find now
Personal Data Protection and Privacy Policy
1. IDENTITY OF THE DATA CONTROLLER
Electron (Electron) carries out data processing activities as a "Data Controller" within the scope of the Personal Data Protection Law (KVKK) No. 6698.
This Electron Personal Data Protection and Privacy Policy (POLICY) has been prepared to inform the relevant parties and persons about the processes and principles of processing personal data by Electron.
2. DEFINITIONS
Explicit consent: Consent on a specific subject, based on information and expressed with free will,
Anonymization: Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data,
relevant person: The natural person whose personal data is processed,
Personal Data: Any information relating to an identified or identifiable natural person,
Processing of personal data: Any operation performed on personal data such as obtaining, recording, storing, retaining, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system,
Board: Personal Data Protection Board,
Institution Personal Data Protection
Authority, Data processor: A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller,
Data recording system: The recording system in which personal data are structured and processed according to certain criteria,
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,
refers to.
3. LEGAL GROUNDS FOR DATA PROCESSING ACTIVITIES
Personal data processed within the framework of the Electron business activities shall be stored for the period stipulated in the relevant legislation. In this context, personal data;
Personal Data Protection Law No.6698
Turkish Code of Obligations No. 6098
Social Insurance and General Health Insurance Law No. 5510
Law No. 5651 on the Regulation of Broadcasts on the Internet and Combating Crimes Committed Through These Broadcasts
Occupational Health and Safety Law No. 6331
Labor Law No. 4857
Turkish Commercial Code No. 6102
Public Procurement Law No. 4734
Public Procurement Contracts Law No. 8529
Regulation on Health and Safety Measures to be Taken in
Workplace Buildings and Attachments
Regulation on Archive Services
Other relevant laws and secondary regulations
And stored for the retention periods stipulated under the relevant laws.
4. CONDITIONS FOR PROCESSING PERSONAL DATA
Electron shall process personal data with the explicit consent of the data subjects, with the exceptions defined in the PDPL. PDPL 5. In cases where the data can be processed without the explicit consent of the data owner within the framework of the provisions of the article:
Explicitly required by law
It is obligatory for the purpose of protecting the life or physical integrity of the person who is unable to disclose his/her consent due to
actual impossibility or whose consent is not deemed legally valid, or of another person
It is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract
It is mandatory for the data controller to fulfill
its legal obligation
It has been made public by the data subject himself/herself
Data processing is mandatory for the establishment, exercise or protection of a right
Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
PDPL 6(2). In accordance with the provision of the Article, the explicit consent of the persons concerned must be obtained in the processing of sensitive personal data. Sensitive personal data other than data related to health and sexual life can be processed without the explicit consent of the data owner in cases stipulated by law.
Personal data relating to health and sexual life can be processed by authorized institutions and organizations and persons under the obligation of confidentiality for protecting public health and providing protective medicine, medical diagnosis, treatment and care services, planning and managing health care services and their financing without explicit consent of the data subject.
5.PURPOSES OF PROCESSING PERSONAL DATA
Your personal data is processed by Electron for the purposes described below.
Execution of Emergency Management
Execution of Information Security
Execution of Employee Candidate / Intern / Student Selection and Placement
Execution of Application of Employee Candidates
Execution of Employee Satisfaction and Commitment
Fulfillment of Obligations Arising from Employment Contract and Legislation for Employees
Execution of Side Benefits and Benefits Processes for Employees
Execution of Training Activities
Execution of Access Authorities
Conducting Activities in accordance with the Legislation
Execution of Finance and Accounting Affairs
Ensuring Physical Space Security
Execution of Assignment,
Follow-up and Execution of Legal Affairs
Conducting Communication Activities,
Planning Human Resources
Execution / Supervision of Business Activities
Execution of Occupational Health / Safety Activities
Execution of Logistics Activities
Execution of Goods / Service Procurement Processes
Execution of Goods / Services After Sales Support Services
Execution of Goods / Services Sales Processes
Execution of Goods / Service Production and Operation Processes
Execution of Customer Relationship Management Processes
Conducting Activities for Customer Satisfaction
Organization and Event Management
Conducting Marketing Analysis Studies
Execution of Performance Evaluation Processes
Execution of Advertising / Campaign / Promotion Processes
Execution of Storage and Archive Activities
Execution of Contract Processes
Execution of Sponsorship Activities
Follow-up of Requests / Complaints
Ensuring the Security of Movable Goods and Resources
Ensuring the Security of Data Controller Operations
Providing Information to Authorized Persons, Institutions and Organizations
Creating and Tracking Visitor Records
6. RETENTION PERIODS OF PERSONAL DATA
Personal data processed by Electron are stored and maintained within the legal periods specified in the table below.
| Identity (Name surname, Mother-father's name, Mother's maiden name, Date of birth, Place of birth, Marital status, Identity card serial number, TR ID number, etc.) | 10 years | |||
| Contact (Address number, E-mail address, Contact address, Registered e-mail address (REM), Telephone number, etc.) | 10 years | |||
| Personnel (Payroll information, Disciplinary investigation, Employment certificate records, Property notification information, Resume information, Performance evaluation reports, etc.) | 10 years | |||
| Legal Action (Information in correspondence with judicial authorities, Information in the case file, etc.) | 10 years | |||
| Customer Transaction (Call center records, Invoice, bill, check information, information on pay-desk receipts, Order information, Request information, etc.) | 10 years | |||
| Transaction Security (IP address information, website login and logout information, Password and password information, etc.) | 2 Years | |||
| Finance (Balance sheet information, Financial performance information, Credit and risk information, Asset information, etc.) | 10 years | |||
| Professional Experience (Diploma information, Courses attended, Vocational education information, Certificates, Transcript information, etc.) | 10 years | |||
| Visual and Auditory Records (Visual and Auditory records, etc.) | 2 Years | Photographs Provided in the Attachment of|||
| Documents and Forms (Passport photo, etc.) | 10 years | |||
| Health Information (Information on disability status, Blood group information, Personal health information, Device and prosthesis information used, etc.) | 10 years | |||
| Criminal Conviction and Security Measures (Information on criminal conviction, Information on security measures, etc.) | 10 years | |||
7. TRANSFER OF PERSONAL DATA
Electron comply with the PDPL and the relevant legislation regarding the sharing of personal data with third parties. In this context, personal data are not transferred by Electron to third parties without the explicit consent of the data owner. However, in the presence of one of the following conditions defined by the PDLD, personal data may be transferred by Electron to third parties without the explicit consent of the data owner.
It must be explicitly provided for in the law
It is mandatory for the protection of the life or physical integrity of the person himself/herself or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not legally valid
Provided that it is directly related to the establishment or performance of a contract, the processing of personal
data belonging to the parties to the contract is necessary
It is mandatory for the data controller to fulfill its legal obligation,
Being made public by the data subject himself/herself
Data processing is mandatory for the establishment, exercise or protection of a right
Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject
Your personal data (provided that adequate measures are taken) may be transferred without obtaining explicit consent in terms of sensitive personal data other than health and sexual life; for the purposes such as being stipulated in the laws, protecting public health in terms of sensitive personal data related to health and sexual life, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
In the transfer of personally sensitive data, the conditions specified in the processing conditions for such data are complied with.
8. OBLIGATION OF DISCLOSURE
The information that needs to be provided to data subjects within the framework of the disclosure obligation under Article 10 of the PDPL are as follows:
The identity of the data controller and its representative,
For what purpose the personal data will be processed
To whom and for what purpose the processed personal data can be transferred
Method and legal reason for collecting personal data
Other rights listed in Article 11 of the PDLD
Within the framework of Article 28 (1) of the PDLD, Electron has no obligation to illuminate in the following cases:
Processing personal data by natural persons within the scope of activities related to themselves or family members living in the same premices, provided that it is not given to third parties and obligations related to data security are complied with
Processing personal data for purposes such as research, planning and statistics by anonymizing them with official statistics
Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime
Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security
Processing of personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution procedures 28 (2) of the
PDPL.
Cases where there is no obligation to disclose within the framework of this article:
Processing personal data is necessary for the prevention of committing a crime or for the investigation of a crime
Processing personal data made public by the data subject himself
Processing personal data is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by authorized public institutions and organizations and professional organizations in the nature of public institutions based on the authority granted by the law
Processing personal data is necessary for the protection of the economic and financial interests of the State in relation to budgetary, tax and financial matters
9. RIGHTS OF THE DATA OWNER
Everyone has right to apply to the Data Controller and;
a) To learn whether personal data is processed,
b) To request information if his/her personal data has been processed,
c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
ç) To know the third parties to whom personal data are transferred at home or abroad,
d) To request correction of personal data in case of incomplete or inaccurate processing,
e) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7,
f) To request notification of the transactions made in accordance with subparagraphs (d) and (e) to third parties to whom personal data has been transferred,
g) To object to the emergence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems,
ğ) He/she has the right to claim compensation in the event that he/she suffers damage due to unlawful processing of personal data.
10. DATA SUBJECT APPLICATION PROCESS
Electron will process your legal requests through the “ElectronPersonal Data Subject Application Form”. Electron shall be obliged to process the application forms of the employees at the latest within 30 (thirty) days as per article 13 of the Law free of charge. In case the request is rejected, the reason for such rejection shall be informed to the employee in written or by electronic means.
Within the framework of Article 28(1) of the PDPL, data subjects cannot use the provisions defined in Article 11 of the PDPL in the following cases:
Processing personal data by natural persons within the scope of activities related to themselves or family members living in the same premises, provided that it is not given to third parties and obligations related to data security are complied with
Processing personal data for purposes such as research, planning and statistics by anonymizing them with official statistics
Processing personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime
Processing personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security
Processing personal data by judicial authorities or enforcement authorities in relation to investigation, prosecution, trial or execution procedures
The rights defined in Article 11 of the PDPL cannot be exercised in the following cases.
Processing personal data is necessary for the prevention of committing a crime or for the investigation of a crime
Processing of personal data made public by the data subject himself
Processing personal data is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by authorized public institutions and organizations and professional organizations in the nature of public institutions based on the authority granted by the law
Processing personal data is necessary for the protection of the economic and financial interests of the State in relation to budgetary, tax and financial matters
The persons concerned shall submit their legal applications regarding the processing of personal data to Electron PERPA TİC. Mer. B-Blok Kat:2 No:65 34385 Okmeydani-İstanbul/ TURKEY in person /through a notary public or with the e-mail addresses registered in our system to bilgi@electron.com.tr with the subject "KVKK Data Owner Application".
11. MEASURES TAKEN TO ENSURE DATA SECURITY
Electron takes the following technical and administrative measures for the protection of personal data.
11.1. ADMINISTRATIVE MEASURES
Administrative measures taken by Electron to ensure personal data security:
There are disciplinary regulations for employees that include data security provisions.
Training and awareness studies on data security are carried out periodically for employees.
An authorization matrix has been created for employees.
Corporate policies on access, information security, use, storage and destruction have been prepared and implemented.
Confidentiality commitments are made
The authorities of employees who change their duties or leave their jobs are removed.
Signed contracts contain data security provisions.
Extra security measures are taken for personal data transferred via paper and the relevant document is sent in confidential document format.
Personal data security policies and procedures have been determined.
Personal data security issues are reported quickly.
Personal data security is monitored.
Necessary security measures are taken regarding the entry and exit of physical environments containing personal data.
Physical environments containing personal data are protected against external risks (fire, flood, etc.).
The security of environments containing personal data is ensured.
Personal data is reduced as much as possible.
In-house periodic and/or random audits are carried out and made.
Current risks and threats have been identified.
Protocols and procedures for the security of sensitive personal data are determined and implemented.
Service providers that process data are periodically audited for
data security.
Awareness of data processing service providers about data security is ensured.
11.2. TECHNICAL PRECAUTIONS
Technical measures taken by Electron to ensure personal data security:
Network security and application security are provided.
Closed system network is used in personal data transfers through the network.
Key management is implemented
Security measures are taken within the scope of procurement, development and maintenance of information technology systems.
The security of personal data stored in the cloud is ensured.
Access logs are kept regularly.
Data masking measures are applied when necessary.
Current anti-virus systems are used.
Firewalls are used.
Personal data is backed up and the security of the backed up personal data is also ensured.
User account management and authorization control system are implemented and followed up.
Log records are kept in a way that there is no user intervention.
Current risks and threats have been identified.
If sensitive personal data is to be sent via e-mail, it must be sent in encrypted form and using a Kep or corporate mail account.
Secure encryption / cryptographic keys are used for sensitive personal data and managed by different units.
Intrusion detection and prevention systems are used.
Penetration test is applied.
Cyber security measures have been taken and their implementation is constantly monitored.
Encryption is performed.
Sensitive persons transferred on portable memory, CD, DVD media are transferred by encrypting the data.
Data loss prevention software is used.
12. MISCELLANEOUS
The policy is published in two different media, wet signed (printed paper) and electronic, and is announced to the public on the website.
In case of inconsistency between the provisions of the PDPL and the relevant legislation and this Policy, the provisions of the PDPL and the relevant legislation shall apply first.
The policy is published on the Electron corporate website and announced to the relevant persons.
If an update is made in the policy, the new policy document shall enter into force by being announced and published in the same way.
This Policy prepared by Electron entered into force on 27.12.2019.