Notice: Undefined index: mLang in /usr/local/apache/htdocs/privacy.php on line 43
Please be advised that the content has been auto-translated via Google Translate.
I. DATA PRIVACY COMMITMENT
1.1. This Personal Data Protection Policy ("Policy") is the principles that Modimu.com must comply with and within the Company and / or the Company in fulfilling its obligations to protect Personal Data in accordance with the provisions of the relevant legislation, in particular the Law on Protection of Personal Data No. 6698 and processing Personal Data. determines.
1.2. The Company undertakes to act in accordance with this Policy and the procedures to be applied in accordance with this Policy in terms of Personal Data within its own body.
II. AIM OF THE POLICY
The main purpose of this Policy is to identify the principles and procedures for the protection of Personal Data by the Company.
III. SCOPE OF POLICY
3.1. This Policy; It covers all activities regarding the Personal Data that the company is processing and applies to those activities.
3.2. This Policy does not apply to Data Anonymous or Non-Personal Data.
3.3. This Policy may be changed from time to time if required by KVK Regulations or as required by the Company's Data Officer Representative or committee.
Definitions in this Policy contain the following meanings:
“Open Consent” means the consent of the Data Subject, which is explained by free will and based on the information regarding the processing of Personal Data.
“Anonymizing” refers to making Personal Data unrelated to any identifiable or identifiable natural person under any circumstances, even when paired with other data.
“Anonymized Data” means data that cannot be established in any way with the real person.
“Personal Health Data” means any health information related to a specific or identifiable natural person as specified in the Regulation on the Processing and Privacy of Personal Health Data published in the Official Gazette dated 20.10.2016 and numbered 29863.
The "Personal Data" Identification refers to any information relating to a specific or identifiable natural person (the terms "Personal Data" within the scope of this Policy will include "Personal Qualified Personal Data" and "Personal Health Data" as defined below).
"Personal Data Processing" means that Personal Data is obtained, saved, stored, maintained, modified, reorganized, disclosed, transferred, taken over, made available, either fully or partially by automated means or as part of any data recording system. refers to any action taken on the data, such as its classification or inhibition of its use.
“Committee” means the committee responsible for the fulfillment of this Policy and the procedures to be implemented in accordance with this Policy.
“Board” refers to the Personal Data Protection Board.
“KVKK” refers to the Law on the Protection of Personal Data No. 6698.
“KVK Regulations” Law No. 6698 on the Protection of Personal Data and other relevant legislation for the protection of Personal Data, applicable international agreements made by regulatory and supervisory authorities, courts and other public authorities, and applicable international agreements for data protection and other express all kinds of legislation.
“KVK Procedures” means the procedures that determine the obligations that the Company, employees, Committee and Data Representative must follow within this Policy.
“Special Qualified Personal Data” with the data related to the race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, disguise and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures. Refers to biometric and genetic data.
“Deletion or Deletion” means the irreversible destruction or destruction of Personal Data.
“Data Inventory” covers the Personal Data Processing processes and methods, Personal Data Processing purposes, data category, third parties to which Personal Data are transferred, etc. for the Company's Personal Data Processing activities. Refers to inventory containing information.
"Data Processor" means the natural or legal person who processes Personal Data on behalf of the Data Officer, by authorization by the Data Officer.
“Data Subject” means all natural persons whose Personal Data are processed by or on behalf of the Company.
“Data Officer” means the natural or legal person who processes the Personal Data by specifying the purposes and the means of processing, and who has the responsibility to establish and manage the data recording system.
“Data Supervisor Representative” refers to the employee within the company who is responsible for the preparation and implementation of data management, privacy and security policies and appointed by the decision of the board of directors.
“Regulation” refers to the Regulation on Processing and Privacy of Personal Health Data published in the Official Gazette dated 20.10.2016 and numbered 29863.
V. PRINCIPLES OF PERSONAL DATA PROCESSING
5.1. Processing of Personal Data in Compliance with Laws and Integrity Rules
Personal Data are processed by the Company on the basis of proportionality and in accordance with law and integrity rules.
5.2. Taking Necessary Precautions to Keep Personal Data Accurate and Up-to-date When Required
The Company takes all necessary precautions to keep the Personal Data complete, accurate and up-to-date. If the Data Subject requests changes to Personal Data, it updates the relevant Personal Data.
5.3. Processing of Personal Data for Specific, Legitimate and Clear Purposes
Before the processing of Personal Data, the purpose of the Personal Data to be processed is determined by the Company. In this context, Data Subject is illuminated within the scope of KVK Regulations and Open Consent is obtained when necessary.
5.4. Personal Data to Be Connected, Limited, and Metered for the Purpose They Are Processed
The Company processes Personal Data only in exceptional cases (KVKK Clauses 5.2 and 6.3) under the KVK Regulations or for the purpose under the Open Consent Obtained from the Data Subject (KVKK Clauses 5.1 and 6.2) and on the basis of proportionality.
5.5. Keeping Personal Data As Required and Deleting It Afterwards
5.5.1. The Company retains Personal Data as appropriate for the purpose. The Company acts in accordance with the obligations specified in the Company KVK Regulations if it is desired to retain Personal Data for a period longer than the time required by the KVK Regulations or the purpose of Personal Data Processing.
5.5.2. After the time required by the purpose of Personal Data Processing expires, Personal Data is Deleted or Anonymized. Third parties to whom the Company transfers Personal Data are also provided to Erase or Anonymize Personal Data.
5.5.3. Data Responsible Representative and Committee are responsible for the operation of deletion and Anonymization processes. In this context, the necessary procedure is established by the Data Supervisor Representative and the Committee.
VI. PROCESSING PERSONAL DATA
Personal Data can only be processed by the Company within the scope of the procedures and principles stated below.
6.1. Open Consent
6.1.1. In this case, Personal Data is processed after the information to be made within the framework of fulfillment of the Obligation of Data to Data Subjects and if Data Subjects give Open Consent.
6.1.2. Data Objectives are notified before Open Consent is received within the framework of the Lighting Obligation.
6.1.3. Open Consent of the Data Subject is obtained by methods in accordance with KVK Regulations. Open Consent is proven to be maintained by the Company for the period required under the KVK Regulations.
6.1.4. The Data Responsible Representative and the Committee are responsible for ensuring that the Obligation of Lighting is fulfilled for all Personal Data Processing processes and that Obtaining and maintaining Open Consent when necessary. All employees of the Personal Data Processing department are obliged to comply with the Data Responsible Representative and the Committee's instructions, this Policy and the KVK Procedures attached to this Policy.
6.2. Processing of Personal Data without Open Consent
6.2.1 Where Personal Data is foreseen to be processed without the express consent of KVK Regulations (KVKK Clauses 5.2 and 6.3), the Company may process Personal Data without the express consent of the Company Data Object. In the event Personal Data is processed in this way, the Company processes Personal Data within the limits set by KVK Regulations. In this context:
18.104.22.168. Personal Data may be processed by the Company without Open Consent to protect the life or integrity of the Data Subject and / or a person other than the Data Subject, who is unable to disclose his consent due to actual impossibility or whose legal consent is not given.
22.214.171.124. If the terms of the contract are directly related to the establishment, implementation, performance or termination of the contract, the Personal Data of the parties to the contract can be processed by the Company without the Explicit Consent of the Data Subjects.
126.96.36.199. If the processing of Personal Data is mandatory for the Company to fulfill its legal obligation, Personal Data may be processed by the Company without the Explicit Consent of Data Subjects.
188.8.131.52. Personal Data that has been publicized by the Data Subject can be processed by the Company without express consent.
184.108.40.206. The processing of Personal Data without Open Consent is the only possible way to establish, use or protect a right.
220.127.116.11. Personal Data may be processed by the Company without Open Consent before or during the establishment of the contract, in order to meet the demands of the contract parties.
VII. PROCESSING SPECIAL QUALITY PERSONAL DATA
7.1. Special Qualified Personal Data can only be processed if there is an Explicit Consent of the Data Subject, or if it is required to be explicitly processed by law in terms of Special Qualified Personal Data other than sexual life and personal health data.
7.2. Personal Data related to health and sexual life can only be processed without Open Consent for the purpose of protecting public health, preventive medicine, conducting medical diagnosis, treatment and care services, planning and managing health services and financing. Therefore, until the contrary is foreseen in the KVK Regulations, Personal Health Data and sexual life data can only be processed by the Company physician under the scope of Open Consent or under the obligation to keep secrets.
7.3. While processing Special Qualified Personal Data, the measures determined by the Board are taken.
7.4. In all cases requiring the Processing of Special Qualified Personal Data, the Data Representative is informed by the relevant employee.
7.5. If it is not understandable whether a data is Special Qualified Personal Data or not, it is asked by the relevant department from the Data Supervisor Representative.
VIII. DELETING PERSONAL DATA, DESTROYING AND MAKING ANONYMOUS
8.1. When the legitimate aim for Personal Data Processing is eliminated, it is deleted or made anonymous. Cases that need to be deleted or anonymized are tracked by the Data Controller Representative and the Committee.
8.2. Data Responsible Representative and Committee are responsible for the operation of deletion and Anonymization processes. In this context, the necessary procedure is established by the Data Supervisor Representative and the Committee.
8.3. The Company does not store Personal Data considering the possibility of using it in the future.
IX. TRANSFER OF PERSONAL DATA AND PROCESSING PERSONAL DATA BY THIRD PEOPLE
The Company may transfer Personal Data with a third party natural or legal person (the "Contractor") in accordance with the KVK Regulations. In this case, the Company ensures that third parties to whom it transfers Personal Data comply with this Policy. In this context, necessary protective arrangements are added to contracts concluded with a third party. In this context, the item to be added to the contracts signed with third parties to which any Personal Data transfer is made is obtained from the Data Representative. Each employee is obliged to go through the process in this Policy in case of Personal Data transfer. If the third person to whom Personal Data is transferred in the item transmitted by the Data Officer Representative requests a change, the situation is immediately notified to the Data Officer Representative by the employee.
9.1. Found Personal Data Transfer to Third Party in Turkey
9.1.1. Personal Data, KVKK Article without the express consent in cases exceptional set out in Article 5.2 and Article 6.3 or in other cases the data subject of the condition that it be open Consent (KVKK Article 5.1 and Article 6.2) in Turkey transferred by third parties to the Company.
9.1.2. Personal Data KVK ensure compliance with the Regulations of the Company's employees and data transfer to third parties in Turkey Responsible Representative is jointly and severally liable.
9.2. Transfer to Third Parties Abroad
9.2.1. Personal Data, KVKK Article without the express consent in cases exceptional set out in Article 5.2 and Article 6.3 or in other cases the data subject of the condition that it be open Consent (KVKK Article 5.1 and Article 6.2) in Turkey transferred by third parties to the Company.
9.2.2. In case the Personal Data is transferred in accordance with KVK Regulations without Open Consent, one of the following conditions must exist in terms of the foreign country to which it will be transferred:
18.104.22.168. The foreign country to which Personal Data is transferred has the status of countries with adequate protection by the Board (for the list, please follow the current list of the Board)
22.214.171.124. In the event that the foreign country to which the transfer will take place is not included in the list of Safe Countries of the Board, the Company and the data responsible in the relevant country make a written commitment to ensure adequate protection.
9.2.3. Company employees and Data Officer Representative are jointly responsible for ensuring that the transfer of Personal Data to third parties abroad complies with KVK Regulations.
9.3. Transfer of Personal Health Data
9.3.1. Personal Health Data is not transferred by the Company without Anonymization.
9.3.2. Personal Health Data can be transferred by the Company to public institutions and organizations only for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, and if it is explicitly prescribed by law.
9.3.3. When it comes to transferring Personal Health Data without Anonymization, the Company Data Officer Representative is notified, and in this case, the Data Supervisor takes the necessary measures to fulfill the obligations under the KVK Regulations for the transfer of Personal Health Data.
9.3.4. Company employees and Data Representative Representative are jointly responsible for ensuring that the transfer of Personal Health Data complies with KVK Regulations.
X. COMPANY LIGHTING LIABILITY
10.1. The Company enlightens Data Subjects before the Processing of Personal Data in accordance with Article 10 of KVKK. In this context, the Company fulfills its Lighting Obligation during the acquisition of Personal Data. The notification to the Data Subjects within the scope of the Lighting Obligation includes the following elements, respectively:
10.1.1. Identity of the Data Controller and its representative, if any,
10.1.2. For what purpose Personal Data will be processed,
10.1.3. To whom and for what purpose the processed personal data can be transferred,
10.1.4. Method and legal reason of collecting Personal Data,
10.1.5. Rights of Data Subjects.
10.2. The Company, in accordance with the Constitution of the Republic of Turkey and kvkk'n 20. Article 11 makes it necessary to inform the data subject if it requests information.
10.3. Upon request by the Data Subjects, the Company reports the Personal Data processed by the Data Subject to the Data Object.
10.4. Employee and Data Officer Representative who follow the relevant process are responsible for ensuring the fulfillment of the Required Lighting Obligation before the Processing of Personal Data. In this context, the necessary KVK Procedure is created by the Data Controller Representative and the Committee to report each new processing process to the Data Supervisor Representative.
5.10. If the Data Processor is a third party outside the Company, it must be committed by the third party before starting Personal Data Processing with a written contract in which the third party will comply with the obligations set out above. In the relations where third parties transfer Personal Data to the Company, the item to be added to the contracts is obtained from the Data Officer Representative. Each employee is obliged to go through the process in this Policy in case Personal Data is transferred to the Company by a third person. In case the third person transferring the Personal Data requests a change in the item transmitted by the Data Supervisor Representative, the situation is immediately notified to the Data Supervisor by the employee.
XI. RIGHTS OF DATA SUBJECTS
11.1. The Company responds to the requests of the Data Subjects it holds on its Personal Data in accordance with the KVK Regulations:
11.1.1. Learning whether the company processes its Personal Data,
11.1.2. Learning which Personal Data the company processes,
11.1.3. Find out if the company is transmitting their Personal Data,
11.1.4. Learning the third parties to which the Company transfers Personal Data and the Data Responsible of the third parties and the identity of the Data Processor,
11.1.5. Learning the purpose of the company's processing of Personal Data,
11.1.6. Asking the company to update their Personal Data,
11.1.7. Asking the Company to Delete, Anonymize or destroy Personal Data,
11.1.8. Get a copy of Personal Data available in the company.
In cases where the Data Subjects wish to exercise their rights and / or think that the Company does not act under this Policy when processing Personal Data, they may contact them using the contact information for the Company Data Officer below.
Data Officer: Modimu.com
Email: [email protected]
11.2. If the Data Subjects submit their requests regarding their rights listed above to the Company in writing, the Company concludes the request free of charge within thirty days at the latest, depending on the nature of the request. However, if a fee is foreseen by the Board, the fee at the tariff determined by the Board is collected by the Company.
XII. DATA MANAGEMENT AND SECURITY
12.1. The Company appoints a Data Officer Representative and establishes a Data Protection Committee to fulfill its obligations under the KVK Regulations, to establish the necessary KVK Procedures for the implementation of this Policy and to ensure their control.
12.2. All employees, Committee members and Data Representative who are involved in the process are responsible for the protection of Personal Data in accordance with this Policy and KVK Procedures.
3.12. Personal Data Processing activities of the company are controlled by technical systems according to technological possibilities and application costs.
12.4. Personnel who are knowledgeable in technical matters regarding Personal Data Processing activities are employed.
12.5. Company employees are informed and trained in order to protect Personal Data and to process in accordance with the law.
12.6. The necessary KVK Procedure is created to ensure that employees who need to access Personal Data in the Company have access to that Personal Data, and the Data Representative and the Committee are jointly responsible for the creation and implementation.
7.12. Company employees may access Personal Data only within the authority assigned to them and in accordance with the relevant KVK Procedure. Any access and processing that the employee has made beyond his authority is illegal and is the reason for termination of the employment contract for good reason.
12.8. The company immediately notifies the Data Officer Representative if the employee suspects that the Personal Data has not been adequately secured or if such a vulnerability is detected.
12.9. The detailed KVK Procedure for the security of Personal Data is created by the Data Controller Representative and the Committee.
12.10. Every person who has been assigned a Company device is responsible for the security of their devices.
12:11. Every Company employee or person working within the Company is responsible for the security of the physical files in his area of responsibility.
12:12. In the event of security measures requested or to be requested for the security of Personal Data within the scope of KVK Regulations, all employees are obliged to comply with additional security measures and ensure the continuity of these security measures.
12:13. In the company, software and hardware including virus protection systems and firewalls are established in accordance with technological developments.
12:14. Backup programs are used to prevent loss or damage of Personal Data in the company and adequate security measures are taken.
12:15. Documents containing Personal Data in the company are protected by encrypted (encrypted) systems. In this context, Personal Data is not stored in common areas and on the desktop. Files and folders containing Personal Data etc. documents are not moved to the desktop or public folder, the information on the Company's computers USB, etc., without the prior written approval of the Data Controller Representative. it cannot be transferred to another device or taken out of the Company.
12:16. The Committee and Data Officer Representative are responsible for taking technical and administrative measures for the protection of all Personal Data within the Company, continuously following the developments and administrative activities, and preparing, announcing and auditing the necessary KVK Procedures. In this context, the Committee and Data Supervisor Representative organizes the necessary trainings to increase the awareness of the employees.
12:17. If a department within the company processes Special Qualified Personal Data, this department is informed by the Data Officer Representative about the importance, security and confidentiality of the Personal Data they process, and they act in accordance with the instructions of the relevant Department Data Officer Representative. Access to Special Qualified Personal Data is granted to limited employees only, and their list and tracking is done by the Data Officer Representative.
12:18. All of the Personal Data processed within the company are considered as "Confidential Information" by the Company.
12:19. Company employees have been informed that their obligations regarding the security and confidentiality of Personal Data will continue after the end of the business relationship and Company employees have been committed to comply with these rules.
13.1. The company provides its employees with the necessary training on the Protection of Personal Data within the scope of the Policy and the KVK Procedures in the annex and the KVKK Regulations.
13.2. Special attention is paid to the definitions and protection of Personal Health Data and Special Qualified Personal Data in trainings.
13.3. If the Company employee accesses Personal Data physically or in a computer environment, the Company will train that employee on such accesses (eg the accessed computer program).
The Company has the right to audit all employees, departments and contractors of the Company in accordance with this Policy and KVK Regulations regularly and without routine prior notice and perform routine inspections within this scope. The Committee and Data Representative establish the KVK Procedure for these audits and ensure their implementation.
15.1. Each employee of the company reports to the Data Officer Representative of the work, transaction or action he thinks is against the procedures and principles set forth in KVK Regulations and under this Policy. In this context, the necessary KVK Procedure is created by the Committee and the Data Supervisor Representative.
15.2. As a result of the notifications made, the Data Representative is obliged to notify the Data Subject or the competent Board regarding the violation actions or incidents, taking into account the provisions of the applicable legislation, especially the provisions of the KVK Regulations. In case of violations, the action plan is also created by the Data Controller Representative.
Responsibilities within the company are employee, department, Data Representative. In this context;
16.1. The members of the Committee responsible for the implementation of the Policy and the Representative of the Data Officer are appointed by the Company management.
16.2. The employees who operate the process causing the violation of the order related to the policies and the KVK Procedures and the actions against the KVK Regulations and the related Committee members and Data Representative who do not take action on this issue are responsible for them.
XVII. CHANGES TO THE POLICY
17.1. This Policy may be amended from time to time by the company.
17.2. The Company shares its updated Policy text with its employees via e-mail and makes it available to employees and Data Subjects via the web address below.
XVIII. FORCE OF POLICY
This Policy was approved by the Board of Modimu.com and entered into force.