logo

İstanbul Teknik Üniversitesi'nin teknoloji geliştirme bölgesi.

İletişim İTÜ Teknopark A.Ş.
İTÜ Tasarım ve Prototip Merkezi Binası Reşitpaşa Mah. Katar Cad. No:2/41 İç kapı: 1 34469 Sarıyer, İstanbul, Türkiye
info@1773ituteknopark.com
#

Home Page >

1773 ITU TEKNOPARK

Data Protection Policies

ITU TEKNOPARK INC.

PERSONAL DATA PROCESSING AND PROTECTION POLICY

  1. INTRODUCTION

ITU Teknopark INC. (“Teknopark“) has prepared this Personal Data Protection Policy (“Policy”) in order to process and protect personal data in accordance with the Law No. 6698 on the Protection of Personal Data (“GDPR”).

  1. PURPOSE AND SCOPE OF THE POLICY

This Policy; It has been prepared in order to inform the relevant persons whose personal data are processed by Teknopark regarding the processing, protection, storage, destruction and destruction of personal data, and in this context, the relevant persons whose personal data are processed by Teknopark. It consists of explanations regarding which personal data, for what purpose, for what purpose, to whom these data can be transferred, which administrative and technical measures are taken to protect their personal data, what are the rights they have on their personal data and the application methods regarding their requests for these rights and other issues. With this policy, it is aimed to ensure compliance with the legislation in the processing and protection of personal data carried out by Teknopark and to protect all rights arising from the legislation regarding the personal data of the relevant persons.

The scope of this Policy consists of the measures determined by the Personal Data Protection Board and taken by Teknopark in the processing of personal data of the relevant persons whose personal data are processed by Teknopark [Supplier Employee, Employee, Employee Candidate, Entrepreneur Company Employee Candidate, Third Company Employee Candidate, Participant, Participant Company Employee, Entrepreneur, Entrepreneur Employee, Third Person (Employee Family Members)].

In addition to the measures specified in this Policy, Teknopark also takes into account the technical and administrative measures to ensure the appropriate level of security specified in the “Personal Data Security Guide” published on the website of the Personal Data Protection Authority.

  1. DEFINITIONS

The definitions in this Policy are as follows:

Explicit Consent: Consent on a specific subject, based on information and expressed with free will,
Anonymization: Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data,
Relevant Person: The natural person whose personal data is processed,
Employee Technopark staff/intern,
Destruction: Deletion, destruction or anonymization of personal data,
Personal Data: Any information relating to an identified or identifiable natural person,
Sensitive Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data,
Processing of Personal Data: All kinds of operations performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system,
Deletion of Personal Data: The process of making personal data inaccessible and non-reusable in any way for the relevant users,
Destruction of Personal Data: The process of making personal data inaccessible, unrecoverable and non-reusable by anyone in any way,
Board: The Personal Data Protection Board,
Institution Personal Data Protection Authority,
Data Recording System: The recording system where personal data is structured and processed according to certain criteria,
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

For definitions not included in this Policy, the definitions in the legislation, especially the definitions in the relevant Law No. 6698, apply.

  1. GENERAL PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

Within the scope of the general principles to be followed for the processing of personal data regulated in Article 4 of the KVKK, Teknopark acts primarily in accordance with the general principles described below within the scope of personal data processing activities.

Compliance with the law and honesty rules: Teknopark acts in accordance with the legislation in force and complies with the rules of honesty in all kinds of personal data processing processes.
Being accurate and up-to-date when necessary: Teknopark takes the necessary measures to ensure that the personal data of the data subject is accurate and up-to-date, provides opportunities for updating and takes the necessary measures to ensure that the data is transferred to the databases correctly.
Processing for specific, explicit and legitimate purposes: Teknopark limits its personal data processing activities to specific and legitimate purposes and clearly informs the relevant persons through clarification texts regarding the purposes in question.
Being relevant, limited and proportionate to the purpose for which they are processed: Personal data are processed by Teknopark to the extent necessary for the purpose notified to the relevant persons at the time they are obtained, in connection with and limited to this purpose.
Being kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed: Teknopark keeps the personal data of the relevant person for this period if a certain period is determined within the scope of the legislation in force. If such a period is not specified in the legislation, reasonable retention periods are determined by taking into account the purpose of data use and company procedures and the data are kept limited to this period. Following the expiration of the aforementioned periods, the data are deleted, destroyed and anonymized in accordance with the personal data retention and destruction policy.

  1. PROCESSING OF PERSONAL DATA

By stipulating that personal data can be processed even without the explicit consent of the data subject in the cases written in Articles 5 and 6 of the KVKK, it has made it legal to carry out this data processing process without explicit consent. The processing conditions vary depending on whether the personal data is sensitive personal data or whether it is personal data related to health and sexual life among sensitive personal data. Sensitive personal data are data that have the potential to discriminate between individuals, which may cause victimization of the person concerned if learned by others, and the LPPD stipulates that adequate measures to be determined by the Board must be taken in the processing of such data.

According to Article 5/2 of the LPPD, it is possible to process personal data without explicit consent in the presence of one of the following conditions:

  1. a) As required by the law directly.
    b) It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid.
    c) It is necessary to process personal data belonging to the parties to a contract, provided that it is directly related to the establishment or performance of a contract.
    ç) It is mandatory for the data controller to fulfill its legal obligation.
    d) It has been made public by the data subject.
    e) Data processing is mandatory for the establishment, exercise or protection of a right.
    f) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

According to KVKK 6/3, in the following cases, it is possible to process sensitive personal data without explicit consent, provided that adequate measures determined by the Board are taken:

Personal data other than personal data relating to health and sexual life may be processed in cases stipulated by law, and personal data relating to health and sexual life may only be processed for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons under the obligation of confidentiality or authorized institutions and organizations without seeking the explicit consent of the data subject.

Within the scope of this Policy, the personal data of the person concerned are processed for the following purposes in accordance with the conditions written in this article:

  • Execution of Employee Candidate Application Processes
  • Fulfillment of Employment Contract and Regulatory Obligations for Employees
  • Execution of Activities in Compliance with the Legislation
  • Ensuring Physical Space Security
  • Execution of Communication Activities – Planning Human Resources Processes
  • Execution of Marketing Processes of Products / Services
  • Providing Information to Authorized Persons, Institutions and Organizations
  • Conducting Marketing Analysis Studies
  • Execution of Entrepreneurship Programs Operational Processes
  • Execution of Entrepreneurship Programs Training/Mentoring Processes
  • Execution of Entrepreneur Promotion Processes
  • Execution of Technopark Management System User Registration / Login Processes
  • Conducting Mentor/Coach/Advisor Introduction Processes
  • Execution of Technopark Application/Evaluation Processes
  • Execution of Technopark Operational Processes
  • Execution of Technopark Reporting Processes
  • Execution of Entrepreneur Company Human Resources Support Processes
  • Personnel Execution of Personnel Procurement Support Processes
  • Execution of Service Services
  • Execution of Leasing Transactions
  • Execution of Communication Activities between Entrepreneurs
  • Monitoring and Execution of Legal Affairs
  • Organization and Event Management
  • Execution of Advertising, Promotion and Announcement Processes
  • Execution of Supply Chain Management Processes
  • Execution of Evaluation Processes of Entrepreneurship Programs
  • Execution of Entrepreneurship Programs Application Processes
  • Execution of Application and Selection Processes of Employee Candidates
  • Execution of Emergency Management Processes
  1. PROCESSING CONDITIONS, TRANSFER AND MEASURES REGARDING THE PROCESSING CONDITIONS OF SPECIAL CATEGORIES OF PERSONAL DATA

Article 6 of the LPPD regulates the conditions for processing special categories of personal data. Pursuant to this article;

  • Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are sensitive personal data.
  • Processing of sensitive personal data without the explicit consent of the data subject is prohibited.
  • Personal data other than health and sexual life listed in the first paragraph may be processed without the explicit consent of the data subject in cases stipulated by law. Personal data relating to health and sexual life can only be processed without the explicit consent of the data subject by persons or authorized institutions and organizations under the obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
  • In the processing of special categories of personal data, adequate measures determined by the Board must also be taken.

Within the scope of Article 9 of the LPPD, personal data cannot be transferred abroad without the explicit consent of the data subject. Personal data shall be transferred to the foreign country where the personal data will be transferred in the presence of one of the conditions specified in the third paragraph of Article 6;

Pursuant to Article 8 of the LPPD, personal data cannot be transferred without the explicit consent of the data subject. Personal data may be transferred without the explicit consent of the data subject, provided that adequate measures are taken, in case one of the conditions specified in the third paragraph of Article 6 is present.

  1. a) In case of adequate protection,
    b) In the absence of adequate protection, it may be transferred abroad without seeking the explicit consent of the data subject, provided that the data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and the Board’s permission is obtained.

In this context, Teknopark processes and transfers sensitive personal data in accordance with the Law, fulfills its obligations regarding data security regulated in Article 12 of the Law, takes all necessary technical and administrative measures to ensure the level of security, and in addition to these measures, it also takes the measures determined by the Board in the processing of sensitive personal data.

Teknopark takes the measures specified in the processing of special quality personal data in accordance with the Board decision within the scope of paragraph 4 of Article 6 of the LPPD.

  1. CONDITIONS FOR TRANSFERRING PERSONAL DATA DOMESTICALLY AND ABROAD

Articles 8 and 9 of the LPPD regulate the transfer of personal data to third parties in Turkey and abroad, respectively.
 According to Article 8 of the LPPD, without prejudice to the provisions of other laws regarding the transfer of personal data, personal data may be transferred without the consent of the data subject only a) Article 5/2 of the LPPD, b) provided that adequate measures are taken, personal data may be transferred to third parties within the country in the presence of one of the conditions specified in Article 6/3 of the LPPD.
According to Article 9 of the LPPD, personal data may be transferred abroad
without seeking explicit consent only in the presence of one of the conditions specified in
Article 5/2 of the LPPD and Article 6/3 of the LPPD and in the country to which personal data will be transferred; a) there is adequate protection, b) in the absence of adequate protection, provided that the data controllers in Turkey and in the relevant foreign country undertake adequate protection in writing and the Board’s permission is obtained.

  1. TRANSFER OF PERSONAL DATA

Without prejudice to the provisions of other laws, Teknopark does not share the personal data of the person concerned with third parties without the explicit consent of the person concerned, except for the conditions stipulated in the LPPD. In this context, personal data processed by Teknopark in accordance with the law can be transferred to the following recipient groups within the framework of the processing conditions specified in Articles 8 and 9 of the LPPD:

  • Suppliers
  • Investors
  • Mentor / Referee / Coach
  • Entrepreneurs
  • 3rd Persons served
  • Contacts
  • University
  • Technopark management system user
  • Authorized institutions and organizations
  • Entrepreneur employee
  • Jury
  • Entrepreneurship centers
  • Accelerator program entrepreneur employee

In case personal data is shared with 3rd persons and persons, Teknopark takes the necessary measures to ensure that the party with whom the data is shared carries out data processing and transfer activities in accordance with the rules in this Policy and the provisions of the legislation.

  1. STORAGE OF PERSONAL DATA

Although it has been processed by Teknopark in accordance with the provisions of the Law and other legislation, in the event that the reasons requiring its processing disappear, personal data are deleted, destroyed or anonymized by Teknopark automatically or upon the request of the person concerned. Teknopark takes into account the legislation in force and the purposes of processing personal data subject to the processing activity while determining the retention periods of the personal data of the person concerned. In the event that the legislation stipulates a statute of limitations that the data controller must take into account for the personal data processed with the existence of the purpose of personal data processing, or in the event that the purpose of personal data processing disappears, the data is deleted, destroyed and anonymized unless there is another legal reason or basis that allows the retention of personal data.

  1. COLLECTION METHOD AND PERSONAL DATA COLLECTED

Personal data are collected by Teknopark through, but not limited to, the forms filled out by the relevant person on online platforms, information/documents entered/uploaded or personally transmitted, authorized third parties involved in entrepreneurship programs, video and/or audio recording devices, closed circuit camera system, verbally from the relevant person and other physical and electronic media, and the personal data collected varies according to the product or service requested by the relevant person from Teknopark, the activities to be carried out by Teknopark and legal obligations. The categories of personal data collected and the explanations of the relevant data categories are given below:
 

Talep Edilen BilgilerAçıklama
Kimlik Bilgisiİsim Soyisim, TC kimlik no/yabancı kimlik no, cinsiyet, doğum tarihi, yaş, medeni hal, uyruk, sürücü belgesi sınıfı, baba adı, anne adı, doğum yeri, nüfus cüzdanı seri no, imza, nüfus cüzdanı fotokopisindeki/İkametgah örneğindeki/vukuatlı nüfus kayıt örneği/ işe giriş /işten çıkış bildirgesindeki diğer kimlik bilgileri, AGİ formundaki diğer bilgiler, kızlık soyadı, Doğduğu Ülke, Göçmenlik statüsü, nüfusa kayıtlı olduğu yer bilgileri, mavi kart no
İletişim BilgisiTelefon, adres, E-posta adresi, yaşadığı şehir, ülke, şehir
Aile BilgisiEşin işi, çocukların yaşı ve vukuatlı nüfus kayıt örneğindeki din bilgisi ve T.C numarası hariç diğer bilgileri vs.
Finansal BilgiBanka hesap bilgisi, ödeme/ödenecek tutar, kazanılan ödül, hisse oranı, işci ücret bordrosundaki finansal bilgiler, ciro, proje bütçe bilgisi, hisseye düşen sermaye, vergi kimlik no, işten çıkış bildirgesindeki finansal bilgiler (ücret, prime esas tutar) ücret ödeme tarihi, donem ay/yıl, kesinti oranı, katkı tutarı vs.
Finansal BilgiBanka hesap bilgisi, ödeme/ödenecek tutar, kazanılan ödül, hisse oranı, işci ücret bordrosundaki finansal bilgiler, ciro, proje bütçe bilgisi, hisseye düşen sermaye, vergi kimlik no, işten çıkış bildirgesindeki finansal bilgiler (ücret, prime esas tutar) ücret ödeme tarihi, donem ay/yıl, kesinti oranı, katkı tutarı vs.
Ceza Mahkûmiyeti Ve Güvenlik Tedbirleri (ÖNKV)Adli sicil kaydı, işe giriş bildirgesindeki hükümlü bilgisi
Eğitim, İş ve Profesyonel Yaşama İlişkin BilgilerGeçmiş ve son iş deneyimi bilgisi (şirket adı, pozisyonu, görevi, iş açıklaması, uzmanlık alanı, çalışma şekli, başlangıç/bitiş tarihi) toplam iş deneyimi süresi, işe giriş /işten çıkış bildirgesindeki diğer bilgiler (sosyal güvenlik/hizmet bilgileri), eğitim bilgileri (son okunan üniversite/bölüm/fakülte/enstitü/program adı, eğitim durumu, öğrenci/mezun/terk durumu, bölümü başlangıç/bitiş tarihi), yabancı dil/seviyesi, yetkinlikler (bilgisayar programı adı/seviyesi/tecrübe süresi, meslek içi eğitim bilgileri, alınan sertifikalar, süresi ve sertifika veren kuruma ilişkin bilgiler), Teknoparkta çalışmak istenen alanlar, firma tercihleri, son işten ayrılma sebebi, adayın kariyer hedefi, diploma, özgeçmiş bilgileri-CV, girişimci ismi, girişimdeki görevi, eğitim katılım bilgisi, meslek kodu, disiplin bilgileri vb.
İş fikri bilgisiİş fikri adı, sektör, alanı, teknoloji grubu, tanımı, özeti, teknolojik/inovatif yönü, hedef pazar analizi, gelir modeli, aşaması, etik kurul onay bilgisi, eski başvuru tarihi ve sonucu, iş planı, sunumu, proje adı, tanımı vs.
Seyahat bilgisiBilet bilgileri
Sağlık Bilgileri (ÖNKV)Engellilik bilgileri (kategorisi, yüzdesi, engellilik açıklaması)
Girişim bilgisiGirişim adı, alanı, tanımı, özeti, aşaması, şirketleşme durumu, yapılan çalışmalar, eski başvuru olup olmadığı, yapılan değişiklikler, girişimci geçmişi/başlangıç-bitiş tarihi/yer aldığı proje adı, hedef kitle, gelir elde etme yolu, başvuru yapılan ürün/hizmetle satış yapılıp yapılmadığı, benzer/rakip ürünler, girişimin başka bir yarışmaya/destek mekanizmasına/merkeze(adı) başvurusu olup olmadığı, başvuru tarihi, başvuru sonucu, girişimin yenilikçi yönü, ar-ge proje bilgileri, proje iş planı, ofis alanı bilgileri, proje adı/tanımı/ özet/ aşaması/teknolojisi, sektörü, gelir modeli, yatırım alıp almadığı, kimden aldığı vs.
Özlük bilgisiİşe giriş belgesi kayıtları,
Sosyal medya bilgisiLinkedin, web sayfası Facebook, diğer kişisel sayfalar
İşlem Güvenliği bilgisiŞifre
Fikri mülkiyet bilgisiPatent/faydalı model başvuru durumu
Görsel ve işitsel KayıtlarFotoğraf video kaydı, kamera kayıtları
Cihaz BilgisiMac adresi
Çalışan Adayı Değerlendirme BilgisiMülakat bilgisi değerlendirme bilgisi
Performans Değerlendirme BilgisiDeğerlendirme notu/puanı, performans değerlendirme bilgisi/notu, mentörlük yaptığı girişim sayısı süresi, mentörlük aldığı sayı ve süre, toplantı /seminer/ eğitim katılım sayısı vs.
Katılımcı BilgileriÜyelik tipi, referans bilgileri
Araç BilgisiPlaka
Askerlik Durum BilgisiAskerlik durum veya terhis durumu
İnternet Erişim BilgisiTrafik verisi
Fiziksel Mekân Güvenlik BilgisiGiriş çıkış kayıt bilgileri, ziyarete gelinen şirket
Hukuki İşlem Uyum BilgisiSözleşme, taahhütname

  1. STORAGE OF PERSONAL DATA

Although it has been processed by Teknopark in accordance with the provisions of the Law and other legislation, if the reasons requiring its processing disappear, personal data are deleted, destroyed or anonymized based on Teknopark’s ex officio decision or upon the request of the relevant person. Teknopark determines the retention periods of personal data by taking into account the legislation in force and the purposes of processing personal data subject to the processing activity. In this context, the statute of limitations regarding the legal obligations related to the processing of personal data is taken into consideration. In the event that the purpose of personal data processing disappears, the data is deleted, destroyed and anonymized unless there is another legal reason or basis for keeping personal data. Detailed information is available in the “ITU Teknopark INC.  Personal Data Storage and Destruction Policy”, which ITU Teknopark uses as a basis for the process of determining the maximum period required for the purpose for which personal data are processed and the process of deletion, destruction and anonymization.

11.1 Reasons for Retention of Personal Data

  • Execution of Emergency Management Processes
  • Execution of Mentor / Referee / Coach processes
  • Execution of Employee Candidate Application Processes
  • Fulfillment of Employment Contract and Regulatory Obligations for Employees
  • Execution of Employee Benefits and Benefits Processes
  • Conducting Audit / Ethics Activities
  • Conducting Training Activities
  • Execution of Activities in Compliance with the Legislation
  • Ensuring Physical Space Security
  • Execution of Communication Activities
  • Planning Human Resources Processes
  • Execution of Performance Evaluation Processes
  • Execution of Marketing Processes of Products / Services
  • Providing Information to Authorized Persons, Institutions and Organizations
  • Conducting Marketing Analysis Studies
  • Execution of operational processes of entrepreneurship programs
  • Conducting training/mentoring processes of entrepreneurship programs
  • Execution of entrepreneur promotion processes
  • Execution of Technopark management system user registration/login processes
  • Conducting Technopark application/evaluation processes
  • Execution of Technopark operational processes
  • Execution of Technopark reporting processes
  • Execution of entrepreneurial company human resources support processes
  • Execution of personnel recruitment support processes
  • Execution of service operations
  • Execution of leasing transactions
  • Conducting communication activities between entrepreneurs
  • Monitoring and Execution of Legal Affairs
  • Organization and Event Management
  • Execution of Advertising, Promotion and Announcement Processes
  • Execution of Supply Chain Management Processes
  • Conducting evaluation processes of entrepreneurship programs
  • Execution of entrepreneurship program application processes
  • Carrying out the application and selection processes of employee candidates

11.2 Reasons Requiring Destruction of Personal Data

Although it has been processed in accordance with the provisions of LPPD and other relevant laws, in the event that the periods stipulated in other relevant legislation expire or the purposes requiring its processing disappear, personal data are deleted, destroyed or anonymized by Teknopark ex officio or upon the request of the person concerned:

  • Amendment or abolition of the provisions of the relevant legislation that constitute the basis for the processing or storage of personal data,
  • The purpose requiring the processing or storage of personal data disappears,
  • The disappearance of the conditions requiring the processing of personal data under Article 5 of the LPPD,
  • In cases where the processing of personal data takes place only on the basis of explicit consent, the data subject’s withdrawal of consent,
  • Acceptance by Teknopark of the application made by the data subject regarding the deletion or destruction of his/her personal data within the framework of his/her right under Article 11, paragraph 2 (e) of the Law,
  • In cases where Teknopark rejects the application made by the relevant person with the request for the deletion, destruction or anonymization of his/her personal data, the response is found insufficient or does not respond within the period stipulated in the Law; filing a complaint to the Board and this request is approved by the Board,
  • The maximum period of time required for the retention of personal data has expired, and there are no conditions that would justify the retention of personal data for a longer period of time.

11.3 Technical and Administrative Measures Taken for Secure Storage of Personal Data and Prevention of Unlawful Processing and Access

Teknopark, in accordance with Article 12 of the LPPD;

  1. a) a) To prevent unlawful processing of personal data,
    b) To prevent unlawful access to personal data,
    c) To ensure the preservation of personal data,

It knows that it is obliged to take all necessary technical and administrative measures to ensure the appropriate level of security for its purpose and shows the utmost care and diligence within this framework.
 Paragraph (4) of Article 6 of the LPPD stipulates that “In the processing of special categories of personal data, adequate measures determined by the Board must also be taken.” Within this framework, the Board published the Board Decision dated 31/01/2018 and numbered 2018/10 on “Adequate Measures to be Taken by Data Controllers in the Processing of Sensitive Personal Data”.

In this context, Teknopark takes the necessary technical and administrative measures to prevent unlawful processing of the personal data it processes, to prevent unlawful access to the data and to ensure the appropriate level of security to ensure the preservation of the data, to act in accordance with the Board’s decision, to make or have the necessary audits carried out. In the event that the processed personal data is obtained by others illegally, although all technical and administrative measures have been taken, Teknopark notifies the relevant persons and the Board as soon as possible.

11.4 Technical and Administrative Measures Taken for the Destruction of Personal Data in Accordance with the Law

Article 7 of the LPPD stipulates that personal data shall be deleted, destroyed or anonymized by the data controller ex officio or upon the request of the data subject, in the event that the reasons requiring the processing of personal data disappear, despite the fact that they have been processed in accordance with the provisions of the LPPD and other relevant laws, and that the procedures and principles regarding the deletion, destruction or anonymization of personal data shall be regulated by regulation.

In this context, the Regulation on Deletion, Destruction or Anonymization of Personal Data has been published in order to determine the procedures and principles regarding the deletion, destruction or anonymization of personal data processed by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

Within the scope of the Regulation, deletion, destruction or anonymization of personal data is defined as destruction and data controller;

    •  
      • In order to ensure that deleted personal data is inaccessible and non-reusable for the relevant users
      • Regarding the destruction of personal data
      • Regarding anonymization of personal data

It is obliged to take all necessary technical and administrative measures.

Within the framework of these regulations, Teknopark fulfills its obligations to delete, destroy or anonymize personal data ex officio or upon the request of the person concerned in cases where all the conditions for processing personal data disappear.

11.5 Storage and Destruction Periods

In addition to the retention periods determined by Teknopark in accordance with the principle of purpose limitation for the storage of personal data, there are also retention periods determined within the scope of the relevant legislation to which Teknopark is subject. Accordingly, if there is a period stipulated in the legislation for the relevant personal data, Teknopark complies with this period; If such a period is not stipulated, it stores the data only for the period required for the purpose for which they are processed. If there is no valid reason for further storage of a data, it deletes, destroys or anonymizes the data in the first periodic destruction process following the date on which the obligation to delete, destroy or anonymize personal data arises.

When the relevant person requests the deletion or destruction of his personal data by applying to Teknopark in accordance with Article 13 of the KVKK;

  1. a) If all the conditions for processing personal data have disappeared, Teknopark deletes, destroys or anonymizes the personal data subject to the request. Teknopark finalizes the request of the relevant person within thirty days at the latest and informs the relevant person.
    b) If all of the personal data processing conditions have been eliminated and the personal data subject to the request has been transferred to third parties, Teknopark notifies the third party of this situation; ensures that the necessary actions are taken within the scope of the Regulation before the third party.
    c) If all of the personal data processing conditions have not been eliminated, this request may be rejected by ITU Teknopark by explaining the reason in accordance with the third paragraph of Article 13 of the KVKK and the rejection response is notified to the relevant person in writing or electronically within thirty days at the latest.

The table showing the retention and destruction periods of personal data on a process basis is given in Annex-1.

The periodic destruction period is 6 months in January and July every year. It is carried out in six-month periods following the date on which the obligation to delete, destroy or anonymize personal data arises.

  1. RIGHTS OF THE PERSON CONCERNED

The person concerned according to Article 11 of the LPPD;

  1. a) Learning whether his/her personal data is processed by Teknopark,
    b) Requesting information if personal data has been processed,
    c) Learning the purpose of processing personal data and whether it is used in accordance with its purpose,
    ç) To know the third parties to whom personal data are transferred domestically or abroad,
    d) To request correction of personal data in case of incomplete or incorrect processing,
    e) Although it has been processed in accordance with the provisions of KVKK and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear,
    f) In case of correction, deletion or destruction of personal data, to request notification of these transactions to third parties to whom personal data is transferred,
    g) To object in the event that personal data is analyzed exclusively through automated systems and a result arises against it,
    ğ) In case of any damage due to unlawful processing of personal data, it has the right to demand the compensation of the damage.

As a result of the relevant person filling out the “ITU Teknopark INC. Relevant Person Application Form Regarding Personal Data” in Annex-2 in order to submit their requests regarding the above-mentioned rights and submitting it by one of the procedures specified in the application form, these requests will be evaluated and finalized by Teknopark as soon as possible and in any case within the period stipulated in the Law. In the event that the process regarding the examination and finalization of the application requires a cost, Teknopark may charge the relevant person making the request the fee determined by the Board.

In order for third parties to apply on behalf of the person concerned, there must be a special power of attorney issued by the person concerned through a notary public on behalf of the person who will make the application.

Teknopark may request information from the relevant person in order to determine whether the applicant is the relevant person or not, and may ask questions to the relevant person about the application in order to clarify the issues stated in the application.

 

ANNEX-1: Retention and Destruction Periods of Personal Data by Process

SÜREÇSAKLAMA SÜRESİİMHA SÜRESİ
İşe alım aday bulmaEn fazla 2 yıl olmak üzere özgeçmişin güncelliğini kaybedeceği süre kadar Saklama süresinin bitimini takiben 180 gün içinde
İşe giriş özlük işlemleriİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Performans değerlendirmeİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Disiplin süreçleriİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Eğitim ve kariyer gelişimİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Alt işveren işlemleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Çalışan maaş ve yan haklar menfaatler süreciİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Raporlama süreçleriİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
3.kişi personel temin destek süreciEn fazla 2 yıl olmak üzere özgeçmişin güncelliğini kaybedeceği süre kadarSaklama süresinin bitimini takiben 180 gün içinde
Girişimci şirket insan kaynakları destek süreçleriEn fazla 2 yıl olmak üzere özgeçmişin güncelliğini kaybedeceği süre kadar Saklama süresinin bitimini takiben 180 gün içinde
Girişimcilik programları başvuru/değerlendirme süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Girişimcilik programları operasyonel süreçlerİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Girişimcilik programları eğitim/mentorluk süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Bina güvenlik süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Girişimci tanıtım süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Hızlandırma programı aday başvuru/davet/değerlendirme süreciİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Hızlandırma programı operasyonel süreçlerİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Hızlandırma programı eğitim/mentorluk süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Hızlandırma programı tanıtım süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Kart basım, teslimat ve operasyon süreciİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Ziyaretçi giriş/ çıkış süreçleriEn fazla 2 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Teknopark yönetim sistemi kullanıcı kayıt/giriş süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Teknopark başvuru/değerlendirme süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Teknopark operasyonel süreçlerİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Teknopark raporlama süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Raporlama süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Otomatik Katılım Sistemi Süreciİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Kiralama süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Servis hizmetleri süreciİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Marka yönetimiEtkinliğin sona ermesini takiben 2 yılSaklama süresinin bitimini takiben 180 gün içinde
Alt yüklenici işlemleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Hukuk işleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
İnternet hizmeti sağlanmasıEn fazla 2 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Akademik Kuluçka Merkezi başvuru/değerlendirme süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Akademik Kuluçka Merkezi operasyonel süreçlerİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Akademik Kuluçka Merkezi eğitim/mentorluk süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
BT altyapısı  süreçleri10 yılSaklama süresinin bitimini takiben 180 gün içinde

ANNEX-2: Relevant Person Application Form

Adı Soyadı: 
T.C. Kimlik No: 
Yabancılar için;
Uyruk, Pasaport Numarası veya varsa Kimlik Numarası:
E-posta Adresi: 
Telefon Numarası: 
Faks numarası: 
Tebligata esas yerleşim yeri veya iş yeri adresi: 
Teknopark ile bağlantısı:GirişimciÇalışan adayı  Tedarikçi Çalışanı Diğer (Belirtiniz)

Request(s) Regarding Personal Data

Talep NoTalep KonusuSeçiminiz
1Şirketinizin hakkımda kişisel veri işleyip işlemediğini öğrenmek istiyorum.
2Eğer şirketiniz hakkımda kişisel veri işliyorsa bu veri işleme faaliyetleri hakkında bilgi talep ediyorum.
3Eğer Şirketiniz hakkımda kişisel veri işliyorsa bunların işlenme amacını ve işlenme amacına uygun kullanılıp kullanmadığını öğrenmek istiyorum.
4Eğer kişisel verilerim yurtiçinde veya yurtdışında üçüncü kişilere aktarılıyorsa, bu üçüncü kişileri bilmek istiyorum.
5Kişisel verilerimin eksik veya yanlış işlendiğini düşünüyorum ve bunların düzeltilmesini istiyorum.
6Kişisel verilerimin kanun ve ilgili diğer kanun hükümlerine uygun olarak işlenmiş olmasına rağmen, işlenmesini gerektiren sebeplerin ortadan kalktığını düşünüyorum ve bu çerçevede kişisel verilerimin;
a) Silinmesini talep ediyorum.
b) Yok edilmesini talep ediyorum.
a) ◻

b) ◻
75 ve 6 numarada belirttiğim taleplerimin kişisel verilerimin aktarıldığı üçüncü kişilere de bildirilmesini istiyorum.
8Şirketiniz tarafından işlenen kişisel verilerimin münhasıran otomatik sistemler vasıtasıyla analiz edildiğini ve bu analiz neticesinde şahsım aleyhine bir sonuç doğduğunu düşünüyorum. Bu sonuca itiraz ediyorum.
9Kişisel verilerimin kanuna aykırı işlenmesi nedeniyle zarara uğradım. Bu zararın tazminini talep ediyorum.

Details of the request (Please specify the details of your request)

 

 

You may submit your request through one of the following procedures.

Başvuru UsulüGönderilecek AdresAçıklama
Yazılı başvuru (Islak imzalı şahsen veya iadeli taahhütlü mektup veya Noter vasıtasıyla)RESITPASA MAH. KATAR CAD. ITU TASARIM VE PROTOTIP MERKEZI BINASI NO: 2 /41 IC KAPI NO: 1 SARIYER/Zarfın üzerine ya da tebligatın açıklama kısmına ya da e-postanın konu kısmına “Kişisel Verilerin Korunması Kanunu Bilgi Talebi” yazılacaktır.
Kayıtlı Elektronik Posta (KEP) adresiyle başvuru KEP Adresi
Sistemde kayıtlı bulunan elektronik posta adresiyle başvuru info@1773ituteknopark.com

Please indicate the method of notification of the response to your application by our Company

      • I want it sent to my address.
      • I want it sent to my e-mail address.

In order to respond to the application in a timely manner, the relevant person must fill in all the information in this form completely and submit the relevant information and documents. Teknopark may request additional information and documents for identity verification and authorization in order to prevent unlawful data sharing, and may ask questions about the application to the relevant person in order to clarify the issues specified in the application. If the transaction regarding the application requires a cost, Teknopark reserves the right to demand the fee determined by the Personal Data Protection Board.

I hereby request that this application I have made in accordance with the LPPD be evaluated and finalized within the framework of the request(s) I have stated above; I hereby accept, declare and undertake that I have read and understood the information provided to me in the content of this application form, and that the information and documents I have provided in the application form are accurate, complete, up-to-date and belong to me.

Name Surname

History:

Signature:

ITU TEKNOPARK INC.

POLICY ON PROCESSING AND PROTECTION OF PERSONAL DATA OF EMPLOYEES

 1.INTRODUCTION

ITU Teknopark INC. (“1773 ITU Teknopark“) has prepared this Policy on Processing and Protection of Employee Personal Data (“Policy“) in order to process and protect personal data in accordance with the Law No. 6698 on the Protection of Personal Data (“LPPD”).

2.PURPOSE AND SCOPE OF THE POLICY

This Policy; It has been prepared in order to make explanations to its employees (employees, interns) regarding the processing and protection of personal data of employees, and in this context, it is to inform our employees whose personal data are processed by ITU Teknopark about which personal data are processed for what purpose, to whom they can transfer this data, which administrative and technical measures are taken to protect their personal data, what are the rights they have on their personal data and the application methods regarding their requests for these rights and other issues. In this way, it is aimed to ensure full compliance with the legislation in the processing and protection of personal data carried out by our company and to protect all rights of our employees arising from the legislation regarding their personal data.

3.DEFINITIONS

The definitions in this Policy are as follows:

Explicit consent: Consent on a specific subject, based on information and expressed with free will,
Anonymization: Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data,
Relevant person: The natural person whose personal data is processed, (our employees/interns within the scope of this Policy)
Personal data: Any information relating to an identified or identifiable natural person,
Sensitive personal data: Data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data,
Processing of personal data: Any operation performed on personal data such as obtaining, recording, storing, retaining, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system,
Board: The Personal Data Protection Board,
Data processor: A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller,
Data recording system: The recording system in which personal data are structured and processed according to certain criteria,
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

4.GENERAL PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

Article 4 of the LPPD regulates the general principles that must be followed for the processing of personal data. 1773 ITU TEKNOPARK acts primarily in accordance with these general principles described below within the scope of personal data processing activities.
Compliance with the law and honesty rules: 1773 ITU TEKNOPARK acts in accordance with the legislation in force and complies with the rules of honesty in all kinds of personal data processing processes.
Being accurate and up-to-date when necessary: 1773 ITU TEKNOPARK takes the necessary measures to ensure that the personal data of its employees are accurate and up-to-date, provides the opportunity to update them and takes the necessary measures to ensure the correct transfer of their data to databases.
Processing for specific, explicit and legitimate purposes: 1773 ITU TEKNOPARK limits its personal data processing activities to specific and legitimate purposes and clearly informs its employees through clarification texts regarding these purposes.
Being relevant, limited and proportionate to the purpose for which they are processed: 1773 ITU TEKNOPARK processes personal data to the extent necessary for the purpose notified to its employees at the time they are obtained, in connection with and limited to this purpose.
Retention for the period stipulated in the relevant legislation or for the purpose for which they are processed: The Company retains personal data for this period if a certain period is determined within the scope of the legislation in force. If such a period is not specified in the legislation, reasonable retention periods are determined by taking into account the purpose of data use and company procedures and the data are kept limited to this period. Following the expiration of the aforementioned periods, the data are deleted, destroyed and anonymized in accordance with the “ITU TEKNOPARK INC. Personal Data Retention and Destruction Policy” (Policy).

5.CONDITIONS OF PROCESSING PERSONAL DATA

Article 5 of the LPPD regulates the conditions for processing personal data and Article 6 regulates the conditions for processing special categories of personal data. The LPPD stipulates that personal data can be processed even without the explicit consent of the data subject in the cases written in these articles and allows this processing to be in accordance with the law. These processing conditions vary depending on whether the personal data is sensitive personal data or whether it is personal data related to health and sexual life among sensitive personal data. Sensitive personal data are data that have the potential to discriminate between individuals, which may cause victimization of the person concerned if learned by others, and the LPPD stipulates that adequate measures to be determined by the Board must be taken in the processing of such data.

The cases where personal data can be processed without explicit consent regulated in the provisions of Article 5/2 of the LPPD and Article 6/3 of the LPPD are below, and 1773 ITU TEKNOPARK may process your personal data based on your explicit consent, except for these foreseen situations.

According to Article 5/2 of the LPPD, it is possible to process personal data without explicit consent in the presence of one (or more than one) of the following conditions:

  1. a) It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid.
    b)It is necessary to process personal data of the parties to a contract, provided that it is directly related to the establishment or performance of a contract.
    c) It is mandatory for the data controller to fulfill its legal obligation.
    d) It has been made public by the data subject.
    e) Data processing is mandatory for the establishment, exercise or protection of a right.
    f) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

According to Article 6/3 of the LPPD, it is possible to process special categories of personal data without seeking explicit consent, provided that adequate measures determined by the Board are taken in the following cases:
 Personal data other than health and sexual life may be processed in cases stipulated by law, and personal data relating to health and sexual life may only be processed for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, by persons or authorized institutions and organizations under the obligation of confidentiality, without seeking the explicit consent of the data subject.

6.CONDITIONS FOR TRANSFERRING PERSONAL DATA DOMESTICALLY AND ABROAD

Article 8 of the LPPD regulates the transfer of personal data to third parties within the country and Article 9 regulates the transfer of personal data to third parties abroad.
According to Article 8 of the LPPD, without prejudice to the provisions of other laws regarding the transfer of personal data, personal data may be transferred without the consent of the data subject only;
a) Provided that adequate measures are taken, personal data may be transferred to third parties within the country in the presence of one of the conditions specified in
Article 5/2 of the LPPD and
b) Article 6/3 of the LPPD.
According to Article 9 of the LPPD, personal data may be
transferred abroad
without seeking explicit consent only in the presence of one of the conditions specified in Article 5/2 of the LPPD and Article 6/3 of the LPPD and in the country to which personal data will be transferred;
a) There is adequate protection,
b) In the absence of adequate protection, provided that the data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and the Board’s permission is obtained.

 

7.PERSONAL DATA COLLECTED

1773 Personal data collected by ITU TEKNOPARK through, but not limited to, forms filled in online platforms, information/documents entered/uploaded in online platforms or personally transmitted, closed circuit camera system, verbally and other physical/electronic media vary according to the duties, position and legal obligations undertaken in the company. The personal data collected can be listed as follows.

Talep Edilen BilgilerAçıklama
Kimlik Bilgisiİsim soyisim, baba adı anne adı, doğum tarihi, doğum yeri, nüfus cüzdanı seri no, medeni hal, cinsiyet, imza, nüfus cüzdanı fotokopisindeki/ikametgah örneğindeki/vukuatlı nüfus kayıt örneğindeki diğer kimlik bilgileri, doğduğu ülke, göçmenlik statüsü, mavi kart no, tc kimlik no/yabancı kimlik no, nüfusa kayıtlı olduğu yer bilgileri, işe giriş /işten çıkış bildirgesindeki diğer kimlik bilgileri
İletişim Bilgisi İkametgah adresi, telefon, e-posta, adres, işe giriş/işten çıkış bildirgesindeki diğer adres bilgileri 
Aile BilgisiEşin işi, çocukların sayısı, yaşı vs ve vukuatlı nüfus kayıt örneğindeki diğer bilgileri
Finansal Bilgiİşci ücret bordrosundaki finansal bilgiler, banka hesap bilgisi, ödenecek tutar, işten çıkış bildirgesindeki finansal bilgiler (Ücret, prime esas tutar) vergi no, ücret ödeme tarihi, dönem ay/yıl, kesinti oranı, katkı tutarı vb
Ceza Mahkûmiyeti ve Güvenlik Tedbirleri (ÖNKV)Adli sicil kaydı, işe giriş bildirgesindeki hükümlü bilgisi 
Eğitim, İş ve Profesyonel Yaşama İlişkin BilgilerMeslek/meslek kodu, çalıştığı şirket, yaptığı iş, bölüm, unvan, pozisyon, eğitim durumu, mezun olduğu okullar/bölüm/mezuniyet tarihi, en son mezun olunan okul diploması, diploma bilgisi (hangi okul hangi bölüm hangi sene mezun oldu), Önceki İş Tecrübeleri (daha önce çalıştığı yerler/şirket adı/iş kolu/Yaptığı iş/görevi/giriş-çıkış tarihi) işe giriş bildirgesi ,Özgeçmiş bilgileri-CV, Performans hedefleri, yabancı dil bilgisi/seviyesi, Disiplin bilgileri, Sertifikalar, işe giriş /işten çıkış bildirgesindeki diğer bilgiler (sosyal güvenlik/hizmet bilgileri), meslek, işe alınma/ayrılma izahı, vb
Sağlık Bilgileri(ÖNKV)İşe giriş bildirgesindeki engellik bilgisi ve derecesi
Görsel ve işitsel KayıtlarFotoğraf, kamera kayıtları
Performans değerlendirme bilgisi90 derece değerlemesi ve performans notu
Askerlik durum bilgisiAskerlik durum veya terhis durumu
Sigorta bilgisiSeçilen poliçe
Hukuki İşlem uyum bilgisiSözleşme

 

8.PURPOSES OF PROCESSING PERSONAL DATA

The personal data obtained by the company in accordance with the general principles stipulated in the LPPD; It is processed for the purposes listed below within the processing conditions specified in Articles 5 and 6 of the LPPD.

      • Execution of Emergency Management Processes
      • Fulfillment of Employment Contract and Regulatory Obligations for Employees
      • Execution of Employee Benefits and Benefits Processes
      • Conducting Audit / Ethics Activities
      • Conducting Training Activities
      • Ensuring Physical Space Security
      • Execution of Performance Evaluation Processes
      • Providing Information to Authorized Persons, Institutions and Organizations

 

9.TRANSFER OF PERSONAL DATA

1773 ITU TEKNOPARK complies with the conditions regulated in the LPPD, without prejudice to the provisions of other laws, regarding the sharing of personal data with third parties, and does not share personal data with third parties without obtaining explicit consent, except for the conditions stipulated in the LPPD. In this context, personal data processed by 1773 ITU TEKNOPARK in accordance with the law; It may be transferred to authorized institutions and organizations, universities, suppliers for the purposes specified in Article 8 above, within the framework of the processing conditions specified in Articles 8 and 9 of the LPPD. In these cases where personal data is shared, the Company takes the necessary measures to ensure that the party with whom the data is shared carries out processing and transfer activities in accordance with the rules in this Policy and the provisions of the legislation.

 

 

 

  1. STORAGE OF PERSONAL DATA

Although it has been processed by the Company in accordance with the provisions of the Law and other legislation, personal data shall be deleted, destroyed or anonymized upon the Company’s ex officio decision or request if the reasons requiring its processing disappear. The Company determines the retention periods of personal data by taking into account the legislation in force and the purposes of processing personal data subject to the processing activity. In this context, the statute of limitations regarding the legal obligations related to the personal data processing activity is taken into consideration. In the event that the purpose of personal data processing disappears, the data is deleted, destroyed and anonymized unless there is another legal reason or basis for keeping personal data. Detailed information is available in the “ITU TEKNOPARK INC. Personal Data Retention and Destruction Policy”, which is the basis for the process of determining the maximum period required for the purpose for which personal data are processed and the process of deletion, destruction and anonymization.

  11.RIGHTS AND EXERCISE OF THESE RIGHTS

As the relevant person according to Article 11 of the LPPD;

 

  1. Learning whether personal data is processed by ITU TEKNOPARK INC.
  2. Requesting information if personal data is processed,
  3. Learning the purpose of processing personal data and whether it is used in accordance with its purpose,
  4. To know the third parties to whom personal data are transferred domestically or abroad,
  5. To request correction of personal data in case of incomplete or incorrect processing,
  6. Although it has been processed in accordance with the provisions of LPPD and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear,
  7. To request notification of the transactions made in subparagraphs d) and e) to third parties to whom personal data has been transferred,
  8. To object in the event that a result arises against you by analyzing personal data exclusively through automated systems,
  9. Having the right to demand the compensation of the damage in case of any damage due to unlawful processing of personal data.

In order to use these rights, if you send the requests regarding the rights to info@1773ituteknopark.com from your e-mail address allocated to you by ITU TEKNOPARK INC. Kı̇şisel Verı̇lere İlişkin İlgili Kişi Başvuru Form by filling out the application form or if you submit it by one of the methods specified in the application form, your request will be evaluated and finalized as soon as possible and in any case within the period stipulated in the Law. If the transaction requires a cost, a fee determined by the Board may be charged
. In order for third parties to make an application request on your behalf, you must have a special power of attorney issued by a notary public on behalf of the applicant.
The Company may request information from you in order to determine whether you are the applicant or not, and may ask you questions about your application in order to clarify the matters stated in the application.

      

  12.MEASURES TAKEN FOR THE SECURITY OF DATA

1773 ITU TEKNOPARK takes reasonable technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing of personal data, to prevent unlawful access to your data and to ensure its preservation, and in this context, it takes into account the “Personal Data Security Guide” specified in the “Personal Data Security Guide” published on the website of the Personal Data Protection Authority and also the Board’s “Decision on Adequate Measures to be Taken by Data Controllers in the Processing of Special Categories of Personal Data” (Decision) dated 31/01/2018 and numbered 2018/10. In order to ensure the security of personal data, the Company takes reasonable technical and administrative measures to prevent unauthorized access risks, accidental data loss, deliberate deletion or damage to data.

13.UPDATES AND CHANGES

 The Company reserves the right to make changes to this Policy in order to provide up-to-date information about the practices and legal regulations on the protection of personal data. Employees will be informed if the changes made in the Policy are fundamental changes. The amendments made are included in the annex of this Policy (Annex-1).

 

APPENDICES;

Annex-1 Table of Updates and Changes

 

Annex 1

The changes made to this Policy are given in the table below.

UPDATE DATE

SCOPE OF CHANGES

 

 

 

 

 

ITU TEKNOPARK INC.

PERSONAL DATA STORAGE AND DISPOSAL POLICY

  1. PURPOSE

 Pursuant to this Personal Data Retention and Destruction Policy (“Policy”), “Personal Data Protection Law No. 6698” (“LPPD” or “Law”) and Regulation on the Deletion, Destruction or Anonymization of Personal Data (“Regulation”) regarding the fulfillment of the obligations of the data controller İTÜ Teknopark INC. (Teknopark or the Company); ITU Teknopark INC. It has been prepared for the purpose of determining the maximum storage period required for the purpose for which they are processed, and the procedures and principles of the processes regarding the deletion, destruction and anonymization of the personal data processed by the Company.

  1. SCOPE

This Policy, ITU Teknopark INC. It relates to the personal data of the data subjects whose personal data are processed by fully or partially automatic or non-automatic means provided that they are part of any data recording system.

Detailed information on the processing of personal data is included in the “Processing and Protection of Employee Personal Data Policy” or “Personal Data Processing and Protection Policy”, depending on the category of the person concerned.

In the event that this Policy and the provisions of the LPPD and other relevant legislation conflict, the provisions of the LPPD and other relevant legislation will primarily apply.

  1. DEFINITIONS

The definitions in this Policy are as follows:
Explicit Consent : Consent on a specific subject, based on information and expressed with free will,
Recipient Group: The natural or legal person category to which personal data is transferred by the data controller,
Relevant User: Technical storage and protection of data Persons who process personal data within the organization of the data controller or in line with the authorization and instruction received from the data controller, with the exception of the person or unit responsible for and backing up,
Destruction: Deletion, destruction or anonymization of personal data,
Law: Law on Protection of Personal Data No. 6698. nu,
Recording Medium: Any medium containing personal data that is fully or partially automated or processed by non-automatic means provided that it is a part of any data recording system,
Personal Data: Any information relating to an identified or identifiable natural person,
Relevant Person: Personal data the real person being processed (within the scope of this Policy, ITU Teknopark INC.                                                                                                Processing of Personal Data: Obtaining, recording, storing, maintaining, changing personal data completely or partially automatically or by non-automatic means provided that it is a part of any data recording system, All kinds of operations performed on data such as reorganization, disclosure, transfer, takeover, making available, classification or prevention of use,
Personal Data Processing Inventory: Personal data processing activities carried out by data controllers depending on their business processes; The inventory, which they have created by associating the personal data processing purposes and legal reason, the data category, the transferred recipient group and the data subject group, by explaining the maximum period required for the purposes for which the personal data is processed, the personal data to be transferred to foreign countries and the measures taken regarding data security,                                                                                                                                                                                                                                            the Board : Personal Data Protection Board,
Institution: Personal Data Protection Authority,
Special Quality Personal Data: Person’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and dress, association, foundation or union Membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data,
Periodic Destruction: The deletion, destruction or anonymization process, which will be carried out ex officio at repetitive intervals and specified in the personal data storage and destruction policy, in case all the conditions for processing personal data in the law are eliminated,                                                                                                          Personal Data Retention and Destruction Policy: This Policy, on which the data controller İTÜ Teknopark A.                                                                                                                        Data Recording System: The recording system in which personal data is processed and configured according to certain criteria,
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,
Personal Data Deletion: No personal data for the relevant users. The process of making personal data inaccessible and unusable in any way,
Destruction of Personal Data: The process of making personal data inaccessible, unrecoverable and reusable by anyone,
Making Personal Data Anonymous: Personal data can never be identified or determined, even if it is matched with other data,                                                                                       Regulation: Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette on 28 October 2017.

For the definitions not included in this Policy, the definitions in the Law and secondary regulations are valid.

 

 

 

 

  1. EXPLANATIONS ON THE REASONS REQUESTING THE STORAGE AND DISPOSAL OF PERSONAL DATA

4.1. EXPLANATIONS RELATING TO THE REASONS REQUESTING THE KEEPING OF PERSONAL DATA

ITU Teknopark INC. processes personal data with the express consent of the data subject or without the explicit consent of the person concerned in case of the existence of the processing conditions listed in Article 5 of the Law, and for the purpose for which they are processed or in the environments listed in Article 5 of this Policy, in a secure manner. stores it for as long as necessary. The purposes of processing personal data are listed below:

· Execution of Emergency Management Processes

· Execution of application and selection processes of employee candidates

· Execution of Application Processes of Employee Candidates

· Fulfillment of Employment Contract and Legislation Obligations for Employees

· Execution of Benefits and Benefits Processes for Employees

· Execution of Audit / Ethical Activities

· Execution of Training Activities

· Execution of Activities in Compliance with the Legislation

· Ensuring Physical Space Security

· Execution of Communication Activities

· Planning of Human Resources Processes

· Execution of Performance Evaluation Processes

· Execution of Marketing Processes of Products / Services

· Providing Information to Authorized Persons, Institutions and Organizations

· Conducting Marketing Analysis Studies

· Execution of operational processes of entrepreneurship programs

· Conducting training/mentoring processes of entrepreneurship programs

· Conducting referee/mentor/coaching evaluation processes of entrepreneurship programs

· Execution of entrepreneurial promotion processes

· Conducting mentor/and/or Koç promotion processes

· Execution of the acceleration program candidate application/invitation/evaluation process

· Execution of acceleration program training/mentoring process

· Execution of acceleration program promotion processes

· Execution of acceleration program operational processes

· Execution of Technopark management system user registration/login processes

· Execution of Technopark application/evaluation processes

· Execution of Technopark operational processes

· Execution of Technopark reporting processes

· Execution of human resources support processes of entrepreneurial companies

· Execution of 3rd party personnel procurement support processes

· Execution of services

· Execution of rental transactions

· Execution of communication activities between entrepreneurs

· Follow-up and Execution of Legal Affairs

· Organization and Event Management

· Execution of Advertising, Promotion, Announcement Processes

· Execution of Supply Chain Management Processes

· Carrying out the evaluation processes of entrepreneurship programs

· Execution of application processes for entrepreneurship programs

· Execution of Academic Incubation Center application processes

· Execution of Academic Incubation Center evaluation processes

· Execution of Academic Incubation Center operational processes

· Execution of Academic Incubation Center training/mentoring processes

4.2. EXPLANATIONS RELATING TO THE REASONS REQUESTING THE DISPOSAL OF PERSONAL DATA

Despite the fact that it has been processed in accordance with the provisions of the LPPD and other relevant laws, in the event that the periods stipulated in the other relevant legislation expire or the purposes requiring processing are no longer valid, the personal data will be transferred to ITU Teknopark INC. deleted, destroyed or anonymized by ITU Teknopark INC. The situations that require the destruction of personal data are listed below:

  • Changing or repealing the provisions of the relevant legislation, which is the basis for the processing or storage of personal data,
  • The disappearance of the purpose that requires the processing or storage of personal data,
  • Elimination of the conditions requiring the processing of personal data in Article 5 of the LPPD,
  • In cases where the processing of personal data takes place only on the basis of explicit consent, the data subject withdraws his consent,
  • ITU Teknopark INC. to be accepted by
  • In cases where ITU Teknopark INC. rejects the application made by the person concerned with the request for the deletion, destruction or anonymization of his personal data, his response is found insufficient or he does not respond within the time stipulated in the Law; Complaining to the Board and approval of this request by the Board,
  • The maximum period requiring the retention of personal data has passed, and there are no conditions to justify keeping personal data for a longer period of time.
  1. TECHNICAL AND ADMINISTRATIVE MEASURES TO STORAGE PERSONAL DATA SECURELY AND TO PREVENT THEIR UNLAWFUL PROCESSING AND ACCESS

Technopark, pursuant to Article 12 of the LPPD;

  1. a) To prevent the unlawful processing of personal data,
    b) To prevent unlawful access to personal data,                                                                                                                                                                                                      c) To ensure the preservation of personal data,

It knows that it has to take all kinds of technical and administrative measures to ensure the appropriate level of security for its purpose, and within this framework, it shows the utmost care and importance.
In paragraph (4) of Article 6 of the LPPD, it is necessary to take adequate measures determined by the Board in the processing of personal data of special nature. provision is included. In this context, the Board Decision dated 31/01/2018 and numbered 2018/10 on “Adequate Precautions to be Taken by Data Controllers in the Processing of Special Quality Personal Data” was published by the Board. takes the necessary technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful access and to ensure the preservation of data, acts in accordance with the Board’s decision, makes or has the necessary inspections done. In case the processed personal data is obtained by others illegally despite all technical and administrative precautions, Teknopark notifies the relevant persons and the Board as soon as possible.

  1. TECHNICAL AND ADMINISTRATIVE MEASURES FOR LAWFUL DISPOSAL OF PERSONAL DATA

In Article 7 of the LPPD; Personal data will be deleted, destroyed or anonymized by the data controller ex officio or upon the request of the person concerned, in case the reasons requiring the processing are eliminated, even though it has been processed in accordance with the provisions of the LPPD and other relevant laws, and the deletion, destruction or anonymization of personal data It has been decreed that the procedures and principles will be regulated by a regulation.

In this context, the Regulation on the Deletion, Destruction or Anonymization of Personal Data has been published in order to determine the procedures and principles regarding the deletion, destruction or anonymization of personal data that is fully or partially automated or processed by non-automatic means provided that it is a part of any data recording system. .

Deletion, destruction or anonymization of personal data is defined as destruction within the scope of the regulation, and the data controller;

  • In order for the deleted personal data to be inaccessible and reusable for the relevant users,
  • Regarding the destruction of personal data
  • Regarding the anonymization of personal data

It is responsible for taking all necessary technical and administrative measures.

Teknopark fulfills its obligations regarding the deletion, destruction or anonymization of personal data ex officio or upon the request of the person concerned, in the event that all the conditions for the processing of personal data cease to exist within the framework of these regulations.

  1. STORAGE AND DISPOSAL TIMES

In addition to the retention periods determined by Teknopark in accordance with the principle of limitation of purpose for the storage of personal data, there are also storage periods determined within the scope of the relevant legislation to which Teknopark is subject. According to this; If there is a period stipulated in the legislation for the relevant personal data, Teknopark complies with this period; If such a period is not foreseen, it stores the data only for the period necessary for the purpose for which they are processed. In the absence of a valid reason for further storage of a data, it deletes, destroys or anonymizes the data in the first periodical destruction process following the date on which the obligation to delete, destroy or anonymize personal data arises.

When the person concerned requests the deletion or destruction of his personal data by applying to Teknopark, pursuant to Article 13 of the LPPD;

  1. a) If all the conditions for processing personal data are no longer valid, Teknopark deletes, destroys or anonymizes the personal data subject to the request. Teknopark finalizes the request of the person concerned within thirty days at the latest and informs the person concerned.
    b) If all the conditions for processing personal data have been removed and the personal data subject to the request has been transferred to third parties, Teknopark notifies the third party; It ensures that the necessary actions are taken within the scope of the Regulation before the third party. may be rejected by explaining the reason in accordance with the third paragraph of Article 13 of the LPPD and the rejection response is notified to the relevant person in writing or electronically within thirty days at the latest.

The table showing the storage and destruction periods of personal data on a process basis is in the annex (Annex-2) of this Policy.

  1. PERIODIC DISPOSAL TIMES

Periodic destruction period is 6 months. It is carried out in six-month periods following the date on which the obligation to delete, destroy or anonymize personal data arises (dates in Annex 3).

  1. ENFORCEMENT AND OTHER PROVISIONS

This Policy is deemed to have entered into force after its publication on our company’s website. In the event that 1773 ITU Teknopark makes an update to this Policy, the information regarding the said change is stated in the annex (Annex-3) of this Policy. The Current Policy will enter into force on the date of publication.

Release date: 17/03/2023

ATTACHMENTS

APPENDIX 1- Contact list
APPENDIX 2- Personal Data Retention and Disposal Periods APPENDIX 3- Update table

Annex 1:

İlgili Kişi Listesi
Çalışan (/Stajyer)Danışman
Çalışan Adayı (/Stajyer Adayı)Aday Danışman
GirişimciAday firma şirket çalışanı
ZiyaretçiGirişimci şirket çalışan adayı
Teknopark kuluçka girişimci adayıEtkinlik katılımcısı
Mentor/hakem/koç3. şirket çalışan adayı
Aday Mentor ve/veya koçAday girişimci
KatılımcıAday girişimci
Aday katılımcı şirket çalışanıİnternet erişimi kullanıcısı
Aday katılımcıÖn kuluçka aday girişimci
Aday katılımcı şirket çalışanıİnternet erişimi kullanıcısı
Katılımcı şirket çalışanıAkademik Kuluçka Merkezi Aday girişimci
Teknopark ön kuluçka girişimci adayıE-Bülten abonesi
3. kişiler: Akademik Kuluçka Merkezi Aday girişimci şirket çalışanı
Teknopark kuluçka girişimci adayı ortağı
Ön Kuluçka girişimci adayı kurucu ortak
İTÜ kuluçka mentor ve/veya koç adayı referansları
Akademik Kuluçka Merkezi katılımcı adayı referansları
Girişimci adayı ekip üyesi
Akademik Kuluçka Merkezi Girişimci adayı yatırımcısı/ortağı
Çalışan adayı aile üyeleri/referansları
Yüklenici çalışanları
Teknopark kuluçka girişimci adayı proje danışmanı
Teknopark girişimci adayı yetkilisi/çalışanı
Teknopark kuluçka girişimci adayı referansları
3. şirket çalışan adayı aile üyeleri/referansları
Çalışan aile üyeleri
Girişimci çalışanıTedarikçi çalışanı
Kullanıcı

Annex-2:

Personal Data Retention and Disposal Periods

SÜREÇSAKLAMA SÜRESİİMHA SÜRESİ
İşe alım aday bulmaEn fazla 2 yıl olmak üzere özgeçmişin güncelliğini kaybedeceği süre kadar Saklama süresinin bitimini takiben 180 gün içinde
İşe giriş özlük işlemleriİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Performans değerlendirmeİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Disiplin süreçleriİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Eğitim ve kariyer gelişimİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Alt işveren işlemleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Çalışan maaş ve yan haklar menfaatler süreciİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Raporlama süreçleriİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
3.kişi personel temin destek süreciEn fazla 2 yıl olmak üzere özgeçmişin güncelliğini kaybedeceği süre kadarSaklama süresinin bitimini takiben 180 gün içinde
Girişimci şirket insan kaynakları destek süreçleriEn fazla 2 yıl olmak üzere özgeçmişin güncelliğini kaybedeceği süre kadar Saklama süresinin bitimini takiben 180 gün içinde
Girişimcilik programları başvuru/değerlendirme süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Girişimcilik programları operasyonel süreçlerİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Girişimcilik programları eğitim/mentorluk süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Bina güvenlik süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Girişimci tanıtım süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Hızlandırma programı aday başvuru/davet/değerlendirme süreciİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Hızlandırma programı operasyonel süreciİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Hızlandırma programı eğitim/mentorluk süreciİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Hızlandırma programı tanıtım süreciİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Kart basım, teslimat ve operasyon süreciİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Ziyaretçi giriş/ çıkış süreçleriEn fazla 2 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Teknopark yönetim sistemi kullanıcı kayıt/giriş süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Teknopark başvuru/değerlendirme süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Teknopark operasyonel süreçlerİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Teknopark raporlama süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Raporlama süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Otomatik Katılım Sistemi Süreciİş ilişkisinin sona ermesine müteakip 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Kiralama süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Servis hizmetleri süreciİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Marka yönetimiEtkinliğin sona ermesini takiben 2 yılSaklama süresinin bitimini takiben 180 gün içinde
Alt yüklenici işlemleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Hukuk işleri10 yılSaklama süresinin bitimini takiben 180 gün içinde
İnternet hizmeti sağlanmasıEn fazla 2 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Akademik Kuluçka Merkezi başvuru/değerlendirme süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Akademik Kuluçka Merkezi operasyonel süreçlerİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
Akademik Kuluçka Merkezi eğitim/mentorluk süreçleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde
BT altyapısı süreçleri10 yılSaklama süresinin bitimini takiben 180 gün içinde
Hukuk İşleriİş/ticari ilişkinin sona ermesinden itibaren 10 yıl süreyle saklanırSaklama süresinin bitimini takiben 180 gün içinde

Annex-3:

Changes made in this Policy are listed in the table below.

DATE OF UPDATE

SCOPE OF CHANGES

[•][•]
  

 

 

ITU TEKNOPARK INC.

POLICY ON SECURITY OF PRIVATE PERSONAL DATA

  1. PURPOSE

  In accordance with this “Personal Data Retention and Destruction Policy” (Policy), “Personal Data Protection Law No. 6698” (LPPD or Law) and “Regulation on the Deletion, Destruction or Anonymization of Personal Data” (Regulation), data controller ITU Regarding the fulfillment of the obligations of TEKNOPARK A.Ş. (1773 ITU TEKNOPARK or the Company); 1773 It has been prepared for the purpose of determining the maximum storage period required for the purpose for which the personal data processed by ITU TEKNOPARK, and the procedures and principles of the procedures and procedures for deletion, destruction and anonymization of this data are determined.

  1. SCOPE

This Policy is applicable to 1773 ITU TEKNOPARK (Supplier Employee, Employee, Employee Candidate, Entrepreneurial Company Employee Candidate, 3rd Company Employee Candidate, Participant, Participating Company Employee, Entrepreneur, Entrepreneur Employee, 3rd Person (Employee) Family Members)] is related to the measures determined by the Board and taken by 1773 ITU TEKNOPARK in the processing of sensitive personal data.

1773 ITU TEKNOPARK, in addition to the measures specified in this Policy, also takes into account the technical and administrative measures to ensure the appropriate level of security specified in the “Personal Data Security Guide” published on the website of the Personal Data Protection Authority. 1773 Technical and administrative measures taken by ITU TEKNOPARK and other matters regarding the storage and destruction of personal data “ITU TEKNOPARK INC. It is detailed in the Personal Data Retention and Disposal Policy.

  1. DEFINITIONS

The definitions in this Policy are as follows:

Explicit Consent: Consent on a specific subject, based on information and expressed with free will,

Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching with other data,

Relevant Person: The real person whose personal data is processed,

Employee: 1773 ITU TEKNOPARK personnel/intern,

Destruction: Deletion, destruction or anonymization of personal data,

Personal Data: Any information relating to an identified or identifiable natural person,

Special Qualified Personal Data: Data related to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric data. and genetic data,

Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, all kinds of operations carried out on the data, such as the classification or prevention of its use,

Deletion of Personal Data: The process of making personal data inaccessible and unusable for the relevant users,

Destruction of Personal Data: The process of making personal data inaccessible, unrecoverable and reusable by anyone,

The Board: Personal Data Protection Board,

Institution: Personal Data Protection Authority

Data Registration System: The registration system in which personal data is processed and structured according to certain criteria,

Data Controller: Refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

For definitions not included in this Policy, the definitions in the Law and secondary regulations are valid.

You can download the specified form here. In order for your transaction to be put into effect, please make sure to send your shipment to the technopark address after completing the form.

WhatsApp ile Bizimle İletişime Geçin
1