ENTRANCE
Space Istanbul Real Estate Development and Consultancy Inc. ("Company") has a vision based on the confidentiality and protection of personal data during its activities and our Company has made it a priority to comply with all applicable legislation in this regard.
With this Policy, our Company aims to explain the principles of protecting and processing personal data within the scope of the Personal Data Protection Law No. 6698 and the relevant legislation ("Legislation") and to inform the data owners.
This Policy is based on the current personal data inventory created by our Company in accordance with its business processes.
SCOPE
This Personal Data Protection and Processing Policy ("Policy") relates to all personal data of persons other than employees, shareholders/partners and officials of our Company that are automated or processed in non-automated ways as part of any data recording system.
DEFINITIONS
In this Policy,
- Explicit consent: Consent on a particular subject, based on information and expressed freely,
- Anonymization: Making personal data in no way irresciable or identable to a specific or idenciable person, even by matching it to other data,
- Contact: The real person whose personal data is processed,
- Personal data: Any information regarding the identified or imdefinible real person,
- Processing of personal data: Any processing carried out on data such as obtaining, recording, storing, storing, modifying, rearranging, disclosing, transferring, inheriting, making available, classifying or preventing the use of personal data by non-automated means, provided that it is completely or partially automated or part of any data recording system,
- Personal data of special quality: Data on the race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, disguises and clothing, membership of associations, foundations or trade unions, health, sex life, criminal conviction and security measures, and biometric and genetic data,
- Data processor: The natural or legal person who processes personal data on his behalf, based on the authority granted by the data controller,
- Data controller: The natural or legal person responsible for the establishment and management of the data recording system, which determines the purposes and means of processing personal data,
expresses.
GENERAL POLICIES
Our Company processes personal data in accordance with the law and honesty rule, ensures that the personal data is accurate and up-to-date when necessary, processes personal data for specific, clear and legitimate purposes, performs data processing activities in a connected, limited and measured manner for the purposes of processing data, and maintains personal data for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed, and establishes all business processes and policies in accordance with these principles.
CONDITIONS FOR PROCESSING PERSONAL DATA
1. Personal Data
In accordance with the Legislation, our Company requires the processing of personal data belonging to the parties to the contract, provided that the personal data of the person concerned is explicitly stipulated in the law, is obligatory for the protection of the life or physical integrity of the person who is unable to disclose his or her consent due to actual impossibility or whose consent is not legally valid, provided that it is directly related to the establishment or performance of a contract, data processing is mandatory in order for the data controller to fulfill its legal obligation, it is publicized by the person concerned, data processing is mandatory for the establishment, exercise or protection of a right, and data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.
2. Special Quality Personal Data
Personal data of special quality by our Company in accordance with the principles specified in this Policy and by taking sufficient measures to be determined by the Board,
- Personal data of special quality other than health and sex life, in the event of the existence of the express consent of the person concerned or where stipulated in the law,
- For the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing in the event of the existence of the explicit consent of the person concerned or by persons or authorized institutions and organizations under the obligation to keep secrets,
işlenebilmektedir.
OUR PERSONAL DATA PROCESSING ACTIVITIES
1. Personal Data Categories
The categories of personal data that our Company processes during its activities are stated in the table below (Table-1).
Data Category |
Definition |
Identity |
First name, mother -father name, mother's maiden name, date of birth, place of birth, marital status, birth certificate serial sequence no, tc id number |
Communication Address |
number, e-mail address, contact address, registered e-mail address (KEP), telephone number, |
Legal Action |
Information in correspondence with judicial authorities, such as information in the case file |
Customer Transaction |
Call center records, invoice, promissory note, check information, information on toll booth receipts, order information, request information, |
Physical Space |
Safety Employee and visitors' login and exit recording information, such as camera recordings |
Finance |
Balance sheet information, financial performance information, credit and risk information, asset information, |
Professional Experience |
Diploma information, courses, vocational training information, certificates, transcript information, |
Marketing |
Shopping history information, survey, cookie records, information obtained through campaign work |
Audio and Visual Recordings |
Such as audio and visual recordings |
Supplier Transaction |
Order, purchase, delivery information, records, payment transactions, etc. for suppliers. |
Table-1
2. Personal Data Processing Purposes
The purposes for processing the categories of personal data contained in Table-1 during the activities of our Company are stated in the table below (Table-2).
Data Category |
Personal Data Processing Purposes |
Identity |
|
Communication |
|
Legal Action |
|
Customer Transaction |
|
Physical Space Safety |
|
Finance |
|
Professional Experience |
|
Marketing |
|
Audio and Visual Recordings |
|
Supplier Transaction |
|
Table-2
TRANSFER OF PERSONAL DATA
1. Personal Data
Our Company requires the processing of personal data belonging to the parties to the contract, provided that the personal data of the person concerned is expressly stipulated in the presence of explicit consent or in the law, that the person who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid is obligatory for the protection of his or her life or body integrity, and that the establishment or performance of a contract is directly related to the performance, data processing is mandatory in order for the data controller to fulfill its legal obligation, it is publicized by the person concerned, data processing is mandatory for the establishment, exercise or protection of a right, and data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned.
Our company takes all necessary technical and administrative measures to ensure data security in the transfer of personal data and strives to ensure the transfer of personal data in accordance with the Legislation.
In the event that personal data is transferred abroad, in addition to the aforementioned, personal data are transferred by our Company to foreign countries declared by the Personal Data Protection Board ("Board") to have adequate protection or to foreign countries where data controllers in Turkey and related foreign countries have committed to adequate protection in writing and where the Board has permission.
2. Special Quality Personal Data
Our company has special quality personal data in the event of the explicit consent of the person concerned or provided that adequate measures are taken,
i. Personal data of special quality other than health and sex life, in the event of the existence of the express consent of the person concerned or where stipulated in the law,
ii. For the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing in the event of the existence of the explicit consent of the person concerned or by persons or authorized institutions and organizations under the obligation to keep secrets. may be transferred to third parties.
Our company takes all necessary technical and administrative measures to ensure data security in the transfer of personal data of special quality and strives to ensure the transfer of personal data in accordance with the Legislation.
If personal data of special nature are to be transferred abroad, in addition to the aforementioned, personal data can be transferred by our Company to foreign countries declared by the Board to have sufficient protection or to foreign countries where data controllers in Turkey and related foreign countries have committed to adequate protection in writing and where the Board has permission.
3. Third Parties Transferred
The groups of recipients to whom personal data and special quality personal data are transferred by our company are stated in the table below (Table-3).
Data Transfer Recipient |
Groups Transfer Purposes |
Suppliers |
|
Authorized Public Institutions and Organizations |
|
Partners |
|
Public |
|
Table-3
PERSONAL DATA HOLDERS
Within the scope of the Legislation, our Company informs the owners of personal data about who is the data controller, for what purposes, for what purposes it is shared with whom, by what methods it is collected and its legal reason and the rights of the data owners within the scope of the processing of their personal data.
The groups of people who process personal data by our company according to data categories are indicated in the table below (Table-4).
Data Subject Contact Groups |
Data Categories |
Employee Candidate |
|
Product or Service Recipient |
|
Supplier |
|
Potential Product or Service Buyer |
|
Visitor |
|
Partner |
|
Potential Supplier |
|
Table-4
1. Rights Of Personal Data Owners
Personal data holders have the following rights in accordance with the Legislation:
- To find out if personal data has been processed,
- Requesting information about personal data if it has been processed,
- To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
- To know the third parties to whom personal data are transferred at home or abroad,
- Request correction of personal data if it is incomplete or inaccurately processed and request notification of the transaction made within this scope to third parties to whom personal data are transferred,
- Request the deletion or destruction of personal data if the reasons requiring its processing disappear, even though it has been processed in accordance with the law and other relevant law provisions, and to request that the transaction carried out within this scope be notified to the third parties to whom the personal data are transferred,
- Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
- Request compensation for damages in case of damages due to unlawful processing of personal data.
Persons concerned may submit their requests within the scope of these rights to our Company in accordance with the Notification on the Procedures and Principles of Application to the Data Controller, either in writing or by using the registered e-mail address, secure electronic signature, mobile signature or e-mail address previously reported to our Company and registered in the systems of our Company.
Contact information for our company is as follows:
Address: Cevdetpasa Cad. Germencik Sk. Bebek Palas Apt. No:1 34342 Bebek Istanbul
E-Mail: info@spaceistanbul.com
If the personal data subject submits his request to our Company in accordance with the procedure, our Company will conclude the relevant request free of charge as soon as possible and within 30 (thirty) days at the latest according to the nature of the request. However, if the transaction requires a separate cost, a fee may be charged in accordance with the tariff set by the Board.
STORAGE OF PERSONAL DATA
Our Company retains personal data for the period required for the purpose for which they are processed and for the periods stipulated in the relevant legal legislation. In this context, our Company first determines whether a period of time is foreseen for the storage of personal data in the relevant legislation and acts in accordance with this period if a period has been set. If there is no legal period, personal data are stored for the period required for the purpose for which they are processed. Personal data are destroyed at the end of the specified retention periods in accordance with periodic extermination periods or data owner application and by specified methods of destruction (deletion and/or destruction and/or anonymization).
SECURITY OF PERSONAL DATA
Our company strives to take all kinds of technical and administrative measures to ensure the highest level of security of personal data. The security measures taken by our company for the protection of personal data are stated in Table-5.
Our company informs its staff about the protection and security of personal data and provides the necessary trainings in this regard. In our on-premises systems, access powers are planned in line with the purposes and business processes contained in the personal data inventory and the necessary control mechanisms are used to prevent unauthorized access.
Our Company uses its audit and control powers when necessary to ensure the security of personal data before the parties to which personal data is transferred.