PDPL (KVKK) Information

Personal Data Protection Law

This Clarification Text has been prepared by the Net Risk A.S. (“Company”) in order to enlighten the customers of the Company regarding the processing of their personal data by the Company within the scope of the Law on Protection of Personal Data No.6698 (” Law “).

Detailed information regarding the processing of your personal data within the scope of this Clarification Text can be found in the Net Risk A.S. Personal Data Protection and Processing Policy at [www.netrisk.com.tr].

  1. a) Methods and Legal Reasons of Obtaining Personal Data

Your personal data is collected in electronic or physical environment. Your personal data collected for legal reasons specified in this Clarification Text can be processed and shared within the framework of the personal data processing conditions specified in Articles 5 and 6 of the Law.

  1. b) Purposes of Processing Personal Data

Planning and execution of the activities required for the promotion of your personal data, the products and services offered by the Company within the framework of the personal data processing conditions specified in Articles 5 and 6 of the Law, according to the likes, usage habits and needs of the relevant persons, to carry out the necessary work by the business units to make use of the products and services by the business units, to carrying out the necessary work by the relevant business units for the realization of the commercial activities of the Company, to plan and execute the business strategies of the Company, and for the purpose of ensuring the legal-, technical- and work-safety of the Company and of the relevant persons in business relations with the Company.

  1. c) Parties with which Personal Data can be Shared and Purposes of Sharing

Planning and execution of activities required to customize your personal data, products and services offered by the Company according to the likes, usage habits and needs of the persons concerned, and to recommend and promote them to the persons concerned, within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law, to carry out the necessary work by the business units to benefit the persons concerned from the products and services offered by the Company, the Company’s business partners and suppliers, for the purposes of planning and executing business strategies of the Company and ensuring the legal-, technical- and work-safety of the Company and the persons in business relationship with the Company, may be shared with legally authorized institutions and organizations  and authorized private legal entities.

  1. d) Rights of Data Owners and Exercise of These Rights

As personal data owners, if you submit your requests regarding your rights stated below to the Company using the methods specified under the heading of Exercise of Rights by Data Owners, your requests will be evaluated and concluded by our Company as soon as possible and in any case within 30 (thirty) days.

As a personal data owner in accordance with Article 11 of the Law, you have the following rights:

Learning whether your personal data is being processed,

If your personal data has been processed, to request information regarding this,

Learning the purpose of processing your personal data and whether they are used appropriately for that purpose,

Knowing the third parties within the country or abroad to whom your personal data has been transferred,

Requesting correction of your personal data in case of incomplete or incorrect processing, and requesting notification of the transaction made within this scope to third parties to whom personal data have been transferred,

Requesting the deletion or destruction of your personal data in the event that the reasons requiring its processing disappear, despite the fact that it has been processed in accordance with the provisions of the law and other relevant laws, and notifying the third parties to whom the personal data has been transferred,

Objecting to the occurrence of a result against yourself through analyzing of your processed data exclusively through automated systems,

Requesting compensation for the damage in case your personal data is damaged due to unlawful processing.

Paragraph 2 of Article 28 of the Law lists the cases where data owners do not have the right to request, and within this scope;

Processing of personal data is necessary for the prevention of crime or for criminal investigation,

Processing personal data made public by the person concerned,

Processing of personal data that is necessary for the execution of supervision or regulation duties and disciplinary investigation or prosecution by the commissioned and authorized institutions and organizations, based on the authority granted by the law,

Processing of personal data that is necessary for the protection of the economic and financial interests of the state regarding budget, tax and financial issues,

In such cases, the rights specified above cannot be used for the data.

According to paragraph 1 of Article 28 of the Law, as the data will be out of the scope of the Law in the following cases, the requests of the data owners will not be processed in terms of these data:

Processing of personal data by real persons within the scope of activities related to him or his family members living in the same residence, provided that they are not given to third parties and obligations regarding data security are complied with.

Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics.

Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime.

Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security. Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.

Exercise of Rights by Data Owners

Pursuant to paragraph 1 of Article 13 of the PDP (KVK) Law, you can submit your request to use your above-mentioned rights to our Company in writing or by other methods determined by the Personal Data Protection Board.

In order to excersize your rights specified above per Article 11 of the PDP (KVK) Law, you can send a request by filling out and signing copy of the form that can be found at http://www.netrisk.com.tr/en/wp-content/uploads/2021/03/NETRISK-KVKK-APP-FORM-EN.pdf and including information that verifies your identity and exlains the details of your request, which you can deliver personally, send by certified mail or via notary public to A87 Business Istanbul, Kadıköy/İstanbul-Türkiye address or by other methods specified in the PDP (KVK) Law, or you can send the relevant form to info@netrisk.com.tr with secure electronic signature.

While data owner applications are processed free of charge as a rule, they may be charged over the fee schedule stipulated by the Personal Data Protection Board.

The company may request information from the relevant person in order to determine whether the applicant is the owner of personal data, and may ask questions to the personal data owner about his application, in order to clarify the matters specified in the application.http://www.netrisk.com.tr/en/wp-content/uploads/2021/03/NETRISK-KVKK-APP-FORM-EN.pdf