STAYSO TURİZM OTELCİLİK İÇ VE DIŞ TİCARET LİMİTED ŞTİ.
COOKIE COLLECTION POLICY CLARIFICATION TEXT
In accordance with the Law on Protection of Personal Data No. 6698, the data controller for the processing of your personal data is “STAYSO TURİZM OTELCİLİK İÇ VE DIŞ TİCARET LİMİTED ŞTİ. ,Sütlüce Mah. İmrahor Cad. No:16/A Beyoğlu-istanbul address. The purpose of this Website Cookie Policy Clarification Text is to inform the site visitors (Data Owner) about the personal data processing obtained through the use of cookies during the operation of the www.staysohotels.com website (Site).
What is a cookie?
It is necessary to benefit from and use some technologies (cookies) within the scope of information technologies for the purpose of improving and facilitating your experience during your visits to our websites, and to ensure the correct and efficient operation of the Site. Cookies can be referred to as cookies stored by your browser on your computer's hard drive.
Cookies Used in our site:
Mandatory, functional and analytical cookies are used on our site these cookies do not collect, store or process data that can disclose you; cannot be qualified as personal because of these qualities. It does not harm your computer, does not contain viruses. It provides an understanding of how the site is used by visitors, collects statistical data and assists to develop content in line with this data. It allows to accelerate the activities in possible future visits. It is mandatory for the site interfaces and features to be used as they should be.
Can the use of cookies be blocked by data owners?
In general, internet browsers are predefined to automatically accept cookies. Browsers can be set to block cookies or to warn the user when cookies are transferred to the device. Cookies management may vary among browsers. Therefore, please refer to your browser's help menu for more information. Some characteristics of the Company's website, application, platform and services may not be available if cookies are disabled.
Our company; has to record IP address and timestamp (time of visit) data of visitors to the website in accordance with law numbered 5651. These data are kept securely for 2 years as per the law and, if necessary, shared with authorized public institutions and organizations. For this reason, your data is processed on a limited basis based on the clauses (ç) and (f) of the 2nd paragraph of the 5th article of the Personal Data Protection Law No. 6698.
You can ask for help from some service providers we have authorized for the operation and promotion of the website, platform and applications and services. These service providers will also place cookies and similar technologies (third party cookies) on users' computers/devices and collect information such as IP address, unique identifier and device identifier to recognize the user's device.
Websites, platforms and applications may contain links to third party websites, products and services. These links in question are subject to the privacy policies of third parties, it should be kept in mind that third parties and websites owned by third parties are independent of the data controller and the data controller is not responsible for the privacy practices of third parties. In case of visiting the linked websites, we recommend that you read the privacy policies of these websites.
As personal data owners in accordance with the first paragraph of Article 13 of the KVKK, you can submit your requests about your rights to our company in writing or by other methods identified by the Personal Data Protection Board. You can obtain the application information text and the application form explaining the channels and procedures where you will submit your application.
In case the personal data owner sends his request regarding the rights to us in accordance with the procedure, according to the nature of the request, it will conclude the relevant request free of charge as soon as possible and within 30 (thirty) days at the latest. However, if the procedure requires an additional cost, a fee may be charged in accordance with the tariff determined by the Personal Data Protection Board. In cases where the application is rejected, the response given is found insufficient or the application is not responded in due time; you can make a complaint to the Personal Data Protection Board within thirty days from the date you learn our response, and possibly within sixty days from the date of application.
STAYSO TURİZM OTELCİLİK İÇ VE DIŞ TİC. LTD.ŞTİ.
CLARIFICATION TEXT
Wa as Stayso Turizm Otelcilik İç ve Dış Tic.Ltd.Şti. present the disclosure text, which we have prepared in accordance with Article 10 of the Law on the Protection of Personal Data No. 6698 (“Law”), and which contains information about the company's personal data processing activities, to the public and relevant persons;
ARTICLE 1: DATA CONTROLLER
Your data may be processed within the scope described below by Solvia Yazılım ve Danışmanlık Anonim Şirketi as the data controller. What should be understood from the concept of data controller; it is the natural or legal person who identifies the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
You can use the following channels to contact our side.
Address: Sütlüce Mah. İmrahor Cad. No:16 A Beyoğlu/İstanbul
Telephone: 0216 313 16 00
E-mail: stayso@staysohotels.com
Internet site: www.staysohotels.com
ARTICLE 2: PURPOSE OF PROCESSING PERSONAL DATA
Personal data is processed by us for the following purposes:
a- To execute human resources processes
b- Ensuring corporate communication
c- Ensuring company security
d- To be able to perform statistical studies
e- To be able to perform work and transactions as a result of signed contracts and protocols
f- Ensuring the fulfillment of legal obligations as required or mandated by legal regulations
g- Liaising with real / legal persons who have a business relationship with the company
h- To prepare legal reports
i- To fulfill the burden of proof as evidence in legal disputes that may arise in the future
j- Execution/follow-up of company legal affairs
ARTICLE 3: THE PARTIES TO WHOM PERSONAL DATA MAY BE TRANSFERRED AND THE PURPOSE OF TRANSFER
Personal data regarding customers, Within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law, will be shared with business partners and suppliers of the company, legally authorized institutions and organizations and legally authorized private law legal entities to enable them to benefit the relevant persons from the products and services offered by the company for the purpose of the necessary work to be carried out by the business units and the relevant business processes to be carried out, the necessary works to be carried out by the relevant business units for the realization of the commercial activities carried out by the Company and the related business processes to be carried out, the planning and execution of the commercial and / or business strategies of the Company and the Ensuring the legal, technical and commercial-occupational security of the persons who have a business relationship with the Company.
ARTICLE 4: PERSONAL DATA COLLECTION METHODS AND LEGAL REASONS
Personal data is collected through electronic media such as the website or in physical environments. legal reasons for the collection and processing of personal data are as follows:
a- Retaining personal data as it is directly related to the establishment and contract performance,
b- Retaining personal data for the purpose of establishing, exercising or protecting a right.
c- It is obligatory to keep personal data for the legitimate interests of the company, provided that it does not harm the fundamental rights and freedoms of individuals.
d- Storing personal data for the purpose of fulfilling any legal obligations of the company
e- The legislation clearly stipulates the storage of personal data
f- Explicit consent of data owners in terms of storage activities that require the explicit consent of data owners.
ARTICLE 5: RIGHTS OF THE RELEVANT PERSON
The natural person whose personal data is processed is defined as the data subject and has the following rights regarding himself/herself by applying to the company:
a- Learning whether personal data is processed or not,
b- If personal data has been processed, requesting information about it,
c- Learning the purpose of processing personal data and whether they are used in accordance with the purpose,
d- Recognizing the third parties to whom personal data is transferred in home or abroad,
e- Requesting correction of personal data in case of incomplete or incorrect processing.
f- Requesting the deletion or disposal of personal data.
g- Requesting notification of the procedures made pursuant to subparagraphs (e) and (f) to third parties to whom personal data has been transferred.
h- Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems
i- Requesting the compensation payment against damage in case of loss due to unlawful processing of personal data.
Sincerely;
Solvia Yazılım ve Danışmanlık Anonim Şirketi
.
STAYSO TURİZM OTELCİLİK İÇ VE DIŞ TİC. LTD.ŞTİ.
PERSONAL DATA RETENTION AND DISPOSAL POLICY
ARTICLE 1- PURPOSE
Personal data retention and disposal policy has been prepared in order to determine the procedures and principles regarding the storage and disposal of personal data processed by Stayso Turizm Otelcilik İç ve Dış Tic.Ltd.Şti.
ARTICLE 2- SCOPE
Personal data owned by Company employees, employee candidates, interns, product and service buyers, potential customers, partners, visitors, suppliers and other third parties are covered in this policy.
This policy is applied in all recording environments where personal data owned or managed by the company are processed, and in activities for personal data processing.
ARTICLE 3- DEFINITIONS
Receiver group: The category of natural or legal person to whom personal data is transferred by the data controller.
Express Consent: Consent on a specific subject, based on information and declared with free will.
Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching with different data
Employee: Company personnel
Electronic media: Media where personal data can be created, read, changed, and written with electronic devices
Regular means: All written, printed, and visual media other than electronic media.
Service provider: Natural or legal person providing services within the framework of a particular contract with the company
Relevant person: A real person whose personal data is processed
Relevant user: People who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for the technical storage, protection, and data backup.
Disposal: Deletion, disposal, or anonymization of personal data
Law: Law No. 6698 on the Protection of Personal Data
Record means: Any means where personal data is processed wholly or partially automatically or non-automatically, provided that it is a part of any data recording system.
Personal data: Any information relating to an identified or identifiable natural person
Personal data processing inventory :The inventory where data controllers scrutinize actions taken for personal data and data security by associating the personal data processing activities carried out by data controllers in connection with their business processes, personal data processing purposes and legal reason, data category, transferred recipient group and data subject group by explaining the maximum retention period required for the purposes for which the personal data they create and for which they are processed, the personal data envisaged to be transferred to foreign countries, and the measures taken regarding data security.
Processing the personal data: Every kind of procedure realized on data provided that personal data is fully or partially automated or part of any data recording system such as non-automatically obtained, recorded, stored, stored, modified, rearranged, disclosed, transferred, taken over, made available, classified or prevented from being used.
Council: Personal Data Protection Board
Special Quality personal data: Biometric and genetic data of the persons relevant to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures.
Periodic Disposal: In the event that all the conditions for the processing of personal data in the law revokes, deletion, destruction or anonymization process to be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy.
Policy: Personal Data Retention and Disposal Policy
Company: Stayso Turizm Otelcilik İç ve Dış Tic.Ltd.Şti.
Data processor: The real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.
Data recording system: The registration system in which personal data is processed and structured according to certain criteria.
Data controller: The real or legal person determining the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Data controllers registry
information system: An information system created and managed by the Presidency, accessible over the internet, to be used by data controllers in the application to the Registry and other Registry-related procedures.
VERBİS: Data Controllers Registry Information System
Regulation: Regulation on the Deletion, Disposal or Anonymization of Personal Data published in the Official Gazette dated 28 October 2017
ARTICLE 4- RESPONSIBILITY AND DUTIES
All employees and units of the company; provides full and active support to the units responsible for obtaining, processing and storing personal data in compliance with the law. All employees and units support authorized units in the implementation of the administrative and technical measures taken within the scope of the policy, in the training of the unit employees, in raising and monitoring the awareness of the employees, in the prevention of illegal access to the personal data and in the safeguarding of the personal data in accordance with the law.
Distribution for the titles, units and job descriptions of those who assigned in the processes of retaining personal data and disposal is illustrated in ANNEX TABLE: 1.
ARTICLE 5- RECORDING MEANS
Personal data is kept safely by the company in the means listed in APPENDIX TABLE: 2, in accordance with the law.
ARTICLE 6- CAUSE OF ACTION REQUIRING RETENTION
Personal data processed in the company within the framework of activities, is retained for the period stipulated in the relevant legislation and within the scope of the relevant legislation. The reasons for keeping it in this context are as follows:
a- Retaining personal data as it is directly related to the establishment and contract performance,
b- Retaining personal data for the purpose of establishing, exercising or protecting a right.
c- It is obligatory to retain personal data for the company’s legitimate, provided that it does not harm the fundamental rights and freedoms of individuals.
d- Retaining personal data for the purpose of fulfilling any legal obligations of the company.
e- The legislation clearly stipulates personal data retaining.
f- Explicit consent of data owners in terms of retaining activities requiring the explicit consent of data owners.
ARTICLE 7- PROCESSING OBJECTIVES REQUIRING RETENTION
The company, including but not limited to the following: may process the personal data of the data subject or third parties specified by the data subject for various purposes:
a- To execute human resources processes.
b- Ensuring corporate communication.
c- Ensuring company security.
d- To be able to perform statistical studies.
e- To be able to perform work and procedures as a result of contracts and protocols signed.
f- Ensuring the fulfillment of legal obligations as required or mandated by legal regulations.
g- Liaising with real / legal persons who have a business relationship with the company.
h- To issue legal reports.
i- To fulfill the burden of proof as evidence in legal disputes that may arise in the future.
j- Execution/follow-up of company’s legal affairs.
ARTICLE 8- LEGAL CAUSES REQUIRING DISPOSAL
Personal data is deleted or disposed by the company, upon the request of the person concerned or ex officio, in the existence of the following situations:
- Changing or repealing the provisions of the relevant legislation, which is the basis for the processing of personal data
- Extinguishing of the purpose requiring processing or retaining of personal data
- In cases where the processing of personal data takes place only on the basis of explicit consent, the data owner withdrawing his/her explicit consent.
- Approval of the person's application for the deletion and disposal of his/her personal data by the data controller pursuant to Article 11 of the Law, regarding the deletion and disposal of personal data within the framework of the rights of the person concerned.
- The maximum period for keeping personal data being passed and no conditions to justify retaining personal data for a longer period of time exists.
ARTICLE 9- TECHNICAL ACTIONS
Technical actions taken by the company regarding the personal data it processes are as follows:
- Performs necessary internal controls within the scope of established systems
- Executes the processes of information technology risk assessment and business impact analysis within the scope of systems established.
- Ensures technical infrastructure to prevent or monitor the data leakage outside the company and the creation of relevant matrices.
- Provides system vulnerabilities control by receiving penetration test service regularly and when needed.
- Ensures that the access to employees’ personal data in information technology units is retained under control.
- Disposal of personal data is ensured in a way that is not recyclable and leaves no audit trail.
- In accordance with Article 12 of the Law, all kinds of digital media where personal data are retained are safeguarded by encrypted or cryptographic methods to meet information security requirements.
ARTICLE 10- ADMINISTATIVE ACTIONS
Administrative measures taken by the company regarding the personal data it processes are as follows:
- Restricts internal access to the retained personal data to the personnel required by the job description. In restricting access, whether the data is of special nature and its importance are also considered.
- In case the processed personal data is acquired by others unlawfully, informs this situation to authorized person and the Council.
- Regarding the sharing of personal data, it concludes a framework agreement on the protection of personal data and data security with the persons with whom personal data is shared or ensures data security with the provisions added to the existing contract.
- Employs qualified and experienced personnel about the processing of personal data and delivers required training to its personnel for legislation for the protection of personal data and data security.
- Performs or have others performed necessary inspections for the purpose of ensuring the application of legal provisions in its own legal entity. Eliminates privacy and security vulnerabilities arise as a result of audits.
-
ARTICLE 11- METHODS FOR ERASING PERSONAL DATA
Personal data are erased with methods specified under ANNEX TABLE: 3.
ARTICLE 12- METHODS FOR DISPOSING PERSONAL DATA
Personal data is disposed of by the methods specified in ANNEX TABLE: 4.
ARTICLE 13- RETENTION AND DISPOSAL PERIODS
While determining the retention period of personal data by the company; First of all, if a period of time is stipulated in the legal legislation regarding the storage of the personal data in question, this period shall be complied with. Apart from this, the retention and disposal timetable in ANNEX TABLE: 5 is taken as a basis.
ARTICLE 14- PERIODIC DISPOSAL PERIOD
The company performs periodic disposal in June and December every year.
ARTICLE 15- PUBLISHING, STORING AND UPDATING THE POLICY
The policy is published in two different environments, with wet signature (printed paper) and electronically, and announced to public in internet page. The printed paper copy is retained in the company. The policy is reviewed as needed and the necessary sections are updated.
ARTICLE 16- ENFORCEMENT
The policy is deemed to have entered into force after its publication on the company's website. If it is decided to revoke it, old copies of the policy with wet signatures are revoked and signed (with a cancellation stamp or written cancellation) and retained by the company for at least 5 years.
ANNEX TABLE: 1 Task distribution of retaining and disposal processes
TITLE
|
UNIT
|
TASK
|
Company Director
|
Company
|
Responsible for the employees to act in line with the policy.
|
Human Resources Manager
|
Human Resources
|
Responsible for the preparation, development, execution, publication and updating the policy.
|
Information Systems
|
Information Systems
|
Responsible for providing the technical solutions needed in the implementation of the policy.
|
|
All other units
|
Responsible for the execution of the Policy in accordance with its duties.
|
ANNEX TABLE: 2 Personal data retention Environments
Electronic Means
|
Regular means
|
Personal computers
Mobile Devices
Optical discs
Printers, scanners, copiers
Removable and portable memories
Servers
Software
Information security devices
|
Papers
Written and printed media
Visual recordings
Manual data recording systems
|
ANNEX TABLE: 3 Methods of Erasing Personal Data
Data Recording Means
|
Erasure Method
|
Servers
|
System administrator cancels the access authorization of the relevant users and deletes the personal data on the servers for those whose period of time has expired.
|
Electronic means
|
Among the personal data in the electronic environment, the ones whose period has expired are rendered inaccessible and non-reusable for other employees (relevant users) except the database administrator.
|
Physical environment
|
Of the personal data kept in the physical environment, those whose period has expired except for the unit manager responsible for the document archive, it is made inaccessible and non-reusable in any way for other employees. In addition, the process of blackening is applied by drawing/painting/erasing in a way that cannot be read.
|
Mobile media
|
Among the personal data kept in flash-based storage media, those whose period has expired, are stored in secure environments with encryption keys, encrypted by the system administrator and only the system administrator is authorized to access it.
|
ANNEX TABLE: 4 Personal Data Disposal Methods
Data Recording Means
|
Disposal Method
|
Physical Means
|
Of the personal data in the paper environment, the period that requires them to be kept has expired, shall be disposed in paper shredder will be irrevocably disposed.
|
Optical or magnetic media
|
Physical Disposal is made such as melting, burning or pulverizing shall be implemented for those which their period has expired from personal data contained in optical media and magnetic media. Furthermore, by passing magnetic media through a special device and exposed to a high magnetic field, making the data on it illegible.
|
ANNEX TABLE: 5 Retention and Disposal Period Table
PROCESS
|
RETENTION PERIOD
|
DISPOSAL PERIOD
|
Occupational health and safety practices
|
10 years after the end of the employment relationship
|
180 days following the expiration of the retention period
|
Payrolling
|
10 years after the end of the employment relationship
|
180 days following the expiration of the retention period
|
Responding to personnel court / courthouse requests
|
10 years after the end of the employment relationship
|
180 days following the expiration of the retention period
|
Filing the raining records
|
10 years after training arrangement
|
180 days following the expiration of the retention period
|
Emergency preparations
|
10 years following the performance of the preparation
|
180 days following the expiration of the retention period
|
Log record tracking systems
|
10 years as of its creation.
|
180 days following the expiration of the retention period
|
Camera records
|
1 year as of its recording
|
180 days following the expiration of the retention period
|
STAYSO TURİZM OTELCİLİK İÇ VE DIŞ TİC. LTD.ŞTİ.
DIRECTIVE ON THE METHOD TO BE FOLLOWED IN APPLICATIONS FOR PERSONAL DATA
- PURPOSE:
This Directive on the Method to be Followed in Applications For Personal Data (“Directive”), has been arranged for the purpose of identifying solutions and policies in relation to problems emerging and applications made by Stayso Turizm Otelcilik İç ve Dış Tic.Ltd.Şti. (“Company”) bearing the title of data supervisor pursuant to KVKK as specified under Article 13 for the utilization of their rights regulated under Article 11 of Law on the Protection of Personal Data (“KVKK”) numbered 6698 and shall be enacted by the Commission and updated when necessary.
- SCOPE
The relevant person in the scope of KVKK Article 11 has right to; to learn whether personal data is processed, to request information if personal data has been processed, to learn the purpose of processing personal data and whether they are used in accordance with its purpose, recognizing the third parties to whom personal data is transferred at home or abroad, requesting personal data correction in the event of incomplete or incorrect processing, Requesting the deletion or destruction of personal data in the event that the reasons requiring the processing of personal data disappear within the framework of Article 7 of the KVKK, in case of incomplete or incorrect processing of personal data requesting notification of third parties to whom personal data has been transferred, that these have been corrected or that personal data has been deleted or destroyed within the scope of Article 7 of the KVKK, objecting to the emergence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems and requesting the compensation of the damage in case of loss due to the unlawful processing of personal data.
Pursuant to KVKK Article 13; relevant person informs the data controller that he/she wants to exercise his/her rights in writing or by other methods to be identified by the Personal Data Protection Board.
- APPLICATION:
Company has established the Personal Data Protection Commission (“Commission”), which will work on data security within the scope of the personal data protection obtained through legal reasons and methods in accordance with the KVKK; Any application made within the scope of Article 13 of the Company's KVKK will be immediately inspected by the Commission.
Relevant persons transmit the application form prepared by the Company for the use of the persons concerned, in the following ways:
1-Personnaly applying to Company’s SÜTLÜCE MAH. İMRAHOR CAD. NO: 16 A BEYOĞLU/ İSTANBUL address (The applicant applying in person and fill out the application form with his/her identity card).
2-Its transmission via notary or registered mail with return receipt to Company’s SÜTLÜCE MAH. İMRAHOR CAD. NO: 16 A BEYOĞLU/ İSTANBUL address, or
3-Transmission by using the electronic mail address registered data controller’s system by the person concerned or previously reported to the data controller to the registered electronic mail address with an electronic signature to the Company’s e-mail recorded as info@staysohotels.com.
The following information about the person concerned must be included in the application;
- Name, surname and signature
- For citizens of the Republic of Turkey, T.R. Identity number, nationality for foreigners, passport number or, if any, identification number (foreign identity number)
- Domicile or workplace address based on notification
- E-mail address, telephone, and fax number for notification, if any
- Subject of the request
In our company if the Commission detects any deficiency or inaccuracy in the applications submitted to our company through the above-mentioned ways, it will request the correction of these deficiencies and missing parts or inaccuracies from the relevant person within a maximum of [5] days, When the relevant defect or mistake is corrected, it will immediately investigate the application for response.
In response to applications submitted other than through the aforementioned means, Commission will mention in writing that the application must be made by the above-mentioned means.
- APPLICATION INVESTIGATION PERIOD:
The Commission, receiving a fully and completely filled application form, will prepare a written response to the relevant person within 30 (thirty) days at the latest from the date of receipt of the form.
In applications sent by mail, the date on which the document is notified to the data controller or its representative; for applications made by other methods, the date on which the application is received by the data controller, shall be taken as basis as the application date.
- CONTENT OF APPLICATION RESPONSES:
The company is obliged to take every kind of administrative or technical actions within the scope of the Directive on the Procedures and Principles of Application to Data Controller No. 30356, to conclude the applications to be made by the relevant person effectively, in accordance with the law and the rule of good faith.
The Commission accepts the application or rejects it by explaining tis justification.
In the response to the application, summary of the application and detailed information in accordance with the right that the person stated in the application form that he/she wants to utilize in the scope of Article 11 of the KVKK is specified. This response should involve, Company’s information, applicant’s; name and surname, TR identity number for citizens of the Republic of Turkey, nationality, passport number or identity number, if any, for foreigners, Domicile or workplace address for notification, e-mail address for notification, telephone and fax number, subject of the request and statements of the Company regarding the application.
In the statements relevant to the application it shall be explained whether the personal data of the person is in the Company records, whether it is transferred to third parties and how it is processed.
In case the applicant requests the correction of incomplete or incorrectly processed personal data, he/she is informed about this request and he/she is informed whether it is fulfilled or not.
If the applicant has a request for the deletion of his/her data, whether it is deleted or not, if the deletion request will be rejected explained with its justifications.
- METHOD OF SERVING APPLICATION RESPONSE:
Response letter prepared by the commission, will be forwarded as stated by the applicant on the form. The method of submission is specified in the article titled "Declaration of the Applicant" attached to the application form and it will be as follows:
- Mailing to the relevant person’s address
- Sending electronically to the e-mail address of the person concerned
- Applicant to be served personally
If the applicant has selected the option to receive by hand in the Declaration of the Applicant, In case of receipt by proxy, a notarized power of attorney or notarized authorization document will be required. This necessity is also valid for family members.
- COST OF APPLICATION RESPONSE:
No fee is charged from the response to the application of the person concerned. A transaction fee of 1 Turkish Lira may be charged for each page exceeding ten pages.
If the answer to the application is given in a recording medium such as CD or flash memory fee to be requested by the data controller cannot exceed cost of recording media.
- COMPLAINT:
In cases where the application is rejected, the response given by the person concerned is insufficient or the application is not answered in due time; the person concerned will be able to file a complaint with the Personal Data Protection Board within 30 (thirty) days from the date of receiving response from the Institution and in any case within 60 (sixty) days from the date of application. For this reason, incoming applications should be carefully examined and responded in a timely manner.
- NOTIFICATION TO THE GENERAL MANAGER:
If it is determined that the personal data of any person’s data is obtained, processed or transferred to third parties without legal causes in accordance with the KVKK, This situation shall be immediately notified to the Director General by the Commission in writing and with the relevant documents available.
At the same time, the person concerned will be contacted and it will be examined whether the damage has occurred and the method of compensation. A verbal apology and amicable resolution will be sought, if necessary, in agreement with the Managing Director.
Commission will report to the General Manager in reference to application received and responses given every [3 months] and notify its suggestions if any.
OWNER APPLICATION FORM