In parallel with current technology and developments, we shape our environmental impacts according to the principles of sustainability and see our innovative approach among our indispensables.
1. INTRODUCTION
The protection of personal data is among the top priorities of Derin A.Ş. ("Company"). Our Company conducts all necessary actions to process your personal data in compliance with the legislation which processed within the scope of business activities of our Company. Hereby, the principles adopted during the personal data processing activities carried out by the Company and the main principles adopted in terms of compliance of the Company's data processing activities with the provisions of Personal Data Protection Law numbered 6698 ("Law") are explained and thus our Company provides the necessary transparency by informing data subjects.
2. SCOPE
This informative document regards all personal data of persons, processed by our Company. However, information regarding personal data of the Company employees are not included in this document. Aforementioned data subjects are enlisted in the below table:
CATEGORIES OF DATA SUBJECTS | EXPLANATION |
Employee/Trainee Candidate | Natural persons who have made a job application to our Company by any means or who have submitted their CV's and related information for the review of our Company. |
Employees, Shareholders and Authorized Persons of the Institutions We Cooperate With | Natural persons including employees, shareholders, and officials of the institutions which our Company cooperates with during conduct of our Company’s commercial activities for purposes such as selling, advertising, and marketing our Company’s products and services; providing after sale services, conducting mutual customer loyalty programmes. |
Customer | Natural persons or legal persons’ employee, executive or shareholder who use, have used, applied our Company to use or whose application is in the assessment process regarding use of the products and services offered by our Company |
Employees, Shareholders and Authorized Persons of the Vendors | Natural persons including employees, shareholders, and officials of the institutions which provides products or services to our Company within the scope of contractual relationship that is already effective or will be effective |
Visitors | Natural persons who have been at the premises owned by our Company for various purposes, connected to the guest internet network of our Company or visited our websites |
3. CONDITIONS FOR PROCESSING PERSONAL DATA
According to the Law processing of personal data shall be deemed lawful under certain conditions. First one of those conditions is obtaining data subject’s explicit consent and in case where one of the below listed conditions exists personal data may be processed by our Company without explicit consent of data subjects. The basis of the personal data processing activity may be just one of the following conditions or multiple conditions may be the basis of the same personal data processing activity.
3.1. Expressly Provided by the Laws
If the personal data of the data subject is expressly provided in the law, in other words, if there is an explicit provision in the law regarding the processing of personal data, this data processing condition shall be applicable.
3.2. Failure to Obtain the Explicit Consent of the Data Subject Due to Physical integrity
Personal data of the data subject shall be processed if it is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to present his/her consent due to the physical disability or whose consent cannot be deemed legally valid.
3.3. Being Directly Related to the Establishment or Performance of Contract
This condition shall be deemed fulfilled if it is necessary to process personal data provided that it is directly related to the establishment or performance of a contract to which data subject is a party.
3.4. Fulfilment of Legal Obligations by the Company
Personal data of the data subject shall be processed if the processing is necessary for the Company to fulfil its legal obligations.
3.5. Publicization of Personal Data by Data Subject
If personal data have been made public by the data subject himself/herself, such personal data shall be processed limited to the purpose of publicization.
3.6. Being Necessary for the Establishment or Protection of a Right
Personal data of the data subject shall be processed if data processing is necessary for the establishment, exercise, or protection of a right.
3.7. When Data Processing is Necessary for the Legitimate Interests of the Company
Personal data of the data subject shall be processed if the processing of data is necessary for the legitimate interests of the Company, provided that the fundamental rights and freedoms of the data subject are not violated.
4. PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA
More sensitive personal data are subject to separate protection regime. Personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, data concerning health, sexual life, criminal convictions and security measures, and the biometric and genetic data is defined as special categories of personal data within the scope of the Law.
(i) Special categories of personal data other than health and sexual life shall be processed without the explicit consent of the data subject if it is expressly provided in the law, in other words, if there is an explicit provision regarding the processing of personal data. Otherwise, in order to process such special categories of personal data, the explicit consent of the data subject shall be obtained.
(ii) Special Categories of personal data concerning health and sexual life shall only be processed, without seeking explicit consent of the data subject, by authorized public institutions and organizations or persons subject to secrecy obligation, for the purposes of protection of public health, operation of preventive medicine, medical diagnosis, treatment and nursing services, planning and management of health-care services as well as their financing.
5. PROCESSING OF PERSONAL DATA IN COMPLIANCE WITH THE PRINCIPLES PROVIDED WITHIN THE LEGISLATION
5.1. Processing in accordance with the Lawfulness and Fairness Rule
Personal data are processed in accordance with the general good faith and fairness rule without damaging the fundamental rights and freedoms of individuals. Within this framework, personal data are solely processed to the extent required by the business activities of our Company.
5.2. Ensuring that Personal Data is Accurate and Up to Date Where Necessary
Our Company takes the necessary measures to keep the personal data accurate and up to date during the processing of personal data and establishes necessary mechanisms for ensuring the accuracy and currency of the personal data for certain periods.
5.3. Processing for Specific, Explicit and Legitimate Purposes
Company explicitly reveals the purposes of processing personal data and processes the personal data in line with the business activities within the scope of the objectives associated with these activities.
5.4. Being Relevant, Limited and Proportionate to the Purposes for Which They are Processed
Company only collects personal data to the extent required by business activities and processes them solely for the specified purposes.
5.5. Storing for the Period Foreseen by the Relevant Legislation or Required for the Processing Purpose
Our Company retains personal data during the period required for the purpose of processing, and the minimum time stipulated in the relevant legal legislation. Within this scope, our Company firstly determines whether a period is provided for the retention of personal data in the relevant legislation and acts according to this period if determined. If there is no legal period, personal data are stored for the period required for the purpose of processing. Personal data are destroyed at the end of the specified retention periods in accordance with the periodic destruction periods or upon data subject's requests with the specified destruction methods (deletion and / or destruction and / or anonymization).
6. PERSONAL DATA CATEGORIES THAT ARE BEING PROCESSED AND PURPOSES OF PROCESSING
Purposes of processing personal data and special categories of personal data that are being processed in compliance with the Law and relevant legislation within the scope of Our Company’s business conduct are listed below:
1. Provision of Our Company’s services to the relevant parties and conducting relevant processes,
2. Executing the human resources policies regarding personnel recruitment processes,
3. Establishing and managing relations with business partners and/or vendors,
4. Carrying out finance and/or accounting operations,
5. Conducting activities relating to Our Company’s legal relationships and performing our Company’s legal requirements.
7. TRANSFER OF PERSONAL DATA
Our Company may transfer your personal data and special categories of personal data to third parties in compliance with the article 8 and 9 of the Law and principles, procedures envisaged under secondary legislation by taking necessary security measures.
Even without the explicit consent of the data subject, personal data may be transferred to third parties by the Company in compliance with principles, procedures envisaged under the Law and secondary legislation, if one of the or several following conditions are present:
1. If relevant activities related to the transfer of personal data are expressly provided by the laws,
2. If the transfer of personal data by the Company is directly related with and necessary for the establishment or performance of a contract,
3. If the transfer of personal data is necessary for our Company to fulfil its legal obligations,
4. If personal data are transferred by our Company limited to the purpose of publicization provided that personal data have been made public by the data subject himself/herself,
5. If the data transfer by the Company is necessary for the establishment, exercise or protection of the rights of the Company or the data subject or third parties,
6. If the transfer of personal data is necessary for the legitimate interests of the Company, provided that the fundamental rights and freedoms of the data subject are not harmed,
7. If it is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to present his/her consent due to the physical disability or whose consent cannot be deemed legally valid.
In addition to the above, personal data may be transferred to foreign countries declared by the Personal Data Protection Board ("Board") as having adequate protection in the presence of any of the conditions set forth in above-mentioned subparagraphs. In the absence of adequate protection, personal data shall be transferred in accordance with the conditions of data transfer stipulated in the legislation to foreign countries where the data controllers in Turkey and abroad undertake an adequate level of protection in writing and the permission of the Board exists.
Table containing third parties to whom your personal data is transferred and purpose of transfer is located below.
The Persons to whom Data May be Transferred | Purpose of Data Transfer |
Vendors | Personal data shall be transferred limited to the purposes of ensuring provision of the services outsourced by our Company and the services required for conducting our Company’s activities. |
Legally Authorized Public Institutions and Organizations |
Personal data may be transferred with public institutions and organizations which are authorized to obtain information and documents in accordance with the relevant legislation.
Personal data may be transferred to independent auditors which are providing its services to audit our company to fulfil our Company's legal requirements. |
8. INFORMING THE DATA SUBJECT
Our Company informs the data subject in accordance with Article 10 of the Law and secondary legislation. Within this scope, our Company informs data subjects regarding who processes personal data as the data controller and for what purposes their personal data are being processed, with whom and for which purposes they are shared, the method and legal basis of their collection and the rights of data subjects within the scope of processing their personal data.
9. PERSONAL DATA STORAGE AND DISPOSAL
Our Company stores personal data until the time period required for the purpose of processing, and the minimum time period set forth in the relevant legislation. Within this context, our Company primarily determines whether a period is foreseen for the storage of personal data in the relevant legislation, and if so, Company acts according to this period. If a legal period is not available, personal data shall be stored for the time required for the purpose of processing. Personal data shall be disposed upon the request of data subject or at the end of the specified storage term in accordance with the periodic disposal terms and with the defined disposal methods (deletion and / or destruction and / or anonymization).
10. ENSURING THE SECURITY OF PERSONAL DATA
In accordance with Article 12 of the Law, our Company takes necessary measures according to the nature of the data to be protected in order to prevent the unlawful disclosure, access, transfer of personal data or other security deficiencies that may occur in other ways. Within this scope, our Company takes administrative and technical measures, conducts audit or have third parties conduct audits in order to provide appropriate level of security in accordance with the guidelines published by the Board.