CLARIFICATION TEXT ON PROTECTION AND CONFIDENTIAL POLICY OF PERSONAL DATA
Galaksiya Bilişim Teknolojileri ve Danışmanlık Yayıncılık Sanayi ve Ticaret Limited Şirketi (Hereinafter referred to as the "Company") is processing your data in accordance with the provisions of Law on Protection of Personal Data no 6698 ("KVKK") and the secondary legislation.
Personal data means all information which makes your identity identified or identifiable. From the aspect of data collected from real persons for the purpose of executing company activities, the Company bears the title of data controller. And the real persons whose data is processed bear the title of relevant person whose personal data has been processed.
A. PROCESSED PERSONAL DATA
Within the scope of Law on Protection of Personal Data no 6698 and the secondary legislation, for the purposes limited to the ones specified under title B, the personal data that has been submitted to the Company and that is specified below in detail, may be processed by completely or partially automated means or by non-automated means that are a part of a data registry system. Processing personal data means; transactions which can be carried out over the data like saving them, storing them, preserving them, changing them, re-orginizing them, clarifying them, making them obtainable, classifying them and preventing the usage of them.
In case you fill out the "Get in touch with us" or "Contact" form included on our website, your identity data (Full Name), contact data (E-mail address, phone number), personnel data (background information) which is included in the CV you sent us via our career page and which is shared with the Company under the initiative of the real person whose data is processed, and your occupational experience data (Diploma information, courses taken, information regarding vocational trainings, certificates, transcript information, etc.) are being processed.
Additionally, since we are using the service Google Analytics, in case you visit the website, your process security data indicating your browsing activities and information of your actions on the website (entrance-exit etc. activities over the website/application and the pages which connected the visitor to the website, information such as the IP address [the operating system and browser type in connection with it]) is processed for the purpose of determining the usage statistics of our website, anonymously without identifying your identity information (anonymously).
B. THE METHOD AND LEGAL REASON OF OBTAINING PERSONAL DATA
In case the website belonging to the company is visited, from the forms filled out with the individual consent of the relevant person whose personal data is processed, your personal data specified under title A is obtained by our Company by completely or partially automated means or by non-automated means that are a part of a data registry system.
Identity (Full Name) and Contact (phone, e-mail) data is processed for the purposes of evaluating the message content included in the "Get in touch with us" form you sent to our Company, executing in-house investigation and inspection processes when necessary, contacting you if the concrete case subject to your message requires to do so, taking the necessary measures related to the operation and management activities of the company within the framework of the suggestions, gratifications and complaints, making arrangements, executing the customer satisfaction/customer relation processes and marketing/analyzing surveys in a more effective way, making the follow-up of the requests and complaints, as well as based on the legal reasons including the signing/fulfillment of the agreement, the legitimate interests of the data controller and the fulfillment of legislative obligations which are based on the legal reason of explicit consent (in case you give explicit consent).
Identity (Full Name) and Contact (phone, e-mail) data is processed for the purposes of evaluating the message content included in the "Contact" form you sent to our Company, personnel data which is included in the CV you sent us via our career page and which is shared with the Company under the initiative of the real person whose data is processed (background information) and your occupational experience data (Diploma information, courses taken, information regarding vocational trainings, certificates, transcript information, etc.) is processed for the purpose of contacting you when necessary and evaluating your application, as well as based on legal reasons including executing communication activities, executing application processes of the candidate employees, planning human resources processes, the legitimate interests of the data controller and the fulfillment of legislative obligations which are based on the legal reason of explicit consent (in case you give explicit consent).
In case you give explicit consent over the website for allowing cookies, your browsing activities and information of your actions on the Company's website (entrance-exit etc. activities over the website/application and the pages which connected the visitor to the website, information such as the IP address [the operating system and browser type in connection with it]), are processed for the purpose of executing marketing/analyzing tasks, executing sales process of goods/services, executing advertisement processes, based on the legal reasons of explicit consent and legitimate interests of the data controller.
Your abovementioned personal data may also be preserved both in digital and physical environments by being transferred to the physical archives and information systems belonging to the Company.
C. SHARING THE PERSONAL DATA AND TRANSFERRING THE PERSONAL DATA ABROAD
The personal data you have shared with the Company with your explicit consent during your visit to our website may be shared domestically with our business partners and suppliers .
Also, your personal data is not directly transferred abroad by the Company but it is rather transferred abroad indirectly since the Server/Hosting provider of the website is located abroad.
D. THE PERIOD OF PROCESSING THE PERSONAL DATA
Provided that it is made in association with the purposes of processing and in a limited and moderate nature, your personal data is preserved and processed for a period of time required for the purpose of their processing/specified in other laws.
In case the reasons necessitating the processing of personal data are nullified, the personal data is deletedi disposed or anonymized by our company either ex oficio or upon the request of the relevant person whose personal data is processed. The provisions in the laws related to deletion, disposal or anonymizing of personal data are reserved.
E. TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN FOR DATA SECURITY
Personal data shared with our Company is under the supervision and control of the Company. As the data controller, in accordance with the provisions of the relevant legislation in force, the Company has undertaken the responsibility to establish the necessary organization and to take and adapt technical measures for the purpose of preserving the privacy and integrity of the information. Being aware of our obligation in this regard;
1. Network security and application security are provided.
2. In transmissions of personal data through network, a closed system network is used.
3. Security measures are taken within the scope of supply, development and maintenance of information technology systems.
4. There are disciplinary regulations that comprise data security provisions for the employees.
5. Training and awareness studies on data security are carried out periodically for employees.
6. An authority matrix has been created for employees.
7. Access logs are kept regularly.
8. Corporate policies on access, information security, usage, storage, and disposal have been prepared and implemented.
9. If necessary, the data masking measure is applied.
10. Confidentiality commitments are made.
11. The relevant authorities of employees whose positions have changed or who have quit the job, are canceled.
12. Updated anti-virus systems are being used.
13. Firewalls are being used.
14. The signed agreements comprise provisions of data security.
15. For the personal data that has been submitted by paperwork, extra security measures are taken and the relevant document is sent in a confidential level document format.
16. Personal data security policies and procedures have been designated.
17. Issues regarding personal data security are being reported instantly.
18. The tracking of the personal data security is being made.
19. The necessary security measures regarding the entrance to and exit from physical environments which comprise personal data, are taken.
20. The security of the physical environments which comprise personal data against external risks (fire, flood, etc.) is ensured.
21. The security of the environments which comprise personal data is ensured.
22. The personal data is reduced to the maximum extent possible.
23. Personal data is backed up and the security of the backed up data is also ensured.
24. The user account management and the authorization control system are being applied and tracked.
25. Periodical and/or random in-house inspections are made and ordered to be made.
26. The log records are kept in isolation from any user intervention.
27. Existing risks and threats have been determined.
28. Protocols and procedures related to the sensitive personal data security have been determined and are being implemented.
29. If the sensitive personal data is to be sent by e-mail, it is definetely sent in an encrypted form and via registered e-mail address (KEP) or corporate e-mail account.
30. Attack detection and prevention systems are being used.
31. Cyber security measures are taken and their implementation is tracked continuously.
32. Encryption is being made.
33. The sensitive personal data which are transferred through portable memory devices, CDs and DVDs are transferred in an encrypted form.
34. The periodical inspection of the data processing service providers regarding data security is ensured.
35. The awareness of the data processing service providers regarding data security is ensured.
36. Data loss prevention software is being used.
F. THE RIGHTS OF THE PERSON WHOSE PERSONAL DATA IS PROCESSED
For the purpose of exercising the rights mentioned below, you can submit your requests regarding the processing of personal data by writing or by any other means that shall be designated by the Personal Data Protection Authority, by filling out the Personal Data Owner Application form which you can reach by clicking the URL https://www.galaksiya.com/documents/personel_data.pdf and by sending it to the Company address "Erzene Mahallesi Ankara Caddesi No: 172/67 Bornova İZMİR" or to the registered e mail address (KEP) galaksiya@hs03.kep.tr. Depending on the nature of the request, the Company resolves the requests within the application in shortest possible time and in maximum thirty days, free of charge; However, if the transaction necessitates any extra cost, the fee included in the price list which is designated by the Data Protection Authority may be collected. Within this scope, as personal data owners (Relevant Persons), you are entitled to;
- Find out if your data is processed or not,
- Request relevant information in case they have been processed,
- Find out the purpose of processing your personal data and whether they have been used in line with this purpose or not,
- Know about the domestic or overseas third parties who received the data
- Demand the correction of the personal data in case it is processed incomplete or inaccurate,
- To demand deletion or disposal of your personal data within the framework of the conditions anticipated in the Law on Protection of Personal Data (KVKK),
- Demand that the transactions made pursuant to the abovementioned rights of correction, deletion and disposal are notified to the third parties to whom the personal data has been transferred,
- Object the consequences against you arising from the exclusive analysis of your personal data through automated systems.
- Request the compensation of the damage that you have suffered due to the illegal processing of your personal data.
G. ABOUT THE CLARIFICATION TEXT
Within the framework of the amendments that might be made in the applicable legislation, the Company always reserves the right to update this Clarification Text on Protection of Personal Data.