as a result of checking the security of the systems to the relevant parties. Points that pose a risk are identified and necessary technical measures are taken. It spreads awareness so that it is part of the corporate culture with a model that continuously operates technical measures to maintain the security of Personal Data. It ensures that the measures taken are kept alive continuously with controls.
5.1.2. Administrative Measures
D724 Bilişim Hizmetleri Tic. A.Ş. takes the necessary administrative measures to ensure the security of personal data and supervises the work of employees according to these measures. Defines access and authorizations in accordance with the legal compliance requirements determined on a business unit basis and at a level that will not cause disruption of business processes. Defines the authorizations and rules of access to personal data by employees working in the Technical Support unit. Employees are informed that they cannot disclose the personal data they have learned to anyone else in violation of the provisions of the KVK Law, cannot use it for purposes other than processing, and that this obligation will continue after they leave their duties. Necessary commitments are obtained from employees in this direction. Regarding the sharing of personal data with third parties, a framework agreement is signed with the persons with whom personal data is shared or data security is ensured with the provisions to be added to the agreements. Third parties with whom personal data is shared accept the provisions that they will take the necessary security measures to protect personal data and ensure compliance with these measures in their own organizations. If it is determined that the personal data processed despite the measures taken are obtained by others illegally, the data representative notifies the relevant person and the PDP Board. It is investigated how the personal data is obtained by others. D724 Bilişim Hizmetleri Tic. A.Ş. The institution implements the necessary administrative measures to eliminate the weakness it detects and takes technical measures if necessary.
5.1.3. Storing Personal Data in a Secure Environment
D724 Bilişim Hizmetleri Tic. A.Ş. takes the necessary technical and administrative measures to store the personal data it obtains in secure environments according to technological possibilities and application cost. Our rules and method for storing data in a secure environment are detailed in the "Data Storage and Destruction Policy".
5.1.4. Audits Conducted for the Sustainability of Personal Data Protection
D724 Bilişim Hizmetleri Tic. A.Ş. carries out the necessary audits in accordance with Article 12 of the KVK Law.
Ensures that internal and external audits are conducted to ensure the sustainability of Integrated Management Systems. Regularly performs penetration tests for technical vulnerabilities that may occur in the systems. Systems are regularly monitored by the IT department. In addition, system trace records are monitored to ensure security against cyber-attacks. Necessary technical and administrative measures are taken after management systems audits, data generated by warning systems and findings are identified after monitoring the systems. When unlawful access or processing of personal data is detected during the audits, it is reported to the Personal Data Protection Committee. The management of the organization is informed by the committee.
5.1.5. Measures Taken in Case of Unauthorized Disclosure of Personal Data
D724 Bilişim Hizmetleri Tic. A.Ş. notifies the relevant personal data owner and the PDP Board in case of unauthorized disclosure of personal data processed in accordance with Article 12 of the PDP Law.
If deemed necessary by the PDP Board, this situation may be announced on the website of the PDP Board or by another method.
5.1.6. Measures Implemented for Third Parties to Ensure the Protection of Personal Data
D724 Bilişim Hizmetleri Tic. A.Ş. mutually includes the necessary sanction clauses to prevent unlawful processing of personal data, to prevent unlawful access to data and to ensure the preservation of data in its contracts with third parties. Confidentiality agreements are signed before sharing information with third parties. Necessary information is provided to third parties to raise awareness.
5.1.7. Measures Implemented for the Protection of Sensitive Personal Data
Adequate measures must be taken for special categories of personal data, both due to their nature and because they may lead to victimization or discrimination. Article 6 of the KVK Law article, a number of personal data that have the risk of causing victimization or discrimination when processed unlawfully are determined as "special categories"
These data include data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
D724 Bilişim Hizmetleri Tic. A.Ş. takes the necessary measures for the protection of special categories of personal data that are determined as "special categories" by the KVK Law and processed in accordance with the law. Sensitivity is shown for sensitive personal data in technical and administrative measures taken to protect personal data.
D724 Bilişim Hizmetleri Tic. A.Ş. processes special categories of personal data provided that adequate measures to be determined by the PDP Board are taken. The explicit consent of the data owner is obtained before processing sensitive personal data. If the data owner does not have explicit consent, personal data can be processed with the authorization granted by law in accordance with the following criteria.
- Sensitive personal data other than the health and sexual life of the personal data owner, in cases stipulated by law,
- Sensitive personal data relating to the health and sexual life of the personal data subject can only be transferred to persons or authorized institutions and organizations under the obligation of confidentiality for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
5.1.8. Raising Awareness to Ensure Protection of Personal Data
Necessary information is provided to business units, trainings are organized and their effectiveness is measured in order to raise awareness to prevent unlawful processing of personal data, unlawful access to data and to ensure data protection. "Personal Data Protection and Processing Policy" and other related policies are published on our company's website. Employees of our organization have been informed about this policy.
Policies are revised and re-announced to employees in case of changes in relevant laws, regulations or legislation.
5.2. Principles for Processing Personal Data
Article 4, paragraph 2 of the KVK Law sets out the principles for the processing of personal data. D724 Bilişim Hizmetleri Tic. A.Ş. The institution processes personal data in accordance with the principles determined.
The processing of personal data is carried out in accordance with the following principles;
- Compliance with the law and good faith.
- Being accurate and, where necessary, up to date.
- Being processed for specific, explicit and legitimate purposes.
- Being relevant, limited and proportionate to the purpose for which they are processed.
- Being retained for the period stipulated in the relevant legislation or required for the purpose for which they are processed.
5.3. Conditions for Processing Personal Data
D724 Bilişim Hizmetleri Tic. A.Ş., as a public institution, processes a significant majority of the data it processes due to legal obligations and by using the powers it is obliged to use for the protection of public order. Pursuant to Article 5/2 of the relevant law, the full text of which you can access:
- Explicitly stipulated in the law.
- It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid.
- Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract.
- It is mandatory for the data controller to fulfill its legal obligation.
- It has been made public by the person concerned.
- Data processing is mandatory for the establishment, exercise or protection of a right.
- Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
For the situation that does not fall within the majority above, D724 Bilişim Hizmetleri Tic. A.Ş. processes personal data only by obtaining the explicit consent of the data subjects.
5.4. Purposes of Processing Personal Data
The purposes of processing personal data are detailed within the scope of the data inventory prepared by D724 Bilişim Hizmetleri Tic. A.Ş. are stated in detail within the scope of the data inventory prepared by D724 Bilişim Hizmetleri Tic. A.Ş. and the main purposes are stated here.
- In case of emergencies, contacting the persons provided by the personnel with their consent,
- Execution of information security processes,
- Conducting outreach activities,
- Conducting audit ethical activities,
- Execution of human resources processes,
- Execution of contract processes,
- Carrying out communication activities with customers, suppliers and service providers,
- Ensuring that customer demands and requests and necessary documents are provided, ensuring the employment of personnel within the customer work areas and providing the necessary working conditions, ensuring the provision of the necessary documents required within the scope of the contract,
- Execution of supply chain management processes,
- Execution of logistics activities,
- Providing the necessary GPS tracking system to ensure vehicle safety,
- Conducting employee performance evaluation processes and making fringe benefit payments,
- Execution of private health insurance processes,
- Conducting travel activities,
- Execution of goods and services procurement processes,
- To be able to meet the demands of authorized public institutions or organizations in disputes that may arise or in a judicial case that may occur,
- Fulfillment of legal obligations in relation to the employment of the employee,
- Ensuring the annual leave procedures of the personnel and following up the report procedures,
- Determination of wage policy and execution of execution, deduction, finance and accounting procedures,
- Ensuring follow-up of legal, litigation and court proceedings,
- Fulfillment of automatic private pension transactions,
- Monitoring the health conditions necessary for the employee to fulfill his/her duties,
- To be able to carry out the activities to be carried out within the framework of occupational health and safety, to carry out OHS training activities and to make evaluations,
- Training planning and tracking of employees who participated in actual trainings,
- Carrying out embezzlement and embezzlement transactions,
- Provision of periodic health services,
- Execution of power of attorney procedures and authorization,
- Identification and control of entries and exits to and from work,
- Ensuring follow-up of requests / complaints,
- Execution of power of attorney procedures and authorization,
- Execution of assignment processes,
- Conducting employee selection and placement processes,
- Identification and control of entries and exits to and from work,
- Carrying out management activities,
- The ability to record camera footage to ensure the security of physical space in the workplace due to privacy and security practices,
- To be able to carry out work accident processes, prepare the necessary minutes and report to the authorized expert,
- Fulfillment of the requirements determined by laws and regulations (tax legislation, social security legislation, labor law, law of obligations legislation, commercial law legislation, occupational health and safety law, legislation on electronic communication, etc. all relevant legislation)
- In order to fulfill the legal obligations specified in the KVKK, D724 Bilişim Hizmetleri Tic. A.Ş. is processed by the corporate departments.
5.5. Destruction of Personal Data
D724 Bilişim Hizmetleri Tic. A.Ş. destroys the personal data it obtains in line with the request of the personal data owners, if it is not mandatory to use it due to legal obligations and for the protection of public order. Personal data belonging to data subjects are destroyed based on the decision to be taken by the organization when the requirements for the continuation of the service to the citizens, the fulfillment of legal obligations, the planning of employee rights and fringe benefits are eliminated. The rules and methods regarding the destruction of personal data are detailed in the "Data Retention and Destruction Policy".
5.6. Transfer of Personal Data to Domestic Persons
D724 Bilişim Hizmetleri Tic. A.Ş. carefully complies with the conditions regulated in the KVKK regarding the sharing of personal data with third parties, without prejudice to the provisions of other laws. Within this framework, personal data are not transferred to third parties without the explicit consent of the data subject. However, in the presence of one of the following conditions regulated by the LPPD, personal data may be transferred without obtaining the explicit consent of the data subject:
- Explicitly stipulated in the law,
- It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
- Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract,
- It is mandatory for the data controller to fulfill its legal obligation,
- It has been made public by the data subject himself/herself,
- Data processing is mandatory for the establishment, exercise or protection of a right,
- Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
Provided that adequate measures are taken; it is stipulated in the laws in terms of personal data of special nature other than health and sexual life, and in terms of personal data of special nature related to health and sexual life,
- Protection of public health,
- Preventive medicine,
- Medical diagnosis,
- Carrying out treatment and care services,
- Your personal data may be transferred without obtaining explicit consent for purposes such as planning and management of health services and financing.
In the transfer of special categories of personal data, the conditions specified in the processing conditions of this data are complied with
5.7. Transfer of Personal Data to Persons Abroad
D724 Bilişim Hizmetleri Tic. A.Ş., regarding the transfer of personal data abroad, the explicit consent of the data owner is sought in accordance with Article 9 of the KVKK. However, in the presence of conditions under which personal data, including sensitive personal data, are allowed to be processed without the explicit consent of the data subject, personal data may be transferred abroad by our Authority without seeking the explicit consent of the data subject, provided that there is adequate protection in the foreign country to which the personal data will be transferred. If the country of transfer is not determined by the Board among the countries with adequate protection, our Authority and the data controller/data processor in the relevant country will undertake adequate protection in writing.
Categorization of Personal Data
D724 Bilişim Hizmetleri Tic. A.Ş. Personal data are divided into two categories: Data Subject Person Group and Data Type.
Data subject groups are declared as categories in the relevant data inventory prepared by D724 Bilişim Hizmetleri Tic. A.Ş. have been declared as categories in the relevant data inventory prepared by D724 Bilişim Hizmetleri Tic.
Data Type Categories;
Data Category | Personal Data Categorization Description |
Identity Information | Information contained in documents such as driver's license, identity card, residence card, passport, lawyer's ID card, marriage certificate (e.g. Turkish ID number, passport no., identity card serial no., name-surname, photograph, place of birth, date of birth, age, place of birth, place of registration, sample of identity card with passport) |
Contact Information | Information used to contact the person (e.g. e-mail address, telephone number, mobile phone number, address) |
Location Data | Data used to identify the location of the data subject (e.g. location data acquired during driving) |
Customer Transaction Information | Information regarding any transaction carried out by the customer using our services (e.g. requests and instructions, etc.) |
Physical Space Security Information | Personal data related to records and documents taken during entry to and stay in the physical space (e.g. entry and exit logs, visit information, camera recordings, etc.) |
Transaction Security Information | Personal data processed in order to ensure the technical, administrative, legal and commercial security of our organization and related parties (e.g. information such as website password and password that shows that the person is authorized to match the transaction associated with the personal data owner and to perform that transaction) |
Risk Management Knowledge | Personal data processed in order to manage the technical and administrative risks of our company (e.g. IP address, Mac ID etc. records) |
Financial Information | Personal data within the scope of information, documents and records showing all kinds of financial results created according to the type of legal relationship with the personal data owner (For example: information showing the financial result of the transactions made by the data owner, tax debt amount, card information, tax payments, interest amount and rate to be paid, debt balance, receivable balance, etc.). |
Personal Information | Personal data that are the basis for the formation of the personal rights of the employees of our organization's suppliers (all kinds of information and documents that must be included in the personal file by law) |
Employee Candidate Information | Personal data belonging to data subjects who share their information to apply for a job with our organization, used in the application evaluation process (e.g. CV, interview notes, personality test results, etc.) |
Employee Transaction Information | Personal data related to all kinds of business-related transactions carried out by our organization's supplier employees (e.g. entry-exit records, business travels, information about the meetings attended, security query, e-mail traffic monitoring information, vehicle usage information, corporate credit card expenditure information) |
Benefits and Benefits Information | Personal data processed for the follow-up of the side rights and benefits offered to the supplier employees of our company and for the supplier employees to benefit from them (e.g. private health insurance, vehicle allocation) |
Legal Procedure and Compliance Knowledge | Personal data processed for the determination and follow-up of legal receivables and rights and for the performance of debts and legal obligations (e.g. data contained in documents such as court and administrative authority decisions) |
Audit and Inspection Knowledge | Personal data processed within the scope of compliance with the policies of our company's legal obligations (e.g. audit and inspection reports, relevant interview records and similar records) |
Sensitive Personal Data | Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data |
Request/Complaint Management Information | Personal data related to the receipt and evaluation of any requests or complaints addressed to our organization (e.g. requests and complaints addressed to our organization, records and reports related to them) |
Audiovisual Data | Visual and audio recordings associated with the personal data subject (e.g. photographs, camera recordings and audio recordings) |
Knowledge of Professional Experience | Education data, Diploma information, courses attended, vocational training information, certificates, transcript information |
Dress and Dress Code | Information on Dress and Attire. (e.g: Provision of necessities for the employee, such as work clothes). |
Trade Union Information | Contains union information. |
Health Information | Personal health data are all kinds of data related to the physical and mental health of the person and information about the health services provided to the person. For example; data such as all kinds of test results, diseases the person has suffered, medications used are personal health data. Personal health data is special categories of personal data. Therefore, it is subject to the processing conditions of special categories of personal data regulated in the Law. |
Criminal Conviction and Security Measures | Information on criminal convictions includes information on security measures. |
Vehicle/Plate Information | It includes vehicle entry-exit and license plate information of persons, visitors, institutional vehicles and personnel. |
5.8. Printed Documents, Camera Recordings, Personal Data of Website Visitors,
5.8.1. Printed Document
In some cases, our organization receives personal data in printed documents for the services it provides to citizens (Membership Services, etc.). Such data are processed, stored and destroyed in accordance with the conditions specified in the KVK law.
5.8.2. Camera Recording
D724 Bilişim Hizmetleri Tic. A.Ş. In order to ensure security by our organization, personal data processing activities are carried out for the monitoring of guest entrances and exits with security cameras in our buildings and facilities. Personal data processing activity is carried out with the use of security cameras.
In this context, our Organization acts in accordance with the Constitution, PDP Law and other relevant legislation.
Image records of our visitors are taken by means of a camera surveillance system at the building, facility entrances and inside the facility.
Within the scope of monitoring activity with security cameras, our institution aims to increase the quality of the service provided, to ensure its reliability, and to ensure the security of the institution, citizens and other persons.
Our organization acts in accordance with the regulations in the KVK Law in carrying out camera surveillance activities for security purposes.
Camera surveillance activities carried out by our organization are carried out in accordance with the Law on Private Security Services and the relevant legislation.
Only a limited number of employees of the organization have access to the records recorded and maintained in the digital environment. Live camera footage can be viewed by outsourced security services. A limited number of persons who have access to the records declare that they will protect the confidentiality of the data they access with a confidentiality undertaking.
Our organization is authorized by the KVK Law under Article 12 of the KVK Law. In accordance with the article, necessary technical and administrative measures are taken to ensure the security of personal data obtained as a result of camera surveillance activities.
5.8.3. Personal Data of Website Visitors and Internet Access Point Service Personal Data Received
On the websites owned by our company; to ensure that people who visit these sites perform their visits on the sites in accordance with their purpose of visit; Internet movements within the site are recorded by technical means (e.g. cookies-cookie).
Detailed explanations regarding the protection and processing of personal data regarding these activities carried out by our organization are included in the "Cookie Policy" texts of the relevant websites.
Our organization provides free internet service at open points. Personal data are kept in accordance with the law 5651 (On the Regulation of Publications on the Internet and the Fight Against Crimes Committed Through These Publications) of the trace records of the service provided and for the verification of access information.
5.9. Rights of the Personal Data Subject
"Your data subject rights arising from the Law on the Protection of Personal Data", the full text of which is available on the KVKK website, are set out in Article 11 of the relevant law. are listed in the article and are as follows:
Article 11- (1) Everyone may, by applying to the data controller
- a) Learn whether personal data is being processed,
- b) Request information if personal data has been processed,
- c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
ç) To know the third parties to whom personal data are transferred domestically or abroad,
- d) To request correction of personal data in case of incomplete or incorrect processing,
You can exercise your rights mentioned in the above articles by filling out the D724 Bilişim Hizmetleri Tic. A.Ş. You can do this by filling out the "KVKK Request Form".
In accordance with the relevant law, the data controller, data controller representative and data controller contact person documents are as follows:
5.10. D724 Bilişim Hizmetleri Tic. A.Ş. Organization's Disclosure and Information Obligation
Article 10 of the LPPD article, data subjects must be informed before or at the latest during the acquisition of personal data. The information that should be communicated to data subjects within the framework of this disclosure obligation are as follows:
- Identity of the data controller and its representative, if any,
- The purpose for which personal data will be processed,
- To whom and for what purpose the processed personal data may be transferred,
- The method and legal grounds for collecting personal data,
- Other rights listed in Article 11 of the LPPD2.
On the other hand, Article 28(1) of the LPPD. Within the framework of the Article, there is no disclosure obligation in the cases listed below:
- Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that personal data are not disclosed to third parties and the obligations regarding data security are complied with,
- Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,
- Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that such processing does not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime,
- Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security.
- Processing of personal data by judicial or enforcement authorities in relation to investigations, prosecutions, trials or executions.
"Explicit Consent and Clarification Statement" for informing Data Subjects and obtaining their explicit consent Prepared.
5.11. Conditions for Deletion, Destruction and Anonymization of Personal Data
D724 Bilişim Hizmetleri Tic. A.Ş. deletes, destroys or anonymizes the personal data it obtains in line with the request of the personal data owners, if it is not mandatory to use it due to legal obligations and for the protection of public order. The rules and methods regarding the deletion, destruction and anonymization of personal data are detailed in the "Data Retention and Destruction Policy".
5.12. Working Principles of the Personal Data Protection Committee
D724 Bilişim Hizmetleri Tic. A.Ş. has established the "Personal Data Protection Committee" in order to fulfill the requirements of KVKK and to maintain its compliance.
The foremost aim and objective of the Personal Data Protection Committee:
- Protecting the right to privacy
- Protecting fundamental rights and freedoms of individuals
- To regulate the duties and powers of data processors
6. Reference Documents
- Law No. 6698 on the Protection of Personal Data,
- Regulation on Deletion, Destruction or Anonymization of Personal Data.
- Explicit Consent and Disclosure Statement
7. Related Documents
- Data Retention and Destruction Policy
8. Records
KVKK Application Request Form
Explicit Consent and Disclosure Statement
PERSONAL DATA STORAGE AND DESTRUCTION POLICY
1. INTRODUCTION AND PURPOSE OF THE POLICY
This Personal Data Storage and Destruction Policy ("Politics"), Law No. 6698 on the Protection of Personal Data ("KVKK" or "Law") and the Regulation on Deletion, Destruction or Anonymization of Personal Data ("Regulation"), D724 Bilişim Hizmetleri Tic.A.Ş., as the data controller, in order to fulfill our obligations pursuant to the Law on the Protection of Personal Data and to determine the maximum retention period required for the purpose for which personal data are processed and to use it as a basis for deletion, destruction and anonymization operations and to inform the relevant persons about these transactions.
2. SCOPE
This policy covers personal data and special categories of personal data as defined by the law and personal data defined by the law and special categories of personal data, which are kept by the organization, all employees, consultants of the organization and in all cases where personal data sharing is in question, its affiliates, suppliers and real and legal persons with whom the organization enters into other legal relations, these data are processed in whole or in part by automatic means or by non-automatic means provided that they are part of any data recording system. Unless otherwise stated in the Policy, personal data and special categories of personal data shall be collectively referred to as "Personal Data".
3. AUTHORIZATIONS AND RESPONSIBILITIES
All employees, consultants, external service providers and anyone who stores and processes personal data before the organization in other ways are responsible for fulfilling these requirements in fulfilling the requirements regarding the destruction of data specified by the Law, Regulation and Policy within the organization. Each business unit is obliged to store and protect the data it generates in its own business processes.
The responsibility for notifying or accepting the notifications or correspondence made with the PDP Board on behalf of the data controller and for transactions such as registration in the registry lies with the "Data Controller Contact Person. "
4. DEFINITIONS
Abbreviation | Definition |
Open Consent | Consent on a specific issue, based on information and freely given. |
Related User | Persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data. |
Destruction | Deletion, destruction or anonymization of personal data. |
Law / KVKK | Law No. 6698 on the Protection of Personal Data. |
Recording Environment | Any medium containing personal data that is fully or partially automated or processed by non-automated means, provided that it is part of any data recording system. |
Personal Data | Any information relating to an identified or identifiable natural person. |
Personal Data Processing | Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system. |
Anonymization of Personal Data Bringing | Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data. |
Deletion of Personal Data | Deletion of personal data; making personal data inaccessible and non-reusable in any way for the Relevant Users. |
Destruction of Personal Data | The process of making personal data inaccessible, irretrievable and non-reusable by anyone in any way. |
Board | Personal Data Protection Board. |
Sensitive Personal Data | Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data. |
Periodic Disposal | In the event that all of the conditions for processing personal data specified in the Law disappear, the deletion, destruction or anonymization process to be carried out ex officio at recurring intervals specified in the personal data storage and destruction policy. |
Data Owner/Related Person | The natural person whose personal data is processed. |
Data Controller | The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. |
Regulation | Regulation on Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette on October 28, 2017. |
5. RULES
D724 Bilişim Hizmetleri Tic.A.Ş. acts within the framework of the following principles in the storage and destruction of personal data:
- For the deletion, destruction and anonymization of personal data, it is necessary to comply with Article 4 of the Law. principles1 enumerated in Article 12. Article 6.2 of this Policy. act in full compliance with the technical and administrative measures specified in the article, the provisions of the relevant legislation, the decisions of the Board and this Policy
- All transactions regarding the deletion, destruction, anonymization of personal data are recorded by D724 Bilişim Hizmetleri Tic.A.Ş. and such records are kept for at least 1 year, excluding other legal obligations.
- Unless otherwise decided by the Board, we choose the appropriate method of ex officio deletion, destruction or anonymization of personal data. However, if requested by the Relevant Person, the appropriate method will be selected by explaining the justification.
- In the event that all of the conditions for processing personal data specified in Articles 5 and 6 of the Law are no longer applicable, personal data are deleted, destroyed or anonymized by D724 Bilişim Hizmetleri Tic.A.Ş. ex officio or upon the request of the data subject. In case D724 Bilişim Hizmetleri Tic.A.Ş. is applied by the Relevant Person in this regard;
- The requests are finalized within 30 (thirty) days at the latest and the relevant person is informed,
- In the event that the data subject to the request is transferred to third parties, this situation is notified to the third party to whom the data is transferred and it is ensured that necessary actions are taken before third parties
1 a) Compliance with the rules of law and good faith, b) Being accurate and, where necessary, up to date, c) Processing for specific, explicit and legitimate purposes, d) Being relevant, limited and proportionate to the purpose for which they are processed, e) To be kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed
6. EXPLANATIONS ON THE REASONS FOR RETENTION AND DESTRUCTION
Personal data belonging to data subjects are processed within the scope of the purposes determined within the scope of the data inventory made by D724 Bilişim Hizmetleri Tic.A.Ş. and the Verbis Notification, and are stored securely in the physical or electronic environments mentioned above within the limits specified in the KVKK and other relevant legislation.
The reasons for retention are as follows:
- Retention of personal data as it is directly related to the establishment and performance of contracts,
- Storing personal data for the purpose of establishing, exercising or protecting a right,
- It is mandatory to store personal data for the legitimate interests of D724 Bilişim Hizmetleri Tic.A.Ş., provided that it does not harm the fundamental rights and freedoms of individuals,
- Storage of personal data in order for D724 Bilişim Hizmetleri Tic.A.Ş. to fulfill any legal obligation,
- Legislation clearly stipulates the retention of personal data,
- Explicit consent of data subjects in terms of storage activities that require the explicit consent of data subjects. Pursuant to the Regulation, in the cases listed below, personal data belonging to data subjects shall be deleted, destroyed or anonymized by D724 Bilişim Hizmetleri Tic.A.Ş. ex officio or upon request.
Pursuant to the Regulation, in the cases listed below, personal data belonging to data subjects shall be deleted, destroyed or anonymized by D724 Bilişim Hizmetleri Tic.A.Ş. ex officio or upon request:
- Amendment or abolition of the provisions of the relevant legislation that constitute the basis for the processing or storage of personal data,
- The purpose requiring the processing or storage of personal data disappears,
- Law and 6. the conditions requiring the processing of personal data in the articles disappear.
- In cases where the processing of personal data takes place only on the basis of explicit consent, the data subject's withdrawal of consent,
- The person concerned is required to comply with Article 11 of the Law. Article (e) and The data controller accepts his/her application for the deletion, destruction or anonymization of his/her personal data within the framework of his/her rights in subparagraphs (f),
- In cases where the data controller rejects the application made by the data subject with the request for the deletion, destruction or anonymization of his/her personal data, his/her response is found insufficient or he/she does not respond within the period stipulated in the Law; filing a complaint to the Board and this request is approved by the Board,
- Although the maximum period for retaining personal data has elapsed, there are no circumstances that justify retaining personal data for a longer period.
7. STORAGE AND DISPOSAL PERIODS
In determining the retention and destruction periods of your personal data obtained by D724 Bilişim Hizmetleri Tic.A.Ş. in accordance with the provisions of KVKK and other relevant legislation, the following criteria are used respectively:
- If a period of time is stipulated in the legislation regarding the storage of the personal data in question, this period shall be observed. 2. shall be processed within the scope of the subparagraph.
- In the event that the period stipulated in the legislation regarding the storage of the personal data in question expires or if no period is stipulated in the relevant legislation regarding the storage of the data in question, respectively;
- Personal data are classified as personal data and personal data of special nature based on the definition in Article 6 of the KVKK. All personal data determined to be of special nature are destroyed. The method to be applied in the destruction of the data in question depends on the nature of the data and the degree of importance of its storage in D724 Bilişim Hizmetleri Tic.A.Ş.
- The compliance of the storage of the data with the principles specified in Article 4 of the KVKK, for example; It is questioned whether D724 Bilişim Hizmetleri Tic.A.Ş. has a legitimate purpose in storing the data. Data that is determined to be contrary to the principles set out in Article 4 of the LPPD shall be deleted, destroyed or anonymized.
- The retention of the data is required by the LPPD 5. and 6 of the exemptions stipulated in Article 6 of the Turkish Commercial Code. Within the framework of the identified exceptions, reasonable periods for data retention are determined. Upon expiration of such periods, the data shall be deleted, destroyed or anonymized
You can access the retention, destruction and periodic destruction periods determined by D724 Bilişim Hizmetleri Tic.A.Ş. from the "Personal Data Processing Inventory" attached to the Policy.
Personal data whose retention period has expired shall be destroyed in accordance with the procedures set out in the Policy in 6-month periods within the framework of the destruction periods in the annex of the Policy.
All transactions regarding the deletion, destruction and anonymization of personal data are recorded and such records are kept for at least 6 months, excluding other legal obligations.
8. PROCEDURES FOR STORAGE AND DESTRUCTION OF PERSONAL DATA BY D724 BİLİŞİM HİZMETLERİ TİC.A.Ş.
RECORDING MEDIA
Personal data belonging to data subjects are securely stored by D724 Bilişim Hizmetleri Tic.A.Ş. in the environments listed in the table below in accordance with the relevant legislation, especially the provisions of KVKK, and within the framework of international data security principles:
- Electronic media:
- Servers (domain, backup, e-mail, database, web, file sharing, etc.)
- Software (office software, portal,)
- Information security devices (firewall, intrusion detection and prevention, log file, antivirus, etc.)
- Personal computers (desktop, laptop)
- Optical disks (CD, DVD, etc.)
- Removable memory sticks (USB, Memory Card, etc.)
- Printer, scanner, photocopier
- Physical environments:
- Paper
- Written, printed, visual media, forms and documents
9. TECHNICAL AND ADMINISTRATIVE MEASURES
All administrative and technical measures taken by D724 Bilişim Hizmetleri Tic.A.Ş. within the framework of the principles in Article 12 of the KVKK in order to store your personal data securely, to prevent unlawful processing, access and to destroy the data in accordance with the law are listed below:
- Administrative Measures:
D724 Bilişim Hizmetleri Tic.A.Ş. under administrative measures;
- Restricts in-house access to stored personal data to the personnel who are required to access it by job description. In limiting access, whether the data is of special nature and the degree of importance are also taken into account.
- In the event that the processed personal data is obtained by others through unlawful means, it shall notify the relevant person and the Board as soon as possible.
- Regarding the sharing of personal data, it signs a framework agreement on the protection of personal data and data security with the persons with whom personal data is shared, or ensures data security with the provisions added to the existing agreement.
- It employs personnel who are knowledgeable and experienced in the processing of personal data and provides the necessary training to its personnel within the scope of personal data protection legislation and data security.
- It shall carry out and have carried out the necessary audits to ensure the implementation of the provisions of the Law within its own legal entity. It addresses privacy and security weaknesses revealed as a result of audits.
- Technical Measures:
D724 Bilişim Hizmetleri Tic.A.Ş. within the scope of technical measures;
- Performs the necessary internal controls within the scope of the established systems.
- Carries out the processes of information technologies risk assessment and business impact analysis within the scope of the established systems.
- Ensures that the technical infrastructure to prevent or monitor the leakage of data outside the organization is provided and the relevant matrices are created.
- It ensures the control of system vulnerabilities by receiving penetration testing services on a regular basis and when the need arises.
- Ensures that the access authorizations of employees working in IT units to personal data are kept under control.
- Destruction of personal data is ensured in such a way that it cannot be recycled and leaves no audit trail.
- Pursuant to the article of the Law, any digital media where personal data is stored shall be protected by encrypted or cryptographic methods to ensure information security requirements.
10. STAFF
You can access the titles, units and job descriptions of the personnel involved in the personal data storage and destruction process from the list in Annex-1 of this Policy.
11. PERSONAL DATA DESTRUCTION PROCEDURES
Personal data obtained by D724 Bilişim Hizmetleri Tic.A.Ş. in accordance with the LPPD and other relevant legislation shall be destroyed by D724 Bilişim Hizmetleri Tic.A.Ş. ex officio or upon the application of the Data Subject in accordance with the provisions of the Law and the relevant legislation in the event that the personal data processing purposes listed in the Law and the Regulation are eliminated.
- Techniques for Deletion and Destruction of Personal Data:
The procedures and principles regarding the deletion and destruction techniques of personal data by D724 Bilişim Hizmetleri Tic.A.Ş. are listed below:
Deletion of Personal Data:
Secure Deletion from Software : When deleting data processed by fully or partially automated means and stored in digital media; Methods are used to delete the data from the relevant software in such a way as to make it inaccessible and non-reusable in any way for the Relevant Users.
Deleting the relevant data in the software system by issuing a delete command; removing the access rights of the relevant user on the file or the directory where the file is located on the central server; deleting the relevant rows in databases with database commands; or deleting data on portable media, i.e. flash media, using appropriate software can be considered within this scope.
However, if the deletion of personal data will result in the inability to access and use other data within the system, provided that the following conditions are met, personal data will also be deemed deleted if the personal data is archived by making it unassociated with the person concerned.
- Not accessible to any other institution, organization or person,
- Taking all necessary technical and administrative measures to ensure that personal data is accessed only by authorized persons.
Secure Erasure by an Expert: In some cases, it may hire an expert to erase personal data on its behalf. In this case, personal data will be securely deleted by the person who is an expert in this field in a way that will make it inaccessible and unusable for the Relevant Users in any way.
Blackout of Personal Data on Paper Media : It is the method of physically cutting and removing the relevant personal data from the document or making it invisible by using fixed ink so that it cannot be reversed and cannot be read with technological solutions in order to prevent the misuse of personal data or to delete the data requested to be deleted.
Destruction of Personal Data:
Physical Destruction : Personal data may also be processed by non-automatic means, provided that it is part of any data recording system. When destroying such data, the system of physically destroying the personal data in such a way that it cannot be used afterwards is applied.
- Techniques for Anonymization of Personal Data:
The procedures and principles regarding the anonymization techniques of personal data by D724 Bilişim Hizmetleri Tic.A.Ş. are listed below:
Anonymization Methods that Do Not Provide Value Irregularity
Anonymization methods that do not provide value irregularity are anonymization methods applied by generalizing, interchanging or removing a specific data or sub-data group from any personal data group without making any changes or additions/subtractions to the personal data being stored.
STAFF | TASK | RESPONSIBILITY |
Directorate of Financial and Administrative Affairs | Responsible for the implementation of the personal data retention and destruction policy as the Directorate of Financial and Administrative Affairs as the Data Processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duty |
Technical Services Directorate | Technical services as Data Processor - responsible for implementing the personal data retention and destruction policy | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duty |
Administrative Affairs Management | In the capacity of data processor, the administrative affairs management unit is responsible for the implementation of the personal data retention and destruction policy | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duty |
Accounting Unit Management | Accounting unit management personal data retention and destruction policy application responsible | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duties |
Human Resources and Quality Management | Human Resources and Quality Management Personal Data Retention and Destruction Policy Implementation Officer | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duties |
Field Services Management | Field Services Management Personal Data Storage and Destruction Policy Application Responsible | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duties |
Maintenance and Repair Management | Maintenance and repair management personal data retention and destruction policy application responsible | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duties |
Warehouse and Logistics Unit | Responsible for the implementation of the personal data retention and destruction policy as a warehouse and logistics unit as a data processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duty |
Technical Support Management | Responsible for the implementation of the personal data retention and destruction policy as a technical support manager as a data processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duty |
Service Management | Responsible for the implementation of the personal data retention and destruction policy as a service manager in the capacity of data processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within its duty |
Outsourcing Unit | Responsible for the implementation of the personal data retention and destruction policy as an outsourcing unit as a data processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance of the processes within the scope of its duty with the retention period |
Support Management | Responsible for the implementation of the personal data retention and destruction policy as a support manager as a data processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duty |
EUC Management | Responsible for the implementation of the personal data retention and destruction policy as EUC management as a data processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duties |
External Source | Responsible for the implementation of personal data retention and destruction policy as an outsourced data processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance of the processes within the scope of its duty with the retention period |
PSO Unit | Responsible for the implementation of the personal data retention and destruction policy as a PSO unit as a data processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duties |
Contract and Process Specialist | Responsible for the implementation of the personal data retention and destruction policy as a control and process expert as a data processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duties |
System and Virtualization Management | Responsible for the implementation of the personal data retention and destruction policy as a system and virtualization administrator as a data processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duty |
Network and Security Management | Responsible for the implementation of personal data retention and destruction policy as network and security administrator in the capacity of data processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within the scope of its duty |
System Monitoring | Responsible for the implementation of the personal data retention and destruction policy as a system monitoring unit as a data processor. | Management of the personal data destruction process in accordance with the periodic destruction period by ensuring compliance with the retention period of the processes within its duty |
Anonymization Methods Providing Value Irregularity
In anonymization methods that provide value irregularity, unlike those that do not provide value irregularity, it creates distortion by changing some data in personal data groups. When using these methods, deviations from the expected/desired benefits will need to be applied with caution. By ensuring that aggregate statistics are not distorted, the expected benefit of the data can continue to be achieved.
Article 28 of the LPPD Pursuant to the article, if personal data are processed for purposes such as research, planning and statistics by anonymizing them with official statistics, this situation will be outside the scope of the Law and explicit consent will not be required.
12. OTHER MATTERS
In case of incompatibility between the provisions of the KVKK and other relevant legislation and this Policy, the provisions of the KVKK and other relevant legislation will be applied first.
This Policy prepared by D724 Bilişim Hizmetleri Tic.A.Ş. entered into force on 17.05.2022. In case of changes in the Policy, the effective date of the Policy and the relevant articles will be updated accordingly. The update table is included in Annex-3.
13. D724 BIİLİŞİM HİZMETLERİ TİC.A.Ş.
ANNEX 1
STORAGE AND DESTRUCTION PERIODS
The retention and destruction periods of the data processed by the Agency are determined on a process basis in the Personal Data Processing Inventory, and the said Inventory will be accessible through the Agency.
D724 Bilişim Hizmetleri Tic.A.Ş. Tic. A. Ş's purpose of using the relevant personal data has not ended, if the retention period stipulated for the relevant personal data pursuant to the relevant legislation is longer than the periods in the table or if the statute of limitations for litigation regarding the relevant subject requires the personal data to be stored for longer than the periods in the table, the periods in the table may not be applied. In this case, whichever of the purpose of use, special legislation or the statute of limitations for litigation expires later, that period will be applied.
14. PERSONS IN CHARGE OF STORAGE AND DISPOSAL PROCESSES
The Club appoints a "Personal Data Protection Committee" or a person or persons who will be responsible for the fulfillment of the actions determined by the senior management for compliance, in order to manage this policy and other policies related and related to this policy, the processing and destruction processes specified in these policies.
The work to be carried out by the relevant person or committee in this context:
- Preparation and follow-up of documents related to the design of processes for the protection and processing of personal data and submission of these to the approvals of the relevant persons,
- Ensuring the implementation of the documents on the protection and processing of personal data and conducting the necessary audits,
- Follow-up of relations and correspondence with the PDP Authority and the PDP Board.
15. PUBLICATION AND UPDATING OF THE POLICY
This Policy is available on the club's website ( www.d724.com.tr ) published and made available to personal data subjects upon request.
This Policy shall be updated as and when necessary and the amendment shall enter into force by being published on the website.
DISCLOSURE TEXT ON PERSONAL DATA PROCESSED WITH THE JOB APPLICATION FORM
This disclosure text is in accordance with Article 10 of the Law No. 6698 on the Protection of Personal Data ("KVKK"). D724 Bilişim Hizmetleri Tic. A.Ş. as the data controller within the scope of the Communiqué on the Procedures and Principles to be followed in the Fulfillment of the Disclosure Obligation . A.Ş. as the data controller.
D724 Bilişim Hizmetleri Tic. A.Ş. , we show great sensitivity to the processing and storage of all kinds of personal data belonging to you in the best possible way and with care. In accordance with the Law No. 6698 on the Protection of Personal Data, your personal data; Within the scope of D724 Bilişim Hizmetleri Tic. A.Ş. within the scope of the purposes described below; It will be able to process, record, store, store, classify, update, and disclose/transfer to third parties in accordance with the law and honesty rules and in cases permitted by the legislation and / or limited to the purpose for which they are processed. With the awareness of this responsibility, as Data Controller within the scope of the Law No. 6698 on the Protection of Personal Data and the relevant legislation www.d724.com.tr We process your personal data as detailed in the Personal Data Processing Policy available on the website.
Within the scope of Law No. 6698 on the Protection of Personal Data and related legislation, D724 Bilişim Hizmetleri Tic. A.Ş., in its capacity as Data Controller, obtains the information of employee candidates through the job application form.
PURPOSE OF PROCESSING YOUR PERSONAL DATA
Your personal data may be processed by D724 Bilişim Hizmetleri Tic. A.Ş. in accordance with KVKK;
- To evaluate the candidate's qualifications, experience, interest and suitability for the vacant position,
- If necessary, checking the accuracy of the information provided by the candidate or contacting third parties to make reference checks on the candidate,
- To be able to carry out the application processes of employee candidates,
- Communicating with the candidate about the application and recruitment process,
- It is processed within the purposes determined for the purposes of carrying out the activities in accordance with the legislation.
METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA
Your personal data processed "Identity Information, Contact Information, Education Information, Reference Information, Professional Experience Information," within the scope of Article 5/2-f and 5/2-c of Law No. 6698, provided that the data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject, Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract, Your "explicit consent" for your sensitive personal data processed in line with D724 Bilişim Hizmetleri Tic. A.Ş. is processed by the human resources department authorized by D724 Bilişim Hizmetleri Tic. A.Ş. in the digital environment of the website and e-mail through the filling of the job application form by the relevant person.
TRANSFER AND STORAGE OF PERSONAL DATA
Such transfer transactions are carried out by our Company in accordance with the provisions regulated by the KVKK. Your personal data will be processed for the above-mentioned purposes and in accordance with the Law 8. and 9. under the conditions set out in Article 9:
Your personal data processed within the country;
- Judicial authorities or relevant law enforcement agencies upon request in accordance with the relevant legislation,
- In order to better evaluate the prospective employee, they are transferred to the group company.
In this context, personal data processed based on your explicit consent and in line with legitimate interests will be processed for the specified purposes and methods for a period of 1 Year and will be kept in accordance with the Law unless you withdraw your explicit consent.
D724 Bilişim Hizmetleri Tic. A.Ş. as Data Controller within the scope of the Law No. 6698 on the Protection of Personal Data and the relevant legislation, the principles adopted by D724 Bilişim Hizmetleri Tic. A.Ş. regarding the processing, storage and destruction of your personal data in detail www.d724.com.tr You can review the Personal Data Processing Policy and the Data Retention and Destruction Policy at the address of _COPY .
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
Pursuant to Article 11 of the Law on the Protection of Personal Data, you have the following rights:
- To learn whether your personal data is being processed or not, to request information regarding the processing of your personal data,
- To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
- To know the third parties to whom your personal data is transferred,
- To request correction of your personal data in case of incomplete or incorrect processing, and to request that this situation be notified to third parties to whom your personal data has been transferred if you exercise this right,
- To request the deletion or destruction of your personal data in the event that the reasons for processing your personal data disappear, and to request that this situation be notified to third parties to whom your personal data has been transferred if you exercise this right,
- To object to the result about you resulting from the analysis of the information we obtain through automated systems and to claim compensation if you suffer damage.
Article 11 of the Law on the Protection of Personal Data titled "Rights of the Data Subject" By filling out the D724 Bilişim Hizmetleri KVKK Application Form according to the "Communiqué on the Procedures and Principles of Application to the Data Controller" Şerifali Mah. Emin Sk. No:8 Ümraniye/ISTANBUL address in writing, signed with a "secure electronic signature" and sent via Registered Electronic Mail (KEP) dyediyirmididort @hs01.kep.tr address or via e-mail d724ik @d724.com.tr You can send a message to.
Our Company finalizes the requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. Relevant persons will be responded to in writing or electronically within the legal deadlines. However, if the transaction in question requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board may be charged.
Pursuant to Law No. 6698 on the Protection of Personal Data, D724 Bilişim Hizmetleri Tic. A.Ş., I hereby accept and declare that I have explicit consent to the processing of my personal data that I have notified to D724 Bilişim Hizmetleri Tic. A.Ş. as stated above, that I know my rights granted to me by the law and that I have read and understood its content and that I consent to its processing.
CLARIFICATION TEXT APPROVAL
Pursuant to the Law No. 6698 on the Protection of Personal Data, I accept and declare that I have read and understood the clarification text detailed above, which I have submitted for the D724 Bilişim Hizmetleri Tic.A.Ş. website contact form.
WEBSITE CONTACT DISCLOSURE TEXT
This disclosure text is in accordance with Article 10 of the Law No. 6698 on the Protection of Personal Data ("KVKK"). D724 Bilişim Hizmetleri Tic.A.Ş. has been prepared by D724 Bilişim Hizmetleri Tic.A.Ş . as the data controller within the scope of the Communiqué on the Procedures and Principles to be Followed in Fulfillment of the Disclosure Obligation.
As D724 Bilişim Hizmetleri Tic.A.Ş. , we show great sensitivity to the processing and storage of all kinds of personal data belonging to you in the best possible way and with care. Pursuant to the Law No. 6698 on the Protection of Personal Data, your personal data; As D724 Bilişim Hizmetleri Tic.A.Ş., within the scope of the purposes described below; It will be able to process, record, store, store, classify, update, and disclose / transfer to third parties in accordance with the law and honesty rules and in cases permitted by the legislation and / or limited to the purpose for which they are processed. With the awareness of this responsibility, as Data Controller within the scope of the Law No. 6698 on the Protection of Personal Data and the relevant legislation www.d724.com.tr We process your personal data as detailed in the Personal Data Processing Policy available on the website.
Within the scope of Law No. 6698 on the Protection of Personal Data and related legislation, D724 Bilişim Hizmetleri Tic. A.Ş., as the Data Controller, the personal data received from the relevant persons for the "website contact form";
- Name, surname, company name credentials
- E-mail and telephone contact information is received.
PURPOSE OF PROCESSING YOUR PERSONAL DATA
- Conducting communication activities,
- Ensure that the contact person is informed about products and services,
- Recording your requests and complaints,
- Utilizing the services of our brands,
- D724 Bilişim Hizmetleri Tic. A.Ş. is processed for the purposes of determining and implementing commercial and business strategies and carrying out marketing processes.
METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA
Your processed personal data will be processed in accordance with Article 5 of the Law on the Protection of Personal Data. "theexplicit consent of the person concerned and data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject'' Based on legal reasons, D724 Bilişim Hizmetleri Tic.A.Ş. processes your personal data by the data processors assigned by the company by obtaining the data by electronic methods through the website.
TRANSFER OF PERSONAL DATA
Your personal data will be processed for the above-mentioned purposes and in accordance with the Law 8. and 9. under the conditions set out in Article 9:
- Such transfer transactions are carried out by our Company in accordance with the provisions regulated by the KVKK. In case of any legal disputes, your personal data may be transferred to public institutions, judicial authorities or relevant law enforcement agencies for the settlement of legal disputes or upon request in accordance with the relevant legislation,
- To our business partner in order to carry out request and complaint processes and to provide communication activities,
- Such foreign transfer transactions by our company are transferred to servers abroad through our contracted suppliers that we receive services from within the country and abroad due to IT partnerships that our company can use, within the specified purposes, provided that adequate measures are taken based on your explicit consent or within the framework of the security and confidentiality principles specified in the Law.
STORAGE AND DESTRUCTION OF PERSONAL DATA
Our Company stores personal data in line with the purpose of processing personal data in a manner proportionate to the purpose of processing. In this context, personal data processed on the basis of your explicit consent and in line with legitimate interests will be processed for the purposes and methods specified unless and until you withdraw your explicit consent and will be kept in accordance with the Law.
For detailed information on storage and destruction procedures and periods www.d724.com.tr You can review the Data Retention and Destruction Policy at the address.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
D724 Bilişim Hizmetleri Tic.A.S. In detail, the principles adopted by the Companyin its capacity as Data Controller within the scope of the Personal Data Protection Law No. 6698 and the relevant legislation regarding the processing of your personal data and the rights of the person concerned in accordance with Article 11 within the scope of the Personal Data Protection Law www.d724.com.tr You can review it from the Personal Data Processing Policy at the address.
Article 11 of the Law on the Protection of Personal Data titled "Rights of the Data Subject" By filling out the D724 Bilişim Hizmetleri KVKK Application Form according to the "Communiqué on the Procedures and Principles of Application to the Data Controller" Şerifali Mah. Emin Sk. No:8 Ümraniye/ISTANBUL address in writing, signed with a "secure electronic signature" and sent via Registered Electronic Mail (KEP) dyediyirmididort @hs01.kep.tr address or via e-mail d724ik @d724.com.tr You can send a message to.
Our Company finalizes the requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. Relevant persons will be responded to in writing or electronically within the legal deadlines. However, if the transaction in question requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board may be charged.
CLARIFICATION TEXT APPROVAL
Pursuant to the Law No. 6698 on the Protection of Personal Data, I accept and declare that I have read and understood the clarification text detailed above, which I have submitted for the D724 Bilişim Hizmetleri Tic.A.Ş. website contact form.
EXPLICIT CONSENT TEXT APPROVAL
Pursuant to Law No. 6698 on the Protection of Personal Data, D724 Bilişim Hizmetleri Tic.A.Ş. has informed me that I have read, examined, evaluated and understood the information provided to me through the clarification text above regarding the processing and transfer of my personal data detailed above, that I have explicit consent to the processing and transfer of my personal data by D724 Bilişim Hizmetleri Tic.A.Ş. as the data controller, I hereby accept and declare that I have explicit consent to the processing of my personal data by D724 Bilişim Hizmetleri Tic. A.Ş. for the purposes specified above and the transfer of my personal data to business partners, that I know my rights granted to me by the law and that I have read and understood its content and consent to its processing. ...../...../.........
RELATED PERSON
Name Surname
Signature