İş Asset Managament ("İş Asset" or "Company") attaches great importance to ensuring the confidentiality and security of the personal data of its customers, business partners, shareholders, employees and other natural persons who establish a relationship with us by applying for a job or visiting the website or in any other way.
This Personal Data Protection Policy ("Policy") has been prepared in order to ensure that the data processing activities carried out by İş Asset as a data controller are carried out within the framework of certain principles, procedures and principles in accordance with the Constitution and the Personal Data Protection Law No. 6698 ("PDP Law"), and that the Company's employees are informed and directed for this purpose. Phrases such as “we” and “our” in this Policy are used to refer to the İş Asset, unless expressly stated otherwise.
Explicit Consent; Means consent about a specific subject based on information and expressed in free will,
Related person; Means the real person whose personal data is processed,
Personal Information; Means any information related to the identified or identifiable real persons,
Processing of Personal Data; Means all kinds of processes performed on personal data including obtaining, recording, storing, keeping, changing, re-arranging, disclosure, transmission, acquisition, making available, classification or prevention of use in whole or in part, automatically or in non-automatic ways, being part of any data recording system,
Data Processor; Means a natural or legal person who processes personal data on his behalf on the basis of the authority conferred by the data officer,
Data recording system; Means the recording system in which personal data is structured and processed according to certain criteria,
Data Controller; Means a real or legal person responsible for identifying the purposes and means of personal data processing and installing and managing data recording system.
This Policy is a general disclosure notice prepared in accordance with Article 10 of the PDP Law, which determines the rules and policies to be applied by İş Asset regarding the processing of personal data and the rights of the data owner. Depending on the type and nature of the relationship between İş Asset and the data owner, it is possible for İş Asset to provide data owners with personal data policies and/or notifications different from this Policy. Such specific policies and notices provided to data owners may contain different or additional disclosures than those contained in this Policy. In this case, such special policies and notifications provided to data owners must first be taken into account.
In Article 3/I(d) of the PDP Law, "personal data" is defined as any information related to identified or identifiable real persons. In this context, anonymous data and data that cannot be associated with a specific person are not considered personal data under this Policy. Personal data is divided into two groups as general data and special data. Pursuant to Article 6 of the PDP Law, personal data related to a natural person's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership to an association, foundation or trade union, health, sexual life, criminal conviction and security measures, and biometric and genetic data are considered as sensitive personal data. In the event that sensitive data is processed, the special rules stipulated in the PDP Law shall be complied with.
Pursuant to Article 3/I(e) of the PDP Law, "data processing" refers to all kinds of transactions that can be carried out on personal data, such as obtaining, recording, storing, maintaining, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data in whole or in part by automatic means or non-automatic means, provided that they are part of any data recording system.
As İş Asset, we process personal data in accordance with the following principles within the framework of the purposes specified under the heading of "Purposes of Processing Personal Data" of this Policy:
İş Asset may process general and special personal data without explicit consent with the explicit consent of the data owner or in cases stipulated in Articles 5 and 6 of the PDP Law. Which data will be processed by İş Asset for each data owner may vary depending on various factors such as the type and nature of the relationship between the data owner and İş Asset and the communication channels used. In this context, some of the general and special data processed by İş Asset are shown below, but not in limited number.
As İş Asset, we may process personal data for the following purposes and may be retained for the period required for these purposes:
İş Asset may transfer personal data to third parties at home and abroad for the purposes shown under the heading of "Purposes of Processing Personal Data" of this Policy and store it on servers at home and abroad or in other electronic media, provided that it complies with the conditions stipulated in the PDP Law and takes the necessary security measures. Although the third parties to whom personal data may be transferred may vary depending on various factors such as the type, nature and markets in which the transaction is carried out, the relationship between the data owner and the İş Asset is generally as follows:
İş Asset may collect personal data in written, verbal, audio or video recording or other physical or electronic forms for the purposes specified under the heading "Purposes of Processing Personal Data" of this Policy. Although the type of relationship between the data owner and İş Asset may vary depending on various factors such as the type, nature and markets traded, the methods used to collect personal data are generally as follows:
As İş Asset, we process your personal data based on your explicit consent or the following legal reasons:
As İş Asset, we retain personal data only for the period necessary to achieve the purposes specified in this Policy, except where a longer period is legally required or permitted. Personal data whose retention period has expired is deleted, destroyed or anonymized by us within the framework of Article 7 of the PDP Law.
İş Asset attaches importance to taking the necessary technical and administrative measures in order to prevent unlawful processing of personal data and unlawful access to data and to ensure their protection within the framework of Article 12 of the PDP Law. In this context, the measures taken by İş Asset are listed below, including but not limited to:
Pursuant to Article 11 of the PDP Law, personal data owners have the right to learn whether their personal data has been processed, to request information about it if it has been processed, to learn the purpose of processing their data and whether it has been used in accordance with its purpose, to know the third parties to whom their data has been transferred in the country or abroad, to request correction in case their data has been processed incompletely or incorrectly, to request deletion or destruction in case the reasons requiring the processing of their data have disappeared, and to request notification of correction and deletion to third parties to whom your data has been transferred, to object to the emergence of a result against you by analyzing the processed data exclusively through automated systems, to request compensation in case of damage due to unlawful processing of their personal data. As the data owner, if you want to exercise any of your rights specified in Article 11 of the PDP Law, you can send us the Data Owner Application Form that we have prepared in order to evaluate your requests more healthily. İş Asset shall evaluate and finalize the request of the data owners within thirty days at the latest, depending on the nature of the request, in accordance with Article 13 of the PDP Law. Although the requests of the data owners will be concluded free of charge as a rule, if the response to the request requires an additional cost, the data owner may be requested to pay the fee determined within the framework of the relevant legislation.
It is possible for İş Asset to make changes to this Policy at different times. The current version of the Policy prepared by our company can be accessed on the İş Asset website and the changes that can be made in the Policy can be followed on the İş Asset website. As a rule, the changes will be made by uploading to the website of İş Asset and will be valid as of this date, however, İş Asset changes may be notified in other ways it deems appropriate.