Panasonic Electric Works Elektrik Sanayi ve Ticaret Anonim Şirketi
Personal Data Protection and Processing Policy
1. Introduction
In accordance with article 20 of the Constitution of the Republic of Türkiye, everyone has the right to claim the protection of personal data about oneself. This right also encompasses the right to be informed about their personal data, to access this data, to request its correction or deletion and to learn whether it is being used for their purposes.
Personal Data Protection Law with No. 6698 ("PDP Law") regulates the protection of the fundamental rights and freedoms of individuals in the processing of personal data and the obligations of natural and legal persons who process personal data, and the procedures and principles to be followed. The purpose of this Policy, which has been prepared in this direction, is to ensure compliance with the obligations related to the regulations of the PDP Law.
The scope of the Policy includes the protection of personal data of Visitors, Members, Customers of the "https://ewtr.panasonic.com" website ("Website") and the Third Parties.
In case there happens to be a conflict between the PDP Law and other relevant legislations and the Company's Personal Data Protection and Processing Policy, the legislation in force will be applied.
Personal Data Protection Law with No. 6698 ("PDP Law") regulates the protection of the fundamental rights and freedoms of individuals in the processing of personal data and the obligations of natural and legal persons who process personal data, and the procedures and principles to be followed. The purpose of this Policy, which has been prepared in this direction, is to ensure compliance with the obligations related to the regulations of the PDP Law.
The scope of the Policy includes the protection of personal data of Visitors, Members, Customers of the "https://ewtr.panasonic.com" website ("Website") and the Third Parties.
In case there happens to be a conflict between the PDP Law and other relevant legislations and the Company's Personal Data Protection and Processing Policy, the legislation in force will be applied.
2. Purpose
For the purpose of protecting the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and regulating the obligations and procedures and principles to be followed by natural and legal persons who process personal data, Panasonic Electric Works Elektrik Sanayi ve Ticaret Anonim Şirketi ("Company") has prepared this Personal Data Protection and Processing Policy ("Policy").
It is aimed to maintain and develop the activities that are conducted by the Company in accordance with the principles in the PDP Law and to inform personal data owners with the Policy.
It is aimed to maintain and develop the activities that are conducted by the Company in accordance with the principles in the PDP Law and to inform personal data owners with the Policy.
3. Scope
Data owners whose personal data are processed within the scope of this Policy herein are categorized as follows:
Website Visitors | Natural persons who visit the Website by accessing the Website by any means |
Website Members | Natural persons who sign up as a member of the Website and make transactions within the scope of membership |
Third Parties | Although it is not defined in the Policy, other natural persons, including but not limited to data owners whose personal data are processed within the framework of this Policy herein |
4. Definitions
The definitions used in this Policy herein are as follows:
Explicit consent | Consent related to a specific subject, based on notification and expressed with free will |
Anonymization | Rendering personal data impossible to link with an identified or identifiable natural person, even through matching them with other data |
Personal health data | Any health information related to an identified or identifiable natural person |
Personal data | Any information relating to an identified or identifiable natural person |
Processing of personal data | Any operation which is performed on personal data, wholly or partially by automated means or non-automated means which provided that form part of a data filing system, such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use thereof |
PDP Law | Personal Data Protection Law No. 6698 |
PDP Board | Personal Data Protection Board |
PDP Authority | Personal Data Protection Authority |
Sensitive personal data | Personal data related to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data |
TPC | Turkish Penal Code No. 5237 |
Data processor | Natural or legal person who processes personal data on behalf of the data controller upon its authorization |
Personal data owner | Natural person who is considered as the "data subject" in the PDP Law and whose personal data is processed |
Application Form of the Data Owner | Application form to be utilized by personal data owners whose personal data are processed within the Company when using their applications regarding their rights which are described in article 11 of the PDP Law |
Data controller | Natural or legal person that determines the purposes and means of personal data processing and is responsible for the installation and management of the data recording system |
Data Controllers’ Registry | Registry of data controllers maintained by the Personal Data Protection Board |
Data Inventory | Inventory created and detailed by associating the personal data processing activities implemented by the Company in connection with its business processes, the purposes of personal data processing, the recipient group to which the personal data is transferred, and the relevant personal data owner group |
5. General Principles Regarding the Processing of Personal Data
In accordance with article 3 of PDP Law, any operation which is performed on personal data, wholly or partially by automated means or non-automated means which provided that form part of a data filing system, such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use thereof will be considered under the processing of personal data..
It is obligatory to comply with the following principles in the processing of personal data:
a. Compliance with the law and honesty rules
Our company conducts its personal data processing activities in accordance with the law and honesty rules, in accordance with the Constitution, the PDP Law and the relevant legislation.
b. Being accurate and up-to-date when necessary
While our company conducts the processing of personal data, all kinds of administrative and technical measures are taken to ensure the accuracy and up-to-dateness of personal data.
c. Processing for specific, explicit and legitimate purposes
Şirketimiz, kişisel verilerin işlenmesi faaliyetine başlamadan önce kişisel veri işlemeye yönelik meşru amacını aydınlatma metinleri çerçevesinde açık ve kesin olarak belirlemektedir.
d. Being relevant, limited and restrained to the purpose for which they are processed
Personal data is processed by our company as much as necessary in order to achieve the determined purposes. Data processing activities are not conducted with the assumption that it can be used later.
e. Being kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed
Our company stores personal data for a limited period of time stipulated in the PDP Law and the relevant legislation or required by the purposes related to data processing activity.
It is obligatory to comply with the following principles in the processing of personal data:
a. Compliance with the law and honesty rules
Our company conducts its personal data processing activities in accordance with the law and honesty rules, in accordance with the Constitution, the PDP Law and the relevant legislation.
b. Being accurate and up-to-date when necessary
While our company conducts the processing of personal data, all kinds of administrative and technical measures are taken to ensure the accuracy and up-to-dateness of personal data.
c. Processing for specific, explicit and legitimate purposes
Şirketimiz, kişisel verilerin işlenmesi faaliyetine başlamadan önce kişisel veri işlemeye yönelik meşru amacını aydınlatma metinleri çerçevesinde açık ve kesin olarak belirlemektedir.
d. Being relevant, limited and restrained to the purpose for which they are processed
Personal data is processed by our company as much as necessary in order to achieve the determined purposes. Data processing activities are not conducted with the assumption that it can be used later.
e. Being kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed
Our company stores personal data for a limited period of time stipulated in the PDP Law and the relevant legislation or required by the purposes related to data processing activity.
6. Conditions of Processing the Personal Data
Our company may process personal data and sensitive personal data with the explicit consent of the personal data owner or without explicit consent in cases stipulated in articles 5 and 6 of the PDP Law.
6.1. Processing of Personal Data
As a rule, our company processes your personal data based on your explicit consent. On the other hand, it performs personal data processing activities in accordance with the data processing conditions set forth in article 5 of the PDP Law without seeking your explicit consent:
a. It is expressly provided for by the laws.
b. It is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to explain his/her consent due to the physical disability or whose consent is not deemed legally valid.
c. Processing of personal data of the parties of an agreement is necessary, provided that it is directly related to the establishment or performance of the agreement.
d. Being mandatory for the fulfillment of our company's legal obligation.
e. Personal data has been made public by the data owner himself/herself.
f. Data processing is mandatory for the establishment, exercise or protection of any right.
g. Processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the personal data owner.
a. It is expressly provided for by the laws.
b. It is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to explain his/her consent due to the physical disability or whose consent is not deemed legally valid.
c. Processing of personal data of the parties of an agreement is necessary, provided that it is directly related to the establishment or performance of the agreement.
d. Being mandatory for the fulfillment of our company's legal obligation.
e. Personal data has been made public by the data owner himself/herself.
f. Data processing is mandatory for the establishment, exercise or protection of any right.
g. Processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the personal data owner.
6.2. Processing of Sensitive Personal Data:
In accordance with the data processing conditions set forth in article 6 of the PDP Law, our company carries out the processing of personal data, that is specified as of special nature, which carry the risk of creating discrimination when they are processed unlawfully. Additionally, in the processing of sensitive personal data, it is also necessary to take adequate measures determined by the PDP Board. It is prohibited to process sensitive personal data without the explicit consent of the personal data owner. However, sensitive personal data may be processed despite the explicit consent of the personal data owner in the following cases:
a. Processing of Personal Health Data:
Personal health data can be processed in the presence of one of the following conditions, provided that (i) taking adequate measures to be laid down by the Ministry of Health, (ii) acting in accordance with general principles, (iii) being under the obligation of confidentiality:
- Written explicit consent of the personal data owner
- Protection of public health
- Carrying out medical diagnosis, treatment and care services,
b. Processing of Sensitive Personal Data Except for Data Concerning Health and Sexual Life
Data within this scope will be possible in cases where the personal data owner has explicit consent or is laid down by law.
a. Processing of Personal Health Data:
Personal health data can be processed in the presence of one of the following conditions, provided that (i) taking adequate measures to be laid down by the Ministry of Health, (ii) acting in accordance with general principles, (iii) being under the obligation of confidentiality:
- Written explicit consent of the personal data owner
- Protection of public health
- Carrying out medical diagnosis, treatment and care services,
b. Processing of Sensitive Personal Data Except for Data Concerning Health and Sexual Life
Data within this scope will be possible in cases where the personal data owner has explicit consent or is laid down by law.
7. Ensuring the Security and Confidentiality of Personal Data
In accordance with article 12 of the PDP Law, our company takes all necessary technical and administrative measures to ensure the appropriate security level in order to prevent the unlawful processing of and accessing to the personal data it processes and to ensure the protection of personal data.
7.1. Technical Measures that are Taken to Ensure the Lawful Processing of Personal Data and to Prevent Unlawful Access
Company has taken all kinds of technical and technological security measures to protect your personal data and protects your personal data against possible risks.
Technical measures are taken in accordance with the developments in technology, and the measures taken are periodically updated and renewed. There are software and hardware that contain virus protection systems and firewalls. Systems that are suitable for technological developments are used to store personal data in secure environments.
Technical measures are taken in accordance with the developments in technology, and the measures taken are periodically updated and renewed. There are software and hardware that contain virus protection systems and firewalls. Systems that are suitable for technological developments are used to store personal data in secure environments.
Administrative Measures that are Taken to Ensure the Lawful Processing of Personal Data and to Prevent Unlawful Access
- Training and raising awareness of company employees regarding the PDP Law,
- In cases of personal data transfer, ensuring that a record is added to the agreements finalized with the persons to whom the personal data is transferred, that states that the party to whom the personal data is transferred will fulfill the data security,
- Determining what needs to be fulfilled in order to comply with the PDP Law and preparing internal policies for their implementation,
- Using software and hardware that contain protection systems and firewalls, to prevent unauthorized access.
- In cases of personal data transfer, ensuring that a record is added to the agreements finalized with the persons to whom the personal data is transferred, that states that the party to whom the personal data is transferred will fulfill the data security,
- Determining what needs to be fulfilled in order to comply with the PDP Law and preparing internal policies for their implementation,
- Using software and hardware that contain protection systems and firewalls, to prevent unauthorized access.
7.2. Measures to be Taken in Case of Unlawful Disclosure of Personal Data
In case that the processed personal data is obtained by others illegally despite the necessary security measures taken, our Company will notify the data owner concerned and the PDP Board within 72 hours from the date that it is notified of this situation.
8. Purposes of Processing Personal Data and Storage Periods
8.1. Purposes of Processing Personal Data
Personal data is processed by our company within the framework of the purposes that are listed below:
- Planning and execution of commercial activities,
- Execution of transactions within the scope of ensuring product delivery,
- Receiving services in subjects that are not directly provided by us and that are not a part of our field of expertise,
- Providing financial reconciliation with our business partners and/or third parties regarding our products and services,
- Execution/monitoring of legal affairs and transactions,
- Planning and execution of the necessary audit activities to ensure that the activities are conducted in accordance with our Company's procedures and relevant legislation,
- Carrying out research in order to protect the reputation of our company,
- Management of request and complaint processes,
- Planning and execution of corporate governance and communication activities,
- Creation and monitoring of visitor records.
- To provide the services within the scope of the use of the website and to fulfill your needs within the framework of your actions and preferences, to detect, audit and control unauthorized and fraudulent uses thanks to the development of these services
- Fulfillment of obligations arising from Law No. 5651
- Preservation of your information that must be kept in accordance with the relevant legislation; creating copies and backups to prevent loss of information; ensuring the consistency of your information; implementing the necessary technical and administrative measures for the security of our networks and your information
- Carrying out the legal obligations mandated by regulatory authorities, including regulatory and supervisory institutions, and the handling of legal proceedings and processes
- To fulfill our obligations arising from the legislation, to fulfill our legal obligations for authorized and authorized public institutions and organizations, to exercise all kinds of lawsuits, replies and objections against official institutions and organizations such as courts, enforcement offices, arbitral tribunals during the disputes which may arise, to carry out negotiation and agreement processes regarding the disputes, to deliver the necessary information to you if you request information from us in accordance with your rights.
- To prevent the use of the Mobile Application, the Site and other Panasonic systems in violation of legislation and morality, to detect suspicious transactions and unlawful use, and to perform the block and unblock operations
- In case you participate in campaigns, contests, sweepstakes and other events that are organized/announced by Panasonic, to carry out transactions related to the relevant event, to finalize the events, to send prizes, products to you when necessary
- Within the scope of commercial communication processes, general or special personalized campaigns, advantages, promotions, advertisements, information, marketing activities and commercial communication activities (SMS, e-mail, phone call, etc.) tailored for you, conducting surveys for customer satisfaction regarding our products and services, sending our campaigns, competitions, sweepstakes, invitations, openings and invitations to other events, - Execution of Information Security Processes, Monitoring and Handling Legal Affairs, Conducting Storage and Archiving Activities, Reviewing and Assessing Requests, Suggestions, and Complaints, Ensuring the Security of Data Controller Operations, Providing Information to Authorized Persons, Institutions, and Organizations, Offering services related to website usage and addressing your needs based on your transactions and preferences, improving these services, detecting unauthorized and fraudulent activities, inspecting and monitoring usage, preserving your information in compliance with relevant legislation, creating copies and backups to prevent data loss, ensuring the accuracy of your information, and implementing necessary technical and administrative measures to secure both our networks and your information
- Planning and execution of commercial activities,
- Execution of transactions within the scope of ensuring product delivery,
- Receiving services in subjects that are not directly provided by us and that are not a part of our field of expertise,
- Providing financial reconciliation with our business partners and/or third parties regarding our products and services,
- Execution/monitoring of legal affairs and transactions,
- Planning and execution of the necessary audit activities to ensure that the activities are conducted in accordance with our Company's procedures and relevant legislation,
- Carrying out research in order to protect the reputation of our company,
- Management of request and complaint processes,
- Planning and execution of corporate governance and communication activities,
- Creation and monitoring of visitor records.
- To provide the services within the scope of the use of the website and to fulfill your needs within the framework of your actions and preferences, to detect, audit and control unauthorized and fraudulent uses thanks to the development of these services
- Fulfillment of obligations arising from Law No. 5651
- Preservation of your information that must be kept in accordance with the relevant legislation; creating copies and backups to prevent loss of information; ensuring the consistency of your information; implementing the necessary technical and administrative measures for the security of our networks and your information
- Carrying out the legal obligations mandated by regulatory authorities, including regulatory and supervisory institutions, and the handling of legal proceedings and processes
- To fulfill our obligations arising from the legislation, to fulfill our legal obligations for authorized and authorized public institutions and organizations, to exercise all kinds of lawsuits, replies and objections against official institutions and organizations such as courts, enforcement offices, arbitral tribunals during the disputes which may arise, to carry out negotiation and agreement processes regarding the disputes, to deliver the necessary information to you if you request information from us in accordance with your rights.
- To prevent the use of the Mobile Application, the Site and other Panasonic systems in violation of legislation and morality, to detect suspicious transactions and unlawful use, and to perform the block and unblock operations
- In case you participate in campaigns, contests, sweepstakes and other events that are organized/announced by Panasonic, to carry out transactions related to the relevant event, to finalize the events, to send prizes, products to you when necessary
- Within the scope of commercial communication processes, general or special personalized campaigns, advantages, promotions, advertisements, information, marketing activities and commercial communication activities (SMS, e-mail, phone call, etc.) tailored for you, conducting surveys for customer satisfaction regarding our products and services, sending our campaigns, competitions, sweepstakes, invitations, openings and invitations to other events, - Execution of Information Security Processes, Monitoring and Handling Legal Affairs, Conducting Storage and Archiving Activities, Reviewing and Assessing Requests, Suggestions, and Complaints, Ensuring the Security of Data Controller Operations, Providing Information to Authorized Persons, Institutions, and Organizations, Offering services related to website usage and addressing your needs based on your transactions and preferences, improving these services, detecting unauthorized and fraudulent activities, inspecting and monitoring usage, preserving your information in compliance with relevant legislation, creating copies and backups to prevent data loss, ensuring the accuracy of your information, and implementing necessary technical and administrative measures to secure both our networks and your information
8.2. Storage Durations of Personal Data
Our company determines whether a period of time is laid down in the relevant legislation for the storage of personal data. If a period is laid down in the relevant legislation, it complies with this period; if a period is not laid down, it preserves personal data for the period required for the purpose for which it is processed. If the purpose of processing personal data has expired and the retention periods determined by the relevant legislation and/or our Company have ended, it can only be stored for the purpose of providing evidence in possible legal disputes, of asserting the relevant right related to personal data or of establishing a defense. Personal data is not stored by our Company based on a probable future use.
9. Deletion, Destruction and Anonymization of Personal Data
Although personal data has been processed in accordance with the relevant legislation, personal data is deleted, destroyed or anonymized by our Company ex officio or upon the request of the personal data owner, in case that the reasons that require its processing are eliminated, in accordance with article 7 of the PDP Law.
The procedures and principles regarding this issue will be fulfilled in accordance with the PDP Law and the Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28.10.2017 and numbered 30224.
In the first periodic destruction process following the date on which our obligation to delete, destroy or anonymize personal data occurs, it deletes, destroys or anonymizes personal data.
Within 3 (three) months following the date on which our obligation to delete, destroy or anonymize personal data occurs, personal data will be deleted, destroyed or anonymized.
The time interval in which periodic destruction will be performed is six months.
When you apply to our company and request the deletion or destruction of your personal data;
a) Your personal data subject to the request is deleted, destroyed or anonymized if all of the conditions for processing personal data have been eliminated. Your request will be finalized within thirty days at the latest and you will be informed.
b) If all the conditions for processing personal data have been eliminated and the personal data subject to the request has been transferred to the third parties, this condition is notified to the third parties; within the scope of the regulation, it is ensured that the necessary actions are taken.
c) If all of the conditions for processing personal data have not been eliminated, your request may be rejected by explaining the reason in accordance with the third paragraph of article 13 of the PDP Law and the rejection response will be notified to you in writing or in electronic environment within thirty days at the latest.
The procedures and principles regarding this issue will be fulfilled in accordance with the PDP Law and the Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28.10.2017 and numbered 30224.
In the first periodic destruction process following the date on which our obligation to delete, destroy or anonymize personal data occurs, it deletes, destroys or anonymizes personal data.
Within 3 (three) months following the date on which our obligation to delete, destroy or anonymize personal data occurs, personal data will be deleted, destroyed or anonymized.
The time interval in which periodic destruction will be performed is six months.
When you apply to our company and request the deletion or destruction of your personal data;
a) Your personal data subject to the request is deleted, destroyed or anonymized if all of the conditions for processing personal data have been eliminated. Your request will be finalized within thirty days at the latest and you will be informed.
b) If all the conditions for processing personal data have been eliminated and the personal data subject to the request has been transferred to the third parties, this condition is notified to the third parties; within the scope of the regulation, it is ensured that the necessary actions are taken.
c) If all of the conditions for processing personal data have not been eliminated, your request may be rejected by explaining the reason in accordance with the third paragraph of article 13 of the PDP Law and the rejection response will be notified to you in writing or in electronic environment within thirty days at the latest.
9.1. Techniques for Deletion and Destruction of Personal Data
Deletion of personal data is the process of making personal data inaccessible and unusable for the relevant users by no means.
Destruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone by no means.
For example: physical destruction, safely deleting from software, secure deletion by an expert, deleting from the database…
Destruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone by no means.
For example: physical destruction, safely deleting from software, secure deletion by an expert, deleting from the database…
9.2. Techniques for Anonymizing Personal Data
It refers to rendering of personal data impossible to link with an identified or identifiable natural person, even through matching them with other data.
For example: masking, data derivation, using a nickname, aggregation, data hashing…
10. Third Parties to Whom Personal Data Is Transferred and Purposes of the Transfer
The procedures and principles that shall be applied in personal data transfers are regulated in articles 8 and 9 of the PDP Law, and the personal data and sensitive personal data of the personal data owner can be transferred to third parties in the country and abroad. In order to perform its services, your personal data may be processed by the Company in accordance with the Law and other legislation (including but not limited to the Identity Reporting Law No. 1774, the Consumer Protection Law No. 6502 and other regulations related to these laws, the regulations of supervisory and regulatory institutions and organizations and the cases required by public authorities), and the Company's infrastructure providers, third parties from whom it receives services, cargo companies, suppliers, legal entities providing e-archive and e-invoice services, legal entities providing e-archive services, server service for our websites, banks/financing companies, receivable collection companies for the purpose of collecting receivables, natural and legal persons with whom we have a proxy relationship, can be shared with our business partners. However, in any case, personal data cannot be transferred without the explicit consent of the personal data owner, except for the exceptional cases stated in the PDP Law.
10.1. Transfer of Personal Data within the Country
In accordance with article 8 of the PDP Law, the transfer of personal data within the country shall be possible, provided that one of the conditions specified in chapter 6 of this Policy herein, titled "Conditions of Processing the Personal Data" is met.
10.2. Transfer of Personal Data Abroad
In accordance with article 9 of the PDP Law, in case that personal data is transferred abroad, the presence of one of the following issues is sought, in addition to the fact that the conditions for transfers within the country are met:
- The country, where the transferred will be made, is considered among the countries with adequate protection declared by the PDP Board
- In the absence of adequate protection in the country, where the transfer will be made, the data controllers in Türkiye and in the relevant foreign country must undertake an adequate protection in writing and must have the permission of the PDP Board
- The country, where the transferred will be made, is considered among the countries with adequate protection declared by the PDP Board
- In the absence of adequate protection in the country, where the transfer will be made, the data controllers in Türkiye and in the relevant foreign country must undertake an adequate protection in writing and must have the permission of the PDP Board
10.3. Group of Persons that Personal Data Are Transferred by Our Company
In accordance with articles 8 and 9 of the PDP Law and within the scope of this Policy herein, our Company may transfer the personal data of personal data owners to the following groups of persons within the framework of the specified purposes:
PERSON GROUPS | DEFINITION | PURPOSE OF TRANSFER |
---|---|---|
Legally Authorized Public Institutions and Organizations | Public institutions and organizations which are authorized to receive the information and documents of our Company in accordance with the provisions of the relevant legislation | Limited to the purpose that is requested by the relevant public institutions and organizations within the framework of their legal authority |
Legally Authorized Private Legal Persons | Private legal persons who are authorized to receive information and documents from our Company in accordance with the provisions of the relevant legislation | Limited to the purpose that is requested by the relevant private legal persons within their legal authority. |
11. Our Company's Disclosure Obligation
In accordance with article 10 of the PDP Law, personal data owners should be informed during the collection of personal data. Within this scope, our Company fulfills its obligation to inform on the following issues:
a. The title of our Company as the data controller
b. For what purpose personal data will be processed
c. To whom and for what purpose the processed personal data can be transferred
d. The method and legal reason for collecting personal data,
e. The rights of the personal data owner specified in chapter 12.1 of this Policy herein, titled "Application Right"
a. The title of our Company as the data controller
b. For what purpose personal data will be processed
c. To whom and for what purpose the processed personal data can be transferred
d. The method and legal reason for collecting personal data,
e. The rights of the personal data owner specified in chapter 12.1 of this Policy herein, titled "Application Right"
12. Rights of Personal Data Owners and Exercise of These Rights
In accordance with article 13 of the PDP Law, the evaluation of the rights of personal data owners and the required information to personal data owners are conducted with this Policy herein as well as the Company's Application Form of the Data Owner. Personal data owners may submit their complaints or requests related to the processing of their personal data to us within the frame of the principles that are specified in the relevant form
12.1. Application Right
In accordance with article 11 of the PDP Law, anyone whose personal data is processed can send it to our Company's address at Abdurrahmangazi Mah. Ebubekir Cad. No: 44 34887 Sancaktepe Istanbul/Türkiye in person or via notary within identification. Furthermore, the person can send requests to verisorumlusupanasoniclife@hs03.kep.tr e-mail address by using a secure electronic signature and mobile signature or by using the e-mail address in our company system that has been previously provided to our company by you and confirmed by us, by making an application in writing related to the subjects below:
a. To learn whether personal data is processed or not,
b. To request information about the process, if the personal data has been processed,
c. To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
d. To learn the third parties to whom personal data is transferred within the country or abroad,
e. To request the correction of their personal data in case of incomplete or incorrect processing and to request the notification of the processing made within this scope to third parties to whom the personal data has been transferred,
f. To request the deletion, destruction or anonymization of personal data and to request notification of the processing made within this scope to third parties to whom personal data has been transferred in case that the reasons that require the processing of personal data are eliminated,
g. To make an objection against the occurrence of a result against the data owner by analyzing the processed data exclusively through automated systems,
h. To request the compensation of the damage in case of damage due to unlawful processing of personal data.
a. To learn whether personal data is processed or not,
b. To request information about the process, if the personal data has been processed,
c. To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
d. To learn the third parties to whom personal data is transferred within the country or abroad,
e. To request the correction of their personal data in case of incomplete or incorrect processing and to request the notification of the processing made within this scope to third parties to whom the personal data has been transferred,
f. To request the deletion, destruction or anonymization of personal data and to request notification of the processing made within this scope to third parties to whom personal data has been transferred in case that the reasons that require the processing of personal data are eliminated,
g. To make an objection against the occurrence of a result against the data owner by analyzing the processed data exclusively through automated systems,
h. To request the compensation of the damage in case of damage due to unlawful processing of personal data.
12.2. Situations Outside the Scope of the Right to Application
In accordance with article 28 of the PDP Law, it will not be possible for personal data owners to assert their rights in the following cases:
a. Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and the obligations regarding data security are complied with
b. Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.
c. Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that this does not violate national defense, national security, public security, public order, financial security, privacy of private life or personal rights or does not constitute a crime.
d. Processing of personal data within the scope of preventive, protective and intelligence activities that are conducted by public institutions and organizations which are authorized by law to ensure national defense, national security, public security, public order or financial security.
e. Processing of personal data by judicial authorities or enforcement authorities which are related to investigation, prosecution, trial or execution proceedings.
In accordance with paragraph 2 of article 28 of the PDP Law, except for the right to demand compensation for the damage, data owners will not be able to assert the rights of personal data owners:
a. The processing of personal data is required for the prevention of crime or for criminal investigation.
b. Processing of personal data made public by the data subject.
c. Processing of personal data is required for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by authorized and competent public institutions and organizations and professional organizations with the nature of public institutions, based on the authority provided by the law.
d. Processing of personal data is required for the protection of the economic and financial interests of the State with regards to the budget, tax and financial issues.
a. Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and the obligations regarding data security are complied with
b. Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.
c. Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that this does not violate national defense, national security, public security, public order, financial security, privacy of private life or personal rights or does not constitute a crime.
d. Processing of personal data within the scope of preventive, protective and intelligence activities that are conducted by public institutions and organizations which are authorized by law to ensure national defense, national security, public security, public order or financial security.
e. Processing of personal data by judicial authorities or enforcement authorities which are related to investigation, prosecution, trial or execution proceedings.
In accordance with paragraph 2 of article 28 of the PDP Law, except for the right to demand compensation for the damage, data owners will not be able to assert the rights of personal data owners:
a. The processing of personal data is required for the prevention of crime or for criminal investigation.
b. Processing of personal data made public by the data subject.
c. Processing of personal data is required for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by authorized and competent public institutions and organizations and professional organizations with the nature of public institutions, based on the authority provided by the law.
d. Processing of personal data is required for the protection of the economic and financial interests of the State with regards to the budget, tax and financial issues.
12.3. Answering Procedure
In accordance with article 13 of the PDP Law, our Company will finalize the application requests that are made by the personal data owner free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. In accordance with Article 13 of the PDP Law, your application must be submitted to our Company in writing or by other methods that shall be determined by the PDP Board.
In the following cases, application of the personal data owner may be rejected:
a. Obstructing the rights and freedoms of others
b. Requiring a disproportionate effort
c. That the information is public
d. Endangering the privacy of others
e. The presence of one of the conditions that are not covered by the PDP Law
13. Data Processing Activities Carried Out on the Website
In order for the people who visit our company's website to fulfill their visit purposes appropriately, in order to show them customized content and to carry out online advertising activities (for example, by technical means such as cookies), their actions on internet within the site are recorded. Detailed explanations on these activities of our Company are included in the Privacy Policy texts on our website.
This Policy herein may be revised by the Company in cases that are deemed necessary. In cases where revision is in question, the most current version of the Policy will be shared on the Company's website.
This Policy herein may be revised by the Company in cases that are deemed necessary. In cases where revision is in question, the most current version of the Policy will be shared on the Company's website.