This policy explains the principles for the processing of personal data that need to be known by the real persons we process whose personal data, such as Dogus Technology supplier, consultant, internal customer (Dogus Group Affiliates), physical visitor and website (http://www.d-teknoloji.com.tr/) users.
Within the scope of this policy;
Dogus Technology:Doğuş Bilgi İşlem ve Teknoloji Hizmetleri A.Ş., which own the site,
Relevant person/real person:Personal data owner (subject),
Recording environment: Any environment which is automatic in whole or in part or where personal data processed with non-automatic means are exist provided that it is a part of any data recording system.
Site: The website on the following address:http://www.d-teknoloji.com.tr/,
Data Processor: Real or legal person processing data according to the authority given by the data processor.
Data Supervisor:Real or legal person determining the processing purposes of the personal data and responsible for the establishment and management of the data recording system,
Law No. 5651: Law on Regulation of Publications on the Internet and Suppression of Crimes Committed by means of such Publications,
Law No. 6698/KVKK:Refers to the Law on Protection of Personal Data.
1. Scope and Purpose of Protection of Personal Data Policy
This present Privacy and Protection of Personal Data Policy explains Dogus Technology’s:
a. Methods and Legal Reasons for Collecting Personal Data
Dogus Technology collects personal data through the website, the relevant company, the person concerned, cookies, notifications from administrative and judicial authorities and other communication channels, aurally, electronically or in writing, in accordance with the personal data processing conditions specified in the KVK Law and in line with the legal reasons provided in this present Personal Data Protection Policy.
b. Categorization of Data Subject Person Group
Dogus Technology categorizes the groups of people whose personal data are processed in personal data processing processes and activities related to these processes as follows. However, personal data of other groups of persons (consultants, educators) may be processed in accordance with the personal data processing requirements provided in Articles 5 and 6 of the KVK Law and in line with the legal reasons specified in this Privacy/Personal Data Protection Policy.
Data Categories and Sample Data Types
|1.||Internal customer (Dogus Group Affiliates) • Credentials: First name, surname • Contact Information: mobile phone, email address, landline phone • Risk Management Information: IP address • Process Security Information: Passcode, password information • Legal Transaction and Compliance Information: Start and end time of the service provided, the type of service utilized, the data transferred.|
|2.||Online Visitor • Process Security Information: Passcode, mobile phone, password information • Legal Transaction Information/Risk Management Information: IP address • Legal Transaction and Compliance Information: Start and end time of the service provided, the type of service utilized, the amount of data transferred.|
|3.||Physical Visitor • Credentials: First name, surname, T.R. identification number • Transaction Information: License plate number, date and time of visit • Visual Information: Camera Recording (CCTV)|
|4.||Supplier or Supplier’s Employee (Outsourced staff) or Authority • Credentials: TR Identification number, Name surname • Contact Information: email address, phone, KEP address, address, mobile phone • Financial Information: Account No, Tax Office, Tax Identification Number, Tax plate, IBAN, • Legal Procedure and Compliance Information: Signature circular, certificate of activity, power of attorney • Special Categories of Personal Data/Legal Transaction Information: Signature, Medical Report, Criminal Record • Personal Information: SSI Payroll, OHS documents • Professional Experience and Experience Information: Education Status, Certificate • Visual Information: Photograph • Visual Information: Camera Recording (CCTV)|
|5.||Consultant • Credentials: First name, surname, T.R. identification number • Contact Information: mobile phone, email address, landline phone • Financial Information: IBAN number • Special Categories of Personal Data/Legal Transaction Information: Signature, Signature circular • Professional Experience and Experience Information: Education Status, Certificate|
In Which Business Processes and for What Purposes Personal Data is used?
e. Technical and Administrative Measures Taken to Ensure the Security of Personal Data
Dogus Technology undertakes to take all necessary technical and administrative measures and to show due diligence to ensure confidentiality, integrity and security of your personal data.
Dogus Technology takes the necessary measures to prevent unauthorized access to personal data, misuse, unlawful processing, disclosure, alteration or destruction of personal data. Dogus Technology uses generally accepted security technology standards such as firewalls and Secure Socket Layer (SSL) encryption when personal data is processed.
In order to prevent unlawful access to the personal data processed by Dogus Technology, to prevent unlawful processing of these data and to ensure the protection of personal data, Dogus Technology:
Although Dogus Technology takes the necessary information security measures, in the event that personal data is damaged or seized by unauthorized third parties as a result of attacks on the platforms operated by Dogus Technology or on Dogus Technology system, Dogus Technology immediately notifies you and the Personal Data Protection Board and takes the necessary measures.
f.To Whom and for What Purpose can the Personal Data be Transferred?
Dogus Technology transfers personal data to third parties only for the purposes specified in this Privacy and Protection of Personal Data Policy and in accordance with Articles 8 and 9 of the Law.
Dogus Technology stores personal data about online and physical visitors in accordance with the legislation and can share it with the relevant public institutions and organizations upon request. Personal data regarding suppliers may be shared with the companies and subsidiaries within the structure of Dogus Group in relation to the goods, products or services procured, as well as with the relevant public institutions. You can get information for the companies and subsidiaries within the structure of Dogus Group at http://www.dogusgrubu.com.tr/tr/sektorler.aspx.
It is shared with TUBITAK (Scientific and Technological Research Council of Turkey) and the Ministry of Science, Industry and Technology in order to ensure R&D sustainability and to make the necessary notifications in line with the legislations.
Dogus Technology shares data with Dogus Holding A.S. (Inc.) in accordance with KVKK (Law on the Protection of Personal Data) within the scope of reporting and statistical studies.
In addition to the technical measures to ensure the security of personal data subject to national and international transfer that we have mentioned above; it is considered that the counter party of the legal relationship is a data controller or data processor, and it is also legally protected by means of the KVKK Law compliant provisions included in our contracts.
g. Retention Periods of Personal Data
Dogus Technology keeps the personal data it processes in accordance with the KVKK Law for the periods stipulated in the relevant legislation or required by the purpose of processing.
h. What Are The Rights Of The Relevant Persons On Their Personal Data And How They Can Use These Rights
The rights of the Person concerned in accordance with article 11 of the KVK Law on the personal data processed by Dogus Technology are listed below:
In order to execute these rights, you can always contact us using the “Application Form” on our website and the methods specified in this form.
The relevant person groups whose personal data is processed by us accept and declare that they are aware that the fact that personal data collected due to contractual relationship and shared by them through the Web Site and/or given by them are accurate and up-to-date is important for other relevant legislation and in order to use the rights they have on the personal data pursuant to KVKK Law, and that the responsibility to arise from giving misinformation solely belongs to them. You may make any changes and/or updates to your personal data by accessing at email@example.com.
i. Personal Data Sharing with Official Authorities
Dogus Technology may share this information for the purpose of fulfilling its obligations in the laws with public institutions and organizations that are legally authorized to request this information (in cases where Dogus Technology is obliged to legally and administratively make notification or give information including but not limited to fight against the crime, threat against national and public security and such other reasons).
2. Deletion, Destruction and Anonymization Conditions for Personal Data
Your personal data processed for the purposes specified in this Personal Data Protection Policy will continue to be anonymized and used by us when the purpose required the processing according to Article 7 / f.1 of Law No. 6698 is no longer valid, and when the periods specified by the Laws are expired according to Article 17 and Article 138 of the Turkish Penal Code.
Dogus Technology anoymizes the personal data it has processed by using one or more techniques, which is/are the most appropriate for business processes and activities, from the anonymization methods specified in the Guidelines on Deletion, Destruction and Anonymization of Personal Data published by Data Protection Board, when the retention periods stipulated in the relevant legislation or required by the purpose of processing are expired, and within the 6-month period provided for periodic destruction, and then continues to use this anonymized data.
3. Amendments to Privacy/Personal Data Protection Policy
Dogus Technology can make amendments to this “Personal Data Protection Policy” at any time. These revisions take effect immediately upon the publication of the revised new Protection of Personal Data Policy.
Pursuant to Article 13 (1) of the Law, you are required to submit your request regarding the use of the your rights to our Company in writing or by other means determined by the Personal Data Protection Board.
Within this framework, the channels and procedures through which you will submit your application in writing to our company within the scope of Article 11 of the KVK Law are explained on our Dogus Technology application methods page.