Personal data protection has a great importance in terms of Gotrend (“GOTREND” or the “COMPANY”) and finds place in company priorities. Within this scope, GOTREND pays utmost attention to protect personal data of it’s insured employees, job applicants, authorities, visitors, commercial relation parties (institutions, employees, authorities) and third parties, whose data is somehow processed by the COMPANY.
GOTREND takes the organizational and technical precautions, which are needed to protect personal data, processed in accordance with legislation. In this Policy, GOTREND following principles about personal data processing will be explained in detail.
The main purpose of this Policy is to elucidate the lawful processing of ersonal data and the systems, internalized by the COMPANY to protect processed data. Within this scope, we aim to provide a transparent processing procedure, by informing the subjects of data processing, particularly our employees, job applicants, authorities, visitors, commercial relation parties (institutions, employees, authorities) and third parties, whose data is somehow processed by the COMPANY.
This Policy pertains to all personal data of GOTREND’s insured employees, job applicants, authorities, visitors, commercial relation parties (institutions, employees, authorities) and third parties, whose data is somehow processed within GOTREND, by an automatic data recording system or a non-automatic one, under the condition that must be a part of an automatic data recording system.
This Policy is drawn up by GOTREND and has entered into force in published on GOTREND’s Website. The Policy is published on GOTREND’s Website and allows access to concerned persons on data subjects’ demand.
Personal Data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Data Subject Consent: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Genetic Data: personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question
Biometric Data: personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.
International Organization: an organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.
GOTREND, in compliance with Art 5 and 32 of General Data Protection Regulation (“GDPR”), takes the necessary organizational and technical measures and also ensures that the inspections are made in order to safely store the data, prevent unlawful data processes and/or avoid illegal access to these data.
GOTREND, within the bounds of technological possibilities, Council’s guide and current developments, takes all measures, which are necessary to ensure the lawful processing of personal data, prevent unauthorized, improvident or in any other way unlawful declaration and access, store safely and avoid illegal destruction or transformation.
Technical measures taken within this scope are as follows:
Organizational measures taken within this scope are as follows;
The COMPANY conducts all necessary Assessments, tests and evaluations, in accordance with Art. 32 of the General Data Protection Regulation (“GDPR”). Results of these inspections are reported to concerned managers and departments, and necessary improving activities for taken measures are carried out.
GOTREND manages the internal functioning, channels and Organizational and technical regulations, which are necessary to assess data subjects’ rights and notify data subjects in compliance with Art. 13 of GDPR. If the data subjects send requests concerning their below mentioned rights, depending on their qualification, they will be responded to without undue delay and at the latest within one month from the arrival to GOTREND.
Personal data subjects have right to;
General Data Protection Regulation gives a particular importance to certain type of personal data by the reason that their violation may cause to aggrievement and discrimination. Mentioned data types, as specified in Art 9 of the General Data Protection Regulation (“GDPR”) are data, concerning; ethnicity, race, political opinion, philosophical belief, religion, trade union membership, genetic data, biometric data, data concerning health, natural person’s sex life or sexual orientation. Personal data relating to criminal convictions and offences including the alleged commission of offences or proceedings for offences or alleged offences should be treated in the same way to special category data.
GOTREND pays attention to lawful processing and protection of above mentioned “special categories of personal data”. Within this scope, GOTREND in-house inspections and all technical and organizational measures, taken for personal data protection, are executed meticulously also for sensitive personal data.
GOTREND provides department training that is necessary to prevent unlawful processing of personal data, avoid illegal access to personal data and raise the awareness about data retention. Within this scope, systems, required to create the personal data protection awareness for company employees or incoming employees are formed.
The results of GOTREND training to raise the awareness for personal data protection and processing are reported to GOTREND authorities. Accordingly, the COMPANY assesses the participation in these training, seminars and informing sittings, and conducts necessary inspections. In addition to this, GOTREND updates and renews the training, in accordance with the update of personal data protection legislation and other legal regulations.
GOTREND acts in compliance with the principles of legal regulations, general trust and good faith during the process of personal data. Within this scope, the COMPANY pays attention to proportionality and limitedness of data processing and does not use personal data out of their purpose.
GOTREND ensures the actuality and accuracy of personal data, that are processed considering fundamental rights of data subjects and its own legitimate interests. It takes required precautions accordingly. Within this scope, personal data subjects may apply to the COMPANY any time they desire, in order to correct or confirm the accuracy of data. These applications are assessed by authorized departments of GOTREND and if the application is approved, requested deletion or confirmation is carried out.
GOTREND explicitly and precisely specifies the legitimate and lawful purpose of personal data processing. Within this scope, the COMPANY processes the amount of data that are necessary only for operating and commercial activities. The processing purpose is specified by the COMPANY before the process takes place.
GOTREND processes the data in a manner that is eligible for realizing the purpose and avoids to process data, which are irrelevant to purpose. Within this scope, personal data are not processed to meet probable future needs.
GOTREND preserves personal data only for the time specified in related legislation or the time required to serve the purpose. In this context, the COMPANY first determines if any retention period for personal data is specified via legislation and follows this time limitation, if there is no time specified here, preserves the data in compliance with the purpose. In the event that the specified period ends or the processing purpose disappears, personal data is deleted, destroyed or anonymized by the COMPANY
In accordance with Art. 13 General Data Protection Regulation (“GDPR”), GOTREND clarifies personal data subjects during personal data acquiring. Within this scope, GOTREND clarifies the following issues; purpose of personal data processing, to whom or for what purpose may the data be transferred, personal data acquiring method, legal reason and the rights of the data subject.
According to General Data Protection Regulation (“GDPR”), “requesting information” is one of the personal data subject’s rights in Art. 15 of General Data Protection Regulation (“GDPR”). In this context, the COMPANY provides the requested information to data subject in compliance with Art. 15 of General Data Protection Regulation (“GDPR”)
The COMPANY is aware that the protection of personal data is a legal right and obligation. Special categories of personal data may only be processed in situations prescribed by law or with explicit consent of the individual. Accordingly, the COMPANY only processes data by constitutional means, in cases prescribed in Art. 9 of General Data Protection Regulation (“GDPR”).and other legislations or with explicit consent of the individual.
GOTREND complies with General Data Protection Regulation (“GDPR”), secondary legislations and binding legal resolutions related to the matter of processing personal data, which are mentioned as “special categories of personal data” by General Data Protection Regulation (“GDPR”). Special categories of personal data are processed by GOTREND in situations specified in Art. 9 of General Data Protection Regulation (“GDPR”), under the condition that all necessary measures for personal data security are taken.
GOTREND may transfer the personal data and sensitive personal data of the data subject to third countries or international organizations in compliance with Art. 44 of General Data Protection Regulation (“GDPR”) and by taking precautions, which are necessary in line with lawful personal data processing purposes. The COMPANY may transfer personal data to foreign countries;
In this context, GOTREND complies with the regulations in Art. 44-49 of General Data Protection Regulation (“GDPR”).
Below categorized personal data are processed, by informing concerned persons in accordance with Art. 13 of General Data Protection Regulation (“GDPR”) within GOTREND. To perform this personal data processing, the COMPANY must have legitimate and lawful personal data processing purposes, one or more of the personal data processing conditions in Art. 6 of General Data Protection Regulation (“GDPR”) must exist, the processing must be limited and lastly, compliance with principles and obligations in General Data Protection Regulation (“GDPR”), particularly principles regulated in Art. 5, must be provided.
GOTREND processes the data limited to personal data processing purposes and conditions specified in Art. 6 and 9 of the General Data Protection Regulation (“GDPR”). These purposes and conditions are as follows;
Within this scope GOTREND processes your personal data for following purposes;
In the event that processing with mentioned purposes does not meet any of the conditions stated by the of General Data Protection Regulation (“GDPR”), your explicit consent regarding the processing procedure is received by the COMPANY
GOTREND, in accordance with the Art. 13 of General Data Protection Regulation (“GDPR”), informs the data subject on who personal data receivers are. GOTREND, in accordance with the Art. 6 and 44-49 GOTREND may transfer personal data of individuals who are directed by this Policy, to below mentioned categories.
Personal data are transferred to above mentioned receiver groups with the following objectives;
Despite the matter that personal data are processed in compliance with Art. 6 of General Data Protection Regulation (“GDPR”), they will be deleted or destructed or anonymized directly or on demand of the data subject if the processing purpose disappears. In this context, GOTREND fulfills its obligations through below specified methods.
Although GOTREND processes personal data in compliance with legislation, mentioned personal data will be deleted, destroyed or anonymized by GOTREND’s decision or on demand of the data subject if the processing purpose disappears. GOTREND’s commonly used deletion or destruction methods are as follows;
Anonymizing personal data means, preventing the data from being associable with a particular or identifiable natural person even by matching the data with others. GOTREND may anonymize lawfully processed personal data, if the processing purpose disappears. According to the General Data Protection Regulation (“GDPR”), anonymized personal data may be processed for purposes like research, planning or statistics. Such operations are out of the Law’s scope and do not require data subject’s explicit consent.
Anonymizing methods preferred by GOTREND are listed below;
In compliance with Art. 13 of General Data Protection Regulation (“GDPR”) informs the data subject about his/her legal rights and how to exercise them
Personal data subject has following rights:
Personal data subjects may not request above mentioned rights in situations which are kept out of General Data Protection Regulation (“GDPR”).
You may exercise your rights listed above through filling out and signing a form that you can obtain from us or [www.gotrend.com] and apply to the following address personally or with a notary approved power of attorney:
t is only necessary to apply GOTREND in cases, where the COMPANY is indicated as data controller by General Data Protection Regulation (“GDPR”). This is possible when the COMPANY collects data directly from the related individual. Apart from these, applications for data processes in which other companies are deemed as data controllers, must be submitted to the related company.
GOTREND will provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. GOTREND will inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
Any actions taken under Articles 15 to 22 and 34 shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the COMPANY may either:
If GOTREND has reasonable doubts concerning the identity of the natural person making the request referred to in Articles 15 to 21, the controller may request the provision of additional information necessary to confirm the identity of the data subject.
GOTREND may reject the application in following situations, by indicating its reason: