The document herein is arranged by Novatel Haberlesme Cozumleri A.S ("Novatel"), and comprises the policy on protection and processing the personal data relating to the natural persons whose personal data is processed, except for the employees thereof.
The purpose of this policy is to be transparent on the personal data processing activities as well as the systems adopted concerning the protection of personal data and to inform the data subjects, whose personal data is processed by our company, on the methods utilized for the protection of personal data.
PURPOSE AND SCOPE
The protection of personal data is a priority of Novatel, which is approached with due diligence and significance.
Pursuant to the Constitution of the Republic of Turkey and the Law on Protection of Personal Data ("Law"), everybody is entitled to request the protection of the personal data relating to oneself.
For such purpose, under our principles of protecting personal data as it is a constitutional right, Novatel pays due diligence to protect the personal data of natural persons whose data is processed, including but not limited to Employee Candidates, Company Shareholders, Officials, Visitors, Employees, Shareholders and Officers of the Organizations with which our company is associated, and Third Persons, as well as the persons and customers who do business and transactions in our company.
Therefore, necessary legal, technical and organizational measures for the protection of personal data being processed are taken under the applicable legislation.
During the processing of personal data upholds the principles laid down below:
In accordance with the foregoing, Novatel complies with the applicable legislation, international legislation and the regulations set forth by the Personal Data Protection Authority ("Authority") for the purposes of below-listed processing activities:
PERSONAL DATA THAT ARE BEING PROCESSED
Pursuant to the Obligation of Controller to Inform, Novatel informs the related data subject groups that their personal data is being processed, the purposes of the processing, and the retention periods thereof.
As the categories of personal data being processed have been mentioned hereinbelow, the term "personal data" refers to any information, direct or indirect, processed through automatic means or provided that the process is a part of any data registry system, through non-automatic means, and that can identify an individual.
Identification Information: Information including but not limited to name-surname; T.R. identification number, nationality, name of the mother/father, place of birth, date of birth, gender, as well as the documents that contain the foregoing, such as identity card or passport, and other documents containing tax number, SSI (Social Security Institution) number, signature, vehicle plate number, and similar information
Contact information: Information such as phone number, address, email address, fax number, IP address
Location Data: Information such as GPS location
Information on Family Members and Relatives: Information regarding the family members of the data subject (e.g., spouse, mother, father, child), the relatives and other persons who can be contacted in case of emergency
Physical Environment Security Information: Personal data regarding records and documents obtained at the entry to and during the time spent in a physical environment, as well as camera recordings, fingerprint recordings, and records taken at the security point, and so forth, that are processed fully or partially through automatic means or provided that the process is a part of any data registry system, through non-automatic means
Financial Information: The processed data relating to any information, document, or record indicating financial results, as well as account numbers, IBANs, credit card information, financial profiles, assets data, income information, and similar data which is explicitly related to an identified or an identifiable natural person
Audio / Visual Information: Photographs and camera recordings (excluding recordings that are within the scope of Physical Environment Security Information), voice recordings, and data contained in documents that are copies of documents containing personal data.
Personnel Information: Any personal data processed to obtain information to set out the basis for the formation of personnel rights of natural persons in a working relationship
Personal Data of Special Nature: Race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions and security measures, and the biometric and genetic data of persons
PROCESSING OF PERSONAL DATA
Novatel conducts personal data processing activities, lawfully and fairly, accurately and up to date, with specified, explicit and legitimate purposes, and in a manner relevant with, limited to and proportionate to such purposes, in accordance with the Constitution, Law and other legal and international regulations
Novatel carries out data processing activities where:
It is mandatory for the legitimate interests of the controller, or, where necessary, upon explicit consent of the concerned data subject, provided that such processing shall not violate the fundamental rights and freedoms of the data subject.
Concerning the personal data of special nature, personal data, excluding those relating to health and sexual life, are processed in the cases provided for by law. Personal data relating to health and sexual life are only processed, for the purposes of protection of public health, operation of preventive medicine, medical diagnosis, treatment and nursing services, planning and management of health-care services, as well as their financing.
Novatel, in accordance with the Constitution and the Law, informs the data subjects and provides necessary information where a data subject makes a request thereof.
a. Lawfulness and Conformity with Rules of Bona Fides
While processing personal data, Novatel acts in conformity with the legal regulations, principles, and rules of bona fides, and does not process personal data for purposes other than those notified to the data subjects pursuant to the obligation to inform.
b. Ensuring the Personal Data Be Accurate and up to Date
Novatel takes necessary measures and makes necessary arrangements to ensure that the processed personal data is accurate and up to date to the extent reasonable, by taking into account the rights and legitimate interests of data subjects.
c. Processing for Specific, Explicit and Legitimate Purposes, in Accordance with the Requested Services by Data Subjects
Novatel identifies the legitimate and lawful purpose of the data subject clearly and processes the personal data to the extent necessary for the business operation and the required services.
d. Being relevant, limited, and proportionate to the purposes for which they are processed.
Novatel processes the personal data to the extent necessary for the business operation and the required services by clearly identifying the legitimate and lawful purpose of the data subject. It avoids the processing of personal data, which is not relevant to the purposes to be carried out.
e. Retaining for the period stipulated by relevant legislation or the purpose for which they are processed.
Novatel retains the personal data for the period indicated in the applicable legislation or necessary for the purpose for which they are processed. At the end of such period, personal data is either being erased, destructed, or rendered in conformity with the legal regulation.
f. Informing the Data Subject
Novatel, while collecting personal data, informs the data subjects regarding its identity as the controller, the purpose of data processing it will conduct, to whom and for what purposes the processed data may be transferred, the method and legal reason relating to the collection of personal data, and the rights of the data subject.
The data subject has the right "to demand information". Novatel informs the data subject on the methods, rules, and procedures regarding the exercise of such rights.
g. Performing Due Diligence with Processing Personal Data of Special Nature
Novatel avoids to process the data determined as "of special nature" that might cause a risk of victimization or discrimination of persons if processed unlawfully, particularly by not collecting, and where it is mandatory to process such data, it performs with due diligence;
And it processes the aforementioned data:
-if data subject explicitly consents to or if it is mandatory for data processing or
-where the explicit consent of the data subject is not obtained it may process:
PURPOSES OF PROCESSING PERSONAL DATA
Novatel processes personal data to the extent of the purposes and conditions of processing stipulated in the Law and other legislation. Such purposes and conditions are as follows:
Within the scope of the foregoing and the job, the personal data is being processed by Novatel for below-listed purposes:
Your explicit consent is obtained from you if the processing activity performed for the relevant purposes does not meet any of the purposes and conditions listed above.
TRANSFERRING PERSONAL DATA
Novatel may transfer the personal data or personal data of special nature of the data subject to third persons in accordance with the lawful personal data processing purposes by taking necessary security measures.
Novatel may transfer your personal data to third persons where:
Concerning the personal data of special nature, personal data, excluding those relating to health and sexual life, are transferred in the cases explicitly provided for by law; whereas the personal data relating to health and sexual life are only transferred to the persons or authorized public institutions and organizations that have confidentiality obligation, for the protection purposes of public health, operation of preventive medicine, medical diagnosis, treatment and nursing services, planning and management of health-care services as well as their financing.
Regarding the transfer of personal data abroad, in addition to the abovementioned principles and rules, it is necessary that:
THE THIRD PERSONS WHO ARE TRANSFERRED PERSONAL DATA AND PURPOSES OF TRANSFERRING
Novatel informs the data subject on the recipient groups of personal data, under the legislation on protection of personal data to which Novatel is subject. Novatel may transfer the personal data of the data subjects to the recipient groups listed below.
To business partners, suppliers, shareholders, company officials, and employees who will carry out the work, legally authorized public institutions and organizations, legally authorized private law entities, to persons, institutions, and organizations authorized for auditing, to units necessary for the execution of accounting transactions, institutions and organizations that are required to be transferred in accordance with the business and work in which Novatel is engaged, domestic or foreign subsidiary and auxiliary service organizations and third persons required by the contract or the service that the data subject has received or wishes to receive
ISSUES REGARDING PROTECTION OF PERSONAL DATA AND PROVISION OF SECURITY
Novatel, pursuant to the provisions set for by the Law, has taken all necessary technical and administrative measures to provide a sufficient level of security in order to prevent unlawful processing of or access to personal data and to ensure the retention of personal data. It is conducting or having conducted the necessary inspections. For such purpose:
RETENTION OF PERSONAL DATA IN A SECURE MEDIUM
Novatel has taken appropriate technical and administrative measures to ensure that personal data is retained in a secure medium and to prevent them from being unlawfully processes, destructed, lost, modified, or disclosed, taking into account the technologies and implementation costs.
Novatel has taken the necessary measures to prevent personal data processed in compliance with the provisions of the Law from being unlawfully obtained by others. However, in the event that personal data is collected through unlawful means despite all kinds of measures taken, Novatel carries out the system that ensures that such incident is notified to the relevant personal data owner as well as to the Board and Legal Units as soon as possible.
Protection of the personal data determined as "of special nature" by the Law, which is being lawfully processed, is protected with particular attention, within the scope of the protection of personal data. Regarding such personal data of special nature, all of the abovementioned technical and administrative measures are taken particularly in order not to obtain or process, and where the collection is necessary and mandatory, to protect the personal data.
PROCESSING DATA OBTAINED THROUGH THE WEB SITE AND INTERNET
Novatel might record the activities and personal data of the persons visiting, making transactions on and receiving services from Novatel's websites by technical means to ensure processing of such personal data on the sites in accordance with the notification purposes, to display customized contents, and to conduct online marketing activities, and to enable the data subjects to access services and information as they wish.
RIGHTS OF THE DATA SUBJECTS
Novatel, under the legislation regulating the personal data, provides guidance by informing the data subjects of their rights and carries out the necessary technical and administrative measures in terms of evaluating the data subject rights and serving necessary notifications.
Data Subject relating to Personal Data or Personal Data of Special Nature is entitled to:
Conditions That the Data Subject Cannot Claim Any Rights
In case of the following conditions, data subjects are not entitled to claim any rights to obtaining information, except for the compensation for damage:
APPLICATION RIGHT OF DATA SUBJECTS
Data subjects may exercise their rights to information, via Novatel's website, the official email address published on the site, or by delivering himself or through notary public, to "Oruç Reis Mh. Vadi Cd.İstanbul Ticaret Sarayı No.108/301 Esenler/İstanbul" address with the wet signed identification document.
In order for the third persons to make an application request on behalf of the data subjects, a particular power of attorney issued by the data subject through a notary public in the name of the applicant must be submitted, if the applicant is a guardian, the copy of the Court Order must be submitted.
If the data subject request is submitted duly, Novatel will finalize the request within thirty days at the latest depending on the nature of the request, free of charge up to the first ten pages and against a fee of 1 TL per page for the exceeding parts.
Novatel might reject the requests under the abovementioned circumstances where the data subject cannot request information, or in case that such request conflicts with the rules of proportionality, bona fides, and goodwill, or it is prohibited by laws, and/or where the applicant cannot be identified and/or the applicant is not authorized.
The data subject may file a complaint to the Personal Data Protection Board if such application is rejected, the provided answer is insufficient, or the application is not answered in time and/or within thirty days from the receipt date of the answer, and in any case within sixty days from the date of application.