POLICY ON PROCESSING, PROTECTION AND DESTRUCTION OF PERSONAL DATA
The Law no. 6698 on Protection of Personal Data (“KVKK”) entered into force upon publication in the Official Gazette no. 29677 dated 7 April 2016. KVKK has been enacted to specify obligations of the real and legal persons that process the personal data, and to protect fundamental rights and freedoms of the real persons of whom personal data is processed, including right to privacy that is regulated under the Constitution.
Mindbehind Bilgi Teknolojileri A.Ş. (MINDBEHIND) attaches great importance to the privacy and security of the personal data of the customers, potential customers, employees, employee candidates, collaborated organizations and employees thereof, stakeholders, business partners, shareholders, authorized representatives and the third persons.
MINDBEHIND aims to create a data processing, protection and destruction policy in the international standards and to fulfil the requirements duly and with care. The main purpose of this Policy on Processing, Protection and Destruction of Personal Data (Policy) is to ensure transparency by informing the real persons of whom personal data is processed by MINDBEHIND, in particular the aforementioned persons.
This Procedure has been prepared in accordance with the KVKK and other legislation and the international standards applicable to the personal/ special categories of personal data for the purpose of carrying out activities related with the collection, storage, data security, transfer, anonymization, destruction and processing of the personal data and special categories of personal data in MINDBEHIND.
3. Definitions and Abbreviations
MİNDBEHİND: Mindbehind Bilgi Teknolojileri Anonim Şirketi,
Explicit Consent: refers to the consent provides solely for the relevant process with clarity without leaving room to any doubt, based on the information provided and free will,
Anonymization: refers to the processing of personal data in such a way that the data subject can no longer be associated with an identified or identifiable natural person, or its source cannot be ascertained,
KVKK: refers to the Personal Data Protection Law No. 6698
Data Subject (Relevant Person): refers to a real person of whom personal data is processed, for example: customers, suppliers, visitors, employees and employee candidates.
Personal Data: refers to any information pertaining to a real person who is identified or identifiable. The reasoning is defined as the identified or identifiable nature of a person and rendering that person identifiable through association of the data available with a real person in any way whatsoever.
Processing of Personal Data: means all kinds of processes performed about personal data obtaining, storing, archiving, recording, modifying, editing, disclosing, transferring, taking over personal data, making them accessible, classifying or preventing the use of personal health data through fully automatic or partially automatic or non-automatic ways provided that they are a part of a data storage system,
Data Processor: means a real or legal person processing personal data based on the authorization given by and in the name of MINDBEHIND,
Personal Data: refers to any information pertaining to a real person who is identified or identifiable. The reasoning is defined as the identified or identifiable nature of a person, and rendering that person identifiable through association of the data available with a real person in any way whatsoever,
T.R. Identification Number,
Log-in and Log-out Times,
Domains/ products visited, and activities performed,
Digital data kept in the relevant databases or files in connection with the relevant position,
Documents such as job applications/ curriculum vitae, purchase order records kept by HR/ marketing/ sales departments or other departments for storing the personal information.
Place/ Date of Birth,
E-Mail Address/ IP Address,
Video and Audio Records,
Any similar data that renders a person identifiable,
Special Categories of Personal Data: refers to
Religion, sect and other beliefs,
Association, foundation or union membership
Criminal conviction/ title data
Data About Security Measures,
Biometric and genetic information
4.1 Collection of Personal Data
Processed personal data and special categories of personal data may vary based on the type and nature of MINDBEHIND services. Personal data may be collected through automatic or non-automatic methods, verbally, in writing or electronically by means of Mindbehind services, offices, consultation, internal correspondences, business partners, stakeholders and similar other means.
Personal data will be processed as long as MINDBEHIND services are used, and updates will be made to ensure accuracy and up-to-datedness of the data. Further, personal data may be collected and processed when the office, business place or internet pages and other social and digital platforms of MINDBEHIND are visited or events, workshops, organizations, trainings, etc. organized by MINDBEHIND are attended.
4.2 Processing of Personal Data
MINDBEHIND may process the personal data in accordance with the conditions of processing described in Article 5 and Article 6 of KVKK for the purpose of determining, implementing commercial and business strategies, implementing human resources processes and for other objectives that may be notified during collection of the personal data.
Purposes of processing include but not limited to:
- Performing corporate activities,
- Ensuring compliance with the legal obligations in accordance with the applicable legal regulations,
- Performing sales, market research and statistical activities,
- Processing job applications,
- Communicating with the persons that are in business relationship with the Company,
- Submitting legal reports,
- Issuing invoices,
- Establishing communication with all organizations and institutions within MINDBEHIND,
- Establishing the corporate communication,
- Making personal job advertisements and providing information on employment,
- Sending bulletins and making notifications via e-mail.
4.2.1 Processing in compliance with the law and good faith principle
MINDBEHIND processes personal data in compliance with the law and good faith principle in accordance with Article 4 of the KVKK and adopts the principle of "transparency” and makes notifications to data subjects in connection with the use of information thereof. Transparency and integrity are taken as basis in notifications, clear information is provided about the purpose of processing and using the personal data collected, and the data is processed accordingly.
4.2.2 Ensuring the accuracy, and up-to-datedness of personal data
MINDBEHIND ensures the accuracy and up-to-datedness of the personal data processed. Therefore, the relevant departments make amendments for keeping the personal data accurate and up to date.
4.2.3 Processing for definite, explicit and legitimate purposes
MINDBEHIND collects and processes the personal data for legitimate purposes in compliance with the law. MINDBEHIND processes the personal data in connection with the activities/ processes performed and implemented, to a reasonable extent and as required.
4.2.4 The relevance, limitation and proportionality of the personal data with the purpose of processing
MINDBEHIND refrains from processing the personal data that is not relevant with or required for the purpose of processing. Accordingly, it is essential to minimize the data processing activity.
4.2.5 Storage of the personal data described in the legal regulations for the duration of the legitimate commercial purposes
MINDBEHIND stores the personal data processes for the duration specified in the applicable legislation or as required in connection with the purpose of personal data processing if a duration is not specified in the applicable legislation.
The personal data may be stored upon expiry of the purpose of processing and the duration specified in the applicable laws until expiry of the general prescription period (ten years) specified in the Code of Obligations provided that fundamental rights and freedoms of the data subjects are not damaged in case the data controller has a legitimate interest to do so. The personal data shall be deleted, destroyed or anonymized upon expiry of the specified prescription period.
4.2.6 Processing of the special categories of personal data
Special categories of personal data are processed in the presence of explicit consent or when required under the applicable legislation upon taking the administrative and technical measures described in the laws and required by MINDBEHIND.
Special categories of personal data on health may be processed by the persons or authorized organizations and institutions bound with confidentiality obligation without obtaining explicit consent of the relevant person and for the purpose of protecting public health, performance of preventive medicine, medical diagnosis, treatment and maintenance services, and managing health service, and MINDBEND does not process unless the data is related with employees. The data of employees may be processed by the persons described in the laws.
4.3 Transfer of Personal Data
4.3.1 Transfer of personal data in the country
Personal data may be transferred to the suppliers, service providers of MINDBEHIND or other third persons and/or abroad in accordance with the data processing conditions and objectives described in Article 8 and Article 9 of the KVKK Law upon taking the required security measures, for the purpose of providing services required to outsourcing activities and commercial activities of MINDBEHIND, and to business partners and shareholders of MINDBEHIND, legally authorized organizations and institutions, persons subject to the private law in order to ensure the achievement of the incorporation purposes for the purposes of this Procedure.
4.3.2 Transfer of personal data abroad
MINDBEHIND may transfer personal data to foreign countries that are announced by the KVK Authority as countries with adequate level of protection ("Foreign Country with Adequate Level of Protection") or in the absence of the adequate level of protection, to foreign countries for which the data controllers in Turkey and the relevant foreign country provide written undertaking about the adequate level of protection and the KVK Board gives permission ("Foreign Country with Data Controller Guaranteeing Adequate Level of Protection"). In this regard, MINDBEHIND will act in accordance with the regulations stipulated in Article 9 of the KVK Law.
Measures on transfer of personal data in accordance with the law
18.104.22.168 Technical measures
- Making internal technical organizations for the processing and storage of the personal data in accordance with the legislation,
- Creating the technical infrastructure for ensuring the security of databases where personal data will be stored,
- Monitoring and inspecting the technical infrastructures,
- Upgrading and renewing the technical measures periodically,
- Using protection systems, security wall and similar software or hardware products against risks and installing security systems in parallel with the technological advancements,
- Employing technical professionals.
22.214.171.124 Administrative measures
- Informing employees and providing them training in connection with the protection and processing of the personal data in accordance with the law,
- Documenting the measures that will be taken in case Employees process the personal data in breach of the law, under the agreements made with employees and/or Company's procedures,
- Inspecting the personal data processing activities of data processors or partners of data processors.
4.4 Storage of Personal Data
4.4.1 Storage of the personal data for the duration specified in the applicable legislation or as required for the purpose of processing
MINDBEHIND stores the personal data for the duration required for the purpose of processing the personal data provided that storage durations specified in the applicable legislation are reserved.
In case the personal data is processed for multiple purposes, MINDBEHIND stores deletes, destroys the personal data or stores the data upon anonymization in case the purpose of data processing is no longer valid or upon request of the Data Subject when there is no impediment under the legislation for the deletion upon request.
If the purpose of processing personal data has expired and the retention periods determined by the relevant legislation and the company have come to an end; Personal data can only be stored to provide evidence in possible legal disputes or to protect the rights of the person concerned or to establish a defence depending on the personal data. In determining the retention periods, the retention periods are determined based on the examples in the requests made to the company on the same issues before, although the time limits for the said right to be claimed and time limits elapse. In this case, the stored personal data are not accessed for any other purpose, and access to the relevant personal data is provided only when it is required to be used in the relevant legal dispute. Personal data is deleted, destroyed or anonymized after the aforementioned period expires.
4.4.2 Measures taken about the storage of personal data
126.96.36.199 Technical measures
- Creating the technical infrastructure and the relevant inspection mechanisms for the deletion, destruction and anonymization of the personal data,
- Taking measures for the secure storage of the personal data,
- Employing technical professionals.
- Adopting business continuity and contingency plans against risks and developing systems for implementing them,
- Establishing security systems in parallel with the technological advancements about the media used to store the personal data.
188.8.131.52 Administrative measures
- Informing the employees and creating awareness on technical and administrative risks about the storage of personal data,
- Including provisions on taking security measures required from the persons who are transferred personal data for protection and secure storage of the personal data transferred, in the agreements made with the companies to which the personal data is transferred in case third persons are collaborated for the storage of the personal data.
4.5 Security of Personal Data
4.5.1 MINDBEHIND takes the following security measures about the personal data:
- Prevention of the processing in breach of the law,
- Prevention of access in breach of the law,
- Ensuring the storage in accordance with the law,
Administrative and technical measures are taken in parallel with the technological availabilities and implementation costs.
4.5.2 Administrative measures taken to prevent processing of personal data in breach of the law
- Training and informing employees about processing of the personal data in compliance with the law,
- Evaluating activities of MINDBEHIND in detail for each business function, and processing personal data within the scope of commercial activities performed by the relevant functions as a result of the relevant evaluation,
- Include provisions on security measures expected from the data processors in the agreements made with the data processor companies in case third persons are collaborated for the processing of personal data,
- Notifying the KVK Board and conduct inspections specified in the applicable legislation in case the personal data is disclosed in breach of the law, or a data leak occurs,
4.5.3 Technical measures taken to prevent illegal access to personal data
- Employing technical professionals.
- Upgrading and renewing the technical measures periodically,
- Developing internal authorization procedures for access.
- Developing internal data recording systems and inspecting them periodically,
- Training and informing employees about authorization for access to personal data,
- Establishing security systems in parallel with the technological advancements in order to prevent illegal access to personal data.
4.6 Deletion, Destruction and Anonymization of Personal Data
MINDBEHIND deletes, destroys or anonymizes the personal data at its own discretion or upon request of the data subject in case the reasons requiring the processing are no longer valid even though the processing is performed in accordance with the applicable legislative provisions.
Anonymized personal data may be processed for purposes such as planning and statistics in accordance with article 28 of the KVKK. These processing activities are excluded from the scope of the KVKK, and explicit consent of the data subject shall not be sought.
4.6.1 Methods of Deleting and Destroying Personal Data
Personal data and special categories of personal data are processed for the duration of processing required in accordance with our company's practices and requirements of the commercial sphere, and for the durations required in practice as evident in legal disputes upon expiry of the aforementioned period. Upon expiry of the relevant durations, the personal data is deleted, destroyed or anonymized as described in the applicable legislation and internal directives.
184.108.40.206 Physical Destruction
Personal data may be processed with automatic methods provided that they are a part of a data registry system. For the destruction of this type of Personal Data, physical destruction system is implemented in order to prevent subsequent use of Personal Data.
220.127.116.11 Secure Deletion from the Software
Methods for secure deletion software are used in a non-recoverable manner while deleting Personal Data processed using fully or partially automatic methods and stored in digital media.
18.104.22.168 Secure Deletion by an Expert:
MINDBEHIND may contract a specialist for deletion of Personal Data on its own behalf under certain conditions. In this case, Personal Data are deleted securely in a non-recoverable manner by a person who is specialist in this process.
4.6.2 Methods of Anonymizing Personal Data
Data masking is method of anonymization used for Personal Data by removing deterministic Personal Data from the data set.
Numerous data are aggregated through data aggregation, and it is made impossible to associate personal data with any person.
General content is derived using Personal Data by implementing data derivation method and it is made impossible to associate Personal Data with any person.
22.214.171.124 Data Shuffling
Data shuffling method is used to shuffle values in the personal data set and the ties with the individuals are eliminated.
4.7 Rights of Data Subjects
Pursuant to Article 11 of the KVKK, a Data Subject has right to:
- Get information as to whether personal data are processed or not.
- Get information on the extent of processing if data are processes.
- Get information on the purpose of processing personal data and as to whether they were used in accordance with the purpose.
- Get information on local and foreign third parties who were transferred personal data.
- Request correction if personal data were processed inaccurately or incompletely.
- Request correction in case your personal data are processed in an incomplete or inaccurate manner and request notification of such corrections to the third persons who received your personal data.
- Request deletion or destruction of personal data in case reasons requiring processing thereof become invalid following the processing of the data in accordance with KVKK and provisions of other applicable legislation and require notification of the same to the third persons who received your personal data.
- File objection against unfavourable results obtained through analysis using automatic systems only.
- Claim compensation of losses and damages that may arise from illegal processing of personal data.
by submitting an application to the data supervisor.
4.7.1 Exercising rights about personal data
Data Subjects should forward their requests about the aforementioned rights under article 11 of the KVKK, and implementation of the KVKK by sending signed copy of “APPLICATION FORM FOR DATA SUBJECTS TO EXERCISE THEIR RIGHTS UNDER THE KVKK” to the communication address of MINDBEHIND by mail, electronic mail or reply-paid registered mail or through other methods specified by the KVKK Board.
4.7.2 Processing of the application
126.96.36.199 Deadline for responding to the application
Requests regarding the personal data will be met free of charge in the shortest time possible and in any case, latest within 30 (thirty) days depending on the nature of the request. Additional information and documents may be requested during the application or processing of the application.
188.8.131.52 Right to reject the application
Applications about the personal data are rejected by MINDBEHIND in case:
- Personal data is processed for research, planning and statistics purposes provided that they are anonymized,
- Personal data is processed for artistic, historical, literature or scientific purposes and within the scope of the freedom of speech provided that privacy or personal rights are not violated, or criminal acts are not committed,
- Personal data made public by the Data Subject is processed,
- The application is based on a legitimate reason,
- The application involves an inquiry in breach of the law,
- Application procedure is not complied with,
provided that the reason is also specified.
4.7.3 Procedure of processing the application
The processing will be initiated only when the signed requests are sent in writing via notary public or via registered electronic mail (KEP) or it is sent with other methods specified by the KVK Board together with the records documenting the applicant's identification.
The relevant request is met if the application is accepted, and notification is served in writing or electronically. In case the relevant request is denied, data subject is notified in writing or electronically by specifying the reason.
4.7.4 Right to submit a complaint to the Personal Data Protection Board
In case the application is rejected, our response is found insufficient, or a response is not given in timely manner, the data subject has right to submit a complaint to the KVK Board within a period of 30 (thirty) days upon receipt of the response and in any case within 60 (sixty) days following the date of application.
4.8 Responsibility to Implement the Procedure on Collection, Processing, Transfer, Storage, Security and Destruction of Personal Data
This procedure is pursued by all departments in MINDBEHIND and process owners in those departments.
In case the personal data is processed by any other real or legal person for and on behalf of MINDBEHIND, MINDBEHIND acting as data controller and data processors have joint responsibility.
MINDBEHIND acting in the capacity of data controller, periodically inspects the compliance of data processors with the applicable legislative provisions in order to ensure that the assurance provided to the data subjects is maintained by the business partners, service providers, suppliers and contractors.
4.9 Implementation and Publication of the Procedure
KVK Board that is assigned by the General Manager makes revisions based on the changes and new inquiries received from the departments; submits revisions to the General Manager and revisions are published upon approval.
In case all or some provisions of the procedure are revised, the revisions take effect on the date of publication. The latest version of the procedure is published internally and website of Mindbehind and presented to the access of the data subjects.
In case of any conflict between the KVKK, other legislative provisions and this Procedure, provisions of the KVKK and other applicable legislation shall supersede.
This Procedure is reviewed at least on annual basis and revised as and when required.
4.10 Effective Date of the Procedure
The Procedure took effect 15/10/2021 with the approval of the General Manager. The Procedure is kept in printed form (controlled copy) and electronically.
MİNDBEHİND BİLGİ TEKNOLOJİLERİ A.Ş.
At Mindbehind Bilgi Teknolojileri A.Ş. (Mindbehind or Company), we show extreme sensitivity for and place importance on the protection of your personal data. With this in mind, we process all kinds of personal data of the individuals associated with Mindbehind in accordance with the Personal Data Protection Act no 6698 (KVKK) and any other related legislation.
Acting as “Data Controller” as defined in KVKK, Mindbehind processes your personal data with diligence and care, for the purposes and using the methods described below, within the framework stipulated by legislation, and in accordance with the requirements and deadlines of destruction;
Definitions For the purposes of this Personal Data Protection Clarification Text, the following terms shall have the corresponding meanings;
Personal Data: Any data relating to an identified or identifiable natural person (name, surname, T.R. identity number, address, telephone, times of system login/logout, the current location, curriculum vitae, place of birth, date of birth, e-mail address, visual records and all similar data),
Sensitive Personal Data: All kinds of data that, when revealed, may result in discrimination or victimization concerning the related personal and that must be protected much more strictly than the other personal data (race, ethnical origin, political opinions, religious beliefs or sects, clothing, trade union membership, medical condition, biometric data and all similar data),
Processing of Personal Data: means any operation which is performed on personal data by automated means or non-automated means, provided that such means form part of a data filing system, including collection, recording, storage, alteration, disclosure to third parties and transferring to overseas locations,
KVKK: Personal Data Protection Law no 6698 which became effective upon being published in the Official Journal dated 7 April 2016,
Communiqué: Communiqué on the Methods and Principles to be Followed in Meeting the Clarification Requirements no 30356 which became effective upon being published in the Official Journal dated 10 Mart 2018,
Board: Personal Data Protection Board,
Data Processor: The natural or legal person who processes Personal Data on behalf of the data controller based on the authorization granted by the same
Data Controller: Natural or legal person who determines the purposes and means of processing Personal Data and is responsible for establishing and managing the data filing system
Data Subject: The real person whose Personal Data is processed,
Contact Person: The person who provides communication with the Board and the contact with Data Subjects,
Mindbehind or Company: Mindbehind Bilgi Teknolojileri A.Ş.
1. Data Controller and Contact Person
Data Controller: Mindbehind Bilgi Teknolojileri A.Ş.
Address : Maslak Mahallesi AOS 55. Sokak No:4/569 Sarıyer/İstanbul
Contact Person : Oğuzhan Başeğmez
2. Collecting Personal Data, Method of Collection and Processing of Data
Personal data of our customers, stakeholders of customers, users of customers, our employees, our employee candidates, our shareholders, our suppliers, business partners, employees of companies and institutions with whom we have cooperation or relation, our visitors and 3rd parties which we keep under our responsibility can be collected and processed by our Company within the frame of relevant legislation, particularly including the Constitution of the Republic of Türkiye, the International Conventions to which our country is a party and the Personal Data Protection Law no 6698, by automated or non-automated means and through such mediums as the related departments of our Company, our website, contact forms, telephone conversations, electronic applications, software, various contracts, electronic mail, social media and the like, in oral, written or electronic format.
Therefore, as the Data Controller acting pursuant to KVKK, we would like to make this clarification for you regarding the Processing of Personal Data.
Pursuant to article 4 of KVKK, your personal data shall be processed;
i. In line with the rules of lawfulness and fairness,
ii. Accurately and in updated form when necessary,
iii. For specified, explicit and legitimate purposes,
iv. Relevant, limited and proportionate to the purposes for which they are processed,
v. By being stored for the period laid down by the relevant legislation or for the period as required for the purpose for which the personal data are processed.
3. Categories of Processed Personal Data
Identification, making contact, determining location, customer transactions, legal transactions, operational security, marketing
4 Purposes of Processing Personal Data
Once collected, your personal data shall be processed for the following purposes under the conditions and within the frame of personal data processing as indicated in articles 5 and 6 of KVKK and in the Communiqué;
● Enabling our business units to continue with the business activities which are carried out by our Company and are the founding purpose of our Company,
● Ensuring our communication and relations with our customers, stakeholders of customers, users of customers, our suppliers, business partners, employees of companies and institutions with whom we have cooperation or relation, our visitors and 3rd parties,
● Ensuring our communication and relations with our employees, our employee candidates, our shareholders, and our directors,
● Ensuring the continuity of collection and purchasing activities and the accounting/financial affairs functions,
●Ensuring the physical security and inspection of the offices and other locations of our Company,
●Carrying out such processes of our Company as evaluation, complaint handling, legal compliance, internal audit, analysis, and others,
● Enabling our employees to benefit from health services,
● Executing the logistic activities in a safe manner,
● Carrying out national and international projects and growth practices in line with laws,
● Due execution of the financial processes within the internal Company operations,
● Due execution of the human resources processes within the internal Company operations,
● Due continuity of the work life within the office,
● Continuing with the compulsory and voluntary work within the scope of Information Technologies.
●Ensuring the legal and commercial security of our Company and the natural and legal persons who have business relations with our Company.
●Conducting the marketing work, advertising/campaign/promotion processes, sales/after sales services with the customers.
● Providing information to the competent persons, institutions and organizations within the scope of marketing activities.
5 Transferring your Personal Data
Within the scope of the above listed purposes and in line with KVKK and all related legislation currently in effect, your personal data can be transferred to our shareholders, their employees, our senior management, our business partners, suppliers, business contacts, employees, executive assistants; or regulatory and supervisory boards and public authorities in line with our field of activity and purpose or in cases stipulated by the relevant legislation; to third persons, either domestic or overseas, in line with our field of activity and purpose; and to suppliers, either domestic or overseas, for the purpose of carrying out marketing/advertising/campaign/promotion processes and product/service marketing processes.
6 Storing and Deleting the Data
Personal data must be retained only for the period of time required for the purposes defined in section “4. Purpose of Processing Personal Data”. Mindbehind retains your personal data during the maximum duration allowed by legislation in order to fulfill legal requirements, and protect, exercise and defend its rights.
Unless stipulated otherwise in the legislation; personal data is retained only for as long as is needed to process such data in line with our Company practices and routines depending on the services offered while processing such data and, afterwards, only for the purpose of constituting conclusive evidence in legal disputes; upon expiration of the specified periods, the said personal data are deleted, destroyed or anonymized using the methods defined in Company policies.
7 Your Rights as Data Subjects
7.1. Pursuant to article 11 of KVKK, you have the following rights:
●To learn whether your personal data are processed or not,
●To demand information, if your personal data has been processed,
●To learn the purpose of the processing of your personal data and whether such personal data is used for the intended purpose,
●To know about the third parties, whether local or overseas, to whom your personal data is transferred,
●To request the correction of personal data if such data has been processed incompletely or inaccurately,
●To request the erasure or destruction of your personal data within the frame of the conditions stipulated in KVKK and other legislation,
●When the correction of incomplete or inaccurate personal data is requested or when the erasure or destruction of the personal data is requested, to ask for such operation to be notified to third persons who have received the personal data,
●To object to the occurrence of a result against yourself if the processed data has been analyzed solely through automated systems,
●To claim compensation for the damage arising from the unlawful processing of your personal data.
For exercising your rights listed above, as the Data Subject, you can submit the Application Form Pursuant to Articles 11 and 13 of the Personal Data Protection Law no 6698 which is published in the website “https://www.mindbehind.com/privacy-policy#ApplicationForm
” to the address of;
“Sultan Selim Mahallesi Libadiye Sokak No: 3/1 Kağıthane, İstanbul”
wet signed and accompanied with information and documents related to the subject of application, either in person or by mail or through the Notary,
you can scan the Form and submit it to kvkk @mindbehind.com by electronic mail using your electronic mail address which has been notified to Mindbehind and registered in the records of Mindbehind,
you can scan the Form and submit it to email@example.com by electronic mail using your registered electronic mail address.
The application that you plan to submit for exercising the above mentioned rights you have as the personal data subject, which includes the details of the right to be exercised, must also satisfy the following;
i. The subject of request must be clear and understandable,
ii. The subject of request must be related to you in person,
iii. If acting on behalf of another person, your authorization must be specially documented,
iv. Your identity and address details must be included,
v. Proof of your identity must be enclosed.
7.2 Your application shall be finalized free of charge, as soon as possible depending on the nature of the request and, in all cases, within 30 days at the latest after the request has been received by Mindbehind. However, if the procedure necessitates an extra cost, a fee can charged according to the tariff listed by the Board.
Your request shall either be accepted within this period or rejected with justification, and you shall be responded either by a letter or through electronic means. If the information and documents that you have submitted to us are incomplete or incomprehensible, you shall be contacted in order to clarify the application.
7.3 As the personal data subject, in cases where your application is rejected, the necessary action is not taken, the given response fails to satisfy you or the application is not responded in due time; you can refer to the Board within 30 days after you have received the response by our Company or, in any case, within 60 days after the date of application.
8 Article 5 KVKK regulates “The Cases in which Your Personal Data may be Processed without Your Explicit Consent” and Article 28 of KVKK regulates the “Exemptions” to the application of the Law.
9 In case of any conflicts between the applicable legislation and this Clarification Text, the Data Subject agrees that the legislation in effect shall prevail.
In cases where all or certain articles of the Clarification Text are updated in order to achieve compliance to the changing conditions and legislation, the date of effectiveness shall also be updated and announced.
Mindbehind Bilgi Teknolojileri A.Ş.
Your personal data processed by Mindbehind, using cookies on the internet site are processed so you use our internet site in the most efficient way and your user experienced is improved, provided that fundamental rights and freedoms of data subject that are described in Article 5, paragraph 2, sub-paragraph f of the Law are not damaged and in case data processing is compulsory for the legitimate interests of the data controller. Upon processing, your personal data is disclosed to the service providers of the relevant cookies in a manner limited with the achievement of the aforementioned objectives and in compliance with the applicable legislation, and they may be disclosed to the competent governmental authorities as required under the law. Detailed information is provided below in connection with the processing and transfer.
What is a Cookie and Why is it Used?
Cookies are small text files stored in your system or network server via browsers during your visit to the internet site.
Which Cookies Are Used?
You may view the cookies used in the internet site from the left tab.
What Are Your Rights as Data Subject (Relevant Person)?
Pursuant to Article 11 of the Law specifying rights of the data subject, the data subjects are entitled to:
Get information as to whether personal data are processed or not;
Get information on the extent of processing if data are processes;
Get information on the purpose of processing personal data and as to whether they were used in accordance with the purpose;
Get information on local and foreign third parties who were transferred personal data;
Request correction in case your personal data are processed in an incomplete or inaccurate manner and request notification of such corrections to the third persons who received your personal data;
Request deletion or destruction of personal data in case reasons requiring processing thereof become invalid following the processing of the data in accordance with the Law and provisions of other applicable legislation, and require notification of the same to the third persons who received your personal data;
File objection against unfavorable results obtained through analysis using automatic systems only.
Claim compensation of losses and damages that may arise from illegal processing of personal data
You may submit all request related with the matters provided in the list to Mindbehind in accordance with the Communique on the Procedures and Principles Regarding the Application to Data Controller.
This information notice has been revised on 05.11.2021 and the effective date shall be revised, and it will be submitted to the access of the data subjects over the internet site in case Mindbehind revises all or a portion of the information notice.
APPLICATION FORM PURSUANT TO ARTICLES 11 AND 13 OF THE PERSONAL DATA PROTECTION LAW NO. 6698
For the processing of your request by Mindbehind Bilgi Teknolojileri A.Ş. (Mindbehind or Company), in accordance with the Personal Data Protection Law No. 6698 (KVKK) and other applicable legislation, you may complete the following information in full and clear format, and send this form to
Maslak Mahallesi AOS 55. Sokak No:4/569 Sarıyer/İstanbul” address in signed form together with the identification documents and the other relevant documents and information, in person or via mail or Notary,
scan the form and send it to firstname.lastname@example.org address via electronic mail, using the electronic mail address notified to Mindbehind and recorded by Mindbehind,
scan the form and send it to email@example.com address using your registered electronic mail address.
Your application will be processed free of charge as soon as practicable depending on the type of your request and in any case, within a period of maximum 30 days upon receipt by the Mindbehind. However, fees specified in the tariff set by the Board may be charged in case any cost is incurred during the processing of application.
Your application will be accepted or rejected with reasoning within the aforementioned period of time, and the response will be submitted to you in writing or electronically, If the information and documents you provide are missing or incomprehensible, we will contact you to clarify your application.
1 IDENTIFICATION AND CONTACT INFORMATION OF THE DATA SUBJECT
|Name - Surname:
|T.R. Identification Number:
|Relationship with the Company:
(Such as customer, supplier, employee, employee candidate, former employee, third party company's employee and others.)
2 INFORMATION ON SELECTION OF THE RIGHTTO BE EXERCISED BY THE DATA SUBJECT
(Please mark the box/boxes next to thephrase that is consistent with your request)
▢ I would like to know if your Company processes my personal data or not.
▢ If your Company processes my personal data, I request information on the data processing activities.
▢ If your Company processes my personal data, I would like to know the purpose of processing and whether the data is used in compliance with the purpose of processing or not.
▢ If my personal data is transferred to the third persons in the country or abroad, I would like to know about these third persons.
▢ I believe my personal data is processed incompletely or inaccurately and I request rectification thereof.
▢ I would like my personal data to be deleted excluding the data subject to compulsory processing in accordance with the applicable legislation even though my personal data is processed in accordance with the law and other legislative provisions.
▢ I would you to procure rectification before the third persons that are transferred my personal data which I believe is processed incompletely and inaccurately.
▢ I would like to procure deletion before the third persons in connection with my personal data subject to the request of deletion.
▢ I believe that your Company analyses my personal data exclusively through automatic systems and these analyses lead to an adverse result for me. I hereby object to that result.
3 EXPLANATIONS ABOUT THE REQUEST
(Please provide details on your request and personal data subject to your request in accordance with the Personal Data Protection Law No. 6698)
Please specify if there is any document substantiating your application.
5 PLEASE SELECT A METHOD FOR SENDING OUR RESPONSE REGARDING YOUR APPLICATION
▢ Please send to my mailing address.
▢ Please send to my e-mail address.
▢ I would like to receive in person.
6 STATEMENTS OF THE APPLICANT
This application form has been prepared to determine your relationship with Mindbehing, if any, specify full set of personal data processed by our Mindbehind and respond your application properly and within the official period of time. Our Company reserves the right to request additional documents and information for identification and authorization in order to eliminate the legal risks that may arise from illegal and/or unfair data disclosure and in particular, to ensure the security of your personal data. Our Company shall not accept any liability in connection with any inaccurate information or unauthorized application in case the information you provide in this form about your requests is not accurate and up to date or an unauthorized application is made. You shall assume any liability that may arise from any illegal, misleading or inaccurate application.
Data Subject/ Person Applying for and on behalf of Data Subject:
Date of Application:
If you are applying for and on behalf of another person, please add the documents showing that you are authorized to submit an application (document showing that you are parent/ legal guardian of the data subject, proxy letter, etc.) The aforementioned documents shall be accepted only when they are issued and approved by the competent authorities.