CLARIFICATION TEXT ON THE PROTECTION AND PROCESSING OF PERSONAL DATA

As UITSEC International, we would like to inform and enlighten you about our personal data processing activities in accordance with Article 10 of the Personal Data Protection Law No. 6698.

1. 1. DATA CONTROLLER

In accordance with the Personal Data Protection Law No. 6698, your personal data may be processed, recorded, stored, classified, updated by UITSEC International as the data controller in accordance with the law and honesty rules and disclosed/transferred to third parties where permitted by the legislation and/or limited to the purpose for which they are processed.

1. 1. PURPOSE OF PROCESSING PERSONAL DATA

Personal data are processed for emergency, information security, research-investigation, training, security, recruitment, customer Log Records, Customer NOC/SOC support, Penetration (infiltration) test, customer operational processes, confidentiality contract processes, employment contract and regulatory processes defined in UITSEC International. The processed personal data are stored securely in physical or electronic environment in accordance with the KVKK and the periods specified in other relevant laws.

Our purposes of processing personal data are detailed below;

• • Providing services to data owners based on the contracts we have made with our customers who are Data Controllers,
• • Providing SOC, NOC, PENETRATION and operational services carried out by UITSEC International,
• • Personal data are presented to the judicial authorities during legal problems,
• • Personal data is processed in order to ensure the corporate security of UITSEC International,
• • Personal data are processed in order to fulfill the services provided by the departments within UITSEC International,
• • Within the scope of the contract made with the customers, your personal data are processed for billing, reporting and current detailing activities,
• • Personal data are processed to report the activities carried out to our customers who are Data Controllers,
• • Personal data are obtained in order to fulfill the legal rights of our personnel, to pay salaries, to carry out training activities, to measure personnel competencies, to measure performance, to benefit from health services, to carry out travel processes, to reach them in emergencies,
• • Personal data of our employees are processed in order to carry out human resources processes and to keep the physical security of the institution at a high level,
• • Providing customer support, conducting communication activities for sales marketing and placement of employee candidates,
• • Personal data are obtained for the execution of product and service procurement processes and after-sales support services,
• • In the projects carried out and sponsored by UITSEC International, performance criteria and contact information of potential employees are processed for the identification of students and candidates who can take an active role in the future within UITSEC International.
• • In order to carry out the human resources processes of our employees smoothly, to realize the allocation of the rights and other benefits of our employees stipulated by law,
• • Conducting the application processes of employee candidates and trainees, conducting job interviews more effectively and communicating with prospective employee candidates and trainees,
• • Conducting performance evaluations of our employees,
• • Carrying out organizations and activities related to the activities of UITSEC International and making the necessary announcements,
• • To conduct market research, training promotions and necessary information regarding our products and services, to evaluate complaints and suggestions and to contact you directly through the communication channels shared with our company,
• • Contact information is processed to increase satisfaction with our products and services offered in UITSEC International departments,
• • Preparing the training materials prepared for the trainings and delivering them to the right person,
• • To maintain all kinds of activities such as trainings, consultancy, etc.,

 

You can find detailed information about the purposes of processing your personal data in the Personal Data Processing and Protection Policy published at http://uitsec-international.com/tr/hakkimizda/kisisel-verilerin-islenmesi-ve-korunmasi-politikasi.

1. 1. DELETION OF PERSONAL DATA

You can find detailed information about the deletion of your personal data in the Personal Data Storage and Destruction Policy published at http://uitsec-international.com/tr/hakkimizda/kisisel-veri-saklama-ve-imha-politikasi.

1. 1. SHARING YOUR PERSONAL DATA

Personal data belonging to our customers and employees may be shared with UITSEC International, official public institutions and organizations, relevant suppliers that it cooperates with, Related Service Providers, Customers, business partners and contracted banks in accordance with the basic principles stipulated in the KVKK and within the scope of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVKK, provided that the public interest is observed. In addition, personal data may be shared with public institutions and other organizations due to legal obligations in accordance with the legislation.

All personal data within UITSEC International are not transferred abroad.

1. 1. PERSONAL DATA

UITSEC International includes personal data of employees, candidate employees, customer, customer contact person, customer candidate, reference, parent/trustee/representative, potential employee, visitor and trainee. The categories of personal data received are detailed in the Policy on Processing and Protection of Personal Data.

1. 1. METHODS AND LEGAL REASONS FOR THE COLLECTION OF YOUR PERSONAL DATA

Your personal data is collected electronically or physically. Your personal data can be processed and transferred without obtaining explicit consent in the light of the principles stipulated in Article 4(2) of the Law No. 6698 or in the presence of the situations stipulated in Articles 5 (2) and 6(3). The methods and legal reasons for the collection of your personal data are detailed in the Policy on the Processing and Protection of Personal Data.

1. 1. RIGHTS OF THE RELEVANT PERSON WHOSE PERSONAL DATA IS PROCESSED

You can exercise the following rights regarding the processing of your personal data with a request to UITSEC International. Requests submitted in this context shall be concluded free of charge by UITSEC International within thirty days at the latest. However, if a fee is stipulated by the Personal Data Protection Board, UITSEC International may charge a fee in the specified tariff. In this context, as a personal data owner;

• • To learn whether your personal data is processed or not,
• • If your personal data has been processed, requesting information about it,
• • To learn the purpose of processing your personal data and whether they are used in accordance with the purpose,
• • To know the third parties to whom your personal data is transferred, in the country or abroad,
• • To request the correction of your personal data if it is incomplete or incorrectly processed,
• • To request the deletion or destruction of your personal data,
• • To request the notification of these transactions to third parties to whom your personal data has been transferred, in case of correction, deletion or destruction of your personal data,
• • To object to the emergence of a result against you by analyzing your processed data exclusively through automated systems,
• • If you suffer damage due to the unlawful processing of your personal data, you have the right to demand compensation for the damage.

 

1. 1. COMMUNICATION METHODS

You can exercise your rights regarding your personal data under Law No. 6698 by using the following methods;

• • UITSEC Contact Information;

Data Controller: UITSEC International Bilgi Teknolojileri A.Ş.

Application methods for your personal data are as follows;

Method	Address	Detail
Application made by hand to address	Esentepe Mahallesi Büyükdere Cad. Levent 199 No:199/6 Şişli	It is the application to be made by the relevant person to the above-mentioned address of the Data Controller, who will fill in the "Personal Data Owner Application Form" and request the processing of your Personal Data. You must present your identity card at the time of application.
Application via notary public	Esentepe Mahallesi Büyükdere Cad. Levent 199 No:199/6 Şişli	It is the application made by the relevant person by sending the "Personal Data Owner Application Form" approved by the notary public to the address specified with return/receipt or by sending to the address specified by the notary public. Applications within this scope will be accepted following the identity verification to be made by us and the relevant persons will be answered in writing or electronically within the legal periods.
Application with KEP (Registered Electronic Mail)	[email protected]	It is the application to be made by the relevant person by filling out and signing the "Personal Data Owner Application Form" and sending it to the Kep address of the Data Controller you want to apply for.

 

In the application, which includes the notification you have as the personal data owner and your explanations regarding the right you request to use in order to exercise your above-mentioned rights; you need to be clear and understandable about the subject you request, the subject you request must be related to you or if you are acting on behalf of someone else, you need to be specifically authorized in this regard and you need to certify your authority. In order to follow up your legal right for thirty days without any problems, your applications sent by courier must be notarized and sent by registered mail with return receipt. If you apply through a notary public, your thirty-day legal right will start following the notification of your application to our institution. Applications within this scope will be accepted following the identity verification to be made by us and the relevant persons will be answered in writing or electronically within the legal periods. Relevant persons will be replied in writing or electronically within legal time limits.