The purpose of this policy Barmak Machine (organization) where the contact is located in the processing of all kinds of information about an identified or identifiable natural person, particularly to privacy and our obligations to protect the fundamental rights and freedoms of individuals should adhere to the principles and procedures of organization management that has been prepared for the purpose of editing in the understanding of the system.
This policy fully or partially automated personal data processed by our organization with real people this data, or any data recording system to be part of the record with non-automatic functioning in ways that allows you to manage this data management system includes real and legal persons.
Contact person, data processors and all employees
3. DEFINITIONS AND ABBREVIATIONS
In the implementation of this policy and the Personal Data Management System applied in our organization;
a) explicit consent: consent related to a particular subject, based on information and explained by free will,
B) anonymization: making personal data not to be associated with an identified or identifiable natural person under any circumstances, even by matching it with other data,
d) contact: a natural person whose personal data is processed,
d) personal data: any information related to an identified or identifiable natural person,
e) the processing of personal data: personal data will be fully or partially automated, with the data recording system or any part of the record to be non-automatic ways of obtaining, recording, storage, preservation, modification, rearrangement, disclosure, transfer, acquisition, can be obtained, making the use classification or any operation that is performed on the data such as the Prevention of,
F) board: Personal Data Protection Board,
d) institution: Personal Data Protection Agency,
d) data processor: a natural or legal person who processes personal data on its behalf based on the authority granted by the data controller,
h) data recording system: a recording system in which personal data is structured and processed according to certain criteria,
I) Data Officer: refers to a natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
4.1. Processing Of Personal Data
4.1.1. General principles
Our establishment personal data, law on protection of personal data No. 6698, published in accordance with this law, regulations, notifications, decisions and other laws related to the work with the guides in our units is processed in accordance with the procedures and principles as provided for in.
4.1.2. Our organization during the processing of personal data;
• Within the framework of the principle of compliance with the law; it applies the obligation to act in accordance with the principles introduced by laws and other legal regulations in the processing of personal data.
* In accordance with the principle of compliance with the rules of honesty; personal data is not processed in any way without the relevant person being informed. It does not use personal data in a way that leads to injustice against the person concerned, it does not exceed the purpose of collection.
* In accordance with the principle of being accurate and up-to-date when necessary; personal data is kept accurate and up-to-date, since the result of the person concerned arises based on personal data. However, our organization always keeps channels open to ensure that the information of the person concerned is accurate and up-to-date.
* In accordance with the principle of processing for specific, clear and legitimate purposes; personal data processing activities are kept clearly understandable by the person concerned. It is clearly defined on what legal processing requirement personal data processing activities are carried out. It is laid out in detail that will ensure the determination of the personal data processing activity and the purpose of this activity.
• In accordance with the principle that the purpose is legitimate; the processed data is kept in connection with the work done and is necessary for the work done.
• In accordance with the principle of being linked, limited and restrained for the purpose for which they are processed; personal data is not collected for purposes that are not available and are considered to occur later. Personal data is not processed to the extent that it is not necessary for personal data processing to take place. Personal data is collected only for specific purposes and as much as necessary and is used where the purpose requires it.
• Within the scope of the principle of retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed; the period stipulated in the relevant legislation for storage of data is complied with, personal data is retained only for the period required for the purpose for which they are processed. When data does not need to be stored any more, that data is deleted, destroyed, or anonymized. Personal data is not retained, given that it may be reused in the future, or for any other reason.
4.2. Terms of processing of personal data
Personal data is not processed in our organization without the express consent of the person concerned. However, clearly foreseen in the laws, doesn't explain the consent due to the actual impossibility, in the case of consent of the person himself or others of the validity or legal to protect the life or physical integrity unrecognized mandatory to be directly related to the formation or performance of a contract, provided that the parties of the contract to be required for the processing of personal data, the legal obligation to fulfill a right to be publicly available by the fact that the person himself is mandatory for plant, data processing is mandatory for use or protection, data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned. If one of the conditions exists, it is possible to process personal data without seeking the explicit consent of the person concerned.
4.3. Conditions for processing special personal data
Data and biometric data of individuals related to Association, Foundation or trade union membership, health, criminal convictions and security measures are specially qualified personal data. Processing of personal data of special quality without the express consent of the person concerned is prohibited. In our organization, explicit consent is obtained from the relevant person for special qualified data received in accordance with the relevant laws. Personal data other than health is processed without seeking the explicit consent of the person concerned in cases provided for by law. However, adequate measures determined by the board are also taken in the processing of special qualified personal data.
4.4. Deletion, destruction or anonymization of personal data
Our company is processed in accordance with the provisions of this law and other relevant laws, although the disappearance of the reasons that require the processing in the case of other laws without prejudice to the provisions of the personal data either automatically or upon the request of the person concerned by the party responsible for the data “personal data the deletion, destruction, anonymization according to the regulation, or deleted, destroyed or made anonymous. It is implemented with a” policy of deleting, destroying or anonymizing personal data".
4.5. Transfer of personal data
In our organization, personal data cannot be transferred without the express consent of the person concerned, data transfer issues are arranged between data managers and data processors with commitments prepared in accordance with the subject. Provisions in other laws relating to the transfer of personal data are also considered.
Personal data, however, clearly foreseen in the laws, doesn't explain the consent due to the actual impossibility, in the case of consent of the person himself or others of the validity or legal to protect the life or physical integrity unrecognized mandatory to be directly related to the formation or performance of a contract, provided that the parties of the contract to be required for the processing of personal data, the legal obligation to fulfill a right to be publicly available by the fact that the person himself is mandatory for plant, data processing is mandatory for use or protection, provided that it does not damage the fundamental rights and freedoms of the person concerned, data processing is mandatory for the legitimate interests of the data controller, if one of the conditions exists, it can be transferred without seeking the explicit consent of the person concerned.
If one of the above-mentioned conditions exists, personal data may be transferred abroad in the foreign country where personal data will be transferred if it is requested to be transferred abroad; if there is sufficient protection, in the absence of adequate protection, data controllers in Turkey and in the relevant foreign country must undertake adequate protection in writing and have the permission of the Council and
4.6. Disclosure obligation of the data controller
In our organization, information about the identity of the data person, for what purpose personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, rights, are provided to the relevant persons in the lighting texts.
As part of the rights of the person concerned, everyone can contact our organization to find out whether personal data is processed, request information about it if personal data is processed, find out the purpose of processing personal data and whether it is used in accordance with its purpose, know the third parties to whom personal data is transferred at home or abroad,
4.7. Data security obligations
Responsibilities in our organization responsible for the data and prevent unlawful processing of personal data as a job, prevent unlawful access to your personal data and personal data, ensuring the preservation of designated duties and responsibilities to ensure all the necessary security level “of the contact person job the instructions are described in”.
If the personal data processed is obtained by others by illegal means, the procedure to be applied has been defined.
4.8. Application to data controller
The relevant person may forward their requests for processed data to our organization in writing or by other methods determined by the board. Requests received will be completed free of charge as soon as possible and no later than thirty days, depending on the nature of the request. However, if the transaction requires an additional cost, a fee may be charged at the tariff set by the board. Our organization accepts the request or rejects it by explaining its justification and informs the Relevant Person of its response in writing or electronically. If the request contained in the application is accepted, the requirement is fulfilled.
4.9. Registry Of Data Controllers
Our organization has been registered in the Registry of data principals before it started processing data.