POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

  • Main Page
  • POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA


POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA 

CHAPTER ONE - INTRODUCTION............................................................................................... 2

1.1. Introduction............................................................................................................................................................. 2

1.2. Purpose of the Policy............................................................................................................................................. 2

1.3. Scope of the Policy................................................................................................................................................. 2

1.4. Definitions................................................................................................................................................................ 2

1.5. Enforcement of the Policy..................................................................................................................................... 4

CHAPTER TWO - PROTECTION OF PERSONAL DATA................................................................. 4

2.1. Security of Personal Data...................................................................................................................................... 4

2.2. Audit.......................................................................................................................................................................... 4

2.3. Privacy....................................................................................................................................................................... 4

2.4. Unauthorized Disclosure of Personal Data........................................................................................................ 5

2.5. Observing the Legal Rights of Personal Data Owners...................................................................................... 5

2.6. Protection of Private Personal Data.................................................................................................................... 5

CHAPTER THREE - PROCESSING AND TRANSFERRING OF PERSONAL DATA............................ 5

3.1. General Principles in the Processing of Personal Data.................................................................................... 5

3.2. Personal Data Processing Conditions.................................................................................................................. 5

3.3. Conditions of Processing of Sensitive Personal Data....................................................................................... 6

3.4. Terms of Transfer of Personal Data..................................................................................................................... 6

CHAPTER FOUR - CLASSIFICATION OF PERSONAL DATA, PURPOSE OF PROCESSING AND TRANSFER, PERSONS TO BE TRANSFERRED................................................................................................. 6

4.1. Classification of Personal Data............................................................................................................................. 7

4.2. Purposes of Processing Personal Data................................................................................. 8

4.3. Purposes of Transfer of Personal Data................................................................................. 8

4.4. Persons to whom Personal Data will be Transferred............................................................ 8

CHAPTER FIVE - COLLECTION METHOD AND LEGAL REASON OF PERSONAL DATA, DELETING, DESTROYING AND MAKING ANNOUNCEMENT AND STORAGE PERIOD........................................................ 8

5.1 Method and Legal Reason for Personal Data Collection.................................................................................. 8

5.2. Deletion, Destruction or Anonymization of Personal Data............................................................................. 9

5.3. Retention Period of Personal Data...................................................................................................................... 9

CHAPTER SIX - DISCLOSURE OF THE PERSONAL DATA OWNER, RIGHTS OF THE PERSONAL DATA OWNER ACCORDING TO THE PDP LAW................................................................................................... 9

6.1. Disclosure of Personal Data Owner..................................................................................................................... 9

6.2. Rights of the Personal Data Owner in accordance with the PDP Law........................................................... 9

6.3. Circumstances in which the Policy and Law will not be Enforced Whole or Partially.............................. 10

CHAPTER SEVEN - CLASSIFICATION OF PERSONAL DATA OWNERS AND MATCHING WITH PERSONAL DATA.................................................................................................................................................. 11

7.1. Classification of Personal Data Owners............................................................................................................ 11

7.2. Matching Personal Data with Personal Data Owners.................................................................................... 12

 

 

 

 

 

CHAPTER ONE - INTRODUCTION 
1.1. Introduction
BABA YAPI SANAYİ VE TİC. A.Ş. As BABA YAPI SANAYİ VE TİC. A.Ş. ("Company" or "BABA YAPI"), we attach utmost importance to the legal protection and processing of Personal Data following the Law on the Protection of Personal Data No. 6698 ("Law"), and we act with this care in all our planning and activities. With this awareness, as BABA YAPI, we take all administrative and technical measures for the protection and processing of Personal Data. 
 
1.2. Purpose of the Policy 
The purpose of the Personal Data Protection and Processing Policy (“Policy”) is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life regulated in the Article 20 of the Constitution, in the protection and processing of Personal Data in accordance with the purpose of the Law, and the obligations of our Company and the procedure to be complied with in accordance with the Law and to inform the Personal Data Owners about the principles. 

BABA YAPI, in its capacity as Data Controller, legally processes the personal data of its employees, company employees, who communicate on its behalf or in the capacity of a representative, and other real persons who establish a relationship through job applications or any other purpose or channel. Another purpose of this policy is to inform the relevant people about these processing activities and personal related systems that BABA YAPI carries out, and thus to provide transparency regarding personal data. In this context, BABA YAPI has explained in detail in this Policy, the processing of personal data within the scope of the Law, the data owners subject to this processing and their rights, together with the use of cookies and similar technologies. 

 
1.3. Scope of the Policy 
This Policy has been prepared for Company Shareholders, Company Business Partners, Company Officials, Employee Candidates, Visitors, Company Customers, Potential Customers and Third Parties provided that they are real persons and will be implemented within the scope of these specified persons. The Company informs these Personal Data Owners about the Law by publishing this Policy on its website. This Policy will not be applied to legal entities in any capacity. "Personal Data Processing Policy for Employees" will be applied for our Company's employees. This Policy will be applied for the above-mentioned persons, in case our Company processes the Personal Data of these persons, in whole or in part, automatically or by non-automatic means provided that they are part of any data recording system. This Policy will not be applied if the data is not included in the scope of "Personal Data" within the scope specified below or the Personal Data processing activity carried out by our Company is not carried out in the above-mentioned ways. 

 
1.4. Definitions 
The terms used in the implementation of this Policy have the following meanings: 

Explicit Consent 
It is the consent that is based on information and expressed with free will regarding a particular subject. 
Anonymization 
It is the making of personal data that cannot be associated with an identified or identifiable natural person under any circumstances, even by matching with other data. 
Employee Candidate 
They are real persons who have applied for a job to our company by any means or have opened their CV and related information to our company's inspection. 
Contact Person 
It is the real person notified by the data controller during registration to the Registry for the communication to be established with the Institution regarding the obligations of the legal persons residing in Turkey and the representative of the data controller of the legal entity not residing in Turkey within the scope of the Law and secondary regulations to be enacted based on this Law. 
Processing of Personal Data 
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using Personal Data in whole or in part by automatic or non-automatic means provided that it is a part of any data recording system. It is any operation performed on the data, such as blocking. 
PDP Board 
It is the Personal Data Protection Board. 
Personal Data Owner / Relevant Person 
It means Company Shareholders, Company Business Partners, Company Officials, Employee Candidates, Visitors, Company Customers, Potential Customers and Third Parties, whose Personal Data are processed. 
Personal Data Processing Inventory 
It is the inventory that the data controllers create by associating the personal data processing activities they carry out depending on their business processes with the personal data processing purposes, data category, the group of recipients transferred and the group of persons subject to the data, and they detail the maximum period required for the purposes for which the personal data is processed, the personal data foreseen to be transferred to foreign countries and the measures taken regarding data security. 
Personal data retention and destruction rules
These are the rules on which data controllers base the process of determining the maximum time required for the purpose for which personal data is processed, and the process of deletion, destruction and anonymization. 

It is tracked through the personal data inventory. 
Personal Data 
Any information relating to an identified or identifiable real person. 
Product or Service Recipient
They are real persons who use or have used the products and services offered by our Company, regardless of whether they have any contractual relationship with our Company. 
Special Qualified Personal Data: 
Data on race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are special data. 
Potential Product or Service Buyer
They are real persons who have requested or been interested in using our products and services or have been evaluated in accordance with commercial practices and honesty rules that they may have. 
 

Company / Our Company

 
BABA YAPI SANAYİ VE TİC. A.Ş.
Shareholder/Partner 
BABA YAPI SANAYİ VE TİC. A.Ş's shareholders are real persons. 
Company Official 
BABA YAPI SANAYİ VE TİC. A.Ş.'s board of directors and other authorized real persons. 
Other Person
Other persons who are not covered by the BABA YAPI Personal Data Protection and Processing Policy prepared for Company Employees and who do not fall under any Personal Data Owner category in this Policy. 
Data Category
It is the personal data class belonging to the data subject group or groups in which personal data are grouped according to their common characteristics. 
Data Subject Group: 
It is the category of the data controller with whom they process their personal data. 
Data Controllers Registry Information System (VERBIS) 
It is the information system created and managed by the Presidency, accessible over the internet, to be used by the data controllers in the application to the Registry and other related transactions related to the Registry. 
Data Processor
It is the real and legal person who processes Personal Data on behalf of the data controller, based on the authority given by the data controller. 
Data Recording System 
It refers to the recording system in which Personal Data is processed and structured according to certain criteria. 
Data Controller 
The person who determines the purposes and means of processing Personal Data and manages the place where the data is kept systematically (data recording system) is the data controller. 
Visitor 
All real persons who have entered the physical campuses owned by our company for various purposes or visited our websites for any purpose. 
Management Procedure of Requests from Data Owners
It is the procedure prepared by BABA YAPI in which the process to be used in meeting the requests that may come from the data owners within the scope of the Law is detailed. 
 

 

1.5. Enforcement of the Policy 
The Policy, which has been issued by BABA YAPI SANAYİ VE TİC. A.Ş and entered into force, is published on the Company's website at www.babayapi.com and is made available to the relevant persons upon request. BABA YAPI has the right to make changes in this policy at any time within the framework of the law, secondary legislation and PDP Board decisions. 

 

CHAPTER TWO - PROTECTION OF PERSONAL DATA 
 

2.1. Security of Personal Data 
Our Company takes all necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the illegal processing and access of Personal Data, and to protect Personal Data in accordance with the Law. 

 
2.2. Audit 
Our company carries out and has the necessary inspections made in order to establish the data security described above and to ensure the regularity and continuity of the measures taken. 

Our company periodically makes penetration tests. It examines the test results and takes the necessary actions to close the gaps.

 
2.3. Privacy 
Our company takes all necessary technical and administrative measures according to technological possibilities and implementation costs so that the relevant data controllers and data processors do not disclose the Personal Data they have to others in violation of the provisions of the Law and Policy and do not use them for purposes other than processing. In this context, informing and training activities about the Law and Policy with our Company employees have been completed and their sustainability is ensured.

 
2.4. Unauthorized Disclosure of Personal Data 
In the event that the Personal Data processed by our company is obtained by others through illegal means, our company will take the necessary actions to notify the relevant Personal Data Owner and the PDP Board as soon as possible. If deemed necessary by the PDP Board, this situation may be announced on the website of the PDP Board or by another method deemed appropriate by the PDP Board. 

 

2.5. Observing the Legal Rights of Personal Data Owners 
Our company observes all legal rights of Personal Data Owners through the implementation of the Policy and Law and takes all necessary measures to protect these rights. 

 

2.6. Protection of Private Personal Data 
Adequate measures determined by the PDP Board within the framework of the Processing and Protection of Private Personal Data Policy of our company are taken with precision. 

 

CHAPTER THREE - PROCESSING AND TRANSFERRING OF PERSONAL DATA 
3.1. General Principles in the Processing of Personal Data 
Personal Data is processed by our company in accordance with the procedures and principles stipulated in the Law and this Policy. Our company complies with the following principles when processing Personal Data. 

Compliance with the Law and Integrity Rules 
Being Accurate and Up-to-Date When Necessary 
Processing for Specific, Explicit and Legitimate Purposes 
Being Related to the Purpose for which they are Processed, Limited and Measured 
Retention for as long as required by the relevant legislation or for the purpose for which they are processed. 
 

3.2. Personal Data Processing Conditions 
Personal data is processed within BABA YAPI through the explicit consent of data owners or in the light of activities that can be carried out without explicit consent under Articles 5 and 6 of the Law, and these data are processed only within the framework of the purposes exemplified in the 'Purposes of Processing Personal Data' section of this Policy. Our company may process Personal Data without seeking the explicit consent of the data owner, in the presence of one of the following conditions. 

 

Clearly stipulated in laws (Tax, Social Security Legislation, etc.)
It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally recognized,
It is necessary to process the personal data of the parties of the contract, provided that it is directly related to the establishment or performance of a contract, (contracts, etc.)
Obligatory for the data controller to fulfill its legal obligation, (financial audit etc.)
The person concerned has been made public by himself,
Data processing is mandatory for the establishment, exercise or protection of a right (for example: obligations during the Guarantee Period)
Obligatory data processing for the legitimate interests of the data controller (Close interpretation)
 

3.3. Conditions of Processing of Sensitive Personal Data 
Our company does not process Sensitive Personal Data without the explicit consent of the person concerned. However, Personal Data other than health and sexual life may be processed without seeking the explicit consent of the person concerned, in cases stipulated by the laws. Personal Data related to health and sexual life are only processed by our Company to protect public health, conducting preventive medicine, medical diagnosis and treatment and care services, planning and managing health services and financing, without seeking the explicit consent of the person concerned, under the conditions which we are under a confidentiality obligation. Our company carries out the necessary actions to take adequate measures determined by the Board in the processing of Sensitive Personal Data. 

 

3.4. Terms of Transfer of Personal Data 
Our company may transfer Personal Data of Personal Data Owners and Sensitive Personal Data to third parties in accordance with the Law by creating the necessary confidentiality conditions and taking security measures in line with the purposes of processing Personal Data. Our company acts in accordance with the regulations stipulated in the Law during the transfer of Personal Data. In this context, our Company's Personal Data based on and limited to one or more of the Personal Data processing conditions specified in Article 5 of the Law, listed below, in line with the legitimate and lawful Personal Data processing purposes: 

If the Personal Data owner has explicit consent; 
If there is a clear regulation in the law regarding the transfer of Personal Data, 
If it is necessary for the protection of the life or bodily integrity of the Personal Data owner or someone else, and if the Personal Data owner is unable to express his consent due to actual impossibility or if his consent is not legally valid, 
If it is necessary to transfer the Personal Data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract, 
If Personal Data transfer is mandatory for our company to fulfill its legal obligation, 
If the Personal Data has been made public by the Personal Data owner, 
If Personal Data transfer is necessary for the establishment, exercise, or protection of a right,
Provided that the fundamental rights and freedoms of the Personal Data owner are not harmed, Personal Data may be transferred if it is necessary for the legitimate interests of our Company. 
 

 

3.4.1. Terms of Transfer of Personal Data Abroad 
Our company may transfer the Personal Data of Personal Data Owners to third parties abroad by taking the necessary security measures in line with the purposes of Personal Data processing. Personal Data may be transferred by our company to foreign countries that are declared to have adequate protection by the PDP Board or in the absence of sufficient protection, to foreign countries where data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and where the permission of the PDP Board is available.  

BABA YAPI transfers customer transaction and financial data abroad. 

 

CHAPTER FOUR - CLASSIFICATION OF PERSONAL DATA, PURPOSE OF PROCESSING AND TRANSFER, PERSONS TO BE TRANSFERRED 
 

4.1. Classification of Personal Data 
4.1.1. Identity Data
It is the data that contains information about the person's identity: name-surname, TR identity number, marital status, nationality information, mother-father name-surname, place of birth - date, gender, CV information, factory and registration number of employees, land registry and other official registration information and other identification information, as well as driver's license, identity card, passport and other documents containing this information, as well as tax number, SSI number, signature information, vehicle license plate and other information. 

 

4.1.2. Contact Data
Phone number, address, e-mail address, fax number, IP address and other information. 


4.1.3. Financial Data
Personal data processed regarding information, documents and records showing all kinds of financial results arising in accordance with the employee-employer relationship established by the Company with the Related Person, bank account number, branch code, bank card information, IBAN, credit card information, financial profile, credit rating, assets data, income information and other information. 

 

4.1.4. Human Resources Data
It is the data obtained in the personnel file of the company. Background of the candidate, license plate, educational information, unit, employee's CV, work experience information, title, SSI number, disciplinary records, philosophical belief, religion, sect, and other beliefs, information about the child, military service and family, association memberships, employment date, criminal record information, position, clothing size information, personnel data, date of dismissal, diploma information, professional information, vehicle information, travel information, race, ethnicity, Political thought, professional certificate, signature statement, and other information.

 

4.1.5. Digital Data 
Photo and camera recordings, audio recordings and any data including this data and other information

 

4.1.6. Health Data 
These are the data processed within the scope of sensitive data. Health reports, disability status, disease information, health documents, sexual life and other information.

 

4.1.7. Third Party Data 
It is mostly data taken for private companies. Central registration system number, plate number, adjuster's registry number, tax number, adjuster's degree, individual company name and title, business number, certificate of incumbency, stamp information, adjuster code and other information.

 

4.1.8. Biometric Data
These are the data processed within the scope of sensitive data. Palm information, retina scan information, face scan information, fingerprint data and other information.

 

4.2. Purposes of Processing Personal Data 
Our company informs the data owners about  the purposes for which Personal Data will be processed, to whom, and for what purpose the processed data can be transferred, to fulfill the obligation of disclosure in Article 10 of the Law. 

Your personal data is processed within the scope of the personal data processing conditions specified in Articles 5 and 6 of the Law, limited to purposes such as contacting those who convey their requests and complaints to our company, and eliminating errors in our company's website, for planning and implementation of human resources policies, correct planning and execution of our commercial partnerships and strategies, ensuring the legal, commercial and physical security of our company and our business partners, ensuring the corporate functioning of our company, making the most of the products and services offered by our company, to carry out studies for our company, to recommend the products and services offered by our company according to your demands, needs and wishes, to ensure the highest level of data security, to create databases, to develop the services offered on our company's website. 

 

4.3. Purposes of Transfer of Personal Data 
Your personal data is transferred within the scope of the conditions specified in Articles 8 and 9 of the Law, limited to purposes such as contacting those who convey their requests and complaints to our company, and eliminating errors in our company's website, for planning and implementation of human resources policies, correct planning, and execution of our commercial partnerships and strategies, ensuring the legal, commercial and physical security of our company and our business partners, ensuring the corporate functioning of our company, making the most of the products and services offered by our company, to carry out studies for our company, to recommend the products and services offered by our company according to your demands, needs, and wishes, to ensure the highest level of data security, to create databases, to develop the services offered on our company's website. 

 

4.4. Persons to whom Personal Data will be Transferred 
Your personal data may be transferred to our shareholders, business partners, suppliers, affiliates, companies and institutions we cooperate with, companies that outsource services to fulfill our contractual or legal obligations, and authorized institutions and organizations. The nature of these transfers and the shared parties vary depending on the type and nature of the relationship between the data owner and BABA YAPI, the purpose of the transfer, and the relevant legal basis, and these parties are generally as follows: 

Group companies, 
Its suppliers, 
Its shareholders
Real persons or legal entities of private law
Authorized public institutions and organizations
 

 It can be transferred to the above places according to the principles and rules.

 

CHAPTER FIVE - COLLECTION METHOD AND LEGAL REASON OF PERSONAL DATA, DELETING, DESTROYING AND MAKING ANNOUNCEMENT AND STORAGE PERIOD 
 

5.1 Method and Legal Reason for Personal Data Collection 
To check the compliance with Article 1, which regulates the purpose of the law, and Article 2, which regulates the scope of the law; Personal Data is collected in all kinds of verbal, written, and electronic media by technical and other methods, our company's website, to fulfill the responsibilities arising from the law completely and accurately within the framework of legislation, contract, demand and request-based legal reasons to achieve the purposes stated in the Policy, and our Company or by data processors appointed by our Company. 

 

5.2. Deletion, Destruction or Anonymization of Personal Data 
Without prejudice to the provisions of other laws regarding the deletion, destruction, or anonymization of Personal Data, although our Company has operated under the provisions of this Law and other laws; if the reasons for its processing disappear, Personal Data is deleted, destroyed or anonymized at the request of the ex officio or the data owner following the rules of Storage and Disposal of Personal Data. 

Deletion of personal data is the process of making personal data inaccessible and non-reusable for the relevant users. With the deletion of personal data, this data is destroyed in a way that it cannot be used again in any way and cannot be restored. Accordingly, the data is deleted from the tools such as documents, files, CDs, floppy disks, hard disks, in which they are registered, in a way that cannot be recycled. 

 

Destruction of data, on the other hand, means the destruction of materials suitable for data storage such as documents, files, CDs, floppy disks, hard disks, in which the data is recorded, so that the information cannot be retrieved and used again. 

 

Anonymization is the removal or change of all direct and/or indirect identifiers in a data set, preventing the identification of the data subject from being identified, or losing its distinctiveness in a group/crowd so that it cannot be associated with a real person. By anonymizing the data, it is meant that the Personal Data cannot be associated with an identified or identifiable real person, even if it is matched with other data. 

 

5.3. Retention Period of Personal Data 
Our company stores Personal Data in accordance with the periods stipulated in the laws and other legislation. If there is no provision in the laws and other legislation regarding how long Personal Data should be stored, the Personal Data is processed until the realization of the purpose of processing the Personal Data when our Company processes that Personal Data, and then deleted, destroyed, or anonymized following the Personal Data Storage and Destruction rules. 

 

CHAPTER SIX - DISCLOSURE OF THE PERSONAL DATA OWNER, RIGHTS OF THE PERSONAL DATA OWNER ACCORDING TO THE PDP LAW 
 

6.1. Disclosure of Personal Data Owner 
Our company informs the Personal Data Owners during the acquisition of personal data in accordance with Article 10 of the PDP Law. In this context, if any, it clarifies the identity of the Contact Person, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method of collecting personal data and the legal reason, and the rights of the Personal Data Owner. 

 

6.2. Rights of the Personal Data Owner in accordance with the PDP Law 
Our company informs you of your rights following Article 10 of the Law, guides you on how to exercise these rights, and performs the necessary internal functioning, administrative and technical arrangements for all these. Our company explains, in accordance with Article 11 of the Law, to the persons whose personal data are received; 

·         learning whether personal data is processed, 

·         requesting information on personal data if it has been processed, 

·         learning the purpose of processing personal data and whether they are used in accordance with its purpose, 

·         knowing the third parties to whom personal data is transferred in the country or abroad, 

·         requesting correction of personal data if it is incomplete or incorrectly processed, 

·         requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law, 

·         requesting notification of the transactions made pursuant to subparagraphs (d) and (e) of Article 11 of the Law, to third parties to whom personal data has been transferred, 

·         objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems, 

·         have the right to demand the compensation of the damage in case of loss due to the unlawful processing of personal data. 

You can submit your requests regarding the implementation of the Law to our company via [email protected]  by following the procedures in the application form, in writing or with a safe electronic signature, through the Data Owner Request Form of the Law on the Protection of Personal Data, Or by other methods to be determined by the Personal Data Protection Board ("Board"). Our company will conclude your requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction in question requires an additional cost, the fee in the tariff determined by the Board may be charged. 

 

Our company may accept the request or reject it by explaining the reason, and notifying the relevant person in writing or electronically. In case the request in the application is accepted, our Company fulfills its requirements. If the application is due to the fault of our Company, the fee charged is returned to the data owner. 

In cases where the application is rejected or the answer is found insufficient or the application is not answered in due time, the data subject has the right to file a complaint with the Board within thirty days from the date of learning the answer and in any case within sixty days from the application date. 

 

6.3. Circumstances in which the Policy and Law will not be Enforced Whole or Partially 
The provisions of this Policy and Law will not be applied in the following cases: 

Processing of personal data by real persons within the scope of activities related to themselves or family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with. 
Processing personal data for purposes such as research, planning and statistics by making it anonymous with official statistics. 
Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime. 
Processing of personal data within the scope of preventive, protective, and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order, or economic security. 
Processing of personal data by judicial authorities or execution authorities about the investigation, prosecution, trial, or execution proceedings. 
In accordance with the purpose and basic principles of this Policy and the Law, Article 10, which regulates the obligation to inform the data controller, Article 11, which regulates the rights of the data subject, except for the right to demand the compensation of the damage, and Article 16, which regulates the obligation to register in the Data Controllers Registry, shall not be applied in the following cases: 

·         The processing of personal data is necessary for the prevention of crime or criminal investigation. 

·         Processing of personal data made public by the person concerned. 

·         Personal data processing is required by the authorized and authorized public institutions and organizations and professional organizations like public institutions for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution based on the authority granted by the law. 

·         The processing of personal data is necessary for the protection of the economic and financial interests of the state concerning budgetary, tax, and financial matters.

CHAPTER SEVEN - CLASSIFICATION OF PERSONAL DATA OWNERS AND MATCHING WITH PERSONAL DATA 
7.1. Kişisel Veri Sahiplerinin Sınıflandırılması 
Only real persons can benefit from the protection of this Policy and the Law. Personal Data Owners within this scope are grouped as follows: 

 

Employee Candidate
They are real persons who have applied for a job to our company by any means or have opened their CV and related information to our company's inspection.
Employee
They are people who work within our company, are former employees or have retired.
Shareholder/Partner
Persons who are shareholders/partners of our company.
Parent / Guardian / Representative
Power of Attorney
Potential Product or Service Buyer
They are real persons who have requested or been interested in using our products and services or have been evaluated under commercial practices and honesty rules that they may have.
Intern
They are people who serve as interns in our company.
Visitor
All real persons who have entered the physical campuses owned by our company for various purposes or visited our websites for any purpose.
Product or Service Recipient
They are real persons who use or have used the products and services offered by our Company, regardless of whether they have any contractual relationship with our Company.
Supplier Representative
The supplier company that supports our company are the authorized persons.
Supplier Employee
The suppliers who support our company are the employees of the company.
Other 
Other persons who do not fall into any category of personal data owners.
 

7.2. Matching Personal Data with Personal Data Owners 
The matching of the classified Personal Data, whose definitions and scopes are given above, with the classified Personal Data Owners is presented below. 

Identity Data
Employee Candidate, Employee, Shareholder/Partner, Potential Product and Service Buyer, Intern, Supplier Employee, Supplier Representative, Product or Service Recipient
Contact Data
Employee Candidate, Employee, Shareholder/Partner, Potential Product and Service Buyer, Intern, Supplier Employee, Supplier Representative, Product or Service Recipient
Financial Data
Employee, Intern, Supplier Representative, Product or Service Recipient
Human Resources Data

(Professional Experience, Personnel)
Employee Candidate, Employee, Intern
Digital Data
Employee Candidate, Employee, Shareholder/Partner, Potential Product and Service Buyer, Intern, Supplier Employee, Supplier Representative, Product or Service Recipient, Visitor
Health Data
Employee Candidate, Employee, Intern
Biometric Data
Employee