Alega >Personal Data Protection Law

Personal Data Protection Law

This Personal Data Owner Application Form (“Form”) has been created for data owners to use in their applications to exercise their rights specified in the Personal Data Protection Law No. 6698. In this context, about yourself;

a) To learn whether personal data is processed,

b) To request information if personal data has been processed,

c) To learn the purpose of processing personal data and whether it is used in accordance with its purpose,

d) To know the third parties to whom personal data is transferred domestically or abroad,

e) To request correction of personal data in case of incomplete or incorrect processing,

f) You have the right to request the deletion or destruction of your personal data in case the reasons requiring the processing of personal data disappear,

g) You have the right to request that the transactions made in accordance with subparagraphs (e) and (f) be notified to third parties to whom your personal data has been transferred.

It is important that the personal data processed by our Company is accurate and up-to-date. For this reason, please notify us when there is a change in your personal data. Within the scope of the Law on the Protection of Personal Data, please indicate your request by filling in the information below in the attached form.

CONCLUDING THE APPLICATION AND NOTIFICATION OF THE APPLICATION RESULT

Depending on the nature of the request, it will be evaluated and finalized within thirty days at the latest. Positive or negative responses to your request may be notified to you in writing or electronically (in line with your request). If you have a preference for the application result to be sent by mail or electronic mail, you must indicate this preference below along with the address/e-mail address to which the mail/e-mail will be sent.

While your requests will be finalized free of charge as a rule, if the response to your request requires an additional cost, a fee may be charged in the amounts determined within the framework of the relevant legislation.

In the event that additional information is needed for the finalization of the request or if it cannot be documented that the application was made by the data owner, you may be contacted through your contact information specified in this Form or our company.

TECHNICAL AND ADMINISTRATIVE MEASURES TO BE TAKEN TO PROVIDE DATA SECURITY IN THE WORKPLACE

  1. A closed system network should be used for personal data transfers via the network
  2. Key management should be implemented
  3. Security measures should be taken within the scope of supply, development and maintenance of information technology systems
  4. Security of personal data stored in the cloud should be ensured
  5. Disciplinary arrangements including data security provisions should be made for employees
  6. Training and awareness activities should be carried out for employees on data security at certain intervals
  7. Authorization matrix should be created for employees
  8. Access logs should be kept regularly
  9. Corporate policies should be prepared and implemented on access, information security, usage, storage and destruction issues
  10. Data masking measures should be implemented when necessary
  11. Confidentiality commitments should be made
  12. Authorizations of employees who have a change of duty or who leave the job should be removed in this area
  13. Up-to-date anti-virus systems should be used
  14. Firewalls should be used
  15. Signed contracts should include data security provisions
  16. By paper Extra security measures should be taken for transferred personal data and the relevant documents should be sent in a confidential document format
  17. Personal data security policies and procedures should be determined
  18. Personal data security issues should be reported quickly
  19. Personal data security should be monitored
  20. Necessary security measures should be taken regarding the entry and exit of physical environments containing personal data
  21. The security of physical environments containing personal data against external risks (fire, flood, etc.) should be ensured
  22. The security of environments containing personal data should be ensured
  23. Personal data should be reduced as much as possible
  24. Personal data should be backed up and the security of backed up personal data should also be ensured
  25. User account management and authorization control system should be implemented and these should be monitored
  26. Periodic and/or random audits should be conducted within the institution and/or should be conducted
  27. Log records should be kept in a way that prevents user intervention 29. Existing risks and threats should be determined
  28. Protocols and procedures for special personal data security should be determined and implemented
  29. If special personal data is to be sent via e-mail, it should definitely be encrypted and using a KEP or corporate mail account should be sent
  30. Secure encryption/cryptographic keys should be used for special personal data and should be managed by different units
  31. Attack detection and prevention systems should be used
  32. Penetration testing should be applied
  33. Cyber ​​security measures should be taken and their implementation should be continuously monitored
  34. Encryption should be done
  35. Special personal data transferred on portable memory, CD, DVD should be encrypted and transferred
  36. Data processing service providers should be audited at certain intervals regarding data security
  37. Data processing service providers should be made aware of data security
  38. Data loss prevention software should be used
  39. Security of Cabinets and Rooms/Environments where data is stored should be ensured,
  40. Periodic and/or Random Inspections Should Be Conducted Within the Institution,
  41. In cases where Personal Data is Processed Vocally in Conversations, Necessary Measures Should Be Taken “In a Way That Others Cannot Hear Conversations”.