Personal Data Protection and Privacy Policy
Personal Data Protection and Privacy Policy
1. Identity Of The Data Controller
PeraPole (PeraPole) operates as the "Data Controller" within the scope of Law No. 6698 on the Protection of Personal Data (KVKK).
This PeraPole Personal Data Protection and Privacy Policy (POLICY) has been prepared to inform relevant parties and individuals about the processes and principles of personal data processing by PeraPole.
2. Definitions
Explicit consent: Consent based on information regarding a specific subject, expressed with free will,
Anonymization: Rendering personal data in a way that it cannot be associated with an identified or identifiable natural person in any way, even if it is matched with other data,
Data subject: The natural person whose personal data is processed,
Personal Data: Any kind of information relating to an identified or identifiable natural person,
Processing of personal data: Any operation performed on data, whether or not by automated means, such as collection, recording, storage, retention, alteration, disclosure, transfer, takeover, making available, classification, or use of data,
Board: Personal Data Protection Board,
Institution: Personal Data Protection Institution,
Data processor: The natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by them,
Data recording system: Record system where personal data is processed based on certain criteria,
Data controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system,
as defined.
3. Legal Grounds For Data Processing
Personal data processed within the scope of PeraPole's business activities is retained for the period envisaged in the relevant legislation. Accordingly, personal data is processed within the framework of the following laws and is stored for the periods stipulated by the relevant laws:
Law No. 6698 on the Protection of Personal Data
Turkish Code of Obligations No. 6098
Social Insurance and General Health Insurance Law No. 5510
Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications
Occupational Health and Safety Law No. 6331
Labor Law No. 4857
Turkish Commercial Code No. 6102
Public Procurement Law No. 4734
Public Procurement Contracts Law No. 8529
Regulation on Health and Safety Measures to be Taken in Workplace Buildings and Attachments
Regulation on Archive Services
Other relevant laws and secondary regulations
Data is processed within this framework and stored for the periods stipulated by the relevant laws.
4. Conditions For Processing Personal Data
Except for the exceptions defined in the KVKK, PeraPole processes personal data with the explicit consent of the relevant individuals. Situations where data may be processed without the explicit consent of the data subject, as provided in Article 5 of the KVKK:
Explicitly prescribed by laws,
Necessary for the protection of the life or physical integrity of the data subject or another person who is unable to express consent due to actual impossibility or whose consent is not legally valid,
Necessary for the conclusion or performance of a contract directly related to the data subject and being a party to the contract,
Necessary for the data controller to fulfill its legal obligation,
Made public by the data subject himself/herself,
Necessary for the establishment, exercise, or protection of a right,
Necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
Pursuant to Article 6(2) of the KVKK, explicit consent of the data subjects is required for the processing of special categories of personal data. Except for health and sexual life-related data, special categories of personal data other than health and sexual life-related data may be processed without the explicit consent of the data subject in cases envisaged by laws.
Personal data relating to health and sexual life may be processed without explicit consent for purposes such as the protection of public health, preventive medicine, medical diagnosis, treatment, and care services, planning and management of health services and financing thereof, by persons or institutions under a confidentiality obligation or authorized public institutions and organizations.
5. Purposes Of Processing Personal Data
Your personal data is processed by PeraPole within the framework of the personal data processing conditions and purposes specified in Articles 5 and 6 of the KVKK for the following purposes:
Carrying out activities in accordance with the legislation and business processes of PeraPole
Conducting human resources policies of PeraPole,
Ensuring the security of PeraPole's employees and facilities,
Execution of commercial activities,
Conducting marketing activities,
Ensuring the physical security and control of the workplace,
Execution of activities related to the business partner and customer relationship processes,
Realization of planning and statistics activities,
Carrying out activities for the legal, technical, and commercial-business security of PeraPole and those with whom it has a business relationship,
Management of customer complaints and requests,
Providing information to authorized persons, institutions, and organizations within the framework of legal obligations,
Conducting communication activities,
Execution of finance and accounting activities,
Carrying out audit and ethical business policies,
Ensuring the execution of financial and accounting affairs,
Ensuring the execution of sales and marketing activities,
Execution of goods/services purchasing activities,
6. Principles Regarding Processing Of Personal Data
As PeraPole, we process personal data in accordance with the following principles:
Compliance with the law and integrity
Ensuring that personal data is accurate and up-to-date,
Processing for specific, explicit, and legitimate purposes,
Retention for the period required for the purpose for which they are processed,
Processing personal data in connection with the purpose for which they are collected, in accordance with the law and good faith,
Ensuring that personal data is relevant, limited, and proportionate to the purpose for which they are processed,
Not processing personal data except where explicitly provided by laws or if it is clearly stipulated in the legislation that it may be processed without the need for explicit consent of the data subject,
Taking necessary technical and administrative measures to ensure the appropriate level of security,
Ensuring that personal data is not transferred abroad without the explicit consent of the data subject or where explicitly provided by laws,
Informing the data subject of their rights.
Personal data is processed by taking into account the principles stated above.
7. Data Security
PeraPole takes the necessary technical and administrative measures to ensure that personal data is processed in accordance with the law and in a secure manner, to prevent unlawful processing of personal data, and to prevent unauthorized access to personal data.
8. Rights Of The Data Subject
Within the framework of Article 11 of the KVKK, data subjects have the following rights regarding their personal data:
Learning whether their personal data is processed,
Requesting information if their personal data has been processed,
Learning the purpose of processing personal data and whether they are used in accordance with their purpose,
Knowing the third parties to whom their personal data is transferred domestically or abroad,
Requesting correction of personal data if it is incomplete or incorrectly processed,
Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
Requesting notification of the transactions made pursuant to subparagraphs (e) and (f) to third parties to whom personal data have been transferred,
Objecting to the occurrence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems,
Requesting the compensation of the damage in case of damage due to unlawful processing of personal data.
The data subjects may submit their requests regarding the exercise of their rights to PeraPole through the methods specified in this POLICY.
9. The Procedure For Exercising The Rights Of The Data Subject
Requests regarding the exercise of the rights of the data subject can be made in writing or through other methods determined by the Personal Data Protection Board. Depending on the nature of the request, the request may be submitted to PeraPole by registered mail, secure electronic signature, mobile signature, or registered electronic mail (REM) address, or it may be delivered by hand by the data subject through other methods specified by the Personal Data Protection Board. PeraPole will conclude the requests free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board may be charged.
10. Amendments To The Policy
PeraPole reserves the right to make amendments to this POLICY at any time. The amended provisions of the POLICY will take effect on the date of publication.
11. Contact Information
PeraPole provides its services in accordance with this POLICY and the relevant legislation in order to ensure the protection of personal data. For questions and suggestions regarding this POLICY, you can contact PeraPole via the contact information provided below.