What are Cookies?
Cookies are small amounts of information stored on mobile devices (PCs/laptops, smart phones, tablets) to ensure proper functioning of a website or mobile application, to improve user experience, to develop and optimize the website, to provide more appropriate advertisements based on the interests of the visitors and to provide an attractive and customized website/application and advertisement portfolio for the visitors.
Cookies help our websites or mobile platforms to remember your preferences. (For instance, the information you use to login our website, language, location and other preferences). Therefore, you will not be required to re-enter this information each time you visit our websites or mobile applications.
What kind of cookies do we store on your devices and for what purposes do we use them?
Types and Functions of Cookies
· These cookies are stored temporarily on your devices until you leave the website. Persistent cookies are stored on the hard disk of your device for a long period of time.
· These cookies ensure proper functioning of the website and allow users to browse the website and use its functionalities. Mandatory cookies are anonymous. The cookies which are essential for the provision of any service offered on a website are considered as “mandatory cookies”. In other words, any cookie which is required for the provision of a targeted function on a website is a mandatory cookie. The targeted function should also be explicitly requested by the user. For example, clicking on the “add to basket” button during online shopping.
· Mandatory cookies are required for the functioning of the website and the mobile application and are not subject to the approval of the users. Therefore, the approval of the users is not sought for the use of mandatory cookies on the website and mobile applications.
Functional and Analytical Cookies
· These cookies include survey and evaluation information and any data required to store your preferences and behaviors including whether or not you accept the cookies, to ensure effective use of the website, to optimize the website in a way to respond to the requests of the users and information about how the visitors use the website. Due to their nature, these cookies might include your personal data such as user names etc.
· We can also use these cookies to monitor the frequency at which you click on the videos, film, TV series, article and other contents in the tabs of our website or mobile applications, to monitor your data about the pages you visit and your activities on such pages or for statistical purposes. We analyze such data in accordance with our Personal Data Processing and Protection Policy to identify you and to provide you with products and services that can meet your needs. The storage and processing of such data are subject to Beauty Omelette Personal Data Processing and Protection Policy.
· These cookies ensure provision of product/contents in line with those you target based on your interests and preferences and increasing your experience by offering a more developed and customized advertisement portfolio.
We do not use the data collected via cookies to identify you. Cookies cannot be used for purposes other than those mentioned in this Policy.
It is not mandatory to accept the cookies in order to use our websites. However, the cookies provide you a better user experience. You can delete or block cookies other than the mandatory ones but our website might not function properly if you do so.
As explained above, the use of the mandatory cookies might be essential for the functioning of the website or the mobile application. Therefore, if the cookies are blocked from the browser settings, the website or the mobile application or some part of them might not function.
How can I control cookies?
You can delete and/or block cookies whenever you want. You can delete the cookies stored on your device and set your browser to block the cookies.
You can locate the relevant settings by using the “Help” function in your browser. If you disable the cookies, you will have to re-enter the requested information every time you visit our website and some services on the website might not function properly.
When you use our website or digital applications as a visitor, user or customer, your IP address and your location are logged along with the date and time you VISIT the website These information are used to analyze your usage of the portals and the needs of our users and are not shared with third parties. The IP information of the website or mobile application visitors will not be used to identify the visitors.
Other confidential information including your personal data will not be transferred to or shared with third parties for the purposes other than those specified in this Policy.
We fully comply with the international privacy protection standards for protection of the privacy of our visitors, users and customers and provide a secure experience to obtain information and use of personal information.
1. The personal data you share with us
You share your personal data when you use and visit our website or mobile applications upon signing up or subscribing to our electronic bulletins.
1.1. The personal data you provide to us
You share your name, surname, electronic mail address, home and mobile phone numbers, home address, credit card details, location information, your accounts, profiles and media files on your mobile devices when you sign up, contact the customer services or use any product or service.
1.2. Your personal data which are automatically collected
2. Purposes of using your personal data
Sharing your information will allow us to offer products and services as needed, to provide more responsive services and to improve our websites. Your data that you share with us or that we automatically collect from you will be used for the purposes, including but not limited to the following:
· To provide personalized services to our visitors, users and customers and to increase user satisfaction by providing a better quality user experience;
· To contact our guests, users or customers and inform them about our services and campaigns to the extent they consented;
· To monitor the technical functions and to ensure proper functioning of Beauty Omelette website and mobile applications;
· To use for advertisement and sales purposes and to ensure the continuation of free use of Beauty Omelette website and mobile applications by our visitors, users and customers;
· To send you our publications;
· To send bulletins or notifications via e-mail;
· To respond to your questions and to provide an effective customer service;
· To inform you about our new services;
· To engage in direct marketing via Beauty Omelette website and mobile applications or the parties that Beauty Omelette collaborates with;
· To use for various statistical evaluations, database generation and market researches without disclosing the ID of our visitors, users or customers;
· To identify problems related to the system and to promptly resolve the problems that might arise from Beauty Omelette website or mobile applications;
· To analyze the experience of visitors, users or customers, to develop and improve our services and to increase content and product diversity;
· To communicate with you about our services (instant messages, electronic mails, other online and offline messages/push notifications), to provide you alternatives based on your preferences and likes, to provide you technical support in case of technical infrastructural problems, to share the current developments about the products you monitor and the product recommendations with you;
· To take technical and legal measures as regards to our products and services (for example, to prevent publication of illegal contents)
· If you use the services we provide on your mobile device or mobile application, you can be requested to share your geographical location information. To customize your geolocation on our digital platforms that we use to provide our services or on the digital platforms of third parties that we cooperate with and when you share your geolocation information, to provide you contents or advertisements and services related to the contents which are based on the region or country where you are located, to respond quickly to your needs and to generate solution recommendations or
· To use for advertisement and sales purposes to ensure the continuation of free usage of Beauty Omelette website and mobile applications by our visitors, users and customers.
2.1. The data you share with us via our website or mobile applications
You can choose to share your data with us via various online methods when you subscribe or sign up to Beauty Omelette website and mobile applications or subscribe to the electronic news bulletin. You can share your personal data by contacting our customer services representatives by electronic mail, phone or letter. Beauty Omelette may sometimes obtain your personal data from third parties other than Beauty Omelette. This may include obtaining your personal data by purchasing a company that you are a customer of or the disclosure of your personal data by one of our group companies in cases you give your explicit consent to such companies.
You can sign up to Beauty Omelette website via your social media accounts on Facebook, Twitter and Instagram without entering your name, surname, date of birth, electronic mail address etc. When you prefer to sign up to our services via social media networks within the scope of this Policy, you authorize us to process, transfer and store the data that you send to us via your social media accounts. You are recommend to check the current list of third parties that we transfer our data to and examine article 3 of this Policy.
· AKADEMİ GRUP ESTETİK SAĞLIK HİZM.GIDA TUR.OTOM.İNŞ.MÜŞ.SAN.TİC.LTD.ŞTİ.
· BO KOZMETİK MEDİKAL TİCARET VE SANAYİ LİMİTED ŞİRKETİ
The information or personal data that you prefer to disclose to the public (for example, posting comments, voting, scoring, making recommendations and explaining your thoughts) and share in a way that can be accessed and seen by other visitors and users (for example, your photograph, name, surname, date of birth, nickname) are considered to have been disclosed by you and cannot be used for statistical, advertising or promotion purposes without your explicit consent. We will not be held responsible if the personal data that you disclose are used by third parties or other websites.
2.2. The data you share with us as a visitor via our website or mobile applications
If you visit our website or digital platforms without signing up, we can collect information about your behaviors in the digital environment (the number of clicks, the frequency you open tabs or the subjects you like), your IP addresses and the devices you use. This information is collected for analysis and statistical purposes only and without identifying persons.
3. Sharing of Data
Your personal data can be transferred to Beauty Omelette and the real and legal persons listed below that Beauty Omelette collaborates with for the purposes of provision of products and services and we can contact you for our special products or offers. Beauty Omelette can also use your personal data for statistical purposes and share them with the real and legal persons that Beauty Omelette collaborates with for such purposes only. We collect your information about the frequency and the manner of use of our website. You can end this information exchange whenever you want by changing the settings of your web browser. For more detailed information, please examine article 6 of this Policy.
· AKADEMİ GRUP ESTETİK SAĞLIK HİZM.GIDA TUR.OTOM.İNŞ.MÜŞ.SAN.TİC.LTD.ŞTİ.
· BO KOZMETİK MEDİKAL TİCARET VE SANAYİ LİMİTED ŞİRKETİ
3.1. Sharing of personal data with real or legal persons with whom we collaborate
Beauty Omelette can sell you a product or provide you with a service in collaboration with real or legal persons. In case of such collaboration, Beauty Omelette will inform you in advance about such collaboration and the persons that we collaborate with before you sign up to Beauty Omelette via the subscription form, electronic bulletin etc.
· AKADEMİ GRUP ESTETİK SAĞLIK HİZM.GIDA TUR.OTOM.İNŞ.MÜŞ.SAN.TİC.LTD.ŞTİ.
· BO KOZMETİK MEDİKAL TİCARET VE SANAYİ LİMİTED ŞİRKETİ
Beauty Omelette will not sell or share your personal data with third parties fto enable them to use your personal data for their own purposes.
4. Links to third party websites or mobile applications on our website or mobile platforms
We can provide links to third party websites, portals or mobile applications on our websites or mobile applications. However, we are not responsible for the implementation of the privacy policies of the third parties on such websites. The privacy policies of the websites or mobile applications not owned by Beauty Omelette may be different from this Policy. Therefore, we recommend you to examine the privacy policies and personal data processing policies of third parties.
5. Protection of your information shared with us
We are aware of our responsibility to protect the information you entrust us. We take precautions to keep your personal data confidential and as commercial secrets and to prevent their disclosure to unauthorized third parties or the public in order to maintain their confidentiality. With regards to the administrative and technical measures that we take, we recommend you to examine Beauty Omelette Personal Data Processing and Protection Policy.
We as Beauty Omelette undertake to take the most extensive and appropriate security measures including safe databases, servers, firewalls and encryption of electronical mail information to protect your information including your personal data by analyzing the current information and data values and risk status in the light of current technological developments and to inform the personal data owner and the authorized administrative authorities as soon as possible if any user information is stolen, deleted or modified as a result of any cyberattack by a third party.
6. Data Collected via Cookies and Beacon
The cookies under this Policy (“Cookies”) apply to the websites and mobile platforms operated by Beauty Omelette, third party programmes or platforms accessed and used online.
Cookies are small amount of information stored on mobile devices (PCs/laptops, phones, tablets) to ensure proper functioning of a website, to improve user experience, to develop and optimize the website, to provide more appropriate advertisements based on the interests of the visitors and to provide an attractive and customized website/application and advertisement portfolio for the visitors.
The data regarding your usage of Beauty Omelette websites and mobile applications are obtained by means of the mentioned Cookies. Cookies facilitate the use of the Internet by storing status and preferences about a website. Cookies help to obtain statistical information about how many people use the websites and mobile platforms operated by Beauty Omelette, how many times and for how long a person visits Beauty Omelette websites and mobile platforms for what purposes and to dynamically generate advertisements and contents from customized user pages.
We can use and store technologies such as Cookies and beacon on your devices . If you do not accept technologies such as Cookies and packages, you may not be able to perform the functions you expect from Beauty Omelette websites and mobile platforms or you may experience some problems.
We can share the data obtained via Cookies with third parties for advertising purposes. For more details, please see our Cookies Policies available on our website.
7. Management of Your Information
If you notify us that you do not want your personal data to be stored, we undertake to delete, destroy or anonymize the data that are not required for the functioning of our system and that we are not legally obliged to store or that are no longer required to be stored as per the applicable law, in accordance with the conditions and with the methods specified under the applicable law.
We store your personal data in an accurate and up-to-date manner in the light of technological facilities with your support. You can submit other claims under the Law on Protection of Personal Data including the personal data we store in our databases via an electronic e-mail to be sent to the electronic mail address in accordance with the method prescribed by the Personal Data Processing and Processing Policy which is available on our website.
8. Prevention of electronic communications
You can opt out from the electronic mail or instant messaging services provided to you for marketing or advertising purposes whenever you want in accordance with the methods specified in the messages sent to you. In case you opt out, your personal data in our databases will be deleted, destroyed or anonymized, unless otherwise provided in the applicable legislation. You can examine our Personal Data Processing and Protection Policy for detailed information about these transactions.
We as Beauty Omelette and all our departments including the real and legal persons that we collaborate with are aware that the personal data of your children are sensitive and we are committed to protect their personal data. Parents or legal guardians are responsible for the sharing of the personal data of the children with us . You can contact us via e-mail for the personal data of your children, including the personal data shared without the approval of the parents/legal guardians.
We deliberately do not process the personal data of under age children and recommend the parents to actively supervise the online activities of their children.
10. Amendments to this Policy
Our policy is available on www.beautyomelette.com to provide easy access and information to our customers. Beauty Omelette can amend this Policy and all other policies unilaterally without prior notice to its users, subscribers or visitors.
Our policies will come into force on the date of their publication on www.beautyomelette.com. Therefore, we recommend that you follow Policy updates.
11. Governing Law, Competent Courts and Enforcement Offices
12. Communication Consent
PERSONAL DATA PROTECTION AND PROCESSING
BEAUTY OMELETTE TEKSTİL KOZMETİK PAZARLAMA SAN.TİC.LTD ŞTİ
We as Beauty Omelette ensure that the personal data of real persons, including our customers, consumers, suppliers and employees, are processed in line with the applicable legislation including especially the Constitution of the Republic of Turkey, international agreements on human rights to which our country is a party and the Law No. 6698 on Protection of Personal Data (”LPPD”) and the effective exercise of the rights of the persons whose data are processed.
Therefore, we as Beauty Omelette perform data processing, storage and transfer transactions for all personal data that we collect during our activities from, including but not limited to, our employees, visitors, business contacts, business partners, customers, suppliers and users who visit our website in accordance with the Personal Data Protection and Processing Policy (”Policy”).
The main principle of our policy regarding processing of personal data is the protection of personal data and the fundamental rights and freedoms of real persons whose personal data are collected. Therefore, we carry out all of our activities during which personal data are processed by taking into consideration the rights of protection of privacy, communication privacy, freedom of thought and faith and the right to use effective legal remedies.
We take all the necessary administrative and technical protection measures to protect personal data in accordance with the applicable legislation and current technological developments.
This Policy describes the way we process, store, transfer, delete or anonymize the personal data that are shared during our commercial or social responsibility and similar activities in accordance with the principles set out in LPPD.
This Policy applies to all personal data processed by the Company, including the personal data of all our customers, consumers, business contacts, business partners, employees, suppliers, prospective customers and third persons.
This Policy is implemented in all activities regarding the processing of personal data owned or controlled by the Company and has been prepared by taking into consideration the LPPD and other applicable legislation and international standards regarding personal data.
3. DEFINITIONS and ABBREVIATIONS
This section describes the special definitions and expressions, concepts, abbreviations etc. as used in the Policy.
3.1. Company: [*] (Beauty Omelette)
3.2. Explicit Consent: Freely given, specific, informed, clear and limited consent.
3.3. Anonymization: to render it impossible for personal data to be associated in any manner with the identity of a real person who is identified or identifiable, even if they are matched with other data.
3.4. Employee: Company Personnel.
3.5. Personal Data Owner (Data Owner): The real person whose data are processed.
3.6. Personal Data: Any information relating to an identified or identifiable real person.
3.7. Special Categories of Personal Data: Data related to race, ethnic origin, political opinion, philosophic belief, religion, sect or other beliefs, appearance, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
3.8. Processing of Personal Data: Any transaction carried out on the data, such as obtaining, recording, storage, preservation, alteration, reorganization, disclosure, transfer, takeover, making available, classifying the personal data or preventing its usage, by fully or partly automatic means, or by non-automatic means provided that they are part of a data recording system.
3.9. Data Processor: Real or legal person who processes personal data based on the authority granted by and on behalf of the data controller.
3.10. Data Controller: Real or legal person who determines the purposes and means of processing personal data, and who is responsible for establishment and management of the data recording system.
3.11. PDP Board: The Board of Protection of Personal Data.
3.12. PDP Authority: The Authority of Protection of Personal Data.
3.13. LPPD: The Law on Protection of Personal Data published in the Official Gazette No. 29677 dated April 7, 2016.
3.14. Policy: Beauty Omelette Personal Data Protection and Processing Policy.
4. ROLES AND RESPONSIBILITIES
E-Trade Manager: Real or legal person who determines the purposes and means of processing personal data, and who is responsible for establishment and management of the data recording system. Real or legal person who processes personal data.
E-Trade Expert: Real or legal person who processes personal data based on the authority granted by and on behalf of the data controller.
5. LEGAL OBLIGATIONS
We as a data controller have the following legal obligations regarding the protection and processing of personal data in accordance with the LPPD:
5.1. Our obligation to inform
We as Data Controller are obliged to inform the Data Owner about the following while collecting personal data with regard to:
➢ The purposes for which your personal data will be processed,
➢ Our identity and the identity of our representative, if any,
➢ The persons to whom your processed personal data may be transferred and the purposes for the same,
➢ The method of collecting data and the legal reason,
➢ The rights under the Law.
We are committed to ensure that this Policy is clear, comprehensible and easily accessible.
5.2. Our obligation regarding data security
We as Data Controller take all necessary technical and organizational measures in accordance with the applicable legislation to ensure the security of personal data under our responsibility. The data security obligations and measures taken are specified in sections 9 and 10 of this Policy.
6. CLASSIFICATION OF PERSONAL DATA
6.1. Personal data
Personal data mean any information relating to an identified or identifiable real person.
Protection of personal data is applicable to real persons only and any information relating to a legal person which does not include any information relating to a real person is not covered by this Policy. Therefore, this Policy does not apply to the data of legal persons.
6.2. Special categories of personal data
Data concerning race, ethnic origin, political opinion, philosophic belief, religion, sect or other beliefs, appearance, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are special categories of personal data.
7. PROCESSING OF PERSONAL DATA
7.1. Our personal data processing principles
We process the personal data in line with the following principles.
7.1.1. Processing in conformity with the law and principle of good faith
We process the personal data in compliance with the principle of good faith and in a transparent manner within the scope of our obligation to notify.
7.1.2. Ensuring that personal data are accurate and updated when necessary
We take necessary measures in our data processing procedure to ensure that the processed data are accurate and up-to-date. We ensure that the Personal Data Owner can contact us to update his data and rectify any mistake with regards to his processed data.
7.1.3. Processing for specified, explicit and legitimate purposes
We process personal data for our legitimate purposes within a clear scope and content determined for continuation of our activities in line with the applicable legislation and within the framework of the ordinary course of trade.
7.1.4. Processing the personal data to the extent it is relevant, limited and proportionate to the purposes for which data are processed,
We process personal data to the extent it is relevant, limited and proportionate to our clear and express purposes.
We do not process unrelated personal data or personal data which are not required to be processed. Therefore, we do not process special categories of personal data unless legally required or we obtain explicit consent when we need to process such data.
7.1.5. Keeping personal data for a period stipulated under the applicable legislation and for our legitimate commercial interests
The applicable legislation requires us to keep the personal data for a certain period of time. Therefore, we store the processed personal data for a period stipulated under the applicable legislation or for a period required for the purposes of processing personal data.
We delete, destroy or anonymize personal data if the period of storage stipulated under the legislation expires or the purposes of processing are no longer valid. Our principles and procedures regarding storage times are specified in article 9.1 of this Policy.
7.2. Our purposes of processing personal data
We process the personal data for, including but not limited to, the following purposes:
➢ Continuation of our activities,
➢ Providing support services to the customers as per the agreement and service standards,
➢ Identifying preferences and needs of the customers and shaping, customizing and updating the services to be provided to our customers based on such preferences and needs,
➢ Fulfilling our legal obligations required or which are mandatory under the applicable legislation,
➢ Conducting market researches and statistical studies,
➢ Surveys, contests, promotions and sponsorships,
➢ Organization of events,
➢ Evaluating job applications,
➢ Establish contact with persons who have business relations with the Company ,
➢ Compliance management,
➢ Seller / supplier management,
➢ Regulatory reporting,
7.3. Processing of special categories of personal data
We process special categories of personal data upon taking the administrative and technical measures stipulated under the laws and required by the PDP Board and if explicit consent is obtained or when it is legally required.
Since personal data in relation to health and sexual life can be processed only by persons who are bound by a duty of confidentiality or authorized bodies and institutions for the purpose of public health protection, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, we only process such related personal data of our employees. The related data of our employees can be processed by the persons stipulated under the laws.
7.4. Processing of personal data under subscriptions
We collect, process and transfer the personal data by means of the subscription forms you fill out in order to subscribe to our website or any of the programmes we offer in order to subscribe to our programmes, to benefit from our campaigns, to receive news about our advantages.
7.5. Processing of personal data collected via cookies on our website
We can collect, process, transfer and store your personal data via the cookies on our website.
If you do not want your personal data to be collected and processed via cookies, you can disable the cookies on our website. If you disable the cookies, our website may not function as required and problems might occur regarding viewing or provision of goods and services.
7.6. Exceptions of explicit consent for processing of personal data
We can process personal data without obtaining explicit consent in the following excptional circumstances as per the law:
➢ It is explicitly stipulated by laws;
➢ Where the processing of personal data belonging to the parties of a contract is necessary, provided that these are directly related to the conclusion or performance of the said contract,
➢ Where it is mandatory to process data for the establishment, exercise or protection of a right,
➢ Where it is obligatory to process data for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the relevant person are not infringed.
The exceptions regarding the processing of special categories of personal data without the explicit consent of data owners are specified in article 7.3 of this Policy.
8. TRANSFER OF PERSONAL DATA
8.1. Transfer of personal data within the country
As a company, we comply with the LPPD and the resolutions and regulations passed by the PDP Board regarding the transfer of personal data.
Without prejudice to the exceptions provided under the applicable legislation, we do not transfer the personal data and special categories of personal data to real or legal persons without the explicit consent of data owners.
We can transfer the personal data to administrative or legal bodies or institutions as stipulated under the applicable legislation and within the limits set out under the applicable legislation, without the explicit consent of the Data Owners, in case of exceptions prescribed by the LPPD and other applicable legislation.
Moreover, in addition to the exceptions provided under the applicable legislation, personal data can be transferred without explicit consent in the following cases:
➢ In cases specified in article 7.6 of this Policy,
➢ In cases specified in article 7.3 of this Policy regarding the special categories of personal data,
➢ Transferring of special categories of personal data in respect of the health and sexual life of the data owner only to the persons who are bound by a duty of confidentiality or the authorized bodies and institutions for the purpose of public health protection, preventive medicine, medical diagnosis, treatment and healthcare services, planning and management of health services and financing thereof provided that the measures required by the PDP Board and the applicable legislation are taken.
8.2. Transfer of personal data abroad
Personal data cannot be transferred abroad without the explicit consent of the Data Owner. However, personal data may be transferred abroad without obtaining the explicit consent if one of the conditions set forth in article 7.3 and 7.6 of this Policy is present and
➢ if the third parties to whom the personal data will be transferred resides in a foreign country where adequate level of protection is available, as announced by the PDP Board and
➢ In case they reside in a foreign country where there is not an adequate level of protection, if the data controllers in Turkey and abroad commit, in writing, to provide an adequate level of protection and the permission of the PDP Board is obtained.
Your personal data can be transferred to our foreign business partners and be processed by our business partners and third parties for the purposes of providing you better services, customization of our website in accordance with the needs and preferences of our customers, members and consumers, promotion of products and services, to remember your preferences etc.
8.3. Bodies and institutions to which personal data are transferred
Personal data can be transferred to the following, including but not limited to:
➢ Our suppliers,
➢ Our business partners and contacts,
➢ Competent public bodies and institutions,
➢ Competent private jurists,
➢ Our shareholders,
in accordance with the abovementioned principles and rules.
8.4. Measures we take in order to ensure transfer of personal data in compliance with the law
8.4.1. Technical data
In order to protect personal data, we take the following technical measures, including but not limited to:
➢ Making the required internal technical arrangements for the processing and storage of personal data in compliance with the applicable legislation,
➢ Ensuring security of the databases used to store your personal data by our Business Partners,
➢ Monitoring and supervising the established technical infrastructure processes,
➢ Determination of procedures regarding the reporting of technical measures taken and supervision processes,
➢ Periodical update and renewal of technical measures,
➢ Reviewing of risky situations and creation of technological solutions,
➢ Using antivirus systems, firewalls and similar software or hardware security products and establishing security systems that are in line with the current technological developments,
➢ Recruitment of technical experts or working with business partners recruiting technical experts.
8.4.2. Administrative measures
In order to protect your personal data, we take the following administrative measures, including but not limited to:
➢ Preparation of policies and procedures to access personal data within our Company, including by the company and subsidiary personnel,
➢ Informing and training our employees regarding protection and processing of personal data in accordance with the law,
➢ Including actions which will be taken in case of illegal processing of personal data by our Company Employees in the agreements executed with our employees and/or the Policies we prepare,
➢ Supervision of the personal data processing activities of the data processors that we work with or their shareholders.
9. STORAGE OF PERSONAL DATA
9.1. Storage of personal data for the period stipulated in the applicable legislation or for a period that their purpose of processing warrants
We store personal data for the period that their purpose of processing warrants, provided that the storage periods stipulated under the applicable legislation are reserved.
If we process personal data for more than one purpose, we delete, destroy or anonymize them when the purpose of processing is no longer valid or upon the request of the Data Owner provided that the applicable legislation authorizes deletion of the same. We comply with the provisions of the applicable legislation and the PDP Board resolutions regarding destruction, deletion or anonymization of personal data
9.2. Measures we take for storage of personal data
9.2.1. Technical precautions
➢ Establishment of technical infrastructure and supervision mechanisms for the deletion, destruction and anonymization of personal data,
➢ Taking necessary measures for safe storage of personal data,
➢ Employment of technical experts,
➢ Preparation of business continuity and contingency plans for potential risks and development of systems for implementation of the same,
➢ Establishment of security systems in line with the current technological developments regarding storage of personal data.
9.2.2. Administrative measures
➢ Informing our employees about the technical and administrative risks regarding storage of personal data and raising their awareness,
➢ If collaboration is established with third parties for storage of personal data, ensure that provisions are inserted in agreements executed with the companies to which personal data are transferred, that necessary security measures are taken to protect and securely store transferred personal data.
10. SECURITY OF PERSONAL DATA
10.1. Our obligations regarding security of personal data
We take administrative and technical measures
➢ to prevent unlawful processing of personal data,
➢ to prevent unlawful access to personal data,
➢ to ensure legal storage of personal data
in line with technological facilities and implementation costs.
10.2. Measures that we take to prevent unlawful processing of personal data
➢ Conducting necessary inspections at the Company,
➢ Training and informing our employees regarding lawful processing of personal data,
➢ Evaluating the activities carried out by our Company in details by each business unit and processing of personal data for the commercial activities of the responsible units as a result of the evaluation,
➢ If cooperation is established with third parties for processing of personal data, including in the agreements executed with the companies which process personal data, provisions to ensure that personal data processors take necessary security measures,
➢ In case of unlawful disclosure of personal data or data leakage, notifying the PDP Board and conducting necessary examinations and taking necessary precautions as per the applicable legislation.
10.2.1. Technical and administrative measures which are taken to prevent unlawful access to personal data
We take the following technical and administrative measures to prevent unlawful access to personal data:
➢ Recruiting technical personnel or ensuring collaboration with business partners who recruit technical experts,
➢ Periodical update and renewal of technical measures,
➢ Preparing access authorization procedures for our Company,
➢ Determination of procedures regarding the reporting of technical measures taken and supervision processes,
➢ Establishment of data registration systems used by our Company in accordance with the applicable legislation and conducting periodical audits for the same,
➢ Preparing emergency action plans for potential risks and developing systems for implementation of the same,
➢ Training and informing our employees about access to and authorization for personal data,
➢ If cooperation is established with third parties for processing and storage of personal data, including in the agreements concluded with the companies which access personal data, provisions to ensure that the persons who access personal data take necessary security measures,
➢ Establishing security systems in line with the current technological developments to prevent unlawful access to personal data,
➢ In case the abovementioned activities are carried out by our business partners, working with business partners who recruit technical experts.
10.2.2. Measure that we take with regards to unlawful disclosure of personal data
We take necessary administrative and technical measures to prevent unlawful disclosure of personal data and update them in accordance with our related procedures. In case we detect unauthorized disclosure of personal data, we establish systems and infrastructure to notify the Data Owner and the PDP Board pursuant to the applicable legislation.
In case of an unlawful disclosure despite taking all administrative and technical measures, we will announce such disclosure on the website of PDP Board or by means of another method if deemed necessary by the PDP Board.
11. RIGHTS OF DATA SUBJECT
Within the scope of our obligation to inform, we inform the Personal Data Owner and establish systems and infrastructure about such information. We make the necessary technical and administrative arrangements to enable the Personal Data Owner to exercise their rights regarding their personal data.
Personal Data Owners have the following rights regarding their personal data:
➢ Learning whether or not personal data have been processed;
➢ Request information on the procedure, if personal data have been processed,
➢ Obtain information on the purpose of processing personal data and find out whether personal data has been used as fit for the purpose,
➢ Obtain information about the third persons to whom personal data were communicated domestically or abroad,
➢ Request the correction of personal data that may have been incompletely or inaccurately processed,
➢ Request the deletion or destruction of personal data in the event that the reasons for the processing of the personal data have ceased to exist.
➢ Request notification of the operations carried out for rectification and deletion or destruction as mentioned above, to third parties to whom personal data have been transferred;
➢ Object to the occurrence of a result which is to your detriment as a result of analyzing the processed data exclusively through automatic systems,
➢ Request compensation for the damages in case the date owner sustains damages due to unlawful processing of personal data.
11.1. Exercising of rights regarding personal data
The Personal Data Owner can convey his requests about personal data through a different method, if any, determined by the PDP Board or send a written request bearing his original signature to Prof. Dr. Erhan Sokak Karanfil Apartmanı No:63 Daire:1 Teşvikiye Mahallesi Şişli/İSTANBUL or send an electronic mail signed with an electronic signature to our registered electronic mail address firstname.lastname@example.org.
The application of the Personal Data Owner to exercise any of his abovementioned rights, including his remarks about the right he wishes to exercise, should clearly state his request, should be personally related to him (or if he acts on behalf of another person, then he should be specifically authorized in this regard and capable of certifying such authorization), should include his ID and address details and supporting identification documents.
Such requests should be made personally and any request about personal data by unauthorized third parties will not be evaluated.
11.2. Evaluation of application
11.2.1. Response time for application
We will fulfill requests concerning personal data as soon as possible considering the nature of the request and within 30 days at the latest and free of charge or in case the operation necessitates a separate cost as per the conditions specified in the tariff determined by the PDP Board regarding fees, then against the fee to be determined as per the related tariff.
Additional information and documents might be requested when filing or evaluating the application.
11.2.2. Our right to reject application
The applications regarding personal data can be rejected in the following cases by explaining the reason for rejection:
➢ The application is related to the processing of personal data for research, planning and statistical purposes by anonymization of the same with official statistics.
➢ The application is related to the processing of personal data for art, history, literature and scientific purposes or freedom of thought provided that the right to privacy or personal rights are not violated.
➢ The application is related to the processing of public personal data of Personal Data Owner.
➢ The application does not include a legitimate reason.
➢ The application includes a request which is in breach of the applicable legislation.
➢ The application does not comply with the method of application.
11.3. Method of evaluation of application
Written requests bearing the original signature of data owners have to be sent or requests have to be sent [as electronically signed and via Public Disclosure Platform] or requests have to be sent with information and documents that certify the identity of the applicants by means of other methods determined by the PDP Board for the response time under article 11.2.1 of this Policy to commence.
If the request is accepted, the related operation is carried out and the data owner is notified in writing or electronically. If the request is rejected, the reason for rejection is explained and the data owner is notified in writing or electronically.
11.4. Right to file a complaint to the Personal Data Protection Board
In case the application is rejected, replied unsatisfactorily, or not replied in due time; the data owner may file a complaint with the PDP Board within 30 (thirty) days following the date on which he/she learns the reply of the data controller and in any event, within 60 (sixty) days following the date of application.
12. PUBLICATION AND STORAGE OF DOCUMENT
This Policy will be kept in two different forms, i.e. as printed and electronically.
13. REVISION PERIOD
This Policy will be reviewed at least once a year and revised in accordance with the principles set under the Documentation Management Procedure, when required.
This Policy will come into force upon its publication on the Company website.