22 December 2024 Sunday

Mustafa Kemal Atatürk

Personal Data Protection Authority Policies

SCOPE 

Personal Data Protection Authority, which is a public legal entity and has administrative and financial autonomy, has been established to carry out duties conferred on it under the Law No. 6698.

Please click the link to get more detail  https://kvkk.gov.tr/en/

lEGıslatıons

AYDIN ​​COMMODITY EXCHANGE personal data is processed in accordance with the procedures and principles stipulated in the Personal Data Protection Law and other laws.

  •  Care is taken to comply with the following principles in the processing of personal data
  •  Compliance with the law and the rules of honesty.
  •  Being accurate and up-to-date when necessary.
  •  Specific, clear and legitimate purposes 
  • Being connected, limited and proportionate to the purpose for which they are processed.
  • Keeping for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.

PROCESSING AND STORAGE CONDITIONS OF PERSONAL DATA

Personal data cannot be processed without the explicit consent of the relevant person.

  • It is clearly foreseen by law.
  • It is mandatory for the protection of the life or physical integrity of the person or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not given legal validity.
  • Processing personal data of the parties to the contract, provided that it is directly related to the establishment or execution of a contract. 
  • It must be mandatory for the data controller to fulfill its legal obligation.
  • It must be made public by the data subject himself.
  • It is mandatory to process data for the establishment, exercise or protection of a right.
  • Provided that it does not harm the fundamental rights and freedoms of the data controller, the data controller has a legitimate Data processing is mandatory for their interests.

qualıfıed ındıvıdual datas 

According to the Personal Data Protection Law, individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, biometric data and genetic data are special personal data.

 It is forbidden to process special personal data at AYDIN ​​COMMODITY EXCHANGE without the express consent of the person concerned.

Special quality personal data are processed by taking the measures determined by the Personal Data Protection Board.

PERSONAL DATA PROCESSED AND STORED

Data Category

Description

Identity

Information such as Name-Surname, Parent's Name, Date of Birth, Place of Birth, Marital Status, Population Information, TR Identity Number, Passport.

Contact

Information such as Address, E-Mail Address, Contact Address, Registered Electronic Mail Address (KEP), Telephone Number, Fax

Briefness

Payroll Information, Disciplinary Information, Employment and Exit Records, CV Information, Annual Leave,

Act in Law

Correspondence with Judicial Authorities, Case Files

Process Security

IP Address

Clients/Supplier Facts

Invoice, Delivery Note, Check and Promissory Note Information, Bank Receipts, Credit Card Information

Local Security

Employee Entry and Exit Records, Camera Records

Finance

Bank Info

Jop Experience

Diploma Information, Courses Attended, Vocational Training Information, Certificates,

Audio Visual Documents

Photos

Health Info (qualified person)

Blood Type, Health Reports, Disability Information

Servitude

Criminal Record, Enforcement Case Information

 

 

relevant person rıghts

Relevant Persons may apply to AYDIN ​​COMMODITY EXCHANGE to:

  • Learn whether their personal data has been processed or not,
  • Request information if processed,
  • Learn the purpose of processing and whether it is used in accordance with its purpose,
  • Know the 3rd parties to whom it has been transferred domestically/abroad,
  • Incomplete/ Requesting correction if it has been processed incorrectly,
  • Requesting deletion/destruction within the framework of the conditions stipulated in Article 7 of the Personal Data Protection,
  • Requesting that the transactions carried out in accordance with articles (e) and (f) be notified to the parties to whom personal data are transferred,
  • Exclusively through automatic systems The user has the right to object to an unfavorable result arising from the analysis, and to request compensation for the damage in case of damage due to illegal processing.

In accordance with the 1st paragraph of Article 13 of the Personal Data Protection Law, Relevant Persons may submit their requests to exercise their above-mentioned rights to AYDIN ​​COMMODITY EXCHANGE in writing or with an electronic signature via KEP.

To exercise the above-mentioned rights, they must provide the necessary identifying information and explanations. The request containing the Personal Data Application Form can be submitted by filling out the Personal Data Application Form and with a signed copy of the form to the address AYDIN ​​COMMODITY EXCHANGE Ata Mahallesi 738 st. 2 AYDIN ​​with identifying documents in person, through a notary or with a secure electronic signature to aydinticaretborsasi@hs01.kep.tr.

OBLIGATIONS RELATED TO DATA SECURITY

AYDIN ​​COMMODITY EXCHANGE;

  • Prevents the unlawful processing of personal data,
  • Prevents unlawful access to personal data,
  • Ensures the preservation of personal data,
  • takes all necessary technical and administrative measures to ensure the appropriate level of security.

The personal data is In case it is committed by another real or legal person on its behalf, it takes the necessary measures together with these persons, ensures their implementation and supervises it. Inspections regarding whether the provisions of the law are implemented are carried out annually, and in case of non-compliances are detected, it carries out the necessary correction activities. Regarding audits, if necessary, outsourcing services are carried out. Data processed within the scope of AYDIN ​​COMMODITY EXCHANGE activities cannot be disclosed to anyone else by data processors contrary to the provisions of the Law and cannot be used for purposes other than processing. This obligation continues even after the data processors leave their positions.

If the processed personal data is obtained by others through illegal means, AYDIN ​​COMMERCE EXCHANGE shall notify the relevant person and the Board of this situation as soon as possible. If necessary, the Board may announce this situation on its own website or through another method it deems appropriate.

In order to ensure Data Security; Personal data inventory and applied protection methods are determined on an operational basis. In order to determine and evaluate Protection Methods, Risk and Threat Identification studies are carried out and methods are developed to eliminate vulnerabilities, if any. Personal Data Inventory, Applied Protection Methods and the status of Risks and Threats are reviewed and revised through annual audits and evaluations. In addition, if there is a situation that may affect information security, these audits are carried out without waiting for the completion of the annual period and precautions are taken.

ADMINISTRATIVE MEASURES

The following administrative measures are implemented to protect Personal Data.

No

Description

1

There are disciplinary regulations that include data security provisions for employees.

2

Training and awareness studies on data security are carried out for employees at regular intervals.

3

An authorization matrix has been created for employees.

4

Corporate policies on access, information security, use, storage and destruction have been prepared and started to be implemented. 

5

Confidentiality commitments are made.

6

The signed contracts include data security provisions.

7

Extra security measures are taken for personal data transferred via paper and the relevant documents are sent in confidential document format.

8

Personal data security policies and procedures have been determined.

9

Personal data security problems are reported quickly .

10

Personal data security is monitored.

11

Necessary security measures are taken regarding entry and exit to physical environments containing personal data.

12

The security of physical environments containing personal data is ensured against external risks (fire, flood, etc.).

13

The security of environments containing personal data is ensured.

14

Personal data is reduced as much as possible

15

Periodic and/or random audits are carried out within the institution.

16

Current risks and threats have been identified.

17

Protocols and procedures for the security of special personal data have been determined and implemented.

18

Data Processing service providers are audited at regular intervals regarding data security. 

19

Data processing service providers are made aware of data security.

TECHNICAL MEASURES

The following technical measures are implemented to protect Personal Data.

NO

Description

1

Network security and application security are ensured.

2

A closed system network is used for personal data transfers through the network.

3

Security measures within the scope of supply, development and maintenance of information technology systems are taken.

4

Access logs are kept regularly.

5

Data masking measures are applied when necessary.

6

There is a change of duty. or the authorizations of employees who leave their jobs in this area are removed.

7

Up-to-date anti-virus systems are used.

8

Firewalls are used.

9

Personal data is backed up and the security of the backed-up personal data is ensured.

10

User account management and authorization control system is implemented and these are also monitored.

11

Log records are kept without user intervention.

12

If special personal data is to be sent via e-mail, it must be sent encrypted and using KEP or corporate mail account.

13

Secure encryption / cryptographic keys are used for special personal data and are managed by different units.

14

Encryption is carried out. 

15

Special qualified persons' data transferred on portable memory, CD, DVD media are encrypted.

Reference and complaınt

contact wıth AYDIN commodıty exchange

aım

This Policy aims to process and protect the personal data of our members, employees, prospective employees, visitors, employees of companies and institutions we cooperate with, our suppliers, employees of other institutions with whom we carry out joint activities, and third parties, in accordance with the law.

scope

The scope covers activities related to the protection, processing, transfer and destruction of personal data of members, employees, employee candidates, visitors, suppliers, employees of companies and institutions with which we cooperate, employees of other institutions with which we carry out joint activities, and third parties.

defınatıon

  • Explicit Consent: Consent regarding a specific subject, based on information and declared with free will, 
  • Anonymization: Making personal data unable to be associated with an identified or identifiable natural person in any way, even by matching it with other data, 
  • Relevant Person: The real person whose personal data is processed,
  • Personal Data: Any information regarding an identified or identifiable natural person,
  • Processing of Personal Data: Obtaining, recording, storing and preserving personal data by fully or partially automatic or non-automatic means, provided that it is part of any data recording system. Any operation performed on data such as changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing its use.
  • Board: Personal Data Protection Board, 
  • Institution: Personal Data Protection Authority, 
  • Data Processor: Real or legal person who processes personal data on behalf of the data controller based on the authority given by the data controller, 
  • Data Controller: Determines the purposes and means of processing personal data, and is responsible for the establishment of the data recording system. It refers to the real or legal person responsible for its management and management.

PROCESSING OF PERSONAL DATA

GENERAL PRINCIPLES

AYDIN ​​COMMODITY EXCHANGE; Personal data is processed in accordance with the procedures and principles stipulated in the Personal Data Protection Law and other laws.

 In the processing of personal data, care is taken to comply with the following principles:

  • Being in compliance with the law and the rules of honesty.
  • Being accurate and up-to-date when necessary.
  • Being specific, clear and up-to-date. Processing for legitimate purposes.
  • Being connected, limited and proportionate to the purpose for which they are processed.
  • Keeping for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.

PROCESSING AND STORAGE CONDITIONS OF PERSONAL DATA

AYDIN ​​COMMODITY EXCHANGE, personal data cannot be processed without the explicit consent of the relevant person.

Only if one of the following conditions is present, it is possible to process personal data without the explicit consent of the relevant person within the scope of Personal Data Protection 

  • Clearly foreseen in the law.
  • Actual impossibility. It is mandatory for the protection of the life or physical integrity of the person or someone else who is unable to express his/her consent due to legal reasons or whose consent is not legally valid. It must be mandatory in order to fulfill its obligation.
  • It must be made public by the relevant person.
  • Data processing is mandatory for the establishment, exercise or protection of a right. 
  • It is mandatory to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the relevant person.

SPECIAL PERSONAL DATA

According to the Personal Data Protection Law, individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures and biometric data. and genetic data are special personal data.

  • It is forbidden to process special personal data at AYDIN ​​COMMODITY EXCHANGE without the express consent of the person concerned.
  • Special quality personal data are processed by taking the measures determined by the Personal Data Protection Board. 
 

LEGAL REASON FOR PROCESSING AND STORING PERSONAL DATA

AYDIN ​​COMMODITY EXCHANGE maintains the personal data processed within the framework of its activities for the period stipulated in the relevant legislation. In this context, personal data; 

  • Personal Data Protection Law, 
  • Turkish Union of Chambers and Commodity Exchanges and Chambers and Commodity Exchanges Law,
  • Turkish Code of Obligations,
  • Capital Market Law,
  • Social Insurance and General Health Insurance Law,
  • On the Internet Law on Regulation of Publications and Combating Crimes Committed through These Publications,
  • Occupational Health and Safety 
  • Labor Law,
  • Tax Procedure Law,
  • Turkish Commercial Code,
  • Execution and Bankruptcy Law,
  • It is stored for the duration of the storage periods stipulated within the framework of the Law on the Collection of Public Receivable,
  • Agricultural Products Licensed Warehousing and other relevant laws and other secondary regulations in force in accordance with these laws.

 

Click to Download Personal Data Information Form.

 

TMEX
TOBB
COMPETITION AUTHORITY
REPUBLIC OF TÜRKİYE  MINISTRY OF TRADE
Ministry of Agriculture and Forestry