The protection of personal data is a constitutional right and is prioritized within our Company. To this end, a system that is continually updated has been established, and this policy has been formulated. In accordance with Law No. 6698 on the Protection of Personal Data, this Policy is being implemented by "TUSDATA A.Ş." as the Data Controller to fulfill the general disclosure obligation to the data subjects associated with it and to establish the fundamental principles of our Company's personal data processing rules. In this context, the basic principles concerning the protection of personal data of our customers, trainees, instructors, potential customers, employees, job applicants, interns, and students, supplier/subcontractor employees and officials, company shareholders and partners, visitors, and other third parties whose data we process are regulated.
Necessary procedures are arranged within the Company for the implementation of the issues stated in this Policy, data processing inventory in compliance with the illumination texts for special categories of data subjects is created, data protection and confidentiality agreements with Company employees and third parties with access to personal data are made, job descriptions are revised, and the necessary administrative and technical measures for the protection of personal data are taken by "TUSDATA A.Ş." and audits are conducted or commissioned within this scope. The issue of Personal Data Protection is also embraced by top management, and a special committee (TUSDATA KVKK Committee) has been formed to manage the processes regarding the protection of personal data.
The primary purpose of this Policy is to establish the principles for the personal data processing activities and the protection of personal data conducted by "TUSDATA A.Ş." in a lawful manner, and to ensure transparency by informing and enlightening the individuals whose personal data are processed by our company.
This Policy applies to all personal data processed by automated or non-automated means as part of a data recording system, categorized under the headings of “our customers, potential customers, employees, job applicants, interns, and students, supplier/subcontractor employees and officials, company shareholders and partners, visitors, and other third parties whose data we process”.
Legal regulations in force concerning the processing and protection of personal data will primarily be applicable. In case of any inconsistency between the prevailing legislation and this Policy, our Company acknowledges that the prevailing legislation will be applied.
The Policy is published on our Company's website at www.tusdata.com and is made available to the relevant individuals upon request and updated as necessary.
Compliance with the Law and Integrity Rules
Our Company acts in compliance with the principles introduced by legal regulations and the rule of integrity in the processing of personal data. In this context, our Company determines the legal basis for data processing and processes data accordingly, considering the requirements of proportionality, and does not use personal data beyond the purpose, without the knowledge of individuals. Accuracy and When Necessary, Updating of Personal Data
Our Company ensures that the personal data it processes are accurate and up-to-date by considering the fundamental rights of personal data owners and its own legitimate interests and takes necessary measures in this direction. Efforts are made to keep the data of all categories up-to-date. In particular, customer and potential customer data are updated diligently, and marketing and promotional emails and offers are not sent against individuals’ consent. Processing for Specific, Explicit, and Legitimate Purposes
Our Company clearly and definitively determines the legitimate and lawful personal data processing purpose. Personal data are processed to the extent necessary for the service provided. The purpose of personal data processing is determined before the processing activity and recorded in the "Personal Data Inventory". Relevance, Limitation to Purpose, and Minimization
Our Company processes personal data in a manner suitable for achieving the determined purposes and avoids processing personal data that are not related to or necessary for the purpose. Processes are continuously reviewed, and the principle of "data minimization" is tried to be implemented. Retention for Duration Required by Relevant Legislation or for Processing Purposes
Our Company retains personal data only for the period specified in the relevant legislation or required for the purposes of processing. In this context, our Company first determines whether a retention period is specified in the relevant legislation, and if specified, complies with this period, considering the civil and criminal statute of limitations, and retains personal data for the duration required for processing purposes. When the period expires or the reasons for processing are no longer valid, personal data are deleted, destroyed, or anonymized in accordance with our Company's Personal Data Deletion, Destruction, and Anonymization Policy.
Personal data are confidential, and TUSDATA adheres to this confidentiality. Only authorized individuals within the company can access personal data. All necessary technical and administrative measures are taken to protect the personal data collected by the company and to prevent unauthorized access and to avoid victimization of data subjects. In this framework, ensuring that software complies with standards, carefully selecting third parties, and adhering to the Privacy Policy within the company are ensured. Companies with whom personal data are shared are also required to protect these data.
Job Applicant: Real persons who have applied for a job to our Company by any means or opened their resumes and related information to the Company's review.
Employee: Real persons employed by our Company.
Potential Customer: Real persons who have requested or shown interest in using our services or have been evaluated as having a potential interest according to commercial customs and honesty rules.
Supplier Employee: Real persons working in institutions with which our Company is in any business relationship (e.g., business partner, supplier).
Supplier Official: Real persons who are shareholders or officials of institutions with which our Company is in a business relationship.
Customers-Trainees-Instructors: Real persons who use or have used the services provided by our Company, regardless of whether they have a contractual relationship with our Company.
Visitor: Real persons who enter our Company's physical premises for various purposes or visit our websites.
Others: Real persons associated with the above-mentioned parties, to ensure commercial transaction security or to protect the rights and interests of these persons (e.g., Family Members and relatives).
Identity: (e.g., name-surname, mother-father name, mother's maiden name, date of birth, place of birth, marital status, ID card serial number, national ID number).
Contact: (e.g., address number, email address, contact address, registered electronic mail address (KEP), telephone number).
Location: (e.g., location information).
Employment: (e.g., payroll information, disciplinary investigation records, employment entry-exit records, asset declaration information, resume information, performance evaluation reports).
Legal Transaction: (e.g., information in correspondence with judicial authorities, information in litigation files).
Customer Transaction: (e.g., call center records, invoice, promissory note, check information, cash desk receipt information, order information, request information).
Physical Space Security: (e.g., entry-exit records of employees and visitors, camera records).
Transaction Security: (e.g., IP address information, website login-exit information, password and password information).
Risk Management: (e.g., information processed to manage commercial, technical, administrative risks).
Finance: (e.g., balance sheet information, financial performance information, credit and risk information, asset information).
Professional Experience: (e.g., diploma information, courses attended, in-service training information, certificates, transcript information).
Marketing: (e.g., shopping history information, survey, cookie records, information obtained from campaign activities).
Visual and Auditory Records: (e.g., visual and auditory records).
Health Information: (e.g., information on disability, blood group information, personal health information, information on used devices and prostheses).
Criminal Conviction and Security Measures: (e.g., information on criminal conviction, information on security measures).
Biometric Data: (e.g., palm print information, fingerprint information, retina scan information, face recognition information).
Other Information: (e.g., data types to be determined by the user).
PROCESSING DATA FOR PROMOTION, AWARENESS, AND ADVERTISING PURPOSES
TUSDATA uses electronic, visual, and auditory media or printed materials such as its website, social media, etc., to create awareness, promote its products and services, market them, promote its business, or increase its visibility with content such as campaigns, celebrations, and well-wishes. Regardless of the category, the explicit consent of the data subject is required for processing their personal data.
TUSDATA is aware that when sending electronic messages or SMS for advertising purposes to mobile devices, it is necessary to obtain prior consent as per the Law on the Regulation of Electronic Commerce and the Regulation on Commercial Communication and Commercial Electronic Messages.
Network security and application security are ensured.
Closed system network is used for personal data transfers via network.
Security measures are taken within the scope of information technology systems supply, development, and maintenance.
Disciplinary regulations containing data security provisions are in place for employees.
Regular training and awareness activities on data security are conducted for employees.
An authorization matrix has been created for employees.
Corporate policies on access, information security, use, storage, and destruction have been prepared and implemented.
Data masking measures are applied when necessary.
Intrusion detection and prevention systems are used.
Log records are kept without user intervention.
Data backup and recovery methods are in use.
User account management and authorization control systems are in place and implemented, and these are followed up.
Penetration tests are conducted to detect information security vulnerabilities.
Cybersecurity measures are taken and implementation of these measures is continuously monitored.
Security of environments containing personal data is ensured.
Personal data is reduced as much as possible.
Confidentiality commitments are made.
Personal data security policies and procedures have been determined.
Personal data security issues are reported quickly.
If necessary, encryption is used.
Data subjects, per Article 11 of the Law No. 6698, have the following rights concerning their personal data by applying to our Company:
To learn whether personal data about them is being processed.
To request information if personal data about them has been processed.
To learn the purpose of the processing of personal data and whether they are used in accordance with their purpose.
To know the third parties to whom personal data are transferred domestically or abroad.
To request correction of personal data if they are incomplete or incorrectly processed.
To request deletion or destruction of personal data under the conditions stipulated in Article 7 of the Law.
To request notification of the actions taken regarding correction, deletion, or destruction to third parties to whom personal data have been transferred.
To object to the occurrence of a result against them through the analysis of processed data exclusively by automated systems.
To request compensation for damages in case they suffer damage due to unlawful processing of personal data.
TUSDATA Eğitim Yayın ve Danışmanlık A.Ş.
Address: Meşrutiyet Mahallesi Atatürk Bulvarı No: 131/7 Çankaya/ANKARA
Email: [email protected]
Phone: 444 4 887 / +90 312 418 44 68
LAST UPDATE
This Policy was last updated on 14/06/2024