top of page

OUR PERSONAL DATA PROTECTION POLICY


1 Introduction

As Vivense Teknoloji Hizmetleri ve Ticaret Anonim Şirketi (“Vevense”), we are sensitive to the security of personal data and process all personal data of all persons associated with our Company in accordance with the Law on Protection of Personal Data No. 6698 (“KVKK” and “Law”) Its storage and protection is one of our priorities.

With this “Personal Data Protection and Processing Policy” (“Policy”), the basic principles and principles adopted by Vivense during the protection and processing of personal data are regulated and made sustainable by being implemented as a Company policy.

1.2 Purpose

The purpose of this Policy is to determine the procedures and principles regarding the processing, protection and storage of personal data carried out by Vivense in accordance with the legal legislation on which this Policy is based, and to inform real persons whose data is processed by Vivense.

1.3 Scope

This Policy; our customers, employees, employee candidates, interns, supplier employees, company officials, visitors, business contacts (suppliers, designers, manufacturers and similar institutions with whom we have a business relationship), and third parties' automatic or any data recording system It relates to all personal data processed by non-automatic means, provided that it is a part of it.

In this context, this Policy may be applied to the above-mentioned groups of persons, as well as only some of its provisions.

1.4 Definitions

The definitions used in the implementation of this Policy are as follows:

Explicit Consent Consent on a specific subject, based on information and expressed with free will

Anonymization Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching with other data

Employee(s) Workers who have a business relationship with Vivense in accordance with the Labor Law and students/graduates undergoing internship (compulsory / optional) training

Electronic Media Environments where personal data can be created, read, changed and written with electronic devices.

Non-Electronic Media All written, printed, visual, etc. other than electronic media. with other media

Service Provider Natural or legal person providing services under a specific contract with Vivense

Relevant Person Natural person whose personal data is processed

Destruction, irrecoverable deletion, destruction or anonymization of personal data

Law / Law on Protection of Personal Data No. KVKK6698

Recording Media Any media containing personal data that is fully or partially automated or processed non-automatically, provided that it is a part of any data recording system.

Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying, or classifying personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system. All kinds of operations carried out on the data, such as preventing the use of

Personal Data Inventory Personal data processing activities carried out by data controllers depending on their business processes; The inventory they have created by associating the personal data with the purposes of processing, the data category, the transferred recipient group and the data subject group, explaining the maximum time required for the purposes for which the personal data is processed, the personal data to be transferred to foreign countries and the measures taken regarding data security.

Personal Data Protection Committee The committee formed by Vivense with the participation of officials from different units, which has the authority to make decisions and present them to the senior management in order to ensure, protect, maintain, manage and improve the compliance with the personal data protection legislation, and provides the necessary coordination within Vivense for this purpose.

BoardPersonal Data Protection Board

InstitutionPersonal Data Protection Authority

Special Qualified Personal Data Data about the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data. datas

This "Personal Data Protection and Processing Policy", which regulates the principles adopted by Vivense in the processing and protection of personal data,

Data Processor Real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

Data Controller Real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system

Data Recording System Recording system in which personal data is structured and processed according to certain criteria

Data Controllers Registry Information System, publicly available data controllers registry maintained by the Personal Data Protection Authority

VERBIS Data Controllers Registry Information System

For the definitions not included in this Policy, the definitions in the Law are valid.

2 GENERAL MATTERS REGARDING THE PROCESSING OF PERSONAL DATA

While conducting personal data processing activities, Vivense

  • to general principles

  • Personal data processing conditions

  • It acts in accordance with the personal data processing conditions of special nature.

2.1 Processing of Personal Data in Compliance with General Principles

2.1.1 Processing in Compliance with Law and Integrity

vivense; acts in accordance with the principles introduced by legal regulations and the general rule of trust and honesty in the processing of personal data. In this context, our Company carries out its personal data processing activities in accordance with the law, honesty and transparency.

2.1.2 Ensuring Personal Data Are Accurate and Up-to-Date When Necessary

vivense; takes into account the fundamental rights of personal data owners and their own legitimate interests, and makes the utmost effort to ensure that the personal data it processes are kept accurate and up-to-date. In this direction, it takes the necessary administrative and technical measures and provides opportunities for personal data owners to correct their personal data and confirm its accuracy.

2.1.3 Processing Personal Data for Specific, Explicit and Legitimate Purposes

Vivense clearly and precisely determines the purpose of processing personal data and carries out its data processing activities for clear, legitimate and lawful purposes.

2.1.4 Personal Data Being Related to the Purpose for which they are Processed, Limited and Measured

Vivense processes personal data in connection with data processing purposes and to the extent required by these purposes. It avoids the processing of personal data that is not relevant or needed for the purpose of data processing.

2.1.5 Retention for as Long as Required for the Purpose of Processing or Envisioned in the Relevant Legislation

Vivense retains personal data only for as long as required by the relevant legislation or for the purpose for which they are processed. In this context, it first determines whether a period is foreseen for the storage of personal data in the relevant legislation, acts in accordance with this period if a period is determined, and if a period is not determined, it stores the personal data for the period required for the purpose for which they are processed. Personal data is deleted, destroyed or anonymized by us in the event that the period expires or the reasons for its processing disappear. Detailed information on this subject is included within the scope of Vivense Teknoloji Hizmetleri ve Ticaret Anonim Şirketi's Personal Data Retention and Destruction Policy.

2.2 Processing of Personal Data in Compliance with the Processing Conditions

Vivense carries out its personal data processing activities in accordance with the data processing conditions set forth in the personal data protection legislation. In this context; Personal data processing activities are carried out only in the presence of the following data processing conditions:

2.2.1 Obtaining Express Consent

According to the law, personal data cannot be processed without the explicit consent of the person concerned. In order for Vivense to carry out personal data processing, it is required that the data subject gives explicit consent to the data processing "freely, with sufficient information on the subject, in a clear manner without hesitation and limited to the purpose of data processing".

2.2.2 Exceptional Circumstances in which Explicit Consent is Not Required for the Processing of Personal Data

Vivense may process personal data without express consent in the presence of one of the following conditions in the Law:

  • i. Explicitly Provided in Laws

    The personal data of the data subject may be processed in accordance with the law, limited to the relevant legal regulation, if it is expressly stipulated in the law.

  • ii. Failure to Obtain the Explicit Consent of the Person Related to the Reason of Actual Impossibility and Obligatory Personal Data Processing

    Personal data may be processed without explicit consent if it is necessary for the protection of life or physical integrity of the person or another person, who is unable to express his or her consent due to actual impossibility or whose consent is not legally valid. For example, in cases where the person's explicit consent cannot be obtained due to unconsciousness, the personal data of the data subject may be processed during medical intervention in order to protect the integrity of life or body.

  • iii. The Personal Data Processing Activity is Directly Related to the Establishment or Performance of the Contract

    Provided that it is directly related to the conclusion or performance of a contract, personal data may be processed if it is necessary to process the personal data of the parties to the contract.

  • Obligatory Personal Data Processing for Vivense to Fulfill its Legal Obligation

    Vivense will be able to process the personal data of the person concerned, if it is necessary to fulfill its legal obligation.

  • v. Publicization of Personal Data by Relevant Person

    Personal data made public by the person concerned, in other words, disclosed to the public in any way, may be processed without express consent.

  • vi. Requirement of Data Processing for Establishment, Use or Protection of a Right

    In the event that data processing is necessary for the establishment, exercise or protection of a right, personal data may be processed without seeking explicit consent.

  • vii. Mandatory Personal Data Processing for Vivense's Legitimate Interests

    Provided that it does not harm the fundamental rights and freedoms of the person concerned, personal data may be processed without requiring explicit consent, if data processing is necessary for Vivense's legitimate interests.

2.3 Processing of Private Personal Data in Compliance with the Processing Conditions

Special categories of personal data can only be processed with the explicit consent of the person concerned. However, sensitive personal data other than sexual life and personal health data may be processed without seeking the explicit consent of the person concerned, in cases stipulated by the laws. Personal data related to health and sexual life can only be processed without express consent for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. Therefore, until otherwise stipulated in accordance with the Law, personal health data can only be processed within the scope of express consent or by the Company physician, who is under the obligation to keep confidential. Vivense takes the measures determined by the Board regarding the processing and protection of sensitive personal data. Vivense shows utmost sensitivity to the protection and security of sensitive personal data, and the technical and administrative measures taken for the protection of sensitive personal data are meticulously implemented and necessary audits are carried out within Vivense.

2.4 Processing of Personal Data in Compliance with the Transfer Conditions

Vivense may transfer the personal and private personal data of the person concerned to third parties for the purposes of personal data processing and by taking necessary security measures, limited to express consent, if any, or legal reasons, if not. In this context, Vivense acts in accordance with the personal data transfer conditions stipulated in Articles 8 and 9 of the Law.

2.4.1 Domestic Transfer of Personal Data

Vivense carries out domestic data transfer activities in accordance with data processing conditions in accordance with Article 8 of the Law.

2.4.2 Transfer of Personal Data Abroad

Vivense carries out its data transfer activities abroad in accordance with the data processing conditions in accordance with Article 9 of the Law (See Vivense Personal Data Protection and Processing Policy - Section Two, articles 2.1, 2.2 and 2.3). In cases where personal data is transferred without express consent pursuant to the Law, one of the following conditions must also exist in terms of the foreign country to which it will be transferred:

  • The foreign country to which personal data is transferred is in the status of countries with adequate protection by the Board,

  • In the absence of adequate protection, data controllers in Turkey and in the relevant foreign country undertake in writing to provide adequate protection and obtain permission from the Board.

2.4.3 Recipient Groups to which Personal Data is Transferred

Vivense, in accordance with Articles 8 and 9 of the Law, transfers the personal data of data subjects to business partners, suppliers, banks and financial institutions, legal, tax, etc. providing services to Vivense. to consultancy and audit firms that receive support in similar fields, Company officials, shareholders, legally authorized public institutions and private individuals, Domestic and/or abroad storage, archiving, information technology support (server, hosting, software, cloud computing) that processes personal data on behalf of the Company. etc.) to the service providers that receive support in their fields, in order to continue their commercial activities and business processes. The classification of the recipient groups to which personal data is transferred is included in Section 3 of this Policy. In case of personal data transfer, Vivense ensures that the third parties to which it transfers personal data also comply with this Policy. In this context, necessary protective regulations are added to contracts concluded with third parties and technical measures are taken.

3 CATEGORIES OF PERSONAL DATA PROCESSED BY VIVENSE, PURPOSE OF PROCESSING AND TRANSFER, RECEIVER GROUPS TRANSFERRED BY

3.1 Categories of Personal Data

The categories and explanations of personal data processed within the scope of personal data processing activities carried out by Vivense are listed below:

Personal Data CategoriesDescription

Identity Data Data that contains information about the identity of the person: name-surname, TR identity number, marital status, gender, nationality, mother-father's name-surname, place of birth, date and other identification information, and driver's license, identity card, passport, birth certificate. certificate, tax number, SGK number and other information.

Communication Data: Information used for communication purposes such as phone number, address, e-mail address, and documents such as residence document containing this information.

Personal Data: Personal data processed for obtaining the information that is the basis for the formation of personal rights of natural persons within the scope of being in a working relationship with our company.

Legal Transaction DataIt is personal data that is processed due to being in legal relationship with our Company, including information in correspondence with judicial authorities, information in the case file.

Customer Transaction Information is the personal data obtained in the processes of receiving and evaluating all kinds of call center records, transaction history, order information and all kinds of requests or complaints regarding our customers.

Physical Venue Security DataEntry and exit record information regarding visits to workplaces and showrooms are personal data obtained during the processes of taking camera records.

Professional Experience DataThis is personal data related to information such as diploma information, courses attended, in-service training information and certificates of our employees and supplier employees.

Marketing Data is the personal data that is processed such as shopping history information, surveys, cookie records in order to improve the activities offered by our company.

Visual and Audio Recordings These are personal data processed such as recording telephone conversations with our customers, supplier officials and other third parties, and taking visual records during the activities in which our employees participate.

Financial DataThis is personal data related to information, documents and records showing all kinds of financial results that arise according to the legal relationship our company has established with the data subject person. Example: Credit card information, income information, IBAN number, etc.

Special Qualified Personal Data is the personal data determined by the law through limited counting and carries the risk of discrimination against data owners if processed. Example: Health data including blood type, biometric data, criminal conviction and security measures etc.

Transaction Security DataIt is the personal data that is processed to ensure the technical, administrative, legal and commercial security of both the data owner and our Company.

3.2 Categories of Contacts

Below are the definitions and explanations of our employees, employee candidates, customers, business contacts (suppliers and similar authorized institutions, shareholders and employees of institutions we have business relations with) and third parties within the scope of this Policy.

Categories of Relevant Persons Explanation Employees are real persons who have a working relationship with our Company. Employee Candidates are natural persons who have applied for a job to our Company by any means and submitted their CV̧ and/or job application form information to our company for review. Interns are natural persons who do their voluntary or compulsory internship within our Company. Customers are real persons who use or have used the products and services offered by our Company. Company Authorities are natural persons who are in the senior management of Vivense and/or authorized to represent Vivense, and natural person representatives of legal entities. Members of the board of directors and shareholders are evaluated within this scope. Supplier Officials and Employees are the natural persons with whom our company has a service relationship while carrying out its activities, the natural person representatives of the legal entity suppliers and all real persons working within this supplier. Other third parties These are other natural persons who do not fall into any related person category.

3.3 Classification of Personal Data Processed by Vivense According to Relevant Persons

In the table below, the above-mentioned categories of personal data subjects and the categories of personal data within the scope of the processing activity are matched and detailed:

Personal Data CategoriesDescription

Identity DataEmployee, Employee Candidates, Potential Product or Service Buyer, Intern, Supplier Employee, Supplier Official, Our Customers

Contact DataEmployee, Employee Candidates, Potential Product or Service Buyer, Intern, Supplier Employee, Supplier Official, Our Customers

Personnel DataEmployees, Employee Candidates, Intern, Supplier Employee

Legal Transaction DataEmployees, Customers

Customer Transaction InformationCustomers, Potential Customers

Physical Venue Security DataEmployees, Customers, Potential Customers, Visitors

Professional Experience DataEmployees, Interns, Supplier Employees, Supplier Official

Marketing DataCustomers, Potential Customers

Financial DataEmployees, Interns, Supplier Authorities

Audio-Visual RecordsEmployee, Potential Product or Service Buyer, Supplier Employee, Customers

Special Qualified Personal Data / Health InformationEmployee, Intern, Supplier Employee

Special Quality Personal Data / Criminal Conviction and Security MeasuresEmployee, Supplier Employee

Biometric DataEmployees

Transaction Security DataCustomers, Employees, Supplier Employees

3.4 Purposes of Processing Personal Data

Vivense carries out its personal data processing activities for the purposes listed below. Personal data processing purposes are determined clearly and in detail on the basis of each business unit and process by associating business processes and personal data categories and are recorded in the Vivense Personal Data Inventory.

  • Execution of Information Security Processes

  • Execution of Employee Candidate / Intern / Student Selection and Placement Processes

  • Execution of Application Processes of Employee Candidates

  • Execution of Employee Satisfaction and Loyalty Processes

  • Fulfillment of Employment and Legislation Obligations for Employees

  • Execution of Benefits and Benefits Processes for Employees

  • Conducting Audit / Ethical Activities

  • Conducting Educational Activities

  • Execution of Access Authorizations

  • Execution of Activities in Compliance with the Legislation

  • Execution of Finance and Accounting Affairs

  • Execution of Company / Product / Service Loyalty Processes

  • Providing Physical Space Security

  • Execution of Assignment Processes

  • Follow-up and Execution of Legal Affairs

  • Carrying out Internal Audit / Investigation / Intelligence Activities

  • Execution of Communication Activities

  • Planning of Human Resources Processes

  • Execution / Supervision of Business Activities

  • Execution of Occupational Health / Safety Activities

  • Receiving and Evaluating Suggestions for Improvement of Business Processes

  • Conducting Business Continuity Ensuring Activities

  • Execution of Goods / Services Procurement Processes

  • Execution of Goods / Services After-Sales Support Services

  • Execution of Good / Service Sales Processes

  • Execution of Goods / Services Production and Operation Processes

  • Execution of Customer Relationship Management Processes

  • Execution of Activities for Customer Satisfaction

  • Organization and Event Management

  • Conducting Marketing Analysis Studies

  • Execution of Performance Evaluation Processes

  • Execution of Advertising / Campaign / Promotion Processes

  • Execution of Storage and Archive Activities

  • Execution of Contract Processes

  • Execution of Strategic Planning Activities

  • Follow-up of Requests / Complaints

  • Ensuring the Security of Movable Property and Resources

  • Execution of Supply Chain Management Processes

  • Execution of Wage Policy

  • Execution of Marketing Processes of Products / Services

  • Ensuring the Security of Data Controller Operations

  • Execution of Investment Processes

  • Providing Information to Authorized Persons, Institutions and Organizations

3.5 Methods and Reasons for Collecting Personal Data

Personal data of Vivense related persons,

  • Vivense's websites and platforms, various social media channels, e-mail, short messages (“SMS”) or multimedia messages (“MMS”) used within the scope of Vivense sales and marketing activities,

  • Through other communication methods, including printed and electronic forms,

  • Through contracts, policies, commercial offers submitted, printed and electronic forms, documents, correspondence signed within the scope of Vivense business activities,

  • Through business cards and other documents obtained within the scope of business negotiations,

  • Vivense's business connections or third parties, such as companies that provide services/products; Provided that verbal, written or electronic media, it is collected by various methods that are fully or partially automatic or non-automatic as part of any data recording system.

Personal data collected in line with these methods are stored in accordance with the data processing conditions in Section 2 of this Policy and in line with the personal data processing purposes listed above, by complying with the periods required by the KVKK and other legislation, and by taking all necessary administrative and technical measures. .

4 MATTERS REGARDING THE PROTECTION OF PERSONAL DATA

In accordance with Article 12 of the Law, Vivense takes the necessary technical and administrative measures to prevent the unlawful processing of the personal data it processes, to prevent illegal access to the data and to ensure the preservation of the data, within the means and to ensure the appropriate level of security according to the nature of the data to be protected. In this context, it makes or has the necessary inspections made.

4.1 Ensuring the Security of Personal Data

4.1.1 Technical Measures

The main technical measures taken to prevent unlawful processing of personal data, to prevent unlawful access to data and to ensure data protection are listed below:

  • Network security and application security are provided.

  • A closed system network is used for personal data transfers via the network.

  • Security measures are taken within the scope of procurement, development and maintenance of information technology systems.

  • Access logs are kept regularly.

  • Data masking is applied when necessary.

  • Current anti-virus systems are used.

  • Firewalls are used.

  • The signed contracts contain data security provisions.

  • Extra security measures are taken for personal data transferred via paper and the relevant document is sent in confidential document format.

  • Personal data security issues are reported quickly

  • Personal data security is monitored.

  • Necessary security measures are taken regarding entry and exit to physical environments containing personal data.

  • The security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured.

  • The security of environments containing personal data is ensured.

  • Personal data is backed up and the security of the backed up personal data is also ensured.

  • User account management and authorization control system are implemented and these are also followed.

  • Log records are kept without user intervention.

  • Existing risks and threats have been identified.

  • If sensitive personal data is to be sent via e-mail, it must be sent in encrypted form and using KEP or corporate mail account.

  • Secure encryption / cryptographic keys are used for sensitive personal data and are managed by different units.

  • Intrusion detection and prevention systems are used.

  • Penetration test is applied.

  • Cyber security measures have been taken and their implementation is constantly monitored.

  • Encryption is done.

  • Personal data transferred in portable memory, CD and DVD media are encrypted and transferred.

  • Data loss prevention software is used.

4.1.2 Administrative Measures

The main administrative measures taken to prevent unlawful processing of personal data, to prevent unlawful access to data and to ensure data protection are listed below:

  • Awareness trainings are provided on prevention of illegal processing of personal data, prevention of illegal access to personal data, ensuring the protection of personal data, communication techniques, technical knowledge and skills, and related legislation in order to improve the quality of employees.

  • Additional protocols have been prepared and put into practice for cases where data transfer is required regarding the activities carried out by Vivense.

  • Before starting to process personal data, Vivense fulfills its obligation to inform the relevant persons.

  • Before starting to process personal data, Vivense fulfills its obligation to inform the relevant persons.

  • Personal data processing inventory has been prepared.

  • In the KVKK Harmonization process, compliance studies were carried out with the data minimization principle.

  • The Personal Data Protection Committee was formed in order to carry out the compliance process with the Law and to ensure continuity, and this group was trained.

  • Intra-company policies and procedures regarding the Storage and Disposal of Personal Data and the Protection of Sensitive Personal Data have been prepared and put into practice.

  • Awareness of data processing service providers on data security is provided.

  • Confidentiality commitments are made.

  • An authorization matrix has been created for employees. The authorizations of employees who have a change in duty or quit their job in this field are removed.

4.1.3 Supervision of the Measures Taken on the Protection of Personal Data

Vivense, in accordance with the Law, carries out or has made the necessary inspections within its own body. The results of these audits are reported to the Personal Data Protection Committee, senior management and the relevant department within the scope of the internal operation of the Company, actions are planned and the actions planned to improve the measures taken are followed up by the relevant process owners and the Personal Data Protection Committee.

4.1.4 Measures to be Taken in Case of Unlawful Disclosure of Personal Data

In the event that personal data is obtained or disclosed by others through illegal means, Vivense will notify the relevant personal data owner as soon as possible and the Board within 72 hours from the date of detection.

4.2 Protection of Private Personal Data

The law attaches special importance to certain personal data due to the risk of causing victimization and/or discrimination when processed unlawfully. These data are; Data related to race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. Vivense pays utmost attention to the protection of personal data of special nature, which is determined by the law as "special quality" and processed in accordance with the law. Vivense approaches the security of sensitive personal data with the utmost care and has prepared a separate Policy on the Processing and Protection of Private Personal Data in this regard, and provides the necessary audits within the Company.

4.3 Protection of the Rights of Related Persons

Vivense observes all legal rights of personal data owners with the implementation of the Policy and Law and takes all necessary measures to protect these rights. Detailed information on the rights of personal data owners is given in section 5 of this Policy.

5 RIGHTS OF RELATED PERSONS, ISSUES ON THE USE OF THESE RIGHTS

5.1 Rights of the Person concerned

Relevant Person, by applying to Vivense in accordance with Article 11 of the Law;

  • Learning whether personal data is processed or not,

  • If personal data has been processed, requesting information about it,

  • Learning the purpose of processing personal data and whether they are used in accordance with its purpose,

  • Knowing the third parties to whom personal data is transferred at home or abroad,

  • If personal data is incomplete or incorrectly processed, to request that they be corrected and to notify the third parties to whom the personal data has been transferred,

  • Requesting the deletion or destruction of personal data in the event that the reasons requiring it to be processed disappear despite the fact that it has been processed in accordance with the provisions of the law and other relevant legislation, and to notify the third parties to whom the personal data has been transferred,

  • Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,

  • In the event that personal data is damaged due to unlawful processing, it has the right to demand the compensation of the damage.

5.2 Circumstances in which the Related Person Cannot Use His Rights

Relevant Persons cannot claim their rights listed in 5.1. in these matters, since the following situations are excluded from the scope of the Law pursuant to Article 28 of the Law:

  • Processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with,

  • Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics,

  • Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime,

  • Processing personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations that have been authorized by law to provide national defense, national security, public security, public order or economic security,

  • Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.

In accordance with the second paragraph of Article 28 of the Law, the data owner cannot use the rights specified in article 5.1 of this Policy, except for the right to demand the compensation of the damage in the following cases:

  • Personal data processing is necessary for the prevention of crime or for criminal investigation.

  • Processing of personal data made public by the person concerned.

  • Personal data processing is required by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution based on the authority granted by the law.

  • The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.

5.3 Exercise of the Rights of the Related Person

The person concerned may exercise their rights specified in Article 5.1 of this Policy, by filling out the application form at https://www.vivense.com with wet signature or by registered electronic mail address, secure electronic signature, mobile signature or previously notified to Vivense. It can be used by transmitting it via the e-mail address registered in the systems. The method of the application to be made is explained in detail in the "Application Form within the Scope of the Law on the Protection of Personal Data", the address of which is provided above.

In case the Relevant Person wishes to exercise this right through his/her representative, documents proving his/her identity issued or approved by the competent authorities and supporting the request, if any, must be submitted to Vivense in the annex of the application form.

5.4 Vivense's Response to Applications

Vivense will conclude the requests addressed to it free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. If a cost arises due to the fulfillment of the requests, the fees in the tariff determined by the Board may be requested.

Vivense may accept the request or reject it by explaining the reason; notifies the personal data owner in writing or electronically. If the request in the application is accepted, Vivense fulfills the requirements of the request.

6 PUBLICATION AND STORAGE OF THE POLICY

The policy is published in two different media, with wet signature (printed paper) and electronically, and is disclosed to the public on the website. The printed copy of the paper is kept under the responsibility of the Personal Data Protection Committee.

7 POLICY UPDATE PERIOD

The policy is reviewed by the Personal Data Protection Committee as needed and the necessary sections are updated.

8 ENFORCEMENT, ANNOUNCEMENT, AND EXECUTION OF THE POLICY

The policy is deemed to have entered into force after its publication on Vivense's website. In the event that it is decided to be revoked, the old copies of the Policy with wet signatures are canceled and signed by the chairs and members of the Personal Data Protection Committee (with an annulment stamp or an annulment) and are kept under the responsibility of the Personal Data Protection Committee for at least 5 years.

bottom of page