Protection of personal data is an important subject for Doğuş Bilgi İşlem ve Teknoloji Hizmetleri A.Ş. (“DT”). DT adopts the principles stipulated by the Law no. 6698 on the Protection of Personal Data (“PDP Law”)to ensure compliance, and fulfills its obligations with respect to the processing, deletion, destruction, anonymization, transfer of personal data, providing clarification to the data subject and ensuring data security. The Personal Data Protection Policy created for this purpose is made available to the relevant natural persons whose data is processed (“Data Subject”)..
This Personal Data Protection Policy details the following for DT;
DT collects personal data through websites, social media accounts, cookies, notices sent by administrative and judicial authorities and other communication channels, using aural, electronic and print formats, in accordance with the personal data processing terms and conditions stipulated by the PDP Law and based on the legal grounds specified in this Personal Data Protection Policy.
DT categorizes the data subject groups whose personal data is processed in personal data processing procedures and operations related to such procedures, as follows. With this said, pursuant to the personal data processing conditions stipulated in article 5 and 6 to the PDP Law and based on the legal grounds specified in this Personal Data Protection Policy, personal data of other data subject groups can also be processed.
2. Prospective Client
Persons making claims/complaints
1. DT is committed to take all the necessary technical and administrative measures and exercise due diligence in order to ensure the privacy, integrity and security of your personal data. DT takes the necessary measures to prevent unauthorized access to personal data and the misuse, unlawful processing, disclosure, alteration or destruction of personal data. In regards to preventing unlawful access to, unlawful processing of and the protection of the personal data it processes, DT:
2. Protects all the domains on the website from which the personal data is obtained with SSL,
3. In order to prevent the unlawful processing of the personal data collected from the website; creates and implements access authorization and control matrices for its employees,
In order to prevent unlawful access to the personal data; carries out regular leak testing and tests the resilience of the system against unauthorized access,
In case the personal data are damaged or acquired by unauthorized third parties as a result of cyber attacks on platforms operated by DT or the DT system despite all the necessary information security measures having been taken by DT, DT immediately informs you and the Personal Data Protection Board and takes the necessary measures.
DT only transfers the personal data to third parties according to the purposes specified in the Personal Data Protection Policy and the articles 8 and 9 to the PDP Law.
The client data is also shared with the intermediary service provider of the commercial electronic message in order to carry out promotions, advertising, offer benefits and advantages in relation to the client’s preferences, interests and habits based on their commercial electronic message consent.
The personal data specified above, which are subject to domestic or foreign-based transfers, are also protected legally by provisions in accordance with the PDP Law, included in our agreements, taking into consideration that the opposite side of the legal relationship is the data controller or the data processor; in addition to other technical measures that will ensure their security.
DT retains the personal data it processes for the periods stipulated by the relevant legislation or the periods required by the purpose of processing, in accordance with the PDP Law. These periods are listed as follows in our Personal Data Retention and Destruction Policy:
|Client records||10 years||Law NR. 6098|
|All records relating to accounting and financial transactions||10 years||Law NR. 6102 , 213|
|Commercial electronic message consent records||1 year following the date on which the consent was withdrawn||Law NR. 6563 and 2nd appendix|
|Traffic information relating to online visits||2 years||Law NR. 5651|
|Personal data related to clients||10 years following the termination of the legal relationship||Law NR. 609|
Pursuant to article 11 of the PDP Law, the rights of the Data Subjects related to their personal data processed by DT are listed below:
Pursuant to article 13 to the PDP Law, you may exercise your rights by sending an e-mail to firstname.lastname@example.org.
DT will be entitled to share your personal data such as visits or membership and traffic information such as browsing activity on e-commerce platforms and mobile applications operated by DT; for the purpose of enabling DT to fulfill its obligations arising from the law (including but not limited to fighting crime, threats to government and public safety and other similar circumstances where DT is obligated to provide legal and administrative notifications or information), with public authorities and organizations that are legally entitled to request such information.
DT retains the personal data it processes through the mobile website, for periods stipulated by the relevant laws or periods required by the purpose of processing pursuant to article 7 and 17 to the PDP Law and article 138 to the Turkish Penal Code. Upon the expiration of such periods, DT will delete, destroy or anonymize the data as per the provisions of the Regulation on the Deletion, Destruction or Anonymization of Personal Data.
Deletion of personal data by DT refers to the process of rendering the personal data completely inaccessible or unusable by the relevant users. For this purpose, DT creates and implements an access authorization and control matrix at the user level and takes the necessary measures to carry out the deletion on the database.
Destruction of personal data by DT refers to the process of rendering the personal data completely inaccessible, irretrievable and unusable by any party.
Anonymization of personal data by DT refers to the process where the personal data is rendered so that it cannot be associated with any identified or identifiable natural person even in case the personal data is matched with other data.
DT explains the methods of deletion, destruction and anonymization and the technical and administrative measures it has taken for this purpose under the Personal Data Retention and Destruction Policy prepared pursuant to the Regulation on the Deletion, Destruction or Anonymization of Personal Data in detail. This Policy also defines the time period for the periodic destruction stipulated by the Regulation as 6 months.
DT may make changes to this Privacy/Personal Data Protection Policy at any time. These changes immediately take effect following the issuance of the new and amended Privacy/Personal Data Protection Policy. The necessary information will be provided to you, our members, to inform you of the changes made to this Privacy/Personal Data Protection Policy.