IO CONCEPT
Handwoven Peshtemal Sea Shell - Gri
IO CONCEPT
Handwoven Peshtemal Sea Shell - Yellow
IO CONCEPT
Pamuk/Keten Buldan Peştamal - Striped
IO CONCEPT
Pamuk/Keten Buldan Peştamal - Straight
IO CONCEPT
Cotton/Linen Buldan/Türkiye Hair Towel/Peskir - Striped
IO CONCEPT
Cotton/Linen Buldan/Türkiye Hair Towel/Peskir - Straight
IO CONCEPT
Cotton/Linen Buldan/Türkiye Bathrobe - Striped
IO CONCEPT
Cotton/Linen Buldan/Türkiye Bathrobe - Straight
Personal Data Protection and Processing Policy
1. Purpose and Scope:
Objective 2:
3. Definitions and Abbreviations:
4. Responsibilities:
5. Procedures
and Principles on the Protection of Personal Data:
5.1-General Principles Regarding the Processing of Personal Data:
5.2-Terms of Processing of Personal Data:
5.3-Processing of Special Categories of Personal Data:
6. Implementation of the Policy and Related Legislation
7. Enforcement and Updating of the Policy
1.PURPOSE AND SCOPE
ASAY GLOBAL E-Commerce and Consultancy LTD. ŞTİ. ("IO CONCEPT /
Company") Personal Data Processing and Protection Policy determines the principles adopted by
our Company regarding the protection and processing of personal data and to be
taken into consideration in practice.
Purpose of this Policy:
To comply with the Law No. 6698 on the Protection of Personal Data
("PDP")
To determine the framework of compliance activities to be carried out
specifically for our Company regarding the protection and processing of
personal data and to ensure coordination
To continue to operate in accordance with the principles of compliance with
the law, honesty and transparency adopted since our establishment
Scope of the Policy:
This Policy covers all personal data processed by our Company. In this
context; personal data of our employees, customers, suppliers and other
stakeholders are included.
GOAL 2
Objectives of the Company's Personal Data Protection Policy:
Awareness Raising: Raising awareness on the protection
and processing of personal data within the company
Compliance with Law: Establishing the necessary systems
for the processing and protection of personal data in accordance with the law
Compliance with Legislation: Ensuring full compliance with the
Law No. 6698 on the Protection of Personal Data ("PDP") and related
legislation
Establishment of the Order: Establishing the necessary order
regarding the protection and processing of personal data
The Policy will function as a guiding document in terms of the
implementation of the regulations set forth by the PDP Law and the relevant
legislation.
3. DEFINITIONS and ABBREVIATIONS
This section contains definitions of some important terms used in the Company's
Personal Data Protection Policy.
EXPRESS CONSENT: Consent on a specific subject, based
on information and expressed with free will.
ANONYMIZATION: It is the modification of personal data in such a way
that it loses its personal data characteristic and this situation cannot be
reversed. Ex: Masking, aggregation, data corruption, etc. Making personal data
impossible to be associated with a real person by means of techniques.
RELEVANT PERSON: The natural person whose personal
data is processed. For example: Customers, employees
PERSONAL DATA: Any information relating to an identified and
identifiable natural person. Therefore, the processing of information on legal
persons is not covered by the Law. For example: name-surname, Turkish ID
number, e-mail, address, date of birth, credit card number, bank account
number, etc.
PERSONAL DATA OF SPECIAL NATURE: Data relating to race, ethnic
origin, political opinion, philosophical belief, religion, sect or other
beliefs, clothing, membership of associations, foundations or trade unions,
health, sexual life, criminal convictions and security measures, and biometric
and genetic data are data of special nature.
PROCESSING OF PERSONAL DATA: Any operation performed on personal
data such as obtaining, recording, storing, preserving, modifying,
reorganizing, disclosing, transferring, taking over, making available,
classifying or preventing the use of personal data by fully or partially
automatic means or by non-automatic means provided that it is part of any data
recording system.
DATA CONTROLLER: Refers to the natural or legal
person who determines the purposes and means of processing personal data and
manages the place where the data is kept systematically (data recording
system).
DATA SUBJECT APPLICATION FORM: The application form to be used by
the Data Subject while using their applications regarding their rights under
Article 11 of the PDP Law.
CONSTITUTION: The Constitution of the Republic of Turkey dated
November 7, 1982 and numbered 2709, published in the Official Gazette dated
November 9, 1982 and numbered 17863
PDP LAW: Law on the Protection of Personal Data dated March 24,
2016 and numbered 6698, published in the Official Gazette dated April 7, 2016
and numbered 29677.
POLICY: Company Personal Data Protection and Processing
Policy
COMMUNIQUÉ ON THE PROCEDURES AND PRINCIPLES TO BE
FOLLOWED IN FULFILLMENT OF THE DISCLOSURE OBLIGATION:
Communiqué on
the Procedures and Principles to be followed in the Fulfillment of the
Disclosure Obligation, published in the Official Gazette dated March 10, 2018
and numbered 30356.
4. RESPONSIBILITIES
ASAY GLOBAL E-Commerce and Consultancy LTD. ŞTİ. ("Io
Concept / Company"), we are responsible for all obligations contained in
this Policy. All
activities related to the protection and processing of personal data are
carried out in accordance with this Policy and the relevant legislation.
Our responsibilities within this scope are as follows:
Compliance
with the Law: To act in
accordance with the Law No. 6698 on the Protection of Personal Data
("PDP") and other relevant legislation in the processing of personal
data.
Data
Security: To take the
necessary technical and administrative measures to ensure the protection of
personal data against unauthorized access, unlawful use, disclosure, loss,
alteration or destruction.
Transparency:
Providing information on how
and for what purposes personal data are processed in an open and transparent
manner to the relevant persons.
Rights
of Data Subjects: The rights
of the data subjects arising from the PDP (information, access, correction,
deletion, limitation of processing, objection and portability rights) to ensure
that they use it.
Accountability:
To be responsible for all
our activities related to the processing of personal data and to keep documents
to show that we fulfill our obligations in this regard.
All activities related to the protection and processing of
personal data in our Company are coordinated by the authorized person appointed
as the Data Controller. The Data
Controller is responsible for fulfilling all obligations in this Policy and the
relevant legislation.
In addition, all our employees receive the necessary training on
the protection and processing of personal data. Our employees show the necessary care to act
in accordance with this Policy and the relevant legislation and to protect
personal data.
5. PROCEDURES AND PRINCIPLES REGARDİNG THE PROTECTİON OF PERSONAL
DATA
This section
addresses the general principles and special conditions regarding the
processing of personal data by our Company.
5.1 General Principles Regarding
the Processing of Personal Data
Our Company complies with the following general principles when
processing personal data:
Compliance
with Law and Good Faith:
Personal data are processed in accordance with the law and good faith.
Accuracy
and Timeliness: Personal
data is kept accurate and up-to-date. When necessary, updated information is
requested from the data subject.
Specific,
Explicit and Legitimate Purpose:
Personal data are processed for specific, explicit and legitimate purposes. The
purpose of processing the data is clearly and transparently notified to the
data subject in advance.
Relevance,
Limitation and Proportionality:
Personal data are processed in a limited and measured manner in connection with
the purpose for which they are processed. Personal data that are not necessary
for the purpose of processing are not processed.
Retention
Period: Personal data are
retained for the period stipulated in the relevant legislation or required for
the purpose for which they are processed. Personal data are deleted or
anonymized when the purpose of processing disappears or the processing period
expires.
5.2 Terms of Processing Personal
Data
Personal data may only be processed if one of the following
conditions exists:
Explicitly
Permitted by Law: Personal
data may be processed if it is expressly provided for by law.
Establishment
or Performance of a Contract:
Personal data may be processed if it is directly related to the conclusion or
performance of a contract.
Establishment,
Exercise or Protection of Rights: Personal data may be processed if it is necessary for the
establishment, exercise or protection of a right.
Explicit
Consent: Personal data may
be processed with the explicit consent of the data subject. Consent is given
freely, explicitly and on the basis of information.
Stipulated
by Law or Protection of Fundamental Rights and Freedoms: Personal data may be processed if it is stipulated by
law or if it is necessary for the protection of the fundamental rights and
freedoms of the person concerned.
Public
Health Personal data may be
processed if it is necessary for the protection of public health.
Duties
of the Public Authority:
Personal data may be processed if it is necessary for a public authority to
fulfill its duties established by law.
Rights
and Obligations of the Parties to the Contract: Personal data may be processed if it is necessary for
the fulfillment of the rights and obligations of the parties to a contract.
Risk
to Life or Physical Integrity:
Personal data may be processed without the explicit consent of the data subject
if it poses a risk to the life or physical integrity of the data subject or
another person.
5.3 Processing of Special
Categories of Personal Data
Sensitive personal data may only be processed if one of the
following conditions exists:
Explicitly
Permitted by Law: Processing
of special categories of personal data may be processed if expressly provided
for by law.
Explicit
Consent:
Sensitive personal data may be
processed with the explicit consent of the data subject. Consent is given
freely, explicitly and on the basis of information.
Health
Services: Special categories
of personal data may be processed if the provision of health services requires
medical diagnosis, treatment and care or if it poses a risk to the life or
physical integrity of the person concerned or someone else.
6. IMPLEMENTATION OF THE POLICY and RELATED LEGISLATION
ASAY GLOBAL E-Commerce and Consultancy LTD. ŞTİ. ("Io
Concept / Company"), we meticulously apply all the principles and rules
contained in this Policy. All our
activities regarding the protection and processing of personal data are carried
out in accordance with this Policy and the relevant legislation.
In this context:
Technical
and Administrative Measures:
We take all necessary technical and administrative measures to protect the
security and integrity of personal data. These measures include necessary steps
such as controlling data access, protection against data loss and data leakage,
data backup and recovery.
Training We provide our employees with the necessary training
on the protection and processing of personal data. Our employees show due
diligence to comply with all obligations in this Policy and to protect personal
data.
Audit
and Risk Assessment: We have
put in place mechanisms to oversee our compliance with all obligations
contained in this Policy. These mechanisms function through regular audits and
risk assessments.
Sanctions: We are aware that in cases where we do not comply
with all obligations in this Policy, we may be subject to sanctions stipulated
in the relevant legislation. Therefore, we make maximum effort to fulfill all
our obligations meticulously.
If you have any questions or concerns regarding the protection and
processing of personal data, please do not hesitate to contact [contact
details].
You can also visit the website of the Personal Data Protection
Authority (https://kvkk.gov.tr/) for detailed information on the protection of
personal data.
7. IMPLEMENTATION AND UPDATING OF THE POLICY
ASAY GLOBAL E-Commerce and Consultancy LTD. ŞTİ. ("Io Concept
/ Company") Personal Data Processing and Protection Policy entered into force on this date, [Effective
Date].
This Policy may be periodically reviewed and updated for various
reasons, including the following:
Changes
made in the relevant legislation: Law No. 6698 on the Protection of Personal Data ("PDP") and
the Policy may be updated to comply with the changes made in other relevant
legislation.
Changes
in the activities of our Company: The Policy may be updated to adapt to changes in our Company's
activities or the way we process personal data.
Developments
in technology: The Policy
may be updated in the event of technological developments and the emergence of
new data processing methods.
Other
requirements: The Policy may
be updated in line with the requests or suggestions made by the PDP Authority
or other competent authorities.
The updated Policy enters into
force as of [Update Date].
From the date the Policy is updated, all personal data processing activities
are carried out in accordance with the updated Policy.