Menu
THE NOOR MARMARIS
444 34 74
RESERVATION
RESERVATION

Book now for an unforgettable experience!

Adult
2
Child
0 - 11 yaş arası
0
OK

Personal data protection and processing policy Contents

CHAPTER 1: GENERAL INFORMATION ABOUT POLITICS


1. Introduction
2. Purpose Of The Policy
3. Scope Of Policy
4. Effective Date Of Policy
2. PART A: CLASSIFICATION OF PERSONAL DATA
1. Personal Data
2. Sensitive Personal Data
3. CHAPTER: OWNER OF THE DATA GROUPS AND DATA CATEGORIES
1. Classification Of Personal Data
CHAPTER 4: PROCESSING OF PERSONAL DATA
1. General Principles In Relation To The Processing Of Personal Data
2. Personal Data Processing Conditions
3. Special Conditions For The Processing Of Personal Data
4. Purposes Of The Processing Of Personal Data
CHAPTER FIVE: THE TRANSFER OF PERSONAL DATA
1. Conditions To The Transfer Of Personal Data
2. International Transfer Of Personal Data Conditions
3. The purpose of the transfer of personal data transferred to third parties of personal data
4. Personal Data Intended To Be Transferred Abroad
6. SECTION A: THE METHOD AND LEGAL REASON OF PERSONAL DATA COLLECTION
1. The method and legal reason of personal data collection
7. SECTION A: PERSONAL DATA DELETION, DESTRUCTION AND ANONYMIZATION
1. Personal data deletion, destruction or anonymization
2. Time for the storage and disposal of personal data
8. SECTION A: MEASURES FOR THE SECURITY OF PERSONAL DATA
1. Technical Measures Taken To Ensure The Security Of Personal Data
2. Administrative Measures That Are Taken To Ensure The Security Of Personal Data
3. Physical Measures Taken To Ensure The Security Of Personal Data
4. The Procedure To Be Followed In The Event Of Unauthorized Disclosure Of Personal Data
5. Control Measures That Have Been Taken For The Protection Of Personal Data
6. Employees awareness about the protection and handling of personal data and supervision
9. SECTION A: PERSONAL DATA OF THE OWNER OF THE RIGHTS
1. Disclosure Of Personal Data To The Owner
2. The Rights Of The Owner Of Personal Data
3. The Exercise Of The Rights Of The Owner Of Personal Data
4. Personal Data Of The Holder Of The Right To Petition The Board For The Protection Of Personal Data
CHAPTER 10: STAFF RESPONSIBLE FOR ENSURING COMPLIANCE WITH THIS POLICY
CHAPTER 11: REVISIONS AND CHANGES
CHAPTER 1: GENERAL INFORMATION ABOUT POLITICS
Introduction
The Noor Hotels & Resorts (the“company”), as Under Law No. 6594 “data manager” acts like. The law on protection of personal data No. 6698 (“Law”), under our customers, potential customers, suppliers, visitors, our website users, the company shareholders, including but not limited to, the personal data of real people that are associated with our company is our priority. and we are in cooperation with the authorities of the institutions, employees, shareholders and representatives, in addition to the employee of our employees and candidates to ensure that they are processed in accordance with the law and secondary legislation, as the personal data of the persons concerned; they use efficiently the rights of the owners. Our activities, our company are the owners of the personal data of the personal data that are associated with all of this personal data protection and processing policy (“policy”) in accordance with the handling, storage and the operations we conduct in relation to the transfer. these and our company in relation to the processing of personal data and personal of this policy the basic policy of personal data protection of fundamental rights and freedoms of the data collected for this real persons and all necessary administrative and technical measures/actions that will be adopted. this kind of personal data.

Purpose Of The Policy

The main purpose of this policy of personal data by the owners of Business, Social Responsibility, and so forth, transmitted to us during our activities, personal data processing, storing, transferring, erased, or made anonymous to determine the methods to be followed in relation to it. Our company under the law "Data Manager" within the framework of the law as provided for by the acts.
In this context, we our customers, potential customers, employee candidates, the company's shareholders, the company, our customers are necessary to the owners of the personal data on our visitors , we aim to ensure transparency by making notifications. cooperation institutions and we are in The Noor Hotels & Resorts personal data processed by the company other third parties.
Scope Of Policy
This policy employees, our candidates, employee, shareholder/partners, visitors, business partners, customers, our potential customers, our suppliers, our affiliates, our website users/visitors etc. In other words, during the execution of all our activities that are associated with our company are the owners of personal data. This policy does not apply to any data that is related to the legal entity.
Processing personal data protection in the event of any inconsistency between this policy and with the applicable legislation, the provisions of relevant legislation in force shall apply.
Effective Date Of Policy
The date of this policy with effect from 1 June 2020, with the approval of the company has entered into force. This Policy was previously published on the website in the previous version of these policies are repealed as of the date of entry into force. Any changes to this policy need to be made when accordingly the relevant provisions will be revised. Details of any such changes to this policy this policy 11. The section are given.

2. PART A: CLASSIFICATION OF PERSONAL DATA

Personal Data
The term personal data includes all information as identified or identifiable natural person. This Privacy Policy the term personal data in accordance with the relevant legislation will include qualified private personal data.
Sensitive Personal Data
Qualified special personal data; a real person's race or ethnic origin, political opinion, philosophical belief, religion and sect, or other beliefs, physical appearance and clothing, Association, Foundation or trade union membership, health data, sex life or sexual orientation, criminal convictions, security measures with biometric data and genetic data on these people in real data.

3. CHAPTER: OWNER OF THE DATA GROUPS AND DATA CATEGORIES

The Classification Of Personal Data
Located in one of the following categories of personal data by the company of the Act 10. according to the article, by giving information to the owners of data are processed. In this section, this Policy in relation to the groups defined as the owner of the data under these categories, which categories of personal data processed within the scope of the relevant person and these, instead of the processing of personal data provides information on what kind. Such personal data, a data record being part of the system, partially or fully automated or non-automated systems processed 

 

Explicit consent of

a specific topic related to free will and described based on informed

 

consent to

personal data of the

personal data, the identity matching with other data in any way, even by

 

making Anonymous

can be determined to be associated with a real person to be brought in

to be brought

 

 

personal data is

any information regarding an identified or identifiable natural person (

 

personal data

personal data fully or partially automated, or any of the data

 

processing

recording the record to be part of the system with non-automatic means be obtained by,

 

be saved, storage, preservation, modification, re -

 

regulation, disclosure, transfer, acquisition, can be obtained from

 

the introduction, classification such as the Prevention of the use, or the data

 

on any operation that is performed on

personal data

personal data can be accessed in any way to the respective users and over again

 

Erased

cannot be used to be brought into

personal data

of the personal data cannot be accessed by anyone in any way, cannot be brought back

 

 

 

 

 

 

Credentials
Driver's license, birth certificate, residence certificate, passport, attorney ID card, birth certificate, marriage certificate, etc. the identification information is defined as any information in the document. The company processed by the candidates running of the company's shareholders, company officials, visitors cooperation of institutions owned by the employees, shareholders and authorities to personal data.
Contact information
Phone number, address, e-mail address etc. contact information is defined as. Committed by the company, customers, potential customers, prospective employee, company shareholders, company officials, visitors and also the company's in cooperation with institutions, employees, shareholders and authorities to personal data.
Geolocation Data
Who is the owner of the company when using the personal data of our employees the tools that determines the geographic location data, geographic location data is defined as. Personal data that is processed by the company the company's employees.
Customer information
Our business activities and in this context, as a result of transactions that are executed by the contact person about our business units, are obtained and/or generated data. The data rendered by the company to the customer.
Information for family members and relatives
The company and the owner of personal data personal data is processed for the purpose of protecting the legitimate interests of the owner of the information about family members and relatives. Processed by family members of employees of the company information.
Customer Transaction Information
Information relating to your use of our products and services, such records are necessary for the use of such products and services provided and claims by the customer consists of instruction. The data rendered by the company to the customer.
Physical Site Security Information
At the entrance to a physical site visit and documentation obtained during the recording and personal data relating to a physical site. Company officials our visitors, customers and cooperation information about the company that is processed by the employees of the institutions we are in.
Information Processing Security
During the conduct of our business activities technical, administrative, legal and commercial security of our personal data are processed for the purpose of ensuring. Visitors to third-parties, company officials and the cooperation of the institutions we are in the employees, the shareholders and the authorities about the information that is processed by the company.
Risk Management Information
Commercial, technical and administrative in order to manage our risks in this context, the generally accepted legal, business practices and in accordance with the principles of honesty personal data is processed with the method.
Financial information
The type of personal data with the company that was created according to the legal relations between the owner of any of the information, documents and records in relation to the personal data processed.
Personal information
The company with employees or employee-employer relationship, any interest in real people in order to obtain personal information which is processed personal data. Our employees and cooperation that is processed by the employees of the institutions we are in about the Company personal data.
Candidate Employee Information
Trade customs in accordance with the principles of honesty and a job applicant to be an employee of the company or the company in line with the human resource needs that are evaluated as a candidate for working persons with respect to the processed personal data with the company, or employee-employer relationship are the ones. Information about potential employees that are processed by the company.
Running Process Information
The company with employees or employee-employer relationship as they perform transactions relating to the commercial activities of every company in relation to their personal data are processed. Our employees with the cooperation of dealers that we are in the information about the company that is processed by the employees.
Employee performance and Career Development Information
Personal data, the company with employees or employee-employer relationship of those in the measurement of performance and their career development planning and policy in line with the company's human resources management purposes are processed. Personal data that is processed by the company the company's employees.
Benefits and other employee rights information
With the company employees or employee-employer relationship, which will be available within the side or in the future offered to those that are provided to other interests and the interests of the employees in relation to the objective interests of the planning and determination of eligibility criteria such as personal data processed for the purpose of tracking these authorizations. Personal data that is processed by the company the company's employees.
Legal proceedings and regulatory compliance information
Personal information our legal obligations and our rights as well as legal and related compliance with our company policies with tracking and identification of the demand in order to fulfil our obligations will be processed. Committed by the company, customers, potential customers, prospective employee, company shareholders, company officials, visitors, cooperation of the institutions in the employees, shareholders, authorities and third parties ' personal data.
Audit and inspection Information
Personal data are processed within the scope of legal obligations and compliance with corporate policies. Committed by the company, customers, potential customers, prospective employee, company shareholders, company officials, visitors, cooperation of the institutions in the employees, shareholders, authorities and third parties ' personal data.
Sensitive Personal Data
Law's 6. personal data as defined under. Running our candidates, our employees, the company, our shareholders, company officials and the cooperation that personal data is processed by the employees of the institutions we are in the company.
Health Information
Disability status, blood group, and our legal obligations to our employees, such as personal health information personal information is processed in order to provide extra benefit. Health of its employees, the company processes information.
Audio-Visual Recordings
Our business processes and operations during the execution of the audiovisual records can be retrieved. This data consists of data about our employees and visitors.
Marketing information
This information, the owner of personal data our products and services, usage styles, interests and needs by customizing it according to the personal data processed for the purposes of their processing and marketing of all kinds of reports and assessments created as a result of consists of. this sort of information. Information that is processed by the company about customers and potential customers.
Biometric data
This palm print data data data fingerprint, retinal scan data, facial recognition data, etc. the data consists of. Such data consists of data that is processed by the employees of the company.
Request/Complaint Management Information
Forwarded to the company in any claim or complaint to the personal data concerning receipt and evaluation. Committed by the company, customers, potential customers, prospective employee, company shareholders, company officials, visitors, cooperation of the institutions in the employees, shareholders, authorities and third parties ' personal data.
CHAPTER 4: PROCESSING OF PERSONAL DATA
General Principles In Relation To The Processing Of Personal Data
Personal data by the Company Law and this Policy is processed in accordance with the prescribed procedures and principles. The company acting in accordance with the following principles when processing such personal data is:
The principles of honesty and conformity to applicable laws;
Ensure that personal data is accurate and current;
Of personal data for specific, explicit and legitimate purposes, processed;
In connection with the purposes for which personal data are processed, limited and proportionally processing; And
They are stipulated in the relevant legislation or for the purpose of personal data processed up until the time that is required in store.
Personal Data Processing Conditions
Personal data personal data without the express consent of the owner of the company do not commit. However, upon occurrence of any of the following conditions without seeking the express consent of the owner of such personal data personal data processed will be able to be.
Related to the processing of personal data in this way is clearly stipulated in the law; This kind of processing personal data, the data owner or any other person may be required to protect the life or physical integrity, and in such cases should not be allowed to disclose the express consent of the data owner. actual or in case of impossibility of this consent is not considered to be legally valid in a case where. Directly related to the formation or performance of a contract, provided that the parties to the contract is required for the processing of personal data: for example, the creditor's bank account information, under a contract concluded between the parties for the purpose of payment of the amount can be taken. The principal's legal obligations to fulfill such data processing of personal data is required. the relevant person by himself to be made publicly available: in other words, the personal information previously disclosed, such a legal interest, for the protection of personal data disappeared, without requiring the express consent of the owner of personal data can be processed. this kind of personal data of the allocation, use, or is necessary for the protection of any claim or right. Record any damage on the basis of the processed data with your personal data in this way for the legitimate interests of the principal for the processing of such personal data is required. the data subject's rights and freedoms.
Special Conditions For The Processing Of Personal Data
The company is private nature of personal data without the explicit consent of the person concerned do not commit. Company, this particular qualified for the processing of personal data personal data protection as determined by the board will carry out the necessary actions to be taken adequate precautions. ,
Purposes Of The Processing Of Personal Data
The personal data collected by the company of the Act 5. and 6. in the articles held for the following purposes under the conditions of processing of personal data are processed. Personal data processed for the following purposes any of the conditions prescribed in the law of failure to provide the company with regard to the processing of personal data of personal data is the express consent of the owner.
The implementation of emergency procedures;
Information and/or data security procedures performance;
The management of access privileges;
Ensuring the security of the building;
The performance of the communication operations;
The realization of the process of storage and archiving;
Internal audit, investigations and intelligence, the conduct of operations;
The performance of risk management procedures;
Ensure the safety of movable goods and resources;
Management of the organization's operations and activities
The performance of management activities;
The performance of the commercial and administrative activities;
The provision of services and support to customers within the scope of the current service contract standards and related reporting;
The interests and needs of our customers by identifying services that will be offered to customers of the creation, updating and development;
Required by legal regulations, or as required to ensure that our legal obligations are met;
Campaigns, providing surveys and promotions;
Connect with people who have business relationships with the company;
Execution of advertising and marketing activities;
Compliance management;
Vendor/supplier management, and program services;
Statutory reporting
billing,
The planning and implementation of human resources policies;
The correct planning of strategies and business partnerships, performance, and management;
The company and its business partners of legal, commercial and physical security;
Management and communication activities with the provision of the planning and execution of institutional mechanism;
Ensuring data security at the highest level;
databases creation;
Debug web services and the development of the corporate web site;
Forwarding of personal data and contact with the owners of the company demands and complaints and complaints are managed to ensure that this request;
Productivity management;
The performance of the staff recruitment procedures;
Group companies on regulatory compliance issues related to staffing and providing support;
The activities of the group companies are conducted in accordance with the relevant regulations of the planning and execution of audit and surveillance activities to ensure that;
Group Companies, Company Law and regulations in the framework of providing support for the execution of the activities;
Execution and monitoring of financial reporting and risk management processes;
Company Law within the scope of the execution of transactions and follow-up;
Realization of operations for the protection of corporate reputation;
The creation of visitor records and follow-up;
The planning and execution of activities related to business activities and business continuity;
Finance and/or accounting procedures for monitoring;
The relevant legislation and competent authorities to provide information about preparation of controls to be performed by the competent authorities;
The planning and execution of corporate communication activities;
Performance planning and operational procedures;
Business partners and/or authorized personnel have access to Information, Planning and realization of suppliers;
The planning and execution of customer relationship management procedures;
Customer requests and/or complaints tracking
Contract procedures and/or the pursuit of legal claims;
The planning and execution of marketing research for sales and marketing activities of the service;
Sales and after-sales operations, purchasing, as well as the conduct of operations;
Products that are provided by the company and/or services to build customer loyalty and/or procedures to improve the planning and/or execution;
Maintain the performance of corporate human resources policies, and business applications for the purpose of evaluation in accordance with corporate human resources policies;
Obligations under the Occupational Health and safety procedures are met and the necessary actions to be taken;
Employment contracts on behalf of the employees of the company and/or fulfillment of the obligations arising from the relevant legislation;
Initiation of the process execution and termination of personnel;
Pay and performance evaluation procedures, wage and payroll management;
Training activities of the company, planning and/or implementation;
A business relationship with the company and the company for the purpose of providing legal and commercial security of persons;
Institutional activities of the company procedures and/or are conducted in accordance with applicable regulations necessary to ensure that the planning and execution of operational activities;
The company buildings and/or ensuring the security of buildings and facilities;
The company's assets (fixtures and equipment, etc.) and/or ensuring the security of resources;
Corporate, commercial and business strategies for the purpose of formulation and implementation;
Social responsibility of the execution of the activities carried out by the company;
The planning and execution of customs clearance procedures;
Excellence completion of procedures;
CHAPTER FIVE: THE TRANSFER OF PERSONAL DATA
Conditions To The Transfer Of Personal Data
As a company, the transfer of personal data as regards the regulations provided by law and adopted by the board of directors and shall act in accordance with and we'll take the necessary actions. The company is located in the relevant legislation, without prejudice to the exceptional circumstances, personal data and private personal data without the express consent of the owner of the data does not transfer any natural or legal person to qualified personal. However, personal data can be transferred in the following cases:
4 Of This Policy. Section 2. described in the article or in cases of
Sensitive personal data, for Paragraph 4 of this policy. Section 2. described in the article or in cases of
Health and the person's sex life or sexual orientation related to special personal data, however, Public Health Protection, preventive health care, medical diagnosis, treatment and health services for the purposes of real persons or institutions authorized under the obligation of secrecy may be transferred. services, health services planning, management and financing
explicit without requiring consent.
Environments that are used by the company for the transfer of personal data to the corporate intranet, electronic mail, hard copy, MS Excel worksheets, VPN, consists of methods, such as secure file transfer.
International Transfer Of Personal Data Conditions
Personal data is, as a rule, may not be transferred abroad without the express consent of the data owner. However, this Policy 4. Section 2. in case of any exceptional situations as defined in article and such third parties abroad in case of:
In order to ensure adequate protection of personal data found in any of the countries listed by the board, or
Such third party data in any of the countries that provide adequate protection in the absence of adequate data protection for data in Turkey and abroad in the countries involved in writing that they would commit to provide responsible, and also allows for the assembly,
Such personal data may be transferred abroad without their express consent.
The purpose of the transfer of personal data transferred to third parties of personal data
4 Of This Policy. The item can be transferred to the personal data for the purposes as specified in the following:
Our suppliers;
Business partners and business contacts;
Subsidiaries and group companies;
The Noor Hotels & Resorts;
Law enforcement and public institutions and organizations;
Legally authorized private persons/organisations;
Shareholders;
The server of the company for domestic and foreign service providers; And
audit firms
this policy is described in accordance with the principles and rules of technical and organisational provided that all necessary measures are taken.
Personal Data Intended To Be Transferred To Foreign Countries
The company's ongoing activities abroad due to limited personal data for contact information pursuant to the express consent of the owners of personal data, that consent to be limited by the scope of the following may be transferred abroad, shall be limited to: non-resident foreign business partners with the operational procedure.
6. SECTION A: THE METHOD AND LEGAL REASON OF PERSONAL DATA COLLECTION
The method and legal reason of personal data collection
Personal data by the company from our internet site, e-mails, application forms, claim forms, secure electronic transactions, printed forms, registration forms, and physical channels through a variety of technical and procedural methods or tools such as oral, written as collected. within the framework of our business services with the aim of providing our customers with partially or fully automated systems for processing to be part of a data recording system provided through or non-automatic systems or by means of a digital environment, in this context, the legislation in force in the performance of our business activities, contracts, receivables, commercial, customary and arising from that are based on the principles of honesty viable, for legitimate reasons, the fulfillment of legal obligations in this regard, the company set up business relationship with our customers fulfilment of the requirements that have, and in this context, the mutual rights of using the property, the protection of personal data and the company's legitimate interests of the owners have provided the protection of the basic rights and freedoms protected in this way are a business relationship with the company. In this context, the characteristic methods for the collection of personal data, the purpose of collection of personal data and in this context, the activities are as follows:
Building and facility Entrances, security cameras in buildings and facilities monitoring study
The company, security camera monitoring activities within the scope of the excellence of the services provided to improve, and to ensure reliability of these services, the company and other persons to ensure the safety of customers and aims to protect the interests of customers. this kind of customers associated with the services provided.
The Legal Basis Of The Activity Monitoring Camera
Video monitoring activities undertaken by the company, in accordance with the Private Security Services Act and related legislation are carried out.
Giving Information About Camera Monitoring Activities
10 Of The Law On Protection Of Personal Data. according to the article, the owner of personal data the company provides the necessary information in this regard.
Camera monitoring activities regarding the company Policy published on the website (online policy change), and where the observation is made inputs (giving information) related to camera tracking was put up a sign.
The purpose of this activity be limited to the aim of the activity and camera monitoring
Camera surveillance activities performed by the company for the purposes of the intended purpose of this policy is limited. Beyond the intended security objectives for which the fields that will be more invasive of the privacy of individuals (eg. toilets, prayer rooms, etc.) activity is not subject to monitoring with the camera.
Seized Ensuring The Security Of Personal Data.
12 Of The Law On Protection Of Personal Data. according to the article, with the camera monitoring of activity by the company for ensuring the security of personal data that is collected as a result of this Policy as specified reasonable technical and administrative measures we are taking all. .
Camera monitoring the activity obtained by authorized persons access to the personal data personal data transferred and that the parties
Security camera footage of digitally captured and stored only a limited number of the company's employees are able to access. On the other hand, corporate security personnel, and administrative staff can watch live streaming video from security camera systems. Such images are not allowed access to others.
Building and facility entrances, building, and site visitors in the entry-exit monitoring of the process
For the purposes of providing security for the company and this policy is defined for the purposes of the company building and entrance and exit of visitors to the premises for the purpose of an audit of the operations of personal data processing.
People who visit the company as a guest in the building license plates taken with the owners of personal data and the names and surnames of the company's articles or in any way placed in various parts of the building that can be accessed are as informed as you should. their guests.
Website Visitors
The company's website for its visitors for the purposes of visiting such web sites, the web site is to navigate, in order to provide website visitors online to record their activities, technical methods (eg. visit their websites, provide you with content, special visitors, and all the activities they can carry out online advertising. Visitors of our website "Cookies Policy" in line with our obligation are presented and export the necessary information to our visitors, this comprehensive information provided to the visitors.
The Company's Mobile Applications
The company in order to facilitate the provision of services to our customers, developing mobile applications to mobile devices by downloading our customers use. The export obligation, the necessary information to customers that use our mobile applications within the scope of the express consent of the customer before entering any personal information provided by them comprehensive information is taken.
7. SECTION A: PERSONAL DATA DELETION, DESTRUCTION AND ANONYMIZATION
Personal data deletion, destruction or anonymization
In relation to the processing of personal data the company in the case of the disappearance of the terms, other applicable laws and regulations, without prejudice to the provisions of personal data ex-officio or upon the request of the owner of the personal data is deleted, destroyed or made anonymous to be committed. Personal data deletion, destruction or anonymization for those Reserve. Personal data will be deleted when this data is used to to prevent them from re are destroyed or recycled. Data destruction procedures determined by the company in periods of periodic destruction, destruction is accomplished by having a formal documented report of the process.
Time for the storage and disposal of personal data
The company as stated in the relevant legislation on protection of personal data, the personal data throughout the time stipulated in the relevant legislation is keeping. If the storage period of personal data is regulated in the legislation, personal data, company procedures in relation to the processing of personal data during transactions, and trade practices will be processed until the required period, and then the personal data can be processed. to delete, make anonymous, are not subject to or to be destroyed.
7 of the regulations.according to the article, the personal data KVK Act 5. and 6. under the terms of the articles can be processed. This is the whole of the disappearance of processing conditions in the case of personal data by the company on its own motion or upon the request of the person concerned destroyed (deleted, destroyed or made anonymous) should be.

Personal data is processed and for the purpose stipulated in the disappearance of the relevant legislation and/or by the company in the event of the end of the specified retention period, the personal data in question, however, may be stored in order to provide potential legal evidence in case of disputes. or to claim rights or the defense of these rights in relation to this personal data. In such cases, the personal data are stored for the time the company, the personal data are stored for the time the time the personal data are stored, the personal data are stored for the time the personal data are stored with the times, without regard to the legal provisions in cases of retention period of personal data and the like, the company is determined by considering the requests in the previous examples. the timeout period has expired. In this case, your stored personal data with relevant personal data for any other purpose and are unavailable, however, the legal dispute in the resolution of cases that should be used can be accessed. The end of the retention period defined in this paragraph with the personal data in question to delete or make anonymous are not subject to be destroyed.
The Periodic Destruction Of Personal Data

The periodic destruction of personal data, however, the disappearance of the conditions in the law KVK personal data are processed, in the case of ex-officio to be performed by the company to delete, destroy, or anonymous in the process of making it will be possible.

Personal data are ex-officio deletion, destruction or anonymization of the regulations 11. under the provisions of the regulated. In this context, the personal data the company to delete, destroy, or arises after the date the obligation to make the periodic destruction of the first anonymous in the process, personal data, delete, destroy, or makes it anonymous.

In question was the periodic destruction of the company's legal obligation or a legitimate purpose for data storage within 6 months from the date of completion is performed.

KVK board, compensation is difficult or impossible in case of birth and a clear violation of the law of damages, the above-mentioned term has the authority to reduce

 Recording Media Of Personal Data

By the company Relevant to the person personal data, documents, files, CD, floppy disk, Hard Disk, Server, company, Micro ERP, CRM Company (LIAS, PIN, SAM3, BAAN, KODEG), the OpEx, OPERA for storing data, such as applications with suitable materials and environments are recorded. Which personal data in the following table how/where recorded shows.
7 Of The Regulations Our Company.in the article, in accordance with the principles of personal data deletion, destruction or 4 of the law KVK in making anonymous.of the article with the general principles, 12. in the context of the item that need to be taken technical and administrative measures, the provisions of the relevant legislation, the decisions of the board of KVK and this Policy is committed to complying.

Our company in this regard, personal data to be disposed of in accordance with the law, all necessary technical and administrative measures to ensure the appropriate level of security of personal data is

8. SECTION A: MEASURES FOR THE SECURITY OF PERSONAL DATA
Unlawful processing of personal data that is processed by the company, unlawful processing, and provided adequate security to prevent unlawful access to this data that is processed by the company and the level of necessary technical and administrative measures for the protection of personal data and the necessary checks are done or is done. Law 12. item.
Technical Measures Taken To Ensure The Security Of Personal Data
These measures, including measures to ensure the security and protection of personal data limited to:
Network security and application security is provided, the transfer of personal data across the network or off in a computer network system used, Computing Systems acquisition, development and maintenance related to the necessary security measures are taken within the company provided technical organization. personal data are stored and processed in accordance with the relevant regulations of the purpose, Data Masking is applied as a necessary precaution, intended to ensure the security of personal data storage databases the technical infrastructure has been created. ;Subject to control and follow the procedures established technical infrastructure is held;the received reporting procedures for control processes with technical measures is determined by Technical measures are periodically updated and revised ;the Associated risks are reviewed, and the necessary technological solutions are created;Up- to-date anti-virus protection, firewall, and other similar software or hardware products are used in accordance with technological developments and security security systems are installed; personal data is collected and detected security violations migrated from applications where periodic security scans is removed;Personal data is stored securely in accordance with the relevant legislation to ensure that the backup programs are used;Data storage environments and/or authorized personnel access to data and access to data are stored is limited strictly by the purpose. access to personal data where the data is stored instantly by keeping log records storage areas to authorized personnel for unauthorized access or access attempts are reported, the logs periodically review and expert technical staff are employed, a user account is subject to monitoring and control systems are available and Management Authority; Hi, is held so as to prevent any intervention from the user; private qualified personal data by e-mail must be transferred when the pep of a private nature such personal data encryption and always address (registered email address) or using a corporate email account; Sensitive personal data secure encryption and/or cryptographic keys and are managed by different units are used; Cyber intrusion detection and prevention systems. ;Penetration testing is performed;Cyber - security measures are taken and subject to continuous control of the implementation is held;Encryption is provided.
Administrative Measures That Are Taken To Ensure The Security Of Personal Data
These measures shall be limited to measures for the protection of personal data:
The employees of our group companies and our subsidiaries, including access to personal data, data security, data use, storage and disposal for institutional policies and procedures for the use of databases and applications that contains the following policies have been established for the use of tools and equipment. personal data publication and implementation;
Employees duly informed and trained about the processing of personal data protection and in accordance with applicable law;and
Data security training and awareness raising activities have been organised for employees on a regular basis;
Published contracts with our employees and/or institutional policies in the context of personal data in violation of the law committed by the company's employees are determined measures to be taken in case;
Unlawful processing of personal data concluded the contract with our employees and procedures, contains provisions that impose obligations to prevent unlawful use and disclosure and, in this context, awareness, and control the relevant activities are carried out;
Employees of the company, is subject to disciplinary action regarding data security;
Our employees in violation of the provisions of the act of holding, and processing personal data except for the purpose of explain it to someone else to reprocess are informed about their obligations. this kind of personal data will continue to be valid even after he left the affairs of that for them and promised in writing that such employees would not work or will not disclose such personal information;
Access to personal data, data security, use, storage and disposal issues are organized and implemented corporate policies;
The company transferred the contracts concluded between the parties in accordance with the law, personal data in the personal data necessary for the protection of data being transferred to and included provisions that take security measures. personal data and their institutions to ensure compliance with such measures;
Our company has access to the personal data of its employees, scopes, roles and responsibilities of these employees/access to the personal data and is determined according to the duties and powers are restricted are periodically revised accordingly, authority matrix is created, and the powers of employees leave from work or navigated to a change of place is removed;
Data security, privacy and personal data protection in the area of current developments in legal and technical consulting services that needed to be monitored and taken necessary actions are taken;
Collaboration responsible for compliance with the law and the secondary legislation investigated commit data and other data, the necessary instructions are given in harmony and an awareness of the importance provided;
Issues with being duly notified without delay to the security of personal data;
The security of personal data is subject to monitoring;
The volume is reduced as much as possible of personal data;
The subject of personal data are subject to personal data security and backup in the backup is also provided;
Internal periodic and/or random checks are done and/or are assigned;
Current is determined risks and threats;
For the security of personal data is defined and implemented special protocols and procedures;
Environments that contain personal data/environments, input and output necessary safety precautions are taken;
Personal environment where the data resides, the external risks (eg. fire, flood, etc.) is protected against;
Data security is provided to raise awareness of service providers who process personal data;
Accordingly, the technical staff is employed; And
Unlawful personal data by unauthorized persons of personal data in question to about reaching that enables timely notification to the owner and the personal data protection board established and the system was implemented.
Physical Measures Taken To Ensure The Security Of Personal Data
In the profession of personal data hiding place-based physical access measures are taken;
Documents that contain personal data, and archiving/storage equipment are stored in locked cabinets;
Systems are used in the study area;
Workspaces without interfering with the privacy of employees, closed circuit camera (CCTV) is monitored by;
Retention tools and documents that contain personal data, the law on protection of personal data and in accordance with the rules and procedures prescribed under this policy are destroyed in a secure manner, to prevent data loss, back up and is subjected to.
The Procedure To Be Followed In The Event Of Unauthorized Disclosure Of Personal Data
Article 12 Of The Company Law. according to the article, unlawful personal data processed by third parties has been reached as soon as possible and no later than within 72 hours to determine whether the corresponding data from the owner and the board to provide feedback.
Control Measures That Have Been Taken For The Protection Of Personal Data
12 Of The Law On Protection Of Personal Data. according to the article, if the company has an internal audit in 6 months doing it deems necessary or outsourced. Internal audit results are reported to the relevant unit of the company within the scope of the procedures and measures necessary for the improvement of actions are taken.
Protection of personal data and on the handling and supervision of employees Awareness
The company's current and newly hired employees in any business unit and its employees, and of preventing access to such unlawful and unlawful processing of personal data in order to create awareness about the protection of personal data provides the necessary training should be given. their current awareness training to the employees of the company are provided once every 4 months.
9. SECTION A: PERSONAL DATA OF THE OWNER OF THE RIGHTS
Disclosure Of Personal Data To The Owner
Article 10 Of The Company Law. during the collection of personal data according to the article, if any company representative's identity, the purposes of the processing of personal data, where personal data are processed and for what purposes, to whom about owner description/information. processed personal data with the method of collection of personal data and legal basis of personal data may be transferred the rights of the owner.
The Rights Of The Owner Of Personal Data
11 of the law. according to the article, regarding the rights of the owners of personal data the company provides the following information:
Such personal data has been processed, if learning; such personal data is processed, claim knowledge of it; their purpose is used according to whether the processing of personal data and purposes of learning; knowledge about international or domestic personal data be transferred to third parties of personal data Processed, contain incomplete or inaccurate information, if you request to have them corrected, to request the deletion or destruction of personal data pursuant to the terms of the act of prescribed 7. Article 11 of the law. Paragraph (D) and (E) in accordance with paragraphs transactions, requesting to be notified of personal data transferred to third parties; by analyzing the processed data exclusively through automated systems of personal data and the emergence of a result against the owner; loss due to unlawful processing of personal data of the holder of personal data and/or damage to the remedy of damages in case of demand.
Rights Of Personal Data To Be Used By The Owner
The owners of personal data, www.ozakglobal.com through our website at this Policy on the exercise of rights as defined demands, the “application form”, fill out the following conditions and in accordance with the methods described on our website, you may submit to the company. "Application form" is located.
Personal Data Of The Holder Of The Right To Petition The Board For The Protection Of Personal Data
The rejection of the application made by the owner of personal data or the personal data given to him by the owner of the company didn't find enough to answer within the period is not answered by the company or, in the event the owner of the personal data; the answer from the date of receiving Thirty (30) days, and each case from the date of application sixty (60) days to the board within a formal complaint.
The Personal Data Of The Data Owner The Right To Refuse The Application Of Principal
This is the company's policy is specified certain conditions are met in the case of personal data has the right to reject the application made by the owner. In his capacity as the company responsible for the personal data of the owner of the data, the right to reject the application states that you can use are as follows:
Relevant personal data in relation to the application made by the owner of the subject of personal data;
The official of the personal data in question istatistikilestirme after it has been rendered anonymous Operations Research, Planning, Statistics, etc. if committed for the purpose;
Personal data of national defense, national security, on the condition that he shall not constitute a crime against public or within the scope of freedom of expression or art, history, literature, or science is committed for purposes such as security, public order, economic security, privacy or the rights of related persons;
Such personal data in national defense, national security, public safety, public order, or the provision of economic security as well as public institutions conducted by designated and authorized by law, preventive, protective, and intelligence activities within the scope of processing in the case of ;
Such personal data investigation, prosecution, trial, or if the execution or judicial executions committed by the authorities in relation to;
The processing of personal data if it is necessary for a criminal investigation or prevention of crime;
Previously, the owner of personal data by non-public personal data processing;
Prescribed by law and authorized by public agencies and public organizations and professional organizations authorized audit or regulatory disciplinary investigation or prosecution for the fulfillment of tasks is required for the processing of personal data;
The budget of the processing of personal data, tax and financial matters, it is necessary for the protection of economic and financial interests of the state;
Personal data of the owner of the relevant demand, be able to interfere with the rights and liberties of others;
Demands that require disproportionate effort; And
If the requested information is public information,
You may use the right to reject the application in his capacity as responsible for the company data.
CHAPTER 10: STAFF RESPONSIBLE FOR ENSURING COMPLIANCE WITH THIS POLICY
The decision of the top management of the company with this Policy and this Policy and related policies for the management of personal data within the company arising committee was formed. The committee of the owners of personal data the personal data of the personal data law, in accordance with this Privacy Policy and other policies of or arising from use and related storage and processing all the necessary procedures for performing competent and responsible. this Policy. The primary responsibilities of the committee include the following personal data:
Basic policies regarding the protection and handling of personal data to be submitted for approval to the creation and implementation of senior management;
Protection and processing of personal data-related policies and procedures to be agreed on the application and control of performance, in this context, and ensuring the coordination and assignment of the premises to be submitted for approval to senior management;
Determining the necessary actions to ensure compliance with the law on personal data protection and other relevant legislation, and that this action be submitted for approval to senior management and the implementation of supervision and coordination;
And regarding the processing and protection of personal data within the company, collaboration, participation in awareness-raising among other institutions;
In relation to the processing of personal data by the company to ensure that all necessary actions are taken to identify potential risks and recommendations for improvement to senior management and to be submitted for approval;
The protection of personal data and the implementation of policies for the identification and ensure the implementation of training activities;
That are made by the owners of personal data, as final and definitive application to be resolved;
Of personal data in relation to the processing of personal data on the legal rights of the owners informed as required to ensure coordination of processes and information and training activities,
Related to the processing and protection of personal data and the basic policies for the implementation of this policy amendment to be submitted for the approval of top management;
To follow the developments and regulations related to the protection of personal data, in accordance with the regulations on these developments and make recommendations to senior management actions to be taken within the company;
The Coordination of the relationship between the committee and the personal data protection board; And
The protection of personal data to be given by the senior management of the company on the fulfillment of other functions.
CHAPTER 11: REVISIONS AND CHANGES
The Company Law and the secondary legislation to be made in the decisions of the board any changes and/or developments in the sector in line with this Privacy Policy and this policy is effective from arising in relation to other policies and reserves the right to change it. or informatics of them. Any changes to this policy immediately in the text are included, and comments on such changes is provided in this section.
21/01/2025 : this personal data processing and protection policy was enacted by approved by the company.
If deemed necessary by the company, this policy may be revised. In the case of revision, in relation to this matter , the guests informing will be made.