Privacy Policy

K&P LEGAL LAW FIRM
PROTECTION OF PERSONAL DATA AND PRIVACY POLICY

1. INTRODUCTION
As K&P LEGAL LAW FIRM / Erdal KARDAS – Yelda TOPUZ KARDAS Attorney Partnership (“K&P Legal”), from the date of the entry into force of the Law on Protection of Personal Data No. 6698 (“KVKK”) and upon the effective date of the relevant legislation, while carrying out all our business activities the protection of personal data of natural persons who have any contact, handling, deletion, retention destruction or anonymization, and in this context, we give great importance to the full implementation of the requirements contained in the KVKK and related legislation. The Personal Data Protection and Processing Policy (“Policy”) is based on the processes and principles of collecting, using, sharing, storing, processing, deleting, destroying or anonymizing personal data by K&P Legal is intended to inform. This Policy, K&P Legal contains guidelines for the processing, deletion, destruction or anonymization of personal data belonging to data owners, and these statements include K&P Legal employees, clients and clients’ employees, it includes our active and potential clients and customers, suppliers, business partners, affiliates, visitors and all other real persons in contact with K&P Legal.
2. PROCEDURES AND PRINCIPLES FOR THE PROTECTION OF PERSONAL DATA
A. DEFINITIONS
The definitions of the terms and abbreviations contained in this Policy are as follows:
Explicit Consent Freely given, specific and informed consent
Recording Environment Any environment in which personal data is completely or partially automated or processed by non-automated means, as part of any data recording system
Anonymizing Rendering personal data impossible to link with an identified or identifiable natural person, even through matching them with other data
Eusure of Personal Data Making personal data inaccessible and unusable in any way for the users concerned
Destruction of Personal Data The process of making personal data inaccessible, non-refundable and unusable by anyone in any way
Extermination Erasure, destruction or anonymizing of personal data
Data Subject The natural person, whose personal data is processed
Law / KVKK Law No. 6698 on the Protection of Personal Data
Personal Data All the information relating to an identified or identifiable natural person
Processing of Personal Data Any operation performed upon personal data such as collection, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making retrievable, classification or preventing the use thereof, fully or partially through automatic means or provided that the process is a part of any data registry system, through non-automatic means
Board Personal Data Protection Board
Personal Data of Special Nature Information on the race, ethnicorigin, political opinion, philosophical beliefs, religion, sect or other beliefs, disguise and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data
Periodic Extermination In the event that all of the terms of the processing of personal data contained in the law are eliminated, the deletion, destruction and anonymity will be performed at repeated intervals as set out in the policy of retention and destruction of personal data.
K&P Legal K&P Legal Law Fırm Erdal KARDAS – Yelda TOPUZ KARDAS Partnership
Processor The natural or legal person who processes personal data on behalf of the controller upon his authorization
Controller The natural or legal person who determines the purpose and means of processing personal data and is responsible for establishing and managing the data registry system
B. GENERAL PRINCIPLES FOR PROCESSING PERSONAL DATA
K&P Legal Law Firm processes, store and destroys personal data in accordance with the procedures and principles set forth in the KVKK and other applicable laws. In this context, when processing, storing and destroying personal data by K&P Legal, the K&P Legal Law Firm is fully compliant with and pays attention to the following principles in KVKK.
  • Lawfulness and conformity with rules of bona fides: Pursuantt to this principle, K&P Legal’s data processing processes are carried out by processing the minimun amount of data, taking into account the interests and reasonable expectations of the data subjects, in accordance with the constituon and KVKK, all relevant legislation, general legal norms and universal law principles, within the framework of honesty.
  • Accuracy and being up to date, where necessary: K&P Legal takes the necessary measures to prevent material and immaterial damage due to the out-of-date or improperly held personal data of the persons concerned and to ensure that the personal data processed is accurate and up-to-date in order to ensure that the personal data can be kept accurate and up-to-date. In this context, the data being processed in order to ensure that specific and reflect the actual situation confirmed the accuracy of data from sources, collecting accurate personal data and contact information necessary to lack of opportunities recognized by standing-induced considering the demands in this context reasonable precautions are taken.
  • Being processed for specific, explicit and legitimate: K&P Legal only processes personal data for legitimate purposes clearly and definitively determined, and does not engage in data processing for any purpose other than those purposes. In this context, K&P Legal processes personal data only in connection with the business relationship established with the owners of the data, and where necessary for them.
  • Being relevant with, limited to and proportionate to the purposes for which they are processed: The data is processed by K&P Legal in accordance with the KVKK and other relevant legislation in accordance with the existing objectives determined according to the data categories, appropriate to the realization of the purpose and in a measured manner, and the processing of personal data that is not needed is avoided.
  • Being retained for the period of time stipulated by relevant legislation or the purpose for which they are processed: Personal data processed by the K&P Legal is maintained only for the period stipulated in the relevant legislation or for the purpose for which it is processed. In this context, K&P Legal complies with this period if there is a time in the relevant legislation stipulated for the storage of data; if such a period of time does not exist, it retains the data only for the time required for the purpose for which it is processed. In this direction, if the expiration of the period stipulated in the legislation or the reasons that require the processing of personal data are eliminated, the personal data is erased, destroyed or made anonymous by K&P Legal. K&P Legal does not store data based on the possibility of future use.
C. CONDITIONS FOR PROCESSING OF PERSONAL DATA
KVKK 5. article regulates the terms of processing of personal data and is processed by K&P Legal under the conditions set out below, provided that personal data is in accordance with the conditions for processing of the data specified in the KVKK. K&P Legal in data processing processes firstly, in article 5 paragraph 2 of KVKK;
  • It is clearly provided for by the laws,
  • It is mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his consent or whose consent is not deemed legally valid,
  • processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract,
  • It is mandatory for the controller to be able to perform his legal obligations,
  • The data owner is made available to the public by the data subject himself,
  • Data processing is mandatory for the establishment, exercise or protection of any right,
  • It is mandatory for the legitimate interests of the controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject,
data processing is carried out in the event that any of these cases does not exist and only if the person concerned gives explicit consent to the processing of the data. Special sensitivity is given by K&P Legal to the processing of personal data of special nature which, if learned by others, may result in victimization or discrimination of the person concerned and which is therefore believed to be of more critical importance in various aspects of protection. . In this context, personal data of special nature are processed with the expilict consent of the person concerned provided that adequate measures are taken as determined in the Board’s Resolution No. 2018/10 and date 31.01.2018. However, personal data other than health and sexual life may also be processed without the expilict consent of the person concerned, where required by law. Data on health and sexual life can be processed without explicit consent in the event of the following reasons or if provided for by law:
  • For the purpose of protection of public health,
  • Operation of preventive medicine,
  • Medical diagnosis,
  • Conducting treatment and nursing services,
  • Planning and management of health-care services and financing,
D. PURPOSES OF PROCESSING PERSONAL DATA
Your personal data obtained by K&P Legal will be processed within the scope described below:
  • Execution of Emergency Management Processes,
  • Execution of Information Security Processes,
  • Employee Candidate / Intern / Student Selection and Placement Process Execution,
  • Execution of The Application Process of Employee Candidates,
  • Execution of Employee Satisfaction and Commitment Processes,
  • Fulfilment of Obligations Arising From Work Contract And Legislation For Employees
  • Execution of Ancillary Rights And Benefits Processes For Employees,
  • Execution of Audit / Ethical Activities
  • Execution of Educational Activities
  • Execution of Access Powers
  • Execution of Activities in Accordance with the Legislation
  • Execution of Finance and Accounting
  • Execution Of Firm / Product / Service Commitment Processes
  • Ensuring Physical Space Safety
  • Execution of Assignment Processes
  • Follow-up and Execution of Legal Affairs
  • Execution of Internal Audit/Investigation/Intelligence Activities
  • Execution of communication activities
  • Planning of human resources processes
  • Conducting/Auditing Business Activities
  • Execution of Occupational Health / Safety Activities
  • Taking And Evaluating Suggestions For Improvement of Business Processes
  • Conducting Business Continuity Activities
  • Execution of Logistics Activities
  • Execution of Goods/Services Purchasing Processes
  • Execution of Goods/Services After-Sales Support Services
  • Execution of Goods/Services Sales Processes
  • Execution of Goods/Services Production and Operations Processes
  • Execution of Client Relationship Management Processes
  • Execution of Activities for Client Satisfaction
  • Organization and Event Management
  • Conducting Marketing Analysis Studies
  • Execution Of Performance Evaluation Processes
  • Execution Of Advertising / Campaign / Promotion Processes
  • Execution Of Risk Management Processes
  • Execution Of Storage And Archive Activities
  • Conducting Out Social Responsibility And Civil Society Activities
  • Execution Of Contract Processes
  • Conduct Of Sponsorship Activities
  • Conduct Strategic Planning Activities
The above-mentioned categories are for informational purposes and other categories may be added by us to enable K&P Legal to carry out other activities necessary for the continuation of its future business activities and operations. In such cases K&P Legal will continue to update the specified categories in the relevant text in order to continue to inform them as quickly as possible.
E. PERSONAL DATA ON PROCESSING ACTIVITY
Employee candidates, K&p Legal employees, interns, shareholders, partners, customers receiving potential and active services, who apply to K&P Legal in accordance with the principles and conditions set forth above by K&P Legal, to the employees, officials and visitors of our suppliers:
  • Identity (such as name surname, mother-father name, mother’s maiden name, date of birth, place of birth, marital status, ID card serial number, TR ID number)
  • Contact (such as address number, email address, contact address, registered e-mail address, phone number)
  • Location (location information)
  • Personal (payroll information, disciplinary investigation, entry-exit document records, property Statement Information, resume Information, performance evaluation reports etc. )
  • Legal proceedings (such as information in correspondence with judicial authorities, information in the case file)
  • Customer transaction (call center records, invoice, deed, check information, information on box office receipts, order information, request information etc.)
  • Physical Space Safety (employee and visitors’ entry and exit recording information, camera recordings etc.)
  • Process Security (such as IP address information, website entry and exit information, password and code information)
  • Risk Management (such as information processed to manage commercial, technical, administrative risks)
  • Finance (such as balance sheet information, financial performance information, credit and risk information, asset information)
  • Professional experience (such as diploma information, courses attended, in-profession training information, certificates, transcripts information )
  • Marketing (shopping history information, survey, cookie records, information obtained through campaign work)
  • Audio and visual recordings (such as audio and visual recordings)
  • Philosophical beliefs, Religion, Sect and Other beliefs (information about religious affiliation, information about philosophical beliefs, information about sectarian affiliation, information on other beliefs, etc.)
  • Health Information (such as disability information, blood type information, personal health information, device and prosthesis information used)
  • Criminal Convictions and Security Measures (information on criminal convictions, information on security measures, etc.)
  • Biometric Data (such as palm information, fingerprint information, retinal scan information, facial recognition information)
personal data is obtained, processed and transferred to third parties under the permissions of the data subject and only in accordance with the permission provided.
F. STORAGE AND DESTRUCTION OF PERSONAL DATA
The personal data we obtain is stored securely in physical or electronic envirimonet, portable media, or cloud enviroment for the purpose of carrying out any activities of K&P Legal in accordance with the purpose for which they are processed, or for the duration stipulated in the legislation. Within the scope of these activities, K&P Legal acts in accordance with the obligations and responsibilities stipulated in all relevant legislation, especially KVKK, regarding the protection of personal data. In accordance with relevant legislation, except in cases where the storage of personal data is restricted or forced for longer periods of time in the event that the purpose of processing personal data expires, Different techniques (physical destruction, permanent deletion from the software, masking, data derivation, aggregation, data hash, deletion by expert, etc.) that can be used by K&P Legal or the attached data owner application form.) at the request of the data owners, the data will be deleted in such a way as to make the personal data inaccessible and unusable in any way for the relevant users, all copies of the data will be identified and destroyed according to the type of systems in which the data is located, or, even if the personal data is matched with other data, in no way is the identified or identifiable real person will be anonymized. In the event that personal data is destroyed through such methods, such data will be destroyed in such a way that it cannot be used or recovered in any way. However, in case of legitimate interest of K&P Legal, retention times on the basis of personal data relating to all personal data in the scope of activities carried out in connection with the process, provided that it does not harm the fundamental rights and freedoms of the persons concerned, retention times on the basis of data categories may be stored in the personal data processing inventoryAt the end of the period specified herein, personal data will be erased, destroyed or anonymized according to the procedure mentioned above. In the event that K&P Legal is obliged by applicable legislation to keep the relevant personal data for longer periods of time, K&P Legal shall have the right to retain the data for the duration of such periods, not exceeding the period specified in the relevant legislation. The deletion, destruction or anonymity of personal data whose retention periods have expired shall be destroyed in accordance with the procedures set out in this policy within 6-month periods within the framework of the destruction periods set out in this policy and in accordance with the principles stipulated by the board. All transactions relating to the erasure, destruction and anonymization of personal data are recorded and stored for at least three years, except for other legal obligations and discrete cases in the legislation.
G. TRANSFER OF PERSONAL DATA
1. Transfer of Personal Data Home
K&P Legal carefully complies with the requirements set out in the KVKK regarding the sharing of personal data with third parties, without prejudice to the provisions of other laws. In this context, personal data is not transferred by K&P Legal to third parties at home and abroad without the express consent of the person concerned. However, in cases where data transfer can be made without the express consent of the person concerned, which is limited in the Law:
  • It is clearly provided for by the laws,
  • It is mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his consent or whose consent is not deemed legally valid,
  • processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract,
  • It is mandatory for the controller to be able to perform his legal obligations,
  • The data owner is made available to the public by the data subject himself,
  • Data processing is mandatory for the establishment, exercise or protection of any right,
  • It is mandatory for the legitimate interests of the controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject,
transfer to third parties without the explicit consent of the person concerned. Personal data relating to health and sexual life, which are among the personal data of special nature, are complied with in the transfer of personal data of special quality, the conditions set out in the terms of processing of these data:
  • For the purpose of protection of public health,
  • Operation of preventive medicine,
  • Medical diagnosis,
  • Treatment and nursing services,
  • Planning and management of health-care services,
  • Requests from public, semi-private, private institutions and organizations in accordance with the legislation and in accordance with the legislation,
In their case they are transferred without the express consent of the person concerned. Personal data of special nature other than health and sexual life is transferred to third parties at home provided that they are prescribed by law and adequate precautions are taken.
2. Transfer of Personal Data Abroad
In accordance with article 9 of the Law personal data can be transferred abroad with explicit consent of the data subject. In addition, provided that adequate protection is found:
  • It is clearly provided for by the laws,
  • It is mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his consent or whose consent is not deemed legally valid,
  • Processing of personal data belonging to the parties of a contract, is necessary provided that it is directly related to the conclusion or fulfilment of that contract,
  • It is mandatory for the controller to be able to perform his legal obligations,
  • The data owner is made available to the public by the data subject himself,
  • Data processing is mandatory for the establishment, exercise or protection of any right,
personal data may be transferred abroad even if there is no explicit consent of the data subject in the event that the data processing is required for the legitimate interests of the controller, provided that it does not harm the fundamental rights and freedoms of the data subject. In terms of personal data of special quality regarding health and sexual life,
  • For the purpose of protection of public health,
  • Operation of preventive medicine,
  • Medical diagnosis,
  • Treatment and nursing services,
  • Planning and management of health-care services,
  • Requests from public, semi-private, private institutions and organizations in accordance with the legislation and in accordance with the legislation,
in their case they are transfarred without the explicit constent of the person concerned. In the transfer of personal data of special nature other than health and sexual life abroad, besides taking adequate measures, the transfer is required to be stipulated in the laws. However, in the case of conditions where personal data, including personal data of special nature, is permitted to be processed without the express consent of the owner, in the foreign country where the personal data will be transferred, provided that sufficient protection is available personal data may be transferred abroad by K&P Legal without seeking its consent. If the country to whom personal data will be transferred is not determined by the Board among the countries where adequate protection is available, K&P Legal and the controller/processor in the relevant country shall undertake in writing adequate protection.
H. OBLIGATION OF CONTROLLER TO INFORM
Article 10 of the law which contains provisions relating to the obligation of illimunate, according to the article, the controller must inform the relevant person prior to the acquisition of personal data or at the latest at the time of the acquisition. If personal data cannot be obtained directly from the data subject due to actual impossibility or inability to reach the person concerned;
  • Within a reasonable period of time from the receipt of personal data,
  • If personal data is to be used for communication purposes with the person concerned, during the first communication,
  • If personal data is to be transferred, at the latest at the time of the transfer of personal data for the first time,
the obligation to illuminate the person concerned must be fulfilled. The obligation of the controller to illuminate is not an obligation based on the request of thedata subject, but an obligation that must be fulfilled regardless of both explicit consent and other personal data processing requirements in the Act. While the disclosure obligation is fulfilled to the data subject, the information to be made by the controller or authorized persons must include as a minimum the following conditions:
  • The identity of the controller and of his representative, if any,
  • The purpose of data processing,
  • To whom and for what purposes the processed data may be transferred,
  • The method and legal reason of collection of personal data,
  • Other rights referred to in Article 11 of the KVKK. Other rights of the Relevant Person listed in Article.
the obligation to clarify by the controller or the person authorized under the relevant legislation; can be performed by using physical or electronic envriment such as oral, written, voice recording, call center. The controller or the person he/ she authorizes must decide which of these methods to use. In this context, in order to obtain, process and transfer your personal data in a transparent manner, we as K&P Legal shall have our firm’s own www.kplegal.com.tr/KVKK adressed at “Personal Data Protection Law Disclosure Text” we fulfill our obligation to illimunate. In the scope of our operations as K&P Legal except where the legislation makes exceptions, in the event of the acquisition, processing and transfer of personal data, the purchase of explicit consent declarations required to be obtained from the data subject, in order to ensure that the data subject freely and with sufficient information consent to the processing of data related to him, is carried out. In this context, the data subjects have been given the right to choose whether their personal data may be processed by K&P Legal and have been informed of the consequences if explicit consent is not obtained. On the other hand, paragraph 1 of article 28 of the KVKK. The data officer has no obligation to clarify in the following cases:
  • Personal data is processed by natural persons within the scope of purely personal activities of the data subject or of family members living together with him in the same dwelling provided that it is not to be disclosed to third parties and the obligations about data security is to be complied with,
  • Personal data is processed for the purpose of official statistics and for research, planning and statistical purposes after having been anonymized,
  • Personal data is processed with artistic, historical, literary or scientific purposes, or within the scope of freedom of expression provided that national defence, national security, public security, public order, economic security, right to privacy or personal rights are not violated or they are processed so as not to constitute a crime,
  • Personal data is processed within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations duly authorised and assigned to maintain national defence, national security, public security, public order or economic security,
  • Personal data is processed by judicial authorities or execution authorities with regard to investigation, prosecution, criminal proceedings or execution proceedings.
However, article 28 of the KVKK is in accordance with paragraph 2 the data controller’s obligation to illuminate will not find the application area if:
  • Is required for the prevention of a crime or crime investigation,
  • Is carried out on the data which is made public by the data subject himself,
  • Is required for inspection or regulatory duties and disciplinary investigation and prosecution to be carried out by the public institutions and organizations and by professional associations having the status of public institution, assigned and authorised for such actions, in accordance with the power conferred on them by the law,
  • Is required for protection of State’s economic and financial interests with regard to budgetary, tax-related and financial issues.
I. THE RIGHTS OF DATA SUBJECT
Regarding personal data processed by K&P Legal in accordance with the principles set forth in this Policy, the KVKK’s 11th amendment shall be deemed to be article, necessary measures have been taken for the exercise of the rights granted to the persons concerned. These rights include: a. To learn whether his personal data are processed or not, b. To request information if his personal data are processed, c. To learn the purpose of his data processing and whether this data is used for intended purposes, D. To know the third parties to whom his personal data is transferred at home or abroad, e. To request the rectification of the incomplete or inaccurate data, if any, f. To request the erasure or destruction of his personal data in the event that the reasons for processing are eliminated, although it has been processed in accordance with the provisions of this Act and other applicable law g. To request notification of the operations carried out in compliance with subparagraphs (e) and (f) to third parties to whom his personal data has been transferred, h. To object to the processing, exclusively by automatic means, of his personal data, which leads to an unfavourable consequence for the data subject, i. To request compensation for the damage arising from the unlawful processing of his personal data. Data subject, the rights listed above, www.kplegal.com.tr adressed at wet signed copy of the contact application form:
  • Personal Application (The applicant himself/ herself comes and applies with a document proving his identity)
  • Through Notary Public
  • Signed with Secure Electronic Signature or mobile signature, by sending via Registered Electronic Mail (UETS) of the K&P Legal
can use it with any of their methods. According to the nature of the request, K&P Legal will finalize the request as soon as possible and free of charge within thirty (30) days at the latest. However if the action in question incurs another cost, the price set by the Board may be collected. As a result of the review, the fee will be refunded to the applicant if it is found that K&P Legal has caused the application. In addition, in the process of finalizing the data owners’ requests, K&P Legal may request additional information or documentation from the applicant sought to ensure data security as well as to determine whether the applicant is the owner of the personal data . K&P Legal will submit the answer to the applications physically or electronically to the applicant concerned. If the application is accepted, the requested transaction will be fulfilled, and if the application is rejected, the applicant will be notified to the person concerned with the reason for the rejection. Within the framework of article 28(1) of KVKK, data subjects, article 11 of KVKK is unable to exercise the above rights listed in:
  • Personal data is processed by natural persons within the scope of purely personal activities of the data subject or of family members living together with him in the same dwelling provided that it is not to be disclosed to third parties and the obligations about data security is to be complied with,
  • Personal data is processed for the purpose of official statistics and for research, planning and statistical purposes after having been anonymized,
  • Personal data is processed with artistic, historical, literary or scientific purposes, or within the scope of freedom of expression provided that national defence, national security, public security, public order, economic security, right to privacy or personal rights are not violated or they are processed so as not to constitute a crime,
  • Personal data is processed within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations duly authorised and assigned to maintain national defence, national security, public security, public order or economic security,
  • Personal data is processed by judicial authorities or execution authorities with regard to investigation, prosecution, criminal proceedings or execution proceedings.
However, within the framework of article 28(2) of KVKK, except for the right to remedy damages, article 11 of KVKK is unable to exercise the above rights listed in:
  • Is required for the prevention of a crime or crime investigation,
  • Is carried out on the data which is made public by the data subject himself,
  • Is required for inspection or regulatory duties and disciplinary investigation and prosecution to be carried out by the public institutions and organizations and by professional associations having the status of public institution, assigned and authorised for such actions, in accordance with the power conferred on them by the law,
  • Is required for protection of State’s economic and financial interests with regard to budgetary, tax-related and financial issues.
J. MEASURES FOR THE DATA SECURITY
Article 12(1) of the Act considers the controllers obligations regarding data security, and in this context as K&P Legal controller;
  • Prevent unlawful processing of personal data,
  • Prevent unlawful access to personal data,
  • Ensure the retention of personal data.
under its obligations, K&P Legal takes administrative and technical measures in order to meet these obligations. In this context,
1. Administrative Measures
  • There are disciplinary regulations for employees that include data security provisions.
  • Training and awareness studies on data security are carried out periodically for employees.
  • Corporate policies on access, information security, use, storage and destruction have been prepared and implemented.
  • Confidentiality commitments are made.
  • Signed contracts include data security provisions.
  • Personal data security policies and procedures have been determined.
  • Personal data security is monitored.
  • Personal data is reduced as much as possible.
  • Periodic and/or random internal audits are carried out.
  • Current risks and threats have been identified.
  • Protocols and procedures for the security of personal data of special nature are determined and implemented.
  • Awareness of data processing service providers on data security is provided.
2. Technical Measures
  • Network security and application security are ensured.
  • Closed system network is used in personal data transfers via network.
  • Key management is implemented.
  • Security measures are taken within the scope of the supply, development and maintenance of information technology systems.
  • Security of personal data stored in the cloud is ensured.
  • A power matrix has been established for employees.
  • Access logs are kept regularly.
  • Data masking measures are applied when necessary.
  • Employees who have a change of duty or have left their jobs are removed from their powers in this area.
  • Current anti-virus systems are used.
  • Firewalls are used.
  • Extra security measures are taken for personal data transmitted through paper and the relevant paper is sent in confidentiality-grade document format.
  • Personal data security issues are reported quickly.
  • Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
  • Physical environments containing personal data are provided for safety against external risks (fire, flood, etc.).
  • Security is ensured for environments containing personal data.
  • Personal data is backed up and backed up personal data is also secured.
  • User account management and authorization control system is implemented and their follow-up is also carried out.
  • Log records are kept in such a way that there is no user intervention.
  • If private personal data is to be sent via e-mail, it is sent in encrypted form and using a KEP or corporate mail account.
  • Secure encryption/cryptographic keys are used for private personal data and managed by different units.
  • Intrusion detection and prevention systems are used.
  • An infiltration test is performed.
  • Cyber security measures have been taken and its implementation is constantly monitored.
  • Encryption is being done.
  • Private lynks transmitted in portable memory, CD, DVD environment are encrypted and transmitted data.
  • Data processing service providers are periodically audited about data security.
  • Data loss prevention software is used.
3. Other issues
In the event of incompatibility between the provisions of the KVKK and other relevant legislation and this Policy, the provisions of the KVKK and other relevant legislation shall first apply. This Policy prepared by the K&P Legal will enter into force as of the date of approval by the Board of Directors. Except for the repeal of this Policy, the K&P Legal has authorised the General Manager of K&P Legal to make changes to the Policy and how to enforce it. With the approval of the Managing Partner, changes can be made and put into effect within this Policy. This Policy is reviewed once a year in any case, and if necessary changes are made, it is updated for approval by the Managing Partner.
K&P LEGAL LAW FIRM
error: