Personal Data Protection Law Clarification Text
MSFR Technology and Consulting Inc. (hereinafter referred to as the “Company”), we place utmost importance on the security of your personal data. With this awareness, for all our esteemed members and all individuals associated with our Company, we take necessary technical and administrative measures for processing and preserving all kinds of personal data in accordance with the Personal Data Protection Law No. 6698 (hereinafter referred to as the “Law”), within the limits prescribed in Article 4 of the Law;
a) In compliance with law and honesty rules,
b) Accurate and up-to-date,
c) For specified, explicit, and legitimate purposes,
ç) Relevant, limited and proportionate to the purposes for which they are processed,
d) We process by preserving for periods suitable for the purposes of processing.
1. Purposes and Legal Bases of Processing Personal Data As the Company, in order to fulfill our obligations towards our esteemed members and to ensure that you can provide seamless service to Users, we process the personal data listed below for the specified purposes within the framework of legal obligations arising from other legislations.
a. Name-Surname, Identity and Contact Data Your Identity and Contact Data will be processed within the scope of fulfilling obligations arising from the Contract(s) signed between you and the Company and the legal obligations of the Company, in accordance with Article 5/2 paragraphs c and ç of the Law. In this context, your Name, Surname, Turkish ID Number, email, address, and telephone data will be processed for registering on the Platform and for the Company officials to reach you for administrative and technical matters.
b. Financial Data
Your credit card details for the payment of service fees to be paid by you will be processed within the scope of fulfilling obligations arising from the Contract(s) signed between you and the Company and the legal obligations of the Company under the Tax Procedure Law, in accordance with Article 5/2 paragraphs c and ç of the Law. These personal data may be stored on electronic platforms owned by banks established in Turkey and licensed companies providing payment systems whose servers are located in Turkey.
Within the scope of this article, all data stated to be processed by the Company are shared with a business partner company providing server and infrastructure services within the scope of the stated storage purpose for the data obtained within the scope of the Platform. In this sharing necessary for the storage of electronic data, there is no active data transfer, and periodic data flow is provided as needed for the provided electronic storage service.
Our Company can process, report, share with its domestic and foreign business partners, transfer to them, use and store all kinds of personal data it collects within the scope of services provided to you, in accordance with the relevant articles of the Law and other legislations.
2. Rights of the Personal Data Subject Based on the Law
In this context, our esteemed members can apply to the Company, which has the status of data controller, at any time within the scope of Article 11 of the Law and exercise the rights listed below Accordingly, data subjects;
a. Can find out whether their personal data is being processed,
b. If personal data has been processed, request information regarding this,
c. Learn the purpose of processing personal data and whether they are used for intended purposes, Know the third parties to whom personal data is transferred, request correction of errors in personal data and, if transfer has been made, request this correction from the concerned third party,
Request the deletion, destruction or anonymization of personal data in accordance with the Regulation on Deletion, Destruction or Anonymization of Personal Data, if the reasons necessitating their processing cease to exist, within thirty days and, if transfer has been made, request this to be communicated to the transferred third parties,
Object to negative consequences about the individual arising from processed data, In case of damage due to unlawful data processing, claim compensation within the framework of laws.
3. Application Procedure and Content
Applications related to the above-mentioned requests can be made:
a. In writing to the central address at Reşitpaşa Mahallesi Katar Caddesi No:4 D:1101 34467 Sarıyer/İstanbul, or;
b. Electronically to the registered electronic mail (KEP) address, using secure electronic signature, mobile signature, or the electronic mail address previously notified by the person concerned to the Company and recorded in the Company’s information systems, via [email protected].
Applications made by our members through other means will not be considered in accordance with legality and data security principles.
In the applications, along with the information and documents related to the request;
a. Name, surname and signature if the application is made in writing,
b. Turkish Republic ID number for Turkish citizens, nationality, passport number or, if available, foreign identity number for foreign nationals,
c. Residence or business address for notification,
d. Electronic mail address, telephone or fax number for notification, and
e. The subject of the request must be clearly stated.
The presence of the information listed above in the content of applications is mandatory under the legislation, and in case of any deficiency, the application will not be processed.
Responding to Applications
Applications in Turkish containing the requests of the concerned person sent to the Company will be responded to as soon as possible and within a maximum of 30 (thirty) days via electronic mail or physical letter, and the required procedures will be carried out by our relevant departments.
In accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller (“Communiqué”) published by the Personal Data Protection Authority, if the response process requires an additional cost, this process will be carried out for a fee based on the pricing principles regulated in the Communiqué.