Luxury Yachts | Superyachts Yachts | Bilgin Yachts

PERSONAL DATA PROTECTION

1.     BILGIN YACHTS - PERSONAL DATA PROTECTION LAW POLICY

2.     INTRODUCTION

Protection of personal data, BİLGİN YATÇILIK VE TURİZM İŞLT. TİC. LTD. ŞTİ (“Bilgin Yachts” or “Company”) is among the Values that our company places importance on. The most important parts of this law are protecting and processing of personal data of employees, Candidates, Shareholders and Shareholders, Potential Products or Service Persons, Interns, Supplier Employees, Supplier Authorities, Persons or Products and Service Visitors, and Persons Selling Products or Services, and Visitors who are liable to this policy.

Pursuant to Article 20 of the Constitution of the Republic of Turkey,all natural entities have the right to request protection of personal data related to themselves. Regarding the protection of personal data, which is a constitutional right, “Bilgin Yachts” complies to this Policy; It takes the necessary care to protect the personal data of our employees, Employee Candidates, Shareholders and Partners, Potential Products or Service Persons, Trainees, Supplier Employees, Supplier Authorities, Persons Who Offer Products or Services, Potential Products or Services Sellers, People Selling Products or Services, and Visitors and it makes it a company policy.

In this context, the necessary administrative and technical measures are taken by “Bilgin Yachts” to protect the personal data processed in accordance with the relevant legislation.

In this Policy, detailed explanations about the basic principles adopted by Bilgin Yachts and listed below will be made in the processing of personal data:

  • Processing in accordance with the rules of law and good faith,
  • Keeping personal data accurate and up-to-date when necessary,
  • Processing personal data for specific, clear and legitimate purposes,
  • Connected, limited and measured processing of personal data for the purpose for which they are processed,
  • Retaining personal data for the period required for the purpose stipulated in the legislation or for the purpose for which they were processed,
  • Informing personal data owners,
  • Establishing the necessary system for personal data owners to exercise their rights,
  • Taking necessary precautions to protect personal data,
  • Acting in accordance with the relevant legislation and PDP Board regulations within the requirements of the purpose of processing personal data,
  • Displaying the necessary sensitivity to the processing and protection of special quality personal data,

2.1.PURPOSE OF POLICY

The main purpose of this Policy is to make statements about personal data processing activities carried out in accordance with the law and the systems adopted for the protection of personal data and to ensure transparency by informing the persons whose data is processed by our personal data company such as Supplier Employees, Supplier Authorities, People Who Buy Products or Services, People Who Sell Potential Products or Services, People Who Sell Products or Services, and Visitors.

2.2.SCOPE OF THE POLICY

The provisions of this Law shall apply to natural persons (Employees, Employee Candidates, Shareholders and Partners, Potential Products or Service Persons, Interns, Supplier Employees, Supplier Authorities, Products or Services Persons, Potential Products or Services Sellers, Products or Services Sellers and Visitors) whose personal data are processed such data wholly or partly by automatic means or otherwise than by automatic means which form part of a filing system.

The scope of implementation of this Policy regarding the groups of personal data owners in the categories mentioned above may be the entire Policy; there may be only some provisions.

2.3.CODE OF PRACTICE IN REGARD WITH THE POLICY

The relevant legal regulations in force regarding the processing and protection of personal data will primarily be practiced. If there is a discrepancy between the current legislation and the Policy, our Company accepts that the current legislation will be valid.

The policy was created by embodying the rules laid down by PDP Law No. 6698 within the scope of “Bilgin Yachts” practices. Our company carries out the necessary systems and preparations to act in accordance with the enforcement periods stipulated in the PDP Law.

2.4.THE VALIDITY OF THE POLICY

This Personal Data Protection and Processing Policy, organized as the 1st version by our company, is dated 12.03.2018. In the event that all or certain articles of the Policy are renewed, the effective date and version of the Policy will be updated. The policy is published on the official website of our company (https://www.bilginyacht.com) or made available to the relevant persons upon the request of personal data owners from the company advisory unit.

3.     CODE OF PRACTICES OF PERSONAL DATA PROTECTION

Our Company, in accordance with Article 12 of the Law on KVK, takes the necessary technical and administrative measures to ensure that the appropriate level of security is maintained so as to prevent illegal processing of personal data, to prevent illegal access to data, as well as to ensure data retention; within this scope, it performs required inspections or has these inspections done.

4.     PROVIDING THE SECURITY OF PERSONAL DATA

Our company takes the necessary legal, technical and administrative measures regarding data security on the following issues, and shows the highest level of attention and care in this regard. Actions and measures taken by our company to ensure “data security” in accordance with Article 12 of the PDP Law are as follows.

  • Our company takes technical and administrative measures according to the technological possibilities and implementation cost to ensure that the personal data are processed lawfully. Employees are informed that they cannot disclose the personal data they have learned to anyone else in violation of the provisions of the Law on PDP, and cannot use it for purposes other than processing, and that this obligation will continue after they leave their jobs and necessary commitments are received in this direction. Open Consent Approval Form was received from all employees with a wet signature.
  • Our company takes technical and administrative measures according to the nature of the data to be protected, technological possibilities and application cost in order to prevent the unconscious, unauthorized disclosure, access, transfer or any other illegal access of personal data.
  • Our company raises awareness amongst data processing institutions such as business partners and suppliers, where it has transferred personal data to prevent illegal processing of personal data, to prevent illegal access to data, and to ensure that data is protected in a lawful way; takes necessary measures for business partners and suppliers to engage in personal data processing activities in compliance with PDP law.
  • The obligations that our company has to comply with while processing personal data as a data collector and the obligation to comply with the legal, administrative and technical measures it has developed in this regard.
  • Our company takes necessary technical and administrative measures according to technological possibilities and application cost to prevent personal data to be stored in safe environments and to be destroyed, lost or changed for illegal purposes.
  • Our Company performs the required audits within its own body in accordance with Article 12 of the PDP Law. The results of these audits are reported to the concerned department in line with the Company's internal operation procedures, and required activities are carried out to improve the measures taken.
  • In case that personal data processed in accordance with Article 12 of the PDP Law are obtained by others through illegal means, our company operates a system that allows this situation to be notified to the concerned personal data subject and the PDP Board as soon as possible.

4.1.LOOKING AFTER THE RIGHTS OF THE DATA OWNER AND EVALUATING THE DEMANDS

Our Company exploits required channels, internal working procedures, administrative and technical regulations in accordance with Article 13 of the PDP Law to evaluate the rights [and complaints] of personal data owners and to provide them with necessary information.

In case the personal data owners submit their requests in writing to our Company with regard to their rights listed below, their requests are finalized, depending on the nature of the request, within thirty days at the latest and free of charge.  However, in case PDP Board requests fee, our Company shall charge the fee stated in the tariff to be determined by the PDP Board. Personal data owners have rights;

  • to learn as to whether her/his personal data has been processed,
  • to request information if his personal data are processed,
  • to learn the purpose of his data processing and whether this data is used for intendedpurposes,
  • To request information on third persons to whom her/his personal data are transferred at home or abroad,
  • To request correction of the personal data processed incompletely or inaccurately and to request the provision of the information on the transaction performed under this scope to the third parties to whom the personal data are transferred,
  • Where reasons for processing personal data are disappeared, although these were processed in accordance with the provisions of PDP Law and other related laws, to request the deletion or destruction of her/his personal data and to request the provision of the information on the transaction performed under this context to third parties to whom such personal data are transferred,
  • To object to consequences to her/his detriment, arising from the analysis of the processed data exclusively via automatic systems,
  • Where the data owner suffered a damage due to the process of her/his personal data against the law, to request compensation for her/his damage.

These are the legal rights.

In accordance with Paragraph 1 of Article 13 of LPPD, you can submit your requests to our company for using your above mentioned rights in written or through other methods determined by Personal Data Protection Committee. As the Board of Protection of Personal Data has not determined any method at this stage, applications must be submitted to our Company in writing as per the supervisory provision of the Law.

In order for the personal data owners to exercise their rights stated above, they must submit their requests to our Company, together with the necessary information to determine their identity and explanations regarding the rights they wish to use, by stating which of the rights specified in article 11 of the Law is related to the use; it will ensure that applications are responded more quickly and effectively.

In this context, the channels and procedures to which applications will be submitted in writing, within the scope of exercising the rights mentioned in Article 11 of the same Law, based on Article 13 of the Personal Data Protection Law, are explained below.

Once the application form given regarding the right of the personal data owner, who is intended to be used from the rights specified in Article 11 of the PDP Law; under the address of https://www.bilginyacht.com is filled in, a copy of the originally signed version of the same shall be submitted to the address located at BİLGİN YATÇILIK VE TURİZM İŞLETMECİLİĞİ TİCARET LİMİTED ŞİRKETİ Marmara Mahallesi, Ulusum Caddesi No: 28/1 West İstanbul Marina Beylikdüzü / İstanbul Türkiye in person or via notary or through other channels specified in the PDP Law.

In order for third parties to request an application in the name of personal data owners, a special power of attorney, issued by a notary public in the name of the person applying for the data owner and granted by the same, must be submitted.

4.2.PROTECTION OF SENSITIVE PERSONAL DATA

With the PDP Law, special importance has been attributed to the risk of causing personal injury or discrimination when certain data is processed illegally.

 As stated in the definition section, information regarding the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, memberships to associations and foundations, health, sexual life, criminal convictions and security measures and the bio-metric and genetic data of persons.

Our company treats with utmost care the protection of sensitive personal data which is determined as “sensitive” and processed in accordance with the PDP Law. In this context, the technical and administrative measures taken by our Company for the protection of personal data are carefully implemented in terms of sensitive personal data and necessary controls are provided. In addition, within the scope of administrative measures, it is kept in lockers in the room of the workplace doctor by the workplace doctor, who is obliged to keep secrets.

4.3.INFORMING THE PERSONAL DATA OWNER

Our Company elucidates personal data subjects during the retrieving of personal data in accordance with Article 10 of the PDP Law. In this context, during the acquisition of personal data by our Company to the personal data holders, the identity of our Company, for what purpose the personal data will be processed, to whom and for what purpose the processed data can be transferred, the method and legal reason of the personal data collection, and that the personal data owner has within the scope of article 11 of the PDP Law.

Article 20 of the Constitution sets forth that everyone has the right to be informed about personal data concerning her/him. Accordingly, Article 11 of the PDP Law mentions the right to "request information" as one of the rights of the personal data owners. In this context, the necessary information will be provided in the event that the Personal Data Owner requests information in accordance with Articles 20 of the Constitution and Article 11 of the PDP Law.

In addition to this, our Company informs the related persons in personal data processing activities and accountability within this framework by informing all the subjects in the PDP Law and personal data owners and those concerned with personal data processing activities in accordance with the “Law and good faith” rule with various public documents. In addition, our Company is responsible for the relevant people; It also informs about its own activities and the issues in the law in many different ways, especially when people apply for “open consent”.

5.     PROCESSING OF PERSONAL DATA

In accordance with article 20 of the Constitution and article 4 of the PDP Law, our company is responsible for processing personal data; in accordance with law and good faith rules; correct and up to date when necessary; by pursuing specific, clear and legitimate purposes; purpose-bound, limited and measured personal data processing activities. Our Company retains personal data as long as required by law or as required for personal data processing purposes.

In accordance with Article 20 of the Constitution and Article 5 of the PDP Law, our company processes personal data based on one or more of the conditions in the 5th article of the PDP Law.

Our Company complies with the regulations envisaged for the processing of data of special nature, pursuant to the provisions of Article 6 of the PDP Law.

Our Company, in accordance with the Articles 8 and 9 of the PDP Law, complies with the regulations stipulated by the Law and set forth by the PDP Board on the transfer of personal data.

In business relations, personal data is processed without further approval, if necessary, for the establishment, implementation and termination of the employment contract. Personal data of candidates are processed when starting a business relationship. If the candidate is rejected, the information of the candidate is kept for the appropriate data retention period for a subsequent election stage, at the end of this period, it is deleted, destroyed or anonymized.

Data transactions carried out explicitly in the law or due to the Company's legal obligation

Personal data may be processed without prior consent for the processing to be clearly stated in the relevant legislation or for the purpose of fulfilling a legal obligation set out in the legislation.

Employee personal data can also be processed without the approval of a legitimate interest of the Company. Legitimate interests are usually legal (eg filing, enforcement or defense of legal rights) or economic (eg. Evaluation of the company). In personal situations where the interests of employees need to be protected, personal data are not processed for legitimate interests. It is determined whether there are interests that require protection before the data is processed. When the data of the employees are processed based on the legitimate interest of the Company, it is examined whether the processing is measured. It is checked that the legitimate interest of the company in taking this control measure does not violate a right of the relevant employee that needs to be protected and is applied only if measured.

If personal data is processed exclusively through automated systems as part of the business relationship (eg, as part of personnel selection or evaluation of talent profiles), the Employee has the right to object to the emergence of a result against himself.

Telephone equipment, email addresses, intranet and internet, as well as internal networks, are provided by the Company primarily for business related tasks. These are working tools and Company resources. These tools should be used in accordance with legal regulations and the Company's internal regulations. There is no general control over telephone and email communication or intranet and internet use. In order to prevent attacks against the IT infrastructure or individual users, protective measures are taken in the transition to the Company network to block technically harmful content or to analyze the modeling of the attacks. The use of telephone equipment, email addresses, intranet / internet and / or social networks within the company is kept for a limited time for security reasons. Personal evaluations of this data are made only if there is a concrete suspicion about the legal regulations or violations of Bilgin Yachts regulations. These controls are carried out by the relevant departments only on condition that the principle of proportionality is preserved.

6.     PROCESSING OF PERSONAL DATA ACCORDING TO THE PRINCIPLES PROVIDED IN THE LEGISLATION

  • Processing compliance with the Rule of Law and Good Faith

Our company; acts in accordance with the general trust and honesty rule with the principles brought by legal regulations in the processing of personal data. In this context, our company takes into consideration the proportionality requirements in processing of personal data, and does not use personal data other than for its intended purpose.

  • Ensuring Personal Data Accuracy and Up-to-Dateness When Necessary

Our company ensures that personal data it processed are accurate and up-to-date, taking into account the fundamental rights of personal data subjects and their legitimate interests. In this respect, our company takes necessary measures.

  • Processing with Specific, Explicit and Legitimate Purposes

Our company clearly and accurately determines the legitimate and lawful personal data processing purpose. Our company is associated with the service that it provides personal data and processes as much as necessary for them. The purpose for which personal data will be processed by our company is determined before the personal data processing activity begins.

  • Being Limited, Proportional and Expedient to Purpose of Data Processing

Our company processes personal data in a way to achieve the identified purposes, and avoids the processing of personal data that is not required or not related to the realization of the purpose.

  • Retaining Personal Data for the Period Required for the Purpose stipulated in the Legislation or for the Purpose for Which They were Processed

Our company maintains personal data only for the time required by the relevant legislation or for the purpose for which it was processed. In this context, our company determines whether a period has been stipulated for the storage of personal data in the relevant legislation; if this is the case, it takes into account this period; otherwise it retains personal data for the time period required for the purpose for which they were processed. In the event that the reasons that require the expiration or processing of the period disappear, the personal data are deleted, destroyed, disposal processes or anonymized by our Company.

6.1.LIMITED PROCESSING OF PERSONAL DATA

Pursuant to the third paragraph of Article 20 of the Constitution, personal data can only be processed in cases stipulated by law or with the express consent of the person. Our company accordingly and in accordance with the Constitution, processes the personal data only in cases stipulated by law or with the express consent of the person.

The explicit consent of the personal data owner is only one of the legal bases that make it possible to process personal data in accordance with the law. Apart from explicit consent, personal data may also be processed in the presence of any of the other conditions written below. The basis of the personal data processing activity can be only one of the following conditions, and more than one of these conditions may be the basis of the same personal data processing activity. In the event that the processed data is sensitive, the following conditions apply.

Although the legal basis for the processing of personal data by our company varies, all kinds of personal data processing activities are taken in accordance with the general principles set out in Article 4 of the Law No. 6698.

  • Explicit Consent of Personal Data Owner

One of the conditions for processing personal data is the explicit consent of the owner. The explicit consent of the personal data subject should be disclosed on a specific subject, based on information and free will. For the processing of personal data based on the explicit consent of the personal data owner, explicit consent of the customers, potential customers and visitors is obtained through relevant methods.

  • Clearly Predicted by Law

The personal data of the data subject can be processed in accordance with the law if clearly prescribed by law.

  • Failure to Obtain Explicit Consent of the Person Due to Actual Impossibility

Personal data may be processed if the personal data of the person who is unable to disclose his consent due to de facto impossibility or whose consent cannot be validated is required to protect himself or another person's life or body integrity.

  • Direct Concern Regarding the Establishment or the Execution of the Contract

In case of the fact that it is required to process personal data of the parties to the contract, provided that the processing is directly related to the conclusion or fulfilment of that contract.

  • Company's Legal Obligation

If processing is mandatory for our company to fulfill its legal obligations as the data collector, the personal data of the data subject can be processed.

  • Personal Data Owner Publicizing the Personal Data

If the data subject has his personal data publicized, the relevant personal data can be processed.

  • Data Processing is Mandatory for the establishment, use or protection of a right

If it is necessary to process data for the establishment, use or protection of a right, the personal data of the data owner may be processed.

  • Data Processing Is Necessary For The Legitimate Interest Of Our Company

If the data processing is mandatory for our Company's legitimate interests, the personal data of the data subject can be processed, provided that it does not harm the fundamental rights and freedoms of the personal data owner.

6.2.PROCESSING SENSITIVE PERSONAL DATA

In processing personal data designated as "data of special nature" by the PDP Law, our Company strictly adheres to the regulations stipulated in the Law.

In Article 6 of the PDP Law, a set of personal data, when illegally processed, which have the risk of causing unjust suffering or discrimination, are identified as "data of special nature". These data are the personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions and security measures, and the biometric and genetic data.

In accordance with the PDP Law, our Company processes the sensitive personal data, provided that adequate measures are determined by the PDP Board:

  • Should personal data subject express his/her explicit consent, or
  • Should personal data subject does not express his/her explicit consent;
  • Sensitive personal data, other than the health and sexual life of the personal data owner, in cases stipulated by law,
  • Personal data of sensitive nature of data subject relating to health and sexual life are only processed by any person or authorized public institutions and organizations that have confidentiality obligation, for the purposes of protection of public health, operation of preventive medicine, medical diagnosis, treatment and nursing services, planning and management of health-care services as well as their financing.

6.3.TRANSFER OF PERSONAL DATA

Our company is able to transfer the personal data and the sensitive personal data of the data owner to third parties by taking the necessary security measures in accordance with the purposes of processing the personal data which is obtained and processed pursuant the law. In this respect, our Company acts in accordance with the provisions of Article 8 of the PDP Law.

  • Transfer of Personal Data to Abroad

Our Company may transfer personal data to third parties, in line with its purposes of legitimate and lawful processing personal data and in some circumstances in order to increase the data protection. Our Company transfers the personal data to foreign countries where PDP Board confirms their adequate protection ("Foreign Countries with Adequate Protection") or in case of the absence of adequate protection commits an adequate protection of responsible data in Turkey and in the foreign countries in writing and to foreign countries where the PDP Board's permission (“Foreign Country where the Data Supervisor Undertakes Adequate Protection is Located”). Accordingly, our company acts in accordance with the regulations stipulated in article 9 of the PDP Law.

7.     PROCESSING PURPOSES AND STORAGE PERIOD OF PERSONAL DATA PROCESSED BY OUR COMPANY

In accordance with Article 10 of the PDP Law, our company reports to which personal data owner groups process which personal data, the purposes of personal data processing, and the retention periods of the personal data owner.

8.     CATEGORIZATION OF PERSONAL DATA

Before our Company; personal data in the below given categorization is processed by informing the persons concerned as per Article 10 of the PDP Law, in line with the purposes of legitimate and lawful processing personal data of our Company, by basing on and within limits of one or more conditions of processing personal data stated under Article 5 of the PDP Law, by complying with general principles indicated under the PDP Law, in particular with the principles stated under Articles 4 regarding the processing personal data, and all obligations set forth in the PDP Law, and limited with the subjects within the scope of this Policy (our candidate personnel, company shareholders, company officials, our visitors, personnel, shareholders and officials of the institutions we cooperate with, our customers, our potential customers, our members, our visitors to our web site and mobile application and other third parties).

9.     PURPOSES OF PERSONAL DATA PROCESSING

The Company processes personal data limited to the purposes and conditions within the personal data processing conditions specified in paragraph 2 of article 5 and paragraph 3 of article 6 of the PDP Law. These terms and conditions are as follows:

  • Regarding the processing of personal data, it is foreseen that the activity of Bilgin Yachts is explicitly envisaged in the Constitutions.
  • The event that processing of personal data by Bilgin Yachts is directly relevant and necessary for the establishment or execution of an agreement,
  • The processing of personal data is mandatory for Bilgin Yachts to fulfill its legal obligation,
  • Provided that the personal data are publicized by the personal data owner; limited processing by the "Company" for the purpose of publicizing the data subject,
  • The processing of personal data by the "Company" is mandatory for the establishment, use or protection of the rights of "Company" or data subjects or third parties,
  • It is mandatory to carry out personal data processing activities for the legitimate interests of the “Company” provided that it does not harm the fundamental rights and freedoms of the personal data owner,
  • The event that personal data processing by Our Company is necessary for the protection of the personal data owner's or someone else's life or physical integrity, and that in such case the personal data owner is unable to disclose his consent due to the actual or legal invalidity,
  • The event that personal data is to be stipulated in the Constitution excluding the owner's health and sexual life,

The event that personal data owner's health or sexual life are processed by the persons or authorized organizations obliged to protect privacy for the purpose of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.

In this context, the “Company” processes your personal data for the following purposes:

  • To conduct emergency management processes,
  • Execution of the Application Process of Candidate Candidates
  • Fulfillment of Employment Contracts and Legislation Obligations for Employees
  • Execution of Vested Benefits and Benefits Processes for Employees
  • To conduct Financial and Accounting works,
  • Assuring Physical Security
  • Creating and Following up Visitor Logs
  • To follow up and conduct legal affairs,
  • Conducting Occupational Health / Safety Activities
  • Keeping the Entrance and Exit of the Institution under Control and Preventing Unauthorized Entry and Exit,
  • Assisting in Creating Check Marks
  • Execution of Goods / Services Purchasing Processes,
  • Execution of Logistics Activities,
  • Execution of Goods / Services After Sales Support Services,
  • Execution of Customer Relations Management Processes,
  • Execution of Marketing Processes of Products / Services,
  • Ensuring the Security of Movable Goods and Resources,
  • Ensuring the Security of Data Responsible Operations
  • Execution of Management Activities,
  • Execution / Supervision of Business Activities,
  • Providing Business Continuity Activities

The explicit consent of the personal data owner is provided by the “Company” regarding the relevant processing, if the processing carried out for the above-mentioned purposes does not meet any of the conditions stipulated under the PDP Law.

10.  STORAGE PERIOD OF PERSONAL DATA

Our Company retains personal data for the required period stipulated by the PDP Law and the relevant legislation or for the purpose for which they are processed.

Unless a period of time has been regulated in the legislation regarding how long the personal data should be stored, the Personal Data is processed for a period that requires the processing of the "Company" in accordance with the practices and business practices of the "Company", and then deleted, destroyed. or anonymized.

If the purpose of processing the personal data expires, and the relevant legislation becomes obsolete, and the retention periods determined by the Company also comes to close, personal data can only be stored for the purposes of potential legal disputes, or claims on related rights linked to personal data, or preparations of statement of defense. In setting the time spans, retention periods are determined based on prescription periods for claiming the mentioned right, and even though the prescription periods expires, the examples of requests previously directed to our company on the same issues. In this case, retained personal data are not accessible for any other reason except for the requirements of legal disputes. Personal data is deleted, destroyed or anonymized once the mentioned period has expired. During this period, the access to the relevant Personal Data is only for those who regulate the user authorizations that act as Data Processors in Information Technologies by the Data Officer.

11.  THIRD PARTIES THAT PERSONAL DATA IS TRANSFERRED BY BILGIN YACHTS AND PURPOSE OF TRANSFER

In accordance with Article 10 of the PDP Law, our Company informs the personal data subject of the groups to whom personal data are transferred.

In accordance with Articles 8 and 9 of the PDP Law, the “Company” may transfer the personal data of the data subjects managed by the Policy to the following categories:

  • Real persons or private legal entities
  • Shareholders
  • Business Partners
  • Financial Associates and Subsidiaries
  • Suppliers
  • Community Companies
  • Authorized Public Institutions and Organizations

12.  CODE OF PRACTICE TO INFORM VISITORS ON PDP LAW,

12.1. PERSONAL DATA PROCESSING ACTIVITIES CARRIED OUT IN BILGIN YACHTS FACILITIES

Personal data processing activities carried out by the “Company” in the Center, Istanbul Branch are carried out in accordance with the Constitution, PDP Law and other relevant legislation.

In order to ensure security, our company conducts monitoring activities with security cameras in the buildings and premises, and data processing for tracking guest entrance and exits.

Our Company carries out personal data processing through the use of security cameras and recording of guest entrance and exits.

“Company” surveillance activity through security cameras, act in accordance with the Constitution, PDP Law and other relevant legislation with the aim to protect the interests of the company and other persons in order to ensure the safety of our company.

Image records of our visitors are taken through the camera monitoring system at the building, facility entrances and inside the facility. The objectives of our company in surveilling with security cameras are to improve the quality of the service provided, to ensure the reliability of the company, to deliver the security of the customers, the company and other people, to protect security of benefits of customers about the service they receive.

Our Company complies with the regulations of the PDP Law in conducting surveillance activities with security cameras.

Our company conducts camera surveillance activities in accordance with the Law on Private Security Services and related legislation. Only a limited number of Company employees have access to records that are stored digitally. In accordance with Article 12 of the PDP Law, technical and administrative measures are taken in order to ensure the security of the personal data obtained by the surveillance activities.

Apart from recording with the above camera, our Company carries out processing activities such as tracking guest entries and exits in order to ensure security and for the purposes specified in this Policy.

When the names and surname of the people who come to the premises of Our Company as a guest are obtained, those personal data subjects are informed through the texts. The data obtained for tracking guest entrance and exits are processed for this purpose only, and the personal data are recorded in the data recording system in physical domains.

For the purpose of ensuring company security and in line with the purposes of this Policy, our company provides Internet access to the guests who request so during their stay in our buildings and premises. In this case, log records of your internet access are saved in accordance with the Law No. 5651 and the imperative provisions of the legislation regulated by this Law; and these records are processed only if requested by authorized state institutions and organizations, or required for the audit process within the company in order to fulfill its legal obligation.

Only a limited number of Company employees have access to the log records obtained within this framework. Company employees having access to the mentioned records have access to these records only for use in the demand from the authorized state institutions and organizations, or for use in the audit processes, and they share the records with legally authorized persons. A limited number of people having access to the records declare, through the confidentiality commitment, that they will protect the confidentiality of the data they access.

12.2. VISITORS OF OUR WEBSITE

On the websites owned by our Company; ensuring that visitors of these sites conduct their visits on the sites in a manner suitable for the purpose of their visit; In order to be able to show them customized content and to carry out online advertising activities, internet movements within the site are recorded by technical means (For instance, cookies). Approval information about the use of Cookies at the entrance of our Company's website is obtained from all users. Detailed explanations regarding the protection and processing of personal data for these activities of our company are included in the "Privacy and Security" texts on our website.

13.  CONDITIONS FOR DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

Although Bilgin Yachts has been processed in accordance with the provisions of the relevant law, as stipulated in the 138th article of the Turkish Penal Code and the 7th article of the PDP Law, in case of the disappearance of the reasons requiring the processing, or upon the request of the personal data owner, data is deleted, destroyed or anonymized.

13.1. LIABILITY OF BILGIN YACHTS TO DELETE, DESTRUCT AND ANONYMIZE THE PERSONAL DATA

Although it has been processed in accordance with the provisions of the relevant law, as stipulated in Article 138 of the Turkish Penal Code and Article 7 of the PDP Law, personal data will be deleted based on the decision of “Bilgin Yachts” or upon the request of the personal data owner, are destroyed or anonymized. In this context, our Company taking the necessary technical and administrative measures within the Company to fulfill its related obligations; has developed the necessary mechanisms for this issue; In order to behave in compliance with these obligations, it trains relevant business units, provides them with their assignments and awareness.

13.2. CONDITIONS FOR DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

13.2.1.  Techniques of Deleting and Destroying Personal Data

Although Bilgin Yachts has processed personal data in accordance with the provisions of the relevant law, in case the reasons for the processing disappear, it may delete or destruct the personal data on the basis of its own decision or at the request of the personal data owner. Within this scope, Bilgin Yachts deletes or destructs personal data by using the following techniques:

  • Physical Destruction

Personal data can also be processed in non-automated ways, provided that it is part of any data recording system. When deleting/destructing such data, the system of physical destruction of personal data is applied in a manner that it could not be used subsequently.

  • Safely Deleting From Software

When deleting/destructing data processed in fully or partially automated ways and stored in digital media; the methods for deleting data from the related software in a manner that it cannot be recovered.

  • Securely Deletion by Expert

In some cases, "the company" may agree with an expert to delete personal data on its behalf.  In this case, the personal data is safely deleted/destructed by the person who is skilled in this field in a manner that it cannot be recovered.

13.2.2.  Techniques to Anonymize Personal Data

Anonymization of personal data refers to making personal data unlikely to be associated with any identifiable or unidentifiable real person in any way even when the personal data is paired with other data. Our company may anonymize personal data when the reasons for processing the personal data processed in accordance with the law are disappeared.

In accordance with Article 28 of the PDP Law; anonymized personal data can be processed for research, planning and statistics purposes. Such transactions do not fall under the scope of the PDP Law, the explicit consent of the personal data owner is not required. Since the personal data processed by making it anonymous shall fall outside the scope of the PDP Law, the rights regulated under Article 2  of the Policy shall not apply to such data. The most commonly used anonymisation techniques by Bilgin Yachts are listed below.

  • Masking

This is the method in which key determinant information of personal data is extracted from data set with data masking and personal data is anonymized.

  • Aggregation

Through data aggregation method, several data is aggregated and personal data is made in a manner that is not associated with any person.

  • Data Derivation

Through data derivation, more general content is created from the content of the personal data and it is ensured that personal data is made in a manner that is not associated with any person.

  • Data Shuffling

Through data shuffling, the values in the personal data set are mixed and the connection between the values and the persons is broken down.

14.  DEFINITIONS

  • If personal data cannot be traced by anyone, or if personal identity can be recreated with an unreasonable time, expense and workforce, the data is considered anonymized.
  • Data breaches are events in which there are justifiable doubts about the illegal capture, collection, modification, copying, distribution or use of personal data. This may be related to third parties and individuals.
  • Data Subject: Actual person whose personal data is processed.
  • These data are the personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions and security measures, and the biometric and genetic data.
  • Personal data is any information that determines or identifies a natural person. For example, a person is identifiable if his personal relationship can be determined using a combination of information, even with possible additional information.
  • Processing of Personal Data: All kinds of processes performed on personal data including obtaining, recording, storing, keeping, changing, re-arranging, disclosure, transmission, acquisition, making available, classification or prevention of use in whole or in part, automatically or in non-automatic ways, being part of any data recording system.

RECEIVE OUR NEWSLETTER

close