Personal Data Protection Authority, which is a public legal entity and has administrative and financial autonomy, has been established to carry out duties conferred on it under the Law No. 6698.

Please click the link to get more detail  https://kvkk.gov.tr/en/

lEGıslatıons

AYDIN ​​COMMODITY EXCHANGE personal data is processed in accordance with the procedures and principles stipulated in the Personal Data Protection Law and other laws.

•  Care is taken to comply with the following principles in the processing of personal data
•  Compliance with the law and the rules of honesty.
•  Being accurate and up-to-date when necessary.
•  Specific, clear and legitimate purposes 
• Being connected, limited and proportionate to the purpose for which they are processed.
• Keeping for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.

Personal data cannot be processed without the explicit consent of the relevant person.

• It is clearly foreseen by law.
• It is mandatory for the protection of the life or physical integrity of the person or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not given legal validity.
• Processing personal data of the parties to the contract, provided that it is directly related to the establishment or execution of a contract. 
• It must be mandatory for the data controller to fulfill its legal obligation.
• It must be made public by the data subject himself.
• It is mandatory to process data for the establishment, exercise or protection of a right.
• Provided that it does not harm the fundamental rights and freedoms of the data controller, the data controller has a legitimate Data processing is mandatory for their interests.

According to the Personal Data Protection Law, individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, biometric data and genetic data are special personal data.

 It is forbidden to process special personal data at AYDIN ​​COMMODITY EXCHANGE without the express consent of the person concerned.

Special quality personal data are processed by taking the measures determined by the Personal Data Protection Board.

Data Category	Description
Identity	Information such as Name-Surname, Parent's Name, Date of Birth, Place of Birth, Marital Status, Population Information, TR Identity Number, Passport.
Contact	Information such as Address, E-Mail Address, Contact Address, Registered Electronic Mail Address (KEP), Telephone Number, Fax
Briefness	Payroll Information, Disciplinary Information, Employment and Exit Records, CV Information, Annual Leave,
Act in Law	Correspondence with Judicial Authorities, Case Files
Process Security	IP Address
Clients/Supplier Facts	Invoice, Delivery Note, Check and Promissory Note Information, Bank Receipts, Credit Card Information
Local Security	Employee Entry and Exit Records, Camera Records
Finance	Bank Info
Jop Experience	Diploma Information, Courses Attended, Vocational Training Information, Certificates,
Audio Visual Documents	Photos
Health Info (qualified person)	Blood Type, Health Reports, Disability Information
Servitude	Criminal Record, Enforcement Case Information

 

Relevant Persons may apply to AYDIN ​​COMMODITY EXCHANGE to:

• Learn whether their personal data has been processed or not,
• Request information if processed,
• Learn the purpose of processing and whether it is used in accordance with its purpose,
• Know the 3rd parties to whom it has been transferred domestically/abroad,
• Incomplete/ Requesting correction if it has been processed incorrectly,
• Requesting deletion/destruction within the framework of the conditions stipulated in Article 7 of the Personal Data Protection,
• Requesting that the transactions carried out in accordance with articles (e) and (f) be notified to the parties to whom personal data are transferred,
• Exclusively through automatic systems The user has the right to object to an unfavorable result arising from the analysis, and to request compensation for the damage in case of damage due to illegal processing.

In accordance with the 1st paragraph of Article 13 of the Personal Data Protection Law, Relevant Persons may submit their requests to exercise their above-mentioned rights to AYDIN ​​COMMODITY EXCHANGE in writing or with an electronic signature via KEP.

To exercise the above-mentioned rights, they must provide the necessary identifying information and explanations. The request containing the Personal Data Application Form can be submitted by filling out the Personal Data Application Form and with a signed copy of the form to the address AYDIN ​​COMMODITY EXCHANGE Ata Mahallesi 738 st. 2 AYDIN ​​with identifying documents in person, through a notary or with a secure electronic signature to aydinticaretborsasi@hs01.kep.tr.

AYDIN ​​COMMODITY EXCHANGE;

• Prevents the unlawful processing of personal data,
• Prevents unlawful access to personal data,
• Ensures the preservation of personal data,
• takes all necessary technical and administrative measures to ensure the appropriate level of security.

The personal data is In case it is committed by another real or legal person on its behalf, it takes the necessary measures together with these persons, ensures their implementation and supervises it. Inspections regarding whether the provisions of the law are implemented are carried out annually, and in case of non-compliances are detected, it carries out the necessary correction activities. Regarding audits, if necessary, outsourcing services are carried out. Data processed within the scope of AYDIN ​​COMMODITY EXCHANGE activities cannot be disclosed to anyone else by data processors contrary to the provisions of the Law and cannot be used for purposes other than processing. This obligation continues even after the data processors leave their positions.

If the processed personal data is obtained by others through illegal means, AYDIN ​​COMMERCE EXCHANGE shall notify the relevant person and the Board of this situation as soon as possible. If necessary, the Board may announce this situation on its own website or through another method it deems appropriate.

In order to ensure Data Security; Personal data inventory and applied protection methods are determined on an operational basis. In order to determine and evaluate Protection Methods, Risk and Threat Identification studies are carried out and methods are developed to eliminate vulnerabilities, if any. Personal Data Inventory, Applied Protection Methods and the status of Risks and Threats are reviewed and revised through annual audits and evaluations. In addition, if there is a situation that may affect information security, these audits are carried out without waiting for the completion of the annual period and precautions are taken.

The following administrative measures are implemented to protect Personal Data.

No	Description
1	There are disciplinary regulations that include data security provisions for employees.
2	Training and awareness studies on data security are carried out for employees at regular intervals.
3	An authorization matrix has been created for employees.
4	Corporate policies on access, information security, use, storage and destruction have been prepared and started to be implemented.
5	Confidentiality commitments are made.
6	The signed contracts include data security provisions.
7	Extra security measures are taken for personal data transferred via paper and the relevant documents are sent in confidential document format.
8	Personal data security policies and procedures have been determined.
9	Personal data security problems are reported quickly .
10	Personal data security is monitored.
11	Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
12	The security of physical environments containing personal data is ensured against external risks (fire, flood, etc.).
13	The security of environments containing personal data is ensured.
14	Personal data is reduced as much as possible
15	Periodic and/or random audits are carried out within the institution.
16	Current risks and threats have been identified.
17	Protocols and procedures for the security of special personal data have been determined and implemented.
18	Data Processing service providers are audited at regular intervals regarding data security.
19	Data processing service providers are made aware of data security.

The following technical measures are implemented to protect Personal Data.

NO	Description
1	Network security and application security are ensured.
2	A closed system network is used for personal data transfers through the network.
3	Security measures within the scope of supply, development and maintenance of information technology systems are taken.
4	Access logs are kept regularly.
5	Data masking measures are applied when necessary.
6	There is a change of duty. or the authorizations of employees who leave their jobs in this area are removed.
7	Up-to-date anti-virus systems are used.
8	Firewalls are used.
9	Personal data is backed up and the security of the backed-up personal data is ensured.
10	User account management and authorization control system is implemented and these are also monitored.
11	Log records are kept without user intervention.
12	If special personal data is to be sent via e-mail, it must be sent encrypted and using KEP or corporate mail account.
13	Secure encryption / cryptographic keys are used for special personal data and are managed by different units.
14	Encryption is carried out.
15	Special qualified persons' data transferred on portable memory, CD, DVD media are encrypted.

Click to Download Personal Data Information Form.