İstanbul Teknik Üniversitesi'nin teknoloji geliştirme bölgesi.
İletişim İTÜ Teknopark A.Ş.ITU TEKNOPARK INC.
PERSONAL DATA PROCESSING AND PROTECTION POLICY
ITU Teknopark INC. (“Teknopark“) has prepared this Personal Data Protection Policy (“Policy”) in order to process and protect personal data in accordance with the Law No. 6698 on the Protection of Personal Data (“GDPR”).
This Policy; It has been prepared in order to inform the relevant persons whose personal data are processed by Teknopark regarding the processing, protection, storage, destruction and destruction of personal data, and in this context, the relevant persons whose personal data are processed by Teknopark. It consists of explanations regarding which personal data, for what purpose, for what purpose, to whom these data can be transferred, which administrative and technical measures are taken to protect their personal data, what are the rights they have on their personal data and the application methods regarding their requests for these rights and other issues. With this policy, it is aimed to ensure compliance with the legislation in the processing and protection of personal data carried out by Teknopark and to protect all rights arising from the legislation regarding the personal data of the relevant persons.
The scope of this Policy consists of the measures determined by the Personal Data Protection Board and taken by Teknopark in the processing of personal data of the relevant persons whose personal data are processed by Teknopark [Supplier Employee, Employee, Employee Candidate, Entrepreneur Company Employee Candidate, Third Company Employee Candidate, Participant, Participant Company Employee, Entrepreneur, Entrepreneur Employee, Third Person (Employee Family Members)].
In addition to the measures specified in this Policy, Teknopark also takes into account the technical and administrative measures to ensure the appropriate level of security specified in the “Personal Data Security Guide” published on the website of the Personal Data Protection Authority.
The definitions in this Policy are as follows:
Explicit Consent: Consent on a specific subject, based on information and expressed with free will,
Anonymization: Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data,
Relevant Person: The natural person whose personal data is processed,
Employee Technopark staff/intern,
Destruction: Deletion, destruction or anonymization of personal data,
Personal Data: Any information relating to an identified or identifiable natural person,
Sensitive Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data,
Processing of Personal Data: All kinds of operations performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system,
Deletion of Personal Data: The process of making personal data inaccessible and non-reusable in any way for the relevant users,
Destruction of Personal Data: The process of making personal data inaccessible, unrecoverable and non-reusable by anyone in any way,
Board: The Personal Data Protection Board,
Institution Personal Data Protection Authority,
Data Recording System: The recording system where personal data is structured and processed according to certain criteria,
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
For definitions not included in this Policy, the definitions in the legislation, especially the definitions in the relevant Law No. 6698, apply.
Within the scope of the general principles to be followed for the processing of personal data regulated in Article 4 of the KVKK, Teknopark acts primarily in accordance with the general principles described below within the scope of personal data processing activities.
Compliance with the law and honesty rules: Teknopark acts in accordance with the legislation in force and complies with the rules of honesty in all kinds of personal data processing processes.
Being accurate and up-to-date when necessary: Teknopark takes the necessary measures to ensure that the personal data of the data subject is accurate and up-to-date, provides opportunities for updating and takes the necessary measures to ensure that the data is transferred to the databases correctly.
Processing for specific, explicit and legitimate purposes: Teknopark limits its personal data processing activities to specific and legitimate purposes and clearly informs the relevant persons through clarification texts regarding the purposes in question.
Being relevant, limited and proportionate to the purpose for which they are processed: Personal data are processed by Teknopark to the extent necessary for the purpose notified to the relevant persons at the time they are obtained, in connection with and limited to this purpose.
Being kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed: Teknopark keeps the personal data of the relevant person for this period if a certain period is determined within the scope of the legislation in force. If such a period is not specified in the legislation, reasonable retention periods are determined by taking into account the purpose of data use and company procedures and the data are kept limited to this period. Following the expiration of the aforementioned periods, the data are deleted, destroyed and anonymized in accordance with the personal data retention and destruction policy.
By stipulating that personal data can be processed even without the explicit consent of the data subject in the cases written in Articles 5 and 6 of the KVKK, it has made it legal to carry out this data processing process without explicit consent. The processing conditions vary depending on whether the personal data is sensitive personal data or whether it is personal data related to health and sexual life among sensitive personal data. Sensitive personal data are data that have the potential to discriminate between individuals, which may cause victimization of the person concerned if learned by others, and the LPPD stipulates that adequate measures to be determined by the Board must be taken in the processing of such data.
According to Article 5/2 of the LPPD, it is possible to process personal data without explicit consent in the presence of one of the following conditions:
According to KVKK 6/3, in the following cases, it is possible to process sensitive personal data without explicit consent, provided that adequate measures determined by the Board are taken:
Personal data other than personal data relating to health and sexual life may be processed in cases stipulated by law, and personal data relating to health and sexual life may only be processed for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons under the obligation of confidentiality or authorized institutions and organizations without seeking the explicit consent of the data subject.
Within the scope of this Policy, the personal data of the person concerned are processed for the following purposes in accordance with the conditions written in this article:
Article 6 of the LPPD regulates the conditions for processing special categories of personal data. Pursuant to this article;
Within the scope of Article 9 of the LPPD, personal data cannot be transferred abroad without the explicit consent of the data subject. Personal data shall be transferred to the foreign country where the personal data will be transferred in the presence of one of the conditions specified in the third paragraph of Article 6;
Pursuant to Article 8 of the LPPD, personal data cannot be transferred without the explicit consent of the data subject. Personal data may be transferred without the explicit consent of the data subject, provided that adequate measures are taken, in case one of the conditions specified in the third paragraph of Article 6 is present.
In this context, Teknopark processes and transfers sensitive personal data in accordance with the Law, fulfills its obligations regarding data security regulated in Article 12 of the Law, takes all necessary technical and administrative measures to ensure the level of security, and in addition to these measures, it also takes the measures determined by the Board in the processing of sensitive personal data.
Teknopark takes the measures specified in the processing of special quality personal data in accordance with the Board decision within the scope of paragraph 4 of Article 6 of the LPPD.
Articles 8 and 9 of the LPPD regulate the transfer of personal data to third parties in Turkey and abroad, respectively.
According to Article 8 of the LPPD, without prejudice to the provisions of other laws regarding the transfer of personal data, personal data may be transferred without the consent of the data subject only a) Article 5/2 of the LPPD, b) provided that adequate measures are taken, personal data may be transferred to third parties within the country in the presence of one of the conditions specified in Article 6/3 of the LPPD.
According to Article 9 of the LPPD, personal data may be transferred abroad
without seeking explicit consent only in the presence of one of the conditions specified in
Article 5/2 of the LPPD and Article 6/3 of the LPPD and in the country to which personal data will be transferred; a) there is adequate protection, b) in the absence of adequate protection, provided that the data controllers in Turkey and in the relevant foreign country undertake adequate protection in writing and the Board’s permission is obtained.
Without prejudice to the provisions of other laws, Teknopark does not share the personal data of the person concerned with third parties without the explicit consent of the person concerned, except for the conditions stipulated in the LPPD. In this context, personal data processed by Teknopark in accordance with the law can be transferred to the following recipient groups within the framework of the processing conditions specified in Articles 8 and 9 of the LPPD:
In case personal data is shared with 3rd persons and persons, Teknopark takes the necessary measures to ensure that the party with whom the data is shared carries out data processing and transfer activities in accordance with the rules in this Policy and the provisions of the legislation.
Although it has been processed by Teknopark in accordance with the provisions of the Law and other legislation, in the event that the reasons requiring its processing disappear, personal data are deleted, destroyed or anonymized by Teknopark automatically or upon the request of the person concerned. Teknopark takes into account the legislation in force and the purposes of processing personal data subject to the processing activity while determining the retention periods of the personal data of the person concerned. In the event that the legislation stipulates a statute of limitations that the data controller must take into account for the personal data processed with the existence of the purpose of personal data processing, or in the event that the purpose of personal data processing disappears, the data is deleted, destroyed and anonymized unless there is another legal reason or basis that allows the retention of personal data.
Personal data are collected by Teknopark through, but not limited to, the forms filled out by the relevant person on online platforms, information/documents entered/uploaded or personally transmitted, authorized third parties involved in entrepreneurship programs, video and/or audio recording devices, closed circuit camera system, verbally from the relevant person and other physical and electronic media, and the personal data collected varies according to the product or service requested by the relevant person from Teknopark, the activities to be carried out by Teknopark and legal obligations. The categories of personal data collected and the explanations of the relevant data categories are given below:
Talep Edilen Bilgiler | Açıklama |
---|---|
Kimlik Bilgisi | İsim Soyisim, TC kimlik no/yabancı kimlik no, cinsiyet, doğum tarihi, yaş, medeni hal, uyruk, sürücü belgesi sınıfı, baba adı, anne adı, doğum yeri, nüfus cüzdanı seri no, imza, nüfus cüzdanı fotokopisindeki/İkametgah örneğindeki/vukuatlı nüfus kayıt örneği/ işe giriş /işten çıkış bildirgesindeki diğer kimlik bilgileri, AGİ formundaki diğer bilgiler, kızlık soyadı, Doğduğu Ülke, Göçmenlik statüsü, nüfusa kayıtlı olduğu yer bilgileri, mavi kart no |
İletişim Bilgisi | Telefon, adres, E-posta adresi, yaşadığı şehir, ülke, şehir |
Aile Bilgisi | Eşin işi, çocukların yaşı ve vukuatlı nüfus kayıt örneğindeki din bilgisi ve T.C numarası hariç diğer bilgileri vs. |
Finansal Bilgi | Banka hesap bilgisi, ödeme/ödenecek tutar, kazanılan ödül, hisse oranı, işci ücret bordrosundaki finansal bilgiler, ciro, proje bütçe bilgisi, hisseye düşen sermaye, vergi kimlik no, işten çıkış bildirgesindeki finansal bilgiler (ücret, prime esas tutar) ücret ödeme tarihi, donem ay/yıl, kesinti oranı, katkı tutarı vs. |
Finansal Bilgi | Banka hesap bilgisi, ödeme/ödenecek tutar, kazanılan ödül, hisse oranı, işci ücret bordrosundaki finansal bilgiler, ciro, proje bütçe bilgisi, hisseye düşen sermaye, vergi kimlik no, işten çıkış bildirgesindeki finansal bilgiler (ücret, prime esas tutar) ücret ödeme tarihi, donem ay/yıl, kesinti oranı, katkı tutarı vs. |
Ceza Mahkûmiyeti Ve Güvenlik Tedbirleri (ÖNKV) | Adli sicil kaydı, işe giriş bildirgesindeki hükümlü bilgisi |
Eğitim, İş ve Profesyonel Yaşama İlişkin Bilgiler | Geçmiş ve son iş deneyimi bilgisi (şirket adı, pozisyonu, görevi, iş açıklaması, uzmanlık alanı, çalışma şekli, başlangıç/bitiş tarihi) toplam iş deneyimi süresi, işe giriş /işten çıkış bildirgesindeki diğer bilgiler (sosyal güvenlik/hizmet bilgileri), eğitim bilgileri (son okunan üniversite/bölüm/fakülte/enstitü/program adı, eğitim durumu, öğrenci/mezun/terk durumu, bölümü başlangıç/bitiş tarihi), yabancı dil/seviyesi, yetkinlikler (bilgisayar programı adı/seviyesi/tecrübe süresi, meslek içi eğitim bilgileri, alınan sertifikalar, süresi ve sertifika veren kuruma ilişkin bilgiler), Teknoparkta çalışmak istenen alanlar, firma tercihleri, son işten ayrılma sebebi, adayın kariyer hedefi, diploma, özgeçmiş bilgileri-CV, girişimci ismi, girişimdeki görevi, eğitim katılım bilgisi, meslek kodu, disiplin bilgileri vb. |
İş fikri bilgisi | İş fikri adı, sektör, alanı, teknoloji grubu, tanımı, özeti, teknolojik/inovatif yönü, hedef pazar analizi, gelir modeli, aşaması, etik kurul onay bilgisi, eski başvuru tarihi ve sonucu, iş planı, sunumu, proje adı, tanımı vs. |
Seyahat bilgisi | Bilet bilgileri |
Sağlık Bilgileri (ÖNKV) | Engellilik bilgileri (kategorisi, yüzdesi, engellilik açıklaması) |
Girişim bilgisi | Girişim adı, alanı, tanımı, özeti, aşaması, şirketleşme durumu, yapılan çalışmalar, eski başvuru olup olmadığı, yapılan değişiklikler, girişimci geçmişi/başlangıç-bitiş tarihi/yer aldığı proje adı, hedef kitle, gelir elde etme yolu, başvuru yapılan ürün/hizmetle satış yapılıp yapılmadığı, benzer/rakip ürünler, girişimin başka bir yarışmaya/destek mekanizmasına/merkeze(adı) başvurusu olup olmadığı, başvuru tarihi, başvuru sonucu, girişimin yenilikçi yönü, ar-ge proje bilgileri, proje iş planı, ofis alanı bilgileri, proje adı/tanımı/ özet/ aşaması/teknolojisi, sektörü, gelir modeli, yatırım alıp almadığı, kimden aldığı vs. |
Özlük bilgisi | İşe giriş belgesi kayıtları, |
Sosyal medya bilgisi | Linkedin, web sayfası Facebook, diğer kişisel sayfalar |
İşlem Güvenliği bilgisi | Şifre |
Fikri mülkiyet bilgisi | Patent/faydalı model başvuru durumu |
Görsel ve işitsel Kayıtlar | Fotoğraf video kaydı, kamera kayıtları |
Cihaz Bilgisi | Mac adresi |
Çalışan Adayı Değerlendirme Bilgisi | Mülakat bilgisi değerlendirme bilgisi |
Performans Değerlendirme Bilgisi | Değerlendirme notu/puanı, performans değerlendirme bilgisi/notu, mentörlük yaptığı girişim sayısı süresi, mentörlük aldığı sayı ve süre, toplantı /seminer/ eğitim katılım sayısı vs. |
Katılımcı Bilgileri | Üyelik tipi, referans bilgileri |
Araç Bilgisi | Plaka |
Askerlik Durum Bilgisi | Askerlik durum veya terhis durumu |
İnternet Erişim Bilgisi | Trafik verisi |
Fiziksel Mekân Güvenlik Bilgisi | Giriş çıkış kayıt bilgileri, ziyarete gelinen şirket |
Hukuki İşlem Uyum Bilgisi | Sözleşme, taahhütname |
Although it has been processed by Teknopark in accordance with the provisions of the Law and other legislation, if the reasons requiring its processing disappear, personal data are deleted, destroyed or anonymized based on Teknopark’s ex officio decision or upon the request of the relevant person. Teknopark determines the retention periods of personal data by taking into account the legislation in force and the purposes of processing personal data subject to the processing activity. In this context, the statute of limitations regarding the legal obligations related to the processing of personal data is taken into consideration. In the event that the purpose of personal data processing disappears, the data is deleted, destroyed and anonymized unless there is another legal reason or basis for keeping personal data. Detailed information is available in the “ITU Teknopark INC. Personal Data Storage and Destruction Policy”, which ITU Teknopark uses as a basis for the process of determining the maximum period required for the purpose for which personal data are processed and the process of deletion, destruction and anonymization.
11.1 Reasons for Retention of Personal Data
11.2 Reasons Requiring Destruction of Personal Data
Although it has been processed in accordance with the provisions of LPPD and other relevant laws, in the event that the periods stipulated in other relevant legislation expire or the purposes requiring its processing disappear, personal data are deleted, destroyed or anonymized by Teknopark ex officio or upon the request of the person concerned:
11.3 Technical and Administrative Measures Taken for Secure Storage of Personal Data and Prevention of Unlawful Processing and Access
Teknopark, in accordance with Article 12 of the LPPD;
It knows that it is obliged to take all necessary technical and administrative measures to ensure the appropriate level of security for its purpose and shows the utmost care and diligence within this framework.
Paragraph (4) of Article 6 of the LPPD stipulates that “In the processing of special categories of personal data, adequate measures determined by the Board must also be taken.” Within this framework, the Board published the Board Decision dated 31/01/2018 and numbered 2018/10 on “Adequate Measures to be Taken by Data Controllers in the Processing of Sensitive Personal Data”.
In this context, Teknopark takes the necessary technical and administrative measures to prevent unlawful processing of the personal data it processes, to prevent unlawful access to the data and to ensure the appropriate level of security to ensure the preservation of the data, to act in accordance with the Board’s decision, to make or have the necessary audits carried out. In the event that the processed personal data is obtained by others illegally, although all technical and administrative measures have been taken, Teknopark notifies the relevant persons and the Board as soon as possible.
11.4 Technical and Administrative Measures Taken for the Destruction of Personal Data in Accordance with the Law
Article 7 of the LPPD stipulates that personal data shall be deleted, destroyed or anonymized by the data controller ex officio or upon the request of the data subject, in the event that the reasons requiring the processing of personal data disappear, despite the fact that they have been processed in accordance with the provisions of the LPPD and other relevant laws, and that the procedures and principles regarding the deletion, destruction or anonymization of personal data shall be regulated by regulation.
In this context, the Regulation on Deletion, Destruction or Anonymization of Personal Data has been published in order to determine the procedures and principles regarding the deletion, destruction or anonymization of personal data processed by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.
Within the scope of the Regulation, deletion, destruction or anonymization of personal data is defined as destruction and data controller;
It is obliged to take all necessary technical and administrative measures.
Within the framework of these regulations, Teknopark fulfills its obligations to delete, destroy or anonymize personal data ex officio or upon the request of the person concerned in cases where all the conditions for processing personal data disappear.
11.5 Storage and Destruction Periods
In addition to the retention periods determined by Teknopark in accordance with the principle of purpose limitation for the storage of personal data, there are also retention periods determined within the scope of the relevant legislation to which Teknopark is subject. Accordingly, if there is a period stipulated in the legislation for the relevant personal data, Teknopark complies with this period; If such a period is not stipulated, it stores the data only for the period required for the purpose for which they are processed. If there is no valid reason for further storage of a data, it deletes, destroys or anonymizes the data in the first periodic destruction process following the date on which the obligation to delete, destroy or anonymize personal data arises.
When the relevant person requests the deletion or destruction of his personal data by applying to Teknopark in accordance with Article 13 of the KVKK;
The table showing the retention and destruction periods of personal data on a process basis is given in Annex-1.
The periodic destruction period is 6 months in January and July every year. It is carried out in six-month periods following the date on which the obligation to delete, destroy or anonymize personal data arises.
The person concerned according to Article 11 of the LPPD;
As a result of the relevant person filling out the “ITU Teknopark INC. Relevant Person Application Form Regarding Personal Data” in Annex-2 in order to submit their requests regarding the above-mentioned rights and submitting it by one of the procedures specified in the application form, these requests will be evaluated and finalized by Teknopark as soon as possible and in any case within the period stipulated in the Law. In the event that the process regarding the examination and finalization of the application requires a cost, Teknopark may charge the relevant person making the request the fee determined by the Board.
In order for third parties to apply on behalf of the person concerned, there must be a special power of attorney issued by the person concerned through a notary public on behalf of the person who will make the application.
Teknopark may request information from the relevant person in order to determine whether the applicant is the relevant person or not, and may ask questions to the relevant person about the application in order to clarify the issues stated in the application.
ANNEX-1: Retention and Destruction Periods of Personal Data by Process
SÜREÇ | SAKLAMA SÜRESİ | İMHA SÜRESİ |
---|---|---|
İşe alım aday bulma | En fazla 2 yıl olmak üzere özgeçmişin güncelliğini kaybedeceği süre kadar | Saklama süresinin bitimini takiben 180 gün içinde |
İşe giriş özlük işlemleri | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Performans değerlendirme | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Disiplin süreçleri | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Eğitim ve kariyer gelişim | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Alt işveren işlemleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Çalışan maaş ve yan haklar menfaatler süreci | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Raporlama süreçleri | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
3.kişi personel temin destek süreci | En fazla 2 yıl olmak üzere özgeçmişin güncelliğini kaybedeceği süre kadar | Saklama süresinin bitimini takiben 180 gün içinde |
Girişimci şirket insan kaynakları destek süreçleri | En fazla 2 yıl olmak üzere özgeçmişin güncelliğini kaybedeceği süre kadar | Saklama süresinin bitimini takiben 180 gün içinde |
Girişimcilik programları başvuru/değerlendirme süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Girişimcilik programları operasyonel süreçler | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Girişimcilik programları eğitim/mentorluk süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Bina güvenlik süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Girişimci tanıtım süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Hızlandırma programı aday başvuru/davet/değerlendirme süreci | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Hızlandırma programı operasyonel süreçler | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Hızlandırma programı eğitim/mentorluk süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Hızlandırma programı tanıtım süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Kart basım, teslimat ve operasyon süreci | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Ziyaretçi giriş/ çıkış süreçleri | En fazla 2 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Teknopark yönetim sistemi kullanıcı kayıt/giriş süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Teknopark başvuru/değerlendirme süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Teknopark operasyonel süreçler | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Teknopark raporlama süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Raporlama süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Otomatik Katılım Sistemi Süreci | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Kiralama süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Servis hizmetleri süreci | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Marka yönetimi | Etkinliğin sona ermesini takiben 2 yıl | Saklama süresinin bitimini takiben 180 gün içinde |
Alt yüklenici işlemleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Hukuk işleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
İnternet hizmeti sağlanması | En fazla 2 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Akademik Kuluçka Merkezi başvuru/değerlendirme süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Akademik Kuluçka Merkezi operasyonel süreçler | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Akademik Kuluçka Merkezi eğitim/mentorluk süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
BT altyapısı süreçleri | 10 yıl | Saklama süresinin bitimini takiben 180 gün içinde |
ANNEX-2: Relevant Person Application Form
Adı Soyadı: | ||||
---|---|---|---|---|
T.C. Kimlik No: | ||||
Yabancılar için; | ||||
Uyruk, Pasaport Numarası veya varsa Kimlik Numarası: | ||||
E-posta Adresi: | ||||
Telefon Numarası: | ||||
Faks numarası: | ||||
Tebligata esas yerleşim yeri veya iş yeri adresi: | ||||
Teknopark ile bağlantısı: | ◻Girişimci | ◻Çalışan adayı | ◻Tedarikçi Çalışanı | ◻Diğer (Belirtiniz) |
Request(s) Regarding Personal Data
Talep No | Talep Konusu | Seçiminiz |
---|---|---|
1 | Şirketinizin hakkımda kişisel veri işleyip işlemediğini öğrenmek istiyorum. | ◻ |
2 | Eğer şirketiniz hakkımda kişisel veri işliyorsa bu veri işleme faaliyetleri hakkında bilgi talep ediyorum. | ◻ |
3 | Eğer Şirketiniz hakkımda kişisel veri işliyorsa bunların işlenme amacını ve işlenme amacına uygun kullanılıp kullanmadığını öğrenmek istiyorum. | ◻ |
4 | Eğer kişisel verilerim yurtiçinde veya yurtdışında üçüncü kişilere aktarılıyorsa, bu üçüncü kişileri bilmek istiyorum. | ◻ |
5 | Kişisel verilerimin eksik veya yanlış işlendiğini düşünüyorum ve bunların düzeltilmesini istiyorum. | ◻ |
6 | Kişisel verilerimin kanun ve ilgili diğer kanun hükümlerine uygun olarak işlenmiş olmasına rağmen, işlenmesini gerektiren sebeplerin ortadan kalktığını düşünüyorum ve bu çerçevede kişisel verilerimin; a) Silinmesini talep ediyorum. b) Yok edilmesini talep ediyorum. | a) ◻ b) ◻ |
7 | 5 ve 6 numarada belirttiğim taleplerimin kişisel verilerimin aktarıldığı üçüncü kişilere de bildirilmesini istiyorum. | ◻ |
8 | Şirketiniz tarafından işlenen kişisel verilerimin münhasıran otomatik sistemler vasıtasıyla analiz edildiğini ve bu analiz neticesinde şahsım aleyhine bir sonuç doğduğunu düşünüyorum. Bu sonuca itiraz ediyorum. | ◻ |
9 | Kişisel verilerimin kanuna aykırı işlenmesi nedeniyle zarara uğradım. Bu zararın tazminini talep ediyorum. | ◻ |
Details of the request (Please specify the details of your request)
You may submit your request through one of the following procedures.
Başvuru Usulü | Gönderilecek Adres | Açıklama |
---|---|---|
Yazılı başvuru (Islak imzalı şahsen veya iadeli taahhütlü mektup veya Noter vasıtasıyla) | RESITPASA MAH. KATAR CAD. ITU TASARIM VE PROTOTIP MERKEZI BINASI NO: 2 /41 IC KAPI NO: 1 SARIYER/ | Zarfın üzerine ya da tebligatın açıklama kısmına ya da e-postanın konu kısmına “Kişisel Verilerin Korunması Kanunu Bilgi Talebi” yazılacaktır. |
Kayıtlı Elektronik Posta (KEP) adresiyle başvuru | KEP Adresi | |
Sistemde kayıtlı bulunan elektronik posta adresiyle başvuru | info@1773ituteknopark.com |
Please indicate the method of notification of the response to your application by our Company
In order to respond to the application in a timely manner, the relevant person must fill in all the information in this form completely and submit the relevant information and documents. Teknopark may request additional information and documents for identity verification and authorization in order to prevent unlawful data sharing, and may ask questions about the application to the relevant person in order to clarify the issues specified in the application. If the transaction regarding the application requires a cost, Teknopark reserves the right to demand the fee determined by the Personal Data Protection Board.
I hereby request that this application I have made in accordance with the LPPD be evaluated and finalized within the framework of the request(s) I have stated above; I hereby accept, declare and undertake that I have read and understood the information provided to me in the content of this application form, and that the information and documents I have provided in the application form are accurate, complete, up-to-date and belong to me.
Name Surname
History:
Signature:
ITU TEKNOPARK INC.
POLICY ON PROCESSING AND PROTECTION OF PERSONAL DATA OF EMPLOYEES
1.INTRODUCTION
ITU Teknopark INC. (“1773 ITU Teknopark“) has prepared this Policy on Processing and Protection of Employee Personal Data (“Policy“) in order to process and protect personal data in accordance with the Law No. 6698 on the Protection of Personal Data (“LPPD”).
2.PURPOSE AND SCOPE OF THE POLICY
This Policy; It has been prepared in order to make explanations to its employees (employees, interns) regarding the processing and protection of personal data of employees, and in this context, it is to inform our employees whose personal data are processed by ITU Teknopark about which personal data are processed for what purpose, to whom they can transfer this data, which administrative and technical measures are taken to protect their personal data, what are the rights they have on their personal data and the application methods regarding their requests for these rights and other issues. In this way, it is aimed to ensure full compliance with the legislation in the processing and protection of personal data carried out by our company and to protect all rights of our employees arising from the legislation regarding their personal data.
3.DEFINITIONS
The definitions in this Policy are as follows:
Explicit consent: Consent on a specific subject, based on information and expressed with free will,
Anonymization: Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data,
Relevant person: The natural person whose personal data is processed, (our employees/interns within the scope of this Policy)
Personal data: Any information relating to an identified or identifiable natural person,
Sensitive personal data: Data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data,
Processing of personal data: Any operation performed on personal data such as obtaining, recording, storing, retaining, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system,
Board: The Personal Data Protection Board,
Data processor: A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller,
Data recording system: The recording system in which personal data are structured and processed according to certain criteria,
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
4.GENERAL PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
Article 4 of the LPPD regulates the general principles that must be followed for the processing of personal data. 1773 ITU TEKNOPARK acts primarily in accordance with these general principles described below within the scope of personal data processing activities.
Compliance with the law and honesty rules: 1773 ITU TEKNOPARK acts in accordance with the legislation in force and complies with the rules of honesty in all kinds of personal data processing processes.
Being accurate and up-to-date when necessary: 1773 ITU TEKNOPARK takes the necessary measures to ensure that the personal data of its employees are accurate and up-to-date, provides the opportunity to update them and takes the necessary measures to ensure the correct transfer of their data to databases.
Processing for specific, explicit and legitimate purposes: 1773 ITU TEKNOPARK limits its personal data processing activities to specific and legitimate purposes and clearly informs its employees through clarification texts regarding these purposes.
Being relevant, limited and proportionate to the purpose for which they are processed: 1773 ITU TEKNOPARK processes personal data to the extent necessary for the purpose notified to its employees at the time they are obtained, in connection with and limited to this purpose.
Retention for the period stipulated in the relevant legislation or for the purpose for which they are processed: The Company retains personal data for this period if a certain period is determined within the scope of the legislation in force. If such a period is not specified in the legislation, reasonable retention periods are determined by taking into account the purpose of data use and company procedures and the data are kept limited to this period. Following the expiration of the aforementioned periods, the data are deleted, destroyed and anonymized in accordance with the “ITU TEKNOPARK INC. Personal Data Retention and Destruction Policy” (Policy).
5.CONDITIONS OF PROCESSING PERSONAL DATA
Article 5 of the LPPD regulates the conditions for processing personal data and Article 6 regulates the conditions for processing special categories of personal data. The LPPD stipulates that personal data can be processed even without the explicit consent of the data subject in the cases written in these articles and allows this processing to be in accordance with the law. These processing conditions vary depending on whether the personal data is sensitive personal data or whether it is personal data related to health and sexual life among sensitive personal data. Sensitive personal data are data that have the potential to discriminate between individuals, which may cause victimization of the person concerned if learned by others, and the LPPD stipulates that adequate measures to be determined by the Board must be taken in the processing of such data.
The cases where personal data can be processed without explicit consent regulated in the provisions of Article 5/2 of the LPPD and Article 6/3 of the LPPD are below, and 1773 ITU TEKNOPARK may process your personal data based on your explicit consent, except for these foreseen situations.
According to Article 5/2 of the LPPD, it is possible to process personal data without explicit consent in the presence of one (or more than one) of the following conditions:
According to Article 6/3 of the LPPD, it is possible to process special categories of personal data without seeking explicit consent, provided that adequate measures determined by the Board are taken in the following cases:
Personal data other than health and sexual life may be processed in cases stipulated by law, and personal data relating to health and sexual life may only be processed for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of confidentiality, without seeking the explicit consent of the data subject.
6.CONDITIONS FOR TRANSFERRING PERSONAL DATA DOMESTICALLY AND ABROAD
Article 8 of the LPPD regulates the transfer of personal data to third parties within the country and Article 9 regulates the transfer of personal data to third parties abroad.
According to Article 8 of the LPPD, without prejudice to the provisions of other laws regarding the transfer of personal data, personal data may be transferred without the consent of the data subject only;
a) Provided that adequate measures are taken, personal data may be transferred to third parties within the country in the presence of one of the conditions specified in
Article 5/2 of the LPPD and
b) Article 6/3 of the LPPD.
According to Article 9 of the LPPD, personal data may be
transferred abroad
without seeking explicit consent only in the presence of one of the conditions specified in Article 5/2 of the LPPD and Article 6/3 of the LPPD and in the country to which personal data will be transferred;
a) There is adequate protection,
b) In the absence of adequate protection, provided that the data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and the Board’s permission is obtained.
7.PERSONAL DATA COLLECTED
1773 Personal data collected by ITU TEKNOPARK through, but not limited to, forms filled in online platforms, information/documents entered/uploaded in online platforms or personally transmitted, closed circuit camera system, verbally and other physical/electronic media vary according to the duties, position and legal obligations undertaken in the company. The personal data collected can be listed as follows.
Talep Edilen Bilgiler | Açıklama |
---|---|
Kimlik Bilgisi | İsim soyisim, baba adı anne adı, doğum tarihi, doğum yeri, nüfus cüzdanı seri no, medeni hal, cinsiyet, imza, nüfus cüzdanı fotokopisindeki/ikametgah örneğindeki/vukuatlı nüfus kayıt örneğindeki diğer kimlik bilgileri, doğduğu ülke, göçmenlik statüsü, mavi kart no, tc kimlik no/yabancı kimlik no, nüfusa kayıtlı olduğu yer bilgileri, işe giriş /işten çıkış bildirgesindeki diğer kimlik bilgileri |
İletişim Bilgisi | İkametgah adresi, telefon, e-posta, adres, işe giriş/işten çıkış bildirgesindeki diğer adres bilgileri |
Aile Bilgisi | Eşin işi, çocukların sayısı, yaşı vs ve vukuatlı nüfus kayıt örneğindeki diğer bilgileri |
Finansal Bilgi | İşci ücret bordrosundaki finansal bilgiler, banka hesap bilgisi, ödenecek tutar, işten çıkış bildirgesindeki finansal bilgiler (Ücret, prime esas tutar) vergi no, ücret ödeme tarihi, dönem ay/yıl, kesinti oranı, katkı tutarı vb |
Ceza Mahkûmiyeti ve Güvenlik Tedbirleri (ÖNKV) | Adli sicil kaydı, işe giriş bildirgesindeki hükümlü bilgisi |
Eğitim, İş ve Profesyonel Yaşama İlişkin Bilgiler | Meslek/meslek kodu, çalıştığı şirket, yaptığı iş, bölüm, unvan, pozisyon, eğitim durumu, mezun olduğu okullar/bölüm/mezuniyet tarihi, en son mezun olunan okul diploması, diploma bilgisi (hangi okul hangi bölüm hangi sene mezun oldu), Önceki İş Tecrübeleri (daha önce çalıştığı yerler/şirket adı/iş kolu/Yaptığı iş/görevi/giriş-çıkış tarihi) işe giriş bildirgesi ,Özgeçmiş bilgileri-CV, Performans hedefleri, yabancı dil bilgisi/seviyesi, Disiplin bilgileri, Sertifikalar, işe giriş /işten çıkış bildirgesindeki diğer bilgiler (sosyal güvenlik/hizmet bilgileri), meslek, işe alınma/ayrılma izahı, vb |
Sağlık Bilgileri(ÖNKV) | İşe giriş bildirgesindeki engellik bilgisi ve derecesi |
Görsel ve işitsel Kayıtlar | Fotoğraf, kamera kayıtları |
Performans değerlendirme bilgisi | 90 derece değerlemesi ve performans notu |
Askerlik durum bilgisi | Askerlik durum veya terhis durumu |
Sigorta bilgisi | Seçilen poliçe |
Hukuki İşlem uyum bilgisi | Sözleşme |
8.PURPOSES OF PROCESSING PERSONAL DATA
The personal data obtained by the company in accordance with the general principles stipulated in the LPPD; It is processed for the purposes listed below within the processing conditions specified in Articles 5 and 6 of the LPPD.
9.TRANSFER OF PERSONAL DATA
1773 ITU TEKNOPARK complies with the conditions regulated in the LPPD, without prejudice to the provisions of other laws, regarding the sharing of personal data with third parties, and does not share personal data with third parties without obtaining explicit consent, except for the conditions stipulated in the LPPD. In this context, personal data processed by 1773 ITU TEKNOPARK in accordance with the law; It may be transferred to authorized institutions and organizations, universities, suppliers for the purposes specified in Article 8 above, within the framework of the processing conditions specified in Articles 8 and 9 of the LPPD. In these cases where personal data is shared, the Company takes the necessary measures to ensure that the party with whom the data is shared carries out processing and transfer activities in accordance with the rules in this Policy and the provisions of the legislation.
Although it has been processed by the Company in accordance with the provisions of the Law and other legislation, personal data shall be deleted, destroyed or anonymized upon the Company’s ex officio decision or request if the reasons requiring its processing disappear. The Company determines the retention periods of personal data by taking into account the legislation in force and the purposes of processing personal data subject to the processing activity. In this context, the statute of limitations regarding the legal obligations related to the personal data processing activity is taken into consideration. In the event that the purpose of personal data processing disappears, the data is deleted, destroyed and anonymized unless there is another legal reason or basis for keeping personal data. Detailed information is available in the “ITU TEKNOPARK INC. Personal Data Retention and Destruction Policy”, which is the basis for the process of determining the maximum period required for the purpose for which personal data are processed and the process of deletion, destruction and anonymization.
11.RIGHTS AND EXERCISE OF THESE RIGHTS
As the relevant person according to Article 11 of the LPPD;
In order to use these rights, if you send the requests regarding the rights to info@1773ituteknopark.com from your e-mail address allocated to you by ITU TEKNOPARK INC. Kı̇şisel Verı̇lere İlişkin İlgili Kişi Başvuru Form by filling out the application form or if you submit it by one of the methods specified in the application form, your request will be evaluated and finalized as soon as possible and in any case within the period stipulated in the Law. If the transaction requires a cost, a fee determined by the Board may be charged
. In order for third parties to make an application request on your behalf, you must have a special power of attorney issued by a notary public on behalf of the applicant.
The Company may request information from you in order to determine whether you are the applicant or not, and may ask you questions about your application in order to clarify the matters stated in the application.
12.MEASURES TAKEN FOR THE SECURITY OF DATA
1773 ITU TEKNOPARK takes reasonable technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing of personal data, to prevent unlawful access to your data and to ensure its preservation, and in this context, it takes into account the “Personal Data Security Guide” specified in the “Personal Data Security Guide” published on the website of the Personal Data Protection Authority and also the Board’s “Decision on Adequate Measures to be Taken by Data Controllers in the Processing of Special Categories of Personal Data” (Decision) dated 31/01/2018 and numbered 2018/10. In order to ensure the security of personal data, the Company takes reasonable technical and administrative measures to prevent unauthorized access risks, accidental data loss, deliberate deletion or damage to data.
13.UPDATES AND CHANGES
The Company reserves the right to make changes to this Policy in order to provide up-to-date information about the practices and legal regulations on the protection of personal data. Employees will be informed if the changes made in the Policy are fundamental changes. The amendments made are included in the annex of this Policy (Annex-1).
APPENDICES;
Annex-1 Table of Updates and Changes
Annex 1
The changes made to this Policy are given in the table below.
UPDATE DATE | SCOPE OF CHANGES |
|
|
|
|
ITU TEKNOPARK INC.
PERSONAL DATA STORAGE AND DISPOSAL POLICY
Pursuant to this Personal Data Retention and Destruction Policy (“Policy”), “Personal Data Protection Law No. 6698” (“LPPD” or “Law”) and Regulation on the Deletion, Destruction or Anonymization of Personal Data (“Regulation”) regarding the fulfillment of the obligations of the data controller İTÜ Teknopark INC. (Teknopark or the Company); ITU Teknopark INC. It has been prepared for the purpose of determining the maximum storage period required for the purpose for which they are processed, and the procedures and principles of the processes regarding the deletion, destruction and anonymization of the personal data processed by the Company.
This Policy, ITU Teknopark INC. It relates to the personal data of the data subjects whose personal data are processed by fully or partially automatic or non-automatic means provided that they are part of any data recording system.
Detailed information on the processing of personal data is included in the “Processing and Protection of Employee Personal Data Policy” or “Personal Data Processing and Protection Policy”, depending on the category of the person concerned.
In the event that this Policy and the provisions of the LPPD and other relevant legislation conflict, the provisions of the LPPD and other relevant legislation will primarily apply.
The definitions in this Policy are as follows:
Explicit Consent : Consent on a specific subject, based on information and expressed with free will,
Recipient Group: The natural or legal person category to which personal data is transferred by the data controller,
Relevant User: Technical storage and protection of data Persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, with the exception of the person or unit responsible for and backing up,
Destruction: Deletion, destruction or anonymization of personal data,
Law: Law on Protection of Personal Data No. 6698. nu,
Recording Medium: Any medium containing personal data that is fully or partially automated or processed by non-automatic means provided that it is a part of any data recording system,
Personal Data: Any information relating to an identified or identifiable natural person,
Relevant Person: Personal data the real person being processed (within the scope of this Policy, ITU Teknopark INC. Processing of Personal Data: Obtaining, recording, storing, maintaining, changing personal data completely or partially automatically or by non-automatic means provided that it is a part of any data recording system, All kinds of operations performed on data such as reorganization, disclosure, transfer, takeover, making available, classification or prevention of use,
Personal Data Processing Inventory: Personal data processing activities carried out by data controllers depending on their business processes; The inventory, which they have created by associating the personal data processing purposes and legal reason, the data category, the transferred recipient group and the data subject group, by explaining the maximum period required for the purposes for which the personal data is processed, the personal data to be transferred to foreign countries and the measures taken regarding data security, the Board : Personal Data Protection Board,
Institution: Personal Data Protection Authority,
Special Quality Personal Data: Person’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and dress, association, foundation or union Membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data,
Periodic Destruction: The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in case all the conditions for processing personal data in the law are eliminated, Personal Data Retention and Destruction Policy: This Policy, on which the data controller İTÜ Teknopark A. Data Recording System: The recording system in which personal data is processed and configured according to certain criteria,
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,
Personal Data Deletion: No personal data for the relevant users. The process of making personal data inaccessible and unusable in any way,
Destruction of Personal Data: The process of making personal data inaccessible, unrecoverable and reusable by anyone,
Making Personal Data Anonymous: Personal data can never be identified or determined, even if it is matched with other data, Regulation: Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette on 28 October 2017.
For the definitions not included in this Policy, the definitions in the Law and secondary regulations are valid.
4.1. EXPLANATIONS RELATING TO THE REASONS REQUESTING THE KEEPING OF PERSONAL DATA
ITU Teknopark INC. processes personal data with the express consent of the data subject or without the explicit consent of the person concerned in case of the existence of the processing conditions listed in Article 5 of the Law, and for the purpose for which they are processed or in the environments listed in Article 5 of this Policy, in a secure manner. stores it for as long as necessary. The purposes of processing personal data are listed below:
· Execution of Emergency Management Processes |
· Execution of application and selection processes of employee candidates |
· Execution of Application Processes of Employee Candidates |
· Fulfillment of Employment Contract and Legislation Obligations for Employees |
· Execution of Benefits and Benefits Processes for Employees |
· Execution of Audit / Ethical Activities |
· Execution of Training Activities |
· Execution of Activities in Compliance with the Legislation |
· Ensuring Physical Space Security |
· Execution of Communication Activities |
· Planning of Human Resources Processes |
· Execution of Performance Evaluation Processes |
· Execution of Marketing Processes of Products / Services |
· Providing Information to Authorized Persons, Institutions and Organizations |
· Conducting Marketing Analysis Studies |
· Execution of operational processes of entrepreneurship programs |
· Conducting training/mentoring processes of entrepreneurship programs |
· Conducting referee/mentor/coaching evaluation processes of entrepreneurship programs |
· Execution of entrepreneurial promotion processes |
· Conducting mentor/and/or Koç promotion processes |
· Execution of the acceleration program candidate application/invitation/evaluation process |
· Execution of acceleration program training/mentoring process |
· Execution of acceleration program promotion processes |
· Execution of acceleration program operational processes |
· Execution of Technopark management system user registration/login processes |
· Execution of Technopark application/evaluation processes |
· Execution of Technopark operational processes |
· Execution of Technopark reporting processes |
· Execution of human resources support processes of entrepreneurial companies |
· Execution of 3rd party personnel procurement support processes |
· Execution of services |
· Execution of rental transactions |
· Execution of communication activities between entrepreneurs |
· Follow-up and Execution of Legal Affairs |
· Organization and Event Management |
· Execution of Advertising, Promotion, Announcement Processes |
· Execution of Supply Chain Management Processes |
· Carrying out the evaluation processes of entrepreneurship programs |
· Execution of application processes for entrepreneurship programs |
· Execution of Academic Incubation Center application processes |
· Execution of Academic Incubation Center evaluation processes |
· Execution of Academic Incubation Center operational processes |
· Execution of Academic Incubation Center training/mentoring processes |
4.2. EXPLANATIONS RELATING TO THE REASONS REQUESTING THE DISPOSAL OF PERSONAL DATA
Despite the fact that it has been processed in accordance with the provisions of the LPPD and other relevant laws, in the event that the periods stipulated in the other relevant legislation expire or the purposes requiring processing are no longer valid, the personal data will be transferred to ITU Teknopark INC. deleted, destroyed or anonymized by ITU Teknopark INC. The situations that require the destruction of personal data are listed below:
Technopark, pursuant to Article 12 of the LPPD;
It knows that it has to take all kinds of technical and administrative measures to ensure the appropriate level of security for its purpose, and within this framework, it shows the utmost care and importance.
In paragraph (4) of Article 6 of the LPPD, it is necessary to take adequate measures determined by the Board in the processing of personal data of special nature. provision is included. In this context, the Board Decision dated 31/01/2018 and numbered 2018/10 on “Adequate Precautions to be Taken by Data Controllers in the Processing of Special Quality Personal Data” was published by the Board. takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful access and to ensure the preservation of data, acts in accordance with the Board’s decision, makes or has the necessary inspections done. In case the processed personal data is obtained by others illegally despite all technical and administrative precautions, Teknopark notifies the relevant persons and the Board as soon as possible.
In Article 7 of the LPPD; Personal data will be deleted, destroyed or anonymized by the data controller ex officio or upon the request of the person concerned, in case the reasons requiring the processing are eliminated, even though it has been processed in accordance with the provisions of the LPPD and other relevant laws, and the deletion, destruction or anonymization of personal data It has been decreed that the procedures and principles will be regulated by a regulation.
In this context, the Regulation on the Deletion, Destruction or Anonymization of Personal Data has been published in order to determine the procedures and principles regarding the deletion, destruction or anonymization of personal data that is fully or partially automated or processed by non-automatic means provided that it is a part of any data recording system. .
Deletion, destruction or anonymization of personal data is defined as destruction within the scope of the regulation, and the data controller;
It is responsible for taking all necessary technical and administrative measures.
Teknopark fulfills its obligations regarding the deletion, destruction or anonymization of personal data ex officio or upon the request of the person concerned, in the event that all the conditions for the processing of personal data cease to exist within the framework of these regulations.
In addition to the retention periods determined by Teknopark in accordance with the principle of limitation of purpose for the storage of personal data, there are also storage periods determined within the scope of the relevant legislation to which Teknopark is subject. According to this; If there is a period stipulated in the legislation for the relevant personal data, Teknopark complies with this period; If such a period is not foreseen, it stores the data only for the period necessary for the purpose for which they are processed. In the absence of a valid reason for further storage of a data, it deletes, destroys or anonymizes the data in the first periodical destruction process following the date on which the obligation to delete, destroy or anonymize personal data arises.
When the person concerned requests the deletion or destruction of his personal data by applying to Teknopark, pursuant to Article 13 of the LPPD;
The table showing the storage and destruction periods of personal data on a process basis is in the annex (Annex-2) of this Policy.
Periodic destruction period is 6 months. It is carried out in six-month periods following the date on which the obligation to delete, destroy or anonymize personal data arises (dates in Annex 3).
This Policy is deemed to have entered into force after its publication on our company’s website. In the event that 1773 ITU Teknopark makes an update to this Policy, the information regarding the said change is stated in the annex (Annex-3) of this Policy. The Current Policy will enter into force on the date of publication.
Release date: 17/03/2023
ATTACHMENTS
APPENDIX 1- Contact list
APPENDIX 2- Personal Data Retention and Disposal Periods APPENDIX 3- Update table
Annex 1:
İlgili Kişi Listesi | |
---|---|
Çalışan (/Stajyer) | Danışman |
Çalışan Adayı (/Stajyer Adayı) | Aday Danışman |
Girişimci | Aday firma şirket çalışanı |
Ziyaretçi | Girişimci şirket çalışan adayı |
Teknopark kuluçka girişimci adayı | Etkinlik katılımcısı |
Mentor/hakem/koç | 3. şirket çalışan adayı |
Aday Mentor ve/veya koç | Aday girişimci |
Katılımcı | Aday girişimci |
Aday katılımcı şirket çalışanı | İnternet erişimi kullanıcısı |
Aday katılımcı | Ön kuluçka aday girişimci |
Aday katılımcı şirket çalışanı | İnternet erişimi kullanıcısı |
Katılımcı şirket çalışanı | Akademik Kuluçka Merkezi Aday girişimci |
Teknopark ön kuluçka girişimci adayı | E-Bülten abonesi |
3. kişiler: | Akademik Kuluçka Merkezi Aday girişimci şirket çalışanı |
Teknopark kuluçka girişimci adayı ortağı | |
Ön Kuluçka girişimci adayı kurucu ortak | |
İTÜ kuluçka mentor ve/veya koç adayı referansları | |
Akademik Kuluçka Merkezi katılımcı adayı referansları | |
Girişimci adayı ekip üyesi | |
Akademik Kuluçka Merkezi Girişimci adayı yatırımcısı/ortağı | |
Çalışan adayı aile üyeleri/referansları | |
Yüklenici çalışanları | |
Teknopark kuluçka girişimci adayı proje danışmanı | |
Teknopark girişimci adayı yetkilisi/çalışanı | |
Teknopark kuluçka girişimci adayı referansları | |
3. şirket çalışan adayı aile üyeleri/referansları | |
Çalışan aile üyeleri | |
Girişimci çalışanı | Tedarikçi çalışanı |
Kullanıcı |
Annex-2:
Personal Data Retention and Disposal Periods
SÜREÇ | SAKLAMA SÜRESİ | İMHA SÜRESİ |
---|---|---|
İşe alım aday bulma | En fazla 2 yıl olmak üzere özgeçmişin güncelliğini kaybedeceği süre kadar | Saklama süresinin bitimini takiben 180 gün içinde |
İşe giriş özlük işlemleri | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Performans değerlendirme | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Disiplin süreçleri | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Eğitim ve kariyer gelişim | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Alt işveren işlemleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Çalışan maaş ve yan haklar menfaatler süreci | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Raporlama süreçleri | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
3.kişi personel temin destek süreci | En fazla 2 yıl olmak üzere özgeçmişin güncelliğini kaybedeceği süre kadar | Saklama süresinin bitimini takiben 180 gün içinde |
Girişimci şirket insan kaynakları destek süreçleri | En fazla 2 yıl olmak üzere özgeçmişin güncelliğini kaybedeceği süre kadar | Saklama süresinin bitimini takiben 180 gün içinde |
Girişimcilik programları başvuru/değerlendirme süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Girişimcilik programları operasyonel süreçler | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Girişimcilik programları eğitim/mentorluk süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Bina güvenlik süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Girişimci tanıtım süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Hızlandırma programı aday başvuru/davet/değerlendirme süreci | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Hızlandırma programı operasyonel süreci | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Hızlandırma programı eğitim/mentorluk süreci | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Hızlandırma programı tanıtım süreci | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Kart basım, teslimat ve operasyon süreci | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Ziyaretçi giriş/ çıkış süreçleri | En fazla 2 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Teknopark yönetim sistemi kullanıcı kayıt/giriş süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Teknopark başvuru/değerlendirme süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Teknopark operasyonel süreçler | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Teknopark raporlama süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Raporlama süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Otomatik Katılım Sistemi Süreci | İş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Kiralama süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Servis hizmetleri süreci | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Marka yönetimi | Etkinliğin sona ermesini takiben 2 yıl | Saklama süresinin bitimini takiben 180 gün içinde |
Alt yüklenici işlemleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Hukuk işleri | 10 yıl | Saklama süresinin bitimini takiben 180 gün içinde |
İnternet hizmeti sağlanması | En fazla 2 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Akademik Kuluçka Merkezi başvuru/değerlendirme süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Akademik Kuluçka Merkezi operasyonel süreçler | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Akademik Kuluçka Merkezi eğitim/mentorluk süreçleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
BT altyapısı süreçleri | 10 yıl | Saklama süresinin bitimini takiben 180 gün içinde |
Hukuk İşleri | İş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanır | Saklama süresinin bitimini takiben 180 gün içinde |
Annex-3:
Changes made in this Policy are listed in the table below.
DATE OF UPDATE | SCOPE OF CHANGES |
[•] | [•] |
|
|
ITU TEKNOPARK INC.
POLICY ON SECURITY OF PRIVATE PERSONAL DATA
In accordance with this “Personal Data Retention and Destruction Policy” (Policy), “Personal Data Protection Law No. 6698” (LPPD or Law) and “Regulation on the Deletion, Destruction or Anonymization of Personal Data” (Regulation), data controller ITU Regarding the fulfillment of the obligations of TEKNOPARK A.Ş. (1773 ITU TEKNOPARK or the Company); 1773 It has been prepared for the purpose of determining the maximum storage period required for the purpose for which the personal data processed by ITU TEKNOPARK, and the procedures and principles of the procedures and procedures for deletion, destruction and anonymization of this data are determined.
This Policy is applicable to 1773 ITU TEKNOPARK (Supplier Employee, Employee, Employee Candidate, Entrepreneurial Company Employee Candidate, 3rd Company Employee Candidate, Participant, Participating Company Employee, Entrepreneur, Entrepreneur Employee, 3rd Person (Employee) Family Members)] is related to the measures determined by the Board and taken by 1773 ITU TEKNOPARK in the processing of sensitive personal data.
1773 ITU TEKNOPARK, in addition to the measures specified in this Policy, also takes into account the technical and administrative measures to ensure the appropriate level of security specified in the “Personal Data Security Guide” published on the website of the Personal Data Protection Authority. 1773 Technical and administrative measures taken by ITU TEKNOPARK and other matters regarding the storage and destruction of personal data “ITU TEKNOPARK INC. It is detailed in the Personal Data Retention and Disposal Policy.
The definitions in this Policy are as follows:
Explicit Consent: Consent on a specific subject, based on information and expressed with free will,
Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching with other data,
Relevant Person: The real person whose personal data is processed,
Employee: 1773 ITU TEKNOPARK personnel/intern,
Destruction: Deletion, destruction or anonymization of personal data,
Personal Data: Any information relating to an identified or identifiable natural person,
Special Qualified Personal Data: Data related to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric data. and genetic data,
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, all kinds of operations carried out on the data, such as the classification or prevention of its use,
Deletion of Personal Data: The process of making personal data inaccessible and unusable for the relevant users,
Destruction of Personal Data: The process of making personal data inaccessible, unrecoverable and reusable by anyone,
The Board: Personal Data Protection Board,
Institution: Personal Data Protection Authority
Data Registration System: The registration system in which personal data is processed and structured according to certain criteria,
Data Controller: Refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
For definitions not included in this Policy, the definitions in the Law and secondary regulations are valid.
You can download the specified form here. In order for your transaction to be put into effect, please make sure to send your shipment to the technopark address after completing the form.
Temsilcimizle sohbet etmek için bu özelliği kullanın.