Personal Data Protection and Processing Policy
ARTICLE 1- PURPOSE
TRANSBOSPHOR Maritime Transport & Trade LTD. (Hereinafter referred to as the ”Transbosphor”.) in accordance with its social and legal responsibilities, it undertakes to comply with the regulations on the protection, processing, and destruction of personal data. This Personal Data Protection and Processing Policy (the ”Policy”) is applied to the entire Company within the framework of the applicable legislation and is based on the nationally accepted basic principles regarding the destruction of personal data. It contains the framework and principles for carrying out the necessary destruction works within the scope of the relevant legislation.
The third paragraph of Article 7 of the Personal Data Protection Law (the “Law”) contains the provision “The procedures and principles regarding the deletion, destruction or anonymization of personal data are regulated by the regulation”. 22 of this provision and the Law. the first paragraph of the article of clause (e) pursuant to the personal data protection Board (“Board”) of personal data by deletion, destruction, or anonymization regulation (“the regulation”) was published in the Official Gazette numbered 30224 and dated 28 October 2017 prepared.
Based on the above regulation, the purpose of this Policy is to determine the procedures and principles for the deletion, destruction, or anonymization of personal data collected by the Company in the conduct of its activities in accordance with the Regulation.
ARTICLE 2- SUBJECT
In accordance with the provisions of the Law on the Protection of Personal Data No. 6698 (“KVKK”), all kinds of information that makes the identity of the user specific or identifiable, especially the identity information of the user, as Personal Data in the following scope, will be handled by the Transbosphor in the capacity of Data Controller.
Transbosphor prioritizes the protection and safe processing of personal data in all services offered to the User through the Site, taking all measures to protect the User’s personal data, paying the utmost attention to the security of the User’s personal data. In the same context, Transbosphor also aims to protect the privacy, fundamental rights and freedoms of the User’s private life.
ARTICLE 3- DEFINITIONS
Explicit Consent: Consent about a specific subject, based on information and expressed with free will.
Processing of Personal Data: Means all kinds of operations performed on the data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of the said data through the Site.
Personal Data Owner: The natural person whose personal data is processed.
Personal Data: Any information relating to an identified or identifiable natural person. Therefore, the processing of information regarding legal persons is not within the scope of the Law. E.g; name -surname, Turkish Republic Identity Number, e-mail, address, date of birth, credit card number, bank account number, etc.
User: The natural person visiting the Transbosphor website.
Sensitive Personal Data: Data related to race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are specials data.
Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system) is the data controller.
Data Processor: It is the natural and legal person who processes personal data on behalf of the data controller based on the authority given by him/her.
Data Registration System: It is the registration system in which personal data is processed and structured according to certain criteria.
Law: Code No. 6698 on the Protection of Personal Data.
Anonymization: Making data previously associated with a person incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
ARTICLE 4- ISSUES ABOUT THE PROCESSING POLICY OF PERSONAL DATA
4.1. General Principles in the Processing of Personal Data
Transbosphor processes and protects the personal data of Users within the scope of the Constitution of the Republic of Turkey and the Law on the Protection of Personal Data.
In this context, Transbosphor acts in line with the following principles:
- As a prudent trader, it acts in accordance with the principles brought by legal regulations and the general rule of trust and honesty in the processing of personal data,
- ensures that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights of personal data owners and their own legitimate interests within the scope of the Law on the Protection of Personal Data Code, along with other laws that it has to comply with within the scope of its activity,
- Clearly and precisely determines the purpose of processing personal data that is legitimate and lawful. In this context, personal data is provided or processed limited to the services to be provided and legal obligations. The purpose for which personal data will be processed is set forth before the personal data processing activity begins,
- Processes personal data in a way that is suitable for the realization of the determined purposes and avoids the processing of personal data that is not related to the realization of the purpose or that is not needed,
- Retains Personal data only for as long as required by the relevant legislation or for the purpose for which they are processed.
4.2. Personal Data Processing Conditions
Protection of personal data is a constitutional right. Fundamental rights and freedoms can only be limited by law, without affecting their essence, only depending on the reasons specified in the relevant articles of the Constitution. Pursuant to the Constitution, personal data can only be processed in cases stipulated by law or with the consent of the person.
Transbosphor, in this direction and in accordance with the Constitution; processes personal data only in cases stipulated by law or with the explicit consent of the person.
The explicit consent of the personal data owner is only one of the legal bases that makes it possible to process personal data in accordance with the law. Apart from explicit consent, personal data may also be processed in the presence of one of the other conditions listed below. The basis of the personal data processing activity can be only one of the conditions stated below, or more than one of these conditions can be the basis of the same personal data processing activity.
One of the conditions for the processing of personal data is the explicit consent of the owner. The explicit consent of the personal data owner should be disclosed on a specific subject, based on information and free will. The personal data of the data owner may be processed in accordance with the law without obtaining his/her explicit consent, if it is expressly stipulated in the law.
The personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to express his or her consent due to actual impossibility or whose consent cannot be validated, in order to protect the life or physical integrity of himself or another person.
Provided that it is directly related to the establishment or performance of a contract, it is possible to process personal data if it is necessary to process the personal data of the parties to the contract.
If the personal data has been made public by the data owner, the relevant personal data may be processed.
If data processing is necessary for the establishment, exercise or protection of a right, the personal data of the data owner may be processed.
Transbosphor carefully complies with the regulations stipulated in the Law on the Protection of Personal Data in the processing of personal data determined as “sensitive” by the Law on the Personal Data Protection.
In Article 6 of the Law on the Protection of Personal Data, certain personal data that carry the risk of causing victimization or discrimination when processed unlawfully are defined as “sensitive”.
These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
By Transbosphor, in accordance with the Law on the Personal Data Protection; provided that adequate measures to be determined by the Personal Data Protection Board are taken special categories of personal data are processed in the following cases:
If the personal data owner has explicit consent or if the personal data owner does not have explicit consent; Sensitive personal data other than the health and sexual life of the personal data owner, and in the cases stipulated by the laws, the sensitive personal data related to the health and sexual life of the personal data owner can only be used for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, health services and can be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purpose of planning and managing the financing of the company.
Despite the fact that it has been processed in accordance with the provisions of the Law on The Personal Data Protection and other relevant laws, personal data is deleted, destroyed or anonymized by the data controller, ex officio or upon the request of the data subject, in case the reasons requiring processing are eliminated.
ARTICLE 5- OBLIGATION OF DATA CONTROLLER TO INFORM
According to the Constitution of the Republic of Turkey, it has been revealed that everyone has the right to be informed about their personal data. Accordingly, in Article 11 of the Law on the Protection of Personal Data, “requesting information” is also listed among the rights of the personal data owner. In this context, Transbosphor provides the necessary information in case the personal data owner requests information in accordance with the Constitution and Law on the Protection of Personal Data.
At the same time, in accordance with Article 10 of the Law on the Protection of Personal Data, the personal data owners are responsible for the purpose of processing the personal data during the acquisition, to whom and for what purpose the processed personal data can be transferred, the method of personal data collection and the legal reason. It provides information about the rights of the data owner within the scope of Article 11 of the Law on the Protection of Personal Data. Every User who accepts the User Agreement on the Site and becomes a member of the Site accepts that this illumination is made for her.
In addition, Transbosphor provides information and transparency in personal data processing activities by announcing that it is processing personal data in accordance with all the issues in Law on the Protection of Personal Data and “law and honesty rule” with various public documents, especially this Policy.
ARTICLE 6- PROCESSING OF USER’S PERSONAL DATA
Although the personal data you share on the site may vary depending on the service provided by Transbosphor and commercial activities of Transbosphor; as long as you benefit from the products and services that can be collected and offered verbally, in writing or electronically, by means of automatic or non-automated methods, Transbosphor’s work units, website, phone calls, SMS records, e-mail addresses and similar means; and / or will continue to be updated and processed within legal periods.
Your collected personal data; The fulfillment of obligations by a legal and administrative Transbosphor, the establishment and execution of the contracts you have with the Transbosphor, you will receive from the Transbosphor/to be used in products and services that you will receive/you will receive regarding the products and services in order to communicate, deliver an active user of the service, also in this topic if you are allowed to be used in marketing activities, product/service offer, modeling, reporting, scoring, risk monitoring, intelligence studies and new product existing or potential user of detection, Transbosphor legal and commercial security of people who are in a business relationship with the supply of the formulation and implementation of commercial and business strategies of the Transbosphor, The Transbosphor, the on-site units and between the units coordination, cooperation and efficiency and development, the present and the future that may arise in legal disputes, and to answer the question of the demand from our users, ensuring the safety of the physical environment and the Transbosphor‘s website and other electronic systems., accepted in the legislation or the rules and policies of the Transbosphor to be notified of changes in, or made other notifications that interests you we provide you with contract and violations of the law to carry out our activities in order to enable the investigation, detection, prevention, and related administrative or judicial authorities as notified to the Law No. 6698 on protection of personal data to fulfil our legitimate interests 5. according to the article, the explicit consent of the data owner, the law clearly the prediction, due to the actual impossibility doesn’t explain consent in the case of legal validity of consent of the person or the life or physical integrity unrecognized mandatory to protect himself or others with the Transbosphor to check and/or with your signature being issued that is directly related to the formation or performance of the contract, provided that the parties to the contract to be required for the processing of personal data of the Transbosphor is mandatory for legal obligation to fulfill, be publicly available by you personally or data processing is mandatory for the protection of the property right of use, you avoid harm, provided that fundamental rights and freedoms of the Transbosphor mandatory for the legitimate interests of the data processing and 6. in accordance with the article, it is processed within the terms and purposes of personal data processing specified in the cases provided for by law with the explicit consent of the data subject.
ARTICLE 7- TRANSFERRING THE USER’S PERSONAL DATA
The personal data of the Users in Transbosphor for the purposes listed above are stored safely and are not disclosed to third parties outside the legal framework. Transbosphor, to persons, institutions and/or organizations, business partners, all authorities and channels required for the performance of the User Agreement, public legal entities such as Courts, Public Prosecutor’s Offices that have the authority to receive personal data, authorities, domestic /to our overseas affiliates; To companies that operate as an intermediary/agency, to third parties from whom services are received or provided to carry out the activities of the Site, to program partner institutions, organizations, domestic/foreign banks, funds, collaborating institutions, services/support/consultancy received or project Due to legal obligations, the user will be able to transfer personal data to domestic/foreign/international organizations of which it is a /program/financing partner and to organizations that receive independent auditing and support services, only within the framework of legal limitations.
ARTICLE 8– RIGHTS OF USER ACCORDING TO ARTICLE 11 OF LAW ON THE PROTECTION OF PERSONAL DATA NUMBER 6698
Pursuant to Article 11 of Law on The Protection of Personal Data “(KVKK)” No. 6698, personal data owners have rights,
- To learn whether personal data is processed or not,
- If personal data has been processed, requesting information about it,
- To learn the purpose of processing personal data and whether they are used in accordance with the purpose,
- Knowing the third parties to whom personal data is transferred in the country or abroad,
- Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
- Requesting the deletion or destruction of personal data in the event that the reasons requiring processing are eliminated, although it has been processed in accordance with the provisions of the and other relevant laws, and requesting the notification of the transaction made within this scope to the Law on the Protection of Personal Data, third parties to whom the personal data has been transferred,
- Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
- Requesting the compensation of the damage in case of loss due to processing in violation of The Law on the Protection of Personal Data.
At the same time, the User also acknowledges that, together with the use of the Site, they accept the provisions of the above paragraph, have knowledge about these issues, and in particular, are subject to Article 5 of the Law on the Protection of Personal Data No. 6698. and 6. it declares, accepts and undertakes that they have read and understood the regulations contained in the articles.
ARTICLE 9- DATA OFFICER WITHIN THE SCOPE OF THE LAW
In order to exercise your rights specified in Article 11 of the Law on the Protection of Personal Data, you can contact Transbosphor in writing or by using other means determined by the Personal Data Protection Board and the contact information specified below.
Address of Correspondence: TRANSBOSPHOR Maritime Transport & Trade LTD. Icadiye Mah. Cumhuriyet Caddesi Dundar Sokak No:19 34674 Uskudar/ISTANBUL/TURKEY
ARTICLE 10- FINAL PROVISIONS
If there is a mismatch between the provisions of the Law on the Protection of Personal Data and other relevant legislation and this Policy, the provisions of the Law on the Protection of Personal Data and other relevant legislation will be applied firstly.
Transbosphor may change the content of this Policy at any time it deems necessary. The Current Policy will take effect on the date of publication on the Site. The date of the last update is located at the beginning of the text.
In case of any dispute, the Transbosphor records will be valid alone and binding on the parties.