INTRODUCTION
As the data controller, Girişimciler Teknoloji Reklam Ve Ofis Hizmetleri Limited Şirketi (“Leventofis” or the “Company”) attaches great importance to the protection of personal data belonging to its customers, employees, and other individuals with whom it has a relationship. The objective of this Policy, along with other written policies within Leventofis, is to ensure that the personal data of our customers, potential customers, employees, job applicants, visitors, business partners, and third parties are processed and protected in accordance with applicable laws.
In this regard, Leventofis takes the necessary administrative and technical measures to process and protect personal data in compliance with Law No. 6698 and related regulations.
In this Policy, individuals whose personal data are processed are referred to as Data Subjects, Relevant Persons, or Personal Data Owners.
This Policy outlines the basic principles adopted by Leventofis regarding the processing of personal data:
Processing personal data in compliance with the law and principles of honesty,
Ensuring that personal data are accurate and, where necessary, kept up to date,
Processing personal data for specific, explicit, and legitimate purposes,
Processing personal data in a manner that is relevant, limited, and proportionate to the purposes for which they are processed,
Retaining personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed,
Informing and enlightening the data subjects,
Establishing the necessary infrastructure for data subjects to exercise their rights,
Taking the necessary measures for the protection of personal data,
Acting in accordance with the relevant legislation and the decisions of the Personal Data Protection Authority in determining and implementing the purposes of personal data processing and in transferring personal data to third parties,
Regulating the processing and protection of special categories of personal data with particular attention.
PURPOSE OF THE POLICY
The main purpose of this Policy is to provide information regarding the personal data processing activities and data protection systems adopted by Leventofis in a lawful manner and to ensure transparency by informing our customers, employees, job applicants, visitors, and data subjects whose personal data are collected.
DEFINITIONS
Explicit Consent: Consent that is based on information and expressed with free will concerning a specific matter.
Anonymization: Making personal data impossible to link with an identified or identifiable individual, even when combined with other data.
Data Subject: The real person whose personal data are processed.
Law: Refers to the Law on the Protection of Personal Data.
Personal Data: Any information relating to an identified or identifiable natural person.
Processing of Personal Data: Any operation performed on personal data such as collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, retrieval, classification, or prevention of use, whether wholly or partly by automated means or non-automated means provided that it is part of a data recording system.
KVKK: The Law on the Protection of Personal Data No. 6698 published in the Official Gazette dated April 7, 2016.
Board: Refers to the Personal Data Protection Board.
Authority: Refers to the Personal Data Protection Authority.
Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
Data Recording System: A recording system in which personal data are processed by being structured according to specific criteria.
Data Controller: The natural or legal person who determines the purposes and means of the processing of personal data and is responsible for the establishment and management of the data recording system.
Special Categories of Personal Data: Data related to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, membership in associations, foundations, or trade unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.
Policy: Refers to this Personal Data Protection and Processing Policy.
INFORMATION AND NOTIFICATION OF DATA SUBJECTS
Leventofis informs data subjects during the collection of personal data, in accordance with Article 10 of the Law. This includes information about the identity of the data controller, the purpose of data processing, the recipients to whom the data may be transferred, the methods and legal grounds for data collection, and the rights of the data subject depending on the nature of the processing.
CATEGORIES OF PERSONAL DATA PROCESSED BY LEVENTOFIS
Leventofis processes the following categories of personal data in accordance with the principles mentioned above and legal requirements:
Identity Information
Contact Information
Customer Information
Job Applicant Information
Benefits Information
Facility Security Information
Legal Transaction Information
IT Information
Financial Information
DATA SUBJECT CATEGORIES
Customer
Potential Customer
Visitor
Job Applicant
Third Parties
PURPOSES OF PERSONAL DATA PROCESSING BY LEVENTOFIS
Management of internal operations and HR processes
Execution of commercial activities
Planning and execution of IT and information security processes
Compliance with legal obligations
Monitoring finance and accounting operations
Planning and monitoring HR operations
Ensuring business continuity
Creation and monitoring of visitor records
Ensuring physical security
Providing information to authorized individuals and institutions
Ensuring operational security
Providing internet access and ensuring access security
Ensuring data integrity and backing up data
LEGAL, TECHNICAL, AND ADMINISTRATIVE OPERATIONS
Planning emergency procedures
Monitoring legal matters
Ensuring compliance with regulatory bodies
Risk management
Facility and asset protection
Internal audit procedures
Ensuring data accuracy and currency
CUSTOMER-RELATED PURPOSES
Fulfilling contractual obligations
Evaluating company services and potential needs
Customer satisfaction planning
Managing complaints and requests
PRINCIPLES FOR PROCESSING PERSONAL DATA
Leventofis processes personal data according to Article 4 of the Law:
Lawfulness and fairness
Accuracy and currency
Specific, legitimate purposes
Relevance, necessity, and proportionality
Retention only for necessary periods
CONDITIONS FOR PROCESSING PERSONAL DATA
Personal data are processed based on one or more of the following conditions:
Explicit consent
Clearly stipulated in the law
Necessary for the protection of life or physical integrity
Directly related to contract performance
Compliance with legal obligations
Publicized by the data subject
Necessary for the establishment, use, or protection of a right
Legitimate interests that do not harm fundamental rights and freedoms
CONDITIONS FOR PROCESSING SPECIAL CATEGORIES OF PERSONAL DATA
Special categories of personal data may be processed under the following conditions:
With explicit consent
Without consent if legally required
Health and sexual life data may be processed without consent only by persons under confidentiality obligations or authorized institutions for public health and medical purposes
TRANSFER OF PERSONAL DATA
Leventofis may transfer personal data domestically or abroad under the conditions specified in Articles 8 and 9 of the Law:
To suppliers/partners: limited to service continuity
To official institutions: to fulfill legal obligations
To legally authorized private entities: within their scope of authority
RIGHTS OF DATA SUBJECTS
In accordance with Article 11 of the Law, data subjects have the right to:
Learn whether their personal data are processed
Request information on processing
Learn the purpose of processing and whether it is used appropriately
Know the third parties to whom the data are transferred
Request correction of incomplete or incorrect data
Request deletion or destruction of data
Object to adverse results from automated systems
Request compensation for damages caused by unlawful processing
Requests must be submitted via the application form available on our website. Responses will be provided within 30 days. If the response requires cost, it will be charged according to the tariff determined by the Personal Data Protection Board.
DELETION, DESTRUCTION, OR ANONYMIZATION OF PERSONAL DATA
If the purpose for which personal data are processed ceases to exist, Leventofis will delete, destroy, or anonymize the data in accordance with the guidelines issued by the Authority.
SECURITY MEASURES FOR PERSONAL DATA
Leventofis implements necessary technical and administrative measures to ensure the protection of personal data and prevent unlawful access, in accordance with Article 12 of the Law.
Administrative Measures:
Employee training on data protection
Data security policy established and enforced
Unnecessary data not retained
Technical Measures:
Network security and firewalls
Physical security of data storage areas
Regular data backups
EXCEPTIONS FROM THE LAW
Certain data processing activities are excluded from the scope of the Law, such as:
Processing by individuals for personal or household activities
Anonymized data for research or statistical purposes
Processing for artistic, historical, or academic expression
Processing by authorized institutions for national security, public safety, etc.
Processing related to judicial proceedings
Cases where rights may be restricted:
Processing required for crime prevention or investigation
Publicly disclosed personal data
Processing by public institutions for supervision or disciplinary purposes
Processing for financial and fiscal security
CHANGES
Changes to this Policy due to new legislation or internal updates will be published on Leventofis’ corporate website at www.leventofis.com. The current version of the Policy is accessible on the website.