Protectionand Processing Policy of Personal Data With Special Quality
1. Purpose
Purpose of this protection and processing policy of personal data with special quality is to fulfill legal responsibilities arising from the resolution of personal data protection board on sufficient measures to be takenby data responsibles in processing of personal data with special quality dated 31/01/2018 and nr. 2018/10 as well as to set forth technical and administrative measures taken in processing of personal data with special quality.
2. Tanımlar
ABBREVIATION | DEFINITION | ||
Clear Consent | Consent related to a certain matter based on keeping informed and released with free will. | ||
Destruction | Deletion, destruction or anonymization of personal data. | ||
Personal Data | Information of any kind related a natural person whose identity is known or specifiable. | ||
Anonymizationof Personal Data | Converting personal data to a form that cannot be relatable in any manner to a natural person whose identity is known or specifiable despite of being matched with other data. | ||
Process of Personal Data | Any process realized on data such as collecting, recording, storing, preserving, modifying, reorganizing, revealing, transferring, taking transfer, converting to obtainable form, classifying or preventing use of personal data by means of entirely or partially automatic ways or non-automatic way provided to be a part of any data recording system. | ||
Deletion of Personal Data | Process of converting personal data to a form that could never be accessible and reusable by relevant users in any manner whatsoever. | ||
Destruction of Personal Data | Process of converting personal data to a form that could never be accessible, restorable and reusable by any person in manner whatsoever. | ||
Board | Personal data protection board | ||
Policy | Protection and processing policy of personal data with special quality | ||
Company | Altınyağ Madencilik ve Enerji Yatırımları San. ve Tic. A.Ş. | ||
Data Owner | Natural person whose personal data is processed | ||
Data Responsible | Natural or legal person specifying purposes and means of processing personal data and being responsible of establishment and management of data recording system |
3. Processing personal data with special quality
Personal data of persons related to race, ethnicity, political opinion, philosophical faith, religion, sect or other believes, appearance, membership to association, foundation or union, health, sexual orientation, criminal conviction and security measures as well as biometric and genetics data are personal data with special quality. Company complies with provisions of law and other legislation in processing of personal data with special quality.in line with aforesaid, personal data with special quality are processed in accordance with the principles below:
a. Being convenient to law and good faith rules
b. being correct and updated when required
c. being associated to, limited with and to the extent of purposes they are processed for
d. being processed for certain, clear and legal purposes e. being preserved for a period as foreseen in legislation and as necessary for the purpose they are processed for personal data with special quality other than health and sexual orientation are processed by company where clear consent of data owner is obtained or in situations foreseen in law.
Personal data related to health and sexual orientation instead are processed in situations where clear consent of data owner is obtained or for purposes of protection of public health, governing medical diagnosis, therapy and care services, planning and management of preventive medicine, healthcare services and financing there of.
4. Technical and administrative measures taken for protection of personal data with special quality
Company takes every measure in order to process personal data with special quality in compliance to law and relevant legislation and to provide security of personal data with special quality. in this context, measures taken are listed below:
5. Administrative measures
- Company renders regular training regarding to employees taking place in processing personal data with special quality on the matter of protection and processing personal data with special quality.
- Company executes confidentiality agreements in order to ensure security of employees and data.
- Users having power to access to data, scope and period of powers are clearly defined and periodical controls of powers are realized.
- Accessing powers of employees subject to duty modification or those abandoning job are immediately lifted. Company immediately accepts return of inventories allocated to employees in this scope.
6. Technical measures
a. Technical measures taken in respect to personal data with special quality obtained and/or accessed through electronic media
- Process records of all movements realized on personal data with special quality are safely logged on the basis of creator or final updater.
- Security updates related to media where personal data with special quality take place are continuously followed, necessary security tests are regularlyperformed/caused to perform and test results are recorded.
- User authorizations related to software through which personal data with special quality are accessed are performed, necessary security tests of such software are regularlyperformed/caused to perform and test results are recorded.
- In cases where personal data with special quality are remotely accessed, verification system with two stages minimum is used.
b. Technical measures taken in respect to personal data with special quality obtained and/or accessed physically
- Sufficient security measures are taken in compliance to the ambient where personal data with special quality take place.
- Physical security of such ambientis ensured and unauthorized entries/exits are prevented.
7. Transfer of personal data with special quality
Company transfers personal data with special quality in frame of the conditions of data processing contained in articles 8 and 9 of law in order to provide data security, rules listed below are applied and periodical audits are realized in this respect by company.
Transfer through e-mail
In cases where personal data with special quality is transferred through e-mail, transfer is performed by means of corporate e-mail address with pin code or by using registered electronic mail account.
Transfer through media such as memory stick, CD, DVD
Ciphering process applies for security reasons when personal data with special quality are transferred through media such as memory stick, cd, dvd.
Transfer among servers in different physical ambient
For transfer of personal data with special quality among servers in different physical ambient, transfer is realized either by setting VPN among server or by means of sFTP method.
Transfer through the way of hard copy
If transfer of personal data with special quality through the way of hard copy is required, measures necessary against risks such as theft, loss of document or seen by unauthorized persons are taken and document is submitted in form of “Classified Document”.
8. Preservation and destruction of personal data with special quality
Personal data with special quality are stored by company in compliance to law, other relevant legislation and the resolution of personal data protection board on sufficient measures to be taken by data responsible in processing of personal data with special quality under the conditions:
a. Clear consent of data owner is obtained
b. Storage of personal data with special quality other than those of health and sexual orientation is foreseen in law
c. Storage of personal data related to health and sexual orientation is performed for protection of public health, governing medical diagnosis, therapy and care services, planning and management of preventive medicine, healthcare services and financing thereof
Personal data with special quality stored by company in compliance to law and other legislation are deleted, destroyed or anonymised either directly or upon demand of data owner in case of that the reasons listed below would occur:
a. Clear consent would have been revoked in cases where storage of personal data with special quality is based on clear consent of data owner
b.Purpose of storing personal data with special quality would have been realized, become impossible or somehow disappeared
c. Provisions of legislation making basis to storage of personal data with special quality would have been modified or abolished
d. All of conditions of processing contained in article 6 of law have been abolished
e. Request of data owner in connection with destruction of personal data with special quality, duly submitted to company would have been found fair and realized affirmatively by company
f. In cases that application of data owner with request for destruction of personal data with special quality, would have been denied by company; company’s response would have been found insufficient, or company would fail to respond within period foreseen in law; upon which complaint would have been submitted to board and such demand would have been found proper by board.
Other matters related to storage and destruction of personal data with special quality are regulated in company’s policy of storage and destruction of personal data with special quality.