This Policy, titled Personal Data Protection and Privacy Policy, has been prepared in order to provide the necessary information by explaining the whole set of rules for the processing of personal data, and has been approved by ACM PROJE and approved by the KVKK Working Group, which continues its activities, and entered into force on xx.xx.2017.
B. DEFINITIONS
Personal data: It is any information that is identified or identifiable and includes all situations that enable the identification of a person as a result of having a concrete content expressing the physical, economic, cultural, social or psychological identity of the person or being associated with any record such as identity, tax, insurance number.
Sensitive personal data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, association, foundation or trade union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
Explicit consent: Consent on a specific issue, based on information and expressed with free will.
Anonymization: Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
Personal data processing: Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system. All types of operations performed on data, starting from the first acquisition of the data, fall within this scope.
Personal data subject: The natural person whose personal data is processed
Data recording system: The recording system in which personal data is structured and processed according to certain criteria
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system
Data processor: A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller
KVKK Law on the Protection of Personal Data dated March 24, 2016 and numbered 6698, published in the Official Gazette dated April 7, 2016 and numbered 29677
Board: Personal Data Protection Board
Institution Personal Data Protection Authority
Policy ACM PROJE Personal Data Protection and Privacy Policy
C. REFERENCES
Personal Data Protection Law
('KVKK'): Law dated March 24, 2016 and numbered 6698 published in the Official Gazette dated April 7, 2016 and numbered 29677, as well as being the subject of this Policy.
Management of Requests from Data Subjects
Prepared by ACM PROJE and to be used to meet the requests that may come from data subjects within the scope of KVKK
Procedure: the procedure detailing the process.
D. AMENDMENTS
Changes to be made in this Policy upon the entry into force of additional legislation within the scope of the Law or from time to time can be followed on the ACM PROJE corporate website, and the current version of this Policy can also be accessed from this corporate website.
1 OBJECTIVE
ACM PROJE, which provides goods supply and services to DMO and other public institutions and organizations, processes the personal data of its guarantors, suppliers, employees, customers, visitors and other natural persons who establish a relationship by applying for a job or for any other purpose or channel in order to carry out its activities, in accordance with the law, in the capacity of KVKK Data Controller.
The purpose of this policy is to inform the relevant persons by explaining these processing activities carried out by ACM PROJE and the systems related to personal data and thus to provide transparency regarding personal data.
In this context, ACM PROJE has explained the processing of personal data within the scope of KVKK, the data owners subject to this processing and the rights of these persons, together with the use of cookies and similar technologies, in detail in this Policy.
2 PERSONAL DATA
2.1. General Principles Regarding Personal Data Processing
ACM PROJE processes personal data in accordance with the following principles in accordance with paragraph 2 of Article 4 of the KVKK and within the scope of the purposes exemplified in the 'Purposes of Processing Personal Data' section of this Policy:
Compliance with the law and good faith
Being accurate and up to date when necessary
Processing for specific, explicit and legitimate purposes
Being relevant, limited and proportionate to the purpose for which they are processed
Retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed
2.2. Data Processed by ACM PROJE
Personal data are processed within ACM PROJE through the explicit consent obtained from the data owners or in the light of the activities that can be carried out without explicit consent in accordance with Articles 5 and 6 of the KVKK, and these data are processed only within the framework of the purposes exemplified in the 'Purposes of Processing Personal Data' section of this Policy. These types of personal data, which diversify and differentiate depending on the type and nature of the relationship between ACM PROJE and the data subject, the communication channels used and the aforementioned purpose information, and which are processed in accordance with the principles in this Policy, are as follows:
Information identifying the data subject such as name, surname, occupation, title, employment information, educational status, gender, marital status, spouse/children information, citizenship status, military service information, criminal record information, tax liability status,
Data such as date of birth, place of birth, identification number, blood group, religion and photographs in identification documents such as photocopy of identity card, photocopy of identity card, passport and driver's license,
Contact information such as address, e-mail, telephone and fax numbers, as well as communication records within the scope of telephone conversations and e-mail correspondence, other voice data,
Real person information in documents for legal entities such as tax certificate, trade gazette, authorization certificate, ISO certificates, qualification certificates, signature circular and activity certificate,
Detailed financial data on pricing, settlement, collection and payment activities.
2.3. Purposes of Processing Personal Data
Personal data can be processed by ACM PROJE within the scope of the following purposes and can be stored for as long as stipulated by these purposes and the relevant legal periods:
Carrying out the necessary work by ACM PROJE business units to ensure that consumers benefit from the products and services offered by ACM PROJE,
Customizing the products and services offered by ACM PROJE according to the opinions of consumers and recommending them to them,
Ensuring the execution of ACM PROJECT human resources policies,
Ensuring the legal and commercial security of ACM PROJE and the persons who have a business relationship with ACM PROJE,
ACM PROJECT conducting commercial activities for the purposes of determining and implementing commercial and business strategies.
2.4. Transfer of Personal Data
ACM PROJE transfers data domestically and internationally within the framework of the purposes exemplified in the 'Purposes of Processing Personal Data' section of this Policy and in accordance with Articles 8 and 9 of the LPPD, and personal data may be processed and stored on servers and electronic media used within this scope. The nature of these transfers and the parties with whom data are shared vary depending on the type and nature of the relationship between the data owner and ACM PROJE, the purpose of the transfer and the relevant legal basis, and these parties are generally as follows:
Domestic and foreign direct or indirect subsidiaries,
Contracted business partners,
Suppliers,
Third parties from whom services are received,
Legally authorized public institutions and private persons.
2.5. Collection of Personal Data
In order to meet the purposes exemplified in the 'Purposes of Processing Personal Data' section of this Policy, ACM PROJE may obtain personal data directly from employees and customers, suppliers, business partners, call center, official institutions and other physical environments within the framework of the conditions stipulated in Articles 5 and 6 of the KVKK, as well as collect personal data through websites, mobile applications, social media and other public channels or organized trainings, organizations and similar events.
2.6. Retention Period of Personal Data
Personal data are kept within ACM PROJE for the duration of the relevant legal retention periods and are kept for the period required for the realization of the activities related to this data and the purposes specified in this Policy. Personal data whose purpose of use has ended and the legal retention period has expired are deleted, destroyed or anonymized by ACM PROJE in accordance with Article 7 of the KVKK.
2.7. Rights of the Data Subject within the Framework of KVKK
Article 11 of the KVKK regulates the rights of natural persons whose personal data are processed and in accordance with this article, data owners have the following rights over ACM PROJE:
Learn whether personal data is being processed,
Request information if their personal data has been processed,
The purpose of processing personal data and whether they are used for their intended purpose
learning,
To know the third parties to whom personal data are transferred domestically or abroad,
To request correction of personal data in case of incomplete or incorrect processing,
In the event that the reasons requiring the processing of personal data disappear, to request their deletion or destruction,
Request notification of correction and deletion to third parties to whom personal data are transferred,
To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
In case of damage due to unlawful processing of personal data, to demand compensation for the damage.
Requests from data owners for the exercise of one of the above rights will be met within 30 days at the latest within the scope of the Procedure for the Management of Requests from Data Owners. These requests can be delivered to ACM PROJE 'Hilal Mahallesi Sukarno Caddesi 39/6 06650, Ankara' address with identification documents by hand, sent through a notary public or sent to [email protected] with a secure electronic signature. If the requests require an additional cost, ACM PROJE may charge a fee in the amounts determined within the scope of the relevant legislation.
2.8. Data Transfer Abroad
Personal data may be transferred abroad in accordance with the legislation in order to meet the purposes exemplified in the 'Purposes of Processing Personal Data' section of this Policy for processing, storage, administration or other use specified in this Policy. In these transfers, necessary measures are taken to protect personal data as required.
2.9. Security of Personal Data
ACM PROJE attaches importance to protecting the confidentiality and security of personal data. Accordingly, necessary technical and administrative security measures are taken to protect personal data against unauthorized access, damage, loss or disclosure. In this direction, necessary system access controls, data access controls, secure transfer controls, business continuity controls and other necessary corporate controls are applied.
3 COOKIES AND SIMILAR TECHNOLOGIES
3.1. General
Small data files sent to users' devices by the internet network server through the internet browser in use are referred to as cookies, and websites recognize users through these cookies and the lifespan of cookies varies depending on the browser settings.
Although these cookies are created through systems managed by ACM PROJE, at the same time, some service providers authorized by ACM PROJE can obtain IP address, unique identifier and device identifier information by placing similar technologies on users' devices. In addition, although the links belonging to third parties in ACM PROJE systems are subject to the privacy policies of these third parties, the responsibility for privacy practices does not belong to ACM PROJE and in this context, it is recommended to read the privacy policy of the site when the site within the scope of the relevant link is visited.
3.2. Types of Cookies
Cookies, whose main purpose of use is to provide convenience to users, are basically categorized into 4 main groups:
Session Cookies: These are cookies that allow the utilization of various features such as the transfer of information between web pages and the systematic recall of information entered by the user and are necessary for the proper functioning of the functions of the ACM PROJE corporate website.
Performance Cookies: These are cookies that collect information about the frequency of visiting the pages, possible error messages, the total time users spend on the relevant page and the patterns of using the site and are used to increase the performance of the ACM PROJE corporate website.
Functional Cookies: These are cookies that remind the user of the previously selected options in order to provide convenience to the user and aim to provide advanced internet features to users within the scope of ACM PROJE corporate website.
Advertisement and Third Party Cookies: These are cookies belonging to third party suppliers and allow the use of some functions on the ACM PROJE corporate website and tracking advertisements.
3.3. Purposes of Use of Cookies
The purposes of use of the cookies used by ACM PROJE are as follows:
1-Uses for operational purposes: ACM PROJE may use cookies that enable the use of the functions on this site or detect irregular behavior in order to ensure the administration and security of its systems.
2-Uses for functionality: ACM PROJE may use cookies that remind users of their information and past choices in order to facilitate the use of its systems and provide user-specific usage features.
3-Performance-oriented uses: ACM PROJE may use cookies that evaluate and analyze the interaction with the messages sent and user behavior in order to improve and measure the performance of its systems.
4-Uses for advertising purposes: ACM PROJE may use cookies that measure the effectiveness of these advertisements or analyze the click status in order to transmit advertisements and similar content within the scope of users' interests through its own or third parties' systems.
3.4. Disabling Cookies
The use of cookies is pre-defined in many browsers, and users can change this selection status in the browser settings and therefore delete existing cookies and refuse future cookie use; in fact, if the use of cookies is canceled, it may be possible to not benefit from some features in ACM PROJE systems.
The method of changing the cookie usage selection varies depending on the browser type and can be learned from the relevant service provider at any time.
