VALOR TURIZM CONGRESS ORGANIZATIONS TIC. LTD. STI
CLARIFICATION TEXT FOR CUSTOMERS AND PARTICIPANTS
IN TERMS OF PROTECTION AND PROCESSING OF PERSONAL DATA
VALOR TURIZM CONGRESS ORGANIZATIONS TIC. LTD. STI
CLARIFICATION TEXT FOR CUSTOMERS AND PARTICIPANTS
IN TERMS OF PROTECTION AND PROCESSING OF PERSONAL DATA DATA
BOARD OF DIRECTORS OF VALOR TURIZM KONGRE ORGANIZASYONLARI TIC. LTD. STI.
TABLE OF CONTENTS
Pursuant to Act on Protection of Personal Data numbered 6698 (APPD) which entered into effect on 07.04.2016, all information pertaining to the identified or identifiable real person is defined as personal data and necessary steps for protection of personal data and legal processing have to be taken.
Valör Lawful processing and protection of personal data, as well as ensuring full compliance with the Act on Protection of Personal Data numbered 6698 (APPD) are among our priorities as Valor Turizm Kongre Organizasyonlari Tic. Ltd. Sti. (The Company).
All activities of the Company, regardless of whether it pertains to the processing of personal data, are performed in full awareness of the Company responsibilities against our customers, but at the same time, the Company and the Customers as a whole need to comply with the Company Policies on Protection and Processing of Personal Data, and to show due care.
This Clarification Text has been drawn up for informing our customers on the Companys personal data processing activities and to carry out our clarification obligation pursuant to the APPD.
This Clarification Text covers the real persons, whose personal data is obtained through the business activities of the Company, regardless of the existence of a contractual relationship with the Company.
Along with our customers, with whom the supplier and purchase-sale relationship is still ongoing in terms of the provision of organization services for congress, travel and tourism; our old customers whose personal data continues to be processed/stored in line with the legislation, as well as the prospective customers who have been in contact with the Company in relation with the processes mentioned above, and the participants of the organizations held for our customers whose personal data is processed and who are in contact with the Company; are within the scope of this Clarification Text.
In the cases that are not regulated in this Clarification Text, the provisions and regulations stated in the Companys general policies on protection and processing of personal data shall apply.
This clarification text can be updated in order to comply with the changes in the legislation or the conditions and to accurately reflect the implementations on protection and processing of personal data. Relevant regulations are published in our website, as open for Access of all our customers and the participants.
The policy of the Company is to lawfully obtain and process the personal data within the scope of this clarification text, including our customers and the participants, and to perform our obligation to inform and clarify. In this line, our website contains the information necessary for communication with the Company. Our customers can reach our company via phone, e-mail or website or directly, in person or electronically. Our real-person customers can directly, and our corporate customers through their authorized officials that are real person, can convey their requests for organization process or other goods and products, to the Company, with any of the methods stated above.
The Company informs the customers regarding the personal data that could be obtained and their processing, through e-mail or website, depending on the method utilized. The Company takes necessary measures for the customers to use their legal rights and to convey their requests for personal data.
The Company, during the customer relations and business processes of Company works and thereafter, based on the contracts, issues necessary in order to conclude a contract, the explicit consent of the real person or obligations arising from the legislation, can obtain and process personal data, in line with the legislation, through electronic or physical means, with your transfer of personal data to the relevant units such as project management, sales-marketing, accounting and finance, congress, IT, informatics, fill out and transfer of the mail order and participation forms to the Company, or receipt by the Company through our suppliers, business partners and our stakeholders or through competent authorities and Courts.
Electronically, through the cookies utilized in our website, personal data can be obtained. By structuring user accounts through our website electronically for participation to the events; the user profile structured with the participants personal data of ID, contact or occupational education background, process security and process date, can be obtained.order Within the scope of Company activities, collection of unnecessary personal data of the customers and participants are avoided. In the process, the questions and document requests for processed personal data can be directed. With the objective of carrying out the obligations arising from the legislation, additionally, if obtaining personal data of a broader extent is deemed necessary depending on the type of activity, those personal data can also be asked and obtained. For the information to be possibly shared with corporate stakeholders, in order to better serve our customers and to carry out legal obligations related with the service provided, such stakeholders are expected to undertake the protection of the personal data.
Personal data that need to be processed in the work flow and according to the legislation, such as ID, communication, address, customer transaction, finance, debt/credit, bank account information, credit card information, physical security of premises as well as audio-visual records, occupational experience, process security and process date, visual records obtained by means of the security camera footage of the company (CCTV closed circuit camera system records) user profile and info structured for participation to the online organizations that can be accessed via our website, can be processed based on the data protection legislation. The mentioned are the data processed in line with the established practice of the Company. Nevertheless, depending on the nature of the customer relation and the scope of the organization held, when personal data categories that are not mentioned above are required for processing, they can be processed by abiding the legislation and the general company policies on the processing and protection of the personal data. Personal data of the customers and the participants can be legally processed in relation with the services provided by the Company, and introduction, information, announcement, promotion, campaign, advertisement, sales-marketing activities of the organizations held. The Company can send commercial electronic messages to the customers and participants by means of the personal data processed. The Customer and Participant, respectively agreed to be sent commercial electronic message, through phone, e-mail, short message, and desktop notifications, within the scope of this clarification text.
Personal data of private nature is defined as; data on race, ethnic origin, political opinion, philosophical belief, religion, sect, clothing, association membership, foundation membership, union membership, health, sexual life, criminal conviction - security measures, biometric and genetic data. Our Company does not process personal data of private nature unless it is required by the legal obligation or nature of the work or security. Within the scope of the organizations held by the associations, for their members, association membership data can be processed in line with the legislation. Other than that, when processing of personal data of private nature of the customers or participants is necessary, such data can be processed, in a limited way, pursuant to the objective of the processing, in line with the explicit consent of the real person customers, or authorized officials of the corporate customers that are real persons, pursuant to the legislation and general policies of the company on processing and protection of personal data.
Personal data mentioned above, are processed by automated or non-automated means, in writing, via electronical or physical mediums, in relation with, limited and in proportion with the aim, in line with the legitimate interests of the Company, by observing fundamental rights and freedoms; with the objective of:
- To carry out the obligations arising from the legislation and the laws, mainly Turkish Code of Obligations, Turkish Commercial Code, By-law on Commercial Communication and Commercial Electronic Messages, Law on the Protection of the Consumer, Corporation Income Tax Law, Value Added Tax Law, Income Tax Law and their secondary legislation.
The personal data subject to this Clarification Text, in accordance with the objective stated herein and also in relation with, with limitation of and in proportion of the objective of performance of the Companys commercial activities; can be transferred, in company or abroad, in line with the legislation, to,
- our suppliers to ensure the provision of necessary services which are procured by the company from external sources ( Security company, Consultants, Law office, certified accountancy firm, audit firm, informatics service provider, bank, travel service provider, communication company that provides SMS services, accommodation service provider, cargo and logistics service intermediaries, organization company with which mutual organizations are held, the institution or organization that hosts the event etc. internal and external stakeholders), in limitation with this purpose,
As a result of the direct instructions of the data subject and sharing the relevant data, personal data obtained for organization of the relevant event and the travel arrangements, the personal data can be transferred to service providers in country and abroad, in order to manage the travel organization in country or abroad.
Relevant personal data can also be stored in secure servers located around the world, because of the software and operating systems used, including the Companys corporate accounts.
Third persons to which personal data can be transferred, can process your personal data, unless otherwise is foreseen by the applicable legislation; and in relation and limitation with the share/transfer purpose. In such case, these persons are obliged to ensure protection of the personal data they obtained within the body of the contractual relation they entered into with the Company.
The company takes all necessary administrative and technical measures, in line with the applicable legislation, in order to prevent the personal data to be seized by unauthorized persons, faulty processing against the law, exposure, change, prevention of deletion, ensuring storage and security; and the measures taken are shown in VERBIS.
(a) Electronically, in company computers, phones and tablets, portable memories (CD, DVD, USB, External harddrive), corporate e-mail accounts, secure electronic systems of the Company, data base and information security systems, and servers located abroad; which can be accessed by the authorized persons as appropriate in proportion with the nature of the activity performed,
(b) Physically, in the locked cabinets located within the center of the company, that can be accessed by the authorized persons and relevant units such as accounting and finance, congress.
The personal data of customers are stored throughout the contracts with the customers and in any case for 10 years starting from the end of the contractual relation (commercial or customer and other work activities) or end of the company activities, as per the legal regulations.
Personal data obtained within the scope of the online organizations, are stored for the periods stated in VERBIS for the relevant category.
Physical security of premises, audio-visual records are stored for 1 month maximum, depending on the technology used and storage capacity.
In case the period foreseen in the legal regulations or the period necessary for the purpose of the processing for each category of personal data comes to an end; relevant data shall be deleted, destructed or anonymised from the electronical or physical mediums, in line with the Companys Processing, Storage and Destruction Policy for Personal Data.
In the event, as a result of the attacks directed to the Companys archives, servers and/or other systems, data security is breached and/or data is seized or exposed by the third persons, the Company informs the customers that are data subject and Personal Data Protection Board; as required by the legislation.
You have the right to apply to the Company, in its capacity as Data Controller, pursuant to Article 11 of the Act, and to
(1) Learn whether or not your personal data have been processed,
(2) Request information as to processing if your data have been processed,
(3) Learn the purpose of processing of the personal data and whether data are used in accordance with its purpose,
(4) Know the third parties in the country or abroad to whom your personal data have been transferred,
(5) Request rectification in case personal data are processed incompletely or inaccurately,
(6) Request deletion or destruction of personal data within the framework of the conditions set forth under Article 7 of the APPD,
(7) Request notification of the operations such as deletion or destruction or incomplete or faulty processing, made under Article 7 of the APPD, to third parties to whom your personal data have been transferred,
(8) Object to occurrence of any result that is to your detriment by means of analysis of personal data exclusively through automated systems,
(9) Request compensation for the damages in case you incur damages due to unlawful processing of personal data.
Within the scope of Article 11 of the Act, by indicating your name-surname, ID no, address, telephone and e-mail you can forward your relevant requests, in accordance with Circular on The Procedure and Principle of Application to the Data Controller in writing to
- VALOR TURIZM KONGRE ORGANIZASYONLARI TIC. LTD. STI, in person, or through regular mail,
- To the e-mail address of email@example.com via electronic mail.
The information applications and requests conveyed to the Company, are resulted in 30 days at the latest, pursuant to Article 13 of the Act, in consideration of the nature of the request; in the event of rejection, the notification shall indicate the grounds.
The costs of such application, if any, may be charged, pursuant to the official tariff determined by the Personal Data Protection Board.
VALOR TURIZM KONGRE ORGANIZASYONLARI TIC. LTD. STI