Processing and Protection of Personal Data Policy

 

According to the law, everyone has the right to demand the protection of their personal data. This right includes being informed about personal data related to oneself, accessing this data, requesting correction or deletion of the data, and finding out whether the data is being used for its intended purposes. The Law on Protection of Personal Data regulates the processing of personal data to protect the fundamental rights and freedoms of individuals and specifies the obligations of natural and legal persons processing personal data, as well as the procedures and principles they must follow. In the context of this policy under the mentioned law, the protection of personal data encompasses Candidate Employees, Employees, Interns, Shareholders/Partners, Potential Product or Service Recipients, Product or Service Recipients, visitors, and third parties. In case of any inconsistency between the Law on Protection of Personal Data and other relevant legislation with this policy, the current legislation will prevail.In accordance with the relevant law, the definitions mentioned in this policy are as follows:

a) Explicit consent: Consent based on information about a specific subject and expressed freely and with free will,

b) Anonymization: Rendering personal data incapable of being associated with an identified or identifiable natural person, even when matched with other data,

c) President: The President of the Personal Data Protection Authority,

d) Data subject: The natural person whose personal data is processed,

e) Personal data: Any kind of information related to an identified or identifiable natural person,

f) Processing of personal data: Any operation performed on data, whether automated or non-automated, including collection, recording, storage, retention, alteration, rearrangement, disclosure, transfer, takeover, making available, classification, or prevention of the use of data,

g) Board: The Personal Data Protection Board,

h) Authority: The Personal Data Protection Authority.

i) Data processor: The natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller,

j) Data recording system: The record system where personal data is processed in a structured manner according to specific criteria,

k) Data controller: The natural or legal person who determines the purposes and means of processing personal data, and is responsible for the establishment and management of the data recording system.

In the processing of personal data, CrossCheck, in compliance with the Constitution, the Law on the Protection of Personal Data (KVKK), and relevant regulations, conducts its personal data processing activities in accordance with the law and principles of honesty. During the processing of personal data, all necessary administrative and technical measures are taken to ensure the accuracy and currency of personal data. Before commencing the processing of personal data, the purpose of processing is clearly and precisely specified. Personal data is processed by our company to the extent necessary for the realization of the specified purposes. The processing of data is not carried out on the assumption that it may be used later. Personal data is stored for a limited period as required by the purposes set out in the KVKK and related legislation.

Our company may process personal data and special categories of personal data without explicit consent in cases provided for in Articles 5 and 6 of the KVKK or with the explicit consent of the data subject.

In accordance with Article 12 of the KVKK, our company takes all necessary technical and administrative measures to prevent the unlawful processing of personal data, unauthorized access to personal data, and to ensure the preservation of personal data at the appropriate security level. In the event that the processed personal data is obtained by others through unlawful means, our company will promptly notify the relevant data subject and the Personal Data Protection Board.

 

Processed Personal Data,

 

Personal Data Category

Description

Relevant Data Subject Category

Identity Data

Full name, parents' names, mother's maiden name, date and place of birth, marital status, ID card serial and order number, Turkish ID number, etc.

Shareholder/Partner, Job Applicant, Employee, Intern, Potential Product or Service Buyer, Product or Service Recipient, Other - Personnel Spouse and Children

Contact Data

Address number, email address, contact address, registered email address (KEP), phone number, etc.

Potential Product or Service Buyer, Job Applicant, Employee, Shareholder/Partner, Intern, Product or Service Recipient

Personnel Data

Payroll information, disciplinary investigation, entry documents, asset declaration information, resume details, performance evaluation reports, etc.

Job Applicant, Employee, Shareholder/Partner, Intern

Legal Transaction Data

Information in correspondences with judicial authorities, information in lawsuit files, etc.

Employee, Shareholder/Partner, Intern, Product and Service Recipient

Customer Transaction Data

Call center records, invoice, promissory note, check information, information on cashier receipts, order information, request information, etc.

Potential Product or Service Buyer, Product or Service Recipient

Physical Space Security Data

Entry and exit records of employees and visitors, camera records, etc.

Job Applicant, Employee, Shareholder/Partner, Intern

Transaction Security Data

IP address information, website login and exit information, password information, etc.

Job Applicant, Employee, Shareholder/Partner, Intern

Financial Data

Balance sheet information, financial performance information, credit and risk information, asset information, etc.

Employee, Shareholder/Partner, Job Applicant, Intern

Professional Experience Data

Diploma information, attended courses, in-service training information, certificates, transcript information, etc.

Job Applicant, Employee, Shareholder/Partner, Intern

Marketing Data

Shopping history information, surveys, cookie records, information obtained through campaign activities, etc.

Potential Product or Service Buyer, Product or Service Recipient

Health Information Data

Information regarding disability status, personal health information, information about used devices and prosthetics, etc.

Job Applicant, Employee

Criminal Conviction and Security Measures Data

Information regarding criminal convictions, information regarding security measures, etc.

Job Applicant, Employee

Other Information - Personnel Family and Relative Data

Data types determined by the user, etc.

Other - Personnel Spouse and Children

 

 

CrossCheck collects, processes, and transfers personal data of data subjects in accordance with the specified purposes by the relevant units. The processes related to this are as follows:

-Personal data is processed for the negotiation, conclusion, and performance of contracts.

-Personal data is processed to provide products and services.

-Personal data is used to customize offered products and services according to requests, customer needs, and legal/technical developments.

-Personal data is processed for user identifications on systems related to offered products and services.

-Call center and remote support services are provided, and call volume and content are tracked.

-Personal data is used for announcing new or existing products, services, and campaigns, and for conducting sales and marketing activities.

-Personal data is used for conducting market research.

-Personal data is processed to create statistics and analyze usage.

-Personal data is processed for the payment and collection of fees.

-Personal data is processed for establishing contact and communication.

-Personal data is processed for managing commercial relationships with partner companies, suppliers, resellers, and service providers.

-Reports are prepared within the framework of cooperation.

-Reseller partnership applications are evaluated.

-Personal data is processed for developing the company's commercial strategies and plans.

-Communication is established for satisfaction measurement surveys.

-Discounts are provided in purchases from affiliated websites and institutions.

-Participant records are created in organized events/trainings, and certificates/participation documents are issued.

-Legal/administrative processes are managed, responses are provided to requests from public institutions, legal obligations are fulfilled, and legal disputes are resolved.

-Investor relations are managed.

-Results of legal transactions are ensured.

-Employees, individual resellers/customers, and reseller/customer stakeholders are introduced in social media posts.

-Job interviews are conducted, and job applications are evaluated.

-Employment relationship/contract is established, executed, and terminated.

-Employees benefit from their main and ancillary rights arising from employment contracts, and their performance and work are evaluated.

-User accounts are opened for employees, and company ID and meal cards are provided.

-Transportation organization for company employees is provided, and company pool vehicles are tracked.

-Participant records are created in case of the company's participation in an organization.

-Employees' participation in trainings is recorded, and certificate records are created.

-Visitor records are created and tracked.

-Internal and environmental security of the company and the security of the website and applications are ensured.

-Analysis of website usage is performed.

-A personal data inventory is created.

-Evaluation and Response to All Questions, Requests, Suggestions, Complaints, and Applications Relating to Personal Data, Regardless of Being Conveyed in Writing, Orally, or Electronically:

-All questions, requests, suggestions, complaints, and applications relating to personal data are evaluated and responded to.

The company determines whether there is a specified period for storing personal data in the relevant legislation. If a period is specified in the relevant legislation, it complies with this period; if no period is specified, it keeps the personal data for the duration necessary for the purpose of processing. If the purpose of processing personal data has ended and the end of the storage periods determined by the relevant legislation and/or the Company has been reached, it can only be retained for the purpose of constituting evidence in possible legal disputes, asserting the related right related to personal data, or establishing a defense. The Company does not keep personal data by relying on the possibility of future use.

According to Article 7 of the Law on the Protection of Personal Data, even if personal data has been processed in accordance with the relevant legislation, in case the reasons requiring processing are eliminated, personal data is deleted, destroyed, or anonymized by our company upon its own decision or at the request of the data subject. Our company can destroy personal data upon its own decision or at the request of the data subject in case the reasons requiring processing are eliminated, in compliance with the relevant legal provisions. Destruction of personal data is the process of making personal data physically inaccessible, unrecoverable, and unusable by anyone in any way. In this context, personal data in physical environment (written, printed documents, etc.) will be physically destroyed, and personal data registered in computer systems will be deleted from the relevant software.

Anonymization refers to the state where personal data cannot be associated with any identified or identifiable real person in any way, even by matching with other data. Although our company primarily implements the application of deleting or destroying personal data, in mandatory cases, the process of anonymizing personal data can also be performed.

In accordance with Article 28 of the Law on the Protection of Personal Data, personal data that has been anonymized can be processed for purposes such as research, planning, and statistics. Such processes are outside the scope of the Law on the Protection of Personal Data, and explicit consent of the data subject is not required. The purpose of anonymization is to sever the connection between the data and the person it defines. Personal data held in the data recording system will be anonymized by methods such as automatic or non-automatic grouping, masking, derivation, generalization, and randomization applied to the records in the data recording system where personal data is kept. As a result of the application of these methods, the obtained data should not be able to identify a specific person.

The procedures and principles to be applied in personal data transfers are regulated in Articles 8 and 9 of the Law on the Protection of Personal Data, and the personal data of the data subject can be transferred to third parties in Turkey. CrossCheck may process your personal data and may be shared with third parties such as contractual institutions, legal entities, lawyers for the resolution of legal disputes within the scope of service provided, and other third parties.

In accordance with Articles 8 and 9 of the Law on the Protection of Personal Data and within the scope of this Policy, our company can transfer the personal data of data subjects who are within the scope of this Policy to the following groups of persons for the purposes specified:

Authorized public institutions and organizations and private legal entities to whom our company is obliged to provide information and documents in accordance with the legislation and other persons specified in the legislation (To business partners and shareholders).

Data subjects can send their complaints or requests regarding the processing of their personal data to us in accordance with the principles specified in the relevant form.

 

The detailed explanations regarding the activities of our company related to this in order to enable the visitors of our company's website to perform their visits in an appropriate manner and to carry out online advertising activities are recorded by technical means such as cookies on the website and are included in the Privacy Policy texts on our website.

Privacy Policy, Terms of Service, About Us & Contact Details

For support about CrossCheck: support@crosscheck.tech

Payments powered by

© 2024 CrossCheck