PERSONAL DATA OWNER APPLICATION FORM
This Personal Data Owner Application Form (“Form”) has been created to be used by data owners in their applications to exercise their rights specified in the Law on Protection of Personal Data No. 6698. In this context, about yourself;
a) Learning whether personal data is processed or not,
b) If personal data has been processed, requesting information about it,
c) Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
d) Knowing the third parties to whom personal data is transferred in the country or abroad,
e) Requesting correction of personal data in case of incomplete or incorrect processing,
f) Requesting the deletion or destruction of your personal data in case the reasons requiring the processing of personal data disappear,
g) You have the right to request that the transactions made pursuant to subparagraphs (e) and (f) be notified to the third parties to whom your personal data has been transferred.
It is important that the personal data processed by our company is accurate and up-to-date. Therefore, if there is a change in your personal data, please notify us. Please indicate your request by filling out the following information in the attached form within the scope of the Personal Data Protection Law.
CONCLUSION OF THE APPLICATION AND NOTIFICATION OF THE RESULT OF THE APPLICATION
Depending on the nature of the request, it will be evaluated and finalized within thirty days at the latest. Positive or negative responses to your request can be reported to you (in line with your request) in writing or electronically. If you have a preference for the application result to be sent by post or e-mail, you must indicate your preference below, along with the address/e-mail address to which the mail/e-mail will be sent.
Although your requests will be concluded free of charge as a rule, if the response of your request requires an additional cost, a fee may be charged in the amounts determined within the framework of the relevant legislation.
If additional information is needed to finalize the request or if it cannot be proven that the application was made by the data owner, you may be contacted via your contact information stated in this Form or at our company.
TECHNICAL AND ADMINISTRATIVE MEASURES TO BE TAKEN TO ENSURE DATA SECURITY AT THE WORKPLACE
1. Network security and application security must be ensured
2. Closed system network should be used for personal data transfers via network.
3. Key management should be implemented
4. Security measures should be taken within the scope of procurement, development and maintenance of information technology systems
5. The security of personal data stored in the cloud must be ensured
6. Disciplinary arrangements including data security provisions should be made for employees
7. Training and awareness studies should be carried out periodically on data security for employees.
8. An authorization matrix should be created for employees
9. Access logs should be kept regularly
10. Institutional policies on access, information security, use, storage and destruction should be prepared and implemented.
11. Data masking measures should be applied when necessary
12. Confidentiality commitments should be made
13. The authority of employees who have a change in duty or quit their job in this field should be removed.
14. Up-to-date anti-virus systems should be used
15. Firewalls should be used
16. Signed contracts should include data security provisions
17. Extra security measures should be taken for personal data transferred via paper and the relevant document should be sent in confidential document format.
18. Personal data security policies and procedures should be determined
19. Personal data security issues should be reported quickly
20. Personal data security should be followed up
21. Necessary security measures should be taken regarding entry and exit to physical environments containing personal data.
22. The security of physical environments containing personal data against external risks (fire, flood, etc.) should be ensured.
23. The security of environments containing personal data should be ensured
24. Personal data should be reduced as much as possible
25. Personal data should be backed up and the security of the backed up personal data should be ensured.
26. User account management and authorization control system should be implemented and these should be followed up.
27. In-house periodic and/or random audits should be made and performed.
28. Log records should be kept without user intervention 29. Existing risks and threats should be identified
30. Protocols and procedures for special categories of personal data security should be determined and implemented.
31. If sensitive personal data is to be sent via e-mail, it must be sent in encrypted form and using KEP or corporate mail account.
32. For sensitive personal data, secure encryption / cryptographic keys should be used and managed by different units.
33. Intrusion detection and prevention systems should be used
34. Penetration test should be applied
35. Cyber security measures should be taken and their implementation should be monitored continuously
36. Encryption must be done
37. Personal data transferred in portable memory, CD, DVD media should be encrypted and transferred.
38. Data processing service providers should be periodically audited on data security.
39. Data processing service providers should be made aware of data security
40. Data loss prevention software should be used.
41. The Security of the Cabinets and Rooms/Environments where Data is Stored Should Be Provided,
42. Internal Periodic and/or Random Audits Should Be Performed,
43. In cases where Personal Data is processed verbally during the interviews, the necessary precautions should be taken "in such a way that the conversations cannot be heard by others".