DEFINITIONS
Explicit Consent | : |
freely given, specific and informed consent. |
Anonymization | : |
rendering personal data impossible to link with an identified or identifiable natural person, even though matching them with other data. |
Applicant | : | the natural persons who submit questions, requests, suggestions, complaints, or applications in written, spoken, or electronic form. Other people mentioned in Table-2 within the Tables section hereof may be Applicants. |
Application Form | : | the form prepared by Solvia and found in the Website, which is intended to make the use of the legal rights set out in article 3.B hereof easier for the Data Subject. |
Application Communiqué | : | the Communiqué on the Procedures and Principles of Application to the Data Controller which entered into force by being published in the Official Gazette on 10.03.2018. |
Employee | : | the people, who are/were employed by Solvia, without seeking a written employment contract. |
Prospective Employee | : | the people, who have submitted their CVs to Solvia, irrespective of being employed by Solvia thereafter. |
Stakeholder/Partner | : | Solvia’s stakeholders/partners are natural persons. |
Data Subject | : | the natural person, whose personal data are processed. |
Data User | : | the person who processes the Personal Data through the authorization and instruction they received within Solvia’s organization or from Solvia except for the person or the department responsible for the storage, protection, and backup of the data. |
Disposal | : | the deletion, destruction, or anonymization of the Personal Data. |
Partner Firm | : | the firms which undertake the performance of a job jointly with Solvia and share the earnings resulting from that job. |
Partner Firm’s Authorized Person | : | the shareholders, authorized representatives and/or signatories, and managers of the current or future partner firms of Solvia, who are natural persons. |
Partner Firm’s Employee | : | the employees of the current or future partner firms of Solvia. |
Processing | : | any operation which is performed on personal data, wholly or partially by automated means or non-automated means which provided that form part of a data filing system, such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use thereof. |
Law | : | the Law on the Protection of Personal Data no. 6698. |
Event Participant | : | the natural persons participating in the meetings, seminars, competitions, trainings, and other similar events organized by Solvia. |
Personal Data | : | any information regarding an identified or identifiable natural person including but not limited to name and surname, TR identity number, phone number, and e-mail address. |
Board | : | the Personal Data Protection Board. |
Authority | : | the Personal Data Protection Authority |
Product or Service Recipient (Customer) | : | the natural and legal persons to whom Solvia offers products or services. |
Customer’s Employee | : | the employees of the current or potential customers of Solvia. |
Customer’s Authorized Person | : | the shareholders, authorized representatives and/or signatories, and managers of the current or potential customers of Solvia, who are natural persons. |
Special Categories of Personal Data | : | mean the data related to any person’s race, ethnical origin, political opinion, philosophical belief, religion, religious sect or other beliefs, manner of dressing, membership in any association, foundation or trade union, health, sexual life, criminal conviction, and security measures as well as biometrical and genetical data. |
Periodical Disposal | : | the direct deletion, destruction, or anonymization to be carried out in repeated intervals as specified herein when the conditions of processing the Personal Data disappear entirely. |
Policy | : | this “Personal Data Protection, Processing and Storage Policy of Solvia Yazılım ve Danışmanlık A.Ş.”. |
Potential Product or Service Recipient (Potential Customer) | : | the natural and legal persons for whom Solvia considers/negotiates to offer products or services. |
Prospective Examinee | : | the people to participate in the exams organized by Solvia. |
Deletion | : | the act of rendering Personal Data entirely inaccessible and non-reusable for Data Users. |
Solvia/Company | : | Solvia Yazılım ve Danışmanlık A.Ş. |
Trainee | : | the people, who are/were employed or assigned as trainees by Solvia, without seeking a written contract. |
Other People Involved in the Company | : | mean the natural persons such as press members and media organizations that are not included in the people specified in Personal Data Owner categorizations. |
Company’s Authorized Signatory | : | the authorized representatives and/or signatories of Solvia, who are natural persons. |
Supplier | : | the domestic or foreign firms (being either natural or legal persons) which offers, are considered/negotiated to offer or will offer products or services to Solvia within a contractual relation or based on another commercial/legal relation. |
Supplier’s Employee | : | the employees of the Suppliers. |
Supplier’s Authorized Person | : | the shareholders, authorized representatives, and/or signatories of the Suppliers, who are natural persons. |
Representative | : | the natural persons being in the status of the guardian, custodian, lawyer, and/or legal representative under any other right of the Data Subjects. |
Third-Party | : | the natural or legal persons except for Solvia and the Data Subject. |
Data Processor | : | the natural or legal person who processes personal data on behalf of the Data Controller upon its authorization. |
Data Filing System | : | the system where Personal Data is processed by being structured according to specific criteria. |
Data Controller | : | the natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data filing system. means Solvia under this Policy. |
Website | : | one, several or all of the websites owned or to be owned by Solvia, especially https://www.solviads.com/. |
Website Visitor | : | the visitors being natural persons, who use the Website, register their data therewith, submit their data over the Website or whose data are collected according to Website’s terms of use, regardless of being a member of the Website. |
Destruction | : | the act of rendering Personal Data entirely inaccessible, non-retrievable, and non-reusable for anyone. |
Member of the Board of Directors | : | the natural persons in Solvia’s board of directors. |
Visitor | : | all natural persons who physically arrive at Solvia’s workplace whether to offer or receive a product or service, or not. Other people may also be Visitors excluding the Employees, the Company’s Authorized Signatories, and Members of the Board of Directors mentioned in Table-2 within the Tables section hereof. |
THE PURPOSE, SCOPE AND CHANGE OF THE POLICY
This Policy was prepared to inform the Data Subjects whose Personal Data are processed by Solvia in the capacity of Data Controller pursuant to articles 5 and 6 of the Regulation on the Deletion, Destruction or Anonymization of the Personal Data that was prepared by the Law and the Board and entered into force by being published in the Official Gazette on 28.10.2017.
The Policy contains information about the general regulations regarding the collection, use, transfer, security, storage, and disposal processes of the Personal Data pursuant to the Law and the provisions of other Personal Data legislations as well as Solvia’s operations, activities, and principles related to the Personal Data. The Policy was prepared by Solvia’s Sales and Marketing department, approved with the resolution dated 17/11/2020 of the Board of Directors, and entered into force by being published on the Website on the same date.
Solvia may change or update the Policy from time to time. Such updates and changes become valid as of the date when the Policy is published on the website.
For the cases which are not provided for herein, the provisions of the Law and the provisions of other Personal Data legislations shall apply.
As per Article 4 of the Law, Personal Data can only be processed according to the procedures and principles that are foreseen in the Law or in other laws. The same article has also made compliance with several principles obligatory when processing Personal Data.
In this regard, our Company processes your Personal Data according to the following principles.
If the Personal Data freely gives specific and informed consent, Personal Data can be processed according to the scope and purpose of the expressed consent. When the Personal Data are processed based on explicit consent, the Data Subject is entitled to withdraw his/her explicit consent at any time. Withdrawal statement bears consequences as of the date when it is received by the Data Controller, and the act of processing is ended as of such date. However, even in such a case, if there is another legal reason requiring the storage of the Personal Data, such Personal Data may be stored to the extent which is limited only to that purpose.
In the absence of explicit consent, Personal Data may be processed pursuant to the article 5 of the Law when:
Special Categories of Personal Data refer to such data which may result in discrimination or victimization of the Data Subject if these are getting to known. Therefore, processing of the Special Categories of Personal Data is separately regulated by the Law under stricter conditions. Additionally, taking sufficient measures specified by the Board was also stipulated for processing such data.
When the explicit consent of the Data Subject is available, Special Categories of Personal Data may also be processed within the framework of the matters specified for the explicit consent in section “General Conditions for Processing” above. In the absence of explicit consent, Special Categories of Personal Data may be processed pursuant to the article 6 of the Law when:
The Personal Data which may be processed by Solvia are divided into categories as described in Table-1 within the Tables section at the end of this Policy.
The natural persons whose Personal Data may be processed by Solvia are categorized in Table-2 within the Tables section at the end of this Policy along with their data being processed.
Solvia’s purposes of processing the Personal Data are as follows:
Solvia may collect Personal Data by itself or through its representatives or several channels in accordance with the applicable legislation, Board resolutions, and this Policy by any written, spoken, or electronic means as well as through video/audio records or other physical, visual, audible, written or electronic means. Personal Data may be collected through physical environments/interviews, surveys, forms, contracts, websites, electronic/digital platforms, and sites, online channels including social media platforms, e-mails, sales, marketing, or support departments and events.
The data collected by Solvia can be filed in locked and/or secure areas such as unit/department cabinets or archives if they are hard copies or can be recorded in software, cloud, central server, or Company database if they are soft copies. It is also possible to record Personal Data on peripheral systems such as network devices, flash-based media, magnetic tapes, magnetic discs, mobile phones, optical discs, printers, and gateway/security systems.
As a rule, transfer of the Personal Data to the third parties is not possible without the explicit consent of the Data Subject.
However, regarding the transfers to be made to the third parties inside the country, if there is any condition that makes obtaining Data Subject’s explicit consent unnecessary for processing the Personal Data (for detailed information, see 1.B), separate consent is not sought for such transfers. Regarding the transfers to be made outside the country, if there is any condition that makes obtaining Data Subject’s explicit consent unnecessary for processing the Personal Data (for detailed information, see 1.B), separate consent is not sought for such transfers provided that (i) sufficient protection is available in the foreign country to which the Personal Data will be transferred and the foreign country to which the Personal Data will be transferred are included in the countries which are declared by the Board to have sufficient protection, or (ii) even though sufficient protection is not available in the country to which the Personal Data will be transferred, Solvia and the Data Controller in the foreign country to which the Personal Data will be transferred guarantee sufficient protection in writing and the Board permits such data transfer.
The categories of data transferred to the foreign countries by our Company are as follows: Identity Information, Contact Information, Location Information, Personnel Information, Legal Procedure Information, Customer Procedure Information, Financial Information, Occupational Experience Information, Marketing Information, Audio-Visual Records, Health Information, Criminal Conviction and Security Measures, Occupational Information, Family Member/Relative Information.
The Personal Data kept by our Company may be transferred to the natural or legal Third-Parties inside or outside the country in accordance with the regulations of the Law regarding the transfer of data. The Third Parties to whom Personal Data can be transferred and the purposes of transfer are specified in Table-3 within the Tables section hereof.
Solvia takes legal, technical, and administrative measures to ensure the security of the Personal Data as well as creates internal audit mechanisms and conducts internal awareness activities to ensure the implementation of such measures. To this end, it created the “Internal Security Policy for Personal Data” in addition to the current Policy.
Solvia keeps the Personal Data it collects as long as required by the reason for collecting the data. However, even if the reason for collection disappears, Solvia may keep the Personal Data in order to;
Despite being processed according to the Law and the provisions of other relevant laws, the Personal Data are disposed of by Solvia ex officio or upon Data Subject’s request in the case where all reasons that require processing and storing them disappear. Moreover, Solvia disposes of the Personal Data when:
Personal Data is disposed of by being deleted, destroyed, or anonymized according to the data recording medium and the quality of the data to be disposed of. In order to minimize the possible errors during disposal processes, Solvia introduced the following technical and administrative measures:
Solvia keeps the Personal Data for the period that is required for the purpose of processing them in accordance with the principles provided by the Law. Even if the reason for collection disappears, Personal Data may continue to be kept to the extent which is required for Solvia to fulfill any of Solvia’s legal obligations or justified by Solvia’s legitimate interests. After such periods expire, Personal Data is deleted, destroyed, or anonymized during the next periodical disposal.
The Periodical disposal interval of Solvia is 6 months. The Board may shorten that interval if such damages that are difficult or impossible to recover arise or if there is a violation of the law.
Alper Karabulut has been assigned as the Personal Data Processing Officer based on the decision made by Solvia’s management in order to conduct Personal Data storage and disposal processes and to take necessary actions pursuant to the legislation and this Policy.
The main duties of the Personal Data Processing Officer are as follows:
Data Subject is entitled to
If the Data Subject intends to exercise his/her rights, he/she should apply to Solvia at first.
Pursuant to the Application Communiqué, if the Data Subject intends to exercise his/her rights, he/she may send his/her request in writing or through registered e-mail (KEP), secure electronic signature, mobile signature, or the e-mail address previously notified to Solvia by the Data Subject and recorded in Solvia’s system. Moreover, applications must be made in Turkish in order to be able to exercise the application right pursuant to the provisions of the Application Communiqué.
When exercising such rights, one may use the “Application Form” available on the Website. If the Data Subject intends to make an application in writing, he/she may send the completed and originally signed form to Solvia’s following address by means of a notary public, deliver it by hand, or convey it through his/her legal representative or agent.
Address: Kozyatağı Mh. Değirmen Sk. No: 18 Nida Kule A8 Giriş Kadıköy – İstanbul
For the applications to be made electronically (by e-mail), it is necessary to fill in the Application Form, scan the originally signed form in PDF format and send it to Solvia’s e-mail address info@solviads.com.
Applications must include the name, surname, signature if the application is in writing, TR identity number of the citizens of the Republic of Turkey, the nationality, passport number, and identity number (if any) of the foreigners, principal residence, or workplace address for notification, principal e-mail address, phone and fax number for notification (if any), and the subject of the Request. For the applications to be made by a legal representative, such applications must be accompanied by the notarized special power of attorney or the documents demonstrating the authority of legal representation (e.g. approved guardianship decision) as well as the document supporting your request, if any, especially such documents which demonstrate the facts when you state that you suffer damages or an unfavorable result.
Solvia reserves its legal rights against erroneous, unreal/illegal, and malicious applications.
Data Subject’s application is answered freely as soon as possible, in each case within 30 days following the day when the application is delivered to Solvia, per the quality of the request. However, the fee in the tariff specified by the Board may be charged where the procedure incurs an extra cost. In accordance with this Policy, the failure to share the information and documents mentioned above completely and correctly, the failure to state the request clearly, the failure to convey the documents supporting the request at all or duly, and for the applications made through an agent, the failure to add the copy of the power of attorney may cause difficulties or delays in fulfilling your request. Solvia may not be held responsible for such delays.
Solvia may accept the request sent by the Data Subject in his/her application or reject it by giving a justification. The response to the application is notified in writing or electronically. If the request made in the application is accepted, Solvia takes the necessary action.
If the application is rejected, the response is found to be insufficient or the response is not given within due time, the Data Subject is entitled to make a complaint to the Board within thirty days following the day when it gets to know Solvia’s response, in any case within sixty days following the application date.
TABLES
Table-1 Categories of Processed Personal Data
Personal Data Category | Description |
Identity Information | the information such as name and surname, mother’s and father’s name, mother’s maiden name, date of birth, place of birth, marital status, identity card serial number, TR identity number, etc. |
Contact Information | the information such as an address, e-mail address, contact address, registered e-mail address, phone number, etc. |
Family Member/Relative Information | the identity and contact information related to the spouse, children, parents, and relatives of the Data Subject. |
Location Information | the information such as the location information about the current place. |
Personnel Information | the information such as payroll information, disciplinary proceeding, statement of employment, CV information, performance assessment reports, etc. |
Legal Procedure Information | the information such as those contained in judicial correspondence, those contained in the case file, etc. |
Customer Procedure Information | the information such as call center records, invoice, bill and check information, order information, demand information, etc. |
Physical Space Security Information | the information such as entry and exit information about employees and visitors, camera records, etc. |
Procedure Security Information | the information such as IP address information, website entry, and exit information, password information, etc. |
Risk Management Information | the information processed for managing commercial, technical and administrative risks. |
Financial Information | the information such as balance sheet information, financial performance information, credit and risk information, asset information, etc. |
Occupational Experience Information | the information about diplomas, completed courses, on-the-job trainings, certificates, and academic records. |
Occupational Information | the information such as the position and title in the company for which the person works. |
Marketing Information | the purchase history information as well as the information obtained from surveys, cookie records, and campaigns. |
Audio-Visual Records | the information such as the audio-visual records. |
Health Information | the information such as health information, disability information, blood group information, personal health information, information on the devices or prostheses used, etc. |
Criminal Conviction and Security Measures | the information about criminal conviction and security measures. |
Table-2 Groups of People Whose Personal Data Are Processed
Data Subject Category | Categories of Data Being Able to Be Processed |
Applicant | Identity Information, Contact Information, Legal Procedure Information |
Employee | Identity Information, Contact Information, Location Information, Personnel Information, Legal Procedure Information, Customer Procedure Information, Physical Space Security Information, Procedure Security, Risk Management, Occupational Experience Information, Audio-Visual Records, Health Information, Criminal Conviction and Security Measures, Family Member/Relative Information |
Prospective Employee | Identity Information, Contact Information, Personnel Information, Occupational Experience Information, Audio-Visual Records, Health Information, Occupational Information |
Event Participant | Identity Information, Contact Information, Occupational Information |
Stakeholder/Partner | Identity Information, Contact Information, Location Information, Legal Procedure Information, Occupational Information |
Partner Firm | Identity Information, Contact Information, Legal Procedure Information, Financial Information |
Partner Firm’s Employee | Identity Information, Contact Information, Occupational Information |
Partner Firm’s Authorized Person | Identity Information, Contact Information, Occupational Information |
Customer | Identity Information, Contact Information, Location Information, Legal Procedure Information, Customer Procedure Information, Marketing Information, Occupational Information |
Customer’s Employee | Identity Information, Contact Information, Location Information, Legal Procedure Information, Customer Procedure Information, Marketing Information, Occupational Information |
Customer’s Authorized Person | Identity Information, Contact Information, Location Information, Legal Procedure Information, Customer Procedure Information, Marketing Information, Occupational Information |
Potential Customer | Identity Information, Contact Information, Location Information, Customer Procedure Information, Financial Information, Marketing Information, Occupational Information |
Prospective Examinee | Personnel Information, Occupational Experience Information |
Trainee | Identity Information, Contact Information, Family Member/Relative Information, Personnel Information, Physical Space Security Information, Occupational Experience Information, Audio-Visual Records, Health Information, Criminal Conviction and Security Measures, Procedure Security Information |
Company’s Authorized Signatory | Identity Information, Contact Information, Physical Space Security |
Other People Involved in the Company | Identity Information, Contact Information |
Supplier | Financial Information |
Supplier’s Employee | Identity Information, Contact Information, Legal Procedure Information, Occupational Information, Criminal Conviction and Security Measures |
Supplier’s Authorized Person | Identity Information, Contact Information, Legal Procedure Information, Occupational Information |
Representative | Identity Information, Contact Information, Legal Procedure Information |
Website Visitor | Identity Information, Contact Information |
Member of the Board of Directors | Identity Information, Contact Information, Physical Space Security Information |
Visitor | Identity Information, Contact Information, Physical Space Security Information, Procedure Security Information, Audio-Visual Records |
Table-3 The Third Parties to Whom Personal Data Can Be Transferred and the Purposes of Transfer
The Third Parties to Whom Personal Data Can Be Transferred | Purposes of Transfer |
Service Providing Accounting Firm, Service Providing Agencies, Personal Retirement Insurance Firm, Life Insurance Firm, Legal Counsels, Health Insurance Firm, Payroll Preparation Firm, Service Providing Public Accountant Firm, Suppliers | Personal Data may be transferred to the service providing firms/people specified in this article within the scope of the products and services, and the commercial, legal and contractual relation established to the extent which is limited to the data to be processed and the purposes of processing such data. |
Employees | In order for our Company, and in this regard, our employees to duly carry out their assignments and to allow for communications, Personal Data of other employees, customers as well as other people to whom the employees have to reach to fulfill their duties may be shared to the employees. |
Event Sponsors | Personal Data may be transferred to the Sponsors so as to be used for fulfilling their sponsorship activities and obligations to the extent which is limited to such data that are required for achieving that purpose. |
Natural Persons or Legal Persons | Personal Data may be transferred to the legal persons which are legally authorized to request information and/or document from Solvia to the extent which is limited to their requests and to such data that are required by law. |
Business Partners | Personal Data may be transferred in a limited manner within the framework of the partnership established and to ensure the fulfillment of the partnership requirements. |
Stakeholders | Personal Data may be shared with the stakeholders to the extent which is limited to the purposes of following up the activities, determining and developing business strategies, carrying out audits, and informing the shareholders. |
Customers | Personal Data of the employees may be shared with the customers in order to offer the products and services received by the customers within the framework of the relation between the customers and us. |
Authorized Public Institutions and Organizations | Personal Data may be transferred to the legally authorized public institutions and organizations to the extent which is limited to their requests and to such data that are required by law. |
The SAP software and training products sold by Solvia as well as Solvia’s services and products are subject to the export control and sanction laws which are in force in Turkey, Germany, the EU, and the USA.
Regarding the developments and know-how use within the scope of the Outputs and Services, Solvia and its customers are obliged to act according to all applicable national and international legislations as well as the rules and laws concerning the use of the Internet including but not limited to the export laws, regulations, and principles of the Republic of Turkey, the USA, USA’s OFAC, the UK and the EU, and Solvia and its customers may not make available, offer or export the Outputs as well as the know-how, developments and Confidential Information within the scope of the Services to the prohibited countries or institutions stated in such legislations.
You’ll receive an email shortly.
If not, reach us on solviamarketing@solviads.com