NARKASA YAZILIM TİCARET A.Ş.
THE PROCESSING AND PROTECTION OF PERSONAL DATA POLICY
The protection of personal data is directly related to the fundamental rights and freedoms of individuals, especially the privacy of private life. With this and the legal regulations of the Republic of Turkey and some international institutions and organizations in mind, NarkasaYazılım Ticaret A.Ş. (hereinafter referred to as "NARKASA") takes special care of the protection of personal data.
This ‘Processing and Protection of Personal Data Policy’ (POLICY) has been drafted to provide information about the collection, processing and protection of personal data of users, potential users, visitors of the NARKASA website and mobile applications, NARKASA employees, shareholders, officials (PERSON INVOLVED) in accordance with the Personal Data Protection Code No. 6698, European Union General Data Protection Regulation (GDPR) provisions and regulations and legal regulations of the country to which the person is subject.
This POLICY forms an integral part of the user contract concluded between NARKASA and the user who opened an account with the NARKASA platform.
NARKASA reserves the right to adjust and update this POLICY in order to comply with legislative changes.
INFORMATION WITH REGARD TO THE INFORMATION OBLIGATION
1.DEFINITIONS
a) Explicit consent: Informed consent on a specific subject which is announced freely,
b) Person involved : Natural person whose personal data are processed,
c) Code : The Personal Data Protection Code No. 6698,
d) Personal data : All types of information about an identified or identifiable natural person,
e) Processing personal data: the fully or partially automated or non-automated acquisition, recording, storage, safekeeping, modification, reorganization, disclosure, transfer, receiving, making ready for acquisition, classification, or the prevention of use of personal data and all types of actions taken on such data for the purposes of making them part of a data registration system.
f) Institution : The Institution for the Protection of Personal Data (https://www.kvkk.gov.tr/en/),
f) Data processor :A natural or legal person who processes personal data based on the authority given by the data officer on his behalf,
g) Data registration system : A registration system where personal data is processed according to certain criteria,
h) Data officer : The natural or legal person who determines the objectives and means of processing personal data and is responsible for the establishment and management of the data registration system,
2.DATA OFFICER
The personal data of the relevant persons will be processed by the "NARKASA YAZILIM TİCARET A.Ş.” registered with the Istanbul Chamber of Commerce under the registration number 184965-5.
3.PERSONAL DATA WHICH ARE TO BE PROCESSED
The personal data which will be processed by NARKASA are mentioned below.
|
Type of data |
Scope |
1 |
Identification data |
Name, surname, identity number, information on identity card / document, passport, information on passport, internationally valid driver's license, selfie with these documents. |
2 |
Address data |
Residential document, subscription invoice. |
3 |
Account data |
Username, password, e-mail address, account settings information. |
4 |
Internet data |
IP Address, country location information, operating system, network system, browser type and settings, computer and mobile device information, website and mobile applications user habits. |
5 |
Contact data |
Telephone number, e-mail address, address information. |
6 |
Legal person data |
Title, trade registry number, trade registry gazette, tax office, tax number, tax form, officer and shareholder information, representative information, list of authorized signatures, employee information. |
7 |
Financial data |
Bank name, IBAN and account number, swift information. |
8 |
Location Safety data |
Camera recordings, entry-exit recordings. |
9 |
Employee data |
Employment contract, payroll within the scope of the personal file, social security records, identity and contact information, annual leave and leave records, criminal record, graduation certificate, certificate, medical data, doctor reports. |
10 |
Candidate employee data |
Resume, identification and contact data, interview reports. |
11 |
Support/Assistance, Notification data |
All kinds of support / assistance, requests, complaints and notifications forwarded to NARKASA and their content. |
4.BASIC PRINCIPLES WITH REGARD TO THE PROCESSING OF PERSONAL DATA
When processing personal data NARKASA will comply with the basic principles set forth in the Personal Data Protection Code No. 6698 and the European Union General Data Protection Regulation (GDPR).
- NARKASA will act in conformity with the law and principles of integrity concerning the processing of personal data, i.e. the principles introduced by laws and other legal regulations.
- NARKASA will ensure that any personal data it processes are accurate and up to date.
- NARKASA will process personal data for specified, clear and legitimate purposes and will not use the data for purposes other than specified.
- NARKASA will keep any personal data it processes for the period required by the relevant legislation or for the purpose for which it is processed.
5.THE OBJECTIVE OF PROCESSING PERSONAL DATA
The personal data listed in article 2 of this POLICY will be processed for the following purposes:
- Execution of the activities set forth in the NARKASA AML / CTF and KYC POLICIES and fulfilling the obligations arising from the legislation, providing information to the authorized and competent institutions and organizations.
- Carrying out the services, business activities and other activities offered by NARKASA and conducting the necessary studies for these services for the benefit of the relevant persons and managing business processes.
- Planning and executing operational activities required to ensure that NARKASA services and activities are carried out in accordance with company procedures and / or relevant legislation.
- Up-to-date information about the services provided by NARKASA, especially information that will be useful for users in the effective and broader utilization of services and execution of the management processes of the relations with the user.
- Understanding the level of user satisfaction, responding to requests faster and improving the communication with the persons who use or follow the services and working towards improving and diversifying the services.
- Ensuring the legal, technical and commercial occupational safety of NARKASA and persons who have a business relationship with NARKASA.
- Communication with the relevant persons within the scope of other contracts or commercial relations.
- Planning and/or executing inspection activities.
- Ensuring the security of NARKASA services.
- Planning, inspecting and executing the information security processes.
- Forming and managing information technologies infrastructure.
- Follow-up of processes related to finance, accounting and/or invoicing.
- Follow-up of the legal processes, fulfilling legal obligations.
- Communication and correspondence with official institutions.
- Follow-up and finalization of support/assistance, complaints, requests and all types of notifications.
- Follow-up of the contract processes and/or legal requests.
- Execution of the management processes of relations with representatives, suppliers and/or other business partners.
- Planning and/or enforcing access rights of representatives, suppliers and/or other business partners.
- Ensuring that data is accurate and up to date.
- Keeping system records of and reporting on the services provided.
- Planning and/or execution of analyses on business activities.
- Planning and/or execution of occupational health and safety processes.
- Planning and/or execution of business continuity activities.
- Planning and/or execution of human resources processes and requirements.
- Managing processes related to employment.
- Planning and/or execution of employee benefits and perks.
- Planning and/or monitoring the employee performance evaluation processes.
- Planning and/or execution of employee access rights.
- Ensuring the security of the company premises, fixtures and resources.
- Applying to the courts, enforcement offices and arbitration boards in case of disputes.
6. METHOD OF COLLECTING PERSONAL DATA AND LEGAL GROUNDS
The personal data listed in article 2 of this POLICY, including but not limited to;
- Registration of the information given to NARKASA officials, representatives, employees directly or by telephone, which are registered by these persons in a data registration system, and / or signed contracts, by means of non-automated methods upon the presentation of any document,
- Are collected through automated means such as the website, mobile applications, social media accounts, internet-based communication forms, written or verbal notifications made to NARKASA via e-mail or online channels.
Some of the personal data listed in Article 2 of this POLICY are processed in accordance with the explicit consent of the person involved pursuant to paragraph 5/1 of Code No. 6698, and other personal data are processed in accordance with sub paragraphs (a), (c), (ç) ), (d), (e) and (f).
On the basis thereof personal data may be processed without the explicit consent of the person involved in case;
- It is explicitly prescribed by law.
- The processing of the personal data of contracting parties is necessary and directly related to the establishment or execution of a contract.
- It is mandatory for the data officer to fulfill his legal obligation.
- The data have been made public by the person involved himself.
- Data processing is mandatory for the establishment, use or protection of a right.
- Data processing is mandatory for the legitimate interests of the data officer, provided that it does not harm the fundamental rights and freedoms of the person involved.
7.TRANSFER OF PERSONAL DATA
The personal data listed in Article 2 of this policy may be transferred within TURKEY for the purposes specified in Article 4 of this policy with the explicit consent of the person involved and in conformity with the other conditions set forth in article 8 of Code no. 6698. Nevertheless, the personal data may also be transferred abroad with the explicit consent of the person involved and in conformity with the other conditions stipulated in article 9 of the Code in case NARKASA and the data officer in the relevant country guarantee adequate protection and with the approval of the Personal Data Protection Authority.
In this regard, personal data can be transferred to NARKASA's subsidiaries, shareholders, business partners, representatives, consultants, service providers, auditors, legally authorized / competent public institutions and organizations.
8.DATA PROTECTION RESPONSIBILITY
NARKASA or natural and legal persons who process data on behalf of NARKASA will store the personal data which they process confidentially in the databases and will take all necessary technical and administrative security measures to prevent illegal access to this data. NARKASA declares and guarantees that it shows the highest level of attention and care and that it performs or have performed the necessary inspections in this regard. In the event that personal data is illegally accessed, obtained and harmed, despite the security measures taken, NARKASA will immediately notify the person involved and the Authority of the situation.
9.RIGHTS OF THE PERSON INVOLVED
Within the scope of Article 11 of the Code, the person involved may at any time make the following requests to the NARKASA data officer regarding his own data;
- Informing whether personal data is processed.
- If that is the case, requesting information regarding the personal data processed.
- Requesting information about the purpose of processing his personal data and whether the data are used in accordance with this purpose.
- Requesting insight in to which national or foreign third parties the personal data are transferred.
- In the event that personal data are incomplete or incorrectly processed, requesting their correction and notification to third parties to whom the personal data are transferred.
- Requesting the deletion, destruction or anonymization of personal data in the event that the grounds requiring data processing cease to exist, even if the data have been processed in accordance with legal provisions and other relevant laws and the notification to third parties to whom the personal data is transferred.
- To object to any negative occurrences which have emerged as a result of analyses of the data processed exclusively through automated systems.
- Requesting to cover the damages incurred due to the illegal processing of personal data.
The requests of the person involved regarding the above-mentioned rights; may be sent in writing directly to https://support.narkasa.com, via his e-mail address registered with NARKASA or by postal service to the NARKASA’ office address at Huzur Mahallesi Maslak Ayazağa Caddesi No: 4 H / 201 Sariyer / Istanbul / Turkey. In case of a request made by a third party on behalf of the person involved, a power of attorney issued via a notary is also required for the applicant.
It is obligatory that the below mentioned information is mentioned in the application;
- Name, surname and if the application is in post a signature.
- For citizens of the Republic of Turkey T. C. identification number, for nationals of other countries the passport number or, if present, identification number.
- Official residential or company contact address.
- E-mail address, telephone and fax number.
- Request.
NARKASA declares and undertakes to finalize the request free of charge as soon as possible and within thirty days at the latest depending on the nature of the request.
In cases where the application is rejected by NARKASA, the answer given is insufficient or the application is not answered in due time; the person involved has the right to object to the Authority within thirty days from the date of receipt of the response of NARKASA and in any case within sixty days from the date of application.
EXPLICIT CONSENT OF THE PERSON INVOLVED
I have read, understood and agreed to all of the above mentioned information on the Information Obligation drafted by NARKASA Yazılım Ticaret A.Ş. in accordance with legal regulations. In this context I have been expressly informed about the fact that NARKASA acts as the data officer, what personal data will be processed, what basic principles need to be complied with in processing my personal data, the purposes of processing my personal data, the method of and legal grounds for data collection by NARKASA, how, where and to whom my personal data can be transferred, precautions regarding the security of my data and what rights I can assert.
I agree and declare that I expressly consent to the processing of my personal data by NARKASA or the data processors that it will authorize within the framework of the above mentioned information.