PERSONAL DATA PRIVACY POLICY
Dear Customers, Business Partners, Visitors, Employee Candidates and Employees; as PMO Management and Consultancy Corp. (“PMO” or “Company”), we strongly care about protection of your personal data. In this scope, as Data Controller, we would like to inform you about your personal data and its processing in accordance with the Personal Data Protection Law No. 6698 (KVKK).
With this policy, it is aimed the sustainability of company’s “Conducting the Company’s Actions in Transparency Principle”. In this context, the basic principles adopted in terms of compliance of the company’s data processing activities with the regulations in the Law No. 6698 on the Protection of Personal Data (KVKK) are determined and the practices implemented by the Company are explained.
The Policy is for natural persons whom his/her personal data has been processed automatically by the company or non-automatically provided that they are part of any data recording system.
The Policy is being made public by the company by publishing at its website. The Legislation shall be applied in the case of a conflict between the legislation in force, foremost the Law, and stated regulations within this policy.
The company reserves the right to amend the Policy in line with legal regulations.
What is Personal Data?
Personal data means the information which identifies your identity or makes it identifiable. Categories of your personal data, which will be processed by the PMO, are stated as follows:
- ID Data: This data category contains information such as; name, last name, ID number, gender, marital status, place of birth, date of birth, tax identification number etc.
- Contact Data: This is the data group that may be used for contacting the data subject (Phone number, post address, e-mail, fax number, IP address,)
- Special Personal Data: This data category states data types such as health data, criminal records concerning convictions and biometric data etc.
- Visual Data: Camera records and photographs which belong to the natural person,
- Personnel Information: This category of data includes the identity and contact information of the personnel as well as the occupation, education, employment history, entry-exit records, leave severance date, leave severance additional days, leave group, leave / return date, working day and financial information within the scope of the personal file legally required within the framework of the employment contract established with the personnel.
- Financial Data: This category of data refers to the personal data processed regarding all kinds of financial results, documents and records created according to the type of legal relationship PMO has established with the Personal Data Owner, and data types such as bank account number, IBAN number.
- Other: It refers to all of the data such as professional data, signature, certificate of incumbency and information of sole proprietorship that PMO has entered into the database as a result of the contractual relationship established with its customers, business partners, suppliers and external resources with whom it has legal or commercial relations.
- Employment Data: Registration number, job position, department and unit, job title, date of the last recruitment, termination and recruitment dates, insurance start date/ retirement date, pension number, social security number, State Retirement Fund registration number and its start date, Social Security Organization for Artisans and the self-employed registration number and its start date, accounting code, number of working days,
- Process Security Data: It points out data types such as IP addresses, web traffic, and computer passwords etc.
Categories of Data Subject | Explanation | |
1 | Customer | Natural person, who benefits from product and services offered by the company. |
2 | Potential Customer | Natural person, who shows interest in using of product and services by the company and has tendency to be a customer. |
3 | Employee | Natural person, who performs a service in the company under the employment contract. |
4 | Visitor | Natural person, who visits the company, its premise and website. |
5 | Job Candidate | Natural person, who applies for a job by sending CV to the company or by other ways. |
6 | Third Party | Natural person, who is other than above stated related person categories and company employees. |
7 | Business Partners/Suppliers and their Employees | Parties with which the company established a business partnership for purposes such as conducting its commercial activities or providing goods or services on contractual basis to the company in accordance with company’s instructions, and the employees of these parties |
PURPOSES OF PERSONAL DATA PROCESSING
Your Personal Data will be processed in accordance with the related Legislation regarding personal data protection within the following purposes;
For the Customers;
PMO provides fast and easy access to the proper financial sources on non-refundable grants in accordance with the needs of corporations, SMEs and entrepreneurs, which have consulted PMO from Turkey or out of country to have their investment evaluated, to have their ideas projected and to be able to open up to the international markets. PMO is also conducting data processing activities within the purposes listed below in order to provide consultancy services, which is the main activity of the company, in accordance with the contractual relationship with customers under the name of natural or legal person in terms of project management consultancy, national and international grant and incentive programs consultancy, Turquality/Brand Program management consultancy, R&D and design center establishment, business incubation and acceleration programs management, establishment of the corporate project management office, preparation of strategies and programs to open up to the foremost USA and other international markets, preparation and management of the investment incentive programs.
- Exercising the necessary procedures and conducting the related business processes by the related business units for the implementation of the commercial activities which carried out by the company, planning and performing the commercial and/or business strategies, providing the legal, technical and commercial-job security of a related person, who has built business relationship with our company and planning and execution of the activities required for the recommendation and promotion of the products and services offered by us according to the tastes, usage habits and needs of the relevant people,
- Serving better to our customers, informing, providing trainings, enlightening about the projects, providing information on working and service conditions, to be able to conduct customer satisfaction surveys, receiving/giving consultancy offers and developing a project, creation of projects and proposals for customers,
- Managing the Processes of Production and Purchasing of Goods and Services
- Managing the Process of Sales of Goods and Services
- Maintaining the Customer Relations Management Processes
- Providing the Location Security
- Fulfillment of the Legal Obligations
- Managing the Demand, Order and Procurement related Operations and Actions in the scope of Commercial / Contractual Relations
- Conducting the Financial and Accounting Activities
- Following up Requests / Complaints
- Conducting of the Communication Activities
- Managing the Processes of Marketing of the Goods and Services
- Obtaining the Security of Data Controller Operations
- Informing the Authorized Person, Institutions and Organizations
- Protection Of the Your Information Kept In Accordance With The Related Legislation; Its Copying and Backup To Prevent The information Loss; Ensuring The Control Of The Consistency Of Your Information; Taking The Required Technical And Organizational Measures To Secure Your Information As Well As Our Database
For the Suppliers/Business Partners,
In the scope of commercial relations between our company and yours, the personal data of your company’s executives and employees shall be processed for the following purposes, as stated in the Article 5 of the Law no. 6698 in the scope of constitution and performing of a contract, fulfillment of the legal obligations and in accordance with the basic principles stipulated in the Law within the scope of the legitimate interests of our company and within the personal data processing conditions.
- Conducting the Actions according to the related Legislation
- Conducting the Financial and Accounting Activities
- Conducting Legal Proceedings and Their Follow up
- Conducting the Corporate Internal Operations
- Strategy Planning & Managing Business Partners/Suppliers
- Providing the Location Security
- Protection Of the Your Information Kept In Accordance With The Related Legislation; Its Copying and Backup To Prevent The information Loss; Ensuring The Control Of The Consistency Of Your Information; Taking The Required Technical And Organizational Measures To Secure Your Information As Well As Our Database
- Managing the Process of Contract, Demand and Order
- Managing and Organizing the Production, Sales, Purchasing Processes and Operations of Goods and Services
- Running the Commercial and Financial Operations
- Implementation of the Actions with Technical and Administrative Results
- Carrying out Logistics Operations
- Managing the Supply and Sub-Supply Chain Management Processes
- Communication Activities
- Fulfillment of the Legal Obligations
For the Visitors;
In the scope of your visits to our company, website and workplaces, your access records, ID and visual data are being processed for the purposes below through security cameras and internet access which are offered to you in physical environments subject to our legitimate interests to provide our and your security, as well as to fulfill the legal obligations,
- Conducting the Auditing Activities
- Managing the Process of Information Security
- Fulfillment of the Legal Obligations
- Providing the Location Security
- Informing the Authorized Person, Institutions and Organizations
- Ensuring the Security of Data Controller Operations
- Providing the Internet Access and Provision of Access Security
For the Potential Customers;
Your ID and contact information, provided directly from you through your requests, such as requested service, price offers, preliminary-information etc., are being processed in accordance with the Article 5/2 of the Law no. 6698 to make you an offer for the demanded products and to constitute a contract.
For the Job Candidates;
PMO has been processing your data which contains your personal information that directly comes from you, such as received CVs, filled forms through job applications to our head office and other applications via career sites for the following purposes in accordance with the Article 5/2 of Law no. 6698; which stated as, to constitute and perform a contract and regarding our company’s legitimate interests.
- Conducting the Selection and Placement Process of Job Candidates/ Trainees/ Students
- Managing the Process of Job Candidates’ Applications
- Managing the Human Resources Operations and specifically Recruitment Process
- Managing the Employee Satisfaction and Commitment Process
- Carrying out the Activities of Job Sustainability and Providing the Location Security
For the Employees;
PMO is processing your personal data to create personnel file and to constitute an employment contract with you within the scope of its legal interests, in accordance with the related Legislation and within the purposes below:
- Conducting the Process of Information Security
- Managing the Employee Satisfaction and Commitment Processes
- Fulfillment the Obligations for Employees derived from related Legislation and Employment Contract
- Managing the Processes of Fringe Benefits and Advantages of Employees
- Conducting the Auditing/Ethical Behavior Activities
- Carrying Out the Training Activities
- Managing the Access Authorization
- Conducting the Activities According To The Related Legislation
- Fulfilling the Financial and Accounting Activities
- Providing the Location Security
- Managing the Assignment Processes
- Conducting and Follow-up of the Legal Affairs
- Planning the Human Resources Processes
- Running and Supervising the Business Operations
- Conducting the Occupational Health and Safety Activities
- Receiving and Evaluating the Suggestions Aimed At Improving Business Processes
- Conducting the Business Continuity Activities
- Informing the Authorized Person, Institutions and Organizations
- Carrying Out the Management Activities
- Making required Legal Notice to the Official Institutions, Benefiting from Incentives of Official Institutions, Making Notice to the related Official Authority in the scope of the Official Institutions’ Audits
- Managing the Human Resources Operations and specifically Personnel Affairs’ Processes
- Processing the required Data Activity within the scope of Auditing the Employees and Employer’s Right to Govern
The Method and Legal Obligations to Collect Your Personal Data
Your personal data are collected and processed within the scope of commercial and/or contractual relationship between you and PMO, regarding the stated purposes above and in terms of the Article 5/2 of the Law no. 6698 and likewise following legal conditions (listed below). In the case of an absence of these conditions, your information (contract, order form, form or request of proposal, e-mail traffic, business cards, website messages, our business partners’ sharing), which are given directly by you, will be collected and processed by PMO upon your explicit consent. During your visits to our company, your image will be recorded through security surveillance system for security reasons and processed limited to this operation.
- It is stipulated on any national or international legislation that PMO is subject to,
- As long as it is related directly to a contract to be constituted or performed, it is necessary to process the personal data of the contract’s parties and to be able to provide the goods and services or to fulfill the requirements of the contracts you have been a part of,
- It obliges PMO processing the data to fulfill its legal obligations,
- Personal data have been made public by you,
- Personal data processing is necessary to establish, exercise or protect a right according to the legislation or internal regulations of PMO.
- It is required processing the data for the legal interests of PMO, on the condition that they don’t harm your fundamental rights and freedoms.
Transfer of Your Personal Data
PMO may transfer your personal data to domestic receiver groups listed below within the scope of Law and other legislations in relation to processing purposes stated in this Policy:
- To suppliers and business partners, whom we are working with to provide or transfer the goods and services to you,
- To business partners, suppliers, banks and financial institutions whom we are in cooperation with and/or get service to provide, advertise etc. the services and products,
- To lawyers, auditors, consultants and companies that we get services,
- To deputies, executors and representatives to whom you give authorization,
- To regulatory and supervisory authorities, enforcement offices and similar organizations/institutions and people assigned by them, who are authorized to demand your personal data.
If there is a need to contact with any institutions located abroad regarding the type of service that you are demanding, your personal information, which is given directly by you, shall be shared with abroad institutions to provide you the requested service. Before sharing, it will be demanded EXPLICIT CONSENT of data subject in accordance with the Law no. 6698.
Your Rights
In accordance with the Article 11 of the Law no. 6698, you have the rights listed below by applying to PMO using the listed methods in the “Contact Us” section of this Policy,
- To learn, whether your personal data has been processed or not,
- If your personal data has been processed, to demand information with regard to this,
- To learn the purposes of your personal data processing and whether they are used appropriately for its purposes,
- To get information about the third parties, whether inland or abroad, to which your personal data has been transferred,
- To request correction of your personal data, if processed incomplete or incorrect,
- To ask your personal data to be deleted or destroyed under the foreseeable conditions of the KVKK Legislation,
- To request of notifying for third parties to whom your personal data have been transferred,
- To object the occurrence of a result against you by analyzing the processed data exclusively through automated systems,
- To request the compensation for the your damage, in case of unlawful processing of your personal data.
Providing the Protection and Privacy of Personal Data
The essential measures are taken by the company within the realms of possibility, depending on the qualification of data to prevent any kind of security breaches, such as unlawful leaking, accessing and transfer of personal data.
Within this scope we, as Company take (I) organizational and (II) technical measures, (III) set up an audit system within the company and (IV) take action against unlawful revealing of personal data regarding the precautions stated in KVKK.
Destruction of Personal Data
Despite having been processed legally in compliance with the Article 7 of the Law no. 6698, personal data shall be erased, destructed or anonymized by the data controller, ex officio or on the request of the data subject, in the event that the reasons for the processing no longer exist.
PMO has constituted a DESTRUCTION POLICY determining the destruction methods of personal data and released it within the company. In the same manner, the storage periods are clearly determined per type of data and a time matrix is set up in this subject by PMO. All of the destruction processes are conducted according to this policy and time matrix.
THE OBLIGATIONS CONCERNING DATA SECURITY
PMO takes all required technical and organizational measures intended for providing proper security level in accordance with the Article 12 of the KVKK for the purposes of preventing unlawful processing of and unlawful access to personal data, ensuring protection of personal data and providing the necessary audits within this scope.
PMO is also taking technical and organizational measures regarding the implementation cost.
TECHNICAL MEASURES
The primary technical measures taken by PMO to provide personal data processing legally are stated as follows:
- Personal Data Processing activities conducted within PMO are being audited via setting up technical systems.
- Measures taken are reported periodically to the responsible person accordance with internal audit mechanism.
- Technical departments have been established and relevant qualified employees have been employed.
- The latest technological developments are being followed and the technical measures are being taken especially on the cyber-security systems. These precautions are updated and renovated periodically.
- Technical solutions of access and authorization, which are specified for each department within PMO, are put into use in compliance with the legal conformity requirements.
- Access authorizations are limited and examined regularly. Access restrictions are being applied for former employees and their accounts are closed.
- Technical measures taken in compliance with the internal operations of PMO are being reported to the related users, risky situations are evaluated repeatedly and the necessary technological solutions are produced.
- Various types of software and hardware are being installed which operate anti-virus systems, firewalls and data vulnerability security systems.
- Experts specialized in technical issues are being employed.
- All kind of information systems including the applications that collect personal data are being tested regularly against external risks to detect security breaches and the security gaps are eliminated properly according to the results.
ADMINISTRATIVE MEASURES
The organizational measures taken by PMO to provide personal data processing legally are stated as follows:
- PMO employees are being trained and informed about the law of personal data protection and its processing in accordance with the law.
- All of the personal data processing activities conducted by PMO are carried out in compliance with the personal data inventory and its annexes which are constituted by analyzing all work units in detail.
- The activities of personal data processing conducted by the relevant departments of PMO and the legal obligations which shall be performed to ensure these activities correspond to the conditions of personal data processing that KVKK requires to are bonded to its written policy and procedures by PMO; every work unit is being informed about this relevant content and the points to be paid attention in relation to their activity are determined.
- The audit and management of personal data security for the departments of PMO are being organized by Information Security Committees. The awareness is being raised for fulfillment of the legal requirements which were laid down on the basis of work unit; the necessary organizational measures are being put into practice through company policy, procedures and trainings to maintain the sustainability of implementation and audit of these aspects.
- Information about personal data and records including data security are being added to the employment contracts constituted between the employees and PMO and to the related documents and additional protocols are being made. Activities have been conducted for raising awareness among the employees on this subject.
Specific to each department within PMO, legal compliance, access to the personal data in the company and authorization process are being practiced taking personal data processing procedures into account.
CONTACT
To use the mentioned rights of KVKK above, you can deliver your request by filling the contact form on our website or sending it to our post address with any written document that meets the related Legislation’s terms of application along with the documents to confirm your identity; by bringing it wet-signed by hand directly to the company address or by sending via e-mail.
In the case that data subjects (relevant persons) sent their personal data related requests to our company in writing, the company, as data controller, carries out necessary processes to bring it to a solution in shortest time by-taking into account the nature of the demand or in 30 days at the latest in accordance with the Article 13 of the Law no. 6698 (KVKK).
The company may demand information within the scope of providing the data security to determine whether the applicant is the data subject or not. Furthermore, the company may address questions to the relevant person regarding his/her request to finalize the demand properly.
In the cases such as the demand has possibility to block the rights and freedoms of others; it requires the disproportionate effort and information is already open to the public; the demand may be rejected by PMO explaining the justified grounds.