Corporate Personal Data Protection Policy
MET ENGINEERING ELECTRIC INS. COMMITMENT. SINGING. VE TİC. Inc.
CORPORATE PERSONAL DATA PROTECTION POLICY
Document Information | |
Document Name: | Personal Data Protection Policy |
Document Relevance: | The purpose of the Personal Data Protection Policy is Met Mühendislik Elektrik İnşaat Taahhüt San. and Tic. Inc. Planning the processes for the protection of personal data and determining the principles to be applied in this regard. |
Release date: | 20.04.2020 |
Version No: | one |
Reference / Rationale: | Law No. 6698 on Protection of Personal Data and other legislation |
Approval Authority: | Met Engineering Electrical Construction Contracting Industry. and Tic. Inc. Board of Directors |
- AIM
Every individual's right to demand the protection of his personal data is a sacred right arising from the Constitution. Met Engineering Electrical Construction Contracting Industry. and Tic. Inc. We consider fulfilling the requirements of this right as one of our most valuable duties. For this reason, we attach importance to the legal processing and protection of your personal data.
The Corporate Personal Data Protection Policy has been prepared in order to determine the principles and procedures we apply while processing and protecting personal data as a result of the importance we attach to the protection of personal data.
- SCOPE
Politics Met Engineering Electrical Construction Contracting San. and Tic. A.Ş., obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, fully or partially automatic or non-automatic means provided that it is a part of any data recording system , It covers all kinds of operations performed on data such as making it available, classifying or preventing its use.
Politics Met Engineering Electrical Construction Contracting San. and Tic. A.Ş.'s partners, officials, customers, employees, supplier officials and employees, and all personal data processed by third parties.
Met Engineering Electrical Construction Contracting Industry. and Tic. Inc. It may change the Policy in order to comply with the legislation and the decisions of the Personal Data Protection Authority and to better protect personal data.
- DEFINITIONS
Abbreviation | Definition |
Buyer Group | The category of natural or legal person to whom personal data is transferred by the data controller. |
Open Consent | Consent on a particular subject, based on information and expressed with free will. |
Anonymization | Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data. |
Related person | The natural person whose personal data is processed. |
Related User | Except for the person or unit responsible for technical storage, protection and backup of the data, they are the persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller. |
Destruction | Deletion, destruction or anonymization of personal data. |
Law/KVKK | Law on Protection of Personal Data No. 6698. |
Recording Media | Any environment where personal data is processed wholly or partially automatically or by non-automatic means provided that it is a part of any data recording system. |
Personal Data | Any information relating to an identified or identifiable natural person. |
Data Inventory | Personal data processing activities carried out by data controllers depending on their business processes; The inventory, which is created by associating the personal data processing purposes and legal reason, data category, transferred recipient group and data subject group, by explaining the maximum storage period required for the purposes for which personal data is processed, personal data foreseen to be transferred to foreign countries, and the measures taken regarding data security. |
Your Personal Data Processing | Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data completely or partially by automatic or non-automatic means provided that it is a part of any data recording system. Any operation performed on data, such as blocking . |
Board | Personal Data Protection Board. |
Organisation | Personal Data Protection Authority |
Special Qualified Personal Data | Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data . |
Periodic Destruction | The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in case all of the personal data processing conditions in the Law are eliminated . |
Policy | Personal Data Protection Policy |
Data Processor | The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller. |
Data Controller | The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. |
- GENERAL PRINCIPLES
Met Engineering Electrical Construction Contracting Industry. and Tic. Inc. It checks the compliance of the data to be processed with the following principles during the preparation phase of the workflow that requires each new personal data processing. Workflows that are not suitable will not be implemented.
Met Engineering Electrical Construction Contracting Industry. and Tic. Inc. when processing personal data;
(I) Complies with the law and honesty rules.
(II) Ensures that personal data is correct and up-to-date when necessary.
(III) It takes care that the purpose of processing is specific, clear and legitimate.
(IV) It controls that the processed data is related to the purpose of processing, that it is processed as limited as it needs to be processed and that it is measured.
(V) It retains the data only as long as required by the relevant legislation or for the purpose of processing, and destroys it when the purpose of processing ceases.
- MEASURES TAKEN FOR DATA SECURITY
Met Engineering Electrical Construction Contracting Industry. and Tic. Inc. It takes all necessary technical and administrative measures to ensure the appropriate level of security in order to (i) prevent the unlawful processing of personal data, (ii) prevent unlawful access to personal data, (iii) ensure the preservation of personal data.
Technical Measures
- Network security and application security are provided.
- Security measures are taken within the scope of procurement, development and maintenance of information technology systems .
- Access logs are kept regularly.
- Current anti-virus systems are used.
- Firewalls are used.
- Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
- The security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured.
- The security of environments containing personal data is ensured.
- Personal data is backed up and the security of the backed up personal data is also ensured.
- User account management and authorization control system are implemented and these are also followed.
- Intrusion detection and prevention systems are used.
- Encryption is done.
Administrative Measures
- There are disciplinary regulations that include data security provisions for employees.
- Training and awareness activities are carried out periodically for employees on data security.
- Institutional policies on access, information security, use, storage and destruction have been prepared and started to be implemented.
- Data masking is applied when necessary.
- Confidentiality commitments are made.
- An authorization matrix has been created for employees.
- The authorizations of employees who have a change in duty or quit their job in this field are removed.
- The signed contracts contain data security provisions.
- Personal data security policies and procedures have been determined.
- Personal data security issues are reported quickly.
- Personal data security is monitored.
- Personal data is reduced as much as possible.
- In-house periodic and/or random audits are conducted and made.
- Existing risks and threats have been identified.
- Protocols and procedures for special quality personal data security have been determined and implemented.
- Awareness of data processing service providers on data security is provided.
Relevant Person's Rights Regarding Personal Data
Contact person, Met Mühendislik Elektrik İnşaat Taahhüt San. and Tic. A.Ş. and request the following matters:
- Learning whether personal data is processed or not,
- If personal data has been processed, requesting information about it,
- To learn the purpose of processing personal data and whether they are used in accordance with the purpose,
- Learning the third parties whose personal data are transferred in the country or abroad,
- Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to third parties to whom personal data has been transferred,
- Requesting the deletion, destruction or anonymization of personal data in case of disappearance of the reasons requiring processing, although it has been processed in accordance with the provisions of the KVKK and other relevant laws, and requesting the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
- Objecting to the emergence of a negative result by analyzing the processed data exclusively through automated systems,
- To request the compensation of the damage in case of loss due to unlawful processing of personal data.
- VIOLATION NOTIFICATIONS
Met Engineering Electrical Construction Contracting Industry. and Tic. Inc. Employees report the work, action or phenomenon that they think violates the KVKK provisions and/or the Policy to the management. After this violation notification, the management convenes if it deems necessary and creates an action plan regarding the violation.
If the violation has occurred through the unlawful obtaining of personal data to others, the management will report this situation within 72 hours within the scope of the Board's decision dated 24.01.2019 and numbered 2019/10. notifies the relevant person and the Board.
- CHANGES
Changes on the policy are prepared by the management and Met Mühendislik Elektrik İnşaat Taahhüt San. and Tic. Inc. It is submitted to the approval of the Board of Directors. The updated Policy can be sent to employees via e-mail or posted on the website.
- EFFECTIVE DATE
This version of the Policy was approved by the Board of Directors on 20.04.2020 and entered into force.