GDPR TEXT
As TESODEV, we would like to inform you about the Law on the Protection of Personal Data No. 6698 (“KVKK”), published in the Official Gazette dated April 7, 2016 and numbered 29677, in order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data and to determine the obligations of real and legal persons processing personal data, as Data Controller pursuant to Article 10 of the Law titled “Disclosure Obligation of the Data Controller”.
1. PURPOSE OF PROCESSING PERSONAL DATA
TESODEV is also the data controller within the scope of the Law on the Protection of Personal Data No. 6698 (hereinafter referred to as the “KVK Law”). Personal data owners are real persons whose personal data are processed within the scope of the purposes specified below, in accordance with the provisions of the KVK Law No. 6698 and other legislation to which TESODEV is subject. As TESODEV, we show maximum sensitivity to the security of personal data. With this awareness, we process and preserve the personal data of personal data owners within the scope of our Personal Data Protection Policy, in accordance with the KVK Law No. 6698, the Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated October 28, 2017 and entered into force, and the Regulation on the Data Controllers Registry entered into force on January 1, 2018 and other relevant regulations.
2. PURPOSE AND SCOPE OF PREPARATION OF THE PERSONAL DATA PROTECTION AND DESTRUCTION POLICY
2.1 With the Policy, we aim to effectively implement the regulations to be introduced within the framework of the basic principles to be explained below for compliance with the KVK Law by TESODEV, by TESODEV officials, employees and business partners within TESODEV. 2.2 In line with the basic regulations envisaged by the Policy, TESODEV will take all administrative and technical measures regarding the processing and protection of personal data within the operation of TESODEV, establish the necessary internal procedures, and take all necessary measures for the compliance of TESODEV officials, employees and business partners with the KVKK processes. 2.3. The Policy regulates the basic principles to be observed in all these processes and the issues that TESODEV is obliged to direct the internal operation in accordance with the regulations introduced by the KVK Law.
3. GENERAL PRINCIPLES IN PROCESSING PERSONAL DATA
As TESODEV, we accept that we process personal data falling within the scope of this Policy in accordance with the following principles in line with Article 4 of the KVK Law: 3.1. Compliance with the law and the rule of honesty TESODEV accepts that it will carry out personal data processing activities in accordance with the provisions of all legislation in force and to be enacted, especially the Constitution and the KVK Law, as a data controller and as a prudent merchant, and in accordance with the rule of honesty stipulated in Article 2 of the Civil Code. 3.2. Accuracy and currency TESODEV takes all necessary measures to ensure the accuracy and currency of personal data to the extent permitted by the technique in personal data processing activities. In line with the requests to be notified to TESODEV by the relevant person as the data controller and the situations that TESODEV itself deems necessary, we will operate the administrative and technical mechanisms established as TESODEV for the correction of erroneous or outdated personal data and the inspection of its accuracy. 3.3. Processing for specific, clear and legitimate purposes Personal data is processed by TESODEV in accordance with the law, limited to the services provided or to be provided with the requirements of the relevant legislation, and the purpose of processing personal data will be determined clearly and precisely before the processing of the data begins. 3.4. Processing data in connection with, limited to and proportionate to the purpose for which they are processed Personal data is processed by TESODEV in connection with and limited to the purposes of processing and to the extent necessary for the realization of this purpose. In this context, it is essential to avoid the processing of personal data that is not related to the purpose of processing and is not needed. 3.5. Processing limited to the period stipulated by the legislation or required by the purpose of processing Personal data is kept for the periods stipulated by the relevant legislation or for the period required by the purpose of processing the data. At the end of the period stipulated by the legislation or at the end of the period required by the purpose of processing the data, personal data will be deleted, destroyed or anonymized by TESODEV. It will take the necessary administrative and technical measures to prevent the storage of data at the end of the necessary period.
4. CONDITIONS FOR PROCESSING PERSONAL DATA
The conditions for processing personal data are regulated by the KVK Law, and personal data is processed by TESODEV in accordance with the said conditions specified below. 4.1. Conditions for Processing Personal Data Except for the exceptions listed in the Law, TESODEV processes personal data only by obtaining the explicit consent of data owners. In the presence of the following cases listed in the Law, personal data may be processed even without the explicit consent of the data owner: • Explicitly stipulated in laws, • Being compulsory for the protection of the life or physical integrity of the person or another person who is unable to disclose his/her consent due to actual impossibility or whose consent is not granted legal validity, • Being necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract. • Being compulsory for the data controller to fulfill its legal obligation, • Being made public by the data owner himself/herself, • Being compulsory for the establishment, exercise or protection of a right, • Being compulsory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner.
5. TRANSFER OF PROCESSED PERSONAL DATA
TESODEV may share the personal data of data owners with its business partners, legally authorized public institutions and private law persons, limited to the purposes specified in the Personal Data Policy and within the scope of the personal data processing conditions specified in Articles 5 and 6 of the KVK Law No. 6698, in accordance with Articles 8 and 9 of the KVK Law. Personal data we obtain is stored securely in physical or electronic media for an appropriate period of time in order for TESODEV to fulfill its commercial activities. Within the scope of said activities, TESODEV acts in accordance with the obligations stipulated in all relevant legislation, especially the KVK Law regarding the protection of personal data. In accordance with relevant legislation, excluding cases where storing personal data for a longer period is permitted or mandatory, in the event that the purposes for processing personal data cease to exist, data will be deleted, destroyed or anonymized by TESODEV ex officio or upon the request of the owners. In the event that personal data is deleted through said methods, this data will be destroyed in a way that it can never be used again and cannot be retrieved.
6. YOUR RIGHTS
Real persons whose personal data are processed and, in the case of a legal person, the officials of the relevant legal person may apply to TESODEV in accordance with the provisions of the KVKK and use the following rights: • Learning whether personal data is processed, • Requesting information if personal data has been processed, • Learning the purpose of processing personal data and whether they are used in accordance with their purpose, • Knowing the third parties to whom personal data is transferred domestically or abroad, • Requesting correction of personal data in case of incomplete or incorrect processing, • Requesting deletion or destruction of personal data, • Requesting notification of these transactions to third parties to whom personal data is transferred in case of correction, deletion or destruction of personal data, • Objecting to the emergence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems, • Requesting compensation for the damage in case of loss due to unlawful processing of personal data. Data owners may submit their requests regarding their rights listed under the heading of this section to TESODEV free of charge with information and documents identifying their identity and via the methods specified below or other methods determined by the Personal Data Protection Board: (a) An e-mail to bilgi@tesodev.com (b) By sending the Form via registered mail with return receipt, via notary public or by hand delivery to Başıbüyük Mah. Süreyyapaşa Başıbüyük Yolu Sk. No: 4/1 İç Kapı No: 1 Maltepe / İstanbul, they have the right to learn. In order for third parties to make an application request on behalf of personal data owners, there must be a special power of attorney issued via notary public on behalf of the person who will make the application by the data owner. In case you submit your request to TESODEV in accordance with the procedure in this section, we will conclude the relevant request free of charge as soon as possible and within thirty days at the latest depending on the nature of the request. However, if a fee is stipulated by the KVK Board, the fee in the tariff determined by the KVK Board will be collected from the applicant by TESODEV. As TESODEV, we may request information from you in order to determine whether the applicant is the personal data owner, and we may ask you questions regarding your application in order to clarify the issues in the application.