DEFINITIONS

     
Explicit Consent :

freely given, specific and informed consent.

Anonymization :

rendering personal data impossible to link with an identified or identifiable natural person, even though matching them with other data.

Applicant : the natural persons who submit questions, requests, suggestions, complaints, or applications in written, spoken, or electronic form. Other people mentioned in Table-2 within the Tables section hereof may be Applicants.
Application Form : the form prepared by Solvia and found in the Website, which is intended to make the use of the legal rights set out in article 3.B hereof easier for the Data Subject.
Application Communiqué : the Communiqué on the Procedures and Principles of Application to the Data Controller which entered into force by being published in the Official Gazette on 10.03.2018.
Employee : the people, who are/were employed by Solvia, without seeking a written employment contract.
Prospective Employee : the people, who have submitted their CVs to Solvia, irrespective of being employed by Solvia thereafter.
Stakeholder/Partner : Solvia’s stakeholders/partners are natural persons.
Data Subject : the natural person, whose personal data are processed.
Data User : the person who processes the Personal Data through the authorization and instruction they received within Solvia’s organization or from Solvia except for the person or the department responsible for the storage, protection, and backup of the data.
Disposal : the deletion, destruction, or anonymization of the Personal Data.
Partner Firm : the firms which undertake the performance of a job jointly with Solvia and share the earnings resulting from that job.
Partner Firm’s Authorized Person : the shareholders, authorized representatives and/or signatories, and managers of the current or future partner firms of Solvia, who are natural persons.
Partner Firm’s Employee : the employees of the current or future partner firms of Solvia.
Processing : any operation which is performed on personal data, wholly or partially by automated means or non-automated means which provided that form part of a data filing system, such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use thereof.
Law : the Law on the Protection of Personal Data no. 6698.
Event Participant : the natural persons participating in the meetings, seminars, competitions, trainings, and other similar events organized by Solvia.
Personal Data : any information regarding an identified or identifiable natural person including but not limited to name and surname, TR identity number, phone number, and e-mail address.
Board : the Personal Data Protection Board.
Authority : the Personal Data Protection Authority
Product or Service Recipient (Customer) : the natural and legal persons to whom Solvia offers products or services.
Customer’s Employee : the employees of the current or potential customers of Solvia.
Customer’s Authorized Person : the shareholders, authorized representatives and/or signatories, and managers of the current or potential customers of Solvia, who are natural persons.
Special Categories of Personal Data : mean the data related to any person’s race, ethnical origin, political opinion, philosophical belief, religion, religious sect or other beliefs, manner of dressing, membership in any association, foundation or trade union, health, sexual life, criminal conviction, and security measures as well as biometrical and genetical data.
Periodical Disposal : the direct deletion, destruction, or anonymization to be carried out in repeated intervals as specified herein when the conditions of processing the Personal Data disappear entirely.
Policy : this “Personal Data Protection, Processing and Storage Policy of Solvia Yazılım ve Danışmanlık A.Ş.”.
Potential Product or Service Recipient (Potential Customer) : the natural and legal persons for whom Solvia considers/negotiates to offer products or services.
Prospective Examinee : the people to participate in the exams organized by Solvia.
Deletion : the act of rendering Personal Data entirely inaccessible and non-reusable for Data Users.
Solvia/Company : Solvia Yazılım ve Danışmanlık A.Ş.
Trainee : the people, who are/were employed or assigned as trainees by Solvia, without seeking a written contract.
Other People Involved in the Company : mean the natural persons such as press members and media organizations that are not included in the people specified in Personal Data Owner categorizations.
Company’s Authorized Signatory : the authorized representatives and/or signatories of Solvia, who are natural persons.
Supplier : the domestic or foreign firms (being either natural or legal persons) which offers, are considered/negotiated to offer or will offer products or services to Solvia within a contractual relation or based on another commercial/legal relation.
Supplier’s Employee : the employees of the Suppliers.
Supplier’s Authorized Person : the shareholders, authorized representatives, and/or signatories of the Suppliers, who are natural persons.
Representative : the natural persons being in the status of the guardian, custodian, lawyer, and/or legal representative under any other right of the Data Subjects.
Third-Party : the natural or legal persons except for Solvia and the Data Subject.
Data Processor : the natural or legal person who processes personal data on behalf of the Data Controller upon its authorization.
Data Filing System : the system where Personal Data is processed by being structured according to specific criteria.
Data Controller : the natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data filing system. means Solvia under this Policy.
Web sitesi : one, several or all of the websites owned or to be owned by Solvia, especially https://www.solviads.com/.
Website Visitor : the visitors being natural persons, who use the Website, register their data therewith, submit their data over the Website or whose data are collected according to Website’s terms of use, regardless of being a member of the Website.
Destruction : the act of rendering Personal Data entirely inaccessible, non-retrievable, and non-reusable for anyone.
Member of the Board of Directors : the natural persons in Solvia’s board of directors.
Visitor : all natural persons who physically arrive at Solvia’s workplace whether to offer or receive a product or service, or not. Other people may also be Visitors excluding the Employees, the Company’s Authorized Signatories, and Members of the Board of Directors mentioned in Table-2 within the Tables section hereof.

THE PURPOSE, SCOPE AND CHANGE OF THE POLICY

This Policy was prepared to inform the Data Subjects whose Personal Data are processed by Solvia in the capacity of Data Controller pursuant to articles 5 and 6 of the Regulation on the Deletion, Destruction or Anonymization of the Personal Data that was prepared by the Law and the Board and entered into force by being published in the Official Gazette on 28.10.2017.

The Policy contains information about the general regulations regarding the collection, use, transfer, security, storage, and disposal processes of the Personal Data pursuant to the Law and the provisions of other Personal Data legislations as well as Solvia’s operations, activities, and principles related to the Personal Data. The Policy was prepared by Solvia’s Sales and Marketing department, approved with the resolution dated 17/11/2020 of the Board of Directors, and entered into force by being published on the Website on the same date. 

Solvia may change or update the Policy from time to time. Such updates and changes become valid as of the date when the Policy is published on the website.

For the cases which are not provided for herein, the provisions of the Law and the provisions of other Personal Data legislations shall apply.

  1. PROCESSING OF PERSONAL DATA
  1. GENERAL PRINCIPLES

As per Article 4 of the Law, Personal Data can only be processed according to the procedures and principles that are foreseen in the Law or in other laws. The same article has also made compliance with several principles obligatory when processing Personal Data.

In this regard, our Company processes your Personal Data according to the following principles.

  • Lawfulness and fairness: When processing the Personal Data, Solvia acts in accordance with the applicable legislative provisions, conducts transparently, and pays regard to the interests and reasonable expectations of the Data Subjects. Within this scope, it does not collect and/or process Personal Data without Data Subject’s knowledge.
  • Being accurate and kept up to date where necessary: Solvia exercises due care and diligence for the Personal Data it processes to be accurate and up to date. Within this scope, it makes the necessary channels available to allow for the data to be accurate and up to date, and it provides the correction of the data upon Data Owner’s application or in the case of an ex officio detection.
  • Being processed for specified, explicit, and legitimate purposes: As a requirement of the clarification obligation, Solvia explicitly specifies its purposes of processing the Personal Data and notifying them to the Data Subjects. It processes Personal Data according to the Law and for legitimate purposes.
  • Being relevant, limited, and proportionate to the purposes for which they are processed: Solvia collects the Personal Data only for certain purposes and as much as needed, pays attention that the data it collects is suitable for fulfilling the purposes, avoids processing the Personal Data which are not relevant or necessary for fulfilling the purposes, and uses the Personal Data in the cases required by the purposes.
  • Being stored for the period laid down by relevant legislation or the period required for the purpose for which they are processed: If there is a period set out for Personal Data stored in the relevant legislation, Solvia observes such period. In the absence of any such period, it only keeps the data during the period required for the purpose of processing them. If there is not any legally valid reason for data storage, it disposes of the relevant data as set out herein or according to other procedures to be provided for by the legislation or Board resolution.
  1. GENERAL PROCESSING CONDITIONS

If the Personal Data freely gives specific and informed consent, Personal Data can be processed according to the scope and purpose of the expressed consent. When the Personal Data are processed based on explicit consent, the Data Subject is entitled to withdraw his/her explicit consent at any time. Withdrawal statement bears consequences as of the date when it is received by the Data Controller, and the act of processing is ended as of such date. However, even in such a case, if there is another legal reason requiring the storage of the Personal Data, such Personal Data may be stored to the extent which is limited only to that purpose.

In the absence of explicit consent, Personal Data may be processed pursuant to the article 5 of the Law when:

  • It is expressly provided for by the laws: Personal Data may be processed without seeking Data Subject’s explicit consent provided that the Laws contain express provisions for processing Personal Data. This includes submitting information about employee salaries upon the request of the Tax Office.
  • It is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to explain his/her consent due to the physical disability or whose consent is not deemed legally valid: Personal Data may be processed without seeking Data Subject’s explicit consent when the Data Subject is unable to explain his/her consent or his/her consent is not deemed legally valid, or it is necessary for the protection of life or physical integrity of any other person. This includes processing a person’s Personal Data such as name, surname, ID number, phone number, etc. to inform his/her relatives and make the necessary intervention by learning the patient history from the records kept by the authorized health institutions in the cases where medical intervention is required to protect the physical integrity of an unconscious person.
  • Processing of Personal Data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract: If it is directly related to the establishment or performance of the contract, Personal Data of the parties of a contract may be processed without seeking Data Subject’s explicit consent to the extent which is limited to that purpose. This includes obtaining the bank and account information of the other party to make the payments as required by the contract as well as collecting the address information of the other party/buyer to fulfill the delivery obligation as required by the contract.
  • It is necessary for compliance with a legal obligation to which the Data Controller is subject: When there is a legal obligation, Personal Data may be processed without seeking Data Subject’s explicit consent to fulfill such legal obligation. This includes submitting information about the employees or customers to the examination by the public officials during the tax audit performed for the employer, using employee’s bank and account information for paying his/her salary as well as collecting information about marital status, his/her dependents, employment status of his/her spouse and social insurance.
  • Personal data have been made public by the data subject himself/herself: The Personal Data of the Data Subject which are made public by the Data Subject himself/herself and disclosed to the public in any manner may be processed without the need for a separate explicit consent provided that they are used according to the reason for publication. This includes the person’s declaration of his/her own contact information for communication as well as sharing the phone and e-mail information of the employees on the corporate website.
  • Data processing is necessary for the establishment, exercise, or protection of any right: If it is necessary for the establishment, exercise, or protection of any right of the Data Controller, Personal Data may be processed without seeking Data Subject’s explicit consent. This includes keeping the documents such as invoice, contract, surety bond, etc. against any possible legal proceedings until the end of the limitation period upon the expiration of a contract, keeping necessary information about a fired or resigned employee during the limitation period of the case, and submitting the data as claims/pleas/proofs in the case file when being involved in the case.
  • Processing of data is necessary for the legitimate interests pursued by the Data Controller, provided that this processing shall not violate the fundamental rights and freedoms of the Data Subject: If it is necessary for the legitimate interests pursued by him/her, the Data Controller may process the Personal Data without seeking explicit consent provided that the rights of the Data Subject are not impaired. This includes processing the Personal Data of the employees so as to be a basis for arranging their promotions, salary increases, or social benefits as well as for distributing the duties and roles during the reorganization of the business provided that their fundamental rights and freedoms are not impaired.
  1. CONDITIONS FOR PROCESSING THE SPECIAL CATEGORIES OF PERSONAL DATA

Special Categories of Personal Data refer to such data which may result in discrimination or victimization of the Data Subject if these are getting to known. Therefore, processing of the Special Categories of Personal Data is separately regulated by the Law under stricter conditions. Additionally, taking sufficient measures specified by the Board was also stipulated for processing such data.

When the explicit consent of the Data Subject is available, Special Categories of Personal Data may also be processed within the framework of the matters specified for the explicit consent in section “General Conditions for Processing” above. In the absence of explicit consent, Special Categories of Personal Data may be processed pursuant to the article 6 of the Law when:

  • Data Concerning Health and Sexual Life: Personal Data concerning health and sexual life may be processed by the people bound by a confidentiality obligation or authorized people or institutions without seeking Data Subject’s explicit consent only for the purposes of public health protection; conducting preventive medicine, medical diagnosis, treatment and care services; and creating and managing healthcare and finance plans.
  • Other Special Categories of Personal Data: Except for those concerning health and sexual life, Special Categories of Personal Data may be processed without seeking Data Subject’s explicit consent in the cases stipulated by the Law.
  1. IMPLEMENTATIONS AND ACTIVITIES CARRIED OUT BY OUR COMPANY REGARDING PERSONAL DATA
  2. PROCESSED PERSONAL DATA CATEGORIES

The Personal Data which may be processed by Solvia are divided into categories as described in Table-1 within the Tables section at the end of this Policy.

  1. GROUPS OF PEOPLE WHOSE PERSONAL DATA ARE PROCESSED

Arama butonu yardımı ile natural persons whose Personal Data may be processed by Solvia are categorized in Table-2 within the Tables section at the end of this Policy along with their data being processed.

  1. PURPOSES OF PROCESSING THE PERSONAL DATA

Solvia’s purposes of processing the Personal Data are as follows:

  • Acil durum yönetimi süreçlerinin yürütülmesi, Bilgi güvenliği süreçlerinin yürütülmesi, Denetim / etik faaliyetlerinin yürütülmesi, Risk yönetimi süreçlerinin yürütülmesi, Eğitim faaliyetlerinin yürütülmesi, Erişim yetkilerinin yürütülmesi, Stratejik planlama faaliyetlerinin yürütülmesi, Ziyaretçi kayıtlarının oluşturulması ve takibi
  • Faaliyetlerin mevzuata uygun yürütülmesi, Finans ve muhasebe işlerinin yürütülmesi Fiziksel mekan güvenliğinin temini, Görevlendirme süreçlerinin yürütülmesi, İş faaliyetlerinin yürütülmesi / denetimi, İş süreçlerinin iyileştirilmesine yönelik önerilerin alınması ve değerlendirilmesi, Organizasyon ve etkinlik yönetimi, Sözleşme süreçlerinin yürütülmesi, Sponsorluk faaliyetlerinin yürütülmesi, Tedarik zinciri yönetimi süreçlerinin yürütülmesi, Ücret politikasının yürütülmesi, Yönetim faaliyetlerinin yürütülmesi
  • Conducting the selection and recruitment of the prospective employees/trainees/students, Conducting the application processes of prospective employees, Fulfilling obligations arising from the employment contract and legislation for employees, Conducting the fringe right processes for employees, Defining user accounts for employees, Tracking shared vehicles, Defining business PCs/phones and e-mail addresses, Issuing company IDs and meal cards, Planning human resources processes, Conducting occupational health/safety activities, Conducting performance assessment processes, Foreign personnel work, and residence permit procedures, Conducting talent/career development activities
  • Ürün ve hizmetlerin sunulması, Sunulan ürün ve hizmetlerin taleplere uygun olarak özelleştirilmesi, Ürün ve hizmetlerin müşteri ihtiyaçları/ yasal ve teknik gelişmeler sebebiyle güncellenmesi ve geliştirilmesi, Firma / ürün / hizmetlere bağlılık süreçlerinin yürütülmesi, Mal / hizmet satın alım süreçlerinin yürütülmesi, Mal / hizmet satış sonrası destek hizmetlerinin yürütülmesi, Mal / hizmet satış süreçlerinin yürütülmesi, Mal / hizmet üretim ve operasyon süreçlerinin yürütülmesi, Müşteri ilişkileri yönetimi süreçlerinin yürütülmesi
  • Web sitesi güvenliğinin sağlanması, Web sitesi kullanım analizi, Web sitesi üzerindeki iletişim formu üzerinden iletilen taleplerin karşılanması
  • Fulfilling legal and contractual obligations, Pursuing and conducting legal affairs, Conducting internal audit/investigation/intelligence processes, Tracking requests/complaints, Informing authorized persons, institutions, and organizations
  • İletişim faaliyetlerinin yürütülmesi, Reklam / kampanya / promosyon süreçlerinin yürütülmesi, Pazarlama analiz çalışmalarının yürütülmesi, Müşteri memnuniyetine yönelik aktivitelerin yürütülmesi, Ürün / hizmetlerin pazarlama süreçlerinin yürütülmesi
  1. COLLECTION AND RECORDING OF PERSONAL DATA

Solvia may collect Personal Data by itself or through its representatives or several channels in accordance with the applicable legislation, Board resolutions, and this Policy by any written, spoken, or electronic means as well as through video/audio records or other physical, visual, audible, written or electronic means. Personal Data may be collected through physical environments/interviews, surveys, forms, contracts, websites, electronic/digital platforms, and sites, online channels including social media platforms, e-mails, sales, marketing, or support departments and events.

The data collected by Solvia can be filed in locked and/or secure areas such as unit/department cabinets or archives if they are hard copies or can be recorded in software, cloud, central server, or Company database if they are soft copies. It is also possible to record Personal Data on peripheral systems such as network devices, flash-based media, magnetic tapes, magnetic discs, mobile phones, optical discs, printers, and gateway/security systems.

  1. TRANSFER OF PERSONAL DATA

As a rule, transfer of the Personal Data to the third parties is not possible without the explicit consent of the Data Subject. 

However, regarding the transfers to be made to the third parties inside the country, if there is any condition that makes obtaining Data Subject’s explicit consent unnecessary for processing the Personal Data (for detailed information, see 1.B), separate consent is not sought for such transfers. Regarding the transfers to be made outside the country, if there is any condition that makes obtaining Data Subject’s explicit consent unnecessary for processing the Personal Data (for detailed information, see 1.B), separate consent is not sought for such transfers provided that (i) sufficient protection is available in the foreign country to which the Personal Data will be transferred and the foreign country to which the Personal Data will be transferred are included in the countries which are declared by the Board to have sufficient protection, or (ii) even though sufficient protection is not available in the country to which the Personal Data will be transferred, Solvia and the Data Controller in the foreign country to which the Personal Data will be transferred guarantee sufficient protection in writing and the Board permits such data transfer.

The categories of data transferred to the foreign countries by our Company are as follows: Identity Information, Contact Information, Location Information, Personnel Information, Legal Procedure Information, Customer Procedure Information, Financial Information, Occupational Experience Information, Marketing Information, Audio-Visual Records, Health Information, Criminal Conviction and Security Measures, Occupational Information, Family Member/Relative Information.

The Personal Data kept by our Company may be transferred to the natural or legal Third-Parties inside or outside the country in accordance with the regulations of the Law regarding the transfer of data. The Third Parties to whom Personal Data can be transferred and the purposes of transfer are specified in Table-3 within the Tables section hereof.

  1. SECURITY, STORAGE, AND DISPOSAL OF PERSONAL DATA

Solvia takes legal, technical, and administrative measures to ensure the security of the Personal Data as well as creates internal audit mechanisms and conducts internal awareness activities to ensure the implementation of such measures. To this end, it created the “Internal Security Policy for Personal Data” in addition to the current Policy.

  • LEGAL, TECHNICAL AND OTHER REASONS REQUIRING THE STORAGE OF PERSONAL DATA

Solvia keeps the Personal Data it collects as long as required by the reason for collecting the data. However, even if the reason for collection disappears, Solvia may keep the Personal Data in order to;

  • fulfill any legal responsibilities, which have arisen or may arise, in compliance with the extents provided and/or periods regulated by the laws.
  • conduct legal processes as well as submit effective and sufficient pleas/claims during the limitation periods provided by the laws.
  • have the data, which are determined to be disposed of, until the next periodical disposal.
  • TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN TO STORE THE PERSONAL DATA SECURELY AND TO PREVENT ILLEGAL PROCESSING OF AND ACCESS TO THEM
  • Security of network and application is provided.
  • Security of the Personal Data stored in the cloud is provided.
  • An authority matrix was created for the employees.
  • Data processing service providers being aware of data security are preferred.
  • Access logs are recorded regularly.
  • When necessary, a data masking measure is applied.       
  • The authorities of the employees changing his/her position or leaving the job are canceled.
  • Up to date anti-virus systems are being used.
  • Firewalls are being used.
  • Concluded contracts contain data security provisions.
  • Necessary security measures are taken for entering into/leaving from the physical environments containing personal data.
  • Physical environments containing personal data are protected against external risks (fire, flood, etc.).
  • Security of the environments containing personal data is provided.
  • Personal data are being reduced as much as possible.
  • For the special categories of personal data, if such data will be sent via e-mail, they are always sent as encrypted by using the KEP (registered e-mail) or corporate e-mail account.
  • Attack detection and prevention systems are being used.
  • Encryption is carried out.
  • Special categories of personal data transferred to a portable memory, CD, DVD, etc. are transferred as encrypted.
  • Implementation and functionality of the Policy are ensured by assigning a Personal Data Processing Officer.
  • LEGAL, TECHNICAL AND OTHER REASONS REQUIRING THE DISPOSAL OF PERSONAL DATA

Despite being processed according to the Law and the provisions of other relevant laws, the Personal Data are disposed of by Solvia ex officio or upon Data Subject’s request in the case where all reasons that require processing and storing them disappear. Moreover, Solvia disposes of the Personal Data when: 

  • the Data Subject withdraws his/her consent in the cases where Personal Data are processed based on explicit consent.
  • the Data Subject requests the disposal of his/her Personal Data by exercising the rights specified in the article 4.A hereof and such application is accepted by Solvia, or such request is deemed suitable by the Board following a complaint made to the Board upon the rejection of such application.
  • the maximum period of storing the Personal Data in line with the purpose of processing expires and there is no other legal reason requiring the storage of the Personal Data any longer.
  • TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN TO DISPOSE OF THE PERSONAL DATA LAWFULLY

Personal Data is disposed of by being deleted, destroyed, or anonymized according to the data recording medium and the quality of the data to be disposed of. In order to minimize the possible errors during disposal processes, Solvia introduced the following technical and administrative measures:

  • Before disposing of the Personal Data, a suitable disposal method is determined according to the data recording medium.
  • Disposal is carried out by or under the supervision of the employees sufficiently knowledgeable about the disposal method to be applied, or it is conducted by specialized people or organizations bound by a confidentiality obligation.
  • Employees are trained and informed about the periodical and due disposal of the Personal Data in the light of the Law, provisions of other Personal Data legislations, Board resolutions as well as the changes thereto.
  • Controls are carried out in the Company regularly, such controls are documented, the points to be improved are determined and the development activities are performed accordingly.
  • Implementation and functionality of the Policy are ensured by assigning a Personal Data Processing Officer.

  • PERIOD OF STORAGE AND DISPOSAL

Solvia keeps the Personal Data for the period that is required for the purpose of processing them in accordance with the principles provided by the Law. Even if the reason for collection disappears, Personal Data may continue to be kept to the extent which is required for Solvia to fulfill any of Solvia’s legal obligations or justified by Solvia’s legitimate interests. After such periods expire, Personal Data is deleted, destroyed, or anonymized during the next periodical disposal.

The Periodical disposal interval of Solvia is 6 months. The Board may shorten that interval if such damages that are difficult or impossible to recover arise or if there is a violation of the law.

  1. PERSONAL DATA PROCESSING OFFICER

Alper Karabulut has been assigned as the Personal Data Processing Officer based on the decision made by Solvia’s management in order to conduct Personal Data storage and disposal processes and to take necessary actions pursuant to the legislation and this Policy.

The main duties of the Personal Data Processing Officer are as follows:

  • Preparing or causing to prepare the policies concerning the Personal Data such as protection, storage, processing, and disposal of the Personal Data, updating such policies, and putting them into effect,
  • Performing or causing to perform internal audits to ensure the compliance of the Personal Data processes with the Law and the Policy, and ensuring that the measures to eliminate any possible deficiency or risk determined during such audits are taken,
  • Informing the employees, organizing trainings, or ensuring the participation of the employees in the trainings organized by third parties in order to process and dispose of the Personal Data lawfully and to prevent illegal access,
  • Assessing the applications made by Data Owners, ensuring the coordination within the Company to respond to the applications, and having the respond delivered to the Data Owner within legal period,
  • Following up the changes to the Personal Data legislation by himself/herself or through Service Providing Firms, and ensuring that internal actions are taken for compliance with the new regulations,
  • Ensuring the necessary coordination and communication on behalf of the Company for the cases requiring to be in contact with the Board, and
  • Conducting the operations and procedures concerning the registry in case there is a registry (Data Controller Registry) record requirement for the Company.
  1. RIGHTS OF THE DATA SUBJECT AND THE EXERCISE OF THOSE RIGHTS
  2. RIGHTS OF THE DATA SUBJECT

Data Subject is entitled to

  • learn whether his/her Personal Data are processed or not,
  • request information as to if his/her Personal Data have been processed,
  • learn the purpose of processing the Personal Data and whether such Personal Data are used in compliance with the purpose,
  • know the third parties to whom the Personal Data are transferred in country or abroad,
  • request the rectification of the Personal Data processed incompletely or inaccurately data, if any, and to request reporting of the operation carried out in this regard to third parties to whom the Personal Data have been transferred, 
  • request the deletion or destruction of the Personal Data, despite being processed according to the provisions of the Law and other relevant legislations, in the case where the reasons that require processing and storing them disappear, and to request reporting of the operation carried out in this regard to third parties to whom the Personal Data has been transferred, 
  • object to the occurrence of a result against the person himself/herself by analyzing the data processed solely through automated systems,
  • claim compensation for the damage arising from the unlawful processing of the Personal Data.
  1. EXERCISE OF THE RIGHTS

If the Data Subject intends to exercise his/her rights, he/she should apply to Solvia at first. 

Pursuant to the Application Communiqué, if the Data Subject intends to exercise his/her rights, he/she may send his/her request in writing or through registered e-mail (KEP), secure electronic signature, mobile signature, or the e-mail address previously notified to Solvia by the Data Subject and recorded in Solvia’s system. Moreover, applications must be made in Turkish in order to be able to exercise the application right pursuant to the provisions of the Application Communiqué.

When exercising such rights, one may use the “Başvuru Formu” available on the Website. If the Data Subject intends to make an application in writing, he/she may send the completed and originally signed form to Solvia’s following address by means of a notary public, deliver it by hand, or convey it through his/her legal representative or agent.

Address: Kozyatağı Mh. Değirmen Sk. No: 18 Nida Kule A8 Giriş Kadıköy – İstanbul

For the applications to be made electronically (by e-mail), it is necessary to fill in the Application Form, scan the originally signed form in PDF format and send it to Solvia’s e-mail address info@solviads.com.

Applications must include the name, surname, signature if the application is in writing, TR identity number of the citizens of the Republic of Turkey, the nationality, passport number, and identity number (if any) of the foreigners, principal residence, or workplace address for notification, principal e-mail address, phone and fax number for notification (if any), and the subject of the Request. For the applications to be made by a legal representative, such applications must be accompanied by the notarized special power of attorney or the documents demonstrating the authority of legal representation (e.g. approved guardianship decision) as well as the document supporting your request, if any, especially such documents which demonstrate the facts when you state that you suffer damages or an unfavorable result.

Solvia reserves its legal rights against erroneous, unreal/illegal, and malicious applications.

  1. RESPONDING TO THE APPLICATION

Data Subject’s application is answered freely as soon as possible, in each case within 30 days following the day when the application is delivered to Solvia, per the quality of the request. However, the fee in the tariff specified by the Board may be charged where the procedure incurs an extra cost. In accordance with this Policy, the failure to share the information and documents mentioned above completely and correctly, the failure to state the request clearly, the failure to convey the documents supporting the request at all or duly, and for the applications made through an agent, the failure to add the copy of the power of attorney may cause difficulties or delays in fulfilling your request. Solvia may not be held responsible for such delays.

Solvia may accept the request sent by the Data Subject in his/her application or reject it by giving a justification. The response to the application is notified in writing or electronically. If the request made in the application is accepted, Solvia takes the necessary action.

  1. COMPLAINT

If the application is rejected, the response is found to be insufficient or the response is not given within due time, the Data Subject is entitled to make a complaint to the Board within thirty days following the day when it gets to know Solvia’s response, in any case within sixty days following the application date.

TABLES

Table-1 Categories of Processed Personal Data

Personal Data Category Açıklama
Identity Information the information such as name and surname, mother’s and father’s name, mother’s maiden name, date of birth, place of birth, marital status, identity card serial number, TR identity number, etc.
Contact Information the information such as an address, e-mail address, contact address, registered e-mail address, phone number, etc.
Family Member/Relative Information the identity and contact information related to the spouse, children, parents, and relatives of the Data Subject.
Location Information the information such as the location information about the current place.
Personnel Information the information such as payroll information, disciplinary proceeding, statement of employment, CV information, performance assessment reports, etc.
Legal Procedure Information the information such as those contained in judicial correspondence, those contained in the case file, etc.
Customer Procedure Information the information such as call center records, invoice, bill and check information, order information, demand information, etc.
Physical Space Security Information the information such as entry and exit information about employees and visitors, camera records, etc.
Procedure Security Information the information such as IP address information, website entry, and exit information, password information, etc.
Risk Management Information the information processed for managing commercial, technical and administrative risks.
Financial Information the information such as balance sheet information, financial performance information, credit and risk information, asset information, etc.
Occupational Experience Information the information about diplomas, completed courses, on-the-job trainings, certificates, and academic records.
Occupational Information the information such as the position and title in the company for which the person works.
Marketing Information the purchase history information as well as the information obtained from surveys, cookie records, and campaigns.
Audio-Visual Records the information such as the audio-visual records.
Health Information the information such as health information, disability information, blood group information, personal health information, information on the devices or prostheses used, etc.
Criminal Conviction and Security Measures the information about criminal conviction and security measures.

Table-2 Groups of People Whose Personal Data Are Processed

Data Subject Category Categories of Data Being Able to Be Processed
Applicant Identity Information, Contact Information, Legal Procedure Information
Employee Identity Information, Contact Information, Location Information, Personnel Information, Legal Procedure Information, Customer Procedure Information, Physical Space Security Information, Procedure Security, Risk Management, Occupational Experience Information, Audio-Visual Records, Health Information, Criminal Conviction and Security Measures, Family Member/Relative Information
Prospective Employee Identity Information, Contact Information, Personnel Information, Occupational Experience Information, Audio-Visual Records, Health Information, Occupational Information
Event Participant Identity Information, Contact Information, Occupational Information
Stakeholder/Partner Identity Information, Contact Information, Location Information, Legal Procedure Information, Occupational Information
Partner Firm Identity Information, Contact Information, Legal Procedure Information, Financial Information
Partner Firm’s Employee Identity Information, Contact Information, Occupational Information
Partner Firm’s Authorized Person Identity Information, Contact Information, Occupational Information
Müşteri Identity Information, Contact Information, Location Information, Legal Procedure Information, Customer Procedure Information, Marketing Information, Occupational Information
Customer’s Employee Identity Information, Contact Information, Location Information, Legal Procedure Information, Customer Procedure Information, Marketing Information, Occupational Information
Customer’s Authorized Person Identity Information, Contact Information, Location Information, Legal Procedure Information, Customer Procedure Information, Marketing Information, Occupational Information
Potential Customer Identity Information, Contact Information, Location Information, Customer Procedure Information, Financial Information, Marketing Information, Occupational Information
Prospective Examinee Personnel Information, Occupational Experience Information
Trainee Identity Information, Contact Information, Family Member/Relative Information, Personnel Information, Physical Space Security Information, Occupational Experience Information, Audio-Visual Records, Health Information, Criminal Conviction and Security Measures, Procedure Security Information
Company’s Authorized Signatory Identity Information, Contact Information, Physical Space Security
Other People Involved in the Company Identity Information, Contact Information
Supplier Financial Information
Supplier’s Employee Identity Information, Contact Information, Legal Procedure Information, Occupational Information, Criminal Conviction and Security Measures
Supplier’s Authorized Person Identity Information, Contact Information, Legal Procedure Information, Occupational Information
Representative Identity Information, Contact Information, Legal Procedure Information
Website Visitor Identity Information, Contact Information
Member of the Board of Directors Identity Information, Contact Information, Physical Space Security Information
Visitor Identity Information, Contact Information, Physical Space Security Information, Procedure Security Information, Audio-Visual Records

Table-3 The Third Parties to Whom Personal Data Can Be Transferred and the Purposes of Transfer

The Third Parties to Whom Personal Data Can Be Transferred Purposes of Transfer
Service Providing Accounting Firm, Service Providing Agencies, Personal Retirement Insurance Firm, Life Insurance Firm, Legal Counsels, Health Insurance Firm,      Payroll Preparation Firm, Service Providing Public Accountant Firm, Suppliers  Kişisel Veriler; alınan ürün, servis, hizmetler ve bu kişilerle kurulan ticari, hukuki, sözleşmesel ilişki kapsamında, işlemesi gerekecek verilerle ve amaçlarla sınırlı olarak bu maddede belirtilen hizmet alınan firmalara/kişilere aktarılabilmektedir.
Employees In order for our Company, and in this regard, our employees to duly carry out their assignments and to allow for communications, Personal Data of other employees, customers as well as other people to whom the employees have to reach to fulfill their duties may be shared to the employees.
Event Sponsors Sponsorlara, sponsorluk faaliyet ve yükümlülüklerinin yerine getirilmesi amacıyla kullanılmak üzere ve bu amaca ulaşmak için gerekenle sınırlı olarak Kişisel Veri aktarılabilmektedir.
Natural Persons or Legal Persons Personal Data may be transferred to the legal persons which are legally authorized to request information and/or document from Solvia to the extent which is limited to their requests and to such data that are required by law.
Business Partners Personal Data may be transferred in a limited manner within the framework of the partnership established and to ensure the fulfillment of the partnership requirements.
Stakeholders Personal Data may be shared with the stakeholders to the extent which is limited to the purposes of following up the activities, determining and developing business strategies, carrying out audits, and informing the shareholders.
Customers Personal Data of the employees may be shared with the customers in order to offer the products and services received by the customers within the framework of the relation between the customers and us.
Authorized Public Institutions and Organizations Yasal olarak yetkili kamu kurum ve kuruluşlarına, talepleriyle ve yasal olarak iletilmesi gerekenle sınırlı olmak üzere Kişisel Veri aktarılabilmektedir.

The SAP software and training products sold by Solvia as well as Solvia’s services and products are subject to the export control and sanction laws which are in force in Turkey, Germany, the EU, and the USA. 

Regarding the developments and know-how use within the scope of the Outputs and Services, Solvia and its customers are obliged to act according to all applicable national and international legislations as well as the rules and laws concerning the use of the Internet including but not limited to the export laws, regulations, and principles of the Republic of Turkey, the USA, USA’s OFAC, the UK and the EU, and Solvia and its customers may not make available, offer or export the Outputs as well as the know-how, developments and Confidential Information within the scope of the Services to the prohibited countries or institutions stated in such legislations. 

Created by icon 54from the Noun Project

Teşekkürler

Kısa süre içinde bir e-posta alacaksınız.

Eğer mail almazsanız solviamarketing@solviads.com adresinden bize ulaşın.