PERSONAL DATA RETENTION AND DISPOSAL POLICY
1. INTRODUCTION
As WEBTURES DİJİTAL BİLİŞİM ANONİM ŞİRKETİ, with Mersis No. 0800053943700021, residing at Esentepe Mahallesi Milangaz Cad. Kartal Vizyon St. A-2 Bl. No: 77/219 Kartal/Istanbul, we undertake to comply with the KVKK, relevant regulations, and other personal data protection, processing, and disposal regulations. The Company aims to inform data subjects regarding deletion, destruction, or anonymization of personal data within the scope of Article 7 of the KVKK and the Regulation on Deletion, Destruction or Anonymization of Personal Data dated 28 October 2017 and numbered 30224.
2. PURPOSE OF THE POLICY
The Personal Data Retention and Disposal Policy (hereinafter briefly referred to as the “Disposal Policy”) aims to determine the procedures and principles regarding the security of personal data and the deletion, destruction, and anonymization of personal data processed within the scope of various processes carried out by our Company.
3. SCOPE OF THE POLICY
This Disposal Policy covers all personal data processed wholly or partially by automated means or by non-automated means provided that it is part of any data recording system, belonging to our partners, customers, employees, employee candidates, Company officials, employees of affiliated companies, employees of companies we work with, shareholders, their officials, our visitors, and third persons.
4. DEFINITIONS
In this policy;
- Explicit consent: Consent expressed with free will, based on being informed, regarding a specific matter,
- Anonymization: Rendering personal data such that it cannot be associated with an identified or identifiable natural person under any circumstances, even by matching with other data,
- Data subject: The natural person whose personal data is processed,
- Relevant user: Persons who process personal data within the data controller organization or in line with the authority and instruction received from the data controller, excluding the person/unit responsible for technical storage, protection, and backup of data,
- Disposal: Deletion, destruction, or anonymization of personal data,
- Law: The Law No. 6698 on the Protection of Personal Data dated 24/3/2016,
- Recording medium: Any medium where personal data processed wholly or partially by automated means or by non-automated means provided that it is part of any data recording system is kept,
- Personal data: Any information relating to an identified or identifiable natural person,
- Processing of personal data: Any operation performed on data such as obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying, or preventing the use of personal data, whether wholly or partially by automated means, or by non-automated means provided that it is part of any data recording system,
- Personal data processing inventory: The inventory created by data controllers by associating their personal data processing activities with business processes with personal data processing purposes, data category, recipient group transferred, and data subject group; detailing by explaining the maximum retention period required for the purposes for which personal data is processed, the personal data envisaged to be transferred abroad, and measures taken regarding data security,
- Personal data retention and disposal policy: The policy based on by data controllers for determining the maximum period required for the purposes for which personal data is processed, and for deletion, destruction, and anonymization,
- Board: The Personal Data Protection Board,
- Authority: The Personal Data Protection Authority,
- Periodic disposal: The deletion, destruction, or anonymization process to be carried out ex officio at recurring intervals specified in the retention and disposal policy, where all conditions for processing personal data in the Law cease to exist,
- Registry: The data controllers registry kept by the Personal Data Protection Authority Presidency,
- Data processor: The natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller,
- Data recording system: The recording system in which personal data is processed by structuring according to certain criteria,
- Data controller: The natural or legal person who determines the purposes and means of processing personal data and who is responsible for the establishment and management of the data recording system.
For definitions not included in this Policy, the definitions in the Law and Regulations apply.
5. RECORDING MEDIA
Recording media where personal data is kept by the Company include computers used on behalf of the Company, cloud systems, shared/non-shared disk drives used for data storage on the network, paper, unit cabinets, and archives. The Company will include other recording media it may use in addition to those listed in the Disposal Policy.
6. REASONS REQUIRING RETENTION AND DISPOSAL OF PERSONAL DATA
The Company may process your personal data if one or more of the following conditions exist:
- The data subject has explicit consent,
- Explicitly stipulated in laws; inability to obtain explicit consent due to actual impossibility; being directly related to the establishment or performance of a contract,
- Being mandatory for the Company to fulfill its legal obligation,
- Being made public by the data subject,
- Being mandatory for the establishment, exercise, or protection of a right,
- Being mandatory for the legitimate interests of the Company.
For detailed information on the processing of personal data, you may review the Personal Data Protection Policy available at “https://www.webtures.com/legal/kvkk/”.
Personal data of data subjects is disposed of during the first periodic disposal following the cessation of the personal data processing reasons listed above. All operations performed regarding deletion, destruction, and anonymization of personal data are recorded and such records are stored for at least three years.
7. SECURITY OF PERSONAL DATA
The Company takes all necessary technical and administrative measures to ensure an appropriate level of security in order to prevent unlawful processing and unlawful access to personal data and to ensure the preservation of personal data.
In this scope, a study was first carried out to identify which personal data is processed by our Company; risks that may arise regarding the protection of such data were identified by also considering whether the processed personal data constitutes special category personal data; and the necessary technical and administrative measures were put into practice to reduce or eliminate risks.
In order to ensure personal data security, trainings are provided regularly to personnel and managers in order to prevent unlawful disclosure and sharing of personal data and to raise awareness regarding the KVKK.
In addition, employees involved in personal data processing processes are requested to sign confidentiality agreements as part of business processes, and a disciplinary process is carried out if it is determined that employees act contrary to security policies and procedures.
To prevent unlawful processing of personal data and unlawful access to personal data, technical systems have been established for tracking and auditing personal data processing processes. Regular internal audits are carried out to prevent unlawful processing and unlawful access.
Technical methods with an appropriate security level are used to prevent unlawful access to personal data and to ensure that it is stored in secure environments, and such methods are updated in line with developing technology.
In case of an internal or external attack on the Company’s data recording system, in order to detect and intervene early, it is regularly checked which software and services operate on IT networks and whether there is intrusion or movement that should not exist, and transaction movements of all users are kept regularly.
8. DISPOSAL OF PERSONAL DATA
8.1. Reasons Requiring Disposal of Personal Data
Pursuant to Article 7 of the KVKK, even if processed in accordance with applicable legislation, personal data is deleted, destroyed, or anonymized by the Company ex officio or upon the request of the data subject where the reasons requiring processing cease to exist or where the period stipulated in the legislation expires.
In disposal of personal data, the Company selects the appropriate method among deletion, destruction, or anonymization and takes all necessary technical and administrative measures for lawful deletion, destruction, and anonymization.
8.2 Deletion of Personal Data
Deletion of personal data is the process of rendering personal data inaccessible and unusable for relevant users in any way. The Company takes all necessary technical and administrative measures to ensure that deleted personal data is inaccessible and unusable for relevant users.
In the deletion process, the personal data subject to deletion is determined, the relevant users authorized to access such personal data and their authorizations over the personal data are identified, and access, retrieval, and reuse authorizations of relevant users within the scope of such personal data are removed.
Personal data in paper media is deleted by using the blackout method. The blackout process is the process of rendering personal data on the relevant document invisible to relevant users by using permanent ink or cutting, in a manner that cannot be reversed and cannot be read by technological analysis.
In databases containing personal data, the relevant rows containing personal data are deleted with database commands (Delete, etc.); for personal data in the file operating system, deletion is carried out by deleting the personal data with the delete command in the operating system or by removing the relevant user’s access rights on the file or the directory containing the file.
8.3 Destruction of Personal Data
Destruction of personal data is the process of rendering personal data inaccessible, irretrievable, and unusable for anyone in any way. The Company takes all necessary technical and administrative measures regarding destruction of personal data.
For destruction, all copies where the data exists are identified and, depending on the type of system where the data is kept, appropriate methods are used, such as de-magnetizing for magnetic media, melting/burning/pulverizing optical and magnetic media or passing through a metal shredder, and passing paper media through a paper shredder.
8.4 Anonymization of Personal Data
Anonymization is rendering personal data such that it cannot be associated with an identified or identifiable natural person under any circumstances, even if matched with other data.
The purpose of anonymization is to break the link between the data and the person identified by that data. Some anonymization methods include grouping, masking, derivation, generalization, and randomization applied to records in the data recording system where personal data is kept, whether automated or non-automated.
8.5 Responsible Personnel in Personal Data Retention and Disposal Processes
| Title | Duty | Responsibility |
|---|---|---|
| Personal Data Protection Manager | Compliance with the Law on the Protection of Personal Data; responsible for implementing the Personal Data Retention and Disposal Policy | Managing personal data disposal processes in accordance with periodic disposal periods by ensuring and auditing compliance with the Law on the Protection of Personal Data, secondary legislation, and Board decisions, and ensuring compliance with the Personal Data Retention and Disposal Policy across the Company |
| Financial Advisor | Responsible for implementing the Personal Data Retention and Disposal Policy | Managing personal data disposal processes in accordance with periodic disposal periods by ensuring compliance with the Personal Data Retention and Disposal Policy within the processes under their duty |
| IT Responsible | Responsible for implementing the Personal Data Retention and Disposal Policy | Managing personal data disposal processes in accordance with periodic disposal periods by ensuring compliance with the Personal Data Retention and Disposal Policy within the processes under their duty |
| Human Resources Responsible | Responsible for implementing the Personal Data Retention and Disposal Policy | Managing personal data disposal processes in accordance with periodic disposal periods by ensuring compliance with the Personal Data Retention and Disposal Policy within the processes under their duty |
8.6. Personal Data Categories
| Personal Data Category | Personal Data Category Description |
|---|---|
| Identity Information | Data containing information about the identity of the natural person: documents such as identity card, driver’s license, passport, professional card including T.R. identification number, mother-father name, date and place of birth, marital status, gender; and tax number, signature information, SGK number and other data |
| Contact Information | Phone number, email address, address, fax number, IP address and other data |
| Education Information | Graduation information, diploma, course/seminar/conference participation certificate, exam result, foreign language knowledge and other data |
| Health Information | Blood type, workplace physician health check, vaccination card, all kinds of health reports |
| Employee Candidate Information | Personal data received by the Company during job application via CVs and job application forms (identity and contact information, nationality, health, criminal conviction and security measure information, military service status, education and work experience, certificates, interests, references, marital status, family and relatives information, foreign language knowledge, private vehicle information, driver’s license status, housing status (rent/ownership), application method to the company, salary received from the last job) |
| Personnel File Information | Data that is legally required to be included in the personnel file of Company employees and data that forms the basis for personnel rights (copy of ID card; civil registry record; residence and other address document; criminal record; copy of diploma; blood type card; copy of driver’s license; copy of marriage certificate; copies of spouse and children’s IDs; copy of military discharge document; photograph; copy of bank account booklet; copies of previously received trainings and seminars; tetanus vaccination card; hemogram (blood count); full urinalysis; audiometry; chest radiography 35x35; pulmonary function test; for motorcycle couriers: fasting blood sugar and ECG; for drivers: SRC3 (international freight) and/or SRC4 (domestic freight) certificates; and for drivers: psychotechnical certificate) |
| Special Category Personal Data | Data regarding race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association/foundation/union membership, health, sexual life, criminal convictions and security measures, and biometric and genetic data |
| Legal Transaction Information | Data processed for the protection of the Company’s receivables and rights, collection of receivables, performance of debts, and legal obligations |
| Financial Information | Bank account number and account information, documents showing financial status, salary, payroll information, private health insurance amount, advance information and other data |
| Physical Space Security Information | Camera records taken at entry to Company buildings and facilities and within buildings and facilities, vehicle plate information, records taken at security points |
| Family Members and Relatives Information | Data belonging to the family members (spouse, mother, father and children), relatives, and persons to be contacted in emergencies of the personal data owner |
| Location Information | GPS data determining the location of the relevant person during use of Company vehicles |
8.7. Data Subject Group
| Group | Description |
|---|---|
| Company, Affiliate Companies and Business Partners Employees | All natural persons including our employees, employees of our affiliate companies, and shareholders and officials working in natural/legal persons with whom our company has a business relationship |
| Employee Candidate | Natural persons who have applied for a job to our company in any way or submitted their CV for review |
| Company blue-collar employee | Company employee engaged in goods/product production |
| Subcontractor company employee | Employees working at subcontractor companies with whom our company has a commercial relationship |
| Company Partners | Natural persons who are company partners |
| Company Customers | Natural persons benefiting from the products and services provided by our company |
| Organization Authorized Person | Authorized person working in the relevant public/private organization |
| Company Customer Candidates | Natural persons who have requested to benefit from the products and services provided by our company |
| Visitor | Natural persons visiting company buildings and facilities and websites |
| Supplier | Parties providing contractual services in accordance with orders and instructions to conduct the company’s commercial activities |
| Affiliate Companies | |
| Business Partners | Parties with whom the company establishes business partnerships to conduct commercial activities |
| Legally Authorized Public Institutions and Organizations and Private Law Legal Entities | Legally authorized public institutions and organizations and private law legal entities that the company is obliged to share information and documents with under applicable legislation |
| Company Authorized Person | Board member and other authorized persons |
8.8. Mapping of Personal Data Category and Data Subject Group
| Personal Data Category | Data Subject Group |
|---|---|
| Identity Information | Company, Affiliate Companies and Business Partners Employees; Employee Candidate; Company Partners; Company Customers; Company Customer Candidates; Visitor; Supplier; Business Partners; Company Authorized Person |
| Contact Information | Company, Affiliate Companies and Business Partners Employees; Employee Candidate; Company Partners; Company Customers; Company Customer Candidates; Visitor; Supplier; Business Partners; Company Authorized Person |
| Education Information | Company, Affiliate Companies and Business Partners Employees; Employee Candidate; Company Partners; Company Customers; Company Customer Candidates; Visitor; Supplier; Business Partners; Company Authorized Person |
| Health Information | Company, Affiliate Companies and Business Partners Employees; Employee Candidate; Company Partners; Company Authorized Person |
| Employee Candidate Information | Employee Candidate |
| Personnel File Information | Company Employee; Company Authorized Person |
| Special Category Personal Data | Company, Affiliate Companies and Business Partners Employees; Employee Candidate; Company Partners; Company Customers; Company Customer Candidates; Visitor; Supplier; Business Partners; Company Authorized Person |
| Legal Transaction Information | Company, Affiliate Companies and Business Partners Employees; Company Partners; Company Customers; Company Customer Candidates; Supplier; Company Authorized Person |
| Financial Information | Company, Affiliate Companies and Business Partners Employees; Employee Candidate; Company Partners; Company Customers; Company Customer Candidates; Supplier; Business Partners; Company Authorized Person |
| Physical Space Security Information | Company, Affiliate Companies and Business Partners Employees; Employee Candidate; Company Partners; Company Customers; Company Customer Candidates; Visitor; Supplier; Business Partners; Company Authorized Person |
| Family Members and Relatives Information | Company, Affiliate Companies and Business Partners Employees; Employee Candidate; Company Partners; Company Customers |
| Location Information | Company, Affiliate Companies and Business Partners Employees; Company Authorized Person |
8.9. Retention and Disposal Periods
| Business Process | Data Subject Group | Personal Data Category | Retention Period | Disposal Period |
|---|---|---|---|---|
| Personnel Procedure | Company Employees | Personnel File Information | 15 years | Within 180 days following the end of the retention period |
| Recruitment Process | Employee Candidate, Intern Candidate | Employee Candidate Information | 2 years | Within 180 days following the end of the retention period |
| Training Process | Company Employees | Identity Information, Education Information | 15 years | Within 180 days following the end of the retention period |
| Physical Space Security Process | Company Employees, Employee Candidates, Company Partners, Company Customers, Company Customer Candidates, Visitor, Supplier, Business Partners, Company Authorized Person | Physical Space Security Information | 1 year | Within 180 days following the end of the retention period |
| System account definition process | Company Employees | Identity Information, Contact Information | 10 years | Within 180 days following the end of the retention period |
| Sales Process | Company Customers, Sellers | Identity Information, Contact Information, Financial Information | 10 years | Within 180 days following the end of the retention period |
| Processing subcontractor employee information process | Subcontractors, subcontractor employees | Identity Information, Contact Information | 10 years | Within 180 days following the end of the retention period |
| Salary Process | Company Employees | Identity Information, Financial Information | 15 years | Within 180 days following the end of the retention period |
| Switchboard Process | Visitors, Company Customers, Company Customer Candidates, Dealers, Suppliers | Identity Information, Contact Information | 1 year | Within 180 days following the end of the retention period |
| Visitor Records | Visitors | Identity Information, Physical Space Security Information | 2 years | Within 180 days following the end of the retention period |
| Legal Processes | Company Employees, Company Partners, Company Authorized Person | Identity Information, Legal Transaction Information | 15 years | Within 180 days following the end of the retention period |
| Internet Access Process | Company Employees | Identity Information, Contact Information | 2 years | Within 180 days following the end of the retention period |
| Allocation of company property to employees process | Company Employees | Identity Information | 15 years | Within 180 days following the end of the retention period |
| Correspondence process | Company Employees | Identity Information, Contact Information | 2 years | Within 180 days following the end of the retention period |
| Visitor vehicle registration process | Visitors | Identity Information, Contact Information | 2 years | Within 180 days following the end of the retention period |
| Process documents process | Company Employees, Company Authorized Person | Identity Information | 15 years | Within 180 days following the end of the retention period |
| Data entry to public institutions process | Company Employees, Company Authorized Person | Identity Information, Contact Information, Financial Information | 15 years | Within 180 days following the end of the retention period |
| Visa / reservation processes | Company Employees | Identity Information | 15 years | Within 180 days following the end of the retention period |
| Business operations process | Company Employees | Identity Information, Financial Information, Health Information | 15 years | Within 180 days following the end of the retention period |
| Payroll distribution process | Company Employees | Identity Information, Personnel File Information | 15 years | Within 180 days following the end of the retention period |
| Customer portfolio creation process | Company Customers, Company Customer Candidates, Dealers | Identity Information, Contact Information | 2 years | Within 180 days following the end of the retention period |
| Export shipments | Business Partner Employees | Identity Information, Contact Information | 10 years | Within 180 days following the end of the retention period |
| Shipment process | Company Customers, Business Partner Employees | Identity Information, Contact Information | 10 years | Within 180 days following the end of the retention period |
| Scholarship support process | Scholarship recipient | Identity Information, Contact Information, Education Information, Special Category Personal Data, Financial Information, Family Members and Relatives Information | 10 years | Within 180 days following the end of the retention period |
| Procurement and supply process | Suppliers, Company Partners, Company Managers, Sellers | Identity Information, Contact Information, Financial Information | 10 years | Within 180 days following the end of the retention period |
| Occupational health and safety processes | Company Employees | Identity Information, Contact Information, Health Information | 15 years | Within 180 days following the end of the retention period |
| Payment transactions | Company Customers, Supplier, Sellers | Identity Information, Contact Information, Financial Information | 10 years | Within 180 days following the end of the retention period |
| Keeping log records | Guests | Identity Information | 2 years | Within 180 days following the end of the retention period |
| Personnel list and contact persons identification process | Company Employees | Identity Information, Contact Information | 10 years | Within 180 days following the end of the retention period |
| Logistics activities process | Company Employees | Identity Information, Special Category Personal Data | 15 years | Within 180 days following the end of the retention period |
| Information shared for events process | Company Employees, Customers | Identity Information, Contact Information | 10 years | Within 180 days following the end of the retention period |
| Collection process | Company Customers, Sellers | Identity Information, Contact Information, Financial Information | 10 years | Within 180 days following the end of the retention period |
| Official notification process | Business Partner Employees | Identity Information | 10 years | Within 180 days following the end of the retention period |
| Contract process | Company Customers | Identity Information, Contact Information | 10 years | Within 180 days following the end of the retention period |
| Private insurance renewal process | Company Authorized Persons | Identity Information, Financial Information | 15 years | Within 180 days following the end of the retention period |
| Invoice processing process | Sellers, Company Customers | Identity Information, Contact Information | 10 years | Within 180 days following the end of the retention period |
| Quality management process | Company Employees | Identity Information, Contact Information | 15 years | Within 180 days following the end of the retention period |
8.10 Periodic Disposal Periods
Pursuant to Article 7 of the KVKK, even if processed in accordance with applicable legislation, personal data is disposed periodically where the reasons requiring processing cease to exist or where the period stipulated in the legislation expires. Our Company deletes, destroys, or anonymizes personal data in the first periodic disposal following the date on which the obligation to delete, destroy, or anonymize arises. Periodic disposal is carried out for all personal data twice a year at 6-month intervals.
All operations performed regarding deletion, destruction, and anonymization of personal data are recorded and such records are stored for three years, excluding other legal obligations.
9. Technical and Administrative Measures Regarding Personal Data
Pursuant to Article 12 of the KVKK, the Company’s obligations regarding data security as the data controller include:
- Preventing unlawful processing of personal data,
- Preventing unlawful access,
- Taking all necessary technical and administrative measures to ensure protection,
- Carrying out or commissioning necessary audits within the organization.
The Company pays attention to lawful processing and data security in line with the obligations above. The Company takes necessary measures to prevent employees from sharing personal data with third parties and, in case of a contrary situation, notifies the data subject and the Board.
At the Company:
- Network security and application security are provided.
- A closed system network is used for personal data transfers over the network.
- Key management is implemented.
- Security measures are taken within the scope of procurement, development, and maintenance of information technology systems.
- Security of personal data stored in the cloud is ensured.
- Disciplinary regulations including data security provisions for employees exist.
- Training and awareness activities on data security are conducted for employees at certain intervals.
- An authorization matrix has been created for employees.
- Access logs are kept regularly.
- Corporate policies on access, information security, use, retention, and disposal have been prepared and put into practice.
- Data masking measures are applied when necessary.
- Confidentiality undertakings are executed.
- Authorizations in this area are removed for employees whose role changes or who leave employment.
- Up-to-date anti-virus systems are used.
- Firewalls are used.
- Signed agreements include data security provisions.
- Additional security measures are taken for personal data transferred via paper and relevant documents are sent in the format of confidential documents.
- Personal data security policies and procedures have been determined.
- Personal data security issues are reported quickly.
- Personal data security is monitored.
- Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
- Security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured.
- Security of environments containing personal data is ensured.
- Personal data is minimized as much as possible.
- Personal data is backed up and the security of backed up personal data is also ensured.
- User account management and authorization control system are implemented and monitored.
- Periodic and/or random internal audits are conducted or commissioned.
- Log records are kept in a way that does not allow user intervention.
- Existing risks and threats are identified.
- Protocols and procedures for the security of special category personal data are determined and implemented.
- If special category personal data is sent by email, it is sent encrypted and using KEP or a corporate mail account.
- Secure encryption/cryptographic keys are used for special category personal data and are managed by different units.
- Intrusion detection and prevention systems are used.
- Penetration testing is performed.
- Cyber security measures are taken and continuously monitored.
- Encryption is applied.
- Special category personal data transferred on portable memory, CD, DVD media is transferred encrypted.
- Periodic audits of data processors/service providers regarding data security are ensured.
- Awareness of data processors/service providers regarding data security is ensured.
- Data loss prevention software is used.
The Company takes technical and administrative measures specified in the Law and Board decisions and in guides to prevent unlawful access to personal data, as well as all technical and administrative measures against cyber attacks by third parties regarding personal data. The Company audits the security of its data inventory, system and software security, and reports to authorized persons or, if requested, to the Board, ensuring the protection of personal data as stipulated in legislation.
10. Rights of the Data Subject
Article 11 of the KVKK entered into force on 07 October 2016, and pursuant to the relevant article, the rights of the Data Subject after this date are as follows:
By applying to the Company, the Data Subject has the right to:
- Learn whether personal data is processed,
- Request information if personal data has been processed,
- Learn the purpose of processing personal data and whether they are used in accordance with their purpose,
- Know the third parties to whom personal data is transferred domestically or abroad,
- Request correction of personal data if it is incomplete or incorrectly processed,
- Request deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
- Request notification of the operations carried out as a result of correction, deletion, or destruction to third parties to whom personal data has been transferred,
- Object to the occurrence of a result against the person by analyzing processed data exclusively through automated systems,
- Request compensation for damages in case of damages due to unlawful processing of personal data.
11. Application to the Data Controller and Application Method
As WEBTURES DİJİTAL BİLİŞİM ANONİM ŞİRKETİ, with Mersis No. 0800053943700021, residing at Esentepe Mahallesi Milangaz Cad. Kartal Vizyon St. A-2 Bl. No: 77/219 Kartal/Istanbul, operating in compliance with the KVKK as data controller, we respect the rights of you, our valued data owners, and strive to assist in fulfilling your requests in your application. The right to apply to our company via this form prepared pursuant to Article 11 of the KVKK belongs directly to the personal data owner. For applications made on behalf of third persons, a power of attorney appropriate for representing the relevant person must be submitted.
Pursuant to paragraph 1 of Article 13 of the KVKK, applications to our company, acting as the data controller, regarding these rights must be submitted in writing or by other methods determined by the Personal Data Protection Board (“Board”).
After filling out and signing the KVK application form available at the Company (“KVK Application Form”) completely and clearly, and delivering it to our address specified below by hand or via registered mail with return receipt, we will respond to your application within 30 (thirty) days at the latest. Applications regarding these rights must be submitted in writing via the Data Subject Application Form or by other methods determined by the Board.
In this context, “written” applications to our company may be submitted by taking a printout of this form and:
- Personal application by the applicant,
- Via a notary public,
- By signing with a “secure electronic signature” as defined in the Electronic Signature Law No. 5070 and sending to our company’s registered electronic mail (KEP) address.
Our Company Information
Trade Name: Webtures Dijital Bilişim Anonim Şirketi Address: Esentepe Mahallesi Milangaz Cad. Kartal Vizyon St. A-2 Bl. No:77/219 Kartal/Istanbul Mersis No: 0800053943700021 KEP Address: webturesanonim@hs01.kep.tr Email Address: info@webtures.com Website: www.webtures.com Phone: +90 216 599 0495
10. Effective Date
This Policy enters into force on the date it is published and remains in force until it is removed from the website. Our Personal Data Retention and Disposal Policy is dated 01.01.2022. If all or certain articles of the Policy are renewed, the effective date of the Policy will be updated.