General Data Protection Regulation
KVKK Clarification Text
- INTRODUCTION
This clarification text has been prepared in accordance with Article 10 of the Personal Data Protection Law No. 6698 (“Law”) to inform the relevant individuals about the processing of personal data collected by KYG GLOBAL TURIZM SANAYI VE TICARET LTD ŞTİ ("DATA CONTROLLER"), its legal entities, relevant units, and service centers.
The DATA CONTROLLER demonstrates the utmost sensitivity and effort in the processing, protection, and security of personal data.
Personal data may be collected by the DATA CONTROLLER through all types of auditory, written, visual, or electronic methods.
In this context, and in accordance with the Law, personal data of the relevant individuals may be processed by the DATA CONTROLLER for the tasks and operations that must be carried out in accordance with the general principles listed in the Law, as the Data Controller.
- PURPOSE OF PROCESSING PERSONAL DATA
Personal data is processed for the purposes listed below, in line with the personal data processing conditions stated in Articles 5 and 6 of the Law, and the purposes set forth in the Law, but not limited to these. Accordingly, the purposes for processing personal data are as follows:
- To perform the operations and tasks that the DATA CONTROLLER is obligated to carry out under relevant legislation and to provide public services in line with its duties and responsibilities,
- To carry out necessary works to ensure the maximum benefit from the services provided by the DATA CONTROLLER,
- To ensure legal obligations and service security for the DATA CONTROLLER and its stakeholders,
- To continue the services and strategies of the DATA CONTROLLER,
- To fulfill responsibilities under laws and relevant regulations that assign rights, duties, tasks, and operations to the DATA CONTROLLER,
- To manage the human resources and employment policies of the DATA CONTROLLER, and carry out all activities related to lease agreements,
- To take necessary actions to prevent the unlawful processing of personal data, unauthorized access to data, and to ensure the secure storage of personal data, taking all necessary legal, technical, and administrative measures in line with the principles set forth in the Law.
- SHARING AND TRANSFERRING PERSONAL DATA
Personal data collected from employees, job candidates, interns, news subjects, potential product or service buyers, product or service buyers, supplier employees, supplier representatives, guardians/legal representatives, visitors, and other citizens may be shared with the DATA CONTROLLER’s suppliers, service providers, data processors, and legally authorized institutions and organizations, in accordance with the conditions and purposes of personal data processing specified in Articles 8 and 9 of the Law, and within the framework of relevant legislation.
The DATA CONTROLLER takes care to implement necessary administrative and technical measures and all security precautions when personal data is shared. Additionally, the DATA CONTROLLER conducts activities in compliance with the ISO 27001 Information Security Management System and other information and data security measures. The DATA CONTROLLER is committed to observing due diligence and care in the transfer and sharing of your data, and values your data and its security.
- METHOD OF COLLECTING PERSONAL DATA AND LEGAL BASIS
The DATA CONTROLLER collects personal data through all auditory, written, visual, and electronic mediums and within the scope of the purposes outlined in this clarification text. The personal data is processed in accordance with the applicable laws and regulations, and is collected for various legal reasons, including enabling the DATA CONTROLLER to fulfill its obligations arising from contracts and laws, and to carry out its business activities. The legal bases for processing personal data are as follows:
- The explicit consent of the relevant individual,
- Explicit provision in the laws,
- The necessity of processing for the protection of life or physical integrity when the relevant individual cannot provide consent due to physical impossibility or when legal validity is not granted to the consent,
- The necessity of processing personal data related to a contract, provided that it is directly related to the establishment or performance of the contract,
- The necessity of processing personal data for the DATA CONTROLLER to fulfill its legal obligations,
- When the relevant individual has made the data publicly available,
- The necessity of processing personal data for the establishment, exercise, or protection of a right,
- The necessity of processing personal data for the legitimate interests of the DATA CONTROLLER, provided that it does not harm the basic rights and freedoms of the relevant individual.
- RIGHTS OF PERSONAL DATA OWNERS AND PROTECTION OF RIGHTS
Personal data owners, under Article 11 of the Law, have the right to:
- Learn whether their personal data is processed,
- Request information about their personal data if it has been processed,
- Learn the purpose of processing their personal data and whether it is used appropriately for that purpose,
- Know the third parties to whom their personal data has been transferred, both domestically and abroad,
- Request the correction of any incomplete or incorrect personal data,
- Request the deletion or destruction of their personal data under the conditions set forth in Article 7 of the Law,
- Request that any corrections made to their data be notified to third parties to whom their data has been transferred,
- Object to the processing of their personal data, particularly when it results in a negative outcome solely through automated means,
- Request compensation for any damages suffered due to unlawful processing of their personal data.
To exercise these rights, personal data owners may apply to the DATA CONTROLLER in writing or through other methods determined by the Personal Data Protection Board. Applications will be concluded as soon as possible, but in any case, within 30 days. The contact information for applying to the DATA CONTROLLER is provided below.
- CONTACT
For detailed information regarding the matters in this clarification text, relevant legislation, the official gazette, and the company's website may be referred to.
To exercise your rights arising from the Law, you can send your identity information, the right you wish to exercise, and a detailed explanation of your request to the address Altıntaş mah. Kara aslan cad. No:15 Aksu/Antalya via postal mail or to [email protected].
KYG GLOBAL TURIZM SANAYI VE TICARET LTD ŞTİ