BLOG

Personel Data Protection And Confidentiality Principles englightenment Text

1. PURPOSE AND SCOPE
Netoloji Yazılım A.Ş (“the Company” or “Data Supervisor”) regulates the principles it has adopted for the protection
of personal data by this Personal Data Protection and Confidentiality Principles (“the Principles”) , and specifies the
principles to process personal data belonging to Customer, Supplier / Business Partner Official, Employee

Candidate, Online Visitor (“Contact Groups”), and aims to inform these groups in this regard.

2. PERSONAL DATA PROCESSING PRINCIPLES
As the company, we process your personal data within the framework of the following principles, as the Data
Supervisor.
2.1 Processing in Compliance with the Law and the Rules of Good Faith
For processing the personal data, the principles imposed by legal regulations and general trust and honesty rule
are complied with.
2.2 Ensuring that Personal Data is Accurate and Updated when Required
Periodical controls and updates are conducted and necessary precautions are taken in order to ensure that the
processed data are accurate and updated by taking into your legitimate interests.
Systems for checking the accuracy of personal data and carrying out the necessary corrections are established
within the Company in this regard.
2.3 Processing for Specific, Clear and Legitimate Purposes
Your personal data are processed based on clear, specific and legitimate data processing purposes.
2.4 Being Related, Limited and Measured for the Purpose of Processing
Your personal data are processed in a measured, relevant and limited manner in order to achieve the desired
purpose / purposes, and it is avoided to process personal data if not relevant or necessary for achieving the desired
purposes.
2.5 Being stored for the period provided for in the relevant legislation or required for the purpose for which they
are processed.
Your personal data is only stored for the period provided for in the relevant legislation or required for the purpose
for which they are processed.
In this regard, firstly it is determined whether a period is stipulated for the storage of personal data in the relevant
legislation, and if any period has been determined, this period is complied with; otherwise, personal data are
stored for the time required for the purpose for which they are processed.
If the period expires or the reasons to process the personal data become no longer valid, and in case of no legal
reason to allow them to be processed for a longer period of time, your personal data are deleted, destroyed or

anonymized in accordance with the relevant legislation.

3.CONDITIONS OF PROCESSING PERSONAL DATA
Your personal data is processed by the Company within the framework of the following conditions.
3.1 Being Stipulated in Laws
In cases where processing personal data is explicitly stipulated by laws, your personal data might be processed.
3.2 Failure to Obtain Explicit Consent of the Relevant Person Due to Actual Impossibility
In cases where it is mandatory to process the personal data of a person who cannot express their explicit consent
or whose consent cannot be considered valid, in order to protect the life or body integrity of the person concerned
or another person, your personal data might be processed.
3.3 Being Directly Related to the Establishment or Performance of the Contract
On the condition of being directly related to the establishment or performance of the contract, and if it is
necessary to process the personal data of contractual parties, your personal data might be processed.
3.4 Fulfilling the Legal Obligation of the Company
If processing is mandatory to fulfill the legal obligations as data supervisor, your personal data might be processed.
3.5 Making Personal Data Public
If you have already made personal data public, your personal data might be processed.
3.6 Requirement to Process Data for Establishment or Protection of a Right
If it is mandatory to process personal data for establishment, exercise or protection of a right, your personal data
might be processed.
3.7 Processing Data Based on Legitimate Interest
If data processing is required for the legitimate interests of the Company, your personal data might be processed.
3.8 Processing Data Based on Explicit Consent
In cases where your personal data cannot be processed based on any of the conditions specified in these

Principles, they are processed based on explicit consent.

4.PURPOSES OF PROCESSING PERSONAL DATA
Personal data might be processed for the following purposes based on the relevant groups within the framework
of personal data processing terms stipulated in Article 5 and 6 of Law no. 6698 in the Company.
4.1 CUSTOMER
Customer personal data are processed for the purposes of carrying out after-sales support services for goods and
services, carrying out goods and service sales processes, conducting goods and service production and operation
processes, conducting audit / ethical activities, conducting activities in accordance with the legislation, carrying out
financial and accounting affairs, monitoring and executing legal affairs, internal audit / investigation / intelligence
activities, follow-up of requests and complaints, carrying out and controlling business activities, receiving and
evaluating suggestions for improving business processes, conducting business continuity activities, conducting
customer relations management processes, conducting activities aimed at customer satisfaction, advertising /
campaign / promotion carrying out processes, carrying out contract processes, carrying out communication
activities, which are the subject of your disclosure of your personal data to us within the scope of personal data
processing conditions specified in Articles 5 and 6 of Law No.6698.
4.2 EMPLOYEE CANDIDATE
Personal data of Employee Candidate are processed for the purposes of carrying out personnel recruitment

processes, planning and execution of human resources processes, conducting the application processes of
employee candidates and conducting activities in accordance with the legislation within the scope of personal data
protection terms stipulated in the Article 5 and 6 of Law no. 6698

4.3 THIRD PARTIES
Personal data of third parties are processed for the purposes of carrying out personnel procurement processes,
carrying out service sales processes, carrying out activities in accordance with the legislation, follow-up and
carrying out legal affairs, carrying out contract processes, follow-up of requests and complaints, carrying out and
supervising business activities, carrying out business continuity activities, carrying out customer relations
management processes, advertising / carrying out campaign / promotion processes and communication activities
within the scope of personal data protection terms stipulated in the Article 5 and 6 of Law no. 6698
4.4 AUTHORIZED PERSON OF SUPPLIER / BUSINESS PARTNER
Personal data of Authorized Person of Supplier / Business Partner are processed for the purposes of carrying out
goods and service procurement processes, conducting activities in accordance with the legislation, conducting
financial and accounting affairs, conducting and auditing business activities, conducting contract processes,
conducting communication activities and providing information to authorized persons, institutions and
organizations within the scope of personal data protection terms stipulated in the Article 5 and 6 of Law no. 6698
4.5 ONLINE VISITOR
Personal data of Online Visitors might be processed for the purposes of carrying out marketing analysis studies,
carrying out advertising / campaign / promotion processes, carrying out communication activities, carrying out
studies to develop products and services, fulfilling legal obligations within the scope of personal data protection

terms stipulated in the Article 5 and 6 of Law no. 6698

5.TRANSFER OF PERSONAL DATA
Your personal data might be transferred to our business partners, suppliers, legally authorized public institutions
and private persons located in Turkey and abroad as limited to the framework of the principles and purposes
stipulated in Articles 3 and 5 of this Confidentiality and Personal Data Protection Principles and the personal data

processing conditions and purposes specified in Articles 8 and 9 of the Law No. 6698

6.METHOD AND LEGAL REASON TO COLLECT PERSONAL DATA
Your personal data delivered to the Company in electronic media are processed in the following ways.
6.1 CUSTOMER
Customer personal data are processed in physical and electronic environments, by means of written or verbal data
transfer, by being received from the person or third party as part of the data registration system, fully or partially
automatic or non-automatic on the condition of being part of any data registration system, based on the legal
reasons of “obtaining the explicit consent of the relevant person”, “clearly stipulated in the law”, “required for the
fulfillment of the legal obligation of the data controller”, “mandatory data processing for the establishment and
protection of a right”, “Being directly related to the establishment or execution of a contract, being necessary to
process personal data belonging to the parties of the contract” and “being mandatory for the legitimate interests
of the data controller on the condition of not causing any harm on the fundamental rights and freedoms of the

data subject” stipulated by Article 5 of Law no. 6698

6.2 EMPLOYEE CANDIDATE
Personal data of Employee Candidate are processed in physical and electronic environments, by means of written
or verbal data transfer, by being received from the person or third party as part of the data registration system,
fully or partially automatic or non-automatic on the condition of being part of any data registration system, based
on the legal reasons of “ Being necessary for the data controller to fulfill their legal obligation”, “Being necessary to
process personal data belonging to the parties of the contract on the condition of being directly related to the

establishment or performance of a contract” and “Being mandatory for the legitimate interests of the data

controller, on the condition of not causing any harm on the fundamental rights and freedoms of the data
controller” stipulated by Article 5 of Law no. 6698
6.3 THIRD PARTIES
Personal data of third parties are processed in physical and electronic environments, by means of written or verbal
data transfer, by being received from the person or third party as part of the data registration system, fully or
partially automatic or non-automatic on the condition of being part of any data registration system, based on the
legal reasons of “obtaining the explicit consent of the data subject”, “being necessary for the fulfillment of the
legal obligation of the data controller”, “being mandatory to process data for the establishment, exercise and
protection of a right” and “being mandatory for the legitimate interests of the data controller on the condition of
not causing any harm on the fundamental rights and freedoms of the data controller” stipulated by Article 5 of Law
no. 6698
6.4 AUTHORIZED PERSON OF SUPPLIER / BUSINESS PARTNER
Personal data of authorized person of supplier / business partner are in physical and electronic environments, by
means of written or verbal data transfer, by being received from the person or third party as part of the data
registration system, fully or partially automatic or non-automatic on the condition of being part of any data
registration system, based on the legal reasons of “obtaining the explicit consent of the relevant person”, “being
mandatory for the data controller to fulfill their legal obligation” and “being mandatory to process personal data
belonging to the parties to the contract, on the condition of being directly related to the establishment or
execution of a contract” stipulated by Article 5 of Law no. 6698
6.5 ONLINE VISITOR
Personal data of Online Visitor are processed automatically based on the legal reasons of “Being mandatory to
process personal data for the legitimate interests of the data controller on the condition of not causing any harm
on the fundamental rights and freedom of the data subject” and “being mandatory for the data controller to fulfill
their legal obligation” stipulated in Article 5 of Law no. 6698 and Law No. 5651 on Regulation of Broadcasts Made

on the Internet and Fight Against Crimes Committed Through Such Publications.

7.SECURITY OF PERSONAL DATA
The Company takes reasonable precautions to prevent unauthorized access risks, accidental data loss, deletion of
data or damage to data with the aim of ensuring the security of personal data, to prevent it from being processed
illegally.
Any technical and physical precautions are taken to prevent unauthorized persons to access to personal data.
In this scope, the authorization system is designed in such a way that people and systems will not be able to access
more personal data than necessary.
The company carries out and has necessary audits and inspections carried out in order to ensure the performance

of provisions of Law no. 6698 in its own organizations and establishments.

8.COMMITMENTS REGARDING THIRD PARTY PERSONAL DATA
The Person Group acknowledges and provides consent that personal data of 3rd parties delivered by the Person
Groups might be processed by the Company.
The relevant Person Group undertakes to have realized the necessary notifications and obtained the necessary
permissions in compliance with the Law no. 6698 on the Protection of Personal Data for the persons and data
transferred.

Otherwise, the damages to arise will remain with the relevant Person Group.

9.APPLICATION PROCEDURE AND PRINCIPLES
As the relevant person, you can make your application for your demands regarding your rights stipulated in the
Article 11 of Law no. 6698 by filling out the relevant form in line with the procedures and principles in the Relevant
Person Application Form on our website www.netoloji.com, or by your e-mail address registered in our system or
with the post that you will deliver as secure e-signed to our website of “info@nold.trnetteknoloji.com” which
meets the minimum conditions stipulated by the Communiqué on Application Procedures and Principles to the
Data Controller, or in person in writing, or by notary public to the address of Dudullu OSB Mah, Des-2 Cad.
Teknopark Binası Apt. No: 8/66 34776, İstanbul – Turkey.
As company, we will conclude your application within the shortest time period based on the nature of your request

or within thirty days at the latest as free of charge.

However, if the operation bears an extra cost, the fee tariff specified by the Personal Data Protection Board shall
be collected by the Company. As the related person, you are entitled:
  • To learn whether your personal data has been processed or not,
  • To request information regarding the personal data if processed,
  • To learn about the purpose of processing personal data and if they have been used in compliance with the purpose or not,
  • To know the third parties to whom personal data are transferred in national and international scale,
  • To request correction for personal data if processed as incomplete or incorrect,
  • To request the deletion or destruction of personal data within the framework of terms specified in the relevant legislation,
  • To request the third parties who are transferred with the personal data to be notified,
  • To make objection for any result against the data owner by analyzing the processed personal data by exclusively automatic systems,
  • In case of experiencing any damage because of illegal processing of personal data, to request to be compensated.