PROTECTION OF PERSONAL DATA INTERNET USE AND COOKIE POLICY
The information text below has been prepared to explain the purposes for which our customers' personal data will be processed. Our company takes the highest possible security measures in order to ensure that your personal data is collected, stored and shared in accordance with the law and to protect your privacy.
BAFA, within the scope of the Law on the Protection of Personal Data No. 6698 (“KVKK”), personal data belonging to third parties related to current and potential customers, business partners, visitors, shareholders, company managers, employees, employee candidates, employees and officials of the institution they cooperate with. endeavors to take all kinds of actions and precautions regarding the protection and confidentiality of data. Your personal data can be processed in the capacity of 'Data Controller' in line with the purposes stated below, by taking all administrative and technical measures and in accordance with the Law on the Protection of Personal Data No. 6698.
RELATED DEFINITIONS
• Explicit consent: Consent on a specific subject, based on information and expressed with free will
• Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching with other data
• Relevant person:Personal data such as company internal and external stakeholders, company officials, company business partners, suppliers, consultants, employees and employee candidates, visitors, company and group company customers, potential customers and third parties, official institutions, banks, independent audit firms, etc. are processed by the company. refers to real people.
• Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, all kinds of operations carried out on the data, such as the classification or prevention of its use
• Data processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller
• Data registration system: The registration system in which personal data is processed and structured according to certain criteria
• Data controller: means the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
• Application Form: Regarding the applications to be made by the data subject (Personal Data Owner) to the data controller, prepared in accordance with the Law on Protection of Personal Data No. application form.
• Periodic Destruction:It is the process of deletion, destruction or anonymization that will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in case all the conditions for processing personal data in the Law are eliminated.
WHICH DATA IS PROCESSED?
The data processed by the company and considered as personal data in accordance with the Law are listed below. Unless expressly stated otherwise, the term "personal data" will include the information below within the scope of the terms and conditions provided under this Policy.
• Identity Information (Name, Surname, TR Identity Number, Tax Identity Number, Signature Circular, Signature, Date of Birth, Gender, Marital Status, Photograph, Photocopy of Passport, Passport Number, Nationality, Foreign Identity Number, etc.)
• Communication information
• User Information
• Family Members and Close Information (Number of Children and Names and Surnames of Family Members)
• Personal Information (Diploma Information, Certificates, Courses Attended)
• Disability Information
• Smoking Information
• Psychotechnical Certificate
• Eligibility to Work Report
• Audiovisual Data
• Reference Information
• Legal Transaction Information
• Special Qualified Personal Data
• Location Data
• Customer information
• User Transaction Information
• Transaction Security Information
• Financial Information
• Request/Complaint Management Information
Your legal transaction information; Within the scope of our contractual relationship, it is collected and processed automatically from you, from the website, in electronic environment, for the specified purposes.
Your identity, contact and customer transaction information; Within the scope of our contractual relationship, the following information is collected and processed automatically from you personally or from the website in electronic environment.
Your audio recording information; If you contact the call center, it is collected and processed for the specified purposes.
COLLECTION AND PROCESSING OF DATA FOR CONTRACTUAL RELATIONSHIP
If a contractual relationship is established with our customers and prospective customers, the collected personal data can be used without the consent of the customer. This use takes place in line with the purpose of the contract. The data is used to the extent of better execution of the contract and the requirements of the service and can be updated when necessary by contacting the customers. If this data has not turned into a contractual relationship upon request, it will be deleted.
METHOD AND LEGAL REASON FOR PERSONAL DATA COLLECTION
Your personal data on our site, verbally, in writing or electronically, for the purposes determined by our company within the framework of legal legislation; As a part of the data recording system, it is collected in electronic environment by fully automatic methods and/or in physical environment by semi-automatic methods. Personal data collected for the legal reasons listed above can be processed for the purposes specified in Articles 5 and 6 of the Law on the Protection of Personal Data and in this clarification text, and may be transferred in accordance with Articles 8 and 9. from the aforementioned law. In the process of processing all these data, express consent is obtained in accordance with the legislation.
RETENTION PERIOD OF PERSONAL DATA UNDER OUR COMPANY POLICY
Our company stores Personal Data in accordance with the periods stipulated in the Law on Protection of Personal Data No. 6698 and other legislation. If there is no time limit in the Law on the Protection of Personal Data No. 6698 and other legislation regarding how long the Personal Data should be stored, the Personal Data is processed until the purpose of processing the Personal Data is realized, and then deleted, destroyed or anonymized.
ENVIRONMENTS WHERE PERSONAL DATA IS STORED
The personal data stored at our company are kept in a recording environment that is suitable for the nature of the data concerned and our legal obligations. The recording environments used for the storage of personal data are generally below, and some data may be kept in a different environment than the ones shown here due to their special qualities or our legal obligations.
a) Physical media: These are the environments where data such as unit cabinets and archives are kept by printing on paper or microfilms.
b) Local digital media: Other digital media such as servers, fixed or portable disks within the company.
c) Cloud environments: They are the environments where internet-based systems encrypted with cryptographic methods are used, which are not included in the company, but are in the use of the company.
THE SCOPE OF THE LAW AND ITS IMPLEMENTATION
The following situations are outside the scope of the Law:
• Processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with.
• Processing personal data for purposes such as research, planning and statistics by anonymizing them with official statistics.
• Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime.
• Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations that are authorized by law to provide national defense, national security, public safety, public order or economic security.
• Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.
PERSONS TO WHOM PERSONAL DATA WILL BE TRANSFERRED
Personal Data can be shared with our suppliers, business and solution partners, banks and third parties who perform technical, logistics and other similar transactions on our behalf, in order to ensure that the services offered to you are complete and flawless, and only to the extent appropriate with the nature of the service. These third parties consist of persons who are obliged to have access to the relevant information in order to provide the relevant services completely and flawlessly.
Apart from these, your Personal Data may be transferred - limited only to the relevant person or institution - in cases where it is mandatory for the Company to fulfill its legal obligations, it is expressly stipulated in the laws or there is a judicial / administrative order given in accordance with the law.
CONDITIONS FOR TRANSFERRING PERSONAL DATA ABROAD
Our company takes the necessary security measures in line with the Personal Data processing purposes, and transfers the Personal Data and Special Qualified Personal Data of the Personal Data Owners to the third parties abroad can transfer. Personal Data by our Company; It can be transferred to foreign countries that are declared to have sufficient protection by the KVK Board or, in the absence of sufficient protection, to foreign countries where the data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and where the permission of the KVK Board is available.
RIGHTS OF PERSONAL DATA OWNER
Data owners who share personal data with our company apply to our data controller company within the scope of the Law No. 6698 on the Protection of Personal Data;
• Learning whether personal data is processed or not,
• If personal data has been processed, requesting information about it,
• To learn the purpose of processing personal data and whether they are used in accordance with its purpose, To know the third parties to whom personal data is transferred, in the country or abroad,
• Requesting correction of personal data in case of incomplete or incorrect processing,
• Requesting the deletion or destruction of personal data, without prejudice to the provisions of other laws regarding the deletion, destruction or anonymization of personal data,
• Objecting to the emergence of a result against the person himself, especially by analyzing the processed data with automatic systems,
• Requesting the compensation of the damage in case of loss due to unlawful processing of personal data has rights.
In addition you have the following rights:
• You can request information about what personal data is stored.
• You can request the correction, deletion or blocking of your personal data to the extent permitted by law and in compliance with the current contractual conditions.
• You can request to receive your personal data in a structured, commonly used and machine- readable format.
Our company will finalize the application requests within 30 (thirty) days at the latest, according to the nature of the request, in accordance with Article 13 of the KVKK. If the transaction requires cost, the tariff determined by the Personal Data Protection Board will be applied. If the request is rejected, the reason(s) for the refusal will be justified in writing or electronically.
GENERAL PRINCIPLES AND RULES
Personal data is collected by our company for a lawful and legitimate purpose, with due care, and is processed and stored securely. Personal data is deleted, destroyed or anonymized by an appropriate method in line with this Policy when the purpose of processing the data ceases.
Confidentiality:It is essential that the processing of personal data is carried out in complete confidentiality. In this context, we prevent all kinds of unauthorized access to personal data to the extent possible, and apply all possible technical and administrative measures.
Accurate and Up-to-Date:Personal data is kept completely and accurately and updated when necessary. If the personal data is not correct or up-to-date, necessary arrangements are made in order to determine the correction, modification, updating or deletion of the said data.
Certainty:BAFA processes personal data for specific, clear and legitimate purposes and does not process data for other purposes, except for data collection and processing purposes, which it discloses transparently to the relevant person upon request.
Proportionality and Consistency:The processed personal data is only processed in a way that is consistent with the stated purpose and with a reasonable limitation in this context.
Limited Period:In the event that the main purpose requiring the processing of personal data disappears and this data is no longer needed, the personal data in question are deleted, destroyed or anonymized.
Choice and Consent:BAFA informs the data owner fully and duly regarding the processing of personal data. When necessary, it obtains the consent of the data owner regarding the said processing, and offers the option to withdraw the consent given or to make a request regarding the data.
WHAT IS A COOKIE AND FOR WHAT PURPOSES IS IT USED?
Cookies are small data storage files saved on your computer, mobile phones, tablets or other mobile devices that you access by websites. This file stores information about your Web Site navigation. Thus, the devices you access will remember this data when you use the Website again. Therefore, cookies are necessary and important for you to use the Website effectively and more easily. Cookies are also used on the Website and third party websites so that we can offer you more suitable services, products or offers.
The purposes of use can be counted as follows:
• To improve the services offered to you by increasing the functionality and performance of the Website,
• To improve the Website, to offer new features on the Website and to customize the offered features according to your preferences,
• To ensure the legal and commercial security of the Website, you and our company (or our business, our site, etc.).
HOW ARE COOKIES COLLECTED?
Data is collected through your devices from which you access browsers. This collected information is device specific. It can be deleted by the user at any time and access to information can be closed.
TYPES OF COOKIES
Cookies are divided into different types according to criteria such as their storage time on mobile devices and by whom they are placed. The basic distinction within the scope of these criteria is as follows:
Session Cookies: Session cookies are temporary cookies and are deleted from the device after closing the browser. The main function of these cookies is to ensure that the website functions properly.
Persistent Cookies: Persistent cookies remain on the device even after closing the browser, until they are deleted by the user or expire.
First-Party Cookies: First-party cookies are cookies placed on the device by the website operator visited.
Third-Party Cookies: Third-party cookies are cookies placed on the device and controlled by people other than the website operator visited.
WHICH COOKIES DO WE USE?
It uses different types of cookies in accordance with the Privacy Policy and the Personal Data Protection and Processing Policy.
Mandatory Cookies: These are technical cookies that enable the website to function correctly and allow you to use its features. They are in the session cookie category. The consent of our visitors is not required for the use of mandatory cookies.
Analytical Cookies: The website uses analytical cookies to improve your experience. Analytical cookies allow us to understand how our visitors use the website.
Functionality Cookies:When you visit the website again, your language preferences, region selection, etc. allows it to be remembered.
CONTROLLING AND DELETING COOKIES
To change your preferences for the use of cookies, or to block or delete cookies, simply change your browser settings. Many browsers give you the option to accept or reject cookies, to only accept certain types of cookies, or to be alerted by the browser when a website requests to store cookies on your device so you can control cookies. It is also possible to delete cookies previously saved in your browser. The method of changing the cookie usage selection varies depending on the browser type and can be learned from the relevant service provider at any time.
CONTROLLING COOKIES
You can delete the cookies already on your computer and prevent cookies from being placed on your internet browser. Internet browsers are set to automatically accept cookies. Since managing cookies differs from browser to browser, you can refer to the help menu of the browser or application for detailed information. For example, you can manage it in "Google Chrome -> Settings -> Advanced -> Privacy and Security -> Site Settings -> Cookies and Site Data -> Allow sites to save and read cookie data”.You can manage it from the menu "Internet Explorer -> Settings
-> Internet Options -> Privacy -> Advanced settings".
Most Internet browsers allow you to:
• View and delete saved cookies
• Blocking third-party cookies
• Blocking cookies from certain sites
• Block all cookies
• Deleting all cookies when you close internet explorer
TERMS OF DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA
If the legal reasons requiring the processing of personal data disappear, personal data are deleted, destroyed or anonymized spontaneously or at the request of the personal data owner.In this context, within the company, the company taking the necessary measures to fulfill obligations related to the technical and administrative; in this regard, the necessary mechanisms are developed; these obligations to act in accordance with the relevant business units, training, recruiting and awareness.
NOTICE OF VIOLATIONS
BAFA acts with the awareness that when it is notified of any violation of personal data, it must immediately notify the KVK Board within 72 hours at the latest from the moment it is learned. When personal data is obtained by unauthorized persons, it immediately notifies the Personal Data Protection Board.
BAFA reserves the right to make changes to the Privacy Statement at any time without notice.Please check the Data Protection Notice frequently to be aware of changes. By using our company's websites, you agree to this Privacy Statement.You can use one of the following communication ways to send us all your questions and comments about the policy.
Email : info@bafagroup.com
Address: Sahrayıcedit Mah, Güzide Sok. No:13/6 Hayrioğlu Business Center 34734 Kadikoy-Istanbul