Cloud Bilgisayar Protection of Personal Data,
Processing, Storage and Destruction Policy
Last Updated: April 2024
1. General Provisions
1.1. This personal data processing policy has been prepared in accordance with the requirements of the Personal Data Protection Law No. 6698 (hereinafter referred to as the "Law") and sets out the personal data processing procedure undertaken by Cloud Bilgisayar Bilişim Limited Şirketi (hereinafter referred to as the "Operator" or "Cloud Bilgisayar") and the measures to ensure the security of personal data.
1.2. The purpose of this Cloud Bilgisayar Personal Data Protection, Processing, Storage and Destruction Policy ("Policy") is to inform the real persons whose data are processed by Cloud Bilgisayar in the capacity of data controller about the processes, forms and purposes of collection, processing, storage, protection and destruction of their personal data and their rights and methods of exercising their rights in accordance with the Law.
1.3. This Policy applies to all information that Cloud Bilgisayar may obtain about visitors to the https://eng.cloudbilgisayar.com website.
2. Basic Concepts Used in Politics
2.1. Explicit Consent: consent on a specific subject, based on information and expressed with free will.
2.2. Anonymization: making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data.
2.3. Employee: persons working on Cloud Bilgisayar's payroll, whether or not they are bound by an employment contract, and students/graduates undergoing internship (compulsory/optional) training at Cloud Bilgisayar.
2.4. Law: Law No. 6698 on the Protection of Personal Data.
2.5. Personal Data: any information relating to an identified or identifiable natural person, including but not limited to name-surname, address, ID number, telephone number, e-mail address.
2.6. User: persons who visit the website https://eng.cloudbilgisayar.com or utilize the services of Cloud Bilgisayar.
2.7. Board: refers to the Personal Data Protection Board.
2.8. Institution: refers to the Personal Data Protection Authority.
2.9. Destruction of Personal Data: deletion, destruction or anonymization of personal data.
2.10. Processing of Personal Data: it refers to all kinds of operations performed on personal data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.
2.11. Policy: this "Cloud Bilgisayar Personal Data Protection, Processing, Storage and Destruction Policy".
2.12. Erasure: it is the process of making personal data inaccessible and non-reusable in any way.
2.13. Data Processor: a natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller.
2.14. Data Recording System: it is the recording system where personal data is structured and processed according to certain criteria.
2.15. Data Owner: refers to the real person whose personal data is processed.
2.16. Data Controller: the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
2.17. Website: https://eng.cloudbilgisayar.com may be used to refer to one, several or all of the websites belonging to Cloud Bilgisayar.
2.18. Destruction: it is the process of making personal data inaccessible, irretrievable and non-reusable by anyone in any way.
3. Conditions for Processing Personal Data
3.1. Cloud Bilgisayar processes personal data in accordance with the general principles specified in the Law, based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, in line with the Personal Data Processing purposes listed in Article 7 under this Policy, by informing the relevant persons in accordance with Article 10 of the Law and secondary legislation.
3.2. Personal Data cannot be processed without the explicit consent of the Data Owner pursuant to Article 5 of the Law.
3.3. However, pursuant to Article 5 of the Law; in the presence of one of the following conditions, it is possible to process personal data without seeking the explicit consent of the Data Owner:
• Explicitly stipulated in the law,
• It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
• Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract (for example, obtaining the bank and account information of the creditor party for the payment of the money in accordance with the contract made, sharing the name-surname and address information of the buyer with the cargo company for the delivery of the product subject to the distance sales contract),
• It is mandatory for the data controller to fulfill its legal obligation (for example, obtaining the bank and account information of the employee in order to pay the salary to the employee, asking whether he/she is married, whether his/her dependents, whether his/her spouse is working and social insurance information),
• It has been made public by the Data Owner himself/herself,
• Data processing is mandatory for the establishment, exercise or protection of a right,
• Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the Data Owner.
4. Basic Rights and Obligations of the Operator
4.1. The Operator shall have the following rights:
• To receive documents containing reliable information and/or personal data from the Data Owner;
• In the event that the Data Owner withdraws his/her consent to the Processing of Personal Data and in the event that the Data Owner requests to stop Personal Data Processing, in the presence of the grounds specified in the Law, the Operator has the right to continue to process personal data without the consent of the personal data owner.
• Independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations stipulated by the Law and the regulations adopted pursuant thereto, unless otherwise provided by the Law or other laws.
4.2. The operator is obliged to do the following:
• To provide information to the Data Owner, upon request, regarding the Processing of Personal Data;
• To carry out the Processing of Personal Data in accordance with the relevant legislation in Turkey;
• To respond to the objections and requests of Data Owners and their legal representatives in accordance with the requirements of the Law;
• To publish this Policy on the Processing of Personal Data or to provide Users and Data Owners with access to this Policy document;
• To take legal, administrative and technical measures to protect Personal Data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination and other unlawful acts related to personal data;
• To stop the transfer (dissemination, provision, access) of personal data in the manner and in the cases stipulated by the Law, and to destroy Personal Data if necessary;
• To fulfill other obligations stipulated in the Law.
5. Fundamental Rights and Obligations of Personal Data Owners
5.1. Within the framework of Article 11 of the Law, Data Owners have the following rights regarding themselves:
• Learn whether their Personal Data is being processed or not,
• Request information if their Personal Data has been processed,
• To learn the purpose of processing Personal Data and whether they are used in accordance with their purpose,
• To know the third parties to whom Personal Data is transferred domestically or abroad,
• To request correction of Personal Data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom Personal Data is transferred,
• Although it has been processed in accordance with the provisions of the Law and other relevant legislation, in the event that the reasons requiring its processing disappear, to request the deletion or destruction of personal data and the notification of the transaction made within this scope to third parties to whom personal data is transferred,
• To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
• In case of damage due to unlawful processing of Personal Data, to demand compensation for the damage.
5.2. Personal Data Owners are obliged to do the following:
• Providing the Operator with accurate information about itself;
• To inform the Operator about the clarification (updating, modification) of personal data.
5.3. Persons who provide the Operator with false information about themselves or information about another personal Data Owner without the consent of that person will be liable in accordance with the legislation.
5.4. Pursuant to Article 28, paragraph 1 of the Law, the provisions of the Law shall not apply in the following cases:
• Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that personal data are not disclosed to third parties and the obligations regarding data security are complied with,
• Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,
• Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that such processing does not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime,
• Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security,
• Processing of personal data by judicial or enforcement authorities in relation to investigations, prosecutions, trials or executions.
5.5. Pursuant to paragraph 2 of Article 28 of the Law, in the presence of any of the following situations, the Data Owner cannot exercise his/her rights specified in Article 11 of this Law, except for the right to demand compensation for the damage:
• Processing of personal data is necessary for the prevention of crime or criminal investigation,
• Processing of personal data made public by the Data Owner himself/herself,
▪ Processing of personal data is necessary for the execution of auditing or regulatory duties and disciplinary investigation or prosecution by public institutions, organizations and professional organizations that are public institutions, based on the authority granted by the law,
• Processing of personal data is necessary for the protection of the economic and financial interests of the state in relation to budgetary, tax and fiscal matters.
6. Personal Data Processing Principles
6.1. Processing of Personal Data will be carried out on a legal and fair basis.
6.2. Processing of Personal Data is limited to the realization of specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of personal data collection is not permitted.
6.3. When processing personal data, the accuracy, adequacy and, where necessary, relevance of personal data to the purposes of personal data processing listed in Article 7 of this Policy will be ensured. The Operator shall take and/or ensure that the necessary measures are taken to delete or clarify incomplete or incorrect data.
6.4. The storage of personal data is carried out in a manner that allows the identification of the Personal Data Owner, provided that it is not longer than required by the purposes of Personal Data processing, unless the storage period of personal data is determined by a contract or law to which the Data Owner is a party, beneficiary or guarantor. The processed personal data will be destroyed or anonymized within the framework of Article 16 of this Policy when the purposes of processing are achieved or when it is no longer necessary to achieve these purposes, unless otherwise provided by law.
7. Purposes of Processing Personal Data
7.1. Cloud Bilgisayar processes Personal Data for specific, explicit and legitimate purposes. In this context, Personal Data may be processed for the purposes listed below:
• Negotiation, conclusion and performance of contracts,
• Delivering products and services,
• Making user definitions to the systems specific to the products and services offered (Creating user accounts in the systems of cloud product providers whose services we represent as a reseller),
• Providing call center and remote support services, tracking the number and content of calls,
• Announcing new or existing products, services and campaigns, conducting sales and marketing activities,
• Generating statistics and analyzing uses,
• Payment and collection of product, service and service fees, selection of collection method,
• Providing liaison/communication, sending informative e-mails such as newsletters etc. to users via e-mail,
• Maintaining commercial relations with collaborators, suppliers, resellers and service providers,
• Developing the company's commercial strategies and plans,
• Management of judicial/administrative processes, responding to requests from public institutions, fulfilling legal obligations in accordance with legal regulations, resolving legal disputes,
• In the event that the Operator merges with another company, is divided, or is transferred in whole or in part, to ensure the results arising from this legal transaction,
• Execution of invoicing and accounting processes
• Conducting job interviews, evaluating job applications,
• Establishment, execution and termination of the employment relationship/contract,
• Utilization of the main and fringe benefits arising from the employment contracts of Cloud Bilgisayar employees and evaluation of their performance and work,
• Creating user accounts for employees, issuing in-house IDs and meal cards,
• Creating and tracking visitor records, making the website more functional and personalized, ensuring that the Data Owner's other preferences, except for your privacy preferences, are remembered when they re-enter the site,
• Ensuring the internal and environmental security of the Company and the security of the Website and Applications,
• Usage analysis of the Website,
• Creation of a personal data inventory,
• Evaluating and responding to all questions, requests, suggestions, complaints and applications submitted in writing, verbally or electronically, including those related to personal data.
8. Methods of Collection of Personal Data
8.1. Cloud Bilgisayar collects and processes data in accordance with the regulations of this Policy, the Law and other relevant legislation, in writing, verbally, electronically, through video/audio recording or by physically interviewing the Data Owner.
8.2. The data collection process can take place in the following ways:
• Through digital channels, including website, apps, email, recruitment portals or software,
• Through contracts, applications, forms, call center, remote support, sales and marketing unit, cookies on the Website, business cards, telephone,
• Through face-to-face interviews with the Data Owner.
9. Personal Data Processing Conditions
9.1. Pursuant to Article 4 of the Law, Personal Data may only be processed in accordance with the procedures and principles stipulated in the Law or other laws. Compliance with certain principles during the processing of Personal Data is made mandatory by the same article.
9.2. In this context, Cloud Bilgisayar processes personal data in accordance with the following principles:
• Compliance with the law and good faith: Cloud Bilgisayar does not collect or process Personal Data without the knowledge of the Data Owner; it processes Personal Data in accordance with the law, the Law and the relevant legislation.
• Being accurate and, where necessary, up to date: Cloud Bilgisayar makes every effort to ensure that Personal Data is accurate and up-to-date. In this context, in order to ensure the accuracy and timeliness of the data, it keeps the channels open to ensure this situation, and ensures that the data is corrected upon the application of the Data Owner or ex officio in case of detection.
• Processing for specific, explicit and legitimate purposes: Cloud Bilgisayar's purposes for Processing Personal Data are clearly defined as a requirement of the disclosure obligation. Cloud processes Personal Data for legitimate purposes in accordance with the Law, in connection with its business and/or the services it provides.
• Being relevant, limited and proportionate to the purpose for which they are processed: Cloud Bilgisayar processes Personal Data for specific, explicit and legitimate purposes. In this context, Cloud Bilgisayar ensures that the data is collected for the purposes specified in this Policy or in the permission to be obtained from the Data Owner, that it is kept for the period required for the purpose, and avoids the processing of Personal Data that is not related to the realization of the purpose and / or is not needed, and keeps the processed data limited only to what is necessary for the realization of the purpose.
• To be retained for the period stipulated in the relevant legislation or required for the purpose for which they are processed: If there is a specific period of time stipulated in the relevant legislation for the retention of Personal Data, Cloud Bilgisayar complies with this period. If no such period is specified, Personal Data shall be retained only for the period necessary for the purpose for which it is processed.
10. Recording Media of Personal Data
10.1. Personal Data collected by Cloud Bilgisayar may be recorded in various media depending on the nature of the data, the purposes of processing and the frequency of use.
10.2. In this context, Cloud Bilgisayar may keep Personal Data under record in the following environments:
• Media such as paper, software, cloud, central server, portable media, database,
• Peripheral systems such as network device, flash-based media, magnetic tape, magnetic disk, mobile phone, optical disk, printer, door access/security system
11. Procedure for Collection, Storage and Other Types of Personal Data Processing
11.1. The security of Personal Data processed by the Operator is ensured by applying the necessary legal, administrative and technical measures for full compliance with the requirements of the legislation in force in the field of Personal Data protection.
11.2. The Operator shall ensure the security of Personal Data and take all possible measures to prevent unauthorized access to Personal Data.
11.3. Personal Data will not be transferred to third parties under any circumstances, except in cases related to the implementation of applicable legislation or the Data Owner's consent to the Operator to fulfill the obligations under a contract or to transfer the data to a third party.
11.4. In the event that the Data Owner determines that there is an inaccuracy in his/her Personal Data or in the event of a change, the Data Owner may update his/her Personal Data with the Operator by sending a notification to the Operator via the e-mail address privacy@cloudbilgisayar.com with the note "Personal Data Update".
11.5. The duration of the processing of Personal Data is determined according to the realization of the purposes for which the personal data is collected, unless another period is stipulated in the contract or applicable law.
11.6. The Data Owner may withdraw his/her consent to the processing of personal data at any time by notifying the Operator by sending an e-mail with the phrase "Withdrawal of consent to the processing of personal data" to the Operator's e-mail address privacy@cloudbilgisayar.com.
11.7. In case there is information collected by third party services, including payment systems, communication tools and other service providers, all such information collected by third party services is stored and processed by the Operator in accordance with the User Agreement and Privacy Policy. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this article.
11.8. Unless the retention period of Personal Data is determined by the Law or by a contract to which the Data Owner is a party, beneficiary or guarantor, the Operator shall not retain personal data for longer than necessary for the purposes of personal data processing in a manner that allows the personal Data Owner to be identified.
11.9. The condition for the termination of Personal Data processing may be the achievement of the purposes of Personal Data processing, the expiration of the Data Owner's consent, the Data Owner's withdrawal of consent or the request to terminate Personal Data processing, as well as the determination that Personal Data has been processed unlawfully.
11.10. Upon the application of the Data Owner, the relevant request will be answered free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Board may be charged.
11.11. In the application made to the Operator by the Data Owner; Cloud Bilgisayar may face obdstacles in meeting the requests and delays may occur in the research process in cases such as incomplete or incorrect sharing of information, failure to express the request clearly and understandably, failure to submit the documents supporting the request at all or as required, failure to attach a copy of the power of attorney containing special authority in applications made by proxy. Therefore, it is important to comply with these issues when exercising the rights specified in Article 11 of the Law. Otherwise, Cloud Bilgisayar will not be held responsible for any delays. Cloud Bilgisayar reserves its legal rights in the face of false, untrue, unlawful or malicious applications.
11.12. In the event that the application made by the Data Owner to Cloud Bilgisayar is rejected, the answer given is deemed insufficient by the Data Owner or Cloud Bilgisayar does not respond to the application in due time; The Data Owner has the right to file a complaint to the Board within thirty days from the date of learning the answer of Cloud Bilgisayar and in any case within sixty days from the date of application.
12. Domestic Transfer of Personal Data
12.1. Pursuant to Article 8 of the Law, as a rule, Personal Data cannot be transferred to third parties within the country without the explicit consent of the Data Owner.
12.2. However, in the event that one of the conditions specified in Article 3.3 of this Policy, in which the consent of the Data Owner is not sought, exists, it is possible to transfer Personal Data to third parties in the country without seeking the explicit consent of the Data Owner.
13. Transfer of Personal Data Abroad
13.1. Pursuant to Article 9 of the Law, as a rule, Personal Data cannot be transferred abroad without the explicit consent of the Data Owner.
13.2. However, in the event that one of the following conditions exists, it is possible to transfer Personal Data to third parties abroad without seeking the explicit consent of the Data Owner:
• Existence of one of the situations specified in Article 3.3 of this Policy, where it is stated that the consent of the Data Owner will not be sought,
• Adequate protection in the foreign country where the Personal Data will be transferred,
• In the absence of adequate protection, the data controllers in Turkey and in the relevant foreign country undertake in writing to provide adequate protection and the Board's authorization is obtained.
13.3. The purpose of the transfer of Personal Data abroad by Cloud Bilgisayar within the above framework is to conclude, execute and terminate contracts; The Operator may use the Personal Data Owner to the transfer to create accounts in the services of foreign companies whose services the Operator provides as a reseller.
14. Deletion, Destruction, Anonymization of Personal Data
14.1. Deletion of Personal Data: It is the process of making Personal Data inaccessible and non-reusable in any way. In order to delete Personal Data, the Operator may use the following methods and other similar methods depending on the environment in which the data is recorded:
· Give Delete Command
· Removing Access Rights of the Related User on the Directory Where the File is Located
· Deletion via Software
· Delete with Database Command
14.2. Destruction of Personal Data: Destruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way. In order to destroy Personal Data, the Operator may use one or more of the following methods and other similar methods depending on the environment in which the data is recorded:
· De-Magnetization
· Physical Destruction
· Overwriting
· Destroy with Block Erase Command
· Destruction by Paper Shredder
· Destroy All Copies of Encryption Keys
14.3. Anonymization of Personal Data: It is the rendering of Personal Data that cannot be associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data. In order for Personal Data to be anonymized; personal data must be rendered unassociated with an identified or identifiable natural person by the Operator, even through the use of techniques appropriate for the recording medium and the relevant field of activity, such as reversal and matching of data with other data by the third party or persons to whom the data is transferred. The Operator may use one or more of the following methods and other similar methods to anonymize Personal Data:
• Extracting Variables
• Extracting Records
• Lower and Upper Limit Coding
• Regional Cloaking
• Sampling
• Micro-joining
• Data Exchange
• Noise Addition
• K-Anonymity
• L-Diversity
• T-Closeness
15. Confidentiality of Personal Data
15.1. The operator and other persons with access to personal data are obliged not to disclose and disseminate personal data to third parties without the consent of the personal Data Owner, unless otherwise stipulated by law.
16. Final Provisions
16.1. The Data Owner may obtain all kinds of explanations regarding the processing of his/her Personal Data by contacting the Operator via e-mail at privacy@cloudbilgisayar.com.
16.2. This Policy contains information about the Operator's Personal Data Processing Policy in accordance with the Law and other legislation regarding personal data and will enter into force on the date it is published on the https://eng.cloudbilgisayar.com Website.
16.3. The current version of the Policy can be reviewed and obtained free of charge on the internet at https://eng.cloudbilgisayar.com/privacy/.
16.4. The Policy may be updated from time to time due to legal changes, changes in Cloud's Personal Data processing processes or other reasons. Updates shall be effective as of the date of publication of the new Policy on the Website.
16.5. The policy is valid indefinitely until it is replaced by a new version.
16.6. Your Personal Data will be deleted, destroyed or anonymized in accordance with the Law, Regulation on Deletion, Destruction or Anonymization of Personal Data, Guide on Deletion, Destruction or Anonymization of Personal Data and applicable legislation and Board decisions .
1. General Provisions
1.1. This personal data processing policy has been prepared in accordance with the requirements of the Personal Data Protection Law No. 6698 (hereinafter referred to as the "Law") and sets out the personal data processing procedure undertaken by Cloud Bilgisayar Bilişim Limited Şirketi (hereinafter referred to as the "Operator" or "Cloud Bilgisayar") and the measures to ensure the security of personal data.
1.2. The purpose of this Cloud Bilgisayar Personal Data Protection, Processing, Storage and Destruction Policy ("Policy") is to inform the real persons whose data are processed by Cloud Bilgisayar in the capacity of data controller about the processes, forms and purposes of collection, processing, storage, protection and destruction of their personal data and their rights and methods of exercising their rights in accordance with the Law.
1.3. This Policy applies to all information that Cloud Bilgisayar may obtain about visitors to the https://eng.cloudbilgisayar.com website.
2. Basic Concepts Used in Politics
2.1. Explicit Consent: consent on a specific subject, based on information and expressed with free will.
2.2. Anonymization: making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data.
2.3. Employee: persons working on Cloud Bilgisayar's payroll, whether or not they are bound by an employment contract, and students/graduates undergoing internship (compulsory/optional) training at Cloud Bilgisayar.
2.4. Law: Law No. 6698 on the Protection of Personal Data.
2.5. Personal Data: any information relating to an identified or identifiable natural person, including but not limited to name-surname, address, ID number, telephone number, e-mail address.
2.6. User: persons who visit the website https://eng.cloudbilgisayar.com or utilize the services of Cloud Bilgisayar.
2.7. Board: refers to the Personal Data Protection Board.
2.8. Institution: refers to the Personal Data Protection Authority.
2.9. Destruction of Personal Data: deletion, destruction or anonymization of personal data.
2.10. Processing of Personal Data: it refers to all kinds of operations performed on personal data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.
2.11. Policy: this "Cloud Bilgisayar Personal Data Protection, Processing, Storage and Destruction Policy".
2.12. Erasure: it is the process of making personal data inaccessible and non-reusable in any way.
2.13. Data Processor: a natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller.
2.14. Data Recording System: it is the recording system where personal data is structured and processed according to certain criteria.
2.15. Data Owner: refers to the real person whose personal data is processed.
2.16. Data Controller: the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
2.17. Website: https://eng.cloudbilgisayar.com may be used to refer to one, several or all of the websites belonging to Cloud Bilgisayar.
2.18. Destruction: it is the process of making personal data inaccessible, irretrievable and non-reusable by anyone in any way.
3. Conditions for Processing Personal Data
3.1. Cloud Bilgisayar processes personal data in accordance with the general principles specified in the Law, based on and limited to at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law, in line with the Personal Data Processing purposes listed in Article 7 under this Policy, by informing the relevant persons in accordance with Article 10 of the Law and secondary legislation.
3.2. Personal Data cannot be processed without the explicit consent of the Data Owner pursuant to Article 5 of the Law.
3.3. However, pursuant to Article 5 of the Law; in the presence of one of the following conditions, it is possible to process personal data without seeking the explicit consent of the Data Owner:
• Explicitly stipulated in the law,
• It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
• Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract (for example, obtaining the bank and account information of the creditor party for the payment of the money in accordance with the contract made, sharing the name-surname and address information of the buyer with the cargo company for the delivery of the product subject to the distance sales contract),
• It is mandatory for the data controller to fulfill its legal obligation (for example, obtaining the bank and account information of the employee in order to pay the salary to the employee, asking whether he/she is married, whether his/her dependents, whether his/her spouse is working and social insurance information),
• It has been made public by the Data Owner himself/herself,
• Data processing is mandatory for the establishment, exercise or protection of a right,
• Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the Data Owner.
4. Basic Rights and Obligations of the Operator
4.1. The Operator shall have the following rights:
• To receive documents containing reliable information and/or personal data from the Data Owner;
• In the event that the Data Owner withdraws his/her consent to the Processing of Personal Data and in the event that the Data Owner requests to stop Personal Data Processing, in the presence of the grounds specified in the Law, the Operator has the right to continue to process personal data without the consent of the personal data owner.
• Independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations stipulated by the Law and the regulations adopted pursuant thereto, unless otherwise provided by the Law or other laws.
4.2. The operator is obliged to do the following:
• To provide information to the Data Owner, upon request, regarding the Processing of Personal Data;
• To carry out the Processing of Personal Data in accordance with the relevant legislation in Turkey;
• To respond to the objections and requests of Data Owners and their legal representatives in accordance with the requirements of the Law;
• To publish this Policy on the Processing of Personal Data or to provide Users and Data Owners with access to this Policy document;
• To take legal, administrative and technical measures to protect Personal Data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination and other unlawful acts related to personal data;
• To stop the transfer (dissemination, provision, access) of personal data in the manner and in the cases stipulated by the Law, and to destroy Personal Data if necessary;
• To fulfill other obligations stipulated in the Law.
5. Fundamental Rights and Obligations of Personal Data Owners
5.1. Within the framework of Article 11 of the Law, Data Owners have the following rights regarding themselves:
• Learn whether their Personal Data is being processed or not,
• Request information if their Personal Data has been processed,
• To learn the purpose of processing Personal Data and whether they are used in accordance with their purpose,
• To know the third parties to whom Personal Data is transferred domestically or abroad,
• To request correction of Personal Data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom Personal Data is transferred,
• Although it has been processed in accordance with the provisions of the Law and other relevant legislation, in the event that the reasons requiring its processing disappear, to request the deletion or destruction of personal data and the notification of the transaction made within this scope to third parties to whom personal data is transferred,
• To object to the emergence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
• In case of damage due to unlawful processing of Personal Data, to demand compensation for the damage.
5.2. Personal Data Owners are obliged to do the following:
• Providing the Operator with accurate information about itself;
• To inform the Operator about the clarification (updating, modification) of personal data.
5.3. Persons who provide the Operator with false information about themselves or information about another personal Data Owner without the consent of that person will be liable in accordance with the legislation.
5.4. Pursuant to Article 28, paragraph 1 of the Law, the provisions of the Law shall not apply in the following cases:
• Processing of personal data by natural persons within the scope of activities related to themselves or their family members living in the same residence, provided that personal data are not disclosed to third parties and the obligations regarding data security are complied with,
• Processing of personal data for purposes such as research, planning and statistics by anonymizing them with official statistics,
• Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that such processing does not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime,
• Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security,
• Processing of personal data by judicial or enforcement authorities in relation to investigations, prosecutions, trials or executions.
5.5. Pursuant to paragraph 2 of Article 28 of the Law, in the presence of any of the following situations, the Data Owner cannot exercise his/her rights specified in Article 11 of this Law, except for the right to demand compensation for the damage:
• Processing of personal data is necessary for the prevention of crime or criminal investigation,
• Processing of personal data made public by the Data Owner himself/herself,
▪ Processing of personal data is necessary for the execution of auditing or regulatory duties and disciplinary investigation or prosecution by public institutions, organizations and professional organizations that are public institutions, based on the authority granted by the law,
• Processing of personal data is necessary for the protection of the economic and financial interests of the state in relation to budgetary, tax and fiscal matters.
6. Personal Data Processing Principles
6.1. Processing of Personal Data will be carried out on a legal and fair basis.
6.2. Processing of Personal Data is limited to the realization of specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of personal data collection is not permitted.
6.3. When processing personal data, the accuracy, adequacy and, where necessary, relevance of personal data to the purposes of personal data processing listed in Article 7 of this Policy will be ensured. The Operator shall take and/or ensure that the necessary measures are taken to delete or clarify incomplete or incorrect data.
6.4. The storage of personal data is carried out in a manner that allows the identification of the Personal Data Owner, provided that it is not longer than required by the purposes of Personal Data processing, unless the storage period of personal data is determined by a contract or law to which the Data Owner is a party, beneficiary or guarantor. The processed personal data will be destroyed or anonymized within the framework of Article 16 of this Policy when the purposes of processing are achieved or when it is no longer necessary to achieve these purposes, unless otherwise provided by law.
7. Purposes of Processing Personal Data
7.1. Cloud Bilgisayar processes Personal Data for specific, explicit and legitimate purposes. In this context, Personal Data may be processed for the purposes listed below:
• Negotiation, conclusion and performance of contracts,
• Delivering products and services,
• Making user definitions to the systems specific to the products and services offered (Creating user accounts in the systems of cloud product providers whose services we represent as a reseller),
• Providing call center and remote support services, tracking the number and content of calls,
• Announcing new or existing products, services and campaigns, conducting sales and marketing activities,
• Generating statistics and analyzing uses,
• Payment and collection of product, service and service fees, selection of collection method,
• Providing liaison/communication, sending informative e-mails such as newsletters etc. to users via e-mail,
• Maintaining commercial relations with collaborators, suppliers, resellers and service providers,
• Developing the company's commercial strategies and plans,
• Management of judicial/administrative processes, responding to requests from public institutions, fulfilling legal obligations in accordance with legal regulations, resolving legal disputes,
• In the event that the Operator merges with another company, is divided, or is transferred in whole or in part, to ensure the results arising from this legal transaction,
• Execution of invoicing and accounting processes
• Conducting job interviews, evaluating job applications,
• Establishment, execution and termination of the employment relationship/contract,
• Utilization of the main and fringe benefits arising from the employment contracts of Cloud Bilgisayar employees and evaluation of their performance and work,
• Creating user accounts for employees, issuing in-house IDs and meal cards,
• Creating and tracking visitor records, making the website more functional and personalized, ensuring that the Data Owner's other preferences, except for your privacy preferences, are remembered when they re-enter the site,
• Ensuring the internal and environmental security of the Company and the security of the Website and Applications,
• Usage analysis of the Website,
• Creation of a personal data inventory,
• Evaluating and responding to all questions, requests, suggestions, complaints and applications submitted in writing, verbally or electronically, including those related to personal data.
8. Methods of Collection of Personal Data
8.1. Cloud Bilgisayar collects and processes data in accordance with the regulations of this Policy, the Law and other relevant legislation, in writing, verbally, electronically, through video/audio recording or by physically interviewing the Data Owner.
8.2. The data collection process can take place in the following ways:
• Through digital channels, including website, apps, email, recruitment portals or software,
• Through contracts, applications, forms, call center, remote support, sales and marketing unit, cookies on the Website, business cards, telephone,
• Through face-to-face interviews with the Data Owner.
9. Personal Data Processing Conditions
9.1. Pursuant to Article 4 of the Law, Personal Data may only be processed in accordance with the procedures and principles stipulated in the Law or other laws. Compliance with certain principles during the processing of Personal Data is made mandatory by the same article.
9.2. In this context, Cloud Bilgisayar processes personal data in accordance with the following principles:
• Compliance with the law and good faith: Cloud Bilgisayar does not collect or process Personal Data without the knowledge of the Data Owner; it processes Personal Data in accordance with the law, the Law and the relevant legislation.
• Being accurate and, where necessary, up to date: Cloud Bilgisayar makes every effort to ensure that Personal Data is accurate and up-to-date. In this context, in order to ensure the accuracy and timeliness of the data, it keeps the channels open to ensure this situation, and ensures that the data is corrected upon the application of the Data Owner or ex officio in case of detection.
• Processing for specific, explicit and legitimate purposes: Cloud Bilgisayar's purposes for Processing Personal Data are clearly defined as a requirement of the disclosure obligation. Cloud processes Personal Data for legitimate purposes in accordance with the Law, in connection with its business and/or the services it provides.
• Being relevant, limited and proportionate to the purpose for which they are processed: Cloud Bilgisayar processes Personal Data for specific, explicit and legitimate purposes. In this context, Cloud Bilgisayar ensures that the data is collected for the purposes specified in this Policy or in the permission to be obtained from the Data Owner, that it is kept for the period required for the purpose, and avoids the processing of Personal Data that is not related to the realization of the purpose and / or is not needed, and keeps the processed data limited only to what is necessary for the realization of the purpose.
• To be retained for the period stipulated in the relevant legislation or required for the purpose for which they are processed: If there is a specific period of time stipulated in the relevant legislation for the retention of Personal Data, Cloud Bilgisayar complies with this period. If no such period is specified, Personal Data shall be retained only for the period necessary for the purpose for which it is processed.
10. Recording Media of Personal Data
10.1. Personal Data collected by Cloud Bilgisayar may be recorded in various media depending on the nature of the data, the purposes of processing and the frequency of use.
10.2. In this context, Cloud Bilgisayar may keep Personal Data under record in the following environments:
• Media such as paper, software, cloud, central server, portable media, database,
• Peripheral systems such as network device, flash-based media, magnetic tape, magnetic disk, mobile phone, optical disk, printer, door access/security system
11. Procedure for Collection, Storage and Other Types of Personal Data Processing
11.1. The security of Personal Data processed by the Operator is ensured by applying the necessary legal, administrative and technical measures for full compliance with the requirements of the legislation in force in the field of Personal Data protection.
11.2. The Operator shall ensure the security of Personal Data and take all possible measures to prevent unauthorized access to Personal Data.
11.3. Personal Data will not be transferred to third parties under any circumstances, except in cases related to the implementation of applicable legislation or the Data Owner's consent to the Operator to fulfill the obligations under a contract or to transfer the data to a third party.
11.4. In the event that the Data Owner determines that there is an inaccuracy in his/her Personal Data or in the event of a change, the Data Owner may update his/her Personal Data with the Operator by sending a notification to the Operator via the e-mail address privacy@cloudbilgisayar.com with the note "Personal Data Update".
11.5. The duration of the processing of Personal Data is determined according to the realization of the purposes for which the personal data is collected, unless another period is stipulated in the contract or applicable law.
11.6. The Data Owner may withdraw his/her consent to the processing of personal data at any time by notifying the Operator by sending an e-mail with the phrase "Withdrawal of consent to the processing of personal data" to the Operator's e-mail address privacy@cloudbilgisayar.com.
11.7. In case there is information collected by third party services, including payment systems, communication tools and other service providers, all such information collected by third party services is stored and processed by the Operator in accordance with the User Agreement and Privacy Policy. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this article.
11.8. Unless the retention period of Personal Data is determined by the Law or by a contract to which the Data Owner is a party, beneficiary or guarantor, the Operator shall not retain personal data for longer than necessary for the purposes of personal data processing in a manner that allows the personal Data Owner to be identified.
11.9. The condition for the termination of Personal Data processing may be the achievement of the purposes of Personal Data processing, the expiration of the Data Owner's consent, the Data Owner's withdrawal of consent or the request to terminate Personal Data processing, as well as the determination that Personal Data has been processed unlawfully.
11.10. Upon the application of the Data Owner, the relevant request will be answered free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Board may be charged.
11.11. In the application made to the Operator by the Data Owner; Cloud Bilgisayar may face obdstacles in meeting the requests and delays may occur in the research process in cases such as incomplete or incorrect sharing of information, failure to express the request clearly and understandably, failure to submit the documents supporting the request at all or as required, failure to attach a copy of the power of attorney containing special authority in applications made by proxy. Therefore, it is important to comply with these issues when exercising the rights specified in Article 11 of the Law. Otherwise, Cloud Bilgisayar will not be held responsible for any delays. Cloud Bilgisayar reserves its legal rights in the face of false, untrue, unlawful or malicious applications.
11.12. In the event that the application made by the Data Owner to Cloud Bilgisayar is rejected, the answer given is deemed insufficient by the Data Owner or Cloud Bilgisayar does not respond to the application in due time; The Data Owner has the right to file a complaint to the Board within thirty days from the date of learning the answer of Cloud Bilgisayar and in any case within sixty days from the date of application.
12. Domestic Transfer of Personal Data
12.1. Pursuant to Article 8 of the Law, as a rule, Personal Data cannot be transferred to third parties within the country without the explicit consent of the Data Owner.
12.2. However, in the event that one of the conditions specified in Article 3.3 of this Policy, in which the consent of the Data Owner is not sought, exists, it is possible to transfer Personal Data to third parties in the country without seeking the explicit consent of the Data Owner.
13. Transfer of Personal Data Abroad
13.1. Pursuant to Article 9 of the Law, as a rule, Personal Data cannot be transferred abroad without the explicit consent of the Data Owner.
13.2. However, in the event that one of the following conditions exists, it is possible to transfer Personal Data to third parties abroad without seeking the explicit consent of the Data Owner:
• Existence of one of the situations specified in Article 3.3 of this Policy, where it is stated that the consent of the Data Owner will not be sought,
• Adequate protection in the foreign country where the Personal Data will be transferred,
• In the absence of adequate protection, the data controllers in Turkey and in the relevant foreign country undertake in writing to provide adequate protection and the Board's authorization is obtained.
13.3. The purpose of the transfer of Personal Data abroad by Cloud Bilgisayar within the above framework is to conclude, execute and terminate contracts; The Operator may use the Personal Data Owner to the transfer to create accounts in the services of foreign companies whose services the Operator provides as a reseller.
14. Deletion, Destruction, Anonymization of Personal Data
14.1. Deletion of Personal Data: It is the process of making Personal Data inaccessible and non-reusable in any way. In order to delete Personal Data, the Operator may use the following methods and other similar methods depending on the environment in which the data is recorded:
· Give Delete Command
· Removing Access Rights of the Related User on the Directory Where the File is Located
· Deletion via Software
· Delete with Database Command
14.2. Destruction of Personal Data: Destruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way. In order to destroy Personal Data, the Operator may use one or more of the following methods and other similar methods depending on the environment in which the data is recorded:
· De-Magnetization
· Physical Destruction
· Overwriting
· Destroy with Block Erase Command
· Destruction by Paper Shredder
· Destroy All Copies of Encryption Keys
14.3. Anonymization of Personal Data: It is the rendering of Personal Data that cannot be associated with an identified or identifiable natural person under any circumstances, even if it is matched with other data. In order for Personal Data to be anonymized; personal data must be rendered unassociated with an identified or identifiable natural person by the Operator, even through the use of techniques appropriate for the recording medium and the relevant field of activity, such as reversal and matching of data with other data by the third party or persons to whom the data is transferred. The Operator may use one or more of the following methods and other similar methods to anonymize Personal Data:
• Extracting Variables
• Extracting Records
• Lower and Upper Limit Coding
• Regional Cloaking
• Sampling
• Micro-joining
• Data Exchange
• Noise Addition
• K-Anonymity
• L-Diversity
• T-Closeness
15. Confidentiality of Personal Data
15.1. The operator and other persons with access to personal data are obliged not to disclose and disseminate personal data to third parties without the consent of the personal Data Owner, unless otherwise stipulated by law.
16. Final Provisions
16.1. The Data Owner may obtain all kinds of explanations regarding the processing of his/her Personal Data by contacting the Operator via e-mail at privacy@cloudbilgisayar.com.
16.2. This Policy contains information about the Operator's Personal Data Processing Policy in accordance with the Law and other legislation regarding personal data and will enter into force on the date it is published on the https://eng.cloudbilgisayar.com Website.
16.3. The current version of the Policy can be reviewed and obtained free of charge on the internet at https://eng.cloudbilgisayar.com/privacy/.
16.4. The Policy may be updated from time to time due to legal changes, changes in Cloud's Personal Data processing processes or other reasons. Updates shall be effective as of the date of publication of the new Policy on the Website.
16.5. The policy is valid indefinitely until it is replaced by a new version.
16.6. Your Personal Data will be deleted, destroyed or anonymized in accordance with the Law, Regulation on Deletion, Destruction or Anonymization of Personal Data, Guide on Deletion, Destruction or Anonymization of Personal Data and applicable legislation and Board decisions .