Privacy and Data Security Policy and the Law on the Protection of Personal Data

Information Notice as per the Privacy and Data Security Policy and the Law on the Protection of Personal Data

This “Information Notice as per the Privacy and Data Security Policy and the Law on the Protection of Personal Data”, in accordance with the Obligation to Inform and with a view to protect your fundamental rights and freedoms, in order to bring to our visitors’ attention with which legal justifications and through which methods we collect your personal data, how we process your data, through which methods we ensure your data security.

The Law No. 6698 on the Protection of Personal Data (KVKK) was enacted upon publication in the Official Gazette dated 07.04.2016 and numbered 29677. The KVKK aims to protect fundamental rights and freedoms of natural persons whose data is processed, including their right to privacy, which is also protected by the Constitution, and sets forth the obligations of natural and legal persons in their capacity as data controllers who process personal data.

Listag (Association)  reserves the right to update and amend the Information Notice in line with the KVKK and provisions of the legislation in force and in compliance with this Privacy and Data Security Policy and the Law on the Protection of Personal Data.

1.PERSONAL DATA

  • As per the KVKK, personal data means all the information relating to an identified or identifiable natural person. Such personal data comprise information, which is directly provided by the user on physical or virtual media through any kind of means, such as:
  • Name and surname;
  • Contact information such as telephone number, address, e-mail addresses, fax;
  • Gender;
  • Date of birth;
  • Educational attainment;
  • Areas of interest, likes, complaints;
  • Social media preferences;
  • Participation in events;
  • Education and work experience background/curriculum vitae information/career goals;
  • Job title/profession/place of work;
  • Photographs comprising generic meeting and event visuals to the extent allowed by the legislation;

has been defined as personal data under our legislation since such information may have the potential to make the person identifiable.

Additionally, your personal data is stored to comply with legal requirements in other cases necessitated or required by legislation.

2.PROCESSED PERSONAL DATA AND PURPOSE OF PROCESSING

Within the framework of legal obligations arising from relevant legislation, including Law No 5651 on Regulation of Publications on the Internet and Combating Crimes Committed by Means of Such Publication and relevant secondary legislation, Law No. 6563 on Regulation of Electronic Commerce and relevant secondary legislation, Turkish Criminal Code (Law No. 5237) and Law No. 6698 on Personal Data Protection, your personal shall be used by the Association with the aim of achieving the purpose of Association and providing you better service and support

Your personal data given above shall be processed and stored with reference to your direct consent and in relation to  Association’’s activities indicated below for you to benefit from  Association’’s membership by taking all information security measures, on the condition that it will not be used out of the scope and purposes indicated in this Text.

Your personal data and special category personal data can be processed by Listag Association’s for the following purposes in compliance with the conditions of personal data processing specified by the Law and the relevant legislation:

  • Developing and carrying out businesses, works, operations of the Association’s
  • Carrying out reporting activities aimed at control, data management, analysis, social activities, process development etc.
  • Carrying out legally required procedures/records/declarations, performing and following legal businesses; giving legal opinions, lawsuits and legal proceedings, exercising the legal right of defense
  • Planning, developing and performing institutional management and communication activities
  • Planning, organizing and holding meetings and events
  • Keeping records of Association’s business partners; planning and carrying out listing operations
  • Facilitating communication with all the legal persons of Association’s such as business partners, suppliers, service providers, consultants, sponsors, subcontractors who are in a business relationship with Association, to maintain the relationship between the Association and its institutions,
  • Keeping records of the participants to organizations and events
  • Managing, developing, planning and carrying out professional relations with suppliers / dealers / business partners
  • Developing relationships with visitors, donators and event participants
  • Monitoring, planning and carrying out activities aimed at obtaining outsourcing services / consultancy
  • Carrying out analysis and supervision activities to make announcements about services to be provided and contents of these services, to increase the quality of such services and to develop new services,
  • Developing and planning Association’’s events and activities based on the preferences and personal interests of the visitors
  • Assessing personal data as part of the statistical survey to enhance services without disclosing the identity of the persons and restructuring and reorganizing the services provided based on the interests of the Users
  • Carrying out activities aimed at keeping data accurate and up-to-date.
  • Carrying out activities aimed at assessing job candidates` qualifications
  • Performing and recording necessary operations for recruiting, and keeping records of new recruitments
  • Contacting job candidates when a suitable position opens up
  • Contacting former employees and planning activities aimed at former employees.
  1. GENERAL PRINCIPLES IN PROCESSING PERSONAL DATA
  • In accordance with law and good faith,
  • In an accurate and up-to-date manner if necessary,
  • For specific, clear and legal aims,
  • By being associated, limited and restrained to the processing purpose,
  • In compliance with storage rules for a certain period of time envisaged in relevant legislation or necessary for its processing purpose.

4.DATA SECURITY

The Association hereby represents, warrants and acknowledges to establish the necessary systems and supervision mechanisms related to the erasure, destruction or anonymising of the personal data it has acquired, to prevent unlawful processing of the data, to prevent unlawful access to the data, to ensure retention of the data and take all and any technical and administrative measure to that end, to conduct the necessary inspections and to have the necessary inspections conducted in the event that data is processed by its own organisation or by another natural person or legal person, and to take all and any technical and administrative measures.

In the event that the processed personal data is collected through unlawful means by other parties, the Assocation shall notify the data subject and the Board, and in the event that the processed data is acquired through unlawful means by other parties, the Association shall notify, in writing or to the registered e-mail address, the data subject in the shortest possible time as well as the Personal Data Protection Board.

  1. TRANSFER OF PERSONAL DATA

DOMESTIC TRANSFER OF DATA

The Association can only transfer the personal data it has acquired to 3rd natural or legal persons within the country upon the explicit consent of the data subject.

Transfer of data subject’s personal data to a 3rd natural or legal person without seeking explicit consent is possible only in the following cases, in which data can be transferred to authorised persons in compliance with the law and in connection with the purpose.

It is clearly provided for by the laws;

It is mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his consent or whose consent is not deemed legally valid;

Processing of personal data belonging to the parties of a contract is necessary provided that it is directly related to the conclusion or fulfilment of that contract;

It is mandatory for the controller to be able to perform his legal obligations;

The data concerned is made available to the public by the data subject himself;

Data processing is mandatory for the establishment, exercise of protection of any right;

It is mandatory for the legitimate interests of the controller, provided that such processing shall not violate the fundamental rights and freedoms of the data subject;

TRANSFER OF DATA ABROAD

The Association may only transfer personal data it has acquired to 3rd natural or legal persons abroad upon explicit consent of the data subject.

The Associaiton may transfer personal data abroad without explicit consent of the data subject provided that one of the conditions set forth above on the domestic transfer of personal data and that;

Sufficient protection is provided in the foreign country where the data is to be transferred;

The data controllers in Turkey and in the relevant foreign country guarantee a sufficient protection in writing and the Board has authorised such transfer, where sufficient protection is not provided.

The Personal Data Protection Board shall determine and announce the countries where the aforementioned sufficient level of protection is provided. Provided that safe countries have been announced by the Board, personal data can be transferred abroad without the need to obtain permission from the Personal Data Protection Board and written guarantees from the data controllers in the foreign country to provide protection.

6.RIGHTS OF DATA SUBJECT

Natural persons whose personal data is processed have the right to apply to the Associaiton in its capacity as the controller with a view to have provisions of the KVKK and other relevant legislation implemented. For your information, your rights under the article 11 of the KVKK as the data subject are as follows:

To learn whether your personal data are processed or not;

To request information thereof if your personal data are processed;

To learn the purpose of processing of your data and whether this data is used for intended purposes;

To know the third parties to whom your personal data are transferred at home or abroad;

To request the rectification of the incomplete or inaccurate personal data, if any;

To request the erasure or destruction of your personal data under the conditions laid down in article 7 of the KVKK;

To request notification of the operations carried out in compliance with subparagraphs (e) and (f) to third parties to whom your personal data have been transferred;

To object to the processing, exclusively by automatic systems, of his personal data, which leads to an unfavourable consequence for the data subject himself;

To request compensation for the damage arising out of the unlawful processing of his personal data.

  1. APPLICATION TO THE CONTROLLER

In the event that he files a request regarding the use of his rights about his personal data which have been processed or are discovered to have been processed by the Association, the data subject whose personal data has been processed agrees to be under the obligation to apply to the Association in its capacity as the data controller within the most suitable timeframe in relation to the use of the right in question.

Data subject agrees to be under the obligation to notify the Association of the applications he has filed in writing through registered mail with acknowledgement of receipt/notary or via e-mail with the subject line; “Information Request about the Law on the Protection of Personal Data.”

With a view to ensuring the enjoyment of the rights under the aforementioned article 6, titled the Rights of Data Subject and in accordance with the article 5/2 of the Communiqué on the Principles and Procedures of Application to the Controller, which entered into force upon publication in the Official Gazette dated 10.03.2018 and numbered 30356, the mandatory elements to be included in the application to the Association so that the requests can be met in compliance with the law and the legislation are as follows, for your information:

Name, surname and signature, if the application is in writing;

National ID number for the citizens of the Republic of Turkey; nationality, passport number or national ID number, if applicable, for foreigners;

Place of residence or workplace address on which the notification is based;

Electronic mail address, telephone and fax numbers on which the notification is based, if any;

Subject of the request.

The statement of claim including the clarifications regarding the right claimed with the aforementioned information and documents may equally be sent to the mail address: bilgi@listag.org

The Association represents and agrees to conclude the requests included in the application within the shortest timeframe possible depending on the nature of the request and within thirty days at the latest. In the event that the application is replied to in writing, the data subject shall not be charged for up to 10 (ten) pages in accordance with the Article 8 of the relevant Communiqué, and shall be charged 1 Turkish Lira for transactions per page for every page above 10 (ten) pages.

In the event that the response to the application is delivered in a recording medium such as a CD, a flash disk etc., the fee that may be charged by the controller shall be proportionate to the cost of the recording medium in question.

In its capacity as the Controller, the Association shall accept the request submitted by the data subject related to the right of use or hold the right to decline it on justified grounds. In this case, the controller agrees to be required to communicate its response to the request to the individual in writing or in electronic media. If the request included in the application is found admissible, the data controller agrees and acknowledges to be required to meet the demand in question.

If the application is declined, the response provided is found unsatisfactory or the response is not given in due time (30 days), the data subject has the right to file a complaint with the Personal Data Protection Board within thirty (30) days as of the date on which he learnt the response of the data controller and within sixty (60) days as of the application date, in any case.

The data subject shall be reimbursed for the application fee provided that the application has been lodged due to a mistake made by the Association.

  1. COOKIE POLICY

Cookies are small text files stored on your device or on the web server via browsers by the websites you visit.

When the Association uses cookies on its application to improve user experience of the users using our application, to enhance and optimise our application, to offer an attractive and personalised application to users, to ensure legal security of the users and our organisation, thus ensuring optimum efficiency while using the application.

  1. UPDATE PERIOD

The Information Notice shall be amended and published at all times in line with an economic and commercial decision of the Association or a resolution of the Personal Data Protection Board, in accordance with this Privacy and Data Security Policy and the Law on the Protection of Personal Data.

  1. ENFORCEMENT

Before beginning to use this Application, you must state that you have agreed and possess the legal authority to accept these Conditions of Use, that all information you have provided is correct and truthful, that you have read this User Agreement and Privacy Policy in its entirety and understand it, and that you accept all of its provisions.

%d blogcu bunu beğendi: