PDPL Policy
LUNA BİLİŞİM TEKNOLOJİLERİ SAN. TİC. A.Ş. POLICY OF THE PROTECTION AND PROCESSING OF PERSONAL DATA
This Policy of the Protection and Processing of Personal Data, within the framework of the Law on the Protection of Personal Data No. 6698, Luna Bilişim Teknolojileri San. Tic. A.Ş. ("The Company"), the use of the content on the official website of the Company, www.lunabilisim.com.tr ("Website") by users, visitors, members and other persons ("User or Related Person") provides information about our company policy regarding the procedures and principles of our company regarding the processing and transfer of personal data shared or produced by the User with the Company.
Based on these principles and procedures, as the Company, we take all administrative and technical measures in line with the policy we have implemented for the protection and processing of Personal Data.
1. Purpose of Personal Data Protection and Processing Policy:
The purpose of the Personal Data Protection and Processing Policy ("Policy") is that our company, which carries out the purchase and sale of technological products in the IT sector, is responsible for the processing of personal data, the protection and, if necessary, destruction of this data, in line with the scopes specified in the Law on the Protection of Personal Data No. 6698. to regulate the principles and bases that it has determined. In addition, it should be noted that in this context, it is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life issued in Article 20 of the Constitution, and to inform the Personal Data Owners about the obligations of our Company and the procedures and principles to be applied in accordance with the Law on the Protection of Personal Data No. 6698. The primary and important purpose of our policy is to protect the privacy and security of personal data of Personal Data Owners.
2. Scope of Personal Data Protection and Processing Policy:
Provided that this Policy consists of real persons existing within the company, certain company rights holders, for other classes and that they are new real persons that can be acquired from outside the company;
» Company Shareholders,
» Company Business Partners,
" Company officials,
" Company employees,
» Company Interns,
» Company Former Employees,
» Employee Candidates,
» Visitors,
» Company Customers,
» Potential Customers,
» Third Parties
It has been prepared for the above-mentioned persons and will be implemented within the scope of all real persons except those specified above.
The Company informs about the Law on Protection of Personal Data No. 6698 by publishing this Policy on the website
www.lunabilisim.com.tr. As we have stated above, this Policy will not be applicable to legal entities, regardless of title or name. In addition, "Personal Data Processing Policy for Employees" will be implemented for our company employees.
This Policy will be applied to the above-mentioned real persons, if our Company processes the Personal Data of these persons within the scope of the Law on the Protection of Personal Data No. 6698, fully or partially automatically or by non-automatic means provided that they are part of any data recording system. This Policy will not be applied if the data is not included within the scope of "Personal Data" in the definitions we will specify below or if the Personal Data processing activity carried out by our Company is not in the above-mentioned ways.
3. Definitions under the Law on Protection of Personal Data No. 6698:
While this Policy is being implemented by our Company, the main definitions to be used in the implementation of the Law are as follows:
Explicit Consent |
It is the consent of a particular subject, based on information and by free will.
|
Anonymization
|
Making Personal Data incapable of being associated with an identified or identifiable real person under any circumstances, even by matching with other data.
|
Company
|
Luna Bilişim Teknolojileri San. Tic. A. Ş.
|
Company Official
|
Luna Bilişim Teknolojileri San. Tic. A. Ş.’s board member and other authorized real persons
|
Company Shareholder
|
Luna Bilişim Teknolojileri San. Tic. A. Ş. Shareholders as real persons
|
Company Business Partner, Business Partner’s Shareholder, Officer, Employee
|
All real persons, including real persons, shareholders and officials, with whom our company has any kind of business relationship, and real and legal persons (such as business partners, suppliers) with whom our company has any business relationship.
|
Employee Candidate
|
They are real persons who have applied for a job to our company by any means or have opened their CV and related information to our company's review.
|
Company Customer
|
They are real persons who use or have used the products and services offered by our Company, regardless of whether they have any contractual relationship with our Company.
|
Potential Customer
|
Real persons who have requested or been interested in using our products and services, or who have been evaluated in accordance with the rules of commercial practice and honesty that they may have
|
Third Party
|
Prepared for Company Employees, Luna Bilişim Teknolojileri San. Tic. A.Ş. Other persons who are not covered by the Personal Data Protection and Processing Policy and who do not covered by any Personal Data Owner category in this Policy
|
Visitor
|
All real persons who have entered the physical campuses owned by our company for various purposes or visited our websites for any purpose.
|
Law
|
Refers to the Personal Data Protection Law No. 6698.
|
Secondary Legislation
|
In accordance with the law, it means any regulation, circular, communique, policy decision or similar administrative decision or general opinion issued or taken by the Personal Data Protection Authority.
|
Related Users
|
It refers to the persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of the data
|
Processing of Personal Data
|
It means all kinds of operations performed on the data, such as preventing the use of data, obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying Personal Data, wholly or partially, by automatic or non-automatic means provided that it is a part of any data recording system
|
Board
|
Refers to the Personal Data Protection Board
|
Corporation
|
Represents the Personal Data Protection Corporation
|
Sensitive Personal Data
|
Data about race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data
|
Company Shareholder
|
|
Record
|
It refers to the Data Controllers Registry, which is a registration system where data controllers have to register and declare information about data processing activities
|
Data Processor
|
Refers to the real or legal persons who process Personal Data on behalf of the Data Controller based on the authority granted by her/him.
|
Data Recording System
|
It refers to the recording system in which Personal Data is processed and structured according to certain criteria
|
Data Protection Commission
|
Refers to the Company's Personal Data Protection Commission. |
Data Owner
|
Data Owner, defined as "Relevant Person" in the Law, refers to the real person whose Personal Data is processed. Data Subjects also include customers, internet users, individuals in communication, e-mail and marketing database lists, employees, contractors and suppliers.
|
Data Controller
|
It refers to the real or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data recording system.
|
Draft Regulation on the Data Controllers Registry
|
The Draft Regulation on the Data Controllers Registry has been prepared in accordance with Article 16 of the Law. It has not yet entered into force |
Deletion
|
It means making personal data inaccessible and non-reusable for Relevant Users in any way.
|
Deletion and Annihilation Policy
|
It refers to the policy that the Company has prepared within the scope of the Regulation on the Deletion, Annihilation or Anonymization of Personal Data, regulating the procedures and principles regarding deletion and annihilation
|
Annihilation
|
It means making personal data inaccessible, irretrievable and reusable by anyone in any way
|
4. Enforcement of Personal Data Protection and Processing Policy:
Since the date of its publication after issued by Luna Bilişim Teknolojileri San. Tic. A. Ş. on the Company's website (
www.lunabilisim.com.tr), it is made available to relevant persons upon the request of the Personal Data Owners.
5. Protection of Personal Data Within The Scope Of Our Company Policy:
a) Security of Personal Data;
In accordance with the Law on Protection of Personal Data No. 6698, our company takes all necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the illegal processing and access of Personal Data, and to ensure the preservation of Personal Data.
b) Audit;
Our company carries out and has the necessary audits done in order to establish the data security described above and to ensure the regularity and continuity of the measures taken.
c) Confidentiality;
Our company takes all necessary technical and administrative measures according to the technological possibilities and application costs so that the relevant data controllers and data processors do not disclose the Personal Data they have to others in violation of the clauses of the Law and Policy and do not use them for purposes other than processing. In this regard, informing and training activities about the Law and Policy are carried out with our Company employees.
d) Unauthorized Disclosure of Personal Data;
In the event that the Personal Data processed by our Company is obtained by others through illegal ways, our Company takes the necessary actions to notify the relevant Personal Data Owner and the KVK Board as soon as possible. If deemed necessary by the KVK Board, this situation may be announced on the website of the KVK Board or by any other method deemed appropriate by the KVK Board.
e) Protection of the Legal Rights of Personal Data Owners;
Our company observes all legal rights of Personal Data Owners with the implementation of the Policy and Law and takes all necessary precautions to protect these rights.
f) Protection of Private Personal Data;
As stated in the definitions section, data related to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric data and genetic data are Sensitive Personal Data. Our company takes into consideration that Sensitive Personal Data are data that may cause the person concerned to be victimized or be exposed to discrimination if learned by others. For this reason, all necessary measures are taken sensitively to protect such personal data that are processed in accordance with the law.
General Principles for Processing Personal Data within the Scope of Our Company Policy;
Personal Data is processed by our company in accordance with the Law on the Protection of Personal Data No. 6698 and the procedures and principles stipulated in this Policy. Our company acts within the scope of the following principles when processing Personal Data.
Principle of Compliance with the Rules of Law and Good Faith;
Our company processes the Personal Data in the most comprehensive manner in accordance with the rule of good faith, taking into account both the private law and the customary law, within the scope of the Personal Data Protection Law No.6698
The Principle of Being Accurate and Up-to-Date;
Our company ensures that the Personal Data processes are accurate and up-to-date, taking into account the fundamental rights and legitimate interests of Personal Data Owners. In this context, issues such as the sources from which the data are obtained are certain, confirming their accuracy, and evaluating whether they need to be updated are carefully considered.
Principle of Processing for Identifiable, Explicit and Legitimate Purposes;
Our company clearly and precisely determines the purpose of data processing and ensures that this purpose is legitimate. Being legitimate means that the Personal Data processed by our Company is related to and necessary for the work it has done or the service it has provided.
The Principle of Being Related to the Purpose for which they are Processed, Limited and Proportionate;
Our company ensures that the processed Personal Data are suitable for the realization of the determined purposes and avoids the processing of Personal Data that is not related to the realization of the purpose or is not needed. It fulfills one of the processing conditions of the Personal Data issued in the Law, as if it were the first time to process the data in order to meet the possible needs that may arise later. It also limits the processed data only to what is necessary for the realization of the purpose.
The Principle of Retention for the Time Required for the Purpose of Processing or Envisioned in the Related Law;
Our company complies with these periods if there is a period stipulated in the relevant legislation for data storage. Otherwise, it retains the Personal Data only for as long as necessary for the purpose for which it was processed. If there is no valid reason for further storage of a Personal Data by our company, the said data is deleted, destroyed or anonymized.
7. Conditions for Processing Personal Data within the Scope of Our Company Policy:
Our company does not process Personal Data without the explicit consent of the data owner. Our company may process Personal Data without seeking the explicit consent of the data owner in the presence of one of the following conditions.
In Case It Is Clearly Stipulated In The Relevant Laws
Our company may process the Personal Data of Personal Data Owners, even if there is no explicit consent, in cases clearly stipulated by the laws.
In the event that a person who is unable t4o express her/him consent due to actual impossibility or whose consent is not legally valid, is necessary for the protection of herself/himself or someone else's life or bodily integrity;
Personal Data may be processed by our company without express consent, in order to protect the life or physical integrity of individuals, in cases where consent cannot be disclosed or is not valid. In order to protect the life or body integrity of the person, the Personal Data of the Personal Data Owner may be processed during the medical intervention. In this scope, data such as blood type, diseases and surgeries, and medications used can be processed through the relevant health system.
Provided That It Is Directly Related To The Establishment Or Perform Of A Contract, In Case It Is Necessary To Process The Personal Data Of The Parties To The Contract;
Personal Data may be processed by our company in connection with the establishment or perform of a contract.
In Case the Data Controller is Compulsory to Fulfill the Legal Obligation;
Our company may share the requested personal data in order to fulfill its legal obligation, if personal data is requested and disclosed from official institutions and organizations in order to resolve or clarify an event.
Relevant Person Has Been Publicized By Herself/Himself;
Personal Data of the Personal Data Owners, which have been made public by themselves, in other words, disclosed to the public in any way, may be processed because it is considered that the legal benefit that needs to be protected is eliminated in the processing of such data, which is made public by the Personal Data Owners and thus becomes known to everyone.
Data Processing is Mandatory for the Establishment, Use or Protection of a Right;
In cases where data processing is necessary for the establishment, usage or protection of a right, it may process the personal data of personal data owners without seeking explicit consent.
Obligation to Process Data for the Legitimate Interests of the Data Controller, Provided Not to Harm the Fundamental Rights and Freedoms of the Relevant Person;
Our company may process Personal Data of Personal Data Owners in cases where it is necessary to process Personal Data for their legitimate interests, by ensuring that it does not harm the fundamental rights and freedoms of Personal Data Owners protected under the Law and Policy. Our company shows the necessary sensitivity to comply with the basic principles regarding the protection of Personal Data and to protect the legitimate interests of our Company and Personal Data Owners.
8. Conditions for Processing Sensitive Personal Data within the Scope of Our Company Policy;
Our company does not process Sensitive Personal Data without the explicit consent of the person concerned. However, Personal Data other than health and sexual life may be processed without seeking the explicit consent of the person concerned, in cases stipulated by the laws. Personal Data related to health and sexual life are only processed by our Company for the purposes of protecting public health, performing preventive medicine, medical diagnosis and treatment and care services, planning and managing health services and financing, without seeking the explicit consent of the person concerned, when we are under a confidentiality obligation. In this regard, our company meticulously fulfills the necessary follow-up process and the precautions and requirements that can be taken by our company in order to take adequate measures determined by the Board in the processing of Private Personal Data.
9. Deletion, Destruction or Anonymization of Personal Data within the Scope of Our Company Policy:
Although the personal data of our company has been processed in accordance with the clauses of the Law and other relevant laws, in the event that the reasons for the processing are eliminated, the personal data is deleted, destroyed or anonymized by the data controller ex officio or upon the request of the data subject. Clauses in other laws regarding the deletion, destruction or anonymization of personal data are reserved. The procedures and principles regarding the deletion, destruction or anonymization of personal data are issued by a regulation.
10. Transfer of Personal Data Within the Scope of Our Company Policy:
» If it is necessary for the protection of the life or bodily integrity of the Personal Data owner or someone else, and the Personal Data owner is unable to express his consent due to actual impracticability or if his consent is not legally valid,
» If it is necessary to transfer the Personal Data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
» If Personal Data transfer is mandatory for our company to fulfill its legal obligation,
» If the Personal Data has been made public by the Personal Data owner,
» If Personal Data transfer is necessary for the establishment, usage or protection of a right,
» If it is necessary for the legitimate interests of our Company, provided that the fundamental rights and freedoms of the Personal Data owner are not harmed,
Then Personal Data can be transferred.
11. Transfer of Personal Data Abroad within the Scope of Our Company Policy:
Our company may transfer the Personal Data and Sensitive Personal Data of the Personal Data Owners to third parties abroad by taking the necessary security measures in line with the Personal Data processing purposes. For this purpose, taking into account the issues listed in the relevant law, Personal Data by our Company; can be transferred to foreign countries that are declared to have sufficient protection by the KVK Board or in the absence of sufficient protection, to foreign countries where the data controllers in Turkey and the relevant foreign country undertake an adequate protection in written and where the permission of the KVK Board is available. Countries with these features are announced by the KVK Board.
12. Classification of Personal Data within the Scope of Our Company Policy:
Our company processes Personal Data by classifying it in certain definitions in accordance with the Law on Protection of Personal Data No. 6698. Explanations regarding these definitions are listed below.
Personal Data Owner's Identity Information
Data relating to the identity of the personal data owner. These data are;
» Name-surname,
» ID number,
» Marital status,
» Nationality information,
» Parents name-surname,
» Place of birth-date,
» Gender
» Driving license,
» Birth certificate
» Passport
» Tax number,
» SSI number,
» Signature,
» Vehicle plate etc.
Contact Information of Personal Data Owner;
Data relating to the identity of the personal data owner. These data are;
» Phone number,
» Address,
» E-mail address,
» Fax number,
» IP address etc.
Transaction Security Information of the Personal Data Owner;
It is the personal data that is processed regarding the technical, administrative, legal and commercial security of both the Personal Data Owner and the Company during the internal and external operations of the Company.
Financial Information of Personal Data Owner;
It is the information and documents showing all kinds of financial results arising in accordance with the employee-employer relationship that the company has created with the Personal Data owner. Beside this;
» Personal data processed for records,
» Bank account number,
» Branch code,
» Bank card information,
» IBAN number,
» Credit card information,
» Financial profile,
» Credit rating,
» Asset data,
» Income etc.
Visual and Audio Information of the Personal Data Owner;
Those are photographs and camera recordings, audio recordings and any data containing this data.
Personal Information of the Personal Data Owner;
It is all kinds of personal data processed to obtain information that will be the basis for the protection of personal rights of real persons who are in a working relationship with the Personal Data Owner.
Location Information of the Personal Data Owner;
Information that determines the location of the Personal Data owner while using Company vehicles within the scope of the activities and operations of the company or the institutions with which it cooperates; GPS location, travel data etc.
Information of Family Members and Relatives of the Personal Data Owner;
Contact information and identification of family members of the Personal Data owner (e.g. spouse, mother, father, child), relatives and other people to reach out in case of emergency, in order to protect the legal and other interests of the Company and the Personal Data owner, within the scope of the activities and operations of the company or institutions with which it is cooperating.
Physical Environment Security Information of Personal Data Owner;
It is the personal data regarding the records and documents taken during the entrance to the physical environment and during the stay in the physical environment.
» Camera recordings,
» Fingerprint records
» Records taken at the security point etc.
Legal Transaction Information of the Personal Data Owner;
It is the data that is processed within the scope of the determination of the legal receivables and rights of the company, its follow-up, the performance of its debts and its legal obligations.
Sensitive Personal Information of the Personal Data Owner;
These are the data specified in accordance with Article 6 of the Law on the Protection of Personal Data No. 6698. (Health data, biometric data, religion and membership information, etc.)
Request/Complaint Management Information of Personal Data Owner;
It is the data of the Personal Data owner regarding the receipt and evaluation of any request or complaint directed to our company.
13. Purposes of Processing Personal Data within the Scope of Our Company Policy:
In order to fulfill the obligation of clarification in Article 10 of the Law on the Protection of Personal Data No. 6698, our company informs the data owners about the purposes for which the Personal Data will be processed, to whom and for what purpose the processed data can be transferred.
Your personal data is processed within the scope of the personal data processing conditions specified in Articles 5 and 6 of the Law, for the purposes of planning and implementing our human resources policies in the best way, planning and executing our commercial partnerships and strategies correctly, ensuring the legal, commercial and physical security of our Company and our business partners, ensuring the corporate functioning of our Company, Working to make the best use of the products and services offered by our Company. ; Suggesting the products and services offered by our company according to your demands, needs and wishes, ensuring the highest level of data security, creating databases, improving the services offered on our company's website, communicating with those who have submitted their requests and complaints to our company, eliminating errors occured on our web site.
14. Purposes of Transferring Personal Data within the Scope of Our Company Policy:
Your personal data is transferred within the scope of the personal data processing conditions specified in Articles 8 and 9 of the Law, for the purposes of planning and implementing our human resources policies in the best way, planning and executing our commercial partnerships and strategies correctly, ensuring the legal, commercial and physical security of our Company and our business partners, ensuring the corporate functioning of our Company, Working to make the best use of the products and services offered by our Company. ; Suggesting the products and services offered by our company according to your demands, needs and wishes, ensuring the highest level of data security, creating databases, improving the services offered on our company's website, communicating with those who have submitted their requests and complaints to our company, eliminating errors occured on our web site.
15. Persons to whom Personal Data will be Transferred within the Scope of Our Company Policy
The data of the Personal Data owner can be transferred to the following.
» To our shareholders,
» To our business partners,
» To our suppliers,
» Subsidiaries,
» To the companies and institutions we cooperate with,
» To the companies (security, health, work safety, law, etc.), authorized institutions and organizations from which our company receives services from outside in order to fulfill our contractual or legal obligations
16. Personal Data Collection Method and Legal Reason within the Scope of Our Company Policy
Personal Data is processed by our Company or by data processors assigned by our Company, following the methods specified below, for the purpose of checking the compliance with Article 1, which regulates the purpose of the Law on the Protection of Personal Data No. 6698, and Article 2, which regulates the scope of the law.
» All kinds of verbal,
» Written,
» In electronic environment, with technical and other methods,
» Call center, Company website,
» Various ways such as mobile application,
» Legislation in order to achieve the purposes stated in the policy,
» Agreement,
» It is collected in order to fulfill its responsibilities arising from the law completely and accurately within the scope of demand and optional legal reasons.
17. Deletion, Destruction or Anonymization of Personal Data within the Scope of Our Company Policy:
Without prejudice to the clauses in other laws regarding the deletion, destruction or anonymization of Personal Data, although our Company has processed it in accordance with the Law on the Protection of Personal Data No. 6698 and other laws, in case the reasons for processing the Personal Data no longer exist, upon the request of the data owner. deletes, destroys or anonymizes.
With the deletion of personal data, this data is destroyed in a way that it cannot be used in any way and cannot be restored. Accordingly, personal data is deleted from tools such as documents, files, CDs, floppy disks, hard disks, in which they are recorded, in a way that cannot be recycled.
With the destruction of personal data, this data is destroyed in a way that it cannot be used in any way and cannot be restored.
Anonymizing the data is meant that the Personal Data cannot be associated with an identified or identifiable real person, even if it is matched with any other data.
18. Retention Period of Personal Data Within the Scope of Our Company Policy:
Our company stores Personal Data in accordance with the Law on Protection of Personal Data No. 6698 and for the periods stipulated in the legislation. If there is no time limit in the Law on the Protection of Personal Data No. 6698 and in the legislation regarding how long Personal Data should be stored, the Personal Data is processed until the purpose of processing the Personal Data is realized, and then deleted, destroyed or anonymized.
19. Clarification of Personal Data Owner within the Scope of Our Company Policy:
Our company informs the Personal Data Owners during the acquisition of personal data within the scope of Article 10 of the Law on the Protection of Personal Data No. 6698. In this context, clarifications are made about the identity of the Company representative, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method of collecting personal data and the rights of the Personal Data Owner for legal reasons.
20. Rights of the Personal Data Owner pursuant to the PDPL within the Scope of Our Company Policy:
Our company informs everyone of their rights in accordance with Article 10 of the Law on Protection of Personal Data No. 6698. It provides guidance on how to use these rights and carries out the necessary internal functioning, administrative and technical arrangements for all these. Our company discloses the following rights to persons whose personal data is received pursuant to Article 11 of the Law.
» Learning whether personal data is processed or not,
» Requesting information if personal data has been processed,
» Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
» Knowing the third parties to whom personal data is transferred at domestioc or foreign,
» Requesting correction of personal data if it is incomplete or incorrectly processed,
» Requesting the deletion or destruction of personal data within the scope of the conditions stipulated in Article 7 of the Law,
» Requesting notification of the transactions made pursuant to subparagraphs (d) and (e) of Article 11 of the Law, to third parties to whom personal data has been transferred,
» Objecting to the emergence of a result against the person by analyzing the processed data through automatic systems,
» Requesting the compensation of the damage in case of loss due to illegal processing of personal data
You can submit your requests regarding the implementation of the Law on the Protection of Personal Data No. 6698 to our Company in written, using the
Data Owner Application Form of the Law of the Protection of Personal Data, or with a secure electronic signature or by other methods to be determined by the Personal Data Protection Board ("
Board"), to the address in the application form. Our company will conclude your requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the qualification of the request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Board may be charged.
Our company may accept the request or reject it by explaining the reason; notifies the relevant person in written or electronically. If the request in the application is accepted, our Company fulfills its requirements. If the application is due to the fault of our Company, the fee charged is returned to the data owner.
In cases where the application is rejected, the answer given is insufficient or the application is not answered in due time; The data owner has the right to file a complaint with the Board within thirty days from the date of learning the answer and in any case within sixty days from the date of application.
21. Circumstances in which the Policy and the Law will not be Wholly or Partially Implemented within the Scope of Our Company Policy:
This Company Policy and the provisions of the Law will not be applied in the following cases:
» Processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, which are not given to third parties and the obligations regarding data security are complied with.
» Making the personal data anonymous with offical statistics for processing them for purposes such as research, planning and statistics,
» Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime.
» Processing of personal data within the scope of preventive, protective and informative activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security.
» Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.
In accordance with the purpose and basic principles of this Policy and the Law on Protection of Personal Data No. 6698, Article 10 regulating the obligation of disclosure of the data controller, Article 11 regulating the rights of the data subject, with the exception of the right to demand the recoverage of the damage, and Article 16 regulating the obligation to register in the Data Controllers Registry, will not apply in the following cases.
» The processing of personal data is necessary for the prevention of crime or for criminal investigation.
» Processing of personal data made public by the related person.
» Personal data processing is required by authorized public institutions and organizations and professional organizations in the nature of public institutions for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution based on the authority granted by the law.
» The processing of personal data is necessary for the protection of the economic and financial interests of the Government with regard to budgetary, tax and financial matters.
22. Classification of Personal Data Owners within the Scope of Our Company Policy:
Only real persons can benefit from the protection of this Policy and the Law. Personal Data Owners within this scope are grouped as follows:
Employee Candidate |
They are real persons who have applied for a job to our company by any means or have opened their CV and related information to our company's review. |
Group Company Customer |
Whose Personal are obtained through Data Luna Bilişim Teknolojileri San. Tic. A.Ş. |
Company Business Partner, Shareholder, Company Official, Employee of Business Partners |
All real persons, including real persons, shareholders and officials with whom our company has any kind of business relationship and real and legal persons (such as business partners, suppliers) with whom our company has any business relationship |
Company Customer |
They are real persons who use or have used the products and services offered by our Company, regardless of whether they have any contractual relationship with our Company. |
Potential Customer |
They are real persons who have requested or been interested in using our products and services, or have been evaluated in accordance with usances and honesty rules that they may have. |
Company Shareholder |
People who are the shareholders of Luna Bilişim Teknolojileri San. Tic. A.Ş. |
Company Official |
They are the Board Members and authorized people of Luna Bilişim Teknolojileri San. Tic. A.Ş. |
Third Party |
Other persons who are not covered by the Personal Data Protection and Processing Policy which is prepared for company emloyees of Luna Bilişim Teknolojileri San. Tic. A.Ş. and who do not fall under any Personal Data Owner category in this Policy. |
Visitor |
They are all real persons who enter the physical locations of our company for various purposes or visit our websites for any purpose. |
23. Matching Personal Data with Personal Data Owners within the Scope of Our Company Policy:
The matching of the classified Personal Data, whose definitions and scopes are given above, with the classified Personal Data Owners is presented below.
Identity Information |
Company Shareholder; Company official; Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Company Official, Employee of Business Partners; Employee Candidate; Visitor, Third Parties |
Communication information |
Company Shareholder; Company official; Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Company Official, Employee of Business Partners; Employee Candidate; Visitor, Third Parties |
Transaction Security Information |
Company Shareholder; Company official; Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Company Official, Employee of Business Partners; Employee Candidate; Visitor, Third Parties |
Financial Information |
Company Shareholder; Company official; Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Company Official, Employee of Business Partners; Employee Candidate; Visitor, Third Parties |
Visual and Audio Information |
Company Shareholder; Company official; Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Company Official, Employee of Business Partners; Employee Candidate; Visitor, Third Parties |
Personal Information |
Company Business Partner, Shareholder, Company Official, Employee of Business Partners; Employee Candidate, Third Parties |
Location Information |
Company Business Partner, Shareholder, Company Official, Employee of Business Partners |
Family Members and Relatives Information |
Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Company Official, Employee of Business Partners; Employee Candidate; Visitor, Third Parties |
Physical Environment and Security Information |
Company Shareholder; Company official; Company Business Partner, Shareholder, Company Official, Employee of Business Partners; Employee Candidate; Visitor, Third Parties |
Legal Transaction Information |
Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Company Official, Employee of Business Partners; Third Parties |
Sensitive Personal Information |
Company Shareholder; Company official; Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Company Official, Employee of Business Partners; Employee Candidate; Visitor, Third Parties |
Request/Complaint Management Information |
Company Shareholder; Company official; Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Company Official, Employee of Business Partners; Employee Candidate; Visitor, Third Parties |