×




PROCESSING AND PROTECTION OF PERSONAL DATA POLICY


1.     LOGIN

1.1 Introduction

1.2. Scope

1.3 Policy and Implementation of KVKK Legislation

1.4 Enforcement of the Policy

 2. ISSUES REGARDING THE PROTECTION OF PERSONAL DATA

 2.1. Ensuring the Security of Personal Data

2.2. Protection of Private Personal Data

2.3. Raising Awareness and Supervision of Business Units on the Protection and Processing of Personal Data

 3. ISSUES REGARDING THE PROCESSING OF PERSONAL DATA

 3.1. Processing of Personal Data in Compliance with the Principles Established in the Legislation

3.2. Terms of Processing Personal Data

3.3. Processing of Private Personal Data

3.4. Disclosure of Personal Data Owner

3.5. Processing of Data Processed by ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ by ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ

3.6. Transfer of Personal Data

 4. CATEGORIZATION OF PERSONAL DATA PROCESSED BY OUR COMPANY AND THE PURPOSE OF PROCESSING

 5. STORAGE AND DISPOSAL OF PERSONAL DATA

 6. RIGHTS OF PERSONAL DATA OWNERS AND THE USE OF THESE RIGHTS

 6.1. Rights of the Relevant Person

7. SPECIAL SITUATIONS WHERE PERSONAL DATA IS PROCESSED

 7.1. Building, Facility Entrances and Personal Data Processing Activities within the Building Facility and Website Visitors

7.2. ROOTCODES YAZILIM TEKNOLOJILERI LIMITED COMPANY Monitoring Activities with Camera at the Entrances and Inside of the Building, Facility

7.3. ROOTCODES YAZILIM TEKNOLOJILERI LIMITED SIRKETI Tracking of Guest Entrances and Exits at the Building, Facility Entrances and Inside

8. MEASURES RELATED TO THE SECURITY OF PERSONAL DATA

 

 

1.                   LOGIN
1.1                Login
1.2                 Scope
1.3                Policy and KVKK Legislation Implementation
1.4                of Policy validity
2.                   REGARDING THE PROTECTION OF PERSONAL DATA MATTERS
2.1.             Security of Personal Data Providing
2.2.             Special Qualified Personal Data Protection
2.3.        Business of units Personal of data Protection and Processing About of their awareness Increasing and control
3.            REGARDING THE PROCESSING OF PERSONAL DATA MATTERS
3.1.              Personal Data in Compliance with the Principles Established in the Legislation Processing
3.1.2.        Keeping Personal Data Accurate and Up-to-Date When Necessary Providing
3.1.3.        For Specific, Clear, and Legitimate Purposes Processing
3.1.4.        Relating to the Purpose for which they are Processed, Limited and Measured Being
3.2.              Processing of Personal Data Conditions
i.            Explicit Consent of Personal Data Owner Finding
ii.            Explicitly in Laws foresight
iii.            The Explicit Consent of the Person Related to the Cause of Actual Impossibility Failure to receive
iv.             Direct Interest in the Establishment or Performance of the Contract to be
v.            Fulfilling the Legal Obligation of the Company to bring
vi.             Personal Data of the Personal Data Owner publicization
vii.              Data Processing is Mandatory for the Establishment or Protection of a Right to be
viii.            Data Processing is Mandatory for the Legitimate Interest of Our Company to be
3.3.              Special Qualified Personal Data Processing
3.4.              Relevant Persons Illumination
3.5.              Your Personal Data Transferring
3.6.1          Your Personal Data Transferring
3.6.2          Special Qualified Personal Data Transferring
4.         OUR COMPANY BY PROCESSED PERSONAL DATA CATEGORIZATION AND PROCESSING OBJECTIVES
5.         STORAGE OF PERSONAL DATA AND DISPOSAL
6.         RIGHTS OF THE RELATED PERSON
6.1.         Relevant Person Rights
 
Within the scope of KVKK
              i.   Learning whether your Personal Data is processed or not,
             ii.   If your Personal Data has been processed, requesting information about it,
            iii.   Learning the purpose of processing your Personal Data and whether they are used in accordance with its purpose,
           iv.   Knowing the third parties to whom your Personal Data is transferred, at home or abroad,
             v.   Requesting correction of your Personal Data if it is incomplete or incorrectly processed,
           vi.   Requesting the deletion or destruction of your Personal Data within the framework of the conditions stipulated in the KVKK legislation,
          vii.   v. and vi. Requesting notification of the transactions made within the scope of the articles to the third parties to whom your Personal Data has been transferred,
         viii.   Objecting to the emergence of a result against you by analyzing the processed data exclusively through automated systems,
           ix.   If you suffer damage due to the unlawful processing of your Personal Data, you have the right to demand the removal of this damage.
 
How Can You Exercise Your Rights?
             You can fill in the "application form", which you can download using the https://rootcodes.com/kvkk-application-form.pdf link , in line with your request/complaint, send the said form to us via kvkk@rootcodes.com or physically fill out the form to " Rootcodes LTD. STI. Tokat Teknopark, Tokat, Merkez 60150, TR” address by courier/mail.
            If you submit your request to us using one of the methods shown above, KVKK art. In accordance with 13/2, your request will be evaluated within 30 days at the latest and you will be informed about the subject. If your request is accepted, the necessary actions will be carried out immediately by the data controller COMPANY.
            As a rule, requests are met free of charge ; As stipulated in article 7 of the Communiqué; “If the application of the person concerned is to be answered in writing, up to 10 pages are not charged. A transaction fee of 1 TL may be charged for each page over 10 pages. If the response to the application is given in a recording medium such as CD or flash memory, the fee that may be requested by the data controller cannot exceed the cost of the recording medium. In accordance with its provisions, a fee may be requested by the COMPANY.
 
 
7.         SPECIAL PROCESSING OF PERSONAL DATA SITUATIONS
7.1.             Building, Facility Entrances and Personal Data Processing Activities within the Building Facility and Website Visitors
7.2.              ROOTCODES YAZILIM TEKNOLOJILERI LIMITED COMPANY Monitoring with Camera at Building, Facility Entrances and Inside Activities
7.3.              ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ Checking the Guest Entry and Exit Carried Out at the Entrances and Inside of the Building, Facility. tracking
APPENDIX 1 – Definitions

 

is among the most important priorities of ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ (“ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ” or “Company”) , as it is a fundamental human right . In order to secure the right to personal data protection, the company makes the utmost effort to comply with all applicable legislation in this regard. shows. herein ROOTCODES SOFTWARE TECHNOLOGIES LIMITED Company Personal of data Protection and Processing The principles adopted in the conduct of personal data processing activities carried out by our Company within the framework of the Policy (“ Policy ”) and the basic principles adopted in terms of compliance of our Company's data processing activities with the regulations in the Law on the Protection of Personal Data No. provides the necessary transparency. With full awareness of our responsibility in this context, your personal data is processed within the scope of this Policy and is protected.

 

ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ (“COMPANY”) Personal Data Processing and Protection Policy (“Policy”), with the aim of disciplining the processing of personal data within the framework of the legislation on personal data and protecting fundamental rights and freedoms, especially the privacy of private life, as stipulated in the Constitution. has been prepared.

While preparing the "Policy", it was determined as the basic principle to determine which data the working units collect, why and why they need to transfer this data to third parties within the "COMPANY" organizational chart, and to understand the personal data processing method of the COMPANY . While transferring the requirements of the relevant legislation to the " Policy" , it has been privatized to explain which data the " COMPANY" provides and why it processes these data in a simple and understandable language, within the framework of the sensitivity felt within the scope of the need to protect personal data. In addition, it is aimed to take the necessary administrative and technical measures for the protection of data confidentiality within and outside the organization of the "COMPANY" and to inform and enlighten the individuals whose data is processed.

All real persons whose data are processed by the "COMPANY" are within the scope of the "Policy".

Within the scope of this "Policy", customized information about the data processed within the framework of the transactions and activities in the "COMPANY" organization, the categorization of the data, the data recipient groups, the legal reason and method of data collection, the third party groups to which the data is transferred, the processing times of the data, the data deletion periods. tried to be given. However, in the event that data processing is/will be done by the "COMPANY" apart from the current processing activities, it is possible to carry out processing and lighting within an external lighting text, provided that the basic principles and principles set forth in this policy are complied with. In this case, the clarification will constitute an inseparable part of this "Policy" and it cannot be claimed that it is not included in this "Policy" . As a matter of fact, within the scope of Article 5 of the Communiqué on the Procedures and Principles to be Complied with in Fulfilling the Liability of Illumination, it is possible to provide verbal, written, audio recording, physical or electronic media such as a call center.

Regarding the processing and protection of personal data, the relevant legal regulations in force will be applied first. In case of inconsistency between the current legislation and the Policy, our Company accepts that the applicable legislation will find an area of application . The policy regulates the rules set forth by the relevant legislation by embodying them within the scope of Company practices.

 

 

this Policy is 28.09.2022. The version, which was issued by ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ, entered into force on 28.09.2022 and was updated on 28.09.2022, has been renewed as of the effective date of this Policy .

 

on the website of ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ [https:// https://rootcodes.com/ ] is published.

 

 

 

In accordance with Article 12 of the Law, our company takes the necessary measures according to the nature of the data to be protected in order to prevent the unlawful disclosure, access, transfer or security deficiencies that may occur in other ways. In this context, our Company takes administrative measures to ensure the required level of security in accordance with the guidelines published by the Personal Data Protection Board (“ Board ”), carries out inspections or has them made.

 

When certain personal data are processed unlawfully by the law, it is subject to victimization or discrimination. reason being risk because of special importance attributed. This data; race, ethnic origin, political Data on thought, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic are data.

 

ROOTCODES YAZILIM TEKNOLOJILERI LIMITED SIRKETI acts sensitively in the protection of special quality personal data, which is determined as "special quality" by the Law and processed in accordance with the law. In this context, the technical and administrative measures taken by ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ to protect personal data are carefully implemented in terms of special quality personal data, and necessary audits are provided within the body of ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ.

 

Note: Detailed information on the technical and administrative measures taken in the processing of personal data is given in section "8" of this policy.

 

ROOTCODES YAZILIM TEKNOLOJILERI LIMITED COMPANY organizes trainings at regular intervals in order to increase awareness to prevent unlawful processing of personal data, illegal access to personal data, and to ensure the protection of personal data.

 

ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ establishes necessary systems to raise awareness of its employees on the protection of personal data, and works with consultants if needed. In this direction, our Company participates in the relevant trainings, seminars and information sessions , especially those prepared by the Personal Data Protection Authority, through its employees, and renews its trainings in parallel with the updating of the relevant legislation.

 

 

 

 

 

 

3.1.1.        Compliant with Law and Integrity Processing

ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ acts in accordance with the principles brought by legal regulations and the general rule of trust and honesty in the processing of personal data. In this framework, personal data is processed to the extent and limited to the business activities of our Company.

 

ROOTCODES SOFTWARE TECHNOLOGIES LIMITED COMPANY, personal data processed duration along TRUE and current to be for   necessary measures and the necessary mechanisms to ensure the accuracy and up-to-dateness of personal data for certain periods. is establishing.

 

ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ clearly reveals the purposes of processing personal data and processes it within the scope of purposes related to these activities in line with its business activities.

 

ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ collects personal data only in the quality and extent required by its business activities and processes it limitedly for the determined purposes.

 

3.1.5.       Relating to in legislation envisaged or  They are processed Aim for   Necessary The one which Duration Until Casing don't

ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ, the period required for the purpose for which personal data is processed and the legal legislation to which the relevant activity is subject. envisaged minimum duration until casing is doing. This in scope, Our company Firstly determines whether a period is foreseen for the storage of personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period. If there is no legal period, personal data are stored for the period necessary for the purpose for which they are processed. At the end of the specified storage periods, personal data is destroyed in accordance with the periodic destruction periods or the data owner application and with the determined destruction methods (deletion and / or destruction and / or anonymization). is being done.

 

Personal data owner open  consent to give not including personal data processing of your activity base below It may be only one of the conditions specified, or more than one condition may be the basis of the same personal data processing activity. processed data special qualified personal data to be in case of, herein of Policy 3.3 title Conditions contained in (“ Processing of Special Quality Personal Data ”) will be applied.

 

 

One of the conditions for the processing of personal data is the explicit consent of the data owner. The explicit consent of the personal data owner should be disclosed on a specific subject, based on information and free will.

 

Below Location area personal data processing of your terms presence in case of data owner open  to your consent without the need for personal data can be processed.

 

If the personal data of the data owner is expressly stipulated in the law, in other words, if there is a clear provision in the law regarding the processing of personal data, the existence of this data processing condition may be mentioned.

 

actual impossibility or whose consent cannot be validated, in order to protect the life or bodily integrity of himself or another person.

 

Data owner side is a of the contract establishment or  with the performance directly Oh right relating to provided that the processing of personal data is necessary, this condition may be deemed to have been fulfilled.

 

The personal data of the data owner may be processed if the processing is necessary for our company to fulfill its legal obligations.

 

If the data owner has made his personal data public, the relevant personal data may be processed for the purpose of making it public.

 

If data processing is necessary for the establishment, exercise or protection of a right, the personal data of the data owner may be processed.

 

Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is necessary for the legitimate interests of our Company.

 

Special categories of personal data are processed by our Company in accordance with the principles set forth in this Policy , by taking all necessary administrative and technical measures, including the methods to be determined by the Board, and in the presence of the following conditions:

 

(i)            Special categories of personal data other than health and sexual life, which are expressly stipulated in the law, are another matter . expression with relating to your activity subject to is in law personal data to the processing related clearly a In case of a provision, it can be processed without the explicit consent of the data owner. Otherwise, the explicit consent of the data owner for the processing of such sensitive personal data. will be taken.

 

(ii)           Special quality personal data related to health and sexual life , protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning of health services and financing and management, by persons or authorized institutions and organizations under the obligation to keep secrets, without seeking explicit consent. Otherwise, the explicit consent of the data owner for the processing of such sensitive personal data. will be taken.

 

ROOTCODES YAZILIM TEKNOLOJILERI LIMITED COMPANY enlightens the personal data owners in accordance with Article 10 of the Law and secondary legislation. This in scope ROOTCODES SOFTWARE TECHNOLOGIES LIMITED COMPANY, personal data data in charge aspect who by, It informs the relevant persons about the purposes for which it is processed, for what purposes it is shared with whom, by what methods it is collected, and the legal reason and the rights of the data subjects within the scope of the processing of their personal data.

 

 

Our company can transfer the personal data and sensitive personal data of the personal data owner to third parties (third party companies, public and private authorities, third real persons) by taking the necessary security measures in line with the personal data processing purposes in accordance with the law. Accordingly, our company acts in accordance with the regulations stipulated in Article 8 of the Law. Detailed information on this subject can be found in the APPENDIX 1 (“ ANNEX 1- Third Parties to which Personal Data Transferred and Purposes of Transfer ”) document of this Policy .

 

Even without the explicit consent of the personal data owner, in case one or more of the following conditions are present, personal data may be transferred to third parties by taking all necessary security measures, including the methods prescribed by the Board, by taking due care by our Company.

 

·         The relevant activities regarding the transfer of personal data are clearly stated in the laws. forecasting,

·         Personal data Company by transfer of a of the contract establishment or  with the performance directly relevant and necessary to be,

·         The transfer of personal data is mandatory for our Company to fulfill its legal obligation. to be,

·         Personal data data owner by publicized to be provided that, publicization for the purpose of limited by our Company. transfer,

·         Personal data Company by transfer of Company's or  data owner or  third obligatory for the establishment, exercise or protection of the rights of persons to be,

·         It is mandatory to carry out personal data transfer activities for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the data owner. to be,

·         Mandatory for the protection of life or bodily integrity of himself or another person, who is unable to express his consent due to actual impossibility or whose consent is not given legal validity. to be.

 

to the above additional aspect personal data, Board by sufficient to protect owner is advert  will be to foreign countries (“ Foreign Country with Sufficient Protection ”) in case of any of the above conditions . In the absence of adequate protection, the data transfer conditions stipulated in the legislation in line with in Turkey and relating to foreign in the country data of those responsible sufficient a to protect to foreign countries to which it has committed in writing and to which the Board has permission (“ Foreign Country with Data Controller Undertaking Adequate Protection ”) can be transferred.

 

Special categories of personal data are collected by our Company in accordance with the principles set forth in this Policy and by the Board. will determine methods also including be about to necessary each kinds administrative and technical measures and if the following conditions are met can be transferred:

 

(i)      Health and sexual life other than special qualified personal data, in laws clearly predicting other In case there is an express provision in the relevant law regarding the processing of personal data, a statement may be processed without the explicit consent of the data owner. Otherwise, the explicit consent of the data owner will be taken.

 

(ii)    Special categories of personal data related to health and sexual life, for the purpose of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, without the explicit consent of persons or authorized institutions and organizations under the obligation of keeping confidentiality. can be processed. Otherwise, the explicit consent of the data owner will be obtained.

 

In addition to the above, personal data may be transferred to Foreign Countries with Sufficient Protection in the presence of any of the above conditions. In the absence of sufficient protection, it can be transferred to Foreign Countries where the Data Controller Undertaking Adequate Protection is in line with the data transfer conditions stipulated in the legislation .

 

 

Before our company, by informing the relevant persons in accordance with Article 10 of the Law and secondary legislation, in line with the personal data processing purposes of our Company, based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, primarily the processing of personal data. of the Law 4. in the article stated principles be about to in Law stated general to the principles appropriate a personal data is processed. Within the framework of the purposes and conditions specified in this Policy, detailed information about the personal data categories and categories can be obtained from the ANNEX 3 (“ ANNEX 3- Personal Data Categories ”) document of the Policy. will be reachable.

 

Detailed information regarding the processing purposes of the said personal data is given in Annex 1 of the Policy (“ ANNEX 1- Personal Data Processing Purposes ”).

 

 

Our company preserves personal data for the period required for the purpose for which they are processed and in accordance with the minimum periods stipulated in the legal legislation to which the relevant activity is subject. In this context, our Company first determines whether a period is foreseen for the storage of personal data in the relevant legislation, and if a period is determined, it acts in accordance with this period. If there is no legal period, personal data are stored for the period necessary for the purpose for which they are processed. At the end of the specified storage periods, personal data is destroyed in accordance with the periodic destruction periods or the application of the data owner and with the determined destruction methods (deletion and / or destruction and / or anonymization).

 

 

 

By ROOTCODES SOFTWARE TECHNOLOGIES LIMITED COMPANY your safety providing for the purpose of, ROOTCODES SOFTWARE TECHNOLOGIES LIMITED COMPANY'S buildings and in the premises Personal data processing activities are carried out for monitoring with security cameras and tracking guest entries and exits.

ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ on Private Security Services in order to ensure security in its buildings and facilities . Law and relating to to legislation appropriate aspect camera with tracing activity is being carried out. ROOTCODES SOFTWARE TECHNOLOGIES LIMITED COMPANY, building and in the premises your safety providing for the purpose of, in force found relating to in legislation envisaged It carries out security camera monitoring activities for the purposes and in accordance with the personal data processing conditions listed in the Law.

 

By ROOTCODES SOFTWARE TECHNOLOGIES LIMITED COMPANY of the Law 10. to the article appropriate aspect, camera with tracing to its activity related more than one method with personal data owner is illuminated. Moreover, ROOTCODES SOFTWARE TECHNOLOGIES LIMITED COMPANY, of the Law 4. to the article in a limited and measured way, in connection with the purpose for which personal data is processed. is working.

 

The purpose of maintaining video camera monitoring by ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ is limited to the purposes listed in this Policy . In this direction, the monitoring areas, the number of security cameras and when they will be monitored are sufficient to achieve the security purpose and are implemented in a limited manner for this purpose. Areas (for example, toilets) that may result in interference with the privacy of the person exceeding the security objectives are not subject to monitoring.

 

Live camera images with digital in the environment recorded and casing made to the records Only annoyed number of ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ employees have access. A limited number of people who have access to the records declare that they will protect the confidentiality of the data they access with a confidentiality agreement. is doing.

 

carries out personal data processing activities for tracking guest entries and exits in ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ buildings and facilities , to ensure security and for the purposes specified in this Policy .

 

The personal data owners are informed in this context, when obtaining the names and surnames of the people who come to ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ buildings as guests, or through texts posted by ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ or made available to the guests in other ways. The data obtained for the purpose of tracking guest entry-exit is processed only for this purpose and the relevant personal data is recorded in the data recording system in the physical environment.

 

 

 8. MEASURES RELATED TO THE SECURITY OF PERSONAL DATA

The “COMPANY” provides all reasonable care and attention to ensure the confidentiality and security of the personal data it processes, with the awareness of its responsibility as a well-established Company. In addition to the requirements of the relevant legislation, the “COMPANY” takes reasonable technical and administrative measures to ensure data confidentiality and security within the framework of Article 12 of the KVKK . Along with the said administrative and technical security measures, it is aimed to prevent the unlawful processing of personal data, to prevent illegal access to personal data, and to preserve personal data at an appropriate level of security .

In the event that personal data is processed by another natural or legal person (data processor) on its behalf, the “COMPANY” will take the necessary measures to ensure that the above-mentioned measures are also taken by the relevant data processors.

In the event that personal data is unlawfully obtained by third parties, it will notify the data owners, the Board and other relevant public institutions and organizations in accordance with the provisions of the relevant legislation.

The Personal Data Security Guide (Technical and Administrative Measures) published by the Board is taken into consideration when taking measures regarding the security of personal data.

 

Administrative Measures

·         Establishment and operation of the information security management system within the company,

·         Signing undertakings and confidentiality agreements with company personnel and related parties,

·         Performing risk analyzes on business processes,

·         Creating personal data inventories,

·         Operation of information security policies and procedures,

·         Organizing and evaluating trainings on information security and personal data processing activities,

·         Working computer etc. In order to prevent unauthorized access to the equipment, only authorized persons should use the said tools and equipment,

·         Reviewing activities with internal or independent audits,

·         Creating records that will produce objective evidence for the transactions,

 

Technical Measures

·         With penetration tests, risks, threats, vulnerabilities and vulnerabilities, if any, regarding the Company's information systems are revealed and necessary precautions are taken.

·         As a result of real-time analyzes with information security incident management, risks and threats that will affect the continuity of information systems are constantly monitored.

·         Access to information systems and authorization of users are made through security policies through the access and authorization matrix and the corporate active directory.

·         software changes and/or updates are to be made on the systems, tests are made in the test environment, security vulnerabilities are detected, if any, necessary measures are taken, and the final version of the changes to be made is given after these processes .

·         Necessary measures are taken for the physical security of the company's information systems equipment, software and data.

·         In order to ensure the security of information systems against environmental threats, hardware (access control system that allows only authorized personnel to enter the system room, physical security of the edge switches that make up the area network, fire extinguishing system, air conditioning system, etc.) and software (firewalls, attack prevention systems, etc.) network access control, systems that prevent malicious software, etc.) measures are taken.

·         Risks to prevent unlawful processing of personal data are determined, appropriate technical measures are taken against these risks, and technical controls are carried out regarding the measures taken.

·         Access procedures are established within the company, and reporting and analysis studies are carried out regarding access to personal data.

·         The Company takes the necessary measures to make the deleted personal data inaccessible and reusable for the relevant users.

·         In the event that personal data is unlawfully obtained by others, the Company has made appropriate preparations to notify the relevant person and the Board.

·         Security vulnerabilities are followed and appropriate security patches are installed and information systems are kept up-to-date.

·         Strong passwords are used in electronic environments where personal data is processed.

·         logging ) systems are used in electronic environments where personal data is processed .

·         Data backup programs are used to keep personal data safe.

·         Access to personal data stored in electronic or non-electronic media is limited according to access principles.

·         Access to the company website is encrypted with SHA 256 Bit RSA algorithm using secure protocol (HTTPS).

·         A separate policy has been determined for the security of sensitive personal data.

·         Special quality personal data security trainings have been provided for employees involved in special quality personal data processing, confidentiality agreements have been made, and the authorizations of users who have access to data have been defined.

·         Electronic environments in which sensitive personal data are processed, stored and/or accessed are preserved using cryptographic methods, cryptographic keys are kept in secure environments, all transaction records are logged , security updates of the environments are constantly monitored, necessary security tests are regularly carried out/performed, test results are recorded. to be taken under,

·         Adequate security measures are taken for physical environments where sensitive personal data is processed, stored and/or accessed, and unauthorized entry and exit is prevented by ensuring physical security.

·         If sensitive personal data needs to be transferred via e-mail, it is transferred in encrypted form with a corporate e-mail address or by using a KEP account. If it needs to be transferred via media such as portable memory, CD, DVD, it is encrypted with cryptographic methods and the cryptographic key is kept in a different environment.

·         If transferring is carried out between servers in different physical environments, data transfer is carried out by establishing a VPN between servers or using the sFTP method.

·         paper media, necessary precautions are taken against risks such as theft, loss or viewing of the document by unauthorized persons, and the document is sent in a "confidential" format.

 

 

 

Open Consent

It refers to the consent on a particular subject, based on information and expressed with free will.

Company

ROOTCODES YAZILIM TEKNOLOJILERI LIMITED COMPANY located at Tokat Teknopark, Tokat, Merkez 60150, TR

Cookie _ _

They are small files that are saved on users' computers or mobile devices and help store preferences and other information on the web pages they visit.

Related User

Except for the person or unit responsible for technical storage, protection and backup of the data, they are the persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller.

Destruction

Deletion, destruction or anonymization of personal data.

Contact Person

The natural person notified by the data controller during registration to the Registry for the communication to be established with the Authority regarding the obligations of the legal persons residing in Turkey and the representative of the data controller of the legal entity not residing in Turkey within the scope of the Law and secondary regulations to be enacted based on this Law.

(The contact person is not authorized to represent the Data Controller. As the name suggests, it is only the person assigned to provide the "liaison" of the communication of the data controller and the Institution.)

Law/KVKK

The Law on Protection of Personal Data No. 6698, dated March 24, 2016, published in the Official Gazette dated 7 April 2016 and numbered 29677 .

Recording Media

Any environment where personal data is processed wholly or partially automatically or by non-automatic means provided that it is a part of any data recording system.

Personal Data

Any information relating to an identified or identifiable natural person.

Processing of Personal Data

Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data completely or partially by automatic or non-automatic means provided that it is a part of any data recording system. Any operation performed on the data, such as blocking.

 

Anonymization of Personal Data

Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

Your Personal Data

deletion

Deletion of personal data; making personal data inaccessible and unusable for Relevant Users in any way.

Your Personal Data

Destruction

The process of making personal data inaccessible, irretrievable and unusable by anyone in any way.

Board

Personal Data Protection Board.

Special Qualified

Personal

Data

Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership of the company, foundation or union, health, sexual life, criminal conviction and security measures, and biometric and genetic data.

Periodic Destruction

The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in the event that all the conditions sought for the processing of personal data are eliminated.

Policy

Personal data protection policy established by the company.

Data Processor

The natural or legal person who processes personal data on behalf of the data controller based on the authority given by him.

Data Recording System

The registration system in which personal data is processed and structured according to certain criteria.

Data Owner/Relevant Person

The natural person whose personal data is processed.

Data Controller

The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

regulation

Regulation on the Deletion, Destruction or Anonymization of Personal Data.

Source:

Law on Protection of Personal Data No. 6698 - Regulation on the Deletion, Destruction or Anonymization of Personal Data - Regulation on the Registry of Data Controllers - Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Clarify - Communiqué on Application to the Data Controller and Procedure Principles Communiqué on the Principles

 

APPENDIX 2 – Purposes of Personal Data Processing

 

 

PERSONAL DATA CATEGORY

CATEGORY EXPLANATION

Identity Data

Personal data of real persons regarding identity information will be evaluated under this category. ( name surname , mother - father name, mother's maiden name, date of birth, place of birth, marital status, TR ID no )

Contact Data

All kinds of personal data that can be used for communication with individuals will be evaluated under this category. ( address no , e-mail address, contact address, registered e- mail address (KEP), telephone no )

Data on Family Status

Information about people's families and relatives will be included under this category. It does not matter whether the person concerned belongs to a customer, employee or other data subject category.

Personnel File Data

Data contained in the personnel file of company employees within the scope of the relevant legislation (payroll information, disciplinary investigation, employment entry-exit document records, property declaration information, leave information, CV information, diploma, maternity leave, inability to work report, military service, performance evaluation reports and convict applications, criminal convictions and security measures records (criminal record), health information.

"In general, the following documents are found in the personal files.

1. Criminal record

2. Family status notification form

3. Certificate of Employment/Service Certificate

4. Can work in heavy and dangerous works for very dangerous works report

5. Copy of diploma

6. Maternity leave, work/unemployment reports, breastfeeding leave petitions,

7. If it is a disabled worker, disability report, İŞKUR application registration document

8. Documents showing the military status for male workers

9. ISKUR application registration document of a former convict, victim of terrorism

10. Photocopy of marriage certificate

11. Employee approval letter for overtime work

12. Document showing the consent of the worker to be temporarily transferred to another workplace

13. If there is a rightful termination, documents proving this situation, resignation letter or termination notice

14. Release

15. Certificate of residence

"16. Employment contract

17. All correspondence and records kept about the worker

18. A letter stating that workers are informed about occupational health and safety, occupational risks, necessary precautions and legal rights and responsibilities.

19. Employee payrolls and payment documents

20. Recruitment and termination notices

21. Not coming to work without permission / late arrival report and warning

22. Blood group card

23. Severance and notice payslips

24. Photocopy of identity card

25. Population registration sample

26. Resume

27. Health report and periodic health examination reports

28. Picture

29. Health Report

30. Letter from the Revenue Administration for those who will benefit from the disability discount.

31. Documents regarding the administrative actions to be taken in insurance events (work accident report, work accident notification, etc.)

32. If there are tools and equipment delivered, their embezzlement certificate

33. Petitions, forms and tables regarding unpaid leave and annual paid leave

34. Educational certificates, if any

35. Workable certificate for foreign workers

Data on Education, Work and Professional Life

All kinds of data related to the education and working life of individuals will be included under this category. (Education-Diploma-Certificate, Transcript, Vocational Training Information)

Financial Data

People's account, bank, billing information

Audio Visual Recordings

Records made with organizations and events, and audio/visual records kept for security purposes

Digital Media Usage Data

Any personal data obtained as a result of monitoring the activities of users in the digital environment will be classified under this category.

Special Qualified Personal Data

Race- Ethnicity, Health, Biometric Data, Criminal Conviction-Security Measures, Religion- Sect, Philosophical Belief, Union, Foundation, Association Membership, Dress


 

APPENDIX 4 – Categories of Personal Data

 

 

PERSONAL DATA OWNER CATEGORY

CATEGORY EXPLANATION

Company Staff

Administrative staff.

Board of Directors, Senate Members

Data of members involved in the bodies and work of the company

3rd Persons Participating in Company Studies

Third parties involved in company commissions, working groups and organizations

Company Activities Invites

Natural persons invited to the organizations of the company

Company Activities Participants

Persons participating in company organizations

Payee/Service Recipient

3rd persons to be paid in Company Activities

Company Employees Relatives

Relatives of Company Employees, Residents and their dependents

Potential Employees

Potential employees applying for employment with the company

supplier

Persons, organizations or persons associated with them that provide goods or services to the “ COMPANY” .

Project Partner

Persons involved in the projects carried out by the COMPANY

Counselor

Persons, organizations or persons associated with them that provide external consultancy services to the “ COMPANY” .

Other

Except for the above, they are persons, organizations or persons associated with the " COMPANY" that have a permanent or incidental, direct or indirect relationship with them.

 

 

 

APPENDIX 5 – Third Parties to which Personal Data is Transferred by Our Company and Purposes of Transfer

 

ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ, in accordance with Articles 8 and 9 of the KVK Law, may transfer the personal data of data subjects managed by this Policy to the following categories of persons:

(i)             ROOTCODES SOFTWARE TECHNOLOGIES LIMITED COMPANY business to its partners,

(ii)            suppliers of ROOTCODES SOFTWARE TECHNOLOGIES LIMITED COMPANY ,

(iii)          companies of ROOTCODES SOFTWARE TECHNOLOGIES LIMITED COMPANY ,

(iv)          Legally Authorized public institutions and to their organizations

(v)            Legally authorized private law to your contacts

 

The scope of the above-mentioned persons to whom the transfer is made and the data transfer purposes are stated below.

Data Transfer Possible

Persons

Definition

Data Transfer Purpose

 

 

 

 

 

Business partner

ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ personally or by ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ

Working with companies for purposes such as carrying out various projects and receiving services.

partners with whom it has formed a partnership

defines . Banks,

ROOTCODES YAZILIM TEKNOLOJILERI LIMITED COMPANY Retirement and Assistance Fund Foundation

 

 

 

 

 

Establishment of business partnership

limited to ensuring the fulfillment of its objectives .

 

 

 

supplier

ROOTCODES YAZILIM TEKNOLOJILERI LIMITED COMPANY 'S commercial

its activities, ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ 's orders and

providing services to ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ on a contract basis in accordance with the instructions of

identifies the parties .

carry out the commercial activities of ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ , which ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ outsourced from the supplier .

To ensure that the necessary services are provided to ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ

for limited purposes.

 

Community Companies

 

ROOTCODES SOFTWARE TECHNOLOGIES LIMITED COMPANY Group companies

To carry out commercial activities that require the participation of ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ Group Companies.

limited to providing

 

Legally Authorized Public Institutions and Organizations

According to the provisions of the relevant legislation, public authorities authorized to receive information and documents from ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ

institutions and organizations

Relevant public institutions and

limited to the purpose requested by the institutions within the scope of its legal authority.

 

Legally Authorized Private Law Persons

According to the provisions of the relevant legislation, private company authorized to receive information and documents from ROOTCODES YAZILIM TEKNOLOJİLERİ LİMİTED ŞİRKETİ

legal persons

Limited to the purpose requested by the relevant private legal persons within the scope of their legal authority.

 

 

APPENDIX – 6 Data Controller Identity

 

Data Controller           : ROOTCODES YAZILIM TEKNOLOJILERI LIMITED COMPANY

Address                      : Tokat Technopark, Tokat, Center 60150, TR

Phone                         : +90 850 474 3737   

KEP                            : Yunus.aydogan.35@hs01.kep.tr

Website                      : https://rootcodes.com/