LEGAL BASIS
Regulated in Article 20 of the Constitution; this right, that everyone has the right to demand the protection of their personal data; In accordance with the Law on the Protection of Personal Data No. 6698, on the basis of the basic legal basis that personal data can be processed only in cases stipulated by the law or with the explicit consent of the person. We attach utmost importance to the protection and processing of Personal Data in accordance with the law and we act with this care in all our planning and activities. As the company, we take all administrative and technical measures for the protection and processing of Personal Data, which is the basis of privacy, and we inform and warn our personnel about the legal sanctions regulated in Article 135 of the Turkish Penal Code (TPC) No. 5237 and the following.
PURPOSE
With the Law No. 6698 on the Protection of Personal Data in force, the protection of fundamental rights and freedoms of individuals, in particular the privacy of private life, and the obligations of natural and legal persons processing personal data, as well as the procedures and principles to be followed, are regulated in the processing of personal data. The aim of our policy, which was prepared by taking into account the regulation in question; ensuring compliance with the obligations regarding the protection of personal data, processing, transferring and protecting the confidentiality of the information provided within the scope of the activities carried out by our Company, by evaluating with a risk-based approach, determining strategies, internal controls and measures, operating rules and responsibilities, and raising awareness of the employees of the institution on these issues. At the same time; It is aimed to ensure transparency by informing the people whose personal data are processed by our Company, especially our customers, potential customers, employees, employee candidates, Company shareholders, Company officials, visitors, employees, shareholders and officials of the institutions/organizations we cooperate with, and third parties.
SCOPE
This policy applies to all transactions processed automatically or non-automatically, provided that it is a part of any data recording system, of our customers, potential customers, employees, employee candidates, Company shareholders, Company officials, visitors, employees, shareholders and officials of the institutions we cooperate with, and third parties. regarding your personal data.
DEFINITIONS
Explicit Consent
Consent, which is based on information on a particular subject and expressed with free will.
Anonymization
It is the change of personal data in such a way that it loses its ability to be associated with an identified or identifiable person and this situation cannot be undone. Example: Masking, aggregation, data corruption etc. making personal data incapable of being associated with a natural person with techniques.
Worker
Persons working in the Company pursuant to the employment contract concluded with the Company.
Employee Candidate
Real persons who have either applied for a job in the Company by any means or have opened their CV and related information to the Company’s inspection.
Real Persons and Private Law Legal Entities
Real persons are those who were born right and full and currently living in accordance with the Turkish Civil Code. Private Law Legal persons refer to the Commercial Companies defined in the Turkish Commercial Code and the associations and foundations defined in the Turkish Civil Code.
Open to Everyone
It refers to the group of people that does not constitute any characteristic, that is, all people.
Shareholders
Real or legal persons who own shares (shares) in the Company of the Data Controller.
Business Partner
The parties with which the Data Controller carries out commercial activities and has a commercial relationship.
Employees, Shareholders and Officials of the Institutions We Collaborate with
Natural persons, including the shareholders and officials of these institutions, working in the institutions (such as but not limited to business partners, suppliers) with which the company has all kinds of business relations.
Affiliates and Subsidiaries
Affiliates are companies in which the Data Controller has a share in the capital of another company. If the company has more than 50% of the voting rights of the company it is a partner of, the relationship between the company and the partner company creates a subsidiary, if the majority is not in the company, there is a simple affiliate relationship.
Processing of Personal Data
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, All kinds of operations performed on data such as classification or prevention of use.
Personal Data Owner
The natural person whose personal data is processed. For example; Customers and employees.
Personal Data
Any information relating to an identified or identifiable natural person. The processing of information regarding legal persons is not within the scope of the law. For example; name-surname, TR, e-mail, address, date of birth, credit card number etc.
Customer
Real persons who use or have used the products and services offered by the Company, regardless of whether they have any contractual relationship with the Company.
Special Quality Personal Data
Data related to race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are special data.
Potential Customer
Real persons who have requested or interested in using our products and services or who have been evaluated in accordance with commercial practices and honesty rules that they may have.
Intern
Real persons who have applied for an internship to the company by any means, and who aim to put their theoretical knowledge about the profession into practice in the workplace.
Company Shareholder
The shareholders of the company are natural persons.
Company Official
Member of the company’s board of directors and other authorized natural persons.
Supplier
Parties that have a business relationship with the Data Controller based on the service contract and/or power of attorney agreement for service procurement within the scope of the Data Controller’s commercial activities.
Group Companies
According to the definition in the Turkish Commercial Code, “Companies that are directly or indirectly affiliated with the controlling company form the group of companies together with it.”
Third Party
Third party real persons (eg Family Members and relatives) who are related to these persons in order to ensure the security of commercial transactions between the Company and the above-mentioned parties or to protect the rights of the aforementioned persons and to obtain benefits.
Data Processor
It is the natural and legal person who processes personal data on behalf of the Data Controller based on the authority given by him. For example, the firm or companies that hold the Company’s data, etc.
Data Controller
The person who determines the purposes and means of processing personal data, manages the place where the data is kept systematically (data recording system), provides the data owner with the necessary information about his personal information as a result of the request / application of the data owner, and makes the referrals.
Authorized Public Institutions and Organizations
Public institutions and organizations that are authorized by the relevant legislation to request information and documents from the Data Controller and are also required to transfer in order for the Data Controller to fulfill their legal obligations.
Visitor
Real persons who enter the physical premises of the company for various purposes or visit our websites.
ABBREVIATIONS
PDP Law
Law No. 6698, Law on Protection of Personal Data No. 6698, dated March 24, 2016, published in the Official Gazette No. 29677, dated 7 April 2016.
Constitution
The Constitution of the Republic of Turkey, dated 7 November 1982 and numbered 2709, published in the Official Gazette dated 9 November 1982 and numbered 17863.
PDP Board
Personal Data Protection Board
PDP Authority
Personal Data Protection Authority
Policy
Company Policy on Protection and Processing of Personal Data
TCO
Turkish Code of Obligations dated 11 January 2011 and numbered 6098, published in the Official Gazette dated 4 February 2011 and numbered 27836.
TPC
Turkish Penal Code No. 5237, dated 26 September 2004, published in the Official Gazette dated 12 October 2004 and numbered 25611.
TCC
Turkish Commercial Code No. 6102, dated January 13, 2011, published in the Official Gazette dated February 14, 2011 and numbered 27846.
DATA CATEGORIES
The Company may save, process or transfer data for the following categories of data.
Identity
Information such as name, surname, mother and father’s name, mother’s maiden name, date of birth, place of birth, marital status, identity card serial number, Turkish Citizenship identification number.
Contact
Information such as address number, e-mail address, contact address, registered e-mail address (KEP), telephone number.
Location
The location information of the current location.
Personal
Information such as payroll information, disciplinary investigation, entry-exit document records, property declaration information, resume information, performance evaluation reports.
Legal Action
Information such as information in correspondence with judicial authorities, information in the case file.
Customer Transaction
Information such as call center records, invoice, promissory note, check information, information in box office receipts, order information, request information.
Physical Space Security
Information such as entry and exit registration information of employees and visitors, camera recordings.
Transaction Security
Information such as IP address information, website login and exit information, password and password information.
Risk Management
Information such as information processed to manage commercial, technical, administrative risks.
Finance
Information such as balance sheet information, financial performance information, credit and risk information, and asset information.
Professional Experience
Information such as diploma information, courses attended, vocational training information, certificates, transcript information.
Marketing
Shopping history information, survey, cookie records, information obtained through campaign work.
Audio-Visual Recordings
Recordings such as audio-visual recordings.
Health Information
Information about disability, blood group information, personal health information, PCR test results, pandemic health information, such as device and prosthesis information.
Criminal Conviction and Security Measures
Information such as information on criminal convictions, information on security measures.
PURPOSES OF PERSONAL DATA PROCESSING
The Company may save, process or transfer personal data for the following purposes:
LEGAL REASONS FOR PERSONAL DATA PROCESSING
The legal reasons for the processing of personal data are regulated in Article 5 of the PDP.
LEGAL REASONS FOR PROCESSING SPECIAL QUALITY PERSONAL DATA
The legal reasons for the processing of personal data are regulated in Article 6 of the PDP.
PERSONAL DATA TRANSFER RECEIVER GROUPS
The Company may transfer personal data to the following Personal Data Transfer Recipient groups.
PERSONS SUBJECT TO PERSONAL DATA
The company may save, process or transfer personal data according to the following types of persons:
DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA
PERSONAL DATA STORAGE PERIOD
Personal data retention periods are regulated in detail in the Personal Data Retention and Disposal Policy.
DATA CONTROLLER INFORMATION
For questions and/or comments regarding the Personal Data Protection Policy, please contact us using the contact information below:
Mersis No
KEP Address
E-Mail Address
Physical Mailing Address
0388143442200001
finsoteknoloji@fhs05.kep.tr
info@finso.com.tr
Küçükbakkalköy Mahallesi Kayışdağı Caddesi Allianz Plaza Sitesi No: 1 İç Kapı No: 108 Kat:29 Ataşehir-İstanbul