Med Yapım Televizyon ve Filmcilik A.Ş.

POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

 

TABLE OF CONTENTS

  1. PURPOSE AND SCOPE OF THE POLICY
  2. DEFINITIONS
  • PERSONAL DATA PROCESSING PRINCIPLES
  1. PERSONAL DATA PROCESSING CONDITIONS AND EXCEPTIONS
  2. PERSONAL DATA CLASSIFICATION
  3. ENSURING THE SECURITY OF PERSONAL DATA
  • PERSONAL DATA PROCESSING PURPOSES
  1. Regarding the Security Camera Application at the Workplace
  2. Regarding Personal Data of Customers, Prospective Customers and Business and Solution Episodeners
  3. In terms of Personal Data of Visitors
  4. In terms of Personal Data of Prospective Employees
  5. In terms of Personal Data of Employees
  6. Regarding Personal Data of Subcontractors
  • TRANSFER OF PERSONAL DATA DOMESTICALLY AND ABROAD
  1. DESTRUCTION OF PERSONAL DATA
  2. RIGHTS OF THE PERSONAL DATA OWNER
  3. CLOSING PROVISIONS

 

 

  1. PURPOSE AND SCOPE OF THE POLICY

 

Law No. 6698 on the Protection of Personal Data published in the Official Gazette dated 07.04.2016 and numbered 29677 ("KVKK") and the procedures and principles adopted and to be implemented by our Company in order to comply with the relevant legal regulations are regulated by this Policy within the scope of the data controller's disclosure obligation.

Regarding your personal data processed by our Company; your personal data processed, principles of processing personal data, purposes and conditions of personal data processing, transfer of your personal data domestically and abroad, destruction of your personal data and practices and principles regarding your rights on your personal data processed are notified to you below.

Med Yapım Televizyon ve Filmcilik A.Ş. (hereinafter "Medyapım") will act in accordance with the procedures and processes set out in this Policy in order to ensure compliance with the KVKK and other relevant regulations and to process, use, destroy, transfer and other matters in accordance with the Law and other regulations.

This Policy may be updated from time to time due to changes in legislation and/or conditions. In case of an update, it will be notified on the Company website and through other channels.

 

 

  1. DEFINITIONS

 

 

Open Consent:  

Consent on a specific issue, based on information and freely given.

 

Anonymization:

Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

 

Personal Data:

Any information relating to an identified or identifiable natural person.

 

Processing of Personal Data:

Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

 

Personal Data Owner:

The natural person whose personal data is processed.

 

Sensitive Personal Data:

Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive personal data.

Data Processor:

A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller.

 

Data Controller:

The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

 

 

 

 

  • PERSONAL DATA PROCESSING PRINCIPLES

 

Our Company carries out personal data processing activities within the framework of the principles and principles listed below in accordance with Article 4 of the KVKK, which regulates the procedures and principles regarding the processing of personal data.

  1. Compliance with Law and Good Faith

Our Company processes your personal data in accordance with the KVKK and other laws and regulations that must be complied with due to the work performed.

 

  1. Being Accurate and Up-to-date

Our company fulfills the necessary procedures and takes technical and administrative measures to ensure that the personal data provided by the data owner is not changed without permission and inaccurately, and to update the personal data if requested by the data owner when there is a change in the processed data.

 

  1. Processing for Specific, Explicit and Legitimate Purposes

Your personal data processed by our Company are processed in accordance with the processing purpose notified to you and within the notified framework.

 

  1. Relevant, Limited and Proportionate to the Purpose of Processing

Our Company does not process personal data that do not overlap with its activities, are not required within the framework of Company activities and exceed the purpose of processing.

 

  1. Retention for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed

Your data processed within the framework of KVKK and other relevant laws and regulations are retained for the periods stipulated in the relevant legislation or required to be retained due to the nature of the personal data processed.

 

 

  1. PERSONAL DATA PROCESSING CONDITIONS AND EXCEPTIONS

 

- General personal data to be processed within the framework of the Company's activities;

  1. a) Provided that the explicit consent of the data subject is obtained or
  2. b) which is expressly provided for by law,
  3. c) It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
  4. d) Provided that it is directly related to the conclusion or performance of a contract, the processing of personal data of the parties to the contract is necessary
  5. e) The data controller is obliged to fulfill its legal obligation
  6. f) That which has been made public by the person concerned,
  7. g) Data processing is mandatory for the establishment, exercise or protection of a right,
  8. h) Provided that it does not harm the fundamental rights and freedoms of the data subject, if there is one of the situations where data processing is mandatory for the legitimate interests of the data controller, it can be processed without obtaining the explicit consent of the data subject.

- Sensitive personal data to be processed within the framework of the Company's activities;

  1. a) Will not be processed unless explicit consent of the data subject is obtained,
  2. b) Except for special categories of personal data relating to health and sexual life, data may be processed without the explicit consent of the data subject in cases stipulated by law,
  3. c) Sensitive data relating to health and sexual life may be processed without the explicit consent of the data subject for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

 

  1. PERSONAL DATA CLASSIFICATION

 

 

Credentials

Name, surname, mother's name, father's name, place of birth, date of birth, marital status, religion, blood group, province, district and neighborhood where registered and information written in your identity card, including but not limited to.

Contact Information

Your contact data such as home phone number, mobile phone number, residence address or other address information, e-mail address, etc. requested from you or provided by you in order to contact you.

 

Personal Information

    Photocopy of identity card,

    Population registration sample,

    Certificate of Residence,

    Health report

    Diploma photocopy,

    Criminal record,

    Passport size photo,

    Proof of family status,

    Proof of military service,

    Employment Contract / Service Contract,

    SSI employment declaration,

    Your criminal record (criminal record),

    Information and documents regarding your health condition.

 

Bank Account Information

    Bank account number, IBAN number, credit card and other information related to the debit card.

Background Information

    Your education information written in your CV document or requested by our Company or provided by you, school information, certificate information, educational status and information about your education,

    Information about the place, date and duration of your work experience written in your CV document or requested by our Company or provided by you, information about your previous job and position, any information about your work experience,

    Your photograph written in your CV document or requested by our Company or provided by you,

    Your driver's license and the information written on your driver's license written on your resume document or requested by our Company or given by you,

    Information about your references and references written in your CV document or requested by our Company or provided by you.

 

Visitor Information

    The name of the company to which the visitors to the company are affiliated, vehicle license plate, if any, the person visited and other information.

 

 

  1. ENSURING THE SECURITY OF PERSONAL DATA

 

As MedYapım, we carry out the technical and administrative measures deemed necessary to ensure the security of your personal data that we process within the framework of company activities in accordance with the KVKK and the relevant legislation, within the framework of the necessary technological infrastructure; In this direction, we carry out the necessary audits by taking measures against data breach, unauthorized access, data loss, unauthorized modification of data and other threats.

In this context, we identify existing risks and threats, conduct awareness activities by training our employees, determine policies and procedures regarding personal data security, ensure personal data minimization, and create the necessary confidentiality agreements with data processors; We use firewalls and up-to-date anti-virus programs to ensure cyber security, configure our existing software and hardware, perform software updates and audits; we ensure the security of physical and electronic media containing personal data, and take necessary measures to prevent unauthorized breaches of your data security by unauthorized persons through key management, access logs, user account management, penetration control and encryption methods.

 

  • PERSONAL DATA PROCESSING PURPOSES

 

Your personal data is processed for the purposes of and limited to the fulfillment of company activities and obligations arising from the law.

In this direction,

  1. Regarding the Security Camera Application at the Workplace

 

  • Within MedYapım, in accordance with the provisions of the Occupational Health and Safety Law No. 6331, Labor Law No. 4857 and secondary legislation, security camera monitoring is carried out at various points in order to protect the life and property safety of employees and to ensure the security of the workplace. In the areas where monitoring is carried out, information about the monitoring is given with a camera warning sign.
  • The security cameras are positioned in order to ensure security at the workplace and within the framework of the legitimate interest of the employer, by observing the limit of proportionality.

 

  1. Regarding Personal Data of Customers, Prospective Customers and Business and Solution Episodeners

 

  • To be able to provide more effective service with our customers, suppliers and business partners; to carry out legal and financial processes,
  • Ability to effectively carry out all processes related to the orders received, including shipping and return procedures,
  • Ensuring workplace safety, commercial and economic security,
  • Within the scope of Social Compliance-Ethics audits, authorized private law real and legal persons can audit the compliance of business activities with social compliance and ethics criteria,
  • Identity information, contact information, financial identity information and other personal data provided to us and requested by us may be processed in order to carry out the necessary workflow processes by our relevant departments in order to improve the service offered by our company and to ensure product satisfaction.

 

  1. In terms of Personal Data of Visitors

 

  • Personal data such as the name of the company to which the visitors to our company are affiliated, vehicle license plate number, time of visit are processed in electronic and physical environments in order to ensure internal order and safety of life and property.

 

 

  1. In terms of Personal Data of Prospective Employees

 

  • Job applications and resumes can be forwarded to the relevant department to check suitability for the job and proceed to the interview process,
  • Determining and examining whether you meet the necessary and sufficient qualifications for the job you are applying for at the time of job application, during the job application process and during all kinds of procedures to be carried out during the job application,
  • Calling your references and getting references about you,
  • At the end of the job application process, if the interview is positive, you can be placed in your position at the workplace,
  • At the end of the job application process, if the job interview results in a negative result, then you can apply for a job in our Company or in our group companies Terda Terlik Dağ. San. Tic. Ltd. Şti. and Bilgiçler Yapı İnşaat Ltd. Şti., identity information, contact information, resume information and other personal data of employee candidates are processed in line with the purposes and methods of informing you about the job opportunity by making the necessary evaluations again.

 

  1. In terms of Personal Data of Employees
  • Ensuring internal order, workplace peace and security,
  • Processing personal data of employees and interns for the purpose of fulfilling legal obligations such as the creation and storage of personnel files and sharing them with auditing public institutions and organizations and authorized private law real or legal persons during workplace audits,
  • All transactions performed by employees in the fileserver system are recorded through logging,
  • Including visuals on corporate social media accounts regarding the organization and other activities of our Company,
  • The use of methods of determining the entry and exit times of employees and other electronic surveillance methods in order to ensure the safety of the workplace and employees and to protect the safety of life and property,
  • Recording of personal data belonging to employees by the Company and transferring them to third parties in Turkey or abroad within the scope of activities such as fairs, seminars, trainings, conferences, trips, social events and activities such as fairs, seminars, trainings, conferences, trips, social events by the Company and/or third parties on behalf of the Company, making the necessary organization for the provision of accommodation and transportation services, performing visa procedures, being informed about the developments about the Company, contacting him/her and his/her relatives when necessary, motivational gifts (such as gifts, promotions), promotion and advertisement of Company activities and other purposes,
  • Processing general and private personal data of employees within the scope of documents and papers that must be kept within the scope of OHS activities, and sharing them with workplace physicians and health officers,
  • Fulfillment of the procedures related to the performance of the services offered to the employees, transfer of the relevant personal data of the employees to third parties with whom the Company has a contractual relationship to the extent necessary,
  • Keeping records of the GSM line, credit card or vehicles allocated to the employee within the scope of the employer's management right,
  • In line with the purposes and methods of keeping the correspondence carried out with the corporate e-mail account allocated to the use of the employee and the e-mail files containing these correspondences recorded in the cloud system available abroad, identity information, resume information, personal information, bank account information, contact information, contact information and other personal data can be processed.
  1. Regarding Personal Data of Subcontractors
  • Processing for the purpose of fulfilling legal obligations such as the creation and retention of the personnel file and sharing it with auditing public institutions and organizations and authorized private law real or legal persons during workplace audits,
  • Processing general and special categories of personal data belonging to subcontractors within the scope of documents and papers that must be kept within the scope of OHS activities, and sharing them with workplace physicians and health officers,
  • Identity information, personal information, bank account information, contact information, contact information and other personal data may be processed in line with the methods and methods of determining the entry-exit times of employees and the use of other electronic surveillance methods in order to ensure the security of the workplace and employees, to protect the safety of life and property.

 

 

  • TRANSFER OF PERSONAL DATA DOMESTICALLY AND ABROAD

 

Your personal data;

  • In order to improve our Company's productivity and employment policies and to ensure sustainability, we sometimes provide services to third parties, limited to and in connection with this purpose, to our Group Companies, Terda Terlik Dağ. San. Tic. Ltd. Şti. and Bilgiçler Yapı İnşaat Ltd. Şti.

 

  • Banks, third parties, occupational health and safety specialists, occupational physicians and health personnel in order to fulfill the obligations of the employer under the employment contract,

 

  • Your personal data may be transferred to Microsoft Office applications, cloud solutions, SAP applications and backup systems, the databases of which are located abroad, for the administration and management of the business within the company, the execution of company affairs, the implementation of company policies, and the efficient management and execution of the workflow,

 

  • Within the scope of the realization of the commercial and other activities of the Company, it has been checked that the Company has taken the technical and administrative security measures required by the legislation and sector practices, and the commitments regarding this issue have been arranged between the parties to the external service providers,

 

  • In addition, in order to provide products and services, it may be transferred to our business partners, suppliers, third parties from whom services are received within the framework of company activities and abroad.

 

  • Your personal data may be shared with execution offices or courts (at all levels and levels), as well as relevant Ministries, directorates, Social Security Institution, İŞKUR and other persons upon request or when necessary in line with our legal obligations.

 

 

  1. DESTRUCTION OF PERSONAL DATA

 

Personal data processed within the framework of our Company's activities are stored within the framework of the purpose of processing and for the periods necessary to ensure this purpose and for the retention period stipulated within the framework of the relevant legislation.

Data that has lost its function, whose retention period has expired, and which is requested to be destroyed by the data owner, if possible within the framework of the legislation, is destroyed by using the appropriate method of deletion, destruction or anonymization of personal data listed in Article 7 of the KVKK.

Deletion of personal data is the process of making personal data inaccessible and non-reusable in any way for the relevant users.

Destruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.

Anonymization of personal data means making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even if the personal data is matched with other data.

 

  1. RIGHTS OF THE PERSONAL DATA OWNER

 

Regarding the personal data processed within the scope of our Company's activities, the data subject may apply to our Company within the framework of your rights listed in Article 11 of the KVVK;

  1. a) Learn whether their personal data is being processed,
  2. b) Request information if personal data has been processed,
  3. c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
  4. d) To know the third parties to whom personal data are transferred domestically or abroad,
  5. e) To request correction of personal data in case of incomplete or incorrect processing,
  6. f) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
  7. g) Request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data are transferred,
  8. h) To object to the occurrence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
  9. i) In case of damage due to unlawful processing of personal data, it has the right to demand compensation for the damage.

 

  1. CLOSING PROVISIONS

 

If you exercise your rights above and make an application to our Company on the above-mentioned issues, your requests in your application will be concluded free of charge within thirty (30) business days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost for the Company, the fee in the tariff determined by the Personal Data Protection Board may be requested. 

In matters related to the processing of your personal data, you must submit your application to our Company by filling out and signing the application form on the Company's website and proving your identity in person.

In terms of Medyapım employees, it is also possible to apply to our Company by using the KVKK Application Form available at the Administrative Affairs Department or OHS Specialist.

 

Med Yapım Televizyon ve Filmcilik A.Ş. Contact Information

Headquarters Address:Levent, Krizantem Sk. No:82, 34330 Beşiktaş/Istanbul

E-mail address for contact: [email protected]