Terms Of Personal Data

YILDIZ TEKNOLOJİ GELİŞTİRME BÖLGESİ TEKNOPARK ANONİM ŞİRKETİ

POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

As Yıldız Teknoloji Geliştirme Bölgesi Teknopark Anonim Şirketi ("YTU Yildiz Technopark"), we care about the protection and processing of your personal data in accordance with the Law on the Protection of Personal Data No. 6698 (the "Law"). This Personal Data Protection and Processing Policy (the "Policy") has been prepared in order to make statements about the personal data processing activity and the processes for the protection of personal data, to ensure transparency and compliance with the law in practice and to inform the real persons whose personal data has been processed by YTU Yildiz Technopark.

This Personal Data Protection and Processing Policy is related to all personal data processed for our company's employees, business partners, suppliers, visitors and real third parties, provided that they are a part of our system in any manner.

• Acting in accordance with the law and integrity rules,
• Being correct and up-to-date when required, 
• Processing with certain, explicit and legitimate objectives,
• Personal Data being linked to, limited and measured with the purpose of being processed
• Personal data being maintained for the time stipulated in the relevant legislation or for the time required regarding the purpose for which they are being processed.

• The Processing of Personal Data is clearly prescribed by the law
• No explicit consent of the related person being available due to actual impossibilities
• Direct relation with the establishment or execution of the contract
• Performance of the legal obligations by YTU Yildiz Technopark
• Personal data owner declaring the personal data as public
• Data processing being compulsory for the establishment or protection of a right
• Data processing being necessary for the legitimate interest of YTU Yildiz Technopark

• Sensitive personal data other than health and sexual life may be processed without seeking for explicit consent if this is explicitly stipulated by the law, otherwise with the explicit consent of the data owner.
• Sensitive personal data relating to health and sexual life may be processed by the authorized institutions and organizations and the persons under the obligation of keeping secret for planning and managing the financing planning and healthcare services and executing protective medicine, medical diagnosis, treatment and care services and protecting public health without seeking for any explicit consent, otherwise with the explicit consent of the data owner.

• Relevant activities related to the transfer of personal data being explicitly stipulated in the law,
• The transfer of personal data by the Company is directly related to and required for the establishment or execution of a contract;
• The transfer of personal data is compulsory for our Company to fulfill its legal obligations;
• The transfer of personal data by our Company in a limited manner for the purpose of making it public, provided that it has been made public by the data owner;
• The transfer of personal data by the Company is mandatory for the establishment, use, or protection of the rights of the Company or the data owner or third parties,
• Personal data transfer activity is mandatory for the legitimate interests of our Company, provided that such transfer does not violate the fundamental rights and freedoms of the data owner,
• The existence of an obligation to protect the life or bodily integrity of the person who cannot explain his/her consent due to actual impossibility or whose consent is not deemed valid in legal terms.

Any personal data obtained by YTU Yildiz Technopark and included in this Policy may be processed for the following purposes.

• Conducting the Process of Employee Candidate/Trainee/Student selection and recruitment, 
• Conducting the process of employee candidate application processes,
• Performance of assignment processes,
• Planning of Human Resources Processes,
• Conducting the communication activities, 
• Conducting the wage policy, 
• Conducting the finance and accounting activities,
• Fulfillment of the obligations arising from the employment contract and legislation for the employees,
• Conducting the fringe benefits and interests processes for employees, 
• Tracking and conduct of legal affairs,
• Conducting the communication activities, 
• Execution of goods/services purchasing processes, 
• Execution of goods/service sales processes, 
• Conducting customer relationship management processes, 
• Conduct of investment processes, 
• Conduct of contract processes, 
• Conduct of information security processes, 
• Conduct of goods/services after sales support services, 
• Performance of marketing analysis procedures, 
• Creating and tracking visitor records, 
• Conduct of management activities, 
• Providing information to authorized persons, institutions and organizations, 
• Tracking of requests/complaints, 
• Assuring physical field security, 
• Conduct of information security processes,  
• Management of access authorizations, 
• Performance of storage and archive activities, 
• Receiving and assessment of suggestions of the improvement of business processes, 
• Conduct of activities for customer satisfaction, 
• Conduct of marketing processes of products / services, 
• Performance of Advertising/Campaign/Promotion Processes

The following administrative and technical measures are taken by YTU Yildiz Technopark in the processing and storage of personal data, within the framework of the responsibilities regarding the data controller in Article 12 of the Law, in order to store personal data securely and to prevent unlawful processing and access.

• Physical environments containing personal data are protected against external risks (fire, flood etc.).
• Network security and application security are ensured.
• Log records are maintained in such a way that there is no user intervention.
• Security measures are taken within the scope of supply, development and maintenance of information technology systems.
• Intrusion detection and prevention systems are used.
• Up-to-date anti-virus systems are used.
• Firewalls are implemented.
• Cyber security measures have been taken and implementation of such measures is constantly monitored.
• Encryption is performed.
• Security of environments containing personal data is ensured.
• Access logs are maintained regularly.
• The security of personal data stored in the cloud is ensured.

• Except for the non-related department managers, there will be no authority to display.
• Personal data is reduced to the extent possible.
• An alarm system is available.
• Necessary security measures are taken for entering and exiting physical environments containing personal data. 
• Personal data security issues are reported promptly.
• Personal data security is monitored.
• Periodic and/or random audits are carried out within the organization.
• Personal data security policies and procedures have been identified.

The data owner shall have the right to apply to the data controller and make a request in accordance with the article Article 11 of the Law. You can file an application and make a request to YTU Yildiz Technopark on the following issues within the scope of this right stipulated by the Law. 

• To learn whether your personal data has been processed or not,
• To request information regarding your personal data if it has been processed,
• To learn the purpose of processing your personal data and whether they are used appropriately in accordance with this purpose,
• To have information about the third parties to whom your personal data has been transferred either at home or abroad,
• To request correction if personal data has been processed incompletely or inaccurately and to request that the third parties to whom the personal data has been transferred be notified of the operation performed within this context,
• To request deletion, destruction or anonymization of personal data in case the reasons necessitating their processing cease to exist, despite personal data has been processed in accordance with Law and relevant other law provisions, and to request notification of the operations made within this context to third parties to whom your personal data has been transferred,
• To object to the occurrence of a result against your side by means of analyzing the processed data exclusively through automated systems,
• In the case you incur losses due to illegal processing of your personal data, to claim the compensation of such loss. 

You can deliver your applications regarding your above-mentioned rights in written form and with an original signature personally by hand at the address of our company, YTÜ Yıldız Teknopark Çifte Havuzlar Mahallesi, Eski Londra Asfaltı Caddesi, İdari Bina Dış Kapı No:151/1L İç Kapı No:1 Esenler/İstanbul, or through a notary public or by sending an e-mail to the address [email protected] via your e-mail address in accordance with the "Communiqué on the Procedures and Principles of Application to the Data Controller".

In accordance with Article 11 of the Regulation on Deletion, Destruction or Anonymization of personal data, YTU Yildiz Technopark has determined the periodic destruction period to be 6 months. Accordingly, periodic destruction is carried out by YTU Yildiz Technopark twice a year, in June and December. 

YTU Yildiz Technopark reserves the right to make changes to this Policy in line with changes to the Law and other relevant legislation, decisions of the Board, decisions to be taken as a company or developments in the sector or in the field of informatics.

This Policy shall be deemed to have entered into force on the date written on it. If this Policy is updated or repealed and a new policy is determined, the updated or newly determined policy will be considered effective.