Hernefes.com Personal Data Protection Policy
The privacy and security of your personal data is of great importance for Hernefes.com and all conventional and digital content channels produced within the executive company. Hernefes.com supports the fulfillment of the requirements for compliance with the Personal Data Protection Law No. 6698 (“KVK Law”) and the establishment of a data protection and processing policy in international standards.
With this text, Hernefes.com aims to provide information about the purposes for which personal data are processed, the method of collecting personal data, the legal purpose of this, to whom and for what purposes the data can be transferred and the rights of those concerned.
Within the scope of the KVK Law, each Hernefes.com and legal entities belonging to the works carried out within the executive company are “data controllers” in their own business and work, and the information and principles in this text apply to the entire Hernefes.com team. Hernefes.com has approved and accepted this policy, effective as of September 19, 2022.
Ⅰ. SECTION: GENERAL INFORMATION
Hernefes.com processes your personal data within the limits stipulated by the legislation, as follows.
1. Method of Collection of Personal Data:
The personal data processed may vary depending on the type and nature of the content, digital media, products and services produced. We may collect your personal data verbally, in writing or electronically through our website, social media channels, membership forms, call-center, websites, e-commerce sites, events, conventional and written information request forms, brands with which we have a business relationship and cooperating institutions / organizations and similar means by automatic or non-automatic methods.
As long as you benefit from our media, products and services, your personal data may be processed and updated when necessary to ensure the accuracy and currency of your data. In addition, your personal data may also be processed when you visit Hernefes.com’s website, read our content, follow our social media accounts, fill out our membership and e-bulletin forms, physically visit our office building or use call centers, participate in activities such as events, seminars, organizations, trainings we organize, in order to benefit from our products and services, to obtain gifts, coupons, personalized promotions given to increase interest in our website from time to time and to participate in our events.
2. Purposes and Procedure for Processing Personal Data:
Your personal data:
(i) Providing the content, products and services offered through Hernefes.com and carrying out the necessary work by our relevant business units in order to enable you to benefit from them,
(ii) Customizing and recommending the content, products and services offered to you according to your tastes, usage habits and needs,
(iii) Ensuring the legal and commercial security of persons who have a business relationship with us (e.g. administrative operations carried out by us for communication, ensuring the physical security and control of our premises, business partner/customer/supplier/editor/content producer evaluation processes, legal compliance process, financial affairs, etc.),
(iv) for the purposes of determining and implementing our Party’s commercial and business strategies and carrying out human resources policies; and
(v) For other purposes to be notified to you at the time of obtaining the information, within the personal data processing conditions and purposes specified in Article 5 and Article 6 of the KVK Law.
The basis of the personal data processing activity may be only one of the following conditions, or more than one of these conditions may be the basis of the same personal data processing activity.
a. Explicit Consent of the Personal Data Owner
One of the conditions for processing personal data is the explicit consent of the data subject. The explicit consent of the personal data subject must be related to a specific subject, based on information and freely given. Data is processed within the scope of the explicit consent of the owner and for the purposes specified in the explicit consent. As a rule, it is not necessary to obtain the explicit consent of the data subject in the presence of the other conditions below.
b. Explicitly Stipulated in Laws
The personal data of the data subject shall be processed in accordance with the law, if expressly provided for in the law. In cases where data processing is permitted by law, data is processed limited to the reasons and data categories specified in the relevant law.
c. Failure to Obtain the Explicit Consent of the Relevant Person Due to Actual Impossibility
The personal data of the data subject may be processed if it is mandatory to process the personal data of the person who is unable to disclose his/her consent due to actual impossibility or whose consent cannot be recognized as valid, in order to protect the life or physical integrity of himself/herself or another person.
d. Direct Relevance to the Establishment or Performance of the Contract
Provided that it is directly related to the conclusion or performance of a contract, personal data may be processed if it is necessary to process personal data of the parties to the contract (provided that the person whose data will be processed based on the conclusion or performance of the contract is one of the parties to the contract).
e. Fulfillment of Legal Obligation
If data processing is mandatory for Hernefes.com to fulfill its legal obligations, the personal data of the data subject may be processed.
f. Publicization of Personal Data by the Personal Data Owner
In the event that the personal data of the data subject is made public by him/her, the relevant personal data may be processed limited to the purpose of publicization.
g. Data Processing is Mandatory for the Establishment or Protection of a Right
Personal data of the data subject may be processed if data processing is mandatory for the establishment, exercise or protection of a right.
h. Data Processing is Mandatory Due to Legitimate Interests
Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is mandatory for the legitimate interests of Hernefes.com.
If the processed data is personal data of special nature as defined in the PDP Law; if there is no explicit consent of the personal data owner, personal data may only be processed in the following cases, provided that adequate measures to be determined by the PDP Board are taken:
(i) Sensitive personal data other than the health and sexual life of the personal data subject, in cases stipulated by law,
(ii) Sensitive personal data relating to the health and sexual life of the personal data subject may only be processed by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
3. Security of Personal Data:
In accordance with Article 12 of the KVK Law, Hernefes.com takes appropriate measures to prevent unlawful processing of personal data, to prevent unlawful access to such data, to ensure their preservation and to prevent unlawful processing of personal data by third parties.
4. Transfer of Personal Data:
Your personal data may be transferred to other structures within the Hernefes.com team, our shareholders, legally authorized public institutions and organizations, suppliers and business partners, service recipients or other third parties and/or abroad within the framework of the personal data processing conditions and purposes specified in Article 8 and Article 9 of the KVK Law in order to fulfill the purposes specified in this text.
5. Rights of the Personal Data Owner listed in Article 11 of the KVK Law:
Pursuant to Article 11 of the KVK Law:
a) Learn whether personal data is being processed,
b) Request information if personal data has been processed,
c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
ç) To know the third parties to whom personal data are transferred domestically or abroad,
d) To request correction of personal data in case of incomplete or incorrect processing,
e) To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
f) Although it has been processed in accordance with the provisions of the KVK Law and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
g) To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
ğ) In case of damage due to unlawful processing of personal data, to demand compensation for the damage.
It is important that the information/data you share is accurate and kept up to date in order to exercise the rights on the data in terms of the KVK Law and other relevant legislation, and the responsibilities arising from providing incorrect information are entirely yours.
Ⅱ. CHAPTER – BASIC PRINCIPLES
Hernefes.com meets the general principles and conditions specified in the legislation regarding the protection and processing of personal data and acts in accordance with the principles listed below in order to ensure that personal data is processed in accordance with the Constitution and KVK Law.
Ⅱ.1. Personal Data Processing Activities Comply with the Law and the Rule of Honesty
Hernefes.com is subject to Article 4 of the KVK Law. article, processes personal data in accordance with the law and good faith, adopts the principle of “transparency” towards data subjects and informs personal data subjects. Information is based on openness and honesty, clear information is given about the purpose of use of the personal data collected and the data is processed within this framework. The use of personal data in a way that will cause a negative impact on the data subject without any legal justification is avoided.
Ⅱ.2. Ensuring that Personal Data is Accurate and Updated When Necessary
Hernefes.com ensures that the personal data it processes is accurate and up-to-date.
Ⅱ.3. Processing of Personal Data for Specific, Explicit and Legitimate Purposes
Hernefes.com collects and processes personal data for legitimate and lawful reasons. Hernefes.com processes personal data in connection with the activities they carry out, within a reasonable framework and to the extent necessary.
Ⅱ.4. Being relevant, limited and proportionate to the purpose for which they are processed
Hernefes.com refrains from processing personal data that is not relevant or not needed for the purpose of processing. Within this framework, it is essential to minimize the data processing activity.
Ⅱ.5. Preservation for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed
Hernefes.com, in accordance with Article 138 of the Turkish Penal Code and Article 4 and Article 7 of the KVK Law, retains the personal data they process only for the period stipulated in the relevant legislation and laws or required by the purpose of personal data processing. In this context, it is first determined whether a certain period of time is stipulated in the relevant legislation for the storage of personal data subject to processing. If a legal deadline is set, this deadline shall be respected. If the legal period is not determined, the period necessary for the realization of the purpose of processing is determined and personal data is stored for a limited period of time. At the end of the period, personal data shall be deleted, destroyed or anonymized, unless there is a legal reason to keep the data for a longer period of time.
Ⅲ. SECTION FORCE AND EFFECT
The rules set out in this text entered into force on September 19, 2022. In the event that all or certain provisions of this text are updated, the updates shall enter into force on the date of their publication.
Ⅳ. SECTION: DEFINITIONS
Open Consent
Consent on a specific issue, based on information and freely given.
Anonymization
Changing personal data in such a way that it loses its personal data nature and this situation cannot be reversed. Ex: Masking, aggregation, data corruption, etc. techniques to render personal data unattributable to a natural person.
Personal Data Owner
The natural person whose personal data is processed. For example, Readers, Editors, Content Creators, Customers, Suppliers, Visitors, Employees and Prospective Employees.
Personal Data
Any information relating to an identified or identifiable natural person. Therefore, the processing of information on legal persons is not covered by the Law. For example; name-surname, TR ID, e-mail, address, date of birth, credit card number, bank account number, etc.
Sensitive Personal Data
Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive data.
Processing of Personal Data
Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automated or non-automated means, provided that it is part of any data recording system.
Data Controller
The data controller is the person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system). For example, each legal entity.
Data Processor
A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller. For example, the cloud computing company that holds Hernefes.com data (if any), the call-center company that makes calls as instructed, etc.