CEBIR TEXTILE JEWELRY IND. AND FOREIGN TRADE. LTD. STI.
CORPORATE PERSONAL DATA PROTECTION POLICY
|
Document
|
Information
|
|
Document Name:
|
Personal Data Protection Policy
|
|
Document Relevance:
|
The purpose of the Personal Data Protection Policy is Cebir Tekstil Ve Kuyumculuk San. Foreign Trade Ltd. Sti. Planning the processes for the protection of personal data and determining the principles to be applied in this regard.
|
|
Release date:
|
10.11.2022
|
|
Version No:
|
1 www.akkasgroup.com
|
|
Reference / Reason:
|
Protection of Personal Data No. 6698 Law and other legislation
|
|
Approval Authority:
|
Cebir Tekstil ve Jewelery Industry. Foreign Trade Ltd. Sti. Board of Directors
|
CEBIR TEXTILE JEWELRY IND. AND FOREIGN TRADE. LTD. STI. CORPORATE PERSONAL DATA PROTECTION POLICY
1. PURPOSE
Every individual's right to demand the protection of his personal data is a sacred right arising from the Constitution. Cebir Tekstil ve Jewelery Industry. Foreign Trade Ltd. Sti. We consider fulfilling the requirements of this right as one of our most valuable duties. For this reason, we attach importance to the legal processing and protection of your personal data.
The Corporate Personal Data Protection Policy has been prepared in order to determine the principles and procedures we apply while processing and protecting personal data as a result of the importance we attach to the protection of personal data.
2. SCOPE
Politics Cebir Textile And Jewelry Industry. Foreign Trade Ltd. All personal data managed by Şti. is obtained fully or partially automatically or by non-automatic means provided that it is a part of any data recording system, It covers all kinds of operations performed on data such as recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making it available, classifying or preventing its use.
Politics Cebir Textile And Jewelry Industry. Foreign Trade Ltd. Şti.'s partners, officials, customers, employees, supplier officials and employees, and all personal data processed by third parties.
Cebir Tekstil ve Jewelery Industry. Foreign Trade Ltd. Sti. It may change the Policy in order to comply with the legislation and the decisions of the Personal Data Protection Authority and to better protect personal data.
3. DEFINITIONS
|
Abbreviation
|
Definition
|
|
Buyer Group
|
The category of real or legal person to whom personal data is transferred by the data controller.
|
|
Open Consent
|
Consent on a particular subject, based on information and expressed with free will.
|
|
Anonymization
|
Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
|
|
Related person
|
The real person whose personal data is processed.
|
|
Related User
|
Except for the person or unit responsible for technical storage, protection and backup of the data, they are the persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller.
|
|
Destruction
|
Deletion, destruction or anonymization of personal data.
|
|
Law/KVKK
|
Law on Protection of Personal Data No. 6698.
|
|
Recording Ambience
|
Any environment in which personal data is processed wholly or partially automatically or by non-automatic means provided that it is a part of any data recording system.
|
|
Personal Data
|
Any information relating to an identified or identifiable real person.
|
|
Data Inventory
|
Personal data processing activities carried out by data controllers depending on their business processes; The inventory, which is created by associating the personal data processing purposes and legal reason, the data category, the transferred recipient group and the data subject group, by explaining the maximum storage period required for the purposes for which the personal data is processed, the personal data to be transferred to foreign countries and the measures taken regarding data security.
|
|
Your Personal Data Processing
|
Fully or partially automated of personal data or by non-automatic means, provided that it is a part of any data recording system, recording, storing, preserving, changing, rearranging, disclosing,
|
|
|
all kinds of operations performed on data such as transferring, taking over, making it available, classifying or preventing its use.
|
|
Board
|
Personal Data Protection Board.
|
|
Organisation
|
Personal Data Protection Authority
|
|
Special Qualified Personal Data
|
Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
|
|
Periodic Destruction
|
The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in the event that all of the personal data processing conditions in the Law are eliminated.
|
|
Policy
|
Personal Data Protection Policy com
|
|
Data Processor
|
The real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.
|
|
Data Controller
|
The real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
|
4. GENERAL PRINCIPLES
Cebir Tekstil ve Jewelery Industry. Foreign Trade Ltd. Sti. It checks the compliance of the data to be processed with the following principles during the preparation phase of the workflow that requires each new personal data processing. Workflows that are not suitable will not be implemented. Cebir Tekstil ve Jewelery Industry. Foreign Trade Ltd. Sti. when processing personal data;
(I) Complies with the law and honesty rules.
(II) Ensures that personal data is correct and up-to-date when necessary.
(III) It takes care that the purpose of processing is specific, clear and legitimate.
(IV) It controls that the processed data is related to the purpose of processing, that it is processed as limited as it needs to be processed and that it is measured.
(V) It retains the data only as long as required by the relevant legislation or for the purpose of processing, and destroys it when the purpose of processing ceases.
5. MEASURES TAKEN FOR DATA SECURITY
Cebir Tekstil ve Jewelery Industry. Foreign Trade Ltd. Sti. (i) to prevent the unlawful processing of personal data, (ii) prevent unlawful access to personal data, (iii) takes all necessary technical and administrative measures to ensure the appropriate level of security in order to ensure the protection of personal data.
5.1.Technical Measures
(I) Network security and application security are provided.
(II) Security measures are taken within the scope of procurement, development and maintenance of information technology systems.
(III) Access logs are kept regularly.
(IV) Current anti-virus systems are used.
(V) Firewalls are used.
(VI) Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
(VII) Physical environments containing personal data are secured against external risks (fire, flood, etc.).
(VIII) The security of environments containing personal data is ensured.
(IX) Personal data is backed up and the security of the backed up personal data is also ensured. (X) User account management and authorization control system is implemented and these are also followed.
(XI) Log records are kept without user intervention.
(XII) Intrusion detection and prevention systems are used.
(XIII) Encryption is done.
5.2. Administrative Measures
(I) There are disciplinary arrangements for employees that include data security provisions.
(II) Training and awareness activities are carried out periodically for employees on data security.
(III) Institutional policies on access, information security, use, storage and destruction have been prepared and started to be implemented.
(IV) Data masking is applied when necessary.
(V) Confidentiality commitments are made.
(VI) An authorization matrix has been established for employees.
(VII) The authorizations of employees who have a change in duty or quit their job in this field are removed.
(VIII) The signed contracts contain data security provisions.
(IX) Personal data security policies and procedures have been determined.
(X) Personal data security issues are reported quickly.
(XI) Personal data security is monitored.
(XII) Personal data is reduced as much as possible.
(XIII) In-house periodic and/or random audits are conducted and made.
(XIV) Existing risks and threats have been identified.
(XV) Protocols and procedures for sensitive personal data security have been determined and implemented.
(XVI) If sensitive personal data is to be sent via e-mail, it must be sent in encrypted form and using KEP or corporate mail account.
(XVII) Awareness of data processing service providers on data security is ensured.
6. RELATED TO THE PERSONAL DATA OF THE RELATED PERSON
Contact person, Cebir Tekstil Ve Kuyumculuk San. Foreign Trade Ltd. Şti. to request the following matters:
(I) Learning whether their personal data is processed or not,
(II) If personal data has been processed, requesting information about it,
(III) Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
(IV) Learning the third parties whose personal data are transferred in the country or abroad,
(V) Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
(VI) Requesting the deletion, destruction or anonymization of personal data in the event that the reasons requiring it to be processed disappear, although it has been processed in accordance with the provisions of the KVKK and other relevant laws, and requesting the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
(VII) Objecting to the emergence of a negative result by analyzing the processed data exclusively through automated systems,
(VIII) To request the compensation of the damage in case of loss due to unlawful processing of personal data.
7. VIOLATION NOTICES
Cebir Tekstil ve Jewelery Industry. Foreign Trade Ltd. Sti. Employees report the work, action or phenomenon that they think violates the KVKK provisions and/or the Policy to the Management. After this violation notification, the management convenes if it deems necessary and creates an action plan regarding the violation.
If the violation has occurred through the unlawful acquisition of personal data by other parties, the Board of Directors notifies the relevant person and the Board within 72 hours within the scope of the decision of the Board of Directors dated 24.01.2019 and numbered 2019/10.
8.MODIFICATION
Modifications on the policy are prepared by the Management and Cebir Tekstil Ve Kuyumculuk San. Foreign Trade Ltd. Sti. It is submitted to the approval of the Board of Directors. The updated Policy can be sent to employees via e-mail or posted on the website.
9. EFFECTIVE DATE
This version of the Policy was approved by the Board of Directors on 10.11.2022 and entered into force.