ÇAĞATAY ÇİVİCİ – PRIMETEK BİLİŞİM YAZILIM EĞİTİM DANIŞMANLIK TEKNOLOJİ HİZMETLERİ (“PRIMETEK”) has determined the principles to be applied for the processing and protection of the personal data of its customers, suppliers, visitors and natural persons, including its personnel, in accordance with the Constitution of the Republic of Turkey and the Law No. 6698 on the Protection of Personal Data, in particular the relevant legislation.
Accordingly, PRIMETEK carries out the transactions regarding the processing, storage, transfer and destruction of all personal data of natural persons whose data are processed in accordance with the Personal Data Protection Law, other relevant legislation and PRIMETEK Personal Data Protection Policy (“Policy”).
PRIMETEK takes the administrative and technical protection measures required by the nature of the data in accordance with the relevant legislation and technology for the protection of personal data.
Natural persons whose personal data are processed within the scope of the Law may obtain information about the personal data that may be processed by PRIMETEK in its capacity as data controller and the purposes of their processing, the recipient groups to which they may be transferred, the method of collection, deletion or anonymization and the rights of individuals by reviewing the text below.
1. INFORMATION OF THE DATA CONTROLLER
Title: ÇAĞATAY ÇİVİCİ – PRIMETEK BİLİŞİM YAZILIM EĞİTİM DANIŞMANLIK TEKNOLOJI HİZ HIZMETLERLERI
Address: Ankara Technology Development Zone Üniversiteler Mahallesi 1605.Cadde Kapı No:3 Cyberpark Foundation Building 1st Floor No:103b Bilkent Çankaya/ANKARA
Tax Office and Number DOĞANBEY TAX OFFICE / 63514084652
Mersis No: 6351408465200001
KEP address: cagatay.civici@hs01.kep.tr
2. SCOPE
Protection of personal data is only related to natural persons; data belonging to legal entities and not containing information about natural persons are not covered by the Policy. All personal data of personnel, visitors, customers, prospective customers, suppliers, website visitors and other real persons whose personal data are processed during PRIMETEK activities are covered by this Policy.
3. DEFINITIONS
Explicit consent; consent on a specific subject, based on information and expressed with free will,
Anonymization; making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data,
Data subject; the real person whose personal data is processed,
Personal data; any information relating to an identified or identifiable natural person,
Data processor; the natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller,
Data recording system; the recording system in which personal data are structured and processed according to certain criteria,
Data controller; the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,
Policy; Personal Data Protection Policy,
Registered Electronic Mail (REM); It refers to a secure electronic mail service in which the sender and recipient identities are known, the time of sending and the content cannot be changed, and has legal validity in case of dispute.
4. PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA
PRIMETEK acts in accordance with the principles listed below in the processing of personal data in accordance with the general principles stipulated in the legislation, the Constitution and the Personal Data Protection Law.
a) Compliance with the law and good faith:
PRIMETEK acts in accordance with the law and the rules of honesty within the scope of personal data processing activities; by applying the principles of proportionality and necessity in the processing of personal data, PRIMETEK processes only as much personal data as necessary, at a level that is appropriate for the purposes of data processing.
b) Being accurate and up to date when necessary:
PRIMETEK takes the necessary measures to ensure that the personal data they process are accurate and up-to-date.
c) Processing for specific, explicit and legitimate purposes:
PRIMETEK processes personal data for specific, explicit and lawful reasons. PRIMETEK determines the purposes for which personal data will be processed and informs data subjects of these purposes before processing personal data. It does not process personal data that is not legitimate and lawful.
d) Being relevant, limited and proportionate to the purpose for which they are processed:
PRIMETEK avoids the processing of personal data that is not relevant or not needed for the purpose of processing.
e) Retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed:
PRIMETEK retains them only for the periods stipulated by law or limited to the purpose for which they are processed.
5. PURPOSE OF PROCESSING PERSONAL DATA
PRIMETEK processes personal data within the personal data processing conditions specified in Articles 5 and 6 of the Personal Data Protection Law within the scope of the following legal reasons: It is clearly stipulated in the Laws in Article 5 of the Personal Data Protection Law, it is mandatory for the data controller to fulfill its legal obligations, it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract, and data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm your fundamental rights and freedoms.
Processing data for the employment relationship
Personal data of the personnel are collected and processed in line with the legal reasons that it is clearly stipulated in the laws in Article 5 of the Personal Data Protection Law, it is mandatory for the data controller to fulfill its legal obligations, it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract, and data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm your fundamental rights and freedoms.
Personal data is processed for the purposes of establishing, organizing and executing employment contracts with personnel, planning the human resources process, documenting the entry and exit of employees, fulfilling legal obligations, organizing information and documents that will be the basis for the works and transactions to be carried out on paper or electronically, and making the reporting and examinations required by law.
The information provided by the personnel (identity information, name, surname, Turkish ID number, gender, date of birth, contact data, e-mail address, address and telephone information, signature on signed documents) is collected and processed by non-automatic methods in personnel files and automatic methods on computers.
Your personal data may be transferred to the Social Security Institution in order to carry out insurance and premium transactions, to public institutions in order to fulfill obligations arising from the legislation, to our financial advisor in order to carry out accounting processes, to tax offices in order to fulfill obligations arising from tax legislation, and to the court in order to fulfill obligations upon request, It is transferred to Bilkent CYBERPARK in order to fulfill obligations arising from contracts and legislation to prosecutors and other public institutions and organizations, to fulfill obligations arising from tax exemption, to fulfill obligations arising from the Technology Development Zones Law and other legislation, to enter and exit the workplace and to issue personnel cards.
Processing personal data of members, non-members, visitors and members who are customers
You can find detailed information about the personal data of members, non-members, visitors and members who are customers, the purpose and method of processing and the places where they are transferred from the clarification text on our website.
6. TRANSFER OF PERSONAL DATA ABROAD
In case of explicit consent, we transfer the personal data collected from service providers and business partners (server service providers, software licensing service providers, e-invoice / e-archive invoice service providers, archiving, mail services, payment tools) located abroad in order to receive service support requiring information technologies or expertise, and the personal data collected from members, non-members, visitors and members who are customers due to the fact that the servers of the parties in question are abroad, in accordance with the conditions in Article 9 of the Personal Data Protection Law.
7. CLASSIFICATION OF PERSONAL DATA
7.1. Personal data
Personal data is any information relating to an identified or identifiable natural person. Personal data cannot be processed without the explicit consent of the person concerned.
However, in the presence of one of the following conditions, it is possible to process personal data without seeking the explicit consent of the data subject, and it does not seem possible to process personal data without explicit consent except in these cases:
a) Explicitly stipulated in the law,
b) It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
c) Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract,
d) It is mandatory for the data controller to fulfill its legal obligation,
e) It has been made public by the person concerned,
f) Data processing is mandatory for the establishment, exercise or protection of a right,
g) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
7.2. Sensitive personal data
Personal data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive personal data.
8. PRIMETEK’S OBLIGATIONS
8.1 Obligation to Inform the Personal Data Owner
During the acquisition of personal data, PRIMETEK informs the persons whose data will be processed about how their data will be processed. In the clarification text
a) Identity of the data controller and its representative, if any,
b) The purpose for which personal data will be processed,
c) To whom and for what purpose the processed personal data may be transferred,
d) The method and legal grounds for collecting personal data,
e) Article 11 of the Law should include the rights of the person concerned.
8.2 Obligation to ensure data security
PRIMETEK takes administrative and technical measures and updates its measures in order to prevent unlawful disclosure of personal data. In case it detects unauthorized disclosure of personal data, it creates infrastructures to report this situation to the Data Subject and the Personal Data Protection Board.
Technological, administrative and technical measures are taken by PRIMETEK to prevent unlawful processing and access to data and to ensure that it is stored in accordance with the law.
PRIMETEK
- It trains and supervises its personnel on the processing of personal data in accordance with the law,
- It processes personal data limited to the commercial activities it performs,
- In case of unlawful disclosure of personal data / data leakage, it takes measures to notify the Personal Data Protection Board.
To prevent unlawful access to personal data;
- Installing security systems,
- Taking, updating and renewing technical measures,
- Establishes and audits data recording systems in accordance with the legislation,
- It identifies potential risks and develops systems against them.
9. EXPRESS CONSENT
Explicit consent is a written or verbal consent that relates to a specific subject, is based on being informed and reveals the will to process data about you with free will. Explicit consent can be revoked by the data subject at any time.
Explicit consent can be obtained by having the data subject sign the explicit consent form or by including these necessary elements in the contract or electronic form to be made with the data subject.
10. RIGHTS OF PERSONAL DATA SUBJECTS AND RESPONDING TO APPLICATIONS
Personal data owners may exercise their rights under the LPPD regarding their data by applying in writing or by other methods to be determined by the Board.
Within the scope of Personal Data Protection Law, personal data owners have the following rights:
- Learn whether personal data is being processed,
- Request information if their personal data has been processed
- To learn the purpose of processing personal data and whether they are used for their intended purpose
- To know the third parties to whom personal data are transferred domestically or abroad
- To request correction of personal data in case of incomplete or incorrect processing
- Although it has been processed in accordance with the provisions of Personal Data Protection Law and other relevant laws, to request its deletion or destruction in case the reasons requiring its processing disappear
- In case of correction, deletion or destruction of personal data, to request notification of these transactions to third parties to whom personal data are transferred
- To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems
- In case of damage due to unlawful processing of personal data, you have the right to demand compensation for the damage.
Only the requests of personal data subjects submitted to PRIMETEK in writing are processed. Depending on the nature of the request, the relevant request should be responded as soon as possible and within 30 (thirty) days at the latest.
In cases where the application is rejected, the response to the application is found insufficient or the response is not given in due time; the applicant has the right to file a complaint to the Personal Data Protection Board within 30 (thirty) days from the date of learning the response and in any case within 60 (sixty) days from the date of application.
11. PROCEDURE FOR THE EVALUATION OF THE APPLICATION OF PERSONAL DATA SUBJECTS
In order for the response period specified in Article 9 of the Policy to start, the requests made must be sent in writing and with wet signature (either by filling out the application form on the website or with a petition containing name, surname, TRKN, address to be answered, e-mail address or fax number, date of application, detailed explanation of the request) via the following methods.
Submission of a petition or application in writing by hand:
Address: Ankara Technology Development Zone Üniversiteler Mahallesi 1605.Cadde Kapı No:3 Cyberpark Foundation Building 1st Floor No:103b Bilkent Çankaya/ANKARA
In Writing Through Notary Public
Address: Ankara Technology Development Zone Üniversiteler Mahallesi 1605.Cadde Kapı No:3 Cyberpark Foundation Building 1st Floor No:103b Bilkent Çankaya/ANKARA
By Registered Electronic Mail Address (KEP)
Address: cagatay.civici@hs01.kep.tr
With your e-mail address registered in the PRIMETEK system
Address: kvkk@primetek.com.tr
Application with Another Electronic Mail Address Not Included in PRIMETEK System
You must have a written petition signed with your mobile signature/e-signature. This petition must contain the following information: (Name, surname, Turkish ID number, the address or e-mail address where you would like to receive your reply, your explanations regarding your request)
Address: kvkk@primetek.com.tr
If the request is accepted, the relevant action shall be taken and notification shall be made in writing or electronically. If the request is rejected, the applicant shall be notified in writing or electronically by explaining the reasons.
12. STORAGE OF PERSONAL DATA
PRIMETEK retains personal data for the period required by the purpose of processing, except for the periods stipulated by the legislation.
The purposes of processing personal data are explained in Article 5 and are stored for the same purposes.
Although it has been processed in accordance with the provisions of the LPPD and other relevant laws, personal data shall be deleted, destroyed or anonymized by the data controller ex officio or upon the request of the data subject in the event that the reasons requiring its processing disappear. The provisions of other laws regarding the deletion, destruction or anonymization of personal data are reserved. Technical infrastructure systems are established and used by PRIMETEK; the provisions of the legislation and the decisions of the Personal Data Protection Board are complied with in terms of destruction, deletion or anonymization.
13. DATA SHARING CONDITIONS
In order for personal data to be shared, one of the following conditions must be present:
a) Explicit consent of the data subject has been obtained,
b) Explicitly stipulated in the law,
c) It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
d) Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract,
e) It is mandatory for the data controller to fulfill its legal obligation,
f) It has been made public by the person concerned,
g) Data processing is mandatory for the establishment, exercise or protection of a right,
h) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
PRIMETEK may transfer personal data based on the legal grounds that it is clearly stipulated in the law, it is mandatory for the data controller to fulfill its legal obligations, it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract, and data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm your fundamental rights and freedoms. In this direction, it may transfer in a limited and proportionate manner within the scope of the purposes of acting in accordance with the law, fulfilling legal obligations, ensuring the establishment or performance of a contract and ensuring its legitimate interests provided that it does not harm fundamental rights and freedoms, fulfilling the requirements of employment contracts, fulfilling legal obligations, making legally required reporting and examinations, declaring invoices, fulfilling tax obligations, ensuring order and security in the workplace.
PRIMETEK takes technical measures including but not limited to the ones listed above:
- It takes in-house technical measures for the processing and storage of personal data in accordance with the legislation and creates a technical infrastructure to ensure security,
- Periodically update and renew technical measures,
- Virus protection systems, firewalls and similar security applications.
PRIMETEK takes administrative measures including but not limited to those listed above:
- Establishes policies and procedures for access to personal data within the company,
- Informs and trains its personnel on the lawful processing, storage and protection of personal data,
- It determines the measures to be taken in cases of unlawful processing of personal data.
14. STORAGE AND DESTRUCTION OF PERSONAL DATA
PRIMETEK retains personal data for the period required for the purpose of processing and for the minimum period stipulated in the relevant legislation. PRIMETEK primarily stores personal data in accordance with this period if a period is specified in the relevant legislation; If no legal period is stipulated, it stores personal data for the period required for the purpose of processing personal data. Personal data are destroyed at the end of the specified storage periods, in accordance with the periodic destruction periods or the data owner’s application, by the specified method (deletion, destruction or anonymization).
15. UPDATE
PRIMETEK reviews and updates this Policy at least once a year when necessary and in case of legislative changes .