P.D.P.A.
| Document Information | |
| Document Name: | Personal Data Protection Policy |
| Document Content: |
This policy of the purpose Poca Logistics Services Joint Stock Company (“The Company”) personal Data protection methods is to determine the principles and procedures. |
| Effective Date: | 7 April 2016 |
| Revision No: | The first publication. |
| Reference / Justification | 6698 numbered Personal Data Protection Law |
| Approved by: | The Company Chairman Of The Board |
PERSONAL DATA PROTECTION POLICY
I.INTRODUCTION
This Personal Data Protection Policy (“Policy”), Poca Logistics Services Joint Stock Company (“the company” or “Data Responsible”) 6698 Numbered Personal Data Protection Law in the be to the relevant legislation, the provisions in accordance with fulfilling its obligations to protect personal data and when processing personal data within the company and/or by the company to be followed must principles sets out.
Data responsible for his own within the body , located Personal Data in respect of this Policy and the policy attached to the procedures to be implemented as appropriate treat manner.
II.POLICY PURPOSE
The main purpose of this policy data and the processing of personal data by the principal to determine the principles for the preservation of methods and procedures.
III.POLICY SCOPE
This Policy; Data Principal process that Personal Data for all the activities it covers , and the word is applied to the subject activity. This policy does not apply to data that is not personal data.
priority provisions of the legislation in the case of the presence of incompatibility between Policy and legislation in Forceshall apply.
IV.DEFINITIONS
In this policy the following definitions for the last meanings contain shall;
”Consent “open a Specific a topic in relation informed is based on and free will, as described in the consent of the expression is.
Fetch” Make “Anonymouspersonal data with any other data held by matching the ID in no way be linked to specific or identifiable natural person, which cannot even be made refers to.
“Application form” the rights of the data subject the person responsible for use of data that contains the application refers to the application form they're going to do.
“Personal health information” 29863 20.10.2016 date and numbered Official Gazette published the personal health data of the processing and privacy of the provision About Regulations , as described in the scope of an identified or identifiable natural person refers to all the health information.
“Personal data” refers to any information about an identified or identifiable natural person (in this policy , within the scope of “Personal data” statement to the extent that is appropriate, as defined below in the “special Qualified Personal Data” and “personal Health data”will include too).
preservation, storage, recording, to achieve in ways that are non - automatic provided to be part of the system data records of any, either , or the auto - partially or fully Personal Data Processing” Data “Personalmodification, re-regulation, disclosure, transfer, acquisition, can be obtained by making classification or also use prevention , such as data on done all kinds of the process of the expression is.
“Board” refers to the personal data protection board. “Institution” Personal Data Protection institution of the expression is.
“KVKK” 6698 numbered Personal Data Protection Law expression is.
related against the protection of data of personal with the law on the protection of data of Personal No. 6698 Arrangements” “KVKother legislation, regulatory and supervisory authorities, courts and other government authorities by issued binding decisions, policy decisions, provisions, instructions and data for the protection of applicable international agreements and any other legislation refers to.
Officers, employees, Data andentering into force, approved by the board of Directors of ” Procedures KVK “the scope of this policy to comply with the obligations that refers to procedures that must determine.
Data” Personal Qualified “Private Persons, race, ethnic origin, political opinion, philosophical belief, religion, sect , or other beliefs, costume and dress, Association, Foundation or also trade union membership, health, sexual life, criminal convictions and security measures, with relevant data with biometric and genetic data of the expression is.
“Deletion or erasure of” Personal data of irreversible manner destroyed , or to be destroyed, to be the expression is.
includes information , etc. people in the third transferred Data Personal category, data, purposes of Processing the data of personal and methods, process the processing of personal data as oriented activities, Processing Data Personal Principal Data Inventory” “the datathat refers to inventory.
Functioning” “Data Data the principal by the authority ,taking Data responsible for on behalf of the Personal Data that it processes real or legal person shall mean:
The subject is” “Data Personal data is Data responsible for the by or the Data responsible for on behalf of processing into all refers to the real people.
“Data Manager” the purpose and functioning of processing personal data by specifying the paths to process data recording system establishment and management responsibility in a real or legal person of the expression is. This Policy within the scope of the company responsible for Data refers to.
and Processing of the data Health Personal published Gazette, Official No. 29863 and date 20.10.2016 “Regulation”refers to the regulations on ensuring confidentiality.
V.PERSONAL DATA COMMIT PRINCIPLES
(i)Personal data of the Law and Integrity Rules, Conformity In Processing
Personal data is responsible for the data by the law and integrity rules appropriate and the proportionality principle based is processed.
(ii)the personal Data is correct and if necessary Updated to be to the necessary Measures to be taken
Of the data subject takes the necessary measures. the kinds of each for up-to-date and accurate ,complete your personal data is responsible for your Datain case of change of demand for personal data, the personal data relevant updates.
(iii)Personal data of Specific, Legitimate and Explicit Purposes in accordance with Processing
determined. Processed Data for any purpose Personal by responsible for the Data first to the processing of personal dataand the context data is Subject to European Regulations within the scope of illuminated and you need it in the event that Explicit Consent is taken.
(iv)the personal data is processed, they are Purpose - Linked, Limited and Restrained to be
Data responsible for your personal Data only KVK Arrangements under exceptional cases (KVKK Article 5.2 and Article 6.3) or explicit consent from the data subject within the scope of the purpose (KVKK Article 5.1 and Article 6.2) in accordance with the principles of proportionality and processes. Responsible for data, the purposes for which your personal data that can be carried out in a manner convenient to the realization of the purpose and avoids the processing of personal data that are not needed or are not related.
(v)the personal Data Needed until it is Retained to be and Afterwards be deleted
Responsible for data, retains your personal data as necessary for the purpose. Data Coordinator, KVK in the regulations prescribed or Personal Data Processing the purpose of the required duration than the longer a period for your personal data to retain , if desired, to the KVK in the regulations specified the obligations appropriate treats.
Are brought in. Hale Anonymous or Deleted Data Personal then when you end the time required in the purpose of the processing of Data PersonalData of third parties responsible for the personal data transfers or delete the personal data that is provided to make Anonymous. Responsible for data, delete, and anonymous to make bringing the process operates , and in this context the necessary policies and/or procedures also creates.
VI.PERSONAL DATA PROCESSING
Data responsible for the processing of personal data and Regulations in the process of KVK KVKK the appropriate act, Personal Data Processing principles of the sticks. Personal data is Data responsible for , by , however, is below the specified procedures and can be processed within the scope of the principles.
6.1.Explicit Consent
disclosure to be made to be brought in the frame instead of the obligation of Lighting data subjects that their Data, Personalpost gives explicit consent of the data subject and processed.
Lighting the obligation within the framework of Explicit Consent is received before the data subjects of their rights are notified.
The data in the way it can be proved that the consent Open is taken. methods appropriate Regulations KVK Consent Explicit subjects from the Dataresponsible for by the European regulations under the required period with maintained it.
Procedures KVK and Politics of the present directives, Officer, Data Edits, KVKK KVKK, employees of the department all process personal data are obliged to. providing for the housing and to the receipt of consentis clear and needed to be brought up instead of the commitment of Lighting in terms of the process of processing the data of all personally responsible for the dataobliged to comply with.
6.2.Personal Data Explicit Consent Without Obtaining To Be Processed
KVK Regulations within the scope of Explicit Consent without obtaining Personal Data Processing, where required by cases (KVKK Article 5.2), responsible for the data, the data Subject 's explicit Consent without obtaining can process personal data. KVK data when personal data processed in this way responsible for regulations within the confines of personal data processes. In this context:
(I)thedata subject of the personal data Act clearly prediction in case of data by the party responsible for can be processed without explicit consent.
(ii)the actual impossibility due to the consent doesn't explain the case in , or consent, the legal validity unrecognized data subjects and/or a person outside the data subject's life or physical integrity of the protection for the Personal Data responsible for the data by Explicit Consent without can be processed.
(iii)the establishment of a contract, if one of the conditions is satisfied to be directly related with the implementation or performance, of the contract parties belonging to the personal data of the data Subject 's explicit Consent without Data can be processed by the party responsible for.
(iv)Personal Data processing the Data responsible for legal obligation instead of Bring if it is necessary to the personal data of the data subject 's explicit Consent , without responsible for Data by can be processed.
(v)publicly available data without explicit consent by the data subject can be processed by the party responsible for obtaining personal data.
(vi)Personal Data, a right of property, use of , or protection for the processing mandatory if Personal Data can be processed by the party responsible for data without obtaining explicit consent.
(vii)harm the fundamental rights and freedoms of the data subject the data to record with personal data for the legitimate interests of the principal, if required by the party responsible for processing data without obtaining explicit consent of the data can be processed.
VII.SPECIAL QUALIFIED PERSONAL DATA PROCESSING
Special Qualified Personal Data only;
(I)if theData subject's Explicit consent of the presence or
(II)TheData Subject 's explicit Consent, don't if
Currentsexual health private life and personal data outside of Qualified Personal Data in respect of mandatory use of processing explicitly in the law,in the case of
Currenthealth and sexual life in relation to personal Data , however, Public Health Protection, preventive medicine, medical diagnosis, treatment and care services, the conduct of health services financing, planning and management of persons under the obligation of secrecy for the purposes of (example: Company a physician) can be processed without obtaining the explicit consent or by authorized institutions.
During the processing of special personal data, as determined by the board measures are taken. Data Principal Private qualified and establishment of additional policies or procedures regarding the processing of personal data can be published.
In each case the processing of data that requires special personal data by the relevant employee Responsible is informed. A data, Specific personal data qualified is that it is understandable if you are not the relevant department by Data from the manager of view is taken.
VIII.PERSONAL DATA TRANSFERRING AND PERSONAL DATA THIRD PEOPLE BY PROCESSING
Data responsible for the processing of personal data for the purposes of personal data by taking the necessary precautions for domestic and/or overseas that is located on the third a true or or legal person with ICC Regulations in the appropriate manner may transfer. Responsible for data-in this case, also ensures that transfers of personal data to third parties comply with this policy. In this context, third the person with the concluded contracts necessary protective regulations is added. Each an employee, the transfer of personal data in the policy process to be done in this case is obliged to the floor.
(i)in Turkey , which is located to third parties Personal Data Transfer
Responsible data of persons in the third in Turkey with the condition to be taken , you consent to the explicit subject of the Data in theother , or without the consent of the Open in the exceptional set in 6.3 Article and 5.2 Article KVKK Data, Personalinformation.
Responsible for data, transfer your personal data to third parties in Turkey ensures that comply with European regulations.
(II)theDorm outside of that is located Third parties to Transfer
or without the consent of the Clear cases, the exceptional set in 6.3 Article and 5.2 Article KVKK data,the Personaldata required to get the express consent of the subject (with KVKK Article 5.1 and Article 6.2) by the principal data can be transferred to third parties abroad.
In accordance with European regulations without obtaining explicit consent of the personal data is transmitted, where also will be transferred in the case where the foreign country in terms of the following conditions of one 's presence requires:
Collectedpersonal data is transferred by the board of the foreign country where the status of countries where adequate protection exists (for a list, please follow the current list of the board),
□ Ofthe transfer will take place, where foreign countries included in the list of the board of the country to be safe on Data responsible for and the applicable country-specific data responsible for adequate protection would be ensured regarding a commitment from the board by written permission.
Data responsible for your personal data to third parties comply with regulations ensures that the transfer abroad KVK.
IX.LIGHTING LIABILITY
Data Responsible For Kvkk Of 10. Before the processing of the personal data in accordance lightens the data subject. In this context, Data, responsible for the acquisition of your personal data during Illumination Obligation instead of bringing it. Lighting the obligation within the scope of data to be made the subject of the notification the following elements in this order contains: (i) responsible for Data and if you are the representative of the identity, (ii) personal data for any purpose, processed, (iii) Processed the personal Data to whom and for what purpose can be transferred, (iv) Personal Data collection method and legal reason and
(v) The Data Subject Rights.
The subject of data as appropriate Article 11. Kvkk's and 20. The Constitution of the Republic of Turkey ,responsible for the datainformation, it makes the necessary information requested.
Data responsible for the processing of personal data required prior to the lighting of the obligation related to the employee who is responsible for follow the process execution.
Data except those who are third in the company of a person , a third person above specified obligations is appropriate that they will behave written a contract with the Personal Data Processing of the initiation before a third person should be committed. Each is an employee of the company to third with a person by Personal Data transfer is made in the case , this policy is located, the process is liable to the floor.
X.PERSONAL DATA ENCLOSURE BE DELETING NO BE AND ANONYMOUS MAKE INTRODUCTION
Responsible for data, in accordance with the provisions of the kvkk and other law which personal data in accordance with the time prescribed in the relevant legislation and in any case responsible for the data for legitimate purposes as long as the remains are eliminated.
on demand of the subject Data or ex officio Data Personal when the end times specified above is responsible for the DataDeletes or Anonymous , Make brings it to life. In this context,the Data responsible for the relevant obligation instead of bring to the company within the necessary technical and administrative measures in the lobby. Data responsible for Personal Data Deletion or Anonymous , Making the introduction of additional policies or procedures regarding the establishment and may publish it.
XI.DATA SUBJECT RIGHTS
Data responsible for Personal Data in hand holds the Data subject to the below specified demands in accordance with European regulations will respond.
(i)Personal Data, commit and that he didn't commit ,learning
(ii)Personal Data is processed, it is regarding your information request to
(iii)Personal Data processing purpose and their purpose is appropriate using that has not been used for learning,
(iv)the company's Personal Data transferred to the homeland in , or overseas third - person learning
(v)incomplete or incorrectly processed if the personal data, ask to have them corrected and, in this context, the process where your personal data is transferred to third parties, request to be notified,
(vi)KVKK and related other law, the provisions of this appropriate as processed is ,although the processing that requires the disappearance of the reasons in the case of the destruction or deletion of your personal data and, in this context, the process where your personal data is transferred to third parties, request to be notified,
(vii)the operand data exclusively by automatic systems, by means of analyzed to be by the person himself
against you as a result of, arising out of Appeal ,don't
(viii)Personal data law , in violation of as due to processing the damage suffers if the damage to be fixed , don't demand.
together advice and pictured are the identities of their respective demands by using the rights specified above, the subjects ofData www.seckinlermetal.com in the address located in the Space Application Form and fill it out Responsible for the data with related below is given and time to time may change from which e-mail to the address you signed electronic or again as below is located, and time to time which may change from mail address with wet signed a petition with the hand can be delivered by certified mail or via notary public can send.
Data Responsible: Poca Logistics Services Joint Stock Company
E-mail: pocanlojistik@hs01.kep.tr
Mail: Tatlıcak Mah. Konya Ereğli Cd. No:55/2 Karatay / KONYA
in the case that responds to a data principal as written requests regarding the rights listed above, the subjects of the datadepending on the nature of the request that is responsible for the Data request at thirty days within finalizes free of charge. However, by the board, a fee is prescribed data if the principal by the board by determined in the tariff charge is taken.
XII.DATA MANAGEMENT AND SAFETY
The data is responsible for by KVKK Article 12 in accordance with the Personal Data law , in violation of processed and avoid the personal data law violation in be accessed to prevent and Personal data of the custodian to ensure that in the beginning be the “data security” to ensure the below listed included be to and the relevant poet of legislation , the provisions are reserved by the necessary technical and administrative measures are taken.
(i)personal data KVKK relevant legislation, this policy and in accordance with the procedures related to protection KVK all employees who are involved in the process are jointly liable.
(II)theData responsible for by Personal Data processing activities, the technological possibilities and application to the cost of technical systems are controlled according.
(iii)Personal Data Processing activities for technical matters knowledgeable staff employing you.
(iv)the company 's employees on personal Data protection and of law is appropriate as to the processing directed as informed and trained.
(v)the Company Personal data to the access that they need employees mention the subject of Personal data access to provide the necessary KVK Procedure is created.
(vi)the company 's employees have to personal Data on only themselves defined authority within and related KVK
Documentation is appropriate , as you can access.
(vii)the employees of the company of personal data in contracts concluded with the protection regarding necessary provisions is being added and that in regard of employees awareness is to increase.
(viii)The company is the employee's Personal Data security is enough does not provide to be in doubt or such a point of vulnerability for the detection of the presence , in case of the situation immediately to the officer data reports.
(ix)Personal Data security for detailed KVK Procedure the data responsible for by is created.
(x)to itself , the company, the device is allocated to each person for their own use are allocated to be responsible for the security of the device.
(xi)Each Company employee, or the company within working in their area of responsibility are the person responsible for the security of the physical files.
(xii)KVK Regulations within the scope of Personal Data security for requested may be , or additional as demand
and comply with the measures of security, with additional employees at all in the case of to be precautions safety with will beobliged to ensure the continuity of the security measures.
(xiii)the company is to be stored in the secure environment of personal data in accordance with technological developments virus protection systems and security walls , containing software and hardware are installed.
(xiv)the Company Personal Data loss or damage to prevent to backup programs
being used , and sufficient level of security measures are taken.
(xv)the company is , within a Department, Special Qualified Personal Data processing the data is the department responsible for personal data committed by the importance of the relevant department and are informed about the safety and privacy of the data in accordance with the instructions of the principal Act. Special access to personal data qualified authorized only limited to employees is given , and of them a list and monitoring Data responsible for by is done.
(xvi)the company within the processed Personal data of all by the company “Confidential Information” as considered it.
(xvii)the company 's employees Personal Data safety and confidentiality in relation to obligations, business relations expiration after also would continue and was informed their employees of the company these rules to adhere in the direction of were committed.
XIII.TRAINING
The procedures in the field of European and October policy for its employees on protected Data Personal Charge Dataunder the regulations gives kvkk with the necessary training.
Qualified in education and private applications for the protection of personal data and personal health data is particularly referred to the definition.
access the employee and the Company ) to access the environment in the computer or as physical data to Personal employees of the companyin the case (e.g., a computer program that is being accessed) training will give you.
XIV.CONTROL
and contractors of the department and all the employees of the company to the European regulations, the policy that is responsible for the datawith the appropriate move that is regular as any preliminary notice without every time and ex officio to audit , and performs routine checks are necessary in this context.
XV.VIOLATIONS
Every employee of the company, the regulations of this policy and the procedures specified within the scope of KVK and principles he thought it was contrary to the data manager reports to the process or action. In this context, the relevant responsible for the data breach in accordance with the procedures for this policy and an action plan KVK creates.
Made of information as a result of the Data Charge EUROPEAN Regulations, the provisions of the In be to the topic in relation to applicable legislation, the provisions of the account by taking to a breach in relation to data Subjects or Institutions to be made the statement prepares.
XVI.RESPONSIBILITIES
The company within responsibilities , respectively, employee, department, Data is responsible for a - shaped.
XVII.Privacy Policy TODO CHANGES
Management from time to time if necessary or if required by regulations of the EUROPEAN Policy of the presentcan be changed with the approval of the board.
The company 's policy on the made changes could be studied in a way that the updated policy is the text of an e-mail way with with our employees shares , and internet address (www.pocanlojistik.com) over Data Subjects access provides.
XVIII.POLICY EFFECTIVE HISTORY
This policy is 7 April 2016 date from the force be to the company chairman of the Board by is approved.
