Enlightenment Text for Personal Data Protection

PERSONAL DATA PROTECTION AND CONFIDENTIALITY PRINCIPLES
ENGLIGHTENMENT TEXT

1. PURPOSE AND SCOPE

Netoloji Yazılım A.Ş (“the Company” or “Data Supervisor”) regulates the principles it has adopted for the protection of personal data by this Personal Data Protection and Confidentiality Principles (“the Principles”) , and specifies the principles to process personal data belonging to Customer, Supplier / Business Partner Official, Employee Candidate, Online Visitor (“Contact Groups”), and aims to inform these groups in this regard.

2. PERSONAL DATA PROCESSING PRINCIPLES

As the company, we process your personal data within the framework of the following principles, as the Data Supervisor.

2.1 Processing in Compliance with the Law and the Rules of Good Faith

For processing the personal data, the principles imposed by legal regulations and general trust and honesty rule are complied with.

2.2 Ensuring that Personal Data is Accurate and Updated when Required

Periodical controls and updates are conducted and necessary precautions are taken in order to ensure that the processed data are accurate and updated by taking into your legitimate interests.

Systems for checking the accuracy of personal data and carrying out the necessary corrections are established within the Company in this regard.

2.3 Processing for Specific, Clear and Legitimate Purposes

Your personal data are processed based on clear, specific and legitimate data processing purposes.

2.4 Being Related, Limited and Measured for the Purpose of Processing

Your personal data are processed in a measured, relevant and limited manner in order to achieve the desired purpose / purposes, and it is avoided to process personal data if not relevant or necessary for achieving the desired purposes.

2.5 Being stored for the period provided for in the relevant legislation or required for the purpose for which they are processed.

Your personal data is only stored for the period provided for in the relevant legislation or required for the purpose for which they are processed.

In this regard, firstly it is determined whether a period is stipulated for the storage of personal data in the relevant legislation, and if any period has been determined, this period is complied with; otherwise, personal data are stored for the time required for the purpose for which they are  processed.

If the period expires or the reasons to process the personal data become no longer valid, and in case of no legal reason to allow them to be processed for a longer period of time, your personal data are deleted, destroyed or anonymized in accordance with the relevant legislation.

3.CONDITIONS OF PROCESSING PERSONAL DATA

Your personal data is processed by the Company within the framework of the following conditions.

3.1 Being Stipulated in Laws

In cases where processing personal data is explicitly stipulated by laws, your personal data might be processed.

3.2 Failure to Obtain Explicit Consent of the Relevant Person Due to Actual Impossibility

In cases where it is mandatory to process the personal data of a person who cannot express their explicit consent or whose consent cannot be considered valid, in order to protect the life or body integrity of the person concerned or another person, your personal data might be processed.

3.3 Being Directly Related to the Establishment or Performance of the Contract

On the condition of being directly related to the establishment or performance of the contract, and if it is necessary to process the personal data of contractual parties, your personal data might be processed.

3.4 Fulfilling the Legal Obligation of the Company

If processing is mandatory to fulfill the legal obligations as data supervisor, your personal data might be processed.

3.5 Making Personal Data Public

If you have already made personal data public, your personal data might be processed.

3.6 Requirement to Process Data for Establishment or Protection of a Right

If it is mandatory to process personal data for establishment, exercise or protection of a right, your personal data might be processed.

3.7 Processing Data Based on Legitimate Interest

If data processing is required for the legitimate interests of the Company, your personal data might be processed.

3.8 Processing Data Based on Explicit Consent

In cases where your personal data cannot be processed based on any of the conditions specified in these Principles, they are processed based on explicit consent.

4.PURPOSES OF PROCESSING PERSONAL DATA

Personal data might be processed for the following purposes based on the relevant groups within the framework of personal data processing terms stipulated in Article 5 and 6 of Law no. 6698 in the Company.

4.1 CUSTOMER

Customer personal data are processed for the purposes of carrying out after-sales support services for goods and services, carrying out goods and service sales processes, conducting goods and service production and operation processes, conducting audit / ethical activities, conducting activities in accordance with the legislation, carrying out financial and accounting affairs, monitoring and executing legal affairs, internal audit / investigation / intelligence activities, follow-up of requests and complaints, carrying out and controlling business activities, receiving and evaluating suggestions for improving business processes, conducting business continuity activities, conducting customer relations management processes, conducting activities aimed at customer satisfaction, advertising / campaign / promotion carrying out processes, carrying out contract processes, carrying out communication activities, which are the subject of your disclosure of your personal data to us within the scope of personal data processing conditions specified in Articles 5 and 6 of Law No.6698.

4.2 EMPLOYEE CANDIDATE

Personal data of Employee Candidate are processed for the purposes of carrying out personnel recruitment processes, planning and execution of human resources processes, conducting the application processes of employee candidates and conducting activities in accordance with the legislation within the scope of personal data protection terms stipulated in the Article 5 and 6 of Law no. 6698.

4.3 THIRD PARTIES

Personal data of third parties are processed for the purposes of carrying out personnel procurement processes, carrying out service sales processes, carrying out activities in accordance with the legislation, follow-up and carrying out legal affairs, carrying out contract processes, follow-up of requests and complaints, carrying out and supervising business activities, carrying out  business continuity activities, carrying out customer relations management processes, advertising / carrying out campaign / promotion processes and communication activities within the scope of personal data protection terms stipulated in the Article 5 and 6 of Law no. 6698.

4.4 AUTHORIZED PERSON OF SUPPLIER / BUSINESS PARTNER

Personal data of Authorized Person of Supplier / Business Partner are processed for the purposes of carrying out goods and service procurement processes, conducting activities in accordance with the legislation, conducting financial and accounting affairs, conducting and auditing business activities, conducting contract processes, conducting communication activities and providing information to authorized persons, institutions and organizations within the scope of personal data protection terms stipulated in the Article 5 and 6 of Law no. 6698.

4.5 ONLINE VISITOR

Personal data of Online Visitors might be processed for the purposes of carrying out marketing analysis studies, carrying out advertising / campaign / promotion processes, carrying out communication activities, carrying out studies to develop products and services, fulfilling legal obligations within the scope of personal data protection terms stipulated in the Article 5 and 6 of Law no. 6698.

5.TRANSFER OF PERSONAL DATA

Your personal data might be transferred to our business partners, suppliers, legally authorized public institutions and private persons located in Turkey and abroad as limited to the framework of the principles and purposes stipulated in Articles 3 and 5 of this Confidentiality and Personal Data Protection Principles and the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law No. 6698.

6.METHOD AND LEGAL REASON TO COLLECT PERSONAL DATA

Your personal data delivered to the Company in electronic media are processed in the following ways.

6.1 CUSTOMER

Customer personal data are processed in physical and electronic environments, by means of written or verbal data transfer, by being received from the person or third party as part of the data registration system, fully or partially automatic or non-automatic on the condition of being part of any data registration system, based on the legal reasons of “obtaining the explicit consent of the relevant person”, “clearly stipulated in the law”, “required for the fulfillment of the legal obligation of the data controller”, “mandatory data processing for the establishment and protection of a right”, “Being directly related to the establishment or execution of a contract, being necessary to process personal data belonging to the parties of the contract” and “being mandatory for the legitimate interests of the data controller on the condition of not causing any harm on the fundamental rights and freedoms of the data subject” stipulated by Article 5 of Law no. 6698.

6.2 EMPLOYEE CANDIDATE

Personal data of Employee Candidate are processed in physical and electronic environments, by means of written or verbal data transfer, by being received from the person or third party as part of the data registration system, fully or partially automatic or non-automatic on the condition of being part of any data registration system, based on the legal reasons of “ Being necessary for the data controller to fulfill their legal obligation”, “Being necessary to process personal data belonging to the parties of the contract on the condition of being directly related to the establishment or performance of a contract” and “Being mandatory for the legitimate interests of the data controller, on the condition of not causing any harm on the fundamental rights and freedoms of the data controller” stipulated by Article 5 of Law no. 6698.

6.3 THIRD PARTIES

Personal data of third parties are processed in physical and electronic environments, by means of written or verbal data transfer, by being received from the person or third party as part of the data registration system, fully or partially automatic or non-automatic on the condition of being part of any data registration system, based on the legal reasons of “obtaining the explicit consent of the data subject”, “being necessary for the fulfillment of the legal obligation of the data controller”, “being mandatory to process data for the establishment, exercise and protection of a right” and “being mandatory for the legitimate interests of the data controller on the condition of not causing any harm on the fundamental rights and freedoms of the data controller” stipulated by Article 5 of Law no. 6698.

6.4 AUTHORIZED PERSON OF SUPPLIER / BUSINESS PARTNER

Personal data of authorized person of supplier / business partner are in physical and electronic environments, by means of written or verbal data transfer, by being received from the person or third party as part of the data registration system, fully or partially automatic or non-automatic on the condition of being part of any data registration system, based on the legal reasons of “obtaining the explicit consent of the relevant person”, “being mandatory for the data controller to fulfill their legal obligation” and “being mandatory to process personal data belonging to the parties to the contract, on the condition of being directly related to the establishment or execution of a contract” stipulated by Article 5 of Law no. 6698.

6.5 ONLINE VISITOR

Personal data of Online Visitor are processed automatically based on the legal reasons of “Being mandatory to process personal data for the legitimate interests of the data controller on the condition of not causing any harm on the fundamental rights and freedom of the data subject” and “being mandatory for the data controller to fulfill their legal obligation” stipulated in Article 5 of Law no. 6698 and Law No. 5651 on Regulation of Broadcasts Made on the Internet and Fight Against Crimes Committed Through Such Publications.

7.SECURITY OF PERSONAL DATA

The Company takes reasonable precautions to prevent unauthorized access risks, accidental data loss, deletion of data or damage to data with the aim of ensuring the security of personal data, to prevent it from being processed illegally.

Any technical and physical precautions are taken to prevent unauthorized persons to access to personal data.

In this scope,  the authorization system is designed in such a way that people and systems will not be able to access more personal data than necessary.

The company carries out and has necessary audits and inspections carried out in order to ensure the performance of provisions of Law no. 6698 in its own organizations and establishments.

8.COMMITMENTS REGARDING THIRD PARTY PERSONAL DATA

The Person Group acknowledges and provides consent that personal data of 3rd parties delivered by the Person Groups might be processed by the Company.

The relevant Person Group undertakes to have realized the necessary notifications and obtained the necessary permissions in compliance with the Law no. 6698 on the Protection of Personal Data for the persons and data transferred.

Otherwise, the damages to arise will remain with the relevant Person Group.

9.APPLICATION PROCEDURE AND PRINCIPLES

As the relevant person, you can make your application for your demands regarding your rights stipulated in the Article 11 of Law no. 6698 by filling out the relevant form in line with the procedures and principles in the Relevant Person Application Form on our website www.netoloji.com, or by your e-mail address registered in our system or with the post that you will deliver as secure e-signed to our website of “info@netoloji.com” which meets the minimum conditions stipulated by the Communiqué on Application Procedures and Principles to the Data Controller, or in person in writing, or by notary public to the address of Dudullu OSB Mah, Des-2 Cad. Teknopark Binası Apt. No: 8/66 34776, İstanbul – Turkey.

As company, we will conclude your application within the shortest time period based on the nature of your request or within thirty days at the latest as free of charge.

However, if the operation bears an extra cost, the fee tariff specified by the Personal Data Protection Board shall be collected by the Company. As the related person, you are entitled:

  • To learn whether your personal data has been processed or not,
  • To request information regarding the personal data if processed,
  • To learn about the purpose of processing personal data and if they have been used in compliance with the purpose or not,
  • To know the third parties to whom personal data are transferred in national and international scale,
  • To request correction for personal data if processed as incomplete or incorrect,
  • To request the deletion or destruction of personal data within the framework of terms specified in the relevant legislation,
  • To request the third parties who are transferred with the personal data to be notified,
  • To make objection for any result against the data owner by analyzing the processed personal data by exclusively automatic systems,
  • In case of experiencing any damage because of illegal processing of personal data, to request to be compensated,
English