Menu
Menu
TABLE OF CONTENTS
III. CATEGORIES OF PERSONAL DATA PROCESSED BY PROCAT 6…………………………. ………………………….
VII. CLARIFICATION and INFORMATION OF THE PERSON CONCERNED 9…………….. ……………..
VIII. RIGHTS OF the PERSON CONCERNED and EXERCISE OF THESE RIGHTS 10……. ……
The policy regulates the principles adopted by PROCAT in the protection and processing of personal data.
Within the scope of this Policy, it is aimed to provide explanations about the systems adopted by PROCAT for the processing of personal data and the protection of personal data, to ensure transparency by informing the Relevant Person, especially the Employee, Employee Candidate, Employee Relative, Supplier Officer, Supplier Employee, Product or Service Recipient, Potential Product or Service Recipient, Intern, Visitor, Employee Relative, Employee’s Authorized Person in the Former Workplace, Employer, Workplace Physician, Public Official, Institution Official, Reference Person, Receiver and Deliverer, Person Subject to the News and Other Third Parties Involved in Any Process, to ensure the establishment and realization of standards in the management of personal data; to determine and support organizational goals and obligations; to establish control mechanisms in accordance with the acceptable level of risk, to comply with the principles and rules imposed by international conventions, Constitution, laws, regulations, contracts and other legislation regarding the protection of personal data, and to protect the fundamental rights and freedoms of the Relevant Person in the best possible way. In addition, this Policy covers all physical and electronic data recording systems and environments used for the automatic or non-automatic processing of personal and special personal data, provided that it is part of any data recording system.
Description | Description |
Explicit Consent | Consent to a specific subject, based on information and expressed in free will |
Constitution | Constitution of the Republic of Turkey No. 2709 |
PROCAT | Procat Danışmanlık Yazılım Telekomünikasyon Pazarlama Ticaret Anonim Şirketi PROCAT |
Employee | Employees at PROCAT |
Employee Candidate | Persons applying for a job with PROCAT |
Contact Person | Real person whose personal data is processed |
Disposal | Deletion OR destruction OF personal data |
Personal Data | Any information relating to an identified or identifiable natural person |
Personal Data Processing Inventory | Personal data processing activities carried out by data controllers depending on their business processes; personal data processing inventory created by associating personal data with the processing purposes, data category, transferred recipient group and data subject group and detailed by explaining the maximum time required for the purposes for which personal data are processed, the personal data envisaged to be transferred to foreign countries and the measures taken regarding data security |
Anonymization of Personal Data
| Anonymization of personal data, making personal data impossible to be associated with an identified or identifiable natural person in any way, even if it is paired with other data |
Destruction of Personal Data | Deletion, anonymization or destruction of personal data |
Deletion of Personal Data | The process of making personal data inaccessible and unavailable to Related Users in any way |
Destruction of Personal Data | Destruction of personal data, making personal data inaccessible, unrecoverable and unusable by anyone in any way |
Committee | PROCAT Personal Data Protection Committee |
KVK Board | Personal Data Protection Board |
KVKK | Personal Data Protection Law No. 6698 |
Sensitive Personal Data | Biometric and genetic data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures |
Periodic Destruction
| In the event that all the conditions for the processing of personal data in the KVKK are eliminated, the deletion, destruction or anonymization of personal data specified in the storage and destruction policy and to be carried out ex officio at repeated intervals |
Policy | PROCAT Personal Data Processing and Protection Policy |
Product or Service Receiver | Natural or legal persons with a contractual relationship with PROCAT |
Data Processor | A natural or legal person who processes personal data on behalf of the data controller on the basis of the authority granted by the data controller |
Data Recording System | Recording system in which personal data is structured and processed according to certain criteria |
Data Controller | Natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system |
PROCAT carries out personal data processing activities in accordance with Article 20 of the Constitution and Article 4 of the KVKK; in accordance with the law and honesty rules, accurate and up-to-date when necessary; for specific, clear and legitimate purposes; in connection with the purpose, in a limited and measured manner. In this context, pursuant to Article 5 of the LPPD, it processes personal data based on one or more of the conditions in Article 5 of the LPPD regarding the processing of personal data, and retains personal data for the period stipulated by the laws and/or required by the purpose of personal data processing. In addition, it acts in accordance with the regulations stipulated in terms of the processing of sensitive personal data in accordance with Article 6 of the LPPD, acts in accordance with the regulations stipulated in the law and put forward by the LPPD Board on the transfer of personal data in accordance with Articles 8 and 9 of the LPPD, enlightens the Relevant Person in accordance with Article 10 of the LPPD and provides the necessary information if the Relevant Person requests information.
Your personal data is processed by PROCAT in accordance with the principles of personal data processing in Article 4 of the LPPD. It is mandatory to comply with these principles for each personal data processing activity:
Processing of personal data in accordance with the law and the rules of honesty:
In the processing of your personal data, we act in accordance with the laws, secondary regulations and general principles of law; it is important to process personal data limited to the purpose of processing and to take into account the reasonable expectations of the Relevant Person.
Accurate and up-to-date personal data:
Care is taken to check whether your processed personal data is up-to-date or not. In this context, the Relevant Person is granted the right to request the correction or deletion of his/her accurate and outdated data.
Processing of personal data for specific, explicit and legitimate purposes:
Before each personal data processing activity, the purposes of data processing are determined and these purposes are complied with in accordance with the law.
Being related, limited and proportionate to the purpose for which the personal data are processed:
The personal data required to perform the purpose of data processing is limited and the necessary technical and administrative measures are taken to prevent the processing of personal data not related to this purpose.
Retention of personal data for the period required by the legislation or processing purposes:
Personal data is deleted, destroyed or anonymized after the disappearance of the purpose of personal data processing or the expiration of the period stipulated in the legislation.
Your personal data is processed by PROCAT in the presence of at least one of the personal data processing conditions set out in Article 5 of the LPPD. Explanations regarding these conditions are given below:
Having the Explicit Consent of the Relevant Person:
The personal data of the Relevant Person can be processed with his/her free will, having sufficient information about the personal data processing activity, in a way that leaves no room for hesitation and only if he/she gives his/her consent limited to that transaction.
Clearly stipulated by law:
Personal data may be processed within the framework of the relevant legal regulation without the Explicit Consent of the Relevant Person, if explicitly stipulated by law.
Failure to obtain the Explicit Consent of the Relevant Person due to the actual impossibility and the obligation to process personal data:
Personal data of the Relevant Person, who is unable to disclose his/her consent or whose consent cannot be validated, can be processed without seeking Explicit Consent if it is necessary to process personal data in order to protect the life or physical integrity of the Relevant Person or a third party.
If the personal data processing activity is directly related to the establishment or performance of a contract:
If it is necessary to process the personal data of the parties to the contract established or already signed between the relevant person and PROCAT, the personal data processing activity can be carried out without seeking explicit consent.
In order for the Data Controller to fulfill its legal obligation, it is mandatory to carry out personal data processing activities:
Personal data may be processed without seeking Explicit Consent in order to fulfill its legal obligations stipulated within the scope of the legislation in force.
The Relevant Person has made his/her personal data public:
Personal data that has been disclosed to the public in any way by the Relevant Person and has become accessible to everyone as a result of this publicization can be processed without the Explicit Consent of the Relevant Person, limited to the purpose of publicization.
Personal data processing is mandatory for the establishment, exercise or protection of a right:
If data processing is mandatory for the establishment, exercise or protection of a right, the personal data of the Relevant Person may be processed.
Provided that it does not harm the fundamental rights and freedoms of the Data Subject, data processing is mandatory for the legitimate interests of the data controller:
Personal data may be processed provided that the balance of interest of the Relevant Person is observed. In this context, in the processing of data based on legitimate interest, first of all, the legitimate interest that PROCAT will obtain as a result of the processing activity is determined. The possible impact of the processing of personal data on the rights and freedoms of the Relevant Person is evaluated and if it is concluded that the balance is not disturbed, the processing activity can be carried out without seeking Explicit Consent.
In Article 6 of the LPPD, sensitive personal data are specified in a limited number. These are; race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
PROCAT may process sensitive personal data by ensuring that additional measures determined by the PPD Board are taken in the following cases:
Having the explicit consent of the person concerned
Sensitive personal data of the Relevant Person can be processed with his/her free will, having sufficient information about the processing activity of sensitive personal data, without hesitation and only if he/she gives his/her consent limited to that transaction.
Clearly stipulated by law
Sensitive personal data may be processed within the framework of the relevant legal regulation without the Explicit Consent of the Relevant Person, if explicitly stipulated by law.
The fact that it is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid
Sensitive personal data belonging to the Relevant Person, who cannot disclose his/her consent or whose consent cannot be validated, can be processed without seeking Explicit Consent if it is necessary to process sensitive personal data in order to protect the life or physical integrity of the Relevant Person or a third party.
Regarding the personal data that the person concerned has made public and being in compliance with the publicization will
Sensitive personal data that has been disclosed to the public in any way by the Relevant Person and has become accessible to everyone as a result of this publicization can only be processed without the Explicit Consent of the Relevant Person, limited to the will to publicize.
Mandatory for the establishment, exercise or protection of a right
If data processing is mandatory for the establishment, exercise or protection of a right, the sensitive personal data of the Relevant Person may be processed.
Necessary for the purpose of the protection of public health, the execution of preventive medicine, medical diagnosis, treatment and care services, and the planning, management and financing of health services by persons under the obligation of confidentiality or authorized institutions and organizations
Persons under the obligation of confidentiality or authorized institutions and organizations may process data without the explicit consent of the Relevant Person, even if data processing is necessary for the protection of public health, the execution of preventive medicine, medical diagnosis, treatment and care services, and the planning, management and financing of health services.
Mandatory for the fulfillment of legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance
Sensitive personal data of the Relevant Person may be processed without his/her Explicit Consent if it is mandatory for the fulfillment of legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance.
Provided that the foundations, associations and other non-profit organizations or organizations established for political, philosophical, religious or trade union purposes are in accordance with the legislation and purposes they are subject to, are limited to their fields of activity and are not disclosed to third parties, they should be aimed at their current or former members and members or persons who are in regular contact with these organizations and organizations
Foundations, associations and other non-profit organizations or formations established for political, philosophical, religious or trade union purposes may process sensitive personal data without the need for Explicit Consent, provided that the Relevant Person is a current or former member/member or a person who is in regular contact with these organizations and formations, limited to his/her fields of activity, and provided that it is not shared with third parties, in accordance with the legislation they are obliged to comply with and their own purposes.
Within the framework of the purposes and conditions specified in this Policy, PROCAT processes the personal data of the Relevant Person within the categories of Criminal Conviction and Security Measures, Other (Accident Number), Other (Accident Date), Other(Plate), Other(Reference Information), Philosophical Belief, Religion, Sect and Other Beliefs, Finance, Physical Space Security, Visual and Audio Records, Legal Transaction, Race and Ethnic Origin, Communication, Transaction Security, Identity, Professional Experience, Personality, Health Information in accordance with the provisions of the KVKK and other relevant legislation.
PROCAT may transfer the personal data and sensitive personal data of the Relevant Person to natural persons and private law legal entities, shareholders, suppliers and authorized public institutions and organizations and other relevant persons by taking the necessary security measures for the purposes of personal data processing in accordance with the law. Accordingly, the regulations stipulated in Article 8 of the PPDL are complied with.
Even if the Relevant Person does not have Explicit Consent, if one or more of the following conditions are present, personal data may be transferred to third parties by taking the necessary care by PROCAT and taking all necessary security measures, including the methods stipulated by the PPD Board:
In addition to the above, personal data may be transferred to foreign countries declared to have adequate protection by the PPD Board in the presence of any of the above conditions. In the absence of adequate protection, in line with the data transfer conditions stipulated in the legislation, it can be transferred to foreign countries where the data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and where the KVK Board has permission without the Explicit Consent of the Relevant Person.
Sensitive personal data can be transferred by PROCAT in accordance with the principles specified in this Policy and by taking all necessary technical and administrative measures, including the methods to be determined by the PPD Board, and in the presence of the following conditions.
The processing of sensitive personal data is prohibited; these data can only be processed;
may be processed and transferred by taking adequate measures determined by the Board if there are exceptional circumstances.
In addition to the above, personal data may be transferred to foreign countries with adequate protection in the presence of any of the above conditions. In the absence of adequate protection, it can be transferred to foreign countries where the Data Controller / Data Processor undertakes adequate protection in accordance with the data transfer conditions stipulated in the legislation.
In accordance with Article 12 of the KVKK, PROCAT takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of the personal data it processes and to prevent unlawful access to the data, and to ensure the protection of the data, and to carry out or have carried out the necessary audits in this context.
The data protection principles adopted by PROCAT include:
PROCAT keeps personal data in accordance with the period required for the purpose for which they are processed and the minimum periods stipulated in the legislation to which the relevant activity is subject. In this context, first of all, it is determined whether a period is stipulated for the storage of personal data in the relevant legislation, and if a period is determined, this period is complied with. If it is not available in the legislation for a period of time, personal data are kept for the period required for the purpose for which they are processed. At the end of the specified retention periods, personal data are destroyed in accordance with the periodic destruction periods specified in the PROCAT Personal Data Retention and Destruction Policy or the application of the Relevant Person and by determined destruction methods (deletion and/or destruction and/or anonymization).
For detailed information, you can review the PROCAT Personal Data Retention and Destruction Policy (https://procat.com.tr/kisisel-verilerin-korunmasi-kanunu/?lang=tr).
PROCAT enlightens the Relevant Person in accordance with Article 10 of the KVKK. In this context, if the personal data is obtained from the Relevant Person himself/herself, during the acquisition; if it is not obtained from the Relevant Person, within a reasonable period of time from the acquisition of the personal data; but in any case, regardless of the request of the Relevant Person,
explained.
In addition to the above, it must be ensured that the said clarification includes the rights of the Relevant Person listed in the PPDL and this Policy. The following points are taken into account when lighting:
The legal rights that the Relevant Person can exercise in relation to personal data are listed below:
In accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller numbered 30356, the Relevant Person may submit his/her requests regarding his/her rights specified in this article to PROCAT by filling out the PROCAT Application Form in writing or by using the Registered Electronic Mail (REM) address, Secure Electronic Signature, Mobile Signature or the e-mail address he/she has previously notified and registered in our system.
PROCAT takes all necessary technical and administrative measures to conclude the applications to be made by the Relevant Person effectively, in accordance with the law and honesty.
Applications of the Relevant Person may be accepted or rejected by explaining the reason. The response to the application of the Relevant Person may be notified to the Relevant Person in writing or electronically.
In the event that the Relevant Person submits his/her request regarding the rights under Title VIII of the Policy titled Rights of the Relevant Person and Exercise of These Rights to PROCAT in accordance with the aforementioned procedures, the relevant request shall be concluded free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost and the conditions determined by the PPD Board are met, the fee in the tariff may be requested.
This Policy issued by PROCAT entered into force on 26.06.2020 and necessary updates will be made in case of renewal of all or certain articles of the Policy.
The Committee shall carry out the implementation, updating and announcement of this Policy.
The policy is published on the PROCAT website (https://procat.com.tr/kisisel-verilerin-korunmasi-kanunu/?lang=tr).
The initial stage of any project is to understand and analyse the needs of our customers. We propose solutions specific to our customer’s needs and always aim to become a valued and strategic partner.
