POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA
1-INTRODUCTION
In accordance with the Law No. 6698 on the Protection of Personal Data (“Law No. 6698”), VİZECAR OTO KİRALAMA TURİZM TAŞIMACILIK LIMITED COMPANY- MERSIS NO:????? (“COMPANY, VİZECAR”), in the capacity of data controller, we process the personal data of our employees, customers, potential customers, employee candidates, visitors and third parties and other natural persons with whom we are in contact, under the basic principles stated below.
With this Policy; We aim to legally process and protect the personal data of you, our potential customers, employees, employee candidates, visitors and third parties, as notified to us and by preserving the most up-to-date version.
2-DEFINITIONS
Explicit Consent: It refers to the consent that is based on information and freely expressed regarding a certain subject.
Anonymization: It means making personal data not to be associated with an identified or identifiable natural person in any way, even if it is matched with other data.
Application Form: It refers to the "Application Form Regarding the Applications to be Made by the Relevant Person (Personal Data Owner) to the Data Controller in accordance with the Law on Protection of Personal Data No. 6698", which includes the application to be made by the personal data owners to exercise their rights.
Employee Candidate: Refers to real persons who have applied for a job to VİZECAR by any means or have given their CV and relevant information.
Employees of Collaborating Institutions,
Shareholders and Officials: VİZECAR refers to real persons, including the shareholders and officials of these institutions, working in institutions with which it has any business relationship.
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, It refers to all kinds of operations performed on data such as classification or prevention of use.
Personal Data Owner: Refers to the real person whose personal data is processed.
Personal Data: It means all kinds of information related to an identified or identifiable natural person.
Customer: Refers to the real persons who benefit from the products and services offered by the Company.
Special Qualified Personal Data: Data related to race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data. represents the data.
Policy: It refers to the basic rules for the processing of personal data, which are declared with the Personal Data Processing and Protection Policy of VİZECAR OTO KİRALAMA TURİZM TAŞIMACILIK LİMİTED ŞİRKETİ.
Potential Customer: Refers to real persons who show interest in using the products and services offered by the Company and have the potential to become a customer.
Supplier : Refers to the parties that provide contractual VIZECAR service while VIZECAR carries out its commercial activities.
Third Party : Refers to natural persons whose personal data are processed within the scope of the policy, who are not defined differently within the scope of the policy.
Data Processor: Refers to the natural and legal persons who process personal data on behalf of the data controller, based on the authority given by the data controller.
Data Controller: It refers to the person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically (data recording system). Within the scope of this policy, VIZECAR LTD. ŞTİ. is the data controller.
Deletion of Data: It refers to the process of making personal data inaccessible and unusable for the relevant users in any way.
Destruction of Data: It refers to the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.
Visitor : Real persons who have entered the company, store, office, dealer, service and website owned by VİZECAR for various purposes.
3- PURPOSE OF THE POLICY
The main purpose of this Policy is;
It is to make explanations about the personal data processing activity carried out by VIZECAR in accordance with the law and the principles adopted for the protection of personal data.
4-SCOPE OF THE POLICY
This Policy; by our customers, employees, employee candidates, visitors, shareholders and employees of the institutions we cooperate with, and third parties, dealers, authorized services, branches, call centers, agencies, offices and our affiliated companies; camera recording system, e-mail correspondence, training attendance records, forms, contracts, petitions, crime scene information, minutes, authorized institutions, mobile applications and similar means or through our websites and social media pages and/or systems that are not limited to these. It relates to all personal data processed by non-automatic means, in writing, verbally or electronically and through similar technologies, provided that it is a part of any data recording system.
This Policy is published on our websites (www.vizecar.com) and made available to the relevant persons upon the request of personal data owners.
In case of inconsistency between the current legislation and the Policy, the provisions of the legislation will be applied with priority. 5-GENERAL PRINCIPLES IN PROCESSING PERSONAL DATA
VIZECAR enlightens the data owners in accordance with Article 10 of the KVK Law and requests their consent in cases where consent is required.
In accordance with the Law and the Rule of Integrity, keeping all communication channels open in order to ensure that personal data is accurate and up-to-date when necessary, processing for specific, clear and legitimate purposes, ensuring that it is linked, limited and proportionate to the purpose for which it is processed, for the period stipulated in the relevant legislation or required for the purpose for which it is processed. It works by preserving it.
6-RULES ON THE PROTECTION OF PERSONAL DATA
VIZECAR, in accordance with Article 20 of the Constitution and Article 4 of the KVK Law, regarding the processing of personal data; carries out personal data processing activities in a limited and measured manner in accordance with the law and honesty rules, accurately and, when necessary, for up-to-date, specific, clear and legitimate purposes.
VİZECAR retains personal data for as long as required by law or for the purpose of processing personal data.
VİZECAR, personal information of its customers, employee candidates, employees, shareholders and employees of the institutions with which it cooperates, visitors, employees of supplier companies and third parties; identification information (name, surname, TR identity number, gender, age, date of birth), contact information (e-mail address, telephone number, address information, IP address), vehicle characteristics, license information, chassis information, preference on the vehicle, taste and user habits, occupational data, visual and audio data, education data, family members data, health data.
While processing this data, the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698, and the Identity Declaration Law No. 1774, Highway Traffic Law No. 2918, Insurance Law No. 5684, Law No. 6502 on the Protection of Consumers and Tax legislation, Personal data of personal data owners, within the framework of, but not limited to, the regulations of supervisory and regulatory institutions and organizations and the cases required by other authorized public authorities, the follow-up and execution of legal processes and other legislation; In addition to our obligations listed above, in order to establish and conduct sales, service, car rental and insurance services and to serve you better;
Fulfilling the requirements of dealership, service, agency contracts and other contracts,
Confirming your identity before our sales, service, car rental and insurance services, contacting potential customers and thus identifying potential consumers and informing them about campaigns, conducting the offer preparation process, conducting vehicle test drives and preparing for vehicle delivery, Sharing the contract with you in order to establish the contract,
Creation of records of sales service, service, car rental service and insurance business and transactions in the system, completion of contract processes,
For the purpose of measuring vehicle / service / service satisfaction, communication after purchase / service, updating customer contact information, providing technical and useful information about your vehicle / rented vehicle / for your benefit, customers' taste and usage habits of the products and services offered by our company. and its customization, updating, marketing and promotion according to its needs, sales and marketing of vehicles and spare parts, informing about the changes that may occur in our service conditions, meeting and following your requests and complaints, providing after-sales support services, establishing service appointments, notifying maintenance and inspection dates and reminders, fulfillment of warranty obligations, monitoring of insurance processes, damage or accident processes and valuation, execution and follow-up of value loss and other processes, sales and service related invoicing and crediting; executing financial and financial transactions, executing risk management, executing operations related to your security and emergencies, informing you before the contract expiry date,
Planning and executing the work carried out with our business partners, credit providers, authorized dealers, authorized services and suppliers in order to carry out the commercial activities carried out by our company, performing the necessary studies and carrying out the related works and transactions,
Getting to know you when you visit the site and thus making your visit more efficient by personalizing the site, planning information security processes, creating information technology infrastructure
7- ENSURING THE SECURITY OF PERSONAL DATA
VİZECAR; In accordance with Article 12 of the KVK Law, it takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing of the personal data it processes, to prevent unlawful access to the data and to ensure the preservation of the data, and in this context, it makes or has the necessary inspections made. .
The technical measures taken in this context are listed here, including but not limited to;
Personal data processing activities carried out within VİZECAR are controlled by established technical systems.
Technical departments have been established and specialized personnel are employed.
New technological developments are followed and technical measures are taken on systems, especially in the field of cyber security, and the measures taken are periodically updated and renewed.
Access and authorization technical solutions are put into use within the framework of legal compliance requirements determined for each department within VIZECAR.
Access authorizations are limited and authorizations are reviewed regularly. Access restrictions are applied to ex-employees and accounts are closed.
The technical measures taken in accordance with the internal functioning of VİZECAR are reported to the relevant users, and the necessary technological solutions are produced by re-evaluating the risky issues.
Software and hardware including virus protection systems, data vulnerability security and firewalls are installed.
All information systems, including the applications where personal data are collected, are regularly subjected to external impact tests to detect security vulnerabilities, and the gaps found according to the results of this test are closed.
Administrative measures taken are listed here, but not limited to:
VİZECAR employees, dealers and authorized service personnel are informed and trained on the law of protection of personal data and the processing of personal data in accordance with the law.
VİZECAR employees, dealers and authorized service employees; They were informed verbally and in writing about not using the personal data they learned within the scope of the activity in violation of the provisions of the KVK Law. Additional protocols are signed with the employees that these obligations will continue after they leave their positions.
All personal data processing activities carried out by VİZECAR; It is carried out in accordance with the personal data inventory and its annexes, created by analyzing all business units in detail.
Personal data processing activities carried out by the relevant departments within VIZECAR; Obligations to be fulfilled in order to ensure that these activities comply with the personal data processing requirements sought by the KVKK, are bound to the written policies and procedures by VIZECAR, and each department has been informed about this issue and the issues to be considered specific to the activity it carries out have been determined.
With the persons to whom personal data is transferred by VİZECAR in accordance with the law; Additional agreements are made that contain provisions that the persons to whom personal data are transferred will take the necessary security measures for the protection of personal data and ensure that these measures are complied with in their own organizations.
In case the processed personal data is obtained by others illegally, VIZECAR will notify the relevant person and the Board as soon as possible.
8-PROTECTION OF PRIVATE PERSONAL DATA
With the KVK Law, special importance is attached to certain personal data due to the risk of causing victimization or discrimination when processed unlawfully. These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data.
VİZECAR acts sensitively in the protection of special quality personal data, which is determined as "special quality" by the KVK Law and processed in accordance with the law. In this context, technical and administrative measures taken by VIZECAR for the protection of personal data within the scope of the Law and within the scope of the Board's principle decisions are meticulously implemented in terms of special quality personal data and necessary audits are provided within VIZECAR.
9-INFORMING AND INFORMING PERSONAL DATA OWNERS
VIZECAR ; In accordance with Article 10 of the KVK Law and the Communiqué on the Procedures and Principles to be Complied with in Fulfilling the Obligation of Clarification, it enlightens the personal data owners during the acquisition of personal data. In this context, Clarification Texts have been placed in areas that can be easily seen by employees, employee candidates, customers, visitors, shareholders and employees of institutions we cooperate with, and third parties in dealers, authorized services, branches, agencies and offices. Clarification texts, cookie policy and application form have also been published on www.vizecar.com along with this policy.
10-TRANSFER OF PERSONAL DATA
VIZECAR may transfer the personal data and sensitive personal data of the personal data owner to third parties, by taking the necessary security measures, in line with the purposes of processing personal data in accordance with the law. Personal data can be transferred by VIZECAR to foreign countries that are declared to have sufficient protection by the KVK Board or, in the absence of sufficient protection, to foreign countries where data controllers in Turkey and the relevant foreign country undertake an adequate protection in writing and where the permission of the KVK Board is available. The reasons for the transfer are explained below:
If there is a clear regulation in the law regarding the transfer of personal data,
If it is necessary to transfer the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
If personal data transfer is mandatory for VIZECAR to fulfill its legal obligation,
If personal data transfer is necessary for the establishment, exercise or protection of a right,
If personal data transfer is necessary for VIZECAR's legitimate interests, provided that it does not harm the fundamental rights and freedoms of the personal data owner.
11- STORAGE PERIOD OF PERSONAL DATA
VİZECAR stores personal data for the period specified in these legislations, if stipulated in the relevant laws and regulations.
If a period of time is not regulated in the legislation regarding how long personal data should be kept, Personal data is kept for the period that requires it to be kept, depending on the activity VIZECAR carries out while processing that data, then it is deleted, destroyed or anonymized in accordance with the relevant policy created by VIZECAR in accordance with the nature of the data. .
If the purpose of processing personal data has ended and the storage periods determined by the relevant legislation and VIZECAR have come to an end, personal data can be stored only to provide evidence in possible legal disputes or to assert the relevant right related to personal data or to establish a defense. Despite the expiry of the statute of limitations and the statute of limitations for the right to assert the aforementioned right in the establishment of the periods herein, the retention periods are determined based on the examples in the requests submitted to VIZECAR on the same issues before. In this case, the stored personal data is not accessed for any other purpose, and only when necessary to use it in the relevant legal dispute, access to the relevant personal data is provided. Here, too, personal data is deleted, destroyed or anonymized after the aforementioned period expires.
12-RIGHTS AND REQUESTS OF THE PERSONAL DATA OWNER
You have the following rights regarding your personal data by applying to our Company in accordance with the procedure stipulated in accordance with Article 11 of the Law No. 6698.
Find out if it's processed
Requesting information if processed
Learning the purpose of processing and whether it is used in accordance with its purpose
Knowing the third parties to whom personal data is transferred at home or abroad
Requesting correction of personal data if it is incomplete or incorrectly processed
Requesting the deletion or destruction of personal data in case the reasons requiring the processing of personal data disappear
In cases where the personal data is requested to be corrected if it is incomplete or incorrectly processed, and the personal data is requested to be deleted or destroyed if the reasons requiring the processing of personal data disappear; Requesting notification of these transactions made to third parties to whom personal data is transferred
Objecting to the emergence of a result against you due to the analysis of the processed data exclusively with automated systems
Requesting the compensation of the damage in case you suffer damage due to the unlawful processing of personal data
Personal data owners can submit their requests regarding their rights specified in Article 11 of Law No. 6698 in writing in accordance with the "Communiqué on Application Procedures and Principles to the Data Controller" or by a registered electronic mail (KEP) address, secure electronic signature, mobile signature or the data controller by the person concerned. using the e-mail address previously notified and registered in the system of the data controller, or by adding the relevant information and documents to the data controller by means of a software or application developed for the purpose of application.
In the application; name, surname and signature if the application is written, for citizens of the Republic of Turkey T.C. identification number, nationality for foreigners, passport number or identification number, if any, place of residence or workplace address for notification, e-mail address for notification, telephone and fax number, if any, and the subject of the request.
Applications made via registered mail or notary public should be sent to the address “Yenibosna İstanbul Vizyon Park 4. Plaza 5. Kat Bahçelievler / İstanbul”.
Our company concludes the requests in the application as soon as possible and within 30 (thirty days) at the latest, according to the nature of the request and in accordance with the legislation.
If the request of the person concerned is accepted, the request is fulfilled by our Company as soon as possible and the person concerned is informed.
13-CONDITIONS WHERE THE PERSONAL DATA OWNER CANNOT AGREE THEIR RIGHTS
Personal data owners, in accordance with Article 28 of the KVK Law, the following cases are excluded from the scope of the KVK Law:
a) Processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with.
b) Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics.
c) Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.
ç) Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations that have been authorized by law to ensure national defense, national security, public safety, public order or economic security.
d) Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.
14-DELETE, DESTROY AND ANONYMIZATION OF PERSONAL DATA
In accordance with the Legislation and the "Regulation on the Deletion, Destruction and Anonymization of Personal Data" issued by the Board, personal data is deleted in line with VIZECAR's own decision or upon the request of the personal data owner, in case the reasons requiring processing are eliminated, although it has been processed in accordance with the provisions of the relevant law, destroyed or anonymized.
This Policy has been prepared within the framework of the Law on the Protection of Personal Data and the legislation in force, and is made available to the relevant persons by being published on our website.
In case of inconsistency between the current legislation and the Policy, the provisions of the legislation will be applied with priority.