1.1. ENTRANCE
- SECTION – INTRODUCTION, POLICY PURPOSE, SCOPE. IMPLEMENTATION and ENFORCEMENT
The protection of personal data is among the most important priorities of our Company. The most important pillar of this issue is governed by this Policy; protection and processing of personal data of our customers, potential customers, employee candidates, Company shareholders, Company officials, visitors, employees, shareholders and officials of the institutions we cooperate with and third parties. The activities carried out by our Company regarding the protection of the personal data of our employees are carried out by Telepro Enerji vce Elektronik Sistemleri San. Tic. Ltd. Şti. (Telepro or the Company) Employees are managed under the Personal Data Protection and Processing Policy.
According to the Constitution of the Republic of Turkey, everyone has the right to request the protection of personal data about him. Regarding the protection of personal data, which is a Constitutional right, Telepro is governed by this Policy; It pays due attention to the protection of the personal data of its employees and employee candidates, shareholders and officials and third parties and makes this a Company policy.
In this context, necessary administrative and technical measures are taken by Telepro to protect personal data processed in accordance with the relevant legislation.
In this Policy, detailed explanations will be made regarding the basic principles adopted by Telepro in the processing of personal data and listed below:
- Processing personal data in accordance with the law and honesty rules,
- Keeping personal data accurate and up-to-date when necessary,
- Processing personal data for specific, explicit and legitimate purposes,
- Processing personal data in connection with the purpose for which they are processed, limited and measured,
- To keep personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed,
- Enlightening and informing personal data owners,
- Establishing the necessary system for personal data owners to exercise their rights,
- Taking the necessary measures in the protection of personal data,
- Acting in accordance with the relevant legislation and the regulations of the KVK Board in the transfer of personal data to third parties in line with the requirements of the purpose of processing,
- To show the necessary sensitivity to the processing and protection of sensitive personal data.
1.2. PURPOSE OF THE POLICY
The main purpose of this Policy is to make statements about the personal data processing activities carried out by Telepro in accordance with the law and the systems adopted for the protection of personal data, and in this context, our customers, potential customers, employee candidates, Company shareholders, Company officials, visitors, employees, shareholders and officials of the institutions we cooperate with and third parties, especially our Company. to ensure transparency by informing the persons committed by the company.
1.3. SCOPE
This Policy; It relates to all personal data of our customers, potential customers, employee candidates, Company shareholders, Company officials, visitors, employees, shareholders and officials of the institutions we cooperate with and third parties, which are processed automatically or non-automatically, provided that they are a part of any data recording system.
The scope of application of this Policy regarding the groups of personal data owners in the above-mentioned categories may be the entire Policy (eg. Such as our active customers who are also our visitors); and only some of its provisions (eg. Only our visitors).
1.4. IMPLEMENTATION OF THE POLICY AND RELATED LEGISLATION
The relevant legal regulations in force regarding the processing and protection of personal data will primarily be implemented. In case of inconsistency between the legislation in force and the Policy, our Company accepts that the current legislation will be applied.
The policy has been created by concretizing and regulating the rules set forth by the relevant legislation within the scope of Telepro applications. Our company carries out the necessary systems and preparations in order to act in accordance with the effective periods stipulated in the KVK Law.
1.5. ENFORCEMENT OF THE POLICY
This Policy, which was issued by our company, was published on 07.04.2016 and entered into force on 07.10.2016 in accordance with the Law on the Protection of Personal Data No. 6698. In case of renewal of all or certain articles of the Policy, the Policy will be updated.
The policy is published on our Company’s website (https://www.telepro.com.tr) and made available to the relevant persons upon the request of personal data owners.
- SECTION – ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA
In accordance with the current legislation, our company takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of the personal data it processes, to prevent unlawful access to the data and to ensure the protection of the data, and to carry out or have the necessary audits carried out in this context.
2.1. ENSURING THE SECURITY OF PERSONAL DATA
Our company takes the necessary legal, technical and administrative measures within the technological possibilities regarding data security and shows the necessary care and attention in this regard.
Employees are informed that they cannot disclose the personal data they have learned to others in violation of the provisions of the KVK Law and cannot use them for purposes other than processing, and that this obligation will continue after they leave their job, and necessary commitments are taken from them in this direction.
In order to prevent imprudent or unauthorized disclosure, access, transfer or any other unlawful access to personal data, our company provides the necessary information within the company and takes technical and administrative measures according to the nature of the data to be protected, technological possibilities and application costs.
The obligations that our Company has to comply with while processing personal data as a data controller and the obligation to comply with the legal, administrative and technical measures developed in this regard are contractually imposed on the data processing institutions with which our Company has relations in various capacities such as suppliers and business partners, in accordance with the nature of the activity they carry out in data processing.
In accordance with the current legislation, our company carries out or has the necessary audits carried out within its own structure. The results of these audits are reported to the relevant department within the scope of the internal functioning of the Company and necessary activities are carried out to improve the measures taken.
Our company operates a system that ensures that personal data processed in accordance with the current legislation is obtained by others illegally, and this situation is notified to the relevant personal data owner and the KVK Board as soon as possible.
2.2. OBSERVING THE RIGHTS OF THE DATA OWNER; CREATING CHANNELS THROUGH WHICH THESE RIGHTS WILL BE COMMUNICATED TO OUR COMPANY AND EVALUATING THE REQUESTS OF DATA OWNERS
Our company carries out the necessary channels, internal functioning, administrative and technical arrangements in accordance with the current legislation in order to evaluate the rights of personal data owners and to provide the necessary information to personal data owners.
In the event that personal data owners submit their requests regarding their rights listed below to our Company in writing, our Company concludes the request within the periods ordered by the applicable legislation, depending on the nature of the request.
Personal data owners;
- To learn whether your personal data is processed or not,
- If your personal data has been processed, requesting information about it,
- To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
- To know the third parties to whom your personal data is transferred at home or abroad,
- Requesting correction of your personal data if it is incomplete or incorrectly processed,
- Requesting the deletion or destruction of your personal data within the framework of the conditions stipulated in the relevant legislation,
- Requesting notification of the correction, deletion and destruction processes made in accordance with the relevant legislation to third parties to whom your personal data has been transferred,
- Objecting to the emergence of a result against you by analyzing your processed data exclusively through automated systems,
- If you suffer damage due to unlawful processing of your personal data, you have the right to demand the compensation of the damage.
In accordance with the current legislation, personal data owners are required to submit their requests regarding the exercise of their above-mentioned rights to our Company in “writing” or by other methods permitted by the legislation.
Since no additional method has been determined as of the effective date of this Policy, the relevant application must be submitted to our Company in writing in accordance with the mandatory provision of the legislation.
In order to exercise the above-mentioned rights, the request must be submitted by specifying which right it is related to, together with the necessary information identifying the identity of the personal data owner and explanations regarding the right to be used; It will ensure that the application regarding the request is answered faster and more effectively.
In this context, you can send the petition containing your detailed explanation of the right you want to use and the subject of your request to Atatürk Mahallesi, Sedef Caddesi, No:5/135 Ata 2/2 Blok 34750 Ataşehir/Istanbul by registered mail.
2.3. PROTECTION OF SENSITIVE PERSONAL DATA
With the KVK Law, special importance has been attached to a number of personal data due to the risk of causing victimization or discrimination when processed unlawfully.
These data; race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
Our company acts sensitively in the protection of sensitive personal data, which is determined as “special quality” by the KVK Law and processed in accordance with the law. In this context, the technical and administrative measures taken by our Company for the protection of personal data are carefully implemented in terms of sensitive personal data and necessary audits are provided.
- SECTION – ISSUES RELATED TO THE PROCESSING OF PERSONAL DATA
Our company, in accordance with the legislation, regarding the processing of personal data; in accordance with the law and the rules of good faith; accurate and up-to-date when necessary; pursuing specific, clear and legitimate purposes; It carries out personal data processing activities in a limited and measured manner in connection with the purpose. Our company retains personal data for as long as stipulated by law or required by the purpose of processing personal data.
3.1. PROCESSING OF PERSONAL DATA IN ACCORDANCE WITH THE PRINCIPLES STIPULATED IN THE LEGISLATION
3.1.1. Processing in Accordance with the Law and the Rule of Good Faith
Company; In the processing of personal data, it acts in accordance with the principles brought by legal regulations and the general rule of trust and honesty. In this context, our Company takes into account the proportionality requirements in the processing of personal data and does not use personal data other than what is required by the purpose.
3.1.2. Ensuring that Personal Data is Accurate and Up-to-Date When Necessary
Company; It ensures that the personal data it processes is accurate and up-to-date, taking into account the fundamental rights of personal data owners and their own legitimate interests. It takes the necessary measures in this direction.
3.1.3. Processing for Specific, Explicit, and Legitimate Purposes
Our company clearly and precisely determines the purpose of processing personal data, which is legitimate and lawful. Our company processes personal data in connection with the service it provides and to the extent necessary for them. The purpose for which personal data will be processed by our company is revealed before the personal data processing activity begins.
3.1.4. Being Connected, Limited and Proportionate to the Purpose for which they are Processed
Our company processes personal data in a way that is suitable for the realization of the specified purposes and avoids the processing of personal data that is not related to the realization of the purpose or is not needed. For example, personal data processing activities are not carried out to meet the needs that may arise later.
3.1.5. Retention for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed
Our company retains personal data only for the period specified in the relevant legislation or required for the purpose for which they are processed. In this context, our Company first determines whether a period of time is stipulated for the storage of personal data in the relevant legislation, if a period is determined, it acts in accordance with this period, and if a period is not determined, it stores personal data for the period required for the purpose for which they are processed. In the event that the period expires or the reasons requiring its processing disappear, personal data is deleted, destroyed or anonymized by our Company.
3.2. PROCESSING OF PERSONAL DATA BASED ON AND LIMITED TO ONE OR MORE OF THE PERSONAL DATA PROCESSING CONDITIONS SPECIFIED IN THE LEGISLATION
Although the legal bases for the processing of personal data by our company differ, all kinds of personal data processing activities are carried out in accordance with the general principles specified in the legislation.
(i) Explicit Consent of the Personal Data Owner
One of the conditions for processing personal data is the explicit consent of the owner. The explicit consent of the personal data owner should be disclosed on a specific subject, based on information and with free will.
In order to process personal data subject to the explicit consent of the personal data owner, explicit consent is obtained from customers, potential customers and visitors through the relevant methods.
(ii) Explicitly Stipulated in the Laws
The personal data of the data owner may be processed in accordance with the law if it is expressly stipulated in the law.
(iii) Failure to Obtain the Explicit Consent of the Person Concerned Due to Actual Impossibility
The personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to disclose his consent due to actual impossibility or whose consent cannot be validated in order to protect the life or physical integrity of himself or another person.
Example: The blood type information of the customer who fainted was given to the doctors by his friends.
(iv) Directly Related to the Establishment or Performance of the Contract
Provided that it is directly related to the establishment or performance of a contract, it is possible to process personal data if it is necessary to process personal data belonging to the parties to the contract.
(v) Fulfillment of the Company’s Legal Obligation
If processing is mandatory for our company to fulfill its legal obligations as a data controller, the personal data of the data owner may be processed.
(vi) Publicization of Personal Data by the Personal Data Owner
If the personal data of the data owner has been made public by him/her, the relevant personal data may be processed.
(vii) Data Processing is Mandatory for the Establishment or Protection of a Right
If data processing is mandatory for the establishment, exercise or protection of a right, the personal data of the data owner may be processed.
(viii) Data Processing is Mandatory for the Legitimate Interest of Our Company
Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is mandatory for the legitimate interests of our Company.
3.3. PROCESSING OF SENSITIVE PERSONAL DATA
In the processing of personal data determined as “special quality” by the KVK Law, our company acts in accordance with the regulations stipulated in the KVK Law.
6 of the KVK Law. In the article, a number of personal data that carries the risk of causing victimization or discrimination when processed unlawfully is determined as “special quality”. These data; race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
By our Company in accordance with the KVK Law; Sensitive personal data is processed in the following cases, provided that adequate measures to be determined by the KVK Board are taken:
- If the personal data owner has explicit consent, or
- If the personal data owner does not have explicit consent;
- Sensitive personal data other than the health and sexual life of the personal data owner, in cases stipulated by law,
Sensitive personal data related to the health and sexual life of the personal data owner are processed only by persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
3.4. TRANSFER OF PERSONAL DATA
Our company may transfer the personal data and sensitive personal data of the personal data owner to third parties (third party companies, group companies, third real persons) by taking the necessary security measures in line with the personal data processing purposes in accordance with the law. In this direction, our company acts in accordance with the regulations stipulated in the legislation.
Our company may transfer the personal data and sensitive personal data of the personal data owner to third parties by taking the necessary security measures in line with the personal data processing purposes in accordance with the law and within the scope and framework permitted by the legislation.
3.5. CONDITIONS FOR DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA
Although it has been processed in accordance with the provisions of the legislation, personal data is deleted, destroyed or anonymized by our Company ex officio or upon the request of the personal data owner, in the event that the reasons requiring its processing disappear.
In this context, our Company takes the necessary technical and administrative measures within the Company in order to fulfill its relevant obligation; It has developed the necessary functioning mechanisms in this regard; In order to act in accordance with these obligations, it trains the relevant business units and ensures their assignment and awareness.