Privacy Text
Vaultech Technology
PERSONAL DATA PROCESSING AND PROTECTION POLICY
1. PURPOSE OF PREPARATION OF THE POLICY
With the awareness of the importance of the confidentiality and security of personal data obtained by our Company within the scope of the Law on the Protection of Personal Data No. 6698 (KVKK) and other relevant legislation, it aims to fulfill the requirements for compliance with the relevant legislation as the data controller defined in the Personal Data Protection Law and to establish a data protection and processing policy at international standards.
Our Company's Personal Data Protection Policy ("Policy") sets forth in line with the principles of lawfulness, honesty and openness adopted by our Company in the protection and processing of personal data. In addition, information is provided about the purposes for which our Company processes personal data, the method of collecting personal data, the legal reason and purpose, to whom the data can be transferred and for what purposes, and the rights and remedies of the relevant persons.
2. PURPOSE, SCOPE AND DEFINITIONS
2.1 PURPOSE
This Personal Data Processing and Protection Policy ("Policy") is the main policy text regulating the principles to be followed by Vaultech Company , the Law No. 6698 on the Protection of Personal Data ("KVKK") and other relevant legislation.
2.2 SCOPE
The Policy covers the Personal Data collected, processed or shared with Vaultech Company during its activities, including employees, employee candidates, business partners, customers, potential customers, suppliers, service recipients, visitors and website visitors of Vaultech Company . Vaultech Company is binding on its departments and employees.
2.3 DEFINITIONS
In the implementation of this Policy;
a) Recipient group: The category of natural or legal person to whom personal data are transferred by the data controller;
b) Relevant user: Persons who process personal data within the organization of the data controller or in accordance with the authorization and instruction received from the data controller, except for the person or unit responsible for the technical storage, protection and backup of the data;
c) Destruction: Deletion, destruction or anonymization of personal data;
d) Law: Law No. 6698 on the Protection of Personal Data;
e) Recording medium: Any medium containing personal data that is fully or partially automated or processed by non-automated means provided that it is part of any data recording system;
f) Personal data: Any information relating to an identified or identifiable natural person;
g) Data Subject (Personal data owner): The natural person whose personal data is processed;
h) Processing of personal data: Any operation performed on personal data such as obtaining, recording, storing, preserving, changing, rearranging, disclosure, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system;
i) Personal data processing inventory: The personal data processing activities carried out by the data controllers depending on their business processes; the inventory they create by associating the personal data with the purposes, the data category, the group of recipients transferred and the group of persons subject to the data, and which they detail the maximum period required for the purposes for which the personal data are processed, the personal data foreseen to be transferred to foreign countries and the measures taken regarding data security;
j) Board: Personal Data Protection Board;
k) Explicit Consent: the consent given by free will after being informed about a certain subject,
l) Personal data of special nature: Race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and data on security measures, and biometric and genetic data;
m) Periodic destruction: In the event that all of the conditions for the processing of personal data in the Law disappear, the deletion, destruction or anonymization process specified in the personal data retention and destruction policy and to be carried out ex officio at repeated intervals;
n) Policy: This Policy, which the data controllers rely on for the process of determining the maximum period required for the purpose for which the personal data are processed and for the deletion, destruction and anonymization process;
o) Registry: The registry of data controllers kept by the Personal Data Protection Authority;
ö) Data processor: The natural and legal person who processes personal data on behalf of the data controller based on the authorization given by him/her;
p) Data recording system: The recording system in which personal data is structured and processed according to certain criteria;
r) Data controller: Refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
The definitions in the Law are valid for the definitions not included in this Policy.
3.PROCESSING OF PERSONAL DATA
3.1 PRINCIPLES
Vaultech Company acts in accordance with the following principles in all kinds of activities related to the collection and processing of Personal Data:
3.1.1 Compliance with the law and good faith
Personal Data will be collected and processed in accordance with the law and good faith.
3.1.2 Accuracy and, where necessary, up-to-dateness
Vaultech Company shall, if necessary for the purpose of collecting and processing Personal Data:
Take reasonable measures to keep the Personal Data complete, accurate and up-to-date,
In the event that the Relevant Persons provide information regarding changes to the Personal Data, it will update the Personal Data and take the necessary reasonable measures to update, correct or delete the incomplete or incorrect data.
3.1.3 Specificity, clarity and having legitimate objectives,
Vaultech Company undertakes to collect and process Personal Data to the extent necessary and related to the business purpose of collection. Except where legally permitted or required, Personal Data will not be collected and/or processed in advance for purposes expected to arise in the future. Except where the processing of Personal Data is required or possible by law, it will only be processed for the legitimate purposes clearly stated prior to the collection of the data and in accordance with the consent to be obtained or, where necessary, in accordance with the Open Consent.
Before any data collection activity by Vaultech Company, in cases where the explicit consent of the relevant person must be obtained in accordance with the data collection method and this Policy, the consent form or online environments where the consent is obtained will be used.
In cases where Personal Data is processed by third parties processing Data on behalf of Vaultech Company, third parties must undertake in writing in advance and in contract or otherwise that they will act in accordance with the obligations contained in this Policy.
3.1.4 Retention for the period stipulated in the relevant legislation or required by the purpose for which they are processed
Personal Data is stored for the maximum retention period in accordance with the purposes for which it was processed; this period may be held for a longer period in order to comply with the obligations set out in the legislation or to protect legitimate business interests.
Personal Data that are not needed after the expiry of the legal, administrative or commercially required periods will be deleted, anonymized or destroyed in accordance with the legislation and the Vaultech Company Personal Data Storage and Destruction Policy ("Destruction Policy").
Vaultech Company is responsible for the destruction of all data in accordance with the legislation in the event that the purpose of collecting these data disappears and the legal retention periods expire in relation to the Personal Data contained in physical and electronic data recording systems.
All transactions related to the deletion, destruction and anonymization of Personal Data shall be recorded and such records shall be kept for at least three (3) years, excluding other legal obligations.
3.2 DATA COLLECTION AND PROCESSING
Vaultech Company will collect and process Personal Data in accordance with the following legal conditions.
METHOD OF COLLECTING PERSONAL DATA
– Obtaining personal data related to real persons and shareholders, members of the board of directors, signatories and employees of legal entities during the preparation and delivery of all kinds of commercial transactions, negotiations and projects carried out by our Company for the purpose of continuing its commercial activity and the performance of the contract,
– Obtaining general and special quality personal data obtained during the interviews with employee candidates in order to meet the employment needs of our Company,
– Obtaining general and special quality personal data during the signing of the employment contract with the employee and the performance of the employment contract,
– Obtaining security camera recordings and filling out the visitor form in order to ensure secure entry and exit,
– In order to benefit from our products and services, our Company is obtained by visiting office buildings, centers, visiting web pages and / or other social and digital media,
– Your personal data can also be obtained by participating in activities such as fairs, events, seminars, organizations, project meetings and training organized by our Company.
Personal data may be collected verbally, in writing or electronically by means of automatic or non-automatic methods. Your collected personal data may be processed and transferred within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of KVKK in order to provide you with better service.
3.3 Consent
Vaultech Company will process the collection and/or processing of Personal Data to the relevant Person in accordance with the legislation and Policy after obtaining his/her explicit consent in writing or electronically with his/her free will. In case of processing Personal Health Data, Open Consent is obtained in writing. The explicit consent statements received shall be documented and stored in physical or electronic environment. Personal Data may be processed without the consent of the Data Subject in the presence of the following conditions listed in the KVKK:
To be explicitly stipulated in the laws.
It is mandatory for the protection of the life or bodily integrity of the person who is unable to express his consent due to actual impossibility or whose consent is not recognized as legally valid.
The processing of Personal Data belonging to the parties to the contract is necessary, provided that it is directly related to the establishment or performance of a contract.
It is mandatory for the Data Controller to fulfill its legal obligation.
The person concerned has been made public by him/herself.
Data Processing is mandatory for the establishment, exercise or protection of a right.
Provided that it does not harm the fundamental rights and freedoms of the Data Subject, the data processing is mandatory for the legitimate interests of the Data Controller.
3.4 Personal Data of Special Nature
Personal Data of Special Nature may only be processed in cases where the Person Concerned has explicit consent or the data related to health and sexual life, except in cases explicitly stipulated in the laws. Personal Data related to health and sexual life can only be processed for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, without seeking the explicit consent of the person concerned. In the processing of Personal Data of Special Nature, the decisions of the Personal Data Protection Board are complied with.
4. TRANSFER OF PERSONAL DATA
4.1 Personal Data may only be transferred to third parties located in Turkey if the Data Subject has an Explicit Consent to the data transfer or if there is one of the cases where the Open Consent listed in 3.3 is not sought.
4.2 In the transfer of Personal Data to third parties located abroad, in addition to the conditions listed in 4.1;
To ensure that the foreign country to which the Personal Data is transferred provides an adequate level of protection, or In the absence of adequate protection in the relevant foreign country, Vaultech Company and the data controllers in the relevant foreign country must undertake in writing that adequate protection is provided and the permission of the Board must be present.
5. RIGHTS AND OBLIGATIONS
5.1 Rights of the Data Subject
Real persons whose Personal Data is collected or processed by Vaultech Company have the right to apply to the Data Controller in accordance with KVKK.
The Relevant Person may use the right of application and direct the following requests in writing or by e-mail to ANOVA or its representatives in accordance with the contact information provided in the last part of this Policy:
To learn whether Personal Data is processed or not,
If their Personal Data has been processed, to obtain information about it,
To learn the purpose of processing Personal Data and whether they are used in accordance with their purpose,
To know the third parties to whom Personal Data are transferred domestically or abroad,
If the Personal Data is processed incompletely or incorrectly, it is corrected,
Deletion or destruction of Personal Data within the framework of the Law,
Notification of the above-mentioned transactions to the third parties to whom the Personal Data is transferred,
To object to the occurrence of a result against the person himself by analyzing the processed Personal Data exclusively by means of automatic systems,
Elimination of damage in case of damage due to unlawful processing of Personal Data
5.2 Obligations of the Data Controller
5.2.1 Disclosure Obligation
Vaultech Company shall make an informative, clear and understandable notification to the relevant persons about the process of processing their Personal Data and the purposes of the Data Processing during the acquisition of Personal Data; ensure that such persons are informed of their rights in relation to their Personal Data.
Notification to the Persons concerned shall include, at a minimum, the following elements:
The identityof the Data Question or its representative, if any,
The purpose, method and legal reason for the Data Processing,
To whom and for what purpose Personal Data may be transferred,
The method and legal reason for collecting personal data,
Other rights of the KVKK listed in Article 11,
Vaultech Company will fulfill its disclosure obligation within the scope of KVKK through its website at https://oxskyt.com/tr.
5.2.2 Data Security Obligations
Vaultech Company within the scope determined in the relevant legislation,
Necessary measures are taken to prevent the data from being misused, destroyed, lost, changed or obtained without authorization. In line with the Personal Data Protection Policy, it takes reasonable measures for the implementation of an effective measure system in accordance with the legislation:
Preventing unauthorized persons from accessing the data processing system for the purpose of using or processing Personal Data (controlling access),
Ensuring that persons authorized to use a data processing system have access only to the data they are authorized to access and preventing the Personal Data from being read, copied, modified or deleted by unauthorized persons during the processing and use period and after registration (control of access, the principle of being informed as much as necessary),
Preventing the reading, copying, changing or deletion of Personal Data by unauthorized persons during the electronic transfer or transfer or during the process of saving it on the data storage medium and ensuring the determination and control of who transfers the Personal Data using data transmission tools (supervision of information transfer),
Ensuring the control and determination of whether the Personal Data has been accessed, changed or deleted from the data processing system and by whom such operations are carried out (input audit),
Ensuring that the Personal Data processed on behalf of others is processed entirely in accordance with the instructions of the Data Controller (job audit),
Ensuring that measures are taken against accidental destruction or loss of Personal Data (control of data availability),
Ensuring that Personal Data collected for different purposes can be processed separately.
In the event that the processed Personal Data is obtained by others through illegal means, Vaultech Company shall notify this situation to the relevant person and the Board as soon as possible.
Vaultech Company conducts or has the necessary audits carried out in order to ensure the security of Personal Data.
5.2.3 Cloud Computing
Vaultech Company evaluates whether the security measures taken by the Cloud Storage Service Provider are adequate and appropriate. In this context, the personal data stored in the cloud is known in detail, backed up, synchronized and two-stage authentication control is applied for remote access to this personal data if necessary.
When the cloud computing service relationship ends; all copies of encryption keys that may serve to make personal data available will be destroyed.
5.2.4 Registration in the Registry of Data Controllers
According to the Regulation on the Registry of Data Controllers, Vaultech Company will fulfill the relevant obligation to be realized in accordance with the Regulation by registering in the Data Controllers Registry to be established by the Personal Data Protection Authority. In this context, the following information will be made available to the public:
The name and address of the Data Controller, the Data Controller representative and the contact person, if any, and the KEP address, if any,
The purposes for which Personal Data may be processed,
The group and groups of persons subject to Personal Data and the categories of data belonging to these persons,
Recipient and recipient groups to whom Personal Data may be transferred,
Personal Data intended to be transferred to foreign countries,
The date of registration in the register and the date on which registration ends,
Measures taken regarding the security of Personal Data,
The maximum period of time required for the purpose for which the Personal Data is processed.
5.2.5 Awareness and Education
Vaultech Company is obliged to ensure that its employees, distribution channels and third parties with mutual responsibility as framed by the Law are adequately informed and trained in the processing of personal data within the framework of this Policy, local legislation and guidelines.
Vaultech Company takes measures to ensure that the persons involved in the processing of Personal Data learn the conditions of the local data protection legislation and Policy regarding the protection of data; these measures include holding awareness meetings and providing training. Trainings or awareness meetings are held in the following ways:
e-learning,
face-to-face work,
internal newsletters,
other methods appropriate for ensuring and maintaining a high level of awareness of data protection issues,
These training and information activities are carried out in coordination with the HR Department.
6- Methods to be Applied for Deletion, Destruction, Anonymization of Personal Data
Vaultech Company will delete, destroy and/or anonymize the personal data within its body by using the methods set out below.
6.1.1 Application-as-a-Service Cloud Solutions (such as Office 365, etc.)
Vaultech Company will delete the data by giving the erase command in the cloud system. In performing such operation, it shall pay particular attention to the fact that the user concerned is not authorized to retrieve deleted data on the cloud system.
6.1.2 Personal Data in Paper Media
Vaultech Company will delete the personal data in paper form by using the blackout method. The blackout process is carried out in the form of cutting the personal data on the relevant documents where possible, and in cases where it is not possible, making them invisible to the relevant users by using fixed ink in a way that cannot be reversed and cannot be read with technological solutions.
6.1.3 Office Files On The Central Server
Vaultech Company will remove the access rights of the relevant user on the file or the directory where the file or file is located by deleting the file with the delete command in the operating system. Vaultech Company shall pay attention to the fact that the user concerned is not also a system administrator when performing the said operation.
6.1.4 Personal Data Contained in Portable Media
Vaultech Company stores the personal data on the flash-based storage media in encrypted form and will erase them by using software suitable for these environments.
6.1.5 Databases
Vaultech Company will delete the relevant lines containing personal data with database commands (DELETE etc.). When performing the said operation, it shall pay attention to the fact that the user concerned is not also the database administrator.
7- Periods of Ex Officio Deletion, Destruction or Anonymization of Personal Data
Vaultech Company deletes, destroys or anonymizes personal data in the first periodic destruction process following the date on which the obligation to delete, destroy or anonymize personal data arises.
The time interval in which periodic destruction will be carried out shall be carried out by Vaultech Company within 180 days following the date on which the obligation to delete, destroy or anonymize personal data arises. In compulsory cases, this period may be extended for a maximum of 30 days.
8- Department Personal Data Protection Officer
Vaultech Company has appointed one person as the "Department Personal Data Protection Officer" with the recommendation of the relevant Manager in order to be fully compliant with the Law and other legislation in the processing of personal data, to determine and provide departmental training needs, to update the departmental personal data inventory, and to internalize the work within the framework of the ANOVA Personal Data Protection Policy.
9- Changes to be Made in the Policy and Effective Date
The provisions contained in this Policy may be amended by publishing them on the websites in accordance with the provisions of the legislation if deemed necessary by Vaultech Company within the scope of the Regulation articles to be issued in connection with the KVKK and other legislation and for other reasons including but not limited to these. If any of these provisions change, the relevant changes shall enter into force on the date of publication of the amendment on the website.
DATA RESPONSIBLE : Vaultech DMCC a company registered in United Arab Emirates with the company number:DMCC190959, whose legal address is Unit No: 3594 DMCC Business Centre Level No 1 Jewellery & Gemplex 3, (the “Provider”),
Email Address : contact@coinoxs.com
Phone: 0212 232 3220
Oxs Bilişim Limited Şirketi
Harbiye Mah. Teşvikiye Cad. No:37
İç Kapı No: 2 34365 Şişli / Istanbul
+90 212 232 3220
info@oxsconnect.com
© 2023 OxsConnect.com All Rights Reserved.