Scroll Top

PDPA

PDPA

VİZNET Personal Data Protection and Processing Policy Hereby Personal Data Protection and Processing Policy

VİZNET committed to processing personal data in accordance with Law No. 6698 on the Protection of Personal Data (“Law”), as a data controller operating in Türkiye’s IT sector.

Through this policy, VİZNET aims to comply with legal regulations and raise awareness among all stakeholders about the protection and processing of personal data.

  1. KEY ASPECTS OF PERSONAL DATA PROCESSING

1.1. General Principles Regarding the Processing of Personal Data VİZNET shall comply with the general principles, procedures, and regulations outlined in Law No. 6698 and other relevant legislation concerning the protection and processing of personal data obtained in accordance with the Law. In accordance with Article 4 of the Law, VİZNET declares and undertakes to act  in line with the following principles when protecting and processing personal data:

  • VİZNET will act in accordance with the law and principles of honesty in all personal data processing activities, ensuring compliance with the principle of proportionality.
  • VİZNET will ensure that all personal data it processes as a data controller is accurate and up-to-date, taking all necessary measures to achieve this.
  • As a data controller, VİZNET will limit its data processing activities to specific explicit, and legitimate purposes.
  • Personal data will only be processed in connection with its intended purpose, in a limited and proportionate manner. In this context, data processing will be restricted to fulfilling the specified purposes and will not be expanded to accommodate future needs.
  • VİZNET will retain personal data only for the duration stipulated by relevant legislation or as required to achieve the intended purpose.  In doing so, VİZNET will comply with Article 138 of the Turkish Penal Code and Articles 4 and 7 of the Personal Data Protection Law (KVKK).

1.2. Conditions Required for the Processing of Personal Data  

Personal data obtained by VİZNET in accordance with the Law and relevant legislation may be processed, in part or in whole, by automated or non-automated means for legitimate purposes. Such processing will align with the principles described above and may occur with the explicit consent of the data owner or, where applicable, under one or more of the conditions specified in paragraph  2 of Article 5 of the Law, without requiring explicit consent.

Data related to race, ethnic origin, political opinion, philosophical belief, religion, sect, or other beliefs, appearance, clothing, association or union membership, health, sexual life, criminal convictions, security measures, and biometric and genetic data are considered “personal data of a special nature” under the Personal Data Protection Law (KVKK). Additional requirements stipulated by the law apply to the processing, transfer to third parties, and transfer abroad of such special categories of personal data, beyond the general obligations regarding personal data processing.  VİZNET declares and undertakes to comply with the specific provisions regulated in the Law concerning the processing of special categories of personal data.

 

  1. IDENTIFICATION OF PERSONAL DATA AND DATA SUBJECTS

In accordance with Article 10 of the Law on the Protection of Personal Data, we, as the Data Controller, are obligated to inform data subjects, and in fulfilling this obligation, we provide detailed information about the personal data that will be processed by VİZNET Türkiye, including the purpose, legal basis, method, potential recipients of the data, and the rights of the data subject. The personal data processed by VİZNET and its respective target audiences are categorized in the tables below.

 

2.1. Identification of Personal Data to be Processed by VİZNET

The personal data categorized in the table below may be included in various processing activities, provided that one or more of the personal data processing conditions outlined in Article 1.2 of this Policy are met, in accordance with the Law and the principles described in Article 1.1 of this Policy.

 

Content of Personal Data 

 

Identity Data Documents such as a driver’s license, identity card, and passport that contain personal information including name, surname, Turkish ID number, tax ID number, nationality, parents’ names, place of birth, date of birth, gender, and signature.
Contact Data   Telephone number, street address, e-mail address, registered electronic mail address (kep), residence address, workplace address, etc. data useful for communication.
Customer Transaction Call center records, invoice, promissory note, check information, information in box office receipts, order information, request information.
Financial Data  Salary details, asset information, credit and risk information, balance sheet information, financial performance information, monthly income information, debt information, payrolls, EFT/transfer information, tax office information, time/demand account information, other financial data.
Sensitive Personal Data  · Biometric data (fingerprint and face)

· Health data

· Religion

· Union Membership

· Criminal Conviction and Security Measures
Legal Action Data  Personal data processed within the scope of determination and follow-up of legal receivables and rights and fulfillment of debts and compliance with legal obligations and policies of our Ministry, and file and debt information regarding enforcement proceedings (information contained in documents such as court and administrative authority decisions).
Process Security Data  IP address information, website login-exit information, passcode and password, personal data processed in order to ensure our technical, administrative, legal and commercial security and your security while carrying out the activities of the Organization (Information showing that the person is authorized to match that person with the transaction associated with the relevant person and that the person is authorized to perform that transaction).
Professional Experience Data  Relevant person’s institution of employment, duration of employment, type of insurance, sector of employment, diploma information, courses attended, vocational training information, title, level of education, certificates, transcript information, total duration of employment.
Personal Data  All kinds of personal data processed for obtaining information that will be the basis for the formation of the personal rights of real persons who are in a service relationship with VİZNET (Identity information entered in the personal file, job application form, passport sized photo, education information, graduation information, diploma sample, profession, place of previous employment, resume information, private pension information, property declaration, performance evaluation).
Physical Space Security Data  Personal data related to records and documents taken at the entrance to the physical space, during the stay in the physical space; camera recordings and records taken at the security point.
Camera Recording Data  Photographs and camera recordings (excluding recordings within the scope of Physical Space Security Information).
Other Data  Any additional information related to a specific or identifiable natural person that is not included in the categories listed, as determined by the user. Examples of such information include signature, license plate number, date of marriage, parents’ names, information on military service, institution of employment, years of employment, education, foreign language, tax number and other information.

 

 

 

2.2. Identification of the Owners of Personal Data to be Processed by Our Companies

 

The data subjects involved in the personal data processing activities of our companies are categorized in the table below:

Content of Personal Data 

 

Employees Natural persons employed by VİZNET Türkiye under an employment contract entered into between them and VİZNET.
Employee Candidates Natural persons who have applied for a job at VİZNET or who have submitted their CV information to VİZNET through any means.
Interns They are individuals working as interns at VİZNET.
Actual Service Recipients (Customers) Natural persons who receive services from VİZNET under a service contract within the scope of VİZNET’s commercial activities.
Potential Service Recipients (Customers) Natural persons who have requested to receive services from VİZNET or to whom VİZNET has offered to provide services within the scope of its commercial activities.
Real Suppliers Natural persons who provide services to VİZNET under a service contract within the scope of VİZNET’s commercial activities.
Potential Real Suppliers Natural persons who offer to provide services to VİZNET or request service procurement from VİZNET within the scope of its commercial activities.
Corporate Officials Board members of VİZNET and other natural persons authorized to manage within VİZNET.
Customer Authorities and Employees Natural persons who are authorized or employed by the party receiving services from VİZNET under a service contract within the scope of VİZNET’s commercial activities.
Supplier Authorities and Employees Natural persons who are authorized or employed by the party providing services to VİZNET under a service contract within the scope of VİZNET’s commercial activities.
Third Party Any natural person not included in the above categories. Examples include potential customer employees, customer supplier employees, customer supplier authorized persons, etc.

 

PURPOSES OF COLLECTION AND PROCESSING OF PERSONAL DATA  

The personal data of data subjects defined in Article 2.2 of this Policy may be processed for the following purposes:

  • To execute and follow up on business activities related to the performance of services within the scope of service contracts signed with our customers and business partners, including necessary audits and notifications required by legal provisions applicable to the company’s fields of activity, risk assessment and reporting, emergency management processes, and planning and executing operational processes related to services.
  • To ensure physical space security, manage and monitor visitor records.
  • To fulfill obligations arising from the performance of the contract, determine damage or accident processes, and execute and follow up on other related processes.
  • To carry out fiscal, accounting, and financial transactions, including invoicing activities for contractual services.
  • To conduct assessment, analysis, and risk management processes within legal limits concerning services provided to customers.
  • To manage relationships with customers and company employees and monitor corporate governance activities.
  • To manage and follow up on requests and complaints from customers, company employees, and third parties.
  • To improve and develop business processes, determine and implement commercial and business strategies related to the services provided by our companies.
  • To ensure the continuity of business and operational processes, conduct the company’s business and audit activities, and evaluate suggestions for improving business processes.
  • To plan and execute information security processes, create corporate communication tools, manage communication activities, develop IT infrastructure, manage access authorizations, and ensure the legal and commercial security of the products and services offered by our companies and those in business relations with our companies.
  • To plan and monitor business activities with customers, subsidiaries, affiliates, or suppliers.
  • To manage and execute legal processes and communication with official institutions, including providing information to authorized institutions and organizations.
  • To conduct performance evaluation and reporting processes aimed at enhancing service efficiency.
  • To manage and follow up on training, events, and organizational activities for customers and employees.
  • To conduct training and talent/career development activities.
  • To fulfill obligations arising from the employment contract and relevant legislation for employees, enhance employee satisfaction and loyalty, manage fringe benefits and salary policies, plan human resources processes, execute employee candidate application, selection, and placement processes, and implement occupational health and safety procedures.
  • To carry out logistics activities through supply chain management and service procurement processes.
  • To execute goods and/or service sales processes and provide after-sales support activities.
  • To manage customer relationship processes and activities aimed at customer satisfaction.
  • To ensure the security of movable property and resources.
  • To conduct marketing analysis studies and manage advertising and promotion processes.
  • To perform all activities in compliance with relevant legislation.
  • To manage infrastructure and business operations, ensuring adherence to internal policies and procedures related to auditing, finance and accounting, billing and collections, IT systems, data and website hosting, business continuity, records, and document and print management.
  • To communicate with you regarding necessary IT requirements, system structure, the need for IT support services, and related information about these services and products.
  • To conduct traffic measurement, statistical analysis, segmentation/profiling, and CRM studies for sales and marketing activities.
  • To measure and enhance customer satisfaction, manage complaints, collect your feedback and suggestions on new services and products, address problem/error notifications, and inform you about products, services, complaints, and requests.
  • To receive your orders, process payment transactions, collaborate with third parties for logistics, and ship products, as well as recommend products and services that may interest you, engage in online behavioral advertising and marketing, manage customer portfolios, measure and improve service quality, and conduct communication, optimization, audit, risk management, promotion, analysis, interest identification, scoring, profiling, marketing, sales, and advertising activities.
  • To utilize your personal data in connection with various products and services offered to you in accordance with applicable law and relevant legislation, as outlined in the COMPANY’s articles of association, including comparative product/service offers, modeling, and the development of existing or new products.
  • To comply with information retention, reporting, and disclosure obligations set by official institutions, fulfill contractual requirements, and meet the legal obligations to which the COMPANY is subject regarding the provision of these services.
  • To determine and implement the commercial and business strategies of the COMPANY, including managing financial operations, communication, market research, social responsibility activities, purchasing operations (demand, proposal, evaluation, order, budgeting, contract), internal system and application management, and legal operations carried out by the COMPANY.
  • To comply with applicable laws and regulatory obligations (including those outside your country of residence), such as anti-money laundering and anti-terrorism laws, ensure due process of law, and review, evaluate, and respond to requests from governmental and public authorities (including those outside your country of residence).

 

For these purposes, personal data is processed in accordance with the conditions outlined in Articles 5 and 6 of Law No. 6698.

The conditions outlined in Article 6 of the Law shall be followed when processing personal data classified as special under the Law,  and explicit consent from the data subjects shall be obtained for the processing of such data.

 

  1. COLLECTION, COLLECTION MANAGEMENT AND TRANSFER OF PERSONAL DATA  

The personal data of the data subjects defined in Article 2.2 of this Policy may be shared with VİZNET affiliates and subsidiaries, shareholders, product and service buyers (customers), suppliers, and authorized public and private institutions, in accordance with the conditions specified in Articles 8 and 9 of Law No. 6698 and  this data may also be transferred abroad with the consent of the data subject in order to fulfill the aforementioned purposes.

4.1. Third Parties to whom Personal Data is Transferred by Our Companies  and Purposes of Transfer

Pursuant to Article 10 of the PDP Law, we have an obligation to disclose information, and in fulfillment of this obligation, we inform and clarify to the data subjects the groups of persons to whom their personal data may be transferred by our companies. The personal data transferred by our companies, along with the relevant groups of persons and purposes, are categorized in the table below:

Contact Groups that can be Data Transferred Explanation on Contact Groups Purpose of Data Transfer
Affiliates and Subsidiaries Direct or indirect subsidiaries within VİZNET. Execution of business activities, execution of company management affairs, management of human resources processes, execution of contract processes, follow-up of legal affairs, execution of finance and accounting affairs, execution of information security processes, execution of risk management processes
Product / Service Recipient (Customer) Parties who receive goods and/or services from VİZNET under a service contract within the scope of VİZNET’s commercial activities. Execution of contract processes, execution of business and audit activities, execution of occupational health and safety activities, fulfillment of legal obligations, execution of finance and accounting transactions, fulfillment of contractual obligations
Potential Product / Service Recipient (Customer) Individuals who request to receive services from VİZNET within the scope of its commercial activities or to whom VİZNET offers to provide services in any manner. Conducting business development activities, conducting communication activities, conducting goods and or service sales processes, conducting activities for customer satisfaction
Supplier Parties that provide goods and/or services to VİZNET under a service contract within the scope of VİZNET’s commercial activities. Execution of contract processes, execution of goods and or service procurement processes, execution of financial and accounting affairs, execution of business activities, follow-up of legal affairs, execution of litigation procedures, fulfillment of obligations arising from the employment contract and legislation for employees, execution of fringe benefits and benefits processes for employees, execution of training, event and organization activities, execution of insurance transactions, creation of corporate communication tools, storage and archive activities
Shareholders They are individuals and legal entities that own shares in VİZNET. Carrying out company management activities and conducting the necessary audits in accordance with the provisions of the relevant legislation, carrying out budget and reporting procedures, carrying out training activities, carrying out communication activities
Authorized Public Institutions and Organizations Public institutions and organizations authorized to request information and documents from VİZNET in accordance with the provisions of the relevant legislation Providing information to authorized persons, institutions and organizations, fulfilling legal obligations, carrying out emergency management activities, carrying out audit processes, carrying out litigation procedures, carrying out legal affairs

 

Your collected personal data may be transferred to the following parties, limited to the realization of the aforementioned purposes, in accordance with the personal data processing conditions and purposes specified in Articles 8 and 9 of Law No. 6698:

  • The COMPANY’s business partners and suppliers,
  • Persons or organizations authorized under the Tax Procedure Law, Social Security Institution legislation, the Court of Accounts, the Law on Prevention of Laundering Proceeds of Crime, the Law on Prevention of Money Laundering, the Turkish Commercial Code, the Code of Obligations, and other relevant legislation,
  • Legally authorized public institutions and organizations, administrative authorities, and legal authorities,
  • Foreign companies and subsidiaries,
  • Product/service comparison, analysis, evaluation, advertising, and real or legal persons, program partner institutions and organizations with whom we cooperate to realize the above-mentioned purposes, and institutions contracted to send communications to our customers, including cargo companies that deliver your orders.

4.2. Method and Legal Reason of Collecting Personal Data

Your personal data is collected by the COMPANY for the purposes specified above, in accordance with legal legislation and the performance of the contract. This includes applications made through the COMPANY Head Office, contracted websites, other institutions from which we provide or receive support services, real and/or legal entities involved in transactions under any legislation or contract, as well as through our website, mobile application, call centers, social media accounts, verbal, written, or electronic media, and any other channels that may be established now or in the future

.

  1. DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

VİZNET Türkiye and/or its authorized representatives or cooperating entities may use the personal data processed in accordance with Articles 5  and 6. of the PDP Law, unless otherwise required by relevant legislation to retain the data for a longer period. All rights are reserved for processing purposes as stipulated in the legislation and outlined in this policy,  in compliance with Article 138 of the Turkish Penal Code and Article 7 of the Personal Data Protection Law (KVKK). The most current and valid version is the one published. It is the responsibility of each user to verify the validity of the date from the system when printed.  If the purpose of processing personal data no longer exists, VİZNET will delete, destroy, or anonymize the data, either ex officio or upon the request of the data subject.

  1. OUR OBLIGATIONS REGARDING THE PROTECTION AND PROCESSING OF PERSONAL DATA

6.1. Our Obligations as Data Controller

As personal data owners, if you submit your requests regarding your rights through the methods outlined below, the COMPANY will address the request as soon as possible and no later than thirty days, depending on the nature of the request. No fee will be charged for up to ten pages in the response. A transaction fee of 1 Turkish Lira will be charged for each page over ten pages. If the response to the request is provided on a medium such as a CD or flash drive, the fee charged by our company will not exceed the cost of the recording medium.

In accordance with the Law on the Protection of Personal Data, we have obligations arising from Article 12  of the Law and other relevant legislation in our capacity as a data controller. To meet these obligations, we take all necessary technical and administrative measures within our technological capabilities to prevent unlawful processing, unauthorized access to personal data, and ensure its preservation, while conducting the necessary audits in this regard.  If the personal data processed by our companies is unlawfully accessed by third parties, our companies declare and undertake to notify the data owner and the PDP Board as soon as possible, and to ensure that the necessary internal procedures are in place to address this issue.

6.2.Obligation to Ensure  the Effective Exercise of the Rights Granted to Data Subjects under Article 11 of the Personal Data Protection Law (KVKK)

The rights of data subjects pursuant to Article 11 of the PDPL (KVKK) are as follows:

  • To learn whether personal data is being processed,
  • To request information if personal data has been processed,
  • To learn the purpose of processing and whether the data is being used for its intended purpose,
  • To know the third parties to whom personal data is transferred,
  • In case of incomplete or incorrect processing, to request the correction of the data and, if conditions are met, to request its deletion, along with a request for notification of these actions to third parties,
  • To object to the outcome of processing based solely on automated systems, if it results in a disadvantageous consequence,
  • In case of damage caused by the unlawful processing of personal data, to demand compensation for the damage.

Paragraph 2 of Article 28 of the Law outlines the cases in which data subjects do not have the right to request, including the following:

  • Processing of personal data is necessary for the prevention of crime or criminal investigation,
  • Processing of personal data that has been made public by the data subject himself/herself,
  • Personal data processing is necessary for the execution of supervisory or regulatory duties, as well as disciplinary investigation or prosecution by authorized public institutions and organizations, and professional organizations acting as public institutions under the authority granted by law,
  • In cases where personal data processing is necessary for the protection of the economic and financial interests of the state in relation to budget, tax, and financial matters. Except for the right to demand compensation for damage, the rights specified above cannot be exercised in these situations.

Data subjects may request access to their  personal data by submitting their applications regarding the rights granted under Article 11 of the Law to VİZNET Türkiye, either in writing or in accordance with the provisions of the Communiqué on the Procedures and Principles of Application to the Data Controller, published by the PDP (KVK) Board. If a request is made by a third party on behalf of the personal data owner, a notarized power of attorney must be provided on behalf of the applicant.  VİZNET declares and commits to having established the necessary procedures to ensure that data subjects can effectively exercise their rights under the relevant legislation.

In accordance with paragraph 1 of Article 13 of Law No. 6698 and the Communiqué on the Procedures and Principles of Application to the Data Controller (No. 30356, dated 10.03.2018), you may submit your request to exercise your rights mentioned above in Turkish, in writing, or using your registered electronic mail (KEP) address, secure electronic signature, mobile signature, or the email address previously notified to the COMPANY and registered in our system.  In the application, only information about the applicant will be provided, and it will not be possible to obtain information about other family members or third parties.  The COMPANY reserves the right to verify your identity before responding to your request.

It is mandatory to include the following information in your application, and any relevant documents related to the subject must be attached:

  1. a) Your name, surname, and signature if the application is in writing,
  2. b) For Turkish citizens, your Turkish ID number; for foreign nationals, your nationality, passport number, or ID number, if applicable,
  3. c) Your residential or workplace address for notification,

ç) Your email address, telephone number, and fax number, if applicable,

  1. d) The subject of your request

.

You can submit your written applications to the following address of our company: Viznet Bilişim Hizmetleri Tic.  Ltd. Şti, Akasya Acıbadem Çeçen Sokak, Kent Etabı A Blok D:47 Kat:17 34660 Acıbadem Üsküdar – İstanbul, as the data controller, along with the necessary documents.

Alternatively, you can make your applications via email to info@viz.net.

Depending on the nature of your request, you must provide the information and documents necessary for identification, ensuring they are complete and accurate. Failure to provide the required information and documents may result in difficulties in fully and effectively processing the investigations related to your request.  In this case, the COMPANY reserves its legal rights.  Therefore, your application must be submitted in its entirety, including all requested information and documents relevant to the nature of your request.

Viznet Bilişim Hizmetleri Tic. Ltd. Şti  

This site is registered on wpml.org as a development site.