Privacy and PDPL Policy

"The Personal Data Protection Law"

Privacy Notice

Definitions

The following terms used in this Privacy Notice: 

Personal Data: Any information relating to an identified or identifiable natural person, 

The Personal Data Protection Law("PDPL"): The Personal Data Protection Law No. 6698, which entered into force upon its publication in the Official Gazette on April 7, 2016, 

Data Processor: A natural or legal person who processes Personal Data on behalf of the data controller based on the authority granted by the data controller, 

Data Controller: A natural or legal person who determines the purposes and means of processing Personal Data and is responsible for establishing and managing the data recording system. 

Data Subject: Refers to the natural person whose personal data is processed.

As Yaşar Bilgi İşlem ve Ticaret A.Ş ("Our Company"), protecting fundamental rights and freedoms, protecting the privacy of private lives, ensuring and protecting information security, and respecting ethical values are among our top priorities. Accordingly, in order to fulfill our obligation to provide information arising from Article 10 of the Personal Data Protection Law ("PDPL"), the following explanations are provided for your information.

Data Controller

The "Data Controller" with regard to your personal data is Yaşar Bilgi İşlem ve Ticaret A.Ş., registered with the İzmir Trade Registry under registration number 30923-K-337 and MERSIS number 007400076900012, with its headquarters located at "Yaşar Bilgi İşlem ve Ticaret A.Ş."

Categories of Data Subjects Whose Data Are Collected

Within the scope of The Personal Data Protection Law, our Company collects Personal Data of the following Data Subjects with whom we have a business relationship:

  • Employees and employee candidates 
  • Family members and relatives of employees and employee candidates
  • Customers
  • Suppliers
  • Consultants 
  • Business partners
  • Shareholders
  • Company executives
  • Authorized representatives of the Company
  • Contracting parties and their employees
  • Contracting parties and their employeesParties involved in legal proceedings
  • Survey participants
  • Visitors

Data Collected and Processed by Our Company from Relevant Persons

Under Articles 5 and 6 of the Personal Data Protection Law, our company collects and processes the data specified below. These include:

Under Articles 5 and 6 of the Personal Data Protection Law, our company collects and processes the data specified below. These include:

  • Family and social life information, 
  • Education and training information, 
  • Employment information, 
  • Information related to request/complaint management, 
  • Information related to legal matters, 
  • Information regarding compliance with ethical values and the law, 
  • Financial information, 
  • Audit information, 
  • Information on the use of electronic media, 
  • Information regarding goods and services provided and procured, 
  • Information regarding business activities, 
  • Information regarding trade and other licenses and permits, 
  • Physical premises security information, 
  • Visual and audio information (photographs, camera footage, audio recordings), 
  • Telecommunications records, 
  • Email and information system service usage records,
  • Entry records,
  • Health reports and health information, 
  • Criminal record information 

Our Company's Data Collection Purposes

Under Articles 5 and 6 of the Personal Data Protection Law, we collect and process data to achieve our company objectives specified below, limited to the relevant purposes. These are:

  • Conducting our company's commercial activities.
  • To carry out business processes related to its commercial activities.
  •  Managing and executing relationships with business partners and/or suppliers, 
  • Technical management of our company's websites, 
  • Customer management and complaint tracking, 
  • Product surveys and tracking of questions you send to our company, 
  • To enable you to benefit from the products and services offered by our company, the necessary work is carried out by our business units, 
  • Planning and execution of sales, marketing, and after-sales processes for products and/or services, 
  • Providing information about the content of products and services, 
  • Conducting competitions, events, and other organizations, 
  • Maintaining legal and commercial relationships with our company and individuals who have business relationships with our company, and ensuring the security of these relationships, 
  • Administrative operations related to communication carried out by our company, 
  • Employee administration and management,  
  • Ensuring the physical security and control of company locations, 
  • Planning logistics activities, 
  • Conducting reputation research processes, 
  • Ensuring compliance with ethical values and the law, and carrying out legal work and procedures, 
  • Monitoring contract processes and/or legal claims, 
  • Planning and executing human resources and personnel recruitment processes, as well as monitoring and implementing training and education activities, 
  • Planning and/or implementation of occupational health and/or safety processes, 
  • Conducting research and development activities and ensuring that our Company can benefit from incentives, 
  • Planning and execution of corporate communications and corporate governance activities, 
  • Execution of information security management services, 
  • Monitoring and auditing finance and/or accounting operations, and carrying out activities aimed at identifying customers' financial risks, 
  • Determining and implementing our company's commercial and business strategies, 
  • Creating and tracking visitor records, 
  • Other purposes or objectives to be communicated to the relevant person during the acquisition of information
  •  To ensure that legal obligations are fulfilled as required or mandated by relevant legislation, 

 

Transfer of Data Collected and Processed by Our Company for Its Purposes

Within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the PDPL, your personal data collected by our company may be shared with our affiliates, shareholders, business partners, legally authorized public institutions, and private individuals for the purposes detailed above.

Method and Legal Basis for Data Collection by Our Company

Personal data is collected, used, recorded, stored, and transmitted by our company through verbal, written, and/or electronic means, in accordance with the law and principles of good faith, by providing clear and understandable verbal, written, and/or electronic information to data subjects and, where necessary, obtaining their explicit consent, in connection with and limited to the legitimate purposes clearly stated above, within the framework of the principle of proportionality, collected, used, recorded, stored, and processed via the portal interface.

We guarantee that your personal data will not be processed by our company for purposes other than those specified in this Privacy Notice, and will not be transferred to or stored by third parties located within or outside the country. 

Retention Period for Data Collected by Our Company

Your personal data will be stored for the retention periods specified in the relevant legislation. If no period is specified in the relevant legislation, your data will be stored in accordance with our company's practices and commercial customs or for as long as necessary for the processing purposes mentioned above. After this period, your data will be deleted, destroyed, or anonymized in accordance with Article 7 of the PDPL.

Security of Your Data Collected and Processed by Our Company 

Your personal data is protected from unauthorized access, loss, and damage in the environments where it is processed and stored through the technical and administrative measures of the Information Security Management System (ISO 27001 and 27701 Standard) and the requirements of the Information Security Circular published by the Capital Markets Board, as well as the requirements of the Personal Data Security Guide published by the KVK Board, are continuously implemented and developed within the scope of continuous improvement.

Rights of the Data Subject Whose Data is Collected and Processed

Pursuant to Article 11 of the Personal Data Protection Law, everyone has the right to apply to the data controller to learn whether their personal data has been processed and, if so, to: 

a) Whether their personal data has been processed,

b) Request information regarding the processing of their personal data, 

c) To learn the purpose of the processing of personal data and whether they are being used in accordance with that purpose, 

ç) To know the third parties to whom personal data has been transferred within or outside the country, 

d) To request the correction of personal data if it has been processed incompletely or incorrectly, 

e) Requesting the deletion or destruction of personal data within the framework of the conditions set forth in Article 7, 

f) Requesting that the processing carried out in accordance with subparagraphs (d) and (e) be notified to third parties to whom personal data has been transferred, 

g) Object to a decision made solely through the automated processing of personal data that adversely affects the individual, 

ğ) To request compensation for damages incurred due to the unlawful processing of personal data.

Application Methods Within the Framework of the Rights of the Data Subject

Pursuant to the first paragraph of Article 13 of the PDPL, you may exercise your rights as outlined above by submitting your request using the following methods and information, in accordance with the "Communication on the Procedures and Principles for Applications to the Data Controller" published on March 10, 2018, under No. 30356.

Required information in the application:

1.  The applicant's first name and last name.

2.  If the applicant is a citizen of the Republic of Turkey, their Turkish ID number; if not, their nationality along with their passport number or, if available, their ID number.

3.  The applicant's permanent residence or workplace address for notification purposes.

4.  The applicant's email address, telephone number, or fax number for notification purposes.

5.  The subject of the applicant's request.

6.  Information and documents related to the subject of the applicant's request.

Application Methods:

1.  The applicant may personally fill out the "Application Form" and deliver it in a sealed envelope marked "Request for Information Pursuant to the Personal Data Protection Law" to the consultation office at Yaşar Bilgi İşlem ve Ticaret A.Ş. , with a receipt.

2. The applicant may send a notification to Yaşar Bilgi İşlem ve Ticaret A.Ş. at via a notary public, but the note "Request for Information Pursuant to the Personal Data Protection Law" must be added to the notification envelope.

3. The applicant may apply in person to our company's Registered Electronic Mail address, yabim@hs01.kep.tr, using the "Secure Electronic Signature" defined in the Electronic Signature Law No. 5070, with the note "Request for Information Pursuant to the Personal Data Protection Law" in the subject line.

Egemenlik Mahallesi Kemalpaşa Caddesi No:250 A Bornova / İZMİR

You can access our application form regarding the rights mentioned above here.