KVKK Policy
1. INTRODUCTION
As the data controller, it is very important for Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi (“hiosis.com.tr”) to protect the personal data of its customers, employees and other real persons with whom it is in contact, and to secure personal data in the form and conditions defined by the legal regulations. is aware of its responsibilities in taking; Thus, Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi makes this responsibility a company policy.
This policy determines the principles to be followed within the Company and/or by the Company while processing personal data and fulfilling the obligations of Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi to protect personal data in accordance with KVK Regulations. In this context, necessary arrangements are made by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi for the processing and protection of personal data in accordance with the KVK Regulations, and the system needed to raise awareness is established.
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi declares that it will act in accordance with the policy and the procedures to be applied in accordance with the policy as the data controller in terms of personal data within its own body.
2. PURPOSE AND SCOPE OF THE POLICY
The purpose of this policy is to make explanations about the personal data processing activity carried out by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi in accordance with the KVK Regulations and the systems adopted for the protection of personal data, and to determine the principles regarding the processes. For the processing and protection of personal data, this policy and other written policies within the body of Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi are the process and targeted purpose of processing and protecting personal data in accordance with the law.
This policy is implemented in all activities carried out for the processing and protection of personal data, managed by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi, and it is applicable to our customers, employees, family members of our employees, previous employees, employee candidates, real person dealers, legal person dealers, company partners/authorities, real persons. It relates to all personal data of real person guarantors of our legal person dealers, real person authorized services, company partners/authorities of our legal person authorized services, visitors and third parties that are processed automatically or non-automatically provided that they are part of any data recording system.
This policy does not apply to data that does not qualify as personal data.
This policy may be changed from time to time, when required by the KVK Regulations or when Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi deems it necessary within the framework of changes to be made in the purposes of processing and transferring personal data and in the collection methods.
3. IMPLEMENTATION OF THE POLICY AND KVK REGULATIONS
In the process of processing and protecting personal data, KVK Regulations will be applied first, and in case of inconsistency between these regulations and policy provisions, KVK Regulations will prevail.
4. DEFINITIONS
Personal Data: Any information relating to an identified or identifiable natural person (The term “Personal Data” within the scope of this policy also includes “Private Personal Data” to the extent appropriate.)
Special Qualified Personal Data: Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data .
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, All kinds of operations performed on data such as classification or prevention of use.
KVKK: Law on Protection of Personal Data No. 6698.
KVK Regulations: Law No. 6698 on the Protection of Personal Data, regulations, communiqués and related legislation on the protection of personal data, decisions of the Personal Data Protection Board, court decisions and applicable international agreements on data protection and all other legislation.
Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system).
Data Processor: The natural and legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.
Personal Data Owner: Personal data is provided by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi or by Hiosis Bilişim M.The real person who is processed on behalf of edya Danışmanlık Ticaret Limited Şirketi.
Third Party: Natural persons whose personal data are processed within the scope of the policy, who are not defined differently within the scope of the policy.
Data Registration System: A registration system in which personal data is processed and structured according to certain criteria.
Explicit Consent: Consent about a specific subject, based on information and expressed with free will.
Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching with other data.
Application Form: Regarding the applications to be made by the data subject (Personal Data Owner) to the data controller, prepared in accordance with the Law on Protection of Personal Data No. application form.
Employee Candidate: Real persons who have applied for a job to Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi by any means or who have opened their CV and related information to Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi review.
Visitor: Real persons who have entered the physical campuses owned by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi for various purposes or visited our websites.
Board: Personal Data Protection Board.
Policy: Policy on the processing and protection of personal data.
5. PRINCIPLES TO BE APPLIED IN PROCESSING PERSONAL DATA
5.1. Processing personal data in accordance with the law and honesty rules
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi acts in accordance with the law and honesty rules during the processing of personal data; takes into account the principles of proportionality and necessity, and processes personal data at a level suitable for data processing purposes.
5.2. Keeping personal data accurate and up-to-date when necessary
Keeping personal data accurate and up-to-date is necessary for the protection of the fundamental rights and freedoms of the person concerned, Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi ensures that the personal data it processes are correct and up-to-date and takes the necessary measures in this direction; If the personal data owner requests a change in their personal data, it updates the relevant personal data.
5.3. Processing personal data for specific, explicit and legitimate purposes
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi determines the legitimate and lawful purpose of processing personal data clearly and precisely; processes personal data in connection with the commercial activities it carries out and the products and services it offers, and to the extent necessary for these; The purpose for which personal data will be processed is set out before the personal data processing activity begins; In this respect, the personal data owner is informed within the scope of the KVK Regulations and the explicit consent of the personal data owner is obtained when necessary.
5.4. Processing personal data in connection with the purpose for which they are processed, limited and measured
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi processes personal data in a manner suitable for the realization of the determined purposes; avoids the processing of personal data that is not related to the realization of the purpose or is not needed. In this context, personal data processing activities are not carried out to meet the needs that may arise later. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi processes personal data only in cases limited within the scope of KVK Regulations (KVKK articles 5.2 and 6.3) or for the purpose within the scope of the express consent obtained from the personal data owner (KVKK articles 5.1 and 6.2) and in accordance with the principle of proportionality.
5.5. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi retains personal data only for the period required for the purpose specified in the KVK Regulations or for the purpose for which they are processed; In this context, Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi first determines whether a period is foreseen for the storage of personal data in the KVK Regulations, if a period is determined, it acts in accordance with this period, if a period is not determined, it stores the personal data for the period required for the purpose for which they are processed; In the event that the period expires or the reasons requiring its processing disappear, personal data is deleted, destroyed or anonymized according to the nature of the data and the purpose of use, within the framework of the obligations under the KKV Regulations.
6. PROCESSING OF PERSONAL DATA AND SPECIAL QUALITY PERSONAL DATA BASED ON AND LIMITED TO THE PROCESSING CONDITIONS IN KVK REGULATIONS
6.1. Processing of Personal Data
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi, KVK Regulation
Processes personal data based on one or more of the conditions in Article 5 of the KVKK regarding the processing of personal data; In accordance with Article 10 of the KVKK, it informs the personal data owners and provides the necessary information in case personal data owners request information.
6.1.1. Open Consent
One of the conditions for the processing of personal data is the explicit consent of the owner, and it is processed after the notification to be made within the scope of fulfilling the obligation to inform the personal data owners and if the personal data owners give their explicit consent. Within the framework of the obligation to inform, personal data owners are informed of their rights before express consent is obtained.
6.1.2. Processing of Personal Data without Explicit Consent
In cases where the processing of personal data is envisaged without obtaining explicit consent within the scope of KVK Regulations (KVKK articles 5.2 and 6.3), Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi may process personal data without the express consent of the personal data owner, and in case the personal data is processed in this way, the Company will be able to process personal data within the limits drawn by the KVK Regulations. works. The basis of the personal data processing activity may be only one of the conditions stated below, or more than one of these conditions may be the basis of the same personal data processing activity.
6.1.2.1. The personal data of the data owner can be processed in accordance with the law, if it is expressly stipulated in the law.
6.1.2.2. In order to protect the life or physical integrity of the personal data owner or a person other than the personal data owner, who is unable to express his or her consent due to actual impossibility or whose consent is not legally valid, the personal Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi may be processed without express consent.
6.1.2.3. Provided that it is directly related to the establishment, implementation, performance or termination of a contract, the personal data of the parties to the contract can be processed with the express consent of the personal data owners.
6.1.2.4. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi may process personal data without the express consent of the data owner, if the processing is necessary to fulfill its legal obligations as a data controller.
6.1.2.5. Personal data made public by the personal data owner may be processed by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi without obtaining express consent.
6.1.2.6. If the processing of personal data without express consent is the only possible way to establish, exercise or protect a right, personal data may be processed by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi without obtaining explicit consent.
6.1.2.7. not to harm the fundamental rights and freedoms of the personal data owner. If data processing is necessary for the legitimate interests of Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi, personal data may be processed by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi without express consent.
6.1.2.8. Processing of Data Collected by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi Authorized Service, Dealers, and Suppliers by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi.
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi enters into contractual relations with authorized services and suppliers within the scope of its activities and carries out various services through these services and suppliers. In this context, the personal data of a significant portion of the customers of Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi are obtained from real persons with personal data through authorized services and suppliers, by fulfilling the obligation of disclosure and obtaining their consent, and transferred to Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi. In order to carry out the work, these data can be processed both by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi and authorized services and suppliers. In case the relationship between Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi and authorized services and suppliers regarding personal data sharing takes place in the form of personal data transfer from the data processor to the data controller within the scope of KVKK, the relevant authorized services and suppliers are responsible for collecting the personal data of the data subject at the Hiosis It informs that it can be sent to Bilişim Medya Danışmanlık Ticaret Limited Şirketi. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi evaluates the collection of personal data on its behalf, informs the authorized services and suppliers in this regard, provides the necessary trainings and ensures that the contracts prepared in line with the KVKK, which regulates the rights and obligations of the parties, are signed.
6.1.2.9.Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi web pages and mobile applications of Hiosi
By removing the ci information from the data set, personal data is anonymized.
7.2.2.2. With the aggregation method, many data are aggregated and personal data is rendered unrelated to any person.
7.2.2.3. With the data derivation method, a more general content is created than the content of the personal data and it is ensured that the personal data cannot be associated with any person.
7.2.2.4. With the data mixing method, the values in the personal data set are mixed and the bond between the values and the people is broken.
In accordance with Article 8 of the KVKK, anonymized personal data may be processed for purposes such as research, planning and statistics. Such processing is outside the scope of KVKK and the explicit consent of the personal data owner will not be sought.
8. TRANSFERRING PERSONAL DATA AND PROCESSING BY THIRD PARTIES
8.1. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi may transfer personal data to third parties in Turkey, as well as to be processed in Turkey or to be processed and stored outside of Turkey, including outsourcing, in accordance with the conditions stipulated in the KVK Regulations and all the specified security measures. If there is an existing contract signed with the personal data owner, it can also be transferred abroad, unless otherwise regulated in the said contract and KVK Regulations.
8.2.Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi ensures that the third parties to which it transfers personal data comply with this policy, in case it transfers personal data to a third natural or legal person. In this context, necessary protective regulations are added to the contracts concluded with third parties. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi takes the necessary technical and administrative measures to prevent violations of rights during data transfer to third parties.
8.3.Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi notifies the personal data owner of the groups of persons to whom personal data is transferred in accordance with Article 10 of the KVKK.
8.4.Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi acts in accordance with the regulations stipulated in the law and set forth by the Board regarding the transfer of personal data in accordance with Articles 8 and 9 of the KVKK. The personal data that it collects and processes as specified in this policy are stated in the information texts that it can transfer, in line with the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVKK, and with the express consent of its employees.
8.5. Transfer of Personal Data to Third Parties in Turkey
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi can transfer the personal data and special quality personal data of the personal data owner to third parties, by taking the necessary security measures, in line with the purposes of personal data processing in accordance with the law. Personal data can be transferred by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi to foreign countries that are declared to have adequate protection by the Board or, in the absence of sufficient protection, to foreign countries where data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and where the Board has permission.
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi is under the responsibility of acting in accordance with the decision and relevant regulations stipulated in the KVKK and taken by the Board regarding the transfer of personal data. Personal data and sensitive data of the persons concerned cannot be transferred to other real persons or legal entities without the express consent of the person concerned by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi. Personal data is sent to third parties in Turkey by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi, without explicit consent in exceptional cases specified in Article 5.2 and 6.3 of the KVKK, or on condition that the express consent of the personal data owner is obtained in other cases (KVKK Articles 5.1 and 6.2). transferable. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi personal data in accordance with the conditions stipulated in the KVKK and other relevant legislation and by taking all the security measures specified in the legislation, if there is an existing contract signed with the personal data owner, in the said contract and in the KVKK or other relevant legislation. unless otherwise arranged, to third parties in Turkey and to other affiliates under the roof of Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi.
8.6. Transfer of Personal Data to Third Parties Located Abroad
Personal data may be transferred by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi to third parties abroad, without explicit consent in exceptional cases specified in Articles 5.2 and 6.3 of the KVKK, or on condition that the express consent of the personal data owner is obtained in other cases (KVKK articles 5.1 and 6.2). Without express consent of personal data in accordance with KVK Regulations
In case the n is transferred, one of the following conditions must also exist in terms of the foreign country to which it will be transferred:
8.6.1. The foreign country to which personal data is transferred is in the status of safe countries with adequate protection by the Board (For the list, please follow the updated list of the Board),
8.6.2. If the foreign country where the transfer will take place is not included in the safe countries list of the Board, Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi and the data controllers in the relevant country must make a written commitment to ensure adequate protection and obtain permission from the Board.
9. RIGHTS OF THE PERSONAL DATA SUBJECT AND THE USE OF THESE RIGHTS
9.1. The rights of the personal data owner are listed below.
9.1.1. Learning whether personal data is processed or not,
9.1.2. If personal data has been processed, requesting information about it,
9.1.3. Learning the purpose of processing personal data and whether they are used in accordance with the purpose,
9.1.4. Knowing the third parties to whom personal data is transferred at home or abroad,
9.1.5. Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
9.1.6. Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing disappear, although it has been processed in accordance with the KVK Regulations, and requesting the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
9.1.7. Objecting to this result if a result against the person arises by analyzing the processed data exclusively through automated systems,
9.1.8. To request the compensation of the damage in case of loss due to the processing of personal data in violation of the KVK Regulations.
9.2. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi informs itself of the rights of the personal data owner in accordance with Article 10 of the KVKK, and guides the personal data owner on how to use these rights regulated in Article 11 of the KVKK.
9.3.Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi carries out the necessary channels, internal functioning, administrative and technical arrangements in accordance with Article 13 of the KVKK in order to evaluate the rights of personal data owners and to provide necessary information to personal data owners.
9.4. Cases where the personal data owner cannot assert his rights
Since the following cases are excluded from the scope of KVKK in accordance with Article 28 of the KVKK, the personal data owner cannot claim the rights listed in 9.1.
9.4.1. Processing personal data for purposes such as research, planning and statistics by anonymizing with official statistics,
9.4.2. Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime,
9.4.3. Processing personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security,
9.4.4. Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.
Pursuant to article 28/2 of KVKK; In the cases listed below, the personal data owner cannot claim other rights listed in 9.1., except for the right to demand the compensation of the damage:
9.4.5. Personal data processing is necessary for the prevention of crime or for criminal investigation,
9.4.6. Processing of personal data made public by the personal data owner himself,
9.4.7. Personal data processing is necessary for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institution, based on the authority given by the law,
9.4.8. The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.
9.5. Exercising the rights of the personal data owner
9.5.1. The personal data owner will be able to submit their requests regarding their rights specified in this policy to Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi free of charge, with the information and documents that will determine their identity, by filling out and signing the application form, using the methods specified below or other methods determined by the Board. In addition, as a personal data owner, you must attach the information and documents related to your request to your application.
To learn more about Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi's compliance and policies with KVK Regulations an
your requests regarding the exercise of your stated rights * in person or in our written application address Sarıyakup Mah. Burhan Dede Cd. No: 6/7 Karatay/Konya as e-mail (our e-mail address is info@hiosis.com.tr (Information Request within the Scope of Personal Data Protection Legislation will be written in the subject part.)) to Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi.
In order for the above-mentioned application to be accepted as a valid application, in accordance with the Communiqué on Application Procedures and Principles to the Data Controller, the relevant person must;
9.5.1.1. Name, surname and signature if the application is written,
9.5.1.2. For citizens of the Republic of Turkey, T.C. identification number, nationality for foreigners, passport number or identification number, if any,
9.5.1.3. Domicile or workplace address for notification,
9.5.1.4. If available, the e-mail address, telephone and fax number for notification,
9.5.1.5. The subject of the request must specify the information. Otherwise, the application will not be considered as a valid application. In the applications to be made without filling out the application form, the issues listed here must be conveyed to Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi in full.
In order for third parties to request an application on behalf of personal data owners, a special power of attorney issued by the data owner through a notary public on behalf of the person to apply must be present.
9.5.2. If the personal data owner forwards his request to Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi, Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi will finalize the relevant request within thirty days at the latest, depending on the nature of the request. In case the transaction requested by the personal data owner requires an additional cost, the fee in the tariff determined by the Board may be charged. If the application is caused by the fault of Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi, the fee will be returned to the relevant person. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi may request information from the person concerned in order to determine whether the applicant has personal data. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi may ask questions about the personal data owner's application in order to clarify the issues in the personal data owner's application. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi accepts the request or rejects it by explaining its reason and notifies the relevant person in writing or electronically. If the request in the application is accepted, the necessary action will be taken by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi.
9.5.3. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi may reject the application of the applicant in the cases listed in 9.4. and/or in the following cases, by explaining the reason.
9.5.3.1. If the request of the personal data owner is likely to prevent the rights and freedoms of other persons,
9.5.3.2. Making demands that require disproportionate effort,
9.5.3.3. The requested information is publicly available.
9.5.4. The right of the personal data owner to make a complaint to the Board.
In cases where the application of the personal data owner is rejected pursuant to Article 14 of the KVKK, the answer given is insufficient or the application is not answered in due time; Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi may file a complaint with the Board within thirty days from the date of learning the answer and in any case within sixty days from the date of application.
10. PROTECTION OF PERSONAL DATA
10.1. Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi, in accordance with Article 12 of the KVKK, provides all kinds of technical and administrative procedures necessary to ensure the appropriate level of security in order to prevent the illegal processing of the personal data it processes, to prevent unlawful access to the data and to ensure the preservation of the data. takes the necessary measures and makes the necessary inspections in this context or has them made.
10.2. Ensuring the security of personal data
10.2.1. Technical and administrative measures taken to prevent unlawful processing of personal data
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi takes technical and administrative measures according to technological possibilities and implementation costs in order to ensure that personal data is processed in accordance with the law. The main measures taken are listed below:
10.2.1.1. Personal data processing activities carried out within the body of Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi are audited by established technical systems and legal methods.
10.2.1.2. Personnel specialized in technical matters are employed or receive external support.
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi employees, authorized service and supplier employees are informed about the law of protection of personal data and the processing of personal data in accordance with the law.
10.2.1.2.1. All activities carried out by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi are detailed in all business units.
Personal data processing activities are revealed in terms of commercial activities carried out by the relevant business units as a result of this analysis.
10.2.1.2.2. Personal data processing activities carried out by the relevant departments within the body of Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi; The obligations to be fulfilled in order to ensure that these activities comply with the personal data processing requirements sought by the KVKK are bound to written policies and procedures by the Company, and each business unit has been informed about this issue and the points to be considered specific to the activity it carries out have been determined.
10.2.1.2.3. In the contracts and documents governing the legal relationship between Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi and its employees, except for the instructions of Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi and the exceptions brought by the law, records that impose the obligation not to process, disclose or use personal data are included, and the awareness of the employees in this regard. is created.
10.2.1.2.4. The Data Controller or another expert appointed in this regard is informed about the law of protection of personal data and taking the necessary measures in accordance with this law.
10.2.2. Technical and administrative measures taken to prevent unlawful access to personal data
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi takes technical and administrative measures according to the nature of the data to be protected, technological possibilities and the cost of implementation in order to prevent the imprudent or unauthorized disclosure, access, transfer or any other unlawful access to personal data. The main technical and administrative measures taken are listed below:
10.2.2.1. Technical measures are taken in accordance with the developments in technology.
10.2.2.2. Access and authorization technical solutions are implemented in accordance with the legal compliance requirements determined on the basis of the business unit.
10.2.2.3. Access authorizations are limited and authorizations are reviewed regularly. Access restrictions are applied to ex-employees and accounts are closed.
10.2.2.4. In terms of the technical measures taken, the issues that pose a risk are re-evaluated and the necessary technological solution is produced.
10.2.2.5. Software and hardware including virus protection systems and firewalls are installed.
10.2.2.6. Personnel knowledgeable in technical matters are employed or external support is obtained.
10.2.2.7. Employees, especially relevant users who process personal data in dealers and authorized services, and all personnel are informed about the technical measures to be taken to prevent unlawful access to personal data.
10.2.2.8. Access to personal data and authorization processes are designed and implemented within the company in accordance with the legal compliance requirements for personal data processing on a business unit basis.
10.2.2.9. Employees are informed that the personal data they learn cannot be disclosed to others in violation of the KVK Regulations and cannot be used for purposes other than processing, and that their obligations regarding the security and confidentiality of personal data will continue after the termination of the business relationship, and necessary commitments are taken from them in this direction.
10.2.2.10. SPECIAL QUALIFIED documents containing personal data in the company are protected by encrypted (encrypted) systems. In this context, personal data is not stored in common areas, on the desktop or anywhere that unauthorized persons can access. Files and folders containing personal data, etc. The documents are not moved to the desktop or the public folder, the information on the Company computers, USB etc., without the prior written approval of Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi. It cannot be transferred to another device, cannot be taken out of the Company.
10.2.2.11. In the event that there are security measures requested or to be requested additionally for the security of personal data within the scope of KVK Regulations, all employees are obliged to comply with additional security measures and to ensure the continuity of these security measures.
10.2.2.12. Crisis and reputation management were discussed in order to be vigilant against any personal data security breach, and processes to inform the Board and the relevant person were designed in this context.
10.2.3. Storage of personal data:
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi takes the necessary technical and administrative measures according to technological possibilities and implementation costs in order to store personal data in secure environments and to prevent their destruction, loss or alteration for unlawful purposes. The main technical and administrative measures taken are listed below:
10.2.3.1. Systems suitable for technological developments are used for the safe storage of personal data. The issues that pose a risk are re-evaluated and the necessary technological solution is produced.
10.2.3.2. Recruitment of personnel specialized in technical matters
are outsourced or outsourced.
10.2.3.3. In order to ensure that personal data is stored securely, backup programs are used in accordance with the law.
10.2.3.4. Access to data storage areas containing personal data is restricted, and inappropriate access or access attempts are logged and transmitted instantly to the relevant parties.
10.2.3.5. In the event that an external service is received by Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi due to technical requirements regarding the storage of personal data, the contracts concluded with the relevant companies to which the personal data is transferred in accordance with the law; There are provisions regarding that the persons to whom personal data are transferred will take the necessary security measures for the protection of personal data and that these measures will be complied with in their own establishments.
10.2.4. Supervision of the measures taken for the protection of personal data
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi, in accordance with Article 12 of the KVKK, carries out or has had it done in order to ensure the implementation of the provisions of the KVKK. The results of these audits are reported to the relevant department within the scope of the internal operation of Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi and necessary activities are carried out to improve the measures taken.
10.2.5. Measures to be taken in case of unauthorized disclosure of personal data
Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi will inform the relevant personal data owner and the Board as soon as possible, in case the personal data processed in accordance with Article 12 of the KVKK is obtained by others illegally. If deemed necessary by the Board, this may be announced on the Board's website or by another method.
11. CLASSIFICATION OF PERSONAL DATA PROCESSED BY HİOSİS BİLİŞİM MEDYA DANIŞMANLIK TİCARET LİMİTED ŞİRKETİ
11.1. In line with the legitimate and lawful personal data processing purposes of Hiosis Bilişim Medya Danışmanlık Ticaret Limited Şirketi, based on and limited to one or more of the personal data processing conditions specified in Article 5 of the KVKK, primarily to the processing of personal data. Personal data in the following classes are processed by informing the relevant persons in accordance with Article 10 of the KVKK, in accordance with the general principles specified in the KVKK, including the principles specified in Article 4 of the KVKK. 11.2. of this policy is related to which data owners are regulated within the scope of this policy of the personal data processed in these classes. specified in the article.