Loading...
Online Application

Policy for the Protection and Processing of Personal Data

POLICY FOR THE PROTECTION AND PROCESSING OF PERSONAL DATA

VERSION: 1

DATE: 5/24/2017 

ABOUT THE POLICY.. 3

1    PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA.. 3

  1. Compliance with the law and the rules of integrity. 4
  2. Accuracy and currency. 4

iii.   Processing of data for specific, clear and legitimate purposes. 4

  1. Relation to the purpose of processing, limitedness and proportionality of the data processed 4
  2. Retention for the period as prescribed by the applicable regulations or the relevant purpose of processing 4

2    THE PURPOSES OF PROCESSING OF PERSONAL DATA BY ELEKTRONIK BILGI GUVENLIGI A.S. 5

3    TRANSFER OF PERSONAL DATA BY ELEKTRONIK BILGI GUVENLIGI A.S. 7

  1. General Requirements for Transfer. 7
  2. Transfer of Personal Data to Abroad.. 8

iii.   Parties, to Whom Elektronik Bilgi Guvenligi A.S. Transfers Personal Data.. 8

4    THE PERSONAL DATA PROCESSED BY ELEKTRONIK BILGI GUVENLIGI A.S. 9

5    THE PROCEDURES OF PROCESSING OF PERSONAL DATA BY ELEKTRONIK BILGI GUVENLIGI A.S. 9

6    DETERMINATION OF PERIODS OF RETENTION OF PERSONAL DATA BY ELEKTRONIK BILGI GUVENLIGI A.S. 9

7    THE RIGHTS OF DATA OWNERS AND EXERCISE OF SUCH RIGHTS. 10

  1. The Rights of Data Owners. 10
  2. Exercise by data owners of Their Rights. 11

8    PROTECTION OF PERSONAL DATA BY ELEKTRONIK BILGI GUVENLIGI A.S. 12

9    THE CORPORATE GOVERNANCE STRUCTURE OF ELEKTRONIK BILGI GUVENLIGI A.S. IN RELATION TO THE PROTECTION OF PERSONAL DATA.. 12

Annex -1: Data Categories. 15

ANNEX -2: Definitions. 19

 

ABOUT THE POLICY

The Law No. 6698 on the Protection of Personal Data (the "Law") was brought into force on April 7, 2016, and contains provisions regarding the processing of any type of information in relation to "identified or identifiable natural person"s.

This Policy of Elektronik Bilgi Guvenligi A.S. for the Protection and Processing of Personal Data (the "Policy") contains the representations and declarations of

Elektronik Bilgi Guvenligi A.S. ("E-GUVEN") with regards to the processing of the personal data of the natural persons within the categories listed below in accordance with the Law. Accordingly, this Policy shall be applicable for the processing of the personal data of the following parties:

  • Natural Person Customers
  • Potential Customers
  • Shareholders, Officials and Employees of Corporate Customers
  • Company's Officials
  • Shareholders
  • Shareholders, Officials and Employees of Business Partners
  • Shareholders, Officials and Employees of Suppliers
  • Employee Candidates
  • Visitors
  • Members of the Press
  • Third Parties

This Policy may be updated from time to time for accommodation to changing conditions and compliance with amended regulations.

1 PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA

E-GUVEN, having the capacity of data controller, acts in accordance with the following principles as provided by Article 4 of the Law;

  • Compliance with the law and the rules of integrity,
  • Accuracy and, where necessary, currency,
  • Processing of data for specific, clear and legitimate purposes,
  • Relation to the purpose of processing, limitedness and proportionality of the data processed, and
  • Retention for the period as prescribed by the applicable regulations or the relevant purpose of processing.

i. Compliance with the law and the rules of integrity

The personal data are processed in compliance with the law and the rules of integrity. Accordingly, E-GUVEN, being the data controller, complies with the laws and regulations in force and the rules of integrity through any and all courses of processing of personal data.

ii. Accuracy and currency

The data controllers should design the processes necessary to ensure that the personal data processed thereby are accurate and current (up-to-date). Accordingly, E-GUVEN enables the data owners to update their data and takes necessary precautions for the data to be accurately transferred to the databases.

iii. Processing of data for specific, clear and legitimate purposes

The data controllers are obliged to inform the data owners of the purposes of processing of the respective personal data thereof in accordance with the disclosure obligations of data controllers under the Law. Accordingly; E-GUVEN, being the data controller, processes data only for specific and legitimate purposes, and clearly informs the data owners of such purposes by way of disclosure bulletins.

iv. Relation to the purpose of processing, limitedness and proportionality of the data processed

E-GUVEN processes the personal data only to the extent that is necessary for the purpose, which is advised to the data owners at the time of receipt of such data, and only in connection to and as limited to such purpose.

v. Retention for the period as prescribed by the applicable regulations or the relevant purpose of processing

In the cases where the data are prescribed to be retained for a certain period of time pursuant to the applicable laws and regulations in force; they are retained as required for such period of time. In the cases, where the applicable laws and regulations do not provide for a specific period of time for such retention, the data are retained only for such reasonable periods of time, which are determined with due consideration of the intended purpose of data and the company's procedures. Once the said periods expire, the data are deleted, destroyed or anonymized in accordance with the company's procedures. 

 

2 THE PURPOSES OF PROCESSING OF PERSONAL DATA BY ELEKTRONIK BILGI GUVENLIGI A.S.

Articles 5 and 6 of the Law set forth the requirements for processing in the personal data and the personal data of private nature. The personal data of private nature are listed within the Law within a limited scope, and include the data related to the persons' race, ethnic origin, political view, philosophic belief, religion, sect or other beliefs, appearance and dressing, affiliation to associations, foundations or trade unions, health, sexual life, conviction and safety precautions as well as biometric and genetic data. While Article 5 of the Law provides for the requirements regarding the processing of the personal data, which are not of private nature; the requirements regarding the processing of the personal data of private nature are provided within Article 6 of the same.

According to the provisions of the said articles, the personal data, which are not of private nature, may be processed in the following cases:

  • If the respective data owner explicitly consents to such processing.
  • If the processing of the data is explicitly contemplated by applicable laws.
  • If it is strictly obligatory for the processing of the data of a person, who is physically unable or incapable to express her/his consent or whose consent is legally not considered valid, in order for the protection of the life or physical integrity of such person or any other individual.
  • If the processing of the personal data of the parties of a contract, provided that such processing is directly connected to the execution or the performance of a contract.
  • If the processing of data represents a strict requirement for the data controller to fulfill the respective legal obligations thereof.
  • If the personal data have been made public by the respective data owners.
  • If the processing of data represents a strict requirement for creation, exercise or protection of a right.
  • If the processing of data is strictly required to preserve and maintain the legitimate interests of the data controllers, provided that the fundamental rights and freedoms of the concerned person not be prejudiced.

The personal data of private nature, may be processed in the following cases:

  • If the respective data owner explicitly consents to such processing.
  • If the processing of the personal data of private nature (being the data related to the persons' race, ethnic origin, political view, philosophic belief, religion, sect or other beliefs, appearance and dressing, affiliation to associations, foundations or trade unions, conviction and safety precautions as well as biometric and genetic data) except for those related to health and sexual life is contemplated by the applicable laws.
  • As far as the data related to health and sexual life are concerned; if such data are processed by such persons or competent authorities, who or which are bound by confidentiality obligation, for the purpose of the protection of public health, preventive medicine, medical diagnosis, performance of treatment and healthcare services and the planning and management of healthcare services and the financing of the same.

Accordingly, E-GUVEN processes the personal data of the natural persons, who fall to the scope of the categories provided within Annex-1, for the following purposes: 

  • Design and/or perform personally customized marketing and/or publicity activities,
  • Plan and/or perform market research activities in order for the sales and/or marketing of products and services,
  • Plan and execute event management processes,
  • Plan and manage processes of application for products and/or services,
  • Plan and/or execute processes of provision to customer of appropriate tools and/or information in respect of the channels to be used by the customer for access to and/or the use of products and/or services,
  • Follow-up of contractual processes and/or legal claims,
  • Follow-up of customer requests and/or complaints,
  • Plan and/or perform the operational activities necessary to ensure the maintenance of the Company's activities in compliance with the Company's procedures and/or applicable laws and regulations,
  • Perform strategic planning activities,
  • Plan and/or execute supply chain management processes,
  • Plan and execute processes for making products and/or services available,
  • Plan and/or execute application, selection and evaluation processes for employee candidates,
  • Create and/or follow up visitor records,
  • Manage relations with business partners and/or suppliers,
  • Plan and/or execute processes for marketing of products and/or services,
  • Ensure security of Company's operations,
  • Follow-up financial and/or accounting affairs,
  • Ensure security of Company's compounds and/or premises,
  • Create and/or manage the IT infrastructure,
  • Plan and/or execute customer relations management processes,
  • Design and/or perform advertisement and/or publicity and/or marketing activities through digital and/or other channels,
  • Plan and/or perform activities devoted to customer satisfaction and/or experience,
  • Plan and/or execute campaign and/or promotion and/or publicity processes,
  • Plan and/or perform corporate communication activities,
  • Plan and/or execute processes for sales of products and/or services,
  • Plan and execute renovation processes for products and/or services available,
  • Submit statutorily required information to authorized persons and/or competent authorities,
  • Plan and/or perform audit activities and/or activities related to ethics of the Company,
  • Design and/or perform reference and/or intelligence activities for staff recruitment and/or Company's security processes,
  • Plan and/or execute operational and/or productivity processes,
  • Plan and/or implement projects in line with the goals of the Company,
  • Plan and/or perform activities for the maintenance of business continuity,
  • Identify and/or evaluate the persons, who are to be made subject to marketing activities, with respect to the consumer behavior criteria,
  • Plan and/or perform after-sales support service activities,
  • Plan and/or execute authorizations of business partners and/or suppliers for access to information,
  • Plan, supervise and/or execute information security processes,
  • Plan and/or perform cross-sales activities in relation to the other products offered by the Company,
  • Plan and/or perform business activities,

 

3 TRANSFER OF PERSONAL DATA BY ELEKTRONIK BILGI GUVENLIGI A.S.

i. General Requirements for Transfer

Article 8 of the Law distinguishes the personal data of private nature from those, which are not of private nature, in respect of the transfer of personal data.

According to the said article; the personal data, which are not of private nature, may be transferred to third parties in the cases, where the any of the conditions provided in Section 2 is satisfied for such data.  Accordingly; the personal data may be shared by E-GUVEN with or disclosed to other persons than the legal entities of by E-GUVEN in the following cases;

  • If the respective data owner explicitly consents to such sharing or disclosure,
  • If the processing of the data is explicitly contemplated by applicable laws,
  • If it is strictly obligatory for the processing of the data of a person, who is physically unable or incapable to express her/his consent or whose consent is legally not considered valid, in order for the protection of the life or physical integrity of such person or any other individual,
  • If the processing of the personal data of the parties of a contract, provided that such processing is directly connected to the execution or the performance of a contract,
  • If the processing of data represents a strict requirement for the data controller to fulfill the respective legal obligations thereof,
  • If the personal data have been made public by the respective data owners,
  • If the processing of data represents a strict requirement for creation, exercise or protection of a right,
  • If the processing of data is strictly required to preserve and maintain the legitimate interests of the data controllers, provided that the fundamental rights and freedoms of the concerned person not be prejudiced.

Article 8 refers to the conditions for processions provided in Section 2 also in respect of the personal data of private nature, but provides for the taking of adequate precautions in order for the same to be transferred.  Accordingly; E-GUVEN shares the personal data of private nature with adequate precautions being taken in any case subject to

  • the contemplation of the processing of the personal data of private nature (being the the data related to the persons' race, ethnic origin, political view, philosophic belief, religion, sect or other beliefs, appearance and dressing, affiliation to associations, foundations or trade unions, conviction and safety precautions as well as biometric and genetic data) except for those related to health and sexual life by the applicable laws, and
  • the processing of such data by such persons or competent authorities, who or which are bound by confidentiality obligation, for the purpose of the protection of public health, preventive medicine, medical diagnosis, performance of treatment and healthcare services and the planning and management of healthcare services and the financing of the same as far as the data related to health and sexual life are concerned.

ii. Transfer of Personal Data to Abroad

E-GUVEN may transfer personal data to abroad in the following cases;

  • If the respective data owner explicitly consents to such transfer, or
  • If the respective data owner's explicit consent is not in place but any one or several of the other conditions mentioned above is satisfied; provided that
    • Adequate means and precautions for protection are in place within the country, to which the personal data are transferred, and
    • If adequate means and precautions for protection are not in place within the country, to which the personal data are transferred, E-GUVEN warrants ensuring such adequate means and precautions for protection in writing with the data controller based in the relevant country in abroad and the authorization of the Board of Protection of Personal Data is obtained.

iii. Parties, to Whom Elektronik Bilgi Guvenligi A.S. Transfers Personal Data

E-GUVEN transfers the personal data to the following parties in accordance with the conditions and requirements provided above:

  • The service providers, from which the Company procures services for the processes that are outsourced by the Company.
  • The business partners in order for the accomplishment of the objectives of the business partnership.
  • The legally competent public authorities and legally authorized private natural persons or entities to the extent of the informations inquired within the scope of the respective legal authorities thereof.

 

4 THE PERSONAL DATA PROCESSED BY ELEKTRONIK BILGI GUVENLIGI A.S.

The categories of the personal data processed by E-GUVEN are provided within Annex-1 hereto.


5 THE PROCEDURES OF PROCESSING OF PERSONAL DATA BY ELEKTRONIK BILGI GUVENLIGI A.S.

E-GUVEN informs the personal data owners as to the purposes of its processing of the personal data, the parties or persons, to whom, and the purposes, for which it may transfer the processed personal data, the methods it employs to collect personal data as well as the legal reason for the same and the rights of the data owner at the time of receipt of the personal data as contemplated by the Law.

In the cases, where the Law requires E-GUVEN to obtain explicit consent for any process; E-GUVEN obtains the explicit consent of the data owners following the information as described above.

6 DETERMINATION OF PERIODS OF RETENTION OF PERSONAL DATA BY ELEKTRONIK BILGI GUVENLIGI A.S.

E-GUVEN determines the periods of retention of personal data with due consideration of the applicable laws and regulations in force as well as the intended purposes of processing of the data, being the subject matter of the process at issue. In any case, E-GUVEN determines the periods of retention in compliance with and under the lights of its statutory obligations and the applicable periods of prescription.

In the event the purpose of the processing of data ceases to exist; the data are deleted, destroyed or anonymized unless there is any other legal reason or basis in place for the data to be retained.

 

7 THE RIGHTS OF DATA OWNERS AND EXERCISE OF SUCH RIGHTS

 

i. The Rights of Data Owners

The personal data owners have the following rights against the data controller pursuant to the provisions of Article 11 of the Law:

  • Learn whether or not her/his personal data have been processed.
  • Request information as to processing if her/his data have been processed.
  • Learn the purpose of processing of the personal data and whether data are used in accordance with their purpose.
  • Know the third parties based at home or in abroad, to whom personal data have been transferred.
  • Request rectification in case personal data are processed incompletely or inaccurately.
  • Request deletion or destruction of personal data in accordance with the applicable laws and regulations.
  • Request notification of the operations performed as a consequence of such requests as rectification, deletion and destruction to third parties to whom personal data have been transferred.
  • Object to occurrence of any result that is to her/his detriment by means of analysis of personal data exclusively through automated systems.
  • Request compensation for the damages in case the person incurs damages due to unlawful processing of personal data.

The cases, in which the data owners are not entitled to file any claims, are provided within the second paragraph of Article 28 of the Law; and accordingly, the aforementioned rights in and to the personal may not be exercised in the following cases;

  • If the processing of personal data is necessary for prevention of crime or investigation of a crime,
  • If the processing of personal data has revealed to the public by the data owner herself/himself,
  • If the processing of personal data is necessary, deriving from the performance of supervision or regulatory duties, or disciplinary investigation or prosecution by assigned and authorized public institutions and organizations and professional organizations with public institution status, and
  • If the processing of personal data is necessary for the protection of economic and financial interests of the state related to budget, tax, and financial matters

Moreover, according to the provisions the first paragraph of Article 28 of the Law; the personal data are provided to be excluded from the scope of applicability of the Law in the following cases, on which account any requests or claims of the data owners shall not be taken into consideration in such cases:

  • Processing of personal data by natural persons in the course of a purely personal or household activity, provided that obligations relating to data security are complied with and data are not transferred to third parties.
  • Processing of personal data for the purposes of official statistics and, through anonymization, research, planning, statistics and similar.
  • Processing of personal data for the purposes of art, history, and literature or science, or within the scope of freedom of expression, provided that national defense, national security, public safety, public order, economic safety, privacy of personal life or personal rights are not violated.
  • Processing of personal data within the scope of preventive, protective and intelligence-related activities by public institutions and organizations who are assigned and authorized for providing national defense, national security, public safety, public order or economic safety.
  • Processing of personal data by judicial authorities and execution agencies with regard to investigation, prosecution, adjudication or execution procedures.

ii. Exercise by data owners of Their Rights

The data owners may exercise their rights mentioned above by way of the "Form of Application to the Data Controller by the Personal Data Owner", which is available at [www.e-guven.com].

The applications shall be filed through one of the following methods along with the documents that identify the applying data owner:

  • The form shall be completed and manually signed, and shall be sent to [Degirmen sok. Nidakule Is Merkezi No: 18 K:5 Kozyatagi/ Istanbul] through the agency of a notary public or via certified letter, or
  • Secure electronic signature created in accordance with the Electronic Signatures Law No. 5070 shall be affixed to the form, and be sent through the electronic mail address, which is registered to [elektronikbilgiguvenligi@hs02].kep.tr, or
  • A method provided by the Board of Protection of Personal Data shall be employed.

E-GUVEN responds to the data owners, who intend to exercise such rights within the limits as provided by the Law, within the maximum period of thirty days, which period is also contemplated by the Law. The filing of an application by a third party on behalf of a personal data owner requires the relevant data owner to issue a specific power of attorney for the name of the designated applicant through the agency of a notary public.

The applications filed by data owners are put into operation free of charge as a principle; however, in the event any tariff of rates is introduced by the Board of Protection of Personal Data, then such operations may be performed in consideration of such applicable rates.

E-GUVEN may request certain information from an applicant in order to establish whether or not such applicant is a a personal data, and pose certain questions to the personal data owner in relation to the application filed thereby in order to the clarify the matters contained within the application.

8 PROTECTION OF PERSONAL DATA BY ELEKTRONIK BILGI GUVENLIGI A.S.

E-GUVEN takes reasonable technical and administrative precautions to prevent the risks of unauthorized access, accidental losses of data, intentional deletion of or damages the data with a view to ensure the security of the personal data.

Accordingly; E-GUVEN

  • records any access to the personal data,
  • ensures data security, using appropriate software and hardware with anti-virus systems and firewalls,
  • monitors the personal data processing activities on business unit basis,
  • ensures the conduct of required audits and supervision in order to enable the enforcement of the applicable provisions of the Law pursuant to Article 12 of the Law,
  • ensures the compliance of the data processing activities with the Law through the Company's internal policies and procedures,
  • designates appropriate authorizations within the Company's organization with respect to the nature of the data accessed,
  • implements stricter precautions for access to personal data of private nature,
  • subjects the persons, who have access to personal data of private nature, to additional security checks,
  • procures appropriate warranties for compliance with the Law from the external service providers used in the cases of any access to the personal data by external (third) parties on account of such reasons as outsourcing, and
  • takes appropriate actions to inform all its employees, primarily including those, who are authorized to access the personal data, regarding their duties and responsibilities under the Law.

9 THE CORPORATE GOVERNANCE STRUCTURE OF ELEKTRONIK BILGI GUVENLIGI A.S. IN RELATION TO THE PROTECTION OF PERSONAL DATA

A Committee for the Protection of Personal Data (the "Committee") has been established within the organization of E-GUVEN with a view to follow up, monitor and manage the actions necessary for compliance with the Law. The main duties of the Committee are provided as follows;

  • Take the necessary actions in order for the preparation and bringing into force of the policies and procedures regarding the protection and processing of personal data within the organization of E-GUVEN,
  • Delegate duties as necessary within the organization of E-GUVEN in order for the enforcement of policies and procedures, and monitor the taking of relevant actions,
  • Follow up and monitor the audits to be conducted pursuant to Article 12 of the Law,
  • Identify the appropriate actions to be taken in order to raise awareness within the organization of E-GUVEN with regards to the enforcement of the Law, and delegate duties as necessary to take such actions,
  • Ensure the taking of necessary actions for the resolution of any questions or issues that may arise out in relation to the enforcement of the Law and/or the policies and procedures,
  • Take appropriate actions for the resolution of the applications by data owners as necessary, and
  • Maintain the relations with the Board of Protection of Personal Data.

 

 

Annex -1: Data Categories

 

 

Data Category

Personal Data Category Description

Personal Data Types in the Relevant Personal Data Category

Identity Data

The details contained in such documents as driver's license, ID card, certificate of residence, passport, ID for attorneys-at-law and certificate of marriage, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system

Republic of Turkey ID No, ID card serial no., given name and last name, photograph, date of birth, age, place of birth registration, certificate of identity register copy

Contact Data

The details used for contacting the concerned person, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system

Email address, phone number, mobile phone number, address etc.

Data of Family Members and Relatives

The details about the family members and relatives of the relevant personal data owner, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system, and are registered in order for the protection of the interests of the concerned company and the data owner

Such details as ID details, contact details, professional details and education details of the children and spouses of the personal data owner

Customer Data

The details about the customers that make use of our products and services, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system

Customer no, details of occupation etc.

Customer Operation Data

The details about any operation conducted by the customers that make use of our products and services, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system

Requests and instructions, order and basket details etc.

Physical Location Security Data

The personal details in relation to the records created and documents issued during entrance to and presence inside a physical location, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system

Entrance and exit logs, visit details, video surveillance footage etc.

Operational Security Data

The personal data processed with a view to ensure the technical, administrative, legal and commercial security of E-GUVEN and related parties, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system

The details, which enable to match of the operation that is associated to the personal data owner and the concerned person and which prove that the concerned person in fact is authorized to conduct the relevant operation (e.g. website passcode/PIN and password details)

Financial Data

The personal data within the scope of the details, documents and records that indicate any financial results and outcomes derived with respect to the type of the legal relation in place with the personal data owner, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system, and are registered in order for the protection of the interests of the concerned company and the data owner

The details that indicate the financial result or outcome of the operations conducted by the data owner, credit card debt, loan amount, loan repayments, amount and rate of interest payable, debt balance, credit balance etc.

Marketing Data

The data that E-GUVEN is to use for the purpose of marketing activities, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system

The reports and evaluations indicating personal habits and favorites developed and collected for marketing purposes, targeting information, cookie logs, data enrichment activities etc.

Legal Transaction and Compliance Data

The personal data processed in order for the establishment and follow-up of legal receivables and rights and the performance of legal obligations, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system

The data contained in such documents as the decisions, judgments, orders and decrees of courts and administrative authorities

Personal Data of Private Nature

The personal data related to the persons' race, ethnic origin, political view, philosophic belief, religion, sect or other beliefs, appearance and dressing, affiliation to associations, foundations or trade unions, health, sexual life, conviction and safety precautions as well as biometric and genetic data, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system

The data related to the persons' race, ethnic origin, political view, philosophic belief, religion, sect or other beliefs, appearance and dressing, affiliation to associations, foundations or trade unions, health, sexual life, conviction and safety precautions as well as biometric and genetic data

Request/Complaint Management Data

The personal data related to the receipt and consideration of any requests and complaints filed with E-GUVEN, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system

Any requests and complaints addressed to the companies, and the records and reports related to the same

Reputation Management Data

The personal data that may potentially affect the reputation  of E-GUVEN and of its shareholders, employees, business partners or customers, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system

The personal data contained within unfavorable news pieces about the Company that are posted on the social media etc.

Visual and Audio Data

The visual and audio records associated to the personal data owner, which are explicitly proven to belong to an identified or identifiable natural person and are registered to the data registration system

Photographs, camera (video) records and audio records

 

 

ANNEX -2: Definitions

 

 

Term

 

Definition as per the Law

Explicit consent

 

The informed consent expressed by free will in respect of any matter

 

Anonymization

 

The modification of the nature of personal data in such manner that they can no longer be associated to an identified or identifiable natural person even by way of matching with other data

 

Data subject

 

A natural person, whose personal data are processed (referred to as "data owner" within the Policy)

 

Personal data

 

Any information relating to an identified or identifiable natural person

 

Processing of personal data

 

Any operation, which is performed upon personal data such as collection, recording, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization or blocking its use by wholly or partly automatic means or otherwise than by automatic means which form part of a filing system

 

Filing system (Data recording system)

 

Any recording system, through which personal data are processed by structuring according to specific criteria

 

Data controller

 

A natural person or legal entity, who or which determines the purposes and means of the processing of personal data, and who is responsible for establishment and management of the filing system

 
How Can We Help You?
Continue

Electronic Signature Download Test Application!

Download now to test your
electronic signature and system software

Download Now }

Requires Windows 7 or later operating system,
.Net Framework 4.0 or later versions.

Search Word

7 found the search result.

About us
Vision & Mission
Our Values and Policies
CSR
E-Signature
Software Library
Other Products
HSM NES
Time Stamp
On Site Identity Check and Installation
Trainings
Consultancy
E-Signature Softwares
PIN Query
PUK Query
FAQ
Transaction Guide
Banking & Finance
Insurance
Telecommunication
Real Estate
IT
Logistics & Transport
Health
Education
Inspection & Consultancy
Construction & Energy
Other
Borusan EnBW Security Certificates
İnci Holding
İpek Kağıt Signature-free Processes
Opet Signed Payroll Project
Siemens İmzala Gönder
Protection of Personal Data
Contact
Sales Offices
Company Information
Account Numbers
Cookies Policy
Disclosure Form
ELEKTRONIK BILGI GUVENLIGI A.S. DISCLOSURE FORM REGARDING THE PROCESSING OF PERSONAL DATA

This Disclosure Form has been issued by Elektronik Bilgi Guvenligi Anonim Sirketi (the “Company”) with a view to inform the customers of the Company in accordance with the Law No. 6698 on the Protection of Personal Data as to the processing of their personal data by the Company.

The details regarding the processing of your personal data within the framework of this Disclosure Form are available within Elektronic Bilgi Guvenligi A.S. Policy for the Protection and Processing of Personal Data at [www.e-guven.com].

a) Methods of and Legal Reasons for the Collection of Personal Data

Your personal data are collected electronically or physically. Your personal data collected on account of the legal reasons provided herein may be processed and shared in accordance with the requirements for the processing of personal data as set forth within Articles 5 and 6 of the Law.

b) Purposes of Processing of Personal Data

Your personal data are processed in accordance with the requirements for the processing of personal data as set forth within Articles 5 and 6 of the Law for the purpose of the planning and performance of the activities as necessary for the offering and publicity of the products and services offered by the Company to the data subjects in such forms as customized to the appreciation, habits of use and needs of the data subjects, the performance by the business units of necessary activities to make the products ad services offered by the Company available to the data subjects and the execution of the related business processes the performance by the business units of the activities necessary for the performance of the commercial operations maintained by the Company and the execution of the related business processes, the planning and implementation of the commercial and/or the business strategies of the Company, and the ensuring of the legal, technical and commercial - business security of the Company and the parties, who are in business relation with the Company.

c) The Parties, to Whom Personal Data May Be Disclosed, and Purposes of Disclosure

Your personal data may, in accordance with the requirements for the processing of personal data as set forth within Articles 8 and 9 of the Law, be shared with and disclosed to the business partners and suppliers of the Company as well as legally competent authorities and bodies and legally authorized private legal entities for the purpose of the planning and performance of the activities as necessary for the offering and publicity of the products and services offered by the Company to the data subjects in such forms as customized to the appreciation, habits of use and needs of the data subjects, the performance by the business units of necessary activities to make the products ad services offered by the Company available to the data subjects and the execution of the related business processes the performance by the business units of the activities necessary for the performance of the commercial operations maintained by the Company and the execution of the related business processes, the planning and implementation of the commercial and/or the business strategies of the Company, and the ensuring of the legal, technical and commercial - business security of the Company and the parties, who are in business relation with the Company.

d) The Rights of Data Owners and Exercise of Such Rights

In the event you, being a personal data owner, file your request under your rights provided below with the Company through the methods specified within Elektronik Bilgi Guvenligi A.S. Policy for the Protection and Processing of Personal Data, which is available at [www.e-guven.com]; your request so filed will be replied and addressed as soon as practicable but, in any case, no later than 30 (thirty) days.

You, being a personal data owner, have the following rights pursuant to the provisions of Article 11 of the Law:

  • Learn whether or not you personal data have been processed,
  • Request information as to processing if your data have been processed,
  • Learn the purpose of processing of you personal data and whether your data are used in accordance with their purpose,
  • Know the third parties based at home or in abroad, to whom your personal data have been transferred,
  • Request notification of the operations performed as a consequence of such requests as rectification, deletion and destruction to third parties to whom you personal data have been transferred, in the cases where your personal data have been processed incompletely or inaccurately,
  • Request your personal data to be delete or destroyed in the event the reasons that may have required the processing of your personal data in spite of the fact that they have been processed in compliance with the Law and other applicable laws and regulations, and request notification of the relevant operation to third parties to whom personal data have been transferred,
  • Object to occurrence of any result that is to your detriment by means of analysis of your personal data exclusively through automated systems,
  • Request compensation for the damages in case the you incur damages due to unlawful processing of your personal data.