COOKIE INFORMATION TEXT
We, as Recep Tayyip Erdoğan University and Turkish German University Technology Development Zone Management Joint Stock Company (Company), would like to inform you about the cookies used on our website at https://www.dijitalparkteknokent.com.tr/ within the scope of the Personal Data Protection Law (Law) and other relevant legislation.
1. What is a Cookie?
Cookies are very small text files, usually composed of letters and numbers, that are saved on your computer (or other devices like smartphones or tablets) by websites you visit via browsers. Cookies allow for the recognition of the user and device, and the storage of certain information about user preferences and past transactions. Cookies are created by servers managing the website you visit. Thus, when a visitor returns to the same site, the server can recognize them.
2. Cookies Used on Our Website
As our Company serves as the management company for the Recep Tayyip Erdoğan University and Turkish German University Technology Development Zone, links facilitating R&D Portal logins are used through our https://www.dijitalparkteknokent.com.tr/ website. Additionally, as part of the security measures against bot attacks, the Google reCAPTCHA v3 service is used. Therefore, cookies on our website are divided under three tabs: https://www.dijitalparkteknokent.com.tr, https://argeportal.dijitalparkteknokent.com.tr, and https://www.google.com.
2.1. https://www.dijitalparkteknokent.com.tr tab cookies;
For the use of our website in terms of announcing and informing about our Company's activities, cookies are not used by our Company, and no personal data processing activity via cookies is present.
2.2. https://argeportal.dijitalparkteknokent.com.tr tab cookies;
Due to our Company being the management company for the technology development zone, some cookies are used within the R&D Portal integration on our website, as detailed below:
Cookie Name | According to Storage Period | According to Source | Descriptions |
ASP.NET_SessionId | Session cookie | 1st Party | This is a session cookie, and it is deleted when the user closes the browser. It is a 1st party cookie set by the ASP.NET MVC application and created directly by the website, valid only on the used website. It is used to manage user sessions and retain session information during the session; it is a mandatory cookie for the correct functioning of the website. Only the user's session ID is stored during the session in an automated manner, and the processed data is deleted after the session ends. |
__RequestVerificationToken | Session cookie | This is a session cookie, deleted when the user closes the browser. It is a 1st party cookie set by the ASP.NET MVC application and created directly by the website, valid only on the used website. It is a mandatory cookie for protection against security threats like CSRF (Cross-Site Request Forgery). This cookie only contains a form validation token and does not store any personal data about the user. It is used solely for the server to understand that the request is legitimate. |
2.3. https://www.google.com tab cookies;
Cookie Types | According to Source | Descriptions |
DC. __Secure-3PSIDTS | 3rd Party cookies | In cases where user login to the R&D Portal is made through our website, the Google reCAPTCHA v3 service is used as a security measure against bot attacks. The cookies specified by Google are used to utilize this service. Detailed information about the personal data processed by these cookies and their storage periods can be found at https://policies.google.com/technologies/cookies. These cookies are mandatory for ensuring secure user logins. |
3. Processing Purpose and Related Person Rights
Through the cookies described above; personal data is processed based on the Article 5/2-f of the Law, Legitimate Interest of the Data Controller provision.
To receive information regarding your rights concerning your processed personal data, as listed in Article 11 of the Law, you can fill out the Data Subject Application Form available on our website and send it to our Company as specified on the form. Your application will be responded to within 30 days at the latest, without violating other people's data security, and in accordance with the Law.
DİJİTALPARK STARTUP COMPANY EMPLOYEE INFORMATION TEXT
As employees of the Startup Companies operating in the Region, some of your personal data are processed by our Company during your entry and exit to the Region. Through this information text, we aim to inform you in accordance with the Law on the Protection of Personal Data No. 6698 concerning your processed personal data.
Region: Encompasses areas located in different locations belonging to Recep Tayyip Erdoğan University and Turkish-German University Technology Development Zone,
Startup Company: The companies benefiting from the services and facilities in the Region and/or operating in the region,
Personal Data: Any information relating to an identified or identifiable natural person,
Processed Personal Data | Name-Surname, Photograph, Turkish ID No, Institution and Position Information, Staff Attendance Tracking Information |
Purpose of Processing | Conducting Physical Space Security, Creating and Tracking Visitor Records, Ensuring the Security of Data Controller Operations |
Legal Grounds | Art.5/2-f Data Controller's Legitimate Interest |
Method of Obtaining Data | Processed by issuing a card containing identity information after Entrepreneurial Companies provide their employees' information to Dijitalpark and the use of this card. |
Transfers and Purpose of Transfer | In cases required for security purposes, transfers are made to law enforcement agencies, and for data related to their own employee, to the relevant Startup Company. Additionally, a transfer is made mandatorily to the software company supporting the card system operation solely for providing the mentioned service. |
Processed Personal Data | Photograph, Non-Sound Video Recording, License Plate Information, Vehicle Brand and Model Information |
Purpose of Processing | Conducting Physical Space Security, Ensuring the Security of Data Controller Operations |
Legal Grounds | Art.5/2-f Data Controller's Legitimate Interest |
Method of Obtaining Data | Collected via security cameras. |
Transfers and Purpose of Transfer | Transfers are made to law enforcement agencies in cases required for security purposes. |
Under Article 11 of Law No. 6698, you have the right to learn whether your personal data are processed, to request information regarding processed data, to learn processing purposes and whether they are used in line with these purposes, to request information about domestic and international data transfers, to request correction of incomplete or incorrect processed personal data, to object to the processing that results in adverse outcomes for you based on analyzed data, and to request compensation for any damages due to unlawful processing of data. To exercise these rights, you may fill out the Data Subject Application Form available on our Company's website and submit it to our Company. Additionally, you can send your written application containing your request to exercise these rights through our Company's communication channels.
INFORMATION TEXT ABOUT CAMERA RECORDINGS
Our company, Recep Tayyip Erdoğan University and Turkish-German University Technology Development Zone Management Joint Stock Company (Company), in informing you regarding the camera surveillance activities conducted in Recep Tayyip Erdoğan University and Turkish-German University Technology Development Zone (Dijitalpark Technopark), and to ensure these activities are conducted in compliance with the Personal Data Protection Law (Law) and other relevant legislation.
The Company conducts personal data processing activities with closed-circuit camera systems in all areas of Dijitalpark Technopark, for which our Company is the managing company, as well as in all buildings and open areas owned by the Company, acting as the Data Controller. Information related to this surveillance process is provided through boards positioned in various areas and this information text.
Recorded Data: Cameras only record images without capturing audio. Therefore, personal data such as images and license plate information captured by the security camera are processed through surveillance activities.
Purpose of Recording: The surveillance activities are conducted by our Company for purposes that are limited to ensuring physical space security, carrying out audit activities, tracking legal processes, conducting internal audit activities, ensuring OHS and business activities, and ensuring that activities are conducted in compliance with legislation.
Legal Basis: Our data processing activities through camera recordings are conducted based on the legal grounds of fulfilling our Company's legal obligations and protecting its legitimate interests, in compliance with Articles 5/2-c and 5/2-f of the Law.
Limits of Recording: The Company does not monitor areas that could violate personal privacy beyond security purposes (like dressing rooms, restrooms, etc.).
Security of Recordings: In compliance with Article 12 of the Law, necessary administrative and technical measures are taken by our Company for the security of data obtained through camera recordings. In this context, network security is ensured, current anti-virus systems and firewalls are used, an access authorization matrix is applied, the number of people with access is limited, and staff awareness training is provided, with staff signing personal data protection commitments.
Retention Period: The retention period for camera recordings may vary based on the density of the camera angle due to the size of the storage space, but is limited to a maximum of 1 (one) month. For detailed information about retention and destruction conditions, you can review our Personal Data Processing Protection Retention and Destruction Policy on our website.
Sharing with Third Parties: Our Company may transfer your personal data processed through camera recordings to third parties only in necessary situations and limited to the purpose of necessity. In this context, personal data contained in camera recordings may be shared with law enforcement, public prosecutors, courts, and other authorized public institutions and organizations without your consent when requested. Additionally, these recordings may be shared with shareholders, subsidiaries, and affiliated companies in cases of necessity for the legitimate interests of the Company, with necessary measures taken to protect the rights of relevant individuals.
Your Right to Information: To obtain information about your personal data processed through camera recordings and regarding your rights listed in Article 11 of the Law, you can fill out the Data Subject Application Form available on our website and submit it to our Company as indicated on the form. Your application will be responded to within 30 days in compliance with the Law without violating others' data security.
PERSONAL DATA PROTECTION PROCESSING
STORAGE AND DISPOSAL POLICY
1. INTRODUCTION
1.1. PURPOSE
Our company, Recep Tayyip Erdoğan University and Türk Alman University Technology Development Zone Management Joint Stock Company (Company), conducts all its activities meticulously to comply with the applicable legal regulations regarding the protection of personal data. In this context, with this Personal Data Protection Processing, Storage and Disposal Policy (Policy), the Company aims to ensure transparency regarding personal data processing activities.
1.2. SCOPE
This policy explains the principles adopted in the processing of personal data, the data processed in company processes, methods of processing, purposes of processing and legal reasons for processing, relevant individuals, entities to which data is transferred and purposes of transfer, storage and disposal conditions, technical and administrative measures taken, and the rights of the relevant person.
1.3. ABBREVIATIONS AND DEFINITIONS
Explicit consent: Consent based on information regarding a specific matter, expressed freely,
Anonymization: Making personal data non-associable with any identified or identifiable real person even by matching them with other data; modifying personal data in a way that it loses its nature and this state cannot be reversed,
Unit: The Personal Data Protection Unit established within the Company,
Zone: Recep Tayyip Erdoğan University and Türk Alman University Technology Development Zone,
Employee Candidate: Real individuals who have applied for a job in any way or have made their resumes and related information open for the company's review,
Entrepreneurial Company: Real and legal persons operating within the Zone,
Shareholder: Real individuals and legal persons who are shareholders of the Company or Entrepreneurial Company and their representatives,
Relevant Person (Data Owner): The real person whose personal data is processed,
Law: The Personal Data Protection Law No. 6698,
Personal data: Any information relating to a specific or identifiable real person, (Data belonging to legal persons can only be considered personal data when associated with a real person's identity.)
Personal Data Processing Inventory: The inventory we prepared, detailing the data processing activities carried out by our Company in connection with business processes; personal data processing purposes, data category, transferred recipient group, and the maximum period necessary for the purpose they are processed, and the measures taken related to data security,
Processing of personal data: Any operation performed on personal data, such as acquiring, recording, storing, preserving, altering, rearranging, disclosing, transferring, taking over, making available, classifying, or preventing the use of data, automatically or as part of a data recording system,
Board: Personal Data Protection Board,
Authority: Personal Data Protection Authority,
Special category personal data: Personal data that, when unlawfully processed, may result in victimization or discrimination; data related to race, ethnic origin, political opinions, philosophical belief, religion, sect or other beliefs, attire, membership of associations, foundations or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data,
Company Official: A member of the board of directors of the Company and other authorized real persons,
VERBIS: Data Controllers' Registry Information System,
Data Processor: The real or legal person who processes personal data on behalf of the data controller based on the authority granted by them,
Data Owner Application Form: The information request form containing the application to be made to the Company by personal data owners to exercise their rights,
Data Controller: The Company, which determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system within the scope of this Policy,
Directive: Guideline of the Personal Data Protection Unit of Recep Tayyip Erdoğan University and Türk Alman University Technology Development Zone Management Joint Stock Company,
Website: Our company's https://www.dijitalparkteknokent.com.tr/ website.
1.4. APPLICATION OF LEGISLATION
The legal regulations currently in force regarding the processing, protection, storage, and disposal of personal data shall take precedence. In the event of any inconsistency between the legislation and the Policy in force, the Company acknowledges that the prevailing legislation shall apply. The Policy organizes and substantiates the rules set by the relevant legislation within the scope of Company practices.
2. PROCESSING OF PERSONAL DATA
2.1 PROCESSED DATA
Under this Policy, the categories of personal data to be processed and the data to be processed by category are as follows:
| DATA CATEGORY | PROCESSED DATA | PERSONS CONCERNED |
|---|---|---|
| Identity | Name-Surname, TR Identity No, Gender, Date of Birth, Place of Birth, Turkish ID Card Serial No, ID Card Validity Date, Mother-Father’s Name, Nationality, Signature Statement, Institution and Title Information, License Plate Information, Tax Identification No, Tax Office, Signature Circular | Visitor, Employees, Employee Candidate, Potential Product and Service Recipient, Product and Service Recipient, Shareholders, Referee, Trainer/Consultant, Supplier |
| Contact | Email, Phone Number, Address Information, Social Media Accounts | Visitor, Employees, Employee Candidate, Newsletter Subscription Requester, Potential Product and Service Recipient, Product and Service Recipient, Shareholders, Referee, Trainer/Consultant, Supplier |
| Personnel | Employee Title, Photograph, Education Institution Name, Diploma Grade, Leave Information, Department Education Was Received, Salary Expense Information, Employment Entry Information, Personnel Card Information, Office Entry-Exit Time | Employees, Supplier Employees, Entrepreneurial Company Employees |
| Professional Experience | Professional Data, Education/Certificate Data | Visitor, Employee Candidate, Employees, Potential Product or Service Recipient, Product or Service Recipient, Shareholders, Trainer/Consultant |
| Visual and Audio Records | Photograph, Camera Recording | Employee Candidate, Entrepreneurial Company Employees, Trainer/Consultant, Employees |
| Criminal Convictions and Security Measures | Criminal Record | Employees |
| Health Information | Health Report | Employees |
| Finance | Bank IBAN Number, Payroll Information | Employees, Referee, Supplier |
| Physical Space Security | Camera Recording | Visitor |
| Customer Transaction | Project Information, Application Subject Request, Website, Institution and Title Information, Institution Registration No | Potential Product or Service Recipient, Product or Service Recipient |
| Transaction Security | IP Address, Session ID | Referee, Trainer/Consultant, Visitor (Website) |
| Others | Tests Conducted for Suitability to Job Description | Employee Candidate |
2.2. COMPLIANCE WITH GENERAL PRINCIPLES
2.2.1. Processing in Compliance with the Law and Principles of Integrity: Our Company is diligent in ensuring that data processing activities are conducted in accordance with the provisions of the Law and do not violate the principles of integrity.
2.2.2 Accuracy and When Necessary Keeping Personal Data Up-to-Date: Our Company may obtain commitments from the relevant individuals that the data they share is accurate to ensure the accuracy of personal data. Additionally, any changes that occur in personal data of the relevant person are modified to ensure up-to-dateness regarding processed personal data.
2.2.3. Processing for Specific, Explicit, and Legitimate Purposes: The Company explicitly sets out the purposes of processing personal data within this Policy and the Personal Data Processing Inventory and carries out personal data processing activities within these purposes.
2.2.4. Being Relevant, Limited, and Proportionate to the Purposes for Which They Are Processed: The Company only processes and transfers personal data in line with the purpose of processing.
2.2.5. Storing for the Period Stipulated in the Relevant Legislation or Required for Processing Purposes: The Company retains personal data only as necessary for the processing purpose and stores it for the maximum period stipulated by law under all circumstances. The Company complies with the minimum and maximum storage durations anticipated for the retention of personal data. Upon the expiration of the legal retention period or when the processing purpose ceases, the Company destroys personal data according to periodic destruction times or upon the relevant person's request.
2.3. LEGAL REASONS FOR PERSONAL DATA PROCESSING
2.3.1. Personal data may be processed by our Company under the presence of one or more of the following reasons:
2.3.2. Special category personal data, due to their potential to cause discrimination or victimization, can only be processed for the following legal reasons provided for by law. Special category personal data may be processed by our Company under the presence of one of the following legal reasons:
2.3.3. In the event of one or more of the legal reasons listed above, our Company may process personal data and special category personal data lawfully without the explicit consent of the relevant person. However, in cases where none of the reasons listed above exist, it is also possible for our Company to process personal data based on the explicit consent of the relevant person. For this reason, personal data may be processed by our Company with explicit consent in accordance with Article 5/1 and Article 6/3-a of the Law.
2.4. PURPOSES OF PERSONAL DATA PROCESSING
2.4.1 In Appointment Planning Process: For ensuring physical space security, conducting communication activities, executing/monitoring business activities, creating and tracking visitor records, personal data is processed.
2.4.2 In Occupational Health and Safety (OHS) Processes: For fulfilling employees' obligations arising from employment contracts, conducting activities in compliance with laws, conducting OHS activities, personal data is processed.
2.4.3 In KVKK Compliance Processes: For fulfilling employees' obligations arising from employment contracts, conducting training activities, conducting activities in compliance with laws, executing assignment processes, conducting communication activities, ensuring the security of data controller operations, personal data is processed.
2.4.4 In Recruitment Processes: For handling employee candidate selection and recruitment processes, planning human resources processes, personal data is processed.
2.4.5 In Personnel File Maintenance Processes: For fulfilling employees' obligations arising from employment contracts, conducting activities in compliance with laws, executing assignment processes, conducting communication activities, planning human resources processes, personal data is processed.
2.4.6 In Employee Payroll Arrangement Processes: For fulfilling employees' obligations arising from employment contracts, conducting finance and accounting transactions, personal data is processed.
2.4.7 In Personnel Email Registration Processes: For conducting information security processes, executing assignment processes, conducting internal audit activities, conducting communication activities, planning human resources processes, personal data is processed
RECEP TAYYİP ERDOĞAN UNIVERSITY AND TURKISH GERMAN UNIVERSITY TECHNOLOGY DEVELOPMENT ZONE MANAGEMENT JOINT STOCK COMPANY PERSONAL DATA PROTECTION UNIT DIRECTIVE
SECTION ONE
Introductory Provisions
Purpose and Scope
Article 1- (1) This Directive is prepared to organize the establishment, duties, authority, and working principles of the Personal Data Protection Unit created to execute the processes that ensure the Company's personal data processing activities comply with the Personal Data Protection Law No. 6698.
Basis
Article 2- (1) This Directive is based on the Company's Board of Directors decision dated 31.07.2024 and numbered 2024/035.
Definitions
Article 3- (1) In this Directive, the following terms are defined as:
express.
SECTION TWO
Establishment, Duties, Authority, and Working Principles of the Unit
Selection of Unit Members and Decision-Making
Article 4- (1) The Unit was established by the Company's Board of Directors decision dated 31.07.2024 and numbered 2024/035 to fulfill the obligations in the Law.
(2) The Unit members and the Unit head are selected by the General Manager from among the Company personnel. The Unit comprises a total of 5 (five) members.
(3) The data contact person is selected by the General Manager and is a natural member of the Unit.
(4) The Unit convenes with at least one more than half of the total members and decides by the majority of the participants. In the event of a tie, the decision supported by the Unit Head will prevail.
(5) The Unit directly reports to the General Management and must obtain the General Manager's approval for all decisions and actions before implementation.
The Unit's Duties and Authorities
Article 5- (1) The Unit organizes the procedures to ensure the alignment of personal data processing with the Law. In this context, the Unit is responsible for the preparation and updates of the Company's disclosure texts, personal data protection and processing policy, personal data retention and destruction policy, cookie policy, personnel data security undertakings, and additional agreements and commitments regarding data security signed with third parties, among others, ensuring their compliance with the Law.
(2) The Unit is responsible for ensuring that the Company's Data Inventory remains updated during ordinary meetings. The Data Contact Person is responsible for updating the VERBIS registration in line with revisions in the Data Inventory.
(3) The Unit meets regularly every three months and conducts routine and random internal audits related to the Company's data processing activities before each meeting, recording the outcomes in a protocol.
(4) During ordinary meetings, if any Personal Data exists whose purpose of processing is no longer valid as per the Personal Data Retention and Destruction Policy, the Unit identifies these data. Destruction of the required Personal Data is carried out following the written approval of the General Manager, and a protocol is created for the destruction process. Personal Data Destruction Protocols are preserved for 3 (three) years from the date of destruction.
(5) In the event of a Data Breach, each Unit member is authorized and obliged to call the Unit to an emergency meeting. The Unit will immediately inform the General Manager in writing and verbally. Within 24 hours of becoming aware of the situation, a meeting will be held to make findings on the Data Breach and take initial measures. Following the meeting, the Unit will perform necessary procedures to notify the Authority of the Data Breach as required by the Law.
(6) If a Relevant Person applies to the Company with a Data Subject Application Form, the Unit convenes within 3 (three) calendar days at most from the application date. It makes necessary conclusions about the Relevant Person's application and informs the General Manager verbally and in writing, organizes the seeking of legal counsel for responding to the application, and arranges other processes within the Company.
(7) The Unit oversees the processes ensuring that all Company personnel receive personal data protection awareness training as part of the compliance process. In each ordinary meeting, the Unit completes checks to verify whether any newly hired personnel have not yet undergone this training and remedy any deficiencies.
(8) The Unit assesses whether there are any technical and administrative measures needed each ordinary meeting to ensure data security in the Company's personal data processing processes. The prepared report will be submitted to the General Manager to track the completion of these measures.
(9) If the Board issues any instructions to the Company, the Unit carries out necessary procedures to ensure compliance with these.
SECTION THREE
Miscellaneous and Final Provisions
Article 6- (1) This Directive enters into force on its approval date by the Company's Board of Directors.
Effective Date: 01.08.2024
DATA SUBJECT APPLICATION FORM
In accordance with Article 13, Paragraph 1 of the Personal Data Protection Law (Law), to exercise your rights specified in Article 11 of the Law, you can fill out this form and;
According to Article 11 of the Law; you have rights to request information about whether your personal data is being processed by our Company, if so, information regarding that, the purpose of processing and whether it is used appropriately according to the purpose, to whom your personal data is transferred within or outside the country, to request correction of incomplete or incorrect data, to request deletion or destruction of your personal data if the purpose for processing has ceased, to request notification of corrections or deletions/destructions made to third parties to whom data is transferred, to object to the creation of an unfavorable outcome by analyzing your processed data, and to claim compensation if you suffer damage due to unlawful processing of your personal data.
To avoid any loss of rights and to ensure a quicker response, the phrase “Information Request Under the Personal Data Protection Law” should be included on the envelope or in the subject line of the electronic mail when sending the form.
Name Surname: |
|
ID No: |
|
Phone Number: |
|
E-mail Address: |
|
Address: |
|
|
|
|
|
|
|
|
|
(Must be a notarized power of attorney with special authorization.) |
This application form you filled out has been created to identify your relationship with our Company and to ensure a complete and accurate response related to your personal data processed by the Company within the legal period, and the information you provide in the form will only be used for this purpose. To eliminate legal risks arising from unlawful or unauthorized data sharing and to ensure the security of your personal data, the Company reserves the right to request additional documents and information for identity and authorization verification.
In case the information you shared in the form is not accurate and up-to-date or if an unauthorized application is made, our Company does not accept liability for not responding to these requests or if the response cannot reach you.
Your application will be answered free of charge within 30 (thirty) days from the date your request is received by our Company. If the response exceeds 10 pages, the fee for each page after 10 pages and the fee for an electronic response may be charged to you according to the tariff set by the Personal Data Protection Board.
IMPORTANT NOTE: APPLICATIONS MUST BELONG TO THE INDIVIDUAL. APPLICATIONS CANNOT BE MADE ON BEHALF OF A SPOUSE, RELATIVE, ETC. IN THE CASE OF A LACK OF DISCRETION POWER OF THE CHILD, THE PERSON WITH PARENTAL OR GUARDIANSHIP AUTHORITY CAN APPLY ON BEHALF OF THE CHILD. THE COMPANY MAY REQUEST VERIFICATION INFORMATION IF IT SUSPECTS ABOUT THE APPLICANT'S IDENTITY OR GUARDIANSHIP/AUTHORITY.
TO BE COMPLETED BY THE COMPANY.
Name Surname of Recipient: |
|
Date: |
|
Signature: |
|
KVKK INFORMATION NOTICE
Our company, Recep Tayyip Erdoğan University and Turkish German University Technology Development Zone Management Joint Stock Company (Company), in the capacity of Data Controller under the Personal Data Protection Law No. 6698 (Law) and relevant legislation, carries out personal data processing activities.
Our Company provides information for employees, employee candidates, visitors, individuals whose data is processed through camera recordings, entrepreneur firm employees, and individuals whose data is processed through cookies, through information texts specially prepared for these processes. Some of these texts are accessible via our website, while others are provided directly to the individual before the data processing process physically.
We present this information notice for data processing activities that do not relate to the mentioned individuals.
For our customers and potential customers; name-surname, address, email, phone number, date of birth, project information, company and title information, application subject request in work area, nationality, social media accounts, website, tax office, tax ID number, education certificate data, signature circular data; and for the shareholders of these persons; name-surname, Turkish ID number, gender, place of birth, date of birth, email, phone number, nationality, education/certificate data are processed for purposes such as conducting activities in compliance with legislation, execution/audit of business activities, execution of goods/services production and operation processes, establishment and performance of contractual obligations, execution of after-sales support services, and execution of strategic planning activities.
For our suppliers and their employees; name-surname, Turkish ID number, tax ID number, tax office, address, email, phone number, bank account information, employee title, signature circular are processed for purposes such as execution of communication activities, execution of goods/services purchasing processes, establishment and performance of contractual obligations, and ensuring the security of controller operations.
For project reviewers; name-surname, institution and title information, IP address, Turkish ID number, bank IBAN number, phone number, email information are processed for purposes such as execution of audit activities, execution of activities in compliance with legislation, execution of communication activities, execution/audit of business activities, and execution of goods/services production and operation processes and purchasing processes.
For individuals who provide training or consultancy within our Company; name-surname, institution and title information, photograph, camera recording, IP address, phone number, email information are processed for purposes such as execution of training activities, execution of communication activities, ensuring business continuity, execution of sponsorship activities, execution of activities in compliance with legislation, execution/audit of business activities, execution of goods/services production and operation processes, establishment and performance of contractual obligations.
For individuals requesting newsletter subscription; email address is processed for purposes such as execution of training activities and execution of communication activities.
Data reaching our Company is processed into the system only as necessary. Excess information is not recorded to the system, deleted, or anonymized. This data may be used for statistical purposes.
Our Company may transfer personal data to third parties when the conditions specified in Articles 5 and 6 of the Law exist such as fulfilling legal obligations, data processing being mandatory for the legitimate interests of our Company, being necessary for the contractual process and its fulfillment, or based on your explicit consent in some situations. Possible third-party recipients include the Ministry of Industry and Technology and its affiliated institutions as required by applicable legislation, courts in case of any disputes, enforcement offices, legal/accounting/IT offices where consultancy is obtained, suppliers, shareholders, affiliates, and other authorized bodies. A data privacy commitment is obtained from transferred private individuals and legal entities, and data is shared as required by the purpose.
Additionally, in social media posts made by our Company, data of individuals providing training within our Company are transferred abroad based on the individual's explicit consent, due to the servers of the used social media applications being located abroad.
The personal data explained above can be collected verbally, in writing, or electronically, automatically or non-automatically, through offices, camera recordings, website and its cookies, social media platforms, SMS channels, software assigned to our Company's activities, mobile applications, and business/program partners.
Our data processing activities are based on one or more of the following legal reasons of the Law: Article 5(2)(c) necessity for contract establishment and fulfillment, Article 5(2)(f) necessity for the legitimate interest of the data controller, Article 5(2)(a) data processing as explicitly stipulated in the laws, Article 5(1) explicit consent.
Under Article 11 of the Law, you have the right to learn whether your personal data has been processed, to request information regarding your processed data, to learn the purposes of processing and whether they are used in accordance with mentioned purposes, to request information about domestic and foreign data transfers, to request correction of incomplete or incorrectly processed personal data, to object to the analysis results of data processed exclusively through automated systems that have been processed and have a negative outcome against you, and to claim compensation for direct damages due to illegal processing of data.
To exercise these rights, you can fill out the Data Subject Application Form available on our Company's website and submit it to our Company. Additionally, you can submit your written application containing your request to exercise these rights via our Company's communication channels.
DİJİTALPARK VISITOR INFORMATION NOTICE
Our company processes certain data related to you, our esteemed visitors, entering the Region. This information notice aims to inform you, in accordance with the Personal Data Protection Law No. 6698, about the personal data being processed.
Region: Refers to the Recep Tayyip Erdoğan University and the Turkish German University Technology Development Zone (includes areas located in different locations of the Zone),
Personal Data: Any information related to an identified or identifiable natural person,
Processed Personal Data | Name-Surname, Turkish ID Number, Institution and Title Information, License Plate Information |
Processing Purposes | Conducting Physical Space Security, Creating and Tracking Visitor Records, Ensuring the Security of Data Controller Operations |
Legal Basis | m.5/2-f Legitimate Interest of the Data Controller |
Data Collection Method | Processed by verbally requesting from visitors. |
Transfers and Transfer Purpose | Transfer is made to law enforcement agencies when necessary for security reasons. |
Processed Personal Data | Photo, Video Recording without Sound, License Plate Information, Vehicle Make and Model Information |
Processing Purposes | Conducting Physical Space Security, Ensuring the Security of Data Controller Operations |
Legal Basis | m.5/2-f Legitimate Interest of the Data Controller |
Data Collection Method | Collected via security cameras. |
Transfers and Transfer Purpose | Transfer is made to law enforcement agencies when necessary for security reasons. |
Under Article 11 of Law No. 6698, you have the right to inquire whether your personal data has been processed, request information regarding processed data, learn the purposes of data processing and whether it is used in accordance with these purposes, request information regarding domestic and international data transfers, request correction of incomplete or incorrect personal data, object to adverse results arising from the analysis of your data, and demand compensation for damage arising from unlawful data processing. In order to exercise these rights, you can fill out the Data Subject Application Form available on our Company website and submit it to us. You can also forward your written request to exercise these rights through our Company’s communication channels.
