INFORMATION TEXT ON THE PROCUREMENT, PROCESSING AND PROTECTION OF PERSONAL DATA
1- GENERAL EXPLANATION AND DEFINITIONS
Herein, this information text, in the capacity of “data controller” of DIGITAL EXCHANGE ADVERTISING SERVICES INCORPORATED COMPANY (to be expressed as “Digital Exchange”), fulfills the “liability of enlightenment” within the scope of Article 10 of the Personal Data Protection Law (Law) numbered 6698. prepared for the purpose. The meanings of the following terms in the information text refer to the definitions specified in the Law No. 6698, the Regulations and Communiqués issued regarding this Law, and are as follows.
Personal data: Any information relating to an identified or identifiable natural person,
Processing of personal data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, All kinds of operations performed on data such as classification or prevention of use,
Relevant person:The natural person whose personal data is processed,
Explicit consent: Consent on a specific subject, based on information and expressed with free will,
Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching with other data,
Data controller:The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,
Data processor:The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller,
Data registration system:The registration system in which personal data is processed and structured according to certain criteria,
Contact person: The natural person notified by the data controller during registration to the Registry for the communication to be established with the Institution, regarding the obligations of the legal persons residing in Turkey and the data controller representative of the legal entity not residing in Turkey, within the scope of the Law and secondary regulations to be issued based on this Law,
Personal data retention and destruction policy: The policy on which data controllers base the process of determining the maximum time required for the purpose for which personal data is processed, and the process of deletion, destruction and anonymization.
2- INFORMATION REGARDING THE DATA RESPONSIBLE
In legal persons, the data controller is the legal entity itself. Data controller obligations of legal entities residing in Turkey within the scope of the Law are fulfilled by the body/person or persons authorized to represent and bind the legal entity. The body authorized to represent the legal entity may appoint one or more persons regarding the obligations to be fulfilled in terms of the implementation of the Law. This assignment does not remove the responsibility of the legal entity pursuant to the provisions of the Law.
Digital Exchange carries out its activities as a capital company residing in Turkey and having legal personality. Information about Digital Exchange as a data controller is as follows.
DIGITAL EXCHANGE ADVERTISING SERVICES INCORPORATED COMPANY
SULTAN SELIM NEIGHBOURHOOD BEHÇET STREET NO: 2 INTERIOR DOOR NO: 7 KAĞITHANE/ ISTANBUL
+90 212 809 77 37
3- OBLIGATIONS OF THE DATA RESPONSIBLE
Digital Exchange, within the scope of the obligation to inform the relevant persons;
Identity of the data controller and its representative, if any,
For what purpose personal data will be processed,
To whom and for what purpose the processed personal data can be transferred,
Method and legal reason for collecting personal data,
It is obliged to provide information about the rights of the persons whose personal data are processed. Digital Exchange also regarding data security;
To prevent the unlawful processing of personal data,
To prevent unlawful access to personal data,
It takes the necessary security measures to ensure the protection of personal data. Digital Exchange does not disclose the personal data obtained by performing the necessary inspections in its own institution or organization in order to ensure the implementation of the provisions of the Law No. 6698, contrary to the provisions of the Law No. 6698, and does not use it for purposes other than processing.
4- PERSONAL DATA TO BE PROCESSED
The personal data to be processed by Digital Exchange are listed below, and new information can be added and/or changed when required and/or required by law.
Personal data subject to data processing;
Name, Surname, TR Number, Date of Birth, etc. ID information,
Address, telephone, fax, e-mail, etc. contact information,
Tax Office and Tax Number information,
Information about employees' wages, social security, bank account numbers, and family members,
Information about profession and education,
Camera recording, fingerprint etc. İnformations
5- METHODS OF OBTAINING PERSONAL DATA
Personal data can be obtained directly from the person concerned, or indirectly from online sales platforms, camera recording, dealers, solution partner institutions and organizations, and according to the purpose of obtaining the acquired data.
6- PURPOSE OF PROCESSING PERSONAL DATA
Digital Exchange processes personal data for the following purposes. These purposes are;
Within the scope of tax laws, Turkish Commercial Code No. 6102 and other legal regulations, tax etc. fulfillment of obligations regarding public receivables,
Taking measures regarding the protection of consumer rights within the scope of the Consumer Protection Law No. 6502,
Receiving orders for the products that the relevant persons want to purchase from Digital Exchange, selling the products, delivering the products to the relevant persons, collecting the costs, providing after-sales services regarding the sold product, measuring customer satisfaction, collecting and evaluating complaints and suggestions, if any, regarding the product or service sold. ,
Increasing service quality,
Carrying out campaigns, promotions, advertising and promotional activities regarding products and services, providing information on these issues,
Ensuring internal security, increasing production efficiency,
Proving the business relationship, recording the wage and wage information, making legal notifications to the Finance, Social Security Institution and other institutions, applying the principles of occupational health and safety, fulfilling the obligations arising from the laws, determining the working conditions.
7- TRANSFER AND PROTECTION OF PERSONAL DATA
Digital Exchange does not transfer the personal data it has obtained for data processing purposes to third parties/institutions without the explicit consent of the person concerned.
Digital Exchange, tax and social security laws and other laws and other legislation provisions man, institution and / or organizations, including but not limited to the Revenue Administration, İş-Kur, Social Security Institution, Financial Crimes Investigation Board, Interbank Logistics support, consultancy and independent auditing services to public legal entities such as Card Center, Credit Registration Office, Digital Exchange domestic affiliates, companies operating as dealers, cooperating program partner/solution partner institutions and organizations, PTT branches to the acquired companies, due to legal obligations; Even if there is no legal obligation, it will be able to transfer personal data to 3rd persons and institutions in order to achieve its aims to provide better service within the scope of Article 6, provided that the rights of the person concerned under the Law No. 6698 are reserved.
8- OBTAINING EXPRESS CONSENT OF THE RELATED PERSON IN PROCESSING PERSONAL DATA
Personal data to be processed by Digital Exchange is processed by obtaining the "explicit consent" of the person concerned, within the scope of Law No. 6698. express consent; It refers to the consent of the person concerned, based on information, on a particular subject, which will be declared with his/her free will. Pursuant to Article 5/2 of the Law No. 6698, personal data may be processed without seeking the explicit consent of the person concerned, in the presence of one of the following conditions.
expressly stipulated by law.
It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility, or whose consent is not legally valid.
It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
It is mandatory for the data controller to fulfill its legal obligation.
Being made public by the person concerned.
Data processing is mandatory for the establishment, exercise or protection of a right.
Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
9- STORAGE PERIOD OF PERSONAL DATA
Digital Exchange destroys personal data (deletes, destroys or anonymizes personal data) when the purpose of processing personal data ceases to exist and the mandatory storage periods determined under the Laws and other legislation expire.
10- RIGHTS OF THE RELATED PERSON
Related persons can apply to the data controller and;
Learning whether personal data is processed or not,
If personal data has been processed, requesting information about it,
Learning the purpose of processing personal data and whether they are used in accordance with the purpose,
Knowing the third parties to whom personal data is transferred at home or abroad,
Requesting correction of personal data in case of incomplete or incorrect processing
Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in the law,
Requesting notification of changes in personal data to third parties to whom personal data has been transferred,
Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
It has the right to demand the compensation of the damage in case of loss due to the unlawful processing of personal data.
11- APPLICATION TO DATA SPECIALIST
Natural persons whose personal data are processed may apply to Digital Exchange regarding their requests within the scope of their rights specified in Article 11 of Law No. 6698. Relevant persons may benefit from this right, provided that they submit their applications in Turkish. Relevant persons can forward their requests to Digital Exchange through one of the following communication channels. In this direction, the requests of the relevant persons;
Via registered e-mail (KEP) address,
By using secure electronic signature or mobile signature, using the e-mail address previously notified to Digital Exchange by the person whose personal data is processed and registered in the system of Digital Exchange,
Name, surname and signature if the application is written,
For citizens of the Republic of Turkey, T.R. identification number, nationality for foreigners, passport number or identification number, if any,
Domicile or workplace address for notification,
If available, the e-mail address, telephone and fax number for notification.
must be present. Information and documents related to the subject should be attached to the application. Application requests can be made using the "Application Request Form". For the applications to be made by the relevant persons, the communication channels specified in the section titled "2-INFORMATION REGARDING THE DATA SUBJECT" of this information text can be used.
Digital Exchange concludes the requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the process requires a separate cost, a fee may be charged in the amount specified in Article 7 of the "Communiqué on the Procedures and Principles of Application to the Data Controller". In case the application is caused by the fault of the data controller, the fee collected is returned to the relevant person.
12- CHANGES AND UPDATES
This information text has been prepared within the scope of the Law No. 6698 and the Regulations and Communiqués published within the scope of the said Law, as well as the Digital Exchange personal data processing purposes and policies. Necessary changes can be made in the information text in line with the relevant legal legislation and/or changes in the personal data processing purposes and policies of Biltek Tasarım.
The most up-to-date version of the Information Text can be accessed at https://www.digitalexchange.com.tr/page/kvkk