PERSONAL DATA PROTECTION LAW (LPPD) POLICY AND INFORMATION

PERSONAL DATA PROTECTION LAW (LPPD) POLICY AND INFORMATION

PERSONAL DATA PROTECTION LAW (LPPD) POLICY AND INFORMATION

PERSONAL DATA PROTECTION LAW (LPPD) POLICY AND INFORMATION

Last Updated on September 27, 2024

Last Updated on September 27, 2024

As BTS KURUMSAL BİLİŞİM TECHNOLOGIES ANONİM ŞİRKETİ (after this “Company” or “BTS”); It is a policy and corporate value of BTS to show the essential care and sensitivity regarding the protection of personal data of potential product or service buyers, product or service recipients, manufacturer employees, dealer employees, supplier employees, supplier officials, consultant/consultant employees, auditors, referees, data controller company owners, prospective employees, employees, employee relatives and third parties with whom we have business relations (including but not limited to; third parties who want to contact, third parties with rights, property owners, financial advisory authorities, lawyers, attorneys, bank employees, institution officials, doctors, company officials from whom certificates are obtained). Our company takes necessary administrative and technical measures regarding the protection of personal data.


Under Article 10 of the Law on the Protection of Personal Data No. 6698 (“hereafter LPPD”), data controllers are obliged to inform the relevant persons about;

● The identity of the data controller and its representative, if any,

● The purpose for which personal data will be processed,

● To whom and for what purpose the processed personal data can be transferred,

● The method and legal reason for collecting personal data,

● The rights of the relevant person (whom the relevant person can direct to the data controller and listed in Article 11 of the LPPD).

● This Disclosure Text has been prepared per the LPDD and the relevant law to inform and brief data owners.

A. IDENTITY OF THE DATA CONTROLLER

BTS KURUMSAL BİLİŞİM TEKNOLOJİLERİ ANONİM ŞİRKETİ

Internet Address: https://www.btsgrp.com/

Phone Number: +90 216 504 40 77

E-Mail Address: btsbilisim@hs01.kep.tr

Address: Barbaros Mahallesi Mor Sümbül Sokak Varyap Meridian Business Office I Block Floor: 12 Flat: 159 34746 Ataşehir, İstanbul

B. PURPOSES OF PROCESSING PERSONAL DATA

BTS processes personal data limited to the purposes and conditions specified in the personal data processing conditions specified in Articles 5/2 and 6/3 of the LPDD. These purposes and conditions are where;

● The relevant activity of BTS regarding the processing of personal data is expressly regulated in the laws,

● The processing of personal data belonging to the parties to the contract is mandatory, provided that the processing of personal data by BTS is related to the establishment or execution of the contract,

● Processing of personal data is mandatory for BTS to fulfil its legal obligations.

● It is mandatory to process personal data for the legitimate interests of BTS, provided that it does not harm the fundamental rights and freedoms of the personal data owner.

● It is defined in the laws for special categories of personal data other than the health and sexual life of the personal data owner,

● Personal data of a personal data owner's special nature regarding his/her health is processed by persons or authorized institutions and organizations that are under a non-disclosure obligation for the purposes of protecting public health, carrying out preventive medicine, medical diagnosis, treatment and care services, planning and managing health services, and financing them.


Moreover, in accordance with the decision of the Personal Data Protection Board No. 2021/980, the relevant data defined within the scope of Article 28/1-ç (exception) of LPDD, BTS will be able to process such data without the application of the provisions of the LPPD. The data is provided with the explicit consent of the relevant person where the terms and conditions above do not exist. In this context, BTS processes your personal data for the following purposes:

● Conducting / Auditing Business Activities

● Conducting Goods / Services Sales Processes

● Conducting Goods / Services After-Sales Support Services

● Conducting Customer Relationship Management (CRM)Processes

● Planning / Executing Customer Satisfaction Activities

● Conducting Customer Satisfaction Activities

● Following Up Requests / Complaints

● Conducting Product / Services Marketing Processes

● Conducting Finance and Accounting Affairs

● Conducting Contract Processes

● Conducting Advertisement / Campaign / Promotion Processes

● Conducting Access Authorizations

● Conducting Audit / Ethics Activities

● Conducting Training Activities

● Providing Information to Authorized Persons, Institutions and Organizations

● Conducting Application Processes for Employee Candidates

● Conducting Employee Candidate / Intern / Student Selection and Placement Processes Execution

● Following up and Carrying out Legal Affairs

● Execution of Occupational Health / Safety Activities

● Fulfilment of Obligations Arising from Employment Contracts and Laws for Employees

● Execution of the Processes Regarding Side Benefits and Interests of Employees

● Conduct of activities in Compliance With Laws

● Ensuring Physical Location Security

● Execution of Communication Activities

● Planning of Human Resources Processes

● Execution of Talent / Career Development Activities If the processing activity carried out for the aforementioned purposes does not meet any of the conditions stipulated in the LPPD, the explicit consent of the personal data owner is obtained by BTS regarding the relevant processing process.

C. TRANSFER OF PERSONAL DATA

BTS notifies the personal data owner about the groups of persons to whom personal data is transferred under LPPD Article 10. BTS may transfer the personal data of data owners managed by this policy per LPPD Articles 8 and 9 to the following categories of domestic or foreign persons:

● For the purpose of fulfilling the obligations arising from the employment contract and laws for employees, to a financial advisory firm, a bank and Microsoft due to the storage of the data processed for this purpose in the OneDrive cloud system

● For the purpose of carrying out the side benefits and rights processes for employees, to an insurance company and Microsoft due to the storage of the data processed for this purpose in the OneDrive cloud system

● For the purpose of carrying out the application processes of employee candidates, to Microsoft due to the storage of the data processed for this purpose in the OneDrive cloud system ○

● For the purpose of carrying out the selection and placement processes of employee candidates/interns/students, to Microsoft due to the storage of the data processed for this purpose in the OneDrive cloud system

● For the purpose of carrying out audit/ethics activities, to Microsoft due to the storage of the data processed for this purpose in the OneDrive cloud system

● For the purpose of carrying out training activities, to manufacturers and Microsoft due to the storage of the data processed for this purpose in the OneDrive cloud system

● For the purpose of carrying out access authorizations, to manufacturers and Microsoft due to the storage of the data processed for this purpose in the OneDrive cloud system To Microsoft,

● For the purpose of carrying out activities in accordance with the laws to financial advisors, authorised public institutions and organisations and Microsoft for the purpose of keeping the data processed for this purpose in the OneDrive cloud system,

● For the purpose of carrying out accounting and financial affairs, to financial advisors, customers, consulting firms, banks, authorized public institutions and organizations and Microsoft for the purpose of keeping the data processed for this purpose in the OneDrive cloud system,

● For the purpose of ensuring physical location security, to plaza management and Microsoft for the purpose of keeping the data processed for this purpose in the OneDrive cloud system,

● For the purpose of following up and carrying out legal affairs, to authorized public institutions and organizations, lawyers,

● For the purpose of keeping the data processed for the purpose of carrying out communication activities, to Microsoft,

● For the purpose of planning human resources processes, to financial advisors and Microsoft for the purpose of keeping the data processed for this purpose in the OneDrive cloud system,

● For the purpose of carrying out / auditing business activities, to customers and Microsoft for the purpose of keeping the data processed for this purpose in the OneDrive cloud system,

● For the purpose of keeping the data processed for this purpose in the OneDrive cloud system, to Microsoft

● For the purpose of carrying out the sales processes of goods/services, to manufacturers, dealers, customers, business partners, cargo companies and Microsoft due to the data processed for this purpose being kept in the OneDrive cloud system,

● To Microsoft for the purpose of carrying out after-sales support services of goods/services and due to the data processed for this purpose being kept in the OneDrive cloud system,

● To Microsoft for the purpose of carrying out activities aimed at customer satisfaction and due to the data processed for this purpose being kept in the OneDrive cloud system,

● To Microsoft for the purpose of carrying out advertising/campaign/promotion processes and due to the data processed for this purpose being kept in the OneDrive cloud system,

● For the purpose of carrying out contract processes to customers, authorized public institutions and organizations and Microsoft due to the data processed for this purpose being kept in the OneDrive cloud system,

● To Microsoft for the purpose of carrying out marketing processes of products/services and due to the data processed for this purpose being kept in the OneDrive cloud system,

● To Microsoft for the purpose of carrying out talent/career development activities and due to the data processed for this purpose being kept in the OneDrive cloud system,

● To authorized public institutions and organizations for the purpose of informing authorized persons, institutions and organizations and Microsoft due to the data processed for this purpose being kept in the OneDrive cloud system,

D. COLLECTION OF PERSONAL DATA

Our company may collect and process the personal data of the data owners specified in this text under the explicit consent of the personal data owner (LPPD Art. 5/1) or other data processing conditions stipulated in LPPD Art. 5/2-a, 5/2-c, 5/2-ç, 5/2-f, 6/3-t and within the scope of carrying out business activities, including various contracts, , dispatch notes/waybills, receipts and invoices, e-mails, notifications from administrative and judicial authorities or third parties, incoming and outgoing documents, purchases of goods and services, tender and direct procurement processes, production processes, employee and intern recruitment processes, salary payments of employees and interns, employee initiation process, creation of SSI(SGK) records of employees and interns, employee training processes, disciplinary investigations, employee leave processes, transactions within the scope of occupational health and safety, meetings, etc. management of activities, the processes of employee candidates entering the Company, sales processes, notifications to be made to authorized public institutions and organizations, the Company website, e-mail system, HES Code application, allocation of computers to employees and including but not limited to those written here, verbally, in writing or through electronic channels, in accordance with the principles set forth in the second paragraph of Article 4 of the LPPD;

● Being in compliance with the law and equity

● Being accurate and up-to-date when necessary

● Being processed for specific, clear and legitimate purposes

● Being connected, limited and proportionate to the purpose for which they are processed

● Being stored for the period stipulated in the relevant laws or necessary for the purpose for which they are processed.


In the absence of the reasons listed above, the data will be obtained with the explicit consent of the relevant person. According to the decision of the Personal Data Protection Board No. 2021/980, since the relevant data is considered within the scope of Article 28/1-ç (exception) of the LPPD No. 6698, BTS will be able to process this data without applying the provisions of the Personal Data Protection Law.

E. STORAGE AND DESTRUCTION OF PERSONAL DATA

Our Company stores personal data in accordance with the purposes of processing. If a storage period is determined in the law for each data, the storage period is limited by that legally determined timespan. In cases where there is no storage period in the law, the need for this data is determined and it is stored for reasonable periods in line with the purposes of processing. Sectoral customs are taken into account when determining these periods. When the purpose and reason for processing personal data cease to exist, they will be destroyed. The exception to this situation is that the relevant personal data will be stored for the necessary defence or information provision in disputes to which our Company is a party or whose information is sought in order to ensure our obligations arising from the laws, for the necessary statute of limitations.

F. RIGHTS OF THE RELATED PERSON

Every relevant person has the following rights in accordance with Article 11 of the LPPD:

● To be informed whether or not his/her personal data has been processed,

● To request information regarding his/her personal data if it has been processed,

● To be informed about the purpose of processing personal data and whether it is used in accordance with its purpose,

● To know the third parties to whom personal data is transferred in Türkiye or abroad,

● To request correction of personal data if it is processed incompletely or incorrectly and to request notification of the transaction made within this scope to the third parties to whom personal data is transferred,

● To request deletion or destruction of personal data if the reasons requiring processing cease to exist despite the fact that it has been processed in accordance with the provisions of the LPPD and other relevant laws and to request notification of the transaction made within this scope to the third parties to whom personal data is transferred,

● To object to the emergence of a result against it/him/her by analysing the processed data exclusively through automated systems,

● To request compensation for the damages incurred due to the unlawful processing of personal data. In this context, you can exercise your rights listed above by filling out the print of “Data Owner Application Form” on our Company’s website and;

● Sending a notice to our Company via a notary, or

● Applying in person (by hand) with a wet-signed petition with documents that identify you, or

● Sending registered mail to our Company, ● or

● Applying with a secure e-signature to the registered e-mail address, btsbilisim@hs01.kep.tr.


The requests of the relevant person will be evaluated and decided free of charge as soon as possible and ultimately within thirty (30) days at the latest. If the evaluation and decisionmaking process requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board will be taken as the basis.