KVKK Clarification Text

DISCLOSURE AND EXPLICIT CONSENT TEXT WITHIN THE SCOPE OF PROTECTION AND PROCESSING OF PERSONAL DATA

1. INTRODUCTION

The process of ensuring the confidentiality and security of personal data and compliance with the relevant legal regulations is among the priorities of JOY GRUP ORGANISATION TOURISM AGENCY AND PROMOTION SERVICES GIDA CONSTRUCTION CONSTRUCTION AUTOMOTIVE INDUSTRY TRADE LIMITED COMPANY (‘’Data Controller‘’ / Company‘’ ) and maximum care is taken by the Data Controller in this regard. The process and targeted purpose managed by this Personal Data Protection and Processing Policy (‘’Policy‘’) and other written policies within the Data Controller regarding the processing and protection of personal data; processing, storing and protecting the personal data of our employees, employee candidates, visitors, persons we serve, guests and other third parties whose personal data are processed (‘’Relevant Persons‘’) in accordance with the law and ensuring the compliance of the Data Controller with the Law No. 6698 on the Protection of Personal Data (‘’KVKK‘’).

In this Policy; the following principles adopted by the Data Controller regarding the processing of personal data will be included:

Processing personal data in accordance with the law and honesty rules, keeping personal data accurate and up-to-date when necessary, processing personal data for specific, clear and legitimate purposes, processing personal data for specific, clear and legitimate purposes, keeping personal data connected, limited and measured for the purpose for which they are processed, keeping personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed, deleting personal data whose purpose of processing has disappeared, destruction or anonymisation, enlightening the relevant persons, establishing the necessary processes for the relevant persons to exercise their rights, taking the necessary measures in the processing and protection of personal data, transferring personal data to third parties in line with the requirements of the purpose of processing, showing the necessary sensitivity in the processing and protection of sensitive personal data, determining the policies, procedures, etc. used for compliance with KVKK. determination of documents.

1. PURPOSE AND SCOPE

The purpose of this Policy is to ensure compliance with the KVKK in the process of processing personal data for the service provided by the Data Controller.

The Policy aims to ensure the sustainability of the principle of carrying out the Company's activities in accordance with the law and honesty rules and in transparency. In this context, the basic principles adopted in terms of compliance of the Company's data processing activities with the regulations in the KVKK are determined and the practices fulfilled by the Company are explained.

Another purpose of the Policy is to enlighten the natural persons whose personal data are processed by the Data Controller through automatic or non-automatic means provided that they are part of any data recording system.

 

1. DEFINITIONS

Explicit Consent: Consent regarding a specific subject, based on information and expressed with free will.

Relevant Person: Refers to the real persons whose personal data are processed.

Personal Data: Any information relating to an identified or identifiable natural person.

Processing of Personal Data: It consists of all kinds of operations performed on personal data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system.

Institution Personal Data Protection Authority.

KVKK: Law No. 6698 on the Protection of Personal Data.

Special Categories of Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or trade unions, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

Policy: Policy on the Protection and Processing of Personal Data.

Data Processor: Natural or legal persons who process personal data on behalf of the data controller based on the authorisation granted by the data controller.

Data Recording System: The recording system in which personal data is structured and processed according to certain criteria.

Data Controller: JOY GRUP ORGANISATION TOURISM AGENCY AND PROMOTION SERVICES FOOD CONSTRUCTION AUTOMOTIVE INDUSTRY TRADE LIMITED COMPANY as a natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Destroying the Data: It is the making of personal data inaccessible, unrecoverable and non-reusable by anyone in any way.

1. PERSONAL DATA PROCESSED BY THE COMPANY

Identity: Although the name and surname information of the persons is the rule; tax ID or T.R. ID number is requested if a corporate invoice is requested.

Contact: It includes the phone number and e-mail address information of the persons.

Location: It includes the locations preferred by the persons within the scope of the service to be provided and the residence information of the persons.

Personal Data: It includes personal data such as payroll information, disciplinary investigation information, employment entry-exit documents, CV information, performance evaluation reports, SSI service documents.

Legal Action: Includes information contained in correspondence with all judicial authorities, criminal and security measure data, contract data, legal history data, enforcement file and civil/criminal case file data.

Customer Transactions: It includes call centre records made with individuals, invoice and receipt information, event name, time, location, reservation information of the customer regarding the service provided, request / complaint, making legal, financial contracts in areas related to the Company, visiting the website or logging in to the website, filling out the forms on the website, contacting the company from the support / contact us section on the website, sending an e-mail or message to the company, creating a request / complaint, making a phone call with company representatives or employees.

Marketing: It includes information on shopping history, cookie records, information on campaign activities.

Finance: It includes invoice and receipt information of the payment made in return for the service, and card and account information if the payment is made by credit card, money order, EFT, etc.

Physical Location Records: It includes data such as photographs and videos taken at the time of the service received, security camera records and visitor records.

 

1. HOW IS PERSONAL DATA PROCESSED BY THE COMPANY?

During service purchase, cancellation and change transactions; personal data such as the name, surname, e-mail address, telephone number, event information and payment details of the service recipient are processed for various purposes within the scope of Article 5/2-c, ç and e of the KVKK. These purposes include important activities such as organisation and event management, carrying out activities in accordance with the legislation, monitoring financial transactions, ensuring communication activities, ensuring business continuity. This information can be obtained digitally or verbally from the box office, our application or through third parties when purchasing services. In discounted service procurement transactions, the document providing the discount must also be submitted to the authorities within the scope of Article 5/2-e of KVKK.

The contact information provided by the service recipient is recorded in order to ensure communication activities, to carry out information security processes, to carry out storage and archive activities and to transfer information to authorised persons, institutions or organisations within the scope of Article 5/2-ç and f provisions of KVKK. When the service is purchased, information about the event is transmitted to the necessary communication channels within the scope of the service. In case the service is performed online (electronic or website), transaction security information (verification or security code and IP, device, username, password and transaction movements) are processed to ensure information security processes within the scope of Article 5/2-ç and f of the KVKK. Name, surname, e-mail address, telephone number, residence, gender and event information (reservation information, PNR, event details, etc.) obtained during service purchase transactions are transferred to the organisers for organisation and event management purposes.

Video recordings are made through security cameras located in and around the areas where services are provided. These recordings are processed for purposes such as managing emergency management processes, ensuring physical space security, monitoring and conducting legal affairs, conducting risk management processes, ensuring the security of data controller operations within the scope of Article 5/2-ç, e and f of the LPPD. These records obtained can be shared with third parties (such as law enforcement units, judicial authorities, lawyers) in order to provide information to authorised institutions or organisations and to monitor legal affairs in case of request or initiation of a legal action. In addition, photographs and / or video recordings may be taken both by the Company and by the brands and / or companies that the Company cooperates with at the locations where the service is provided. The person(s) stating that he/she has read and approved this Policy while receiving the service from the Company; has undertaken that these camera images taken can be used for advertising purposes in the corporate social media accounts, posters, etc. of the Company and / or other brands and / or companies that the Company cooperates with within the scope of marketing, and will have declared explicit consent.

1. PURPOSES OF DATA PROCESSING BY THE COMPANY

The purpose of processing identity data is to carry out emergency management processes, to provide goods and services purchase/sale services, and to carry out brokerage activities. In addition, these data are also used in personnel management areas such as employee application procedures, recruitment and dismissal processes.

Purposes of processing contact data, The Company processes contact data for various purposes such as emergency management processes, continuation of commercial activities, employee application procedures. These data play an important role in ensuring the general functioning of the Company and carrying out management activities.

The purpose of processing legal transaction data is to provide information to authorised institutions and organisations and to continue commercial operations in accordance with the law. These data are important for monitoring the legal status of the Company and ensuring the operation in accordance with the legislation.

The purpose of processing customer transaction data is to maintain commercial activities by the Company and to fulfil legal requirements. These data are used for the Company to manage customer relations and meet customer demands.

1. SITUATIONS WHERE PERSONAL DATA CAN BE PROCESSED WITHOUT EXPLICIT CONSENT IN ACCORDANCE WITH THE KVKK

Pursuant to Article 5 of the Law No. 6698 on the Protection of Personal Data, explicit consent may not be required for the processing of your personal data. These situations are as follows:

• In cases clearly stipulated by law,
• Processing of your personal data may be necessary to protect your or another person's life or physical integrity in cases where you are unable to disclose your consent or where it is not legally valid.
• Processing of personal data of the parties to a contract may be necessary when it is directly related to the conclusion or fulfilment of a contract.
• The processing of your personal data may be mandatory for the fulfilment of a legal obligation.
• If your personal data has been made publicly available by you,
• Processing of personal data may be mandatory for the establishment, exercise or protection of a right.
• Provided that it does not harm your fundamental rights and freedoms, data processing may be required for the legitimate interests of the Company.
• Personal health data may be processed without explicit consent for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services.

1. RIGHTS OF THE DATA SUBJECT

Pursuant to Article 11 of the LPPD, as data subjects, you have the following rights

• To learn whether your personal data is being processed,
• In case your personal data has been processed, to request information on this matter,
• To learn for what purpose your personal data is processed and whether it is used appropriately for this purpose,
• In case your personal data is transferred to third parties in Turkey or abroad, to know these third parties,
• To request correction of your personal data in case of incomplete or incorrect processing and notification of this correction to the relevant third parties,
• Although it has been processed in accordance with the Law and other relevant legislation, to request the deletion or destruction of your personal data in the event that the reasons requiring its processing disappear and to notify the relevant third parties of the transaction made in this case,
• To object in case of a result against you as a result of analysing your personal data by automated systems,
• If you have been damaged due to unlawful processing of your personal data, you have the right to demand compensation for the damage.

You can submit your applications for your rights stated above by filling out the form at www.joygrup.com/iletisim, by contacting via e-mail address [email protected] or by sending a physical document with wet signature or through a notary public to Fulya Mahallesi Mevlüt Pehlivan Yanı Sokak Mineler Apartmanı No: 12/1 Şişli/İstanbul. Depending on the nature of your request, your applications will be finalised free of charge within 30 (thirty) days at the latest. However, if your request requires an additional cost, you may be charged a fee according to the tariff to be determined by the Personal Data Protection Board.

 

1. INFORMATION ON THE DATA CONTROLLER

Trade Name: JOY GROUP ORGANISATION TOURISM AGENCY AND PROMOTION SERVICES FOOD CONSTRUCTION AUTOMOTIVE INDUSTRY TRADE LIMITED COMPANY

Address: Fulya Mahallesi Mevlüt Pehlivan Yanı Sokak Mineler Apartmanı No: 12/1 Şişli/İstanbul

Telephone Number: 0 (212) 272 56 96

E-mail Address: [email protected]

Web Address: www.joygrup.com