MINDBEHIND
POLICY ON PROCESSING, PROTECTION AND DESTRUCTION OF PERSONAL DATA
1. Objective
The Law no. 6698 on Protection of Personal Data (“KVKK”) entered into force upon publication in the Official Gazette no. 29677 dated 7 April 2016. KVKK has been enacted to specify obligations of the real and legal persons that process the personal data, and to protect fundamental rights and freedoms of the real persons of whom personal data is processed, including right to privacy that is regulated under the Constitution.
Mindbehind Bilgi Teknolojileri A.Ş. (MINDBEHIND) attaches great importance to the privacy and security of the personal data of the customers, potential customers, employees, employee candidates, collaborated organizations and employees thereof, stakeholders, business partners, shareholders, authorized representatives and the third persons.
MINDBEHIND aims to create a data processing, protection and destruction policy in the international standards and to fulfil the requirements duly and with care. The main purpose of this Policy on Processing, Protection and Destruction of Personal Data (Policy) is to ensure transparency by informing the real persons of whom personal data is processed by MINDBEHIND, in particular the aforementioned persons.
2. Scope
This Procedure has been prepared in accordance with the KVKK and other legislation and the international standards applicable to the personal/ special categories of personal data for the purpose of carrying out activities related with the collection, storage, data security, transfer, anonymization, destruction and processing of the personal data and special categories of personal data in MINDBEHIND.
3. Definitions and Abbreviations
MİNDBEHİND: Mindbehind Bilgi Teknolojileri Anonim Şirketi,
Explicit Consent: refers to the consent provides solely for the relevant process with clarity without leaving room to any doubt, based on the information provided and free will,
Anonymization: refers to the processing of personal data in such a way that the data subject can no longer be associated with an identified or identifiable natural person, or its source cannot be ascertained,
KVKK: refers to the Personal Data Protection Law No. 6698
Data Subject (Relevant Person): refers to a real person of whom personal data is processed, for example: customers, suppliers, visitors, employees and employee candidates.
Personal Data: refers to any information pertaining to a real person who is identified or identifiable. The reasoning is defined as the identified or identifiable nature of a person and rendering that person identifiable through association of the data available with a real person in any way whatsoever.
Processing of Personal Data: means all kinds of processes performed about personal data obtaining, storing, archiving, recording, modifying, editing, disclosing, transferring, taking over personal data, making them accessible, classifying or preventing the use of personal health data through fully automatic or partially automatic or non-automatic ways provided that they are a part of a data storage system,
Data Processor: means a real or legal person processing personal data based on the authorization given by and in the name of MINDBEHIND,
Personal Data: refers to any information pertaining to a real person who is identified or identifiable. The reasoning is defined as the identified or identifiable nature of a person, and rendering that person identifiable through association of the data available with a real person in any way whatsoever,
Name, Surname,
T.R. Identification Number,
Passport Number,
Address,
Telephone,
Log-in and Log-out Times,
Domains/ products visited, and activities performed,
Digital data kept in the relevant databases or files in connection with the relevant position,
Documents such as job applications/ curriculum vitae, purchase order records kept by HR/ marketing/ sales departments or other departments for storing the personal information.
Place/ Date of Birth,
License Plate,
E-Mail Address/ IP Address,
Fingerprint,
Video and Audio Records,
Any similar data that renders a person identifiable,
Special Categories of Personal Data: refers to
Race,
Ethnic origin,
Political view,
Philosophical view,
Religion, sect and other beliefs,
Clothing style,
Association, foundation or union membership
Health,
Sexual preferences,
Criminal conviction/ title data
Data About Security Measures,
Biometric and genetic information
4. Implementation
4.1 Collection of Personal Data
Processed personal data and special categories of personal data may vary based on the type and nature of MINDBEHIND services. Personal data may be collected through automatic or non-automatic methods, verbally, in writing or electronically by means of Mindbehind services, offices, consultation, internal correspondences, business partners, stakeholders and similar other means.
Personal data will be processed as long as MINDBEHIND services are used, and updates will be made to ensure accuracy and up-to-datedness of the data. Further, personal data may be collected and processed when the office, business place or internet pages and other social and digital platforms of MINDBEHIND are visited or events, workshops, organizations, trainings, etc. organized by MINDBEHIND are attended.
4.2 Processing of Personal Data
MINDBEHIND may process the personal data in accordance with the conditions of processing described in Article 5 and Article 6 of KVKK for the purpose of determining, implementing commercial and business strategies, implementing human resources processes and for other objectives that may be notified during collection of the personal data.
Purposes of processing include but not limited to:
- Performing corporate activities,
- Ensuring compliance with the legal obligations in accordance with the applicable legal regulations,
- Performing sales, market research and statistical activities,
- Processing job applications,
- Communicating with the persons that are in business relationship with the Company,
- Submitting legal reports,
- Issuing invoices,
- Establishing communication with all organizations and institutions within MINDBEHIND,
- Establishing the corporate communication,
- Making personal job advertisements and providing information on employment,
- Sending bulletins and making notifications via e-mail.
4.2.1 Processing in compliance with the law and good faith principle
MINDBEHIND processes personal data in compliance with the law and good faith principle in accordance with Article 4 of the KVKK and adopts the principle of "transparency” and makes notifications to data subjects in connection with the use of information thereof. Transparency and integrity are taken as basis in notifications, clear information is provided about the purpose of processing and using the personal data collected, and the data is processed accordingly.
4.2.2 Ensuring the accuracy, and up-to-datedness of personal data
MINDBEHIND ensures the accuracy and up-to-datedness of the personal data processed. Therefore, the relevant departments make amendments for keeping the personal data accurate and up to date.
4.2.3 Processing for definite, explicit and legitimate purposes
MINDBEHIND collects and processes the personal data for legitimate purposes in compliance with the law. MINDBEHIND processes the personal data in connection with the activities/ processes performed and implemented, to a reasonable extent and as required.
4.2.4 The relevance, limitation and proportionality of the personal data with the purpose of processing
MINDBEHIND refrains from processing the personal data that is not relevant with or required for the purpose of processing. Accordingly, it is essential to minimize the data processing activity.
4.2.5 Storage of the personal data described in the legal regulations for the duration of the legitimate commercial purposes
MINDBEHIND stores the personal data processes for the duration specified in the applicable legislation or as required in connection with the purpose of personal data processing if a duration is not specified in the applicable legislation.
The personal data may be stored upon expiry of the purpose of processing and the duration specified in the applicable laws until expiry of the general prescription period (ten years) specified in the Code of Obligations provided that fundamental rights and freedoms of the data subjects are not damaged in case the data controller has a legitimate interest to do so. The personal data shall be deleted, destroyed or anonymized upon expiry of the specified prescription period.
4.2.6 Processing of the special categories of personal data
Special categories of personal data are processed in the presence of explicit consent or when required under the applicable legislation upon taking the administrative and technical measures described in the laws and required by MINDBEHIND.
Special categories of personal data on health may be processed by the persons or authorized organizations and institutions bound with confidentiality obligation without obtaining explicit consent of the relevant person and for the purpose of protecting public health, performance of preventive medicine, medical diagnosis, treatment and maintenance services, and managing health service, and MINDBEND does not process unless the data is related with employees. The data of employees may be processed by the persons described in the laws.
4.3 Transfer of Personal Data
4.3.1 Transfer of personal data in the country
Personal data may be transferred to the suppliers, service providers of MINDBEHIND or other third persons and/or abroad in accordance with the data processing conditions and objectives described in Article 8 and Article 9 of the KVKK Law upon taking the required security measures, for the purpose of providing services required to outsourcing activities and commercial activities of MINDBEHIND, and to business partners and shareholders of MINDBEHIND, legally authorized organizations and institutions, persons subject to the private law in order to ensure the achievement of the incorporation purposes for the purposes of this Procedure.
4.3.2 Transfer of personal data abroad
MINDBEHIND may transfer personal data to foreign countries that are announced by the KVK Authority as countries with adequate level of protection ("Foreign Country with Adequate Level of Protection") or in the absence of the adequate level of protection, to foreign countries for which the data controllers in Turkey and the relevant foreign country provide written undertaking about the adequate level of protection and the KVK Board gives permission ("Foreign Country with Data Controller Guaranteeing Adequate Level of Protection"). In this regard, MINDBEHIND will act in accordance with the regulations stipulated in Article 9 of the KVK Law.
Measures on transfer of personal data in accordance with the law
4.3.2.1 Technical measures
- Making internal technical organizations for the processing and storage of the personal data in accordance with the legislation,
- Creating the technical infrastructure for ensuring the security of databases where personal data will be stored,
- Monitoring and inspecting the technical infrastructures,
- Upgrading and renewing the technical measures periodically,
- Using protection systems, security wall and similar software or hardware products against risks and installing security systems in parallel with the technological advancements,
- Employing technical professionals.
4.3.2.2 Administrative measures
- Informing employees and providing them training in connection with the protection and processing of the personal data in accordance with the law,
- Documenting the measures that will be taken in case Employees process the personal data in breach of the law, under the agreements made with employees and/or Company's procedures,
- Inspecting the personal data processing activities of data processors or partners of data processors.
4.4 Storage of Personal Data
4.4.1 Storage of the personal data for the duration specified in the applicable legislation or as required for the purpose of processing
MINDBEHIND stores the personal data for the duration required for the purpose of processing the personal data provided that storage durations specified in the applicable legislation are reserved.
In case the personal data is processed for multiple purposes, MINDBEHIND stores deletes, destroys the personal data or stores the data upon anonymization in case the purpose of data processing is no longer valid or upon request of the Data Subject when there is no impediment under the legislation for the deletion upon request.
If the purpose of processing personal data has expired and the retention periods determined by the relevant legislation and the company have come to an end; Personal data can only be stored to provide evidence in possible legal disputes or to protect the rights of the person concerned or to establish a defence depending on the personal data. In determining the retention periods, the retention periods are determined based on the examples in the requests made to the company on the same issues before, although the time limits for the said right to be claimed and time limits elapse. In this case, the stored personal data are not accessed for any other purpose, and access to the relevant personal data is provided only when it is required to be used in the relevant legal dispute. Personal data is deleted, destroyed or anonymized after the aforementioned period expires.
4.4.2 Measures taken about the storage of personal data
4.4.2.1 Technical measures
- Creating the technical infrastructure and the relevant inspection mechanisms for the deletion, destruction and anonymization of the personal data,
- Taking measures for the secure storage of the personal data,
- Employing technical professionals.
- Adopting business continuity and contingency plans against risks and developing systems for implementing them,
- Establishing security systems in parallel with the technological advancements about the media used to store the personal data.
4.4.2.2 Administrative measures
- Informing the employees and creating awareness on technical and administrative risks about the storage of personal data,
- Including provisions on taking security measures required from the persons who are transferred personal data for protection and secure storage of the personal data transferred, in the agreements made with the companies to which the personal data is transferred in case third persons are collaborated for the storage of the personal data.
4.5 Security of Personal Data
4.5.1 MINDBEHIND takes the following security measures about the personal data:
- Prevention of the processing in breach of the law,
- Prevention of access in breach of the law,
- Ensuring the storage in accordance with the law,
Administrative and technical measures are taken in parallel with the technological availabilities and implementation costs.
4.5.2 Administrative measures taken to prevent processing of personal data in breach of the law
- Training and informing employees about processing of the personal data in compliance with the law,
- Evaluating activities of MINDBEHIND in detail for each business function, and processing personal data within the scope of commercial activities performed by the relevant functions as a result of the relevant evaluation,
- Include provisions on security measures expected from the data processors in the agreements made with the data processor companies in case third persons are collaborated for the processing of personal data,
- Notifying the KVK Board and conduct inspections specified in the applicable legislation in case the personal data is disclosed in breach of the law, or a data leak occurs,
4.5.3 Technical measures taken to prevent illegal access to personal data
- Employing technical professionals.
- Upgrading and renewing the technical measures periodically,
- Developing internal authorization procedures for access.
- Developing internal data recording systems and inspecting them periodically,
- Training and informing employees about authorization for access to personal data,
- Establishing security systems in parallel with the technological advancements in order to prevent illegal access to personal data.
4.6 Deletion, Destruction and Anonymization of Personal Data
MINDBEHIND deletes, destroys or anonymizes the personal data at its own discretion or upon request of the data subject in case the reasons requiring the processing are no longer valid even though the processing is performed in accordance with the applicable legislative provisions.
Anonymized personal data may be processed for purposes such as planning and statistics in accordance with article 28 of the KVKK. These processing activities are excluded from the scope of the KVKK, and explicit consent of the data subject shall not be sought.
4.6.1 Methods of Deleting and Destroying Personal Data
Personal data and special categories of personal data are processed for the duration of processing required in accordance with our company's practices and requirements of the commercial sphere, and for the durations required in practice as evident in legal disputes upon expiry of the aforementioned period. Upon expiry of the relevant durations, the personal data is deleted, destroyed or anonymized as described in the applicable legislation and internal directives.
4.6.1.1 Physical Destruction
Personal data may be processed with automatic methods provided that they are a part of a data registry system. For the destruction of this type of Personal Data, physical destruction system is implemented in order to prevent subsequent use of Personal Data.
4.6.1.2 Secure Deletion from the Software
Methods for secure deletion software are used in a non-recoverable manner while deleting Personal Data processed using fully or partially automatic methods and stored in digital media.
4.6.1.3 Secure Deletion by an Expert:
MINDBEHIND may contract a specialist for deletion of Personal Data on its own behalf under certain conditions. In this case, Personal Data are deleted securely in a non-recoverable manner by a person who is specialist in this process.
4.6.2 Methods of Anonymizing Personal Data
4.6.2.1 Masking
Data masking is method of anonymization used for Personal Data by removing deterministic Personal Data from the data set.
4.6.2.2 Aggregation
Numerous data are aggregated through data aggregation, and it is made impossible to associate personal data with any person.
4.6.2.3 Derivation
General content is derived using Personal Data by implementing data derivation method and it is made impossible to associate Personal Data with any person.
4.6.2.4 Data Shuffling
Data shuffling method is used to shuffle values in the personal data set and the ties with the individuals are eliminated.
4.7 Rights of Data Subjects
Pursuant to Article 11 of the KVKK, a Data Subject has right to:
- Get information as to whether personal data are processed or not.
- Get information on the extent of processing if data are processes.
- Get information on the purpose of processing personal data and as to whether they were used in accordance with the purpose.
- Get information on local and foreign third parties who were transferred personal data.
- Request correction if personal data were processed inaccurately or incompletely.
- Request correction in case your personal data are processed in an incomplete or inaccurate manner and request notification of such corrections to the third persons who received your personal data.
- Request deletion or destruction of personal data in case reasons requiring processing thereof become invalid following the processing of the data in accordance with KVKK and provisions of other applicable legislation and require notification of the same to the third persons who received your personal data.
- File objection against unfavourable results obtained through analysis using automatic systems only.
- Claim compensation of losses and damages that may arise from illegal processing of personal data.
by submitting an application to the data supervisor.
4.7.1 Exercising rights about personal data
Data Subjects should forward their requests about the aforementioned rights under article 11 of the KVKK, and implementation of the KVKK by sending signed copy of “APPLICATION FORM FOR DATA SUBJECTS TO EXERCISE THEIR RIGHTS UNDER THE KVKK” to the communication address of MINDBEHIND by mail, electronic mail or reply-paid registered mail or through other methods specified by the KVKK Board.
4.7.2 Processing of the application
4.7.2.1 Deadline for responding to the application
Requests regarding the personal data will be met free of charge in the shortest time possible and in any case, latest within 30 (thirty) days depending on the nature of the request. Additional information and documents may be requested during the application or processing of the application.
4.7.2.2 Right to reject the application
Applications about the personal data are rejected by MINDBEHIND in case:
- Personal data is processed for research, planning and statistics purposes provided that they are anonymized,
- Personal data is processed for artistic, historical, literature or scientific purposes and within the scope of the freedom of speech provided that privacy or personal rights are not violated, or criminal acts are not committed,
- Personal data made public by the Data Subject is processed,
- The application is based on a legitimate reason,
- The application involves an inquiry in breach of the law,
- Application procedure is not complied with,
provided that the reason is also specified.
4.7.3 Procedure of processing the application
The processing will be initiated only when the signed requests are sent in writing via notary public or via registered electronic mail (KEP) or it is sent with other methods specified by the KVK Board together with the records documenting the applicant's identification.
The relevant request is met if the application is accepted, and notification is served in writing or electronically. In case the relevant request is denied, data subject is notified in writing or electronically by specifying the reason.
4.7.4 Right to submit a complaint to the Personal Data Protection Board
In case the application is rejected, our response is found insufficient, or a response is not given in timely manner, the data subject has right to submit a complaint to the KVK Board within a period of 30 (thirty) days upon receipt of the response and in any case within 60 (sixty) days following the date of application.
4.8 Responsibility to Implement the Procedure on Collection, Processing, Transfer, Storage, Security and Destruction of Personal Data
This procedure is pursued by all departments in MINDBEHIND and process owners in those departments.
In case the personal data is processed by any other real or legal person for and on behalf of MINDBEHIND, MINDBEHIND acting as data controller and data processors have joint responsibility.
MINDBEHIND acting in the capacity of data controller, periodically inspects the compliance of data processors with the applicable legislative provisions in order to ensure that the assurance provided to the data subjects is maintained by the business partners, service providers, suppliers and contractors.
4.9 Implementation and Publication of the Procedure
KVK Board that is assigned by the General Manager makes revisions based on the changes and new inquiries received from the departments; submits revisions to the General Manager and revisions are published upon approval.
In case all or some provisions of the procedure are revised, the revisions take effect on the date of publication. The latest version of the procedure is published internally and website of Mindbehind and presented to the access of the data subjects.
In case of any conflict between the KVKK, other legislative provisions and this Procedure, provisions of the KVKK and other applicable legislation shall supersede.
This Procedure is reviewed at least on annual basis and revised as and when required.
4.10 Effective Date of the Procedure
The Procedure took effect 15/10/2021 with the approval of the General Manager. The Procedure is kept in printed form (controlled copy) and electronically.
MİNDBEHİND BİLGİ TEKNOLOJİLERİ A.Ş.
INFORMATION NOTICE ON PROTECTION OF PERSONAL DATA
Mindbehind Bilgi Teknolojileri A.Ş. As (Mindbehind or Company), we are extremely sensitive about and attach importance to protection of your personal data. With this awareness, we process all personal data of any individual associated with Mindbehind in accordance with Personal Data Protection Law (KVKK) and other applicable legislation.
Mindbehind acting in the capacity of “Data Controller” as defined in KVKK, processes your personal data with care for the purposes and using methods specified below, within the limits of the legislation and in accordance with the destruction requirements and durations.
1 Definitions
For the purposes of this Information Notice on Protection of Personal Data:
Personal Data: refers to any data related with an identified or identifiable real person (name, surname, T.R. identification number, address, telephone, log-in/ log-out times, position, curriculum vitae, place of birth, date of birth, e-mail address, video records and similar other data),
Special Categories of Personal Data: refers to any data requiring stricter protection than the other personal data as the disclosure thereof may lead to discrimination or aggravation (race, ethnic origin, political view, religious belief, sect, clothing style, union membership, health, biometric data and similar other data),
Processing of Personal Data: refers to any activity performed on the personal data, including the collection of the personal data with non-automatic methods as a part of automatic or any data registration system, storage, modification of the personal data, disclosure to third persons and transfer abroad,
KVKK: refers to the Personal Data Protection Law No. 6698 that took effect upon promulgation in the Official Gazette of 7 April 2016,
Communique: Communique No. 30656 on Procedures and Principles Regarding the Performance of the Obligation to Inform that took effect upon promulgation in the Official Gazette of 10 March 2018,
Authority: refers to the Personal Data Protection Authority,
Data Processor: refers to a real or legal person processing Personal Data based on the authorization given by and in the name of the data controller.
Data Controller: refers to a real or legal person who is responsible to determine the objectives and means of processing personal data, establishes and manages the data storage system.
Data Subject: refers to a real person whose personal data are processed.
Contact Person: refers to the person who maintains communication with the Authority and Data Subjects,
Mindbehind or Company: Mindbehind Bilgi Teknolojileri A.Ş.
.
2 Data Controller and Contact Person
Data Controller: Mindbehind Bilgi Teknolojileri A.Ş.
Address : Maslak Mahallesi AOS 55. Sokak No:4/569 Sarıyer/İstanbul
Contact Person : Oğuzhan Başeğmez
3 Collection of Personal Data, Method of Collection and Processing
Personal data of our customers, customer's stakeholders, customers’ users, employees, prospective employees, shareholders, suppliers, business partners, employees of the collaborated companies or business partners, visitors and other 3rd persons that are in our possession may be collected verbally, in writing or electronically via relevant departments, contact forms, telephone calls, electronic applications, software, various contracts, electronic mail, social media and similar other means and processed automatically or non-automatically in accordance with the Constitution of the Republic of Turkey, International Conventions signed by our country and Personal Data Protection Law No. 6698.
Therefore, as Data Controller, we would like to inform you about the Processing of Personal Data in accordance with the KVKK.
Pursuant to Article 4 of the KVKK, your personal data will be stored and processed:
i. in compliance with the law and good faith principle,
ii. accurately and in accordance with the current practices,
iii. for clear, express and legitimate purposes,
iv. in a manner that is related and proportionate with the purpose of processing,
v. for the duration as specified in the applicable legislation or for as long as required for the purposes of processing.
4 Objective of Processing Personal Data
Your personal data collected will be processed for the following purposes in accordance with personal data processing conditions specified in Articles 5 and 6 of KVKK and the Communique:
i. performance of the activities by our business functions in parallel with the purpose of incorporation and our Company's operations,
ii. maintaining the contact and affairs with the customers, customer's stakeholders, customers’ users, suppliers, business partners, employees of the collaborated companies and business partners and other 3rd persons,
iii. establishing the communication and affairs with employees, prospective employees, shareholders and executives,
iv. maintaining the collection and procurement activities and accounting/ financial affairs,
v. ensuring the physical security and audit of the offices and other locations of our Company,
vi. conducting assessment, complaint management, legal compliance, internal audit, analysis and other processes of our Company,
vii. allowing our employees to use healthcare services,
viii. secure performance of the logistics activities,
ix. performance of the national and international projects and growth efforts in compliance with the law,
x. due implementation of the financial processes in our Company,
xi. due implementation of the human resources processes in our Company,
xii. maintaining the operations in the office as required,
xiii. maintaining the mandatory and voluntary efforts within the scope of the Information Technologies,
xiv. ensuring the legal and commercial security of our Company and real and legal persons that have a business relationship with our Company,
5 Transfer of Your Personal Data
Your personal data may be transferred to foreign investors, employees thereof, shareholders, executive management, business partners, suppliers, business contacts, employees, those assisting in the performance for the objectives including but not limited to the foregoing objectives in accordance with the KVKK and other applicable legislation, and to third persons in the country and abroad as specified in the legislation applicable to the regulatory authorities and audit authorities in accordance with the business line and objectives.
6 Storage and Deletion of Personal Data
Our Company stores personal data processed for the durations specified in the applicable Legislation, or Company policies subject to compliance with the applicable legislation.
In case it is not specified in the applicable legislation, personal data is stored for the duration of processing required for our Company’s practices and ordinary business practices depending on services provided by our company during processing of the date, and upon expiry of that duration, data is stored solely for the durations that are required to submit evidence in case of legal disputes. Upon expiry of the durations specified above, personal data is deleted, destroyed or anonymized through methods described in the Company's policies.
7 Your Rights as Data Subject
7.1 Pursuant to Article 11 of KVKK, you have right to:
i. Get information as to whether your personal information is processed or not.
ii. Get information if your personal information is processed.
iii. Get information on the purpose of processing personal data and as to whether they were used in accordance with the purpose.
iv. Get information on local and foreign third parties who were transferred your personal information.
v. Request correction if your personal data were processed inaccurately or incompletely.
vi. Request deletion or destruction of your personal data in accordance with the conditions stipulated in KVKK and other applicable legislation.
vii. Request notification of third persons who are transferred your personal data in case you request correction of incomplete or wrong data and deletion or destruction of your personal data.
viii. File objection against unfavourable results obtained through analysis of personal data using automatic systems only.
ix. Claim compensation of losses and damages you may suffer from due to illegal processing of personal data.
.
For the purpose of exercising the aforementioned rights, as a Data Subject, you may complete the relevant Application Form and deliver it to
“Maslak Mahallesi AOS 55. Sokak No:4/569 Sarıyer/İstanbul”
address upon signing and in person or by mail or via Notary Public together with the information and documents related with the subject of application,
scan the form and send it to kvkk@mindbehind.com address via electronic mail, using the electronic mail address notified to Mindbehind and recorded by Mindbehind,
Scan the form and send it to sorun@hs01.kep.tr address using your registered electronic mail address.
For the purpose of exercising your rights as a data subject, the application containing your explanations on the right intended to be exercised should:
i. be clear and comprehensible,
ii. be relevant to a personal request,
iii. document your special power to do so if you act for and on behalf of others,
iv. contain your identification and address details,
v. contain documents substantiating the identity
.
7.2 Your application will be processed free of charge as soon as practicable depending on the type of your request and in any case, within a period of maximum 30 days upon receipt by the Mindbehind. However, fees specified in the tariff set by the Board may be charged in case any cost is incurred during the processing of application.
Your application will be accepted or rejected with reasoning within the aforementioned period of time, and the response will be submitted to you in writing or electronically. If the information and documents you provide are missing or incomprehensible, we will contact you to clarify your application.
7.3 As a Data Subject, you may submit an application to the Board within a period of 30 days upon receipt of the Company’s response and in any case, within a period of 60 days following the date of application in case your application is dismissed, necessary actions are not taken, response is not satisfying, or application is not processed within the specified period of time.
8 Article 5 of the KVKK specifies the "Events of Processing Your Personal Data without Your Explicit Consent” and Article 28 of the KVKK specifies "Exceptions” to implementation of the Law.
9 Data Controller agrees that the applicable legislation shall apply in case of any conflict between the applicable legislation and this Information Notice.
Effective date shall also be revised, and it shall be announced again in case all or some articles of the Information Notice are revised for the purpose of compliance with the changing conditions and the legislation.
Mindbehind Bilgi Teknolojileri A.Ş.
This Internet Site Cookies Policy and Information Notice has been prepared to inform you, the data subject, in accordance with the Personal Data Protection Law No. 6698 ("Law") and the applicable legislation in connection with your personal data to be automatically processed over the internet site during your visit to the internet site at https://www.mindbehind.com ("internet site") owned by Mindbehind ("Mindbehind) that acts in the capacity of data controller. This information notice contains explanations on the use of cookies at our site and information on how to control these cookies.
Your personal data processed by Mindbehind, using cookies on the internet site are processed so you use our internet site in the most efficient way and your user experienced is improved, provided that fundamental rights and freedoms of data subject that are described in Article 5, paragraph 2, sub-paragraph f of the Law are not damaged and in case data processing is compulsory for the legitimate interests of the data controller. Upon processing, your personal data is disclosed to the service providers of the relevant cookies in a manner limited with the achievement of the aforementioned objectives and in compliance with the applicable legislation, and they may be disclosed to the competent governmental authorities as required under the law. Detailed information is provided below in connection with the processing and transfer.
What is a Cookie and Why is it Used?
Cookies are small text files stored in your system or network server via browsers during your visit to the internet site.
Which Cookies Are Used?
You may view the cookies used in the internet site from the left tab.
What Are Your Rights as Data Subject (Relevant Person)?
Pursuant to Article 11 of the Law specifying rights of the data subject, the data subjects are entitled to:
Get information as to whether personal data are processed or not;
Get information on the extent of processing if data are processes;
Get information on the purpose of processing personal data and as to whether they were used in accordance with the purpose;
Get information on local and foreign third parties who were transferred personal data;
Request correction in case your personal data are processed in an incomplete or inaccurate manner and request notification of such corrections to the third persons who received your personal data;
Request deletion or destruction of personal data in case reasons requiring processing thereof become invalid following the processing of the data in accordance with the Law and provisions of other applicable legislation, and require notification of the same to the third persons who received your personal data;
File objection against unfavorable results obtained through analysis using automatic systems only.
Claim compensation of losses and damages that may arise from illegal processing of personal data
You may submit all request related with the matters provided in the list to Mindbehind in accordance with the Communique on the Procedures and Principles Regarding the Application to Data Controller.
This information notice has been revised on 05.11.2021 and the effective date shall be revised, and it will be submitted to the access of the data subjects over the internet site in case Mindbehind revises all or a portion of the information notice. APPLICATION FORM PURSUANT TO ARTICLES 11 AND 13 OF THE PERSONAL DATA PROTECTION LAW NO. 6698
For the processing of your request by Mindbehind Bilgi Teknolojileri A.Ş. (Mindbehind or Company), in accordance with the Personal Data Protection Law No. 6698 (KVKK) and other applicable legislation, you may complete the following information in full and clear format, and send this form to
Maslak Mahallesi AOS 55. Sokak No:4/569 Sarıyer/İstanbul” address in signed form together with the identification documents and the other relevant documents and information, in person or via mail or Notary,
scan the form and send it to kvkk@mindbehind.com address via electronic mail, using the electronic mail address notified to Mindbehind and recorded by Mindbehind,
scan the form and send it to sorun@hs01.kep.tr address using your registered electronic mail address.
Your application will be processed free of charge as soon as practicable depending on the type of your request and in any case, within a period of maximum 30 days upon receipt by the Mindbehind. However, fees specified in the tariff set by the Board may be charged in case any cost is incurred during the processing of application.
Your application will be accepted or rejected with reasoning within the aforementioned period of time, and the response will be submitted to you in writing or electronically, If the information and documents you provide are missing or incomprehensible, we will contact you to clarify your application.
1 IDENTIFICATION AND CONTACT INFORMATION OF THE DATA SUBJECT
Name - Surname: |
|
T.R. Identification Number: |
|
Telephone Number: |
|
Address: |
|
e-mail: |
|
Relationship with the Company: (Such as customer, supplier, employee, employee candidate, former employee, third party company's employee and others.) |
|
2 INFORMATION ON SELECTION OF THE RIGHTTO BE EXERCISED BY THE DATA SUBJECT
(Please mark the box/boxes next to thephrase that is consistent with your request)
▢ I would like to know if your Company processes my personal data or not.
▢ If your Company processes my personal data, I request information on the data processing activities.
▢ If your Company processes my personal data, I would like to know the purpose of processing and whether the data is used in compliance with the purpose of processing or not.
▢ If my personal data is transferred to the third persons in the country or abroad, I would like to know about these third persons.
▢ I believe my personal data is processed incompletely or inaccurately and I request rectification thereof.
▢ I would like my personal data to be deleted excluding the data subject to compulsory processing in accordance with the applicable legislation even though my personal data is processed in accordance with the law and other legislative provisions.
▢ I would you to procure rectification before the third persons that are transferred my personal data which I believe is processed incompletely and inaccurately.
▢ I would like to procure deletion before the third persons in connection with my personal data subject to the request of deletion.
▢ I believe that your Company analyses my personal data exclusively through automatic systems and these analyses lead to an adverse result for me. I hereby object to that result.
3 EXPLANATIONS ABOUT THE REQUEST
(Please provide details on your request and personal data subject to your request in accordance with the Personal Data Protection Law No. 6698)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
4 ANNEXES
Please specify if there is any document substantiating your application.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
5 PLEASE SELECT A METHOD FOR SENDING OUR RESPONSE REGARDING YOUR APPLICATION
▢ Please send to my mailing address.
▢ Please send to my e-mail address.
▢ I would like to receive in person.
6 STATEMENTS OF THE APPLICANT
This application form has been prepared to determine your relationship with Mindbehing, if any, specify full set of personal data processed by our Mindbehind and respond your application properly and within the official period of time. Our Company reserves the right to request additional documents and information for identification and authorization in order to eliminate the legal risks that may arise from illegal and/or unfair data disclosure and in particular, to ensure the security of your personal data. Our Company shall not accept any liability in connection with any inaccurate information or unauthorized application in case the information you provide in this form about your requests is not accurate and up to date or an unauthorized application is made. You shall assume any liability that may arise from any illegal, misleading or inaccurate application.
Data Subject/ Person Applying for and on behalf of Data Subject:
Name- Surname:
Date of Application:
If you are applying for and on behalf of another person, please add the documents showing that you are authorized to submit an application (document showing that you are parent/ legal guardian of the data subject, proxy letter, etc.) The aforementioned documents shall be accepted only when they are issued and approved by the competent authorities.
I hereby declare and undertake that I expressly consent/approve saving, storage, preservation of my personal data (such as name, surname, address, phone number and e-mail address, etc.) by Mindbehind Bilgi Teknolojileri A.Ş.(MindBehind) in accordance with the Personal Data Protection Law (KVKK) numbered 6698 and other relevant legislations, to be connected, limited and restricted to the purpose of processing, for the purpose of being informed about new products and services and to be contacted for marketing purposes, in order for Mindbehind to gain an opinion on the use of the website as described in the cookie policy, to improve and evaluate the website and Mindbehind services, to comply with laws and regulations, and to register, store, maintain, when necessary, for use within the scope of customer service that Mindbehind provides for its Customers and for transferring of the same to its employees when needed as required by their processes and/or sharing of the same with the business partners within the scope of research and procurement activity and for processing of those personal data which I share with MindBehind and/or received by MindBehind as explained above and that I read and understood MindBehind Information Notice Text.