Contact Us

Scroll to discover

Service ScopeTest/Analysis Request Form

Web Privacy and KVK Principles

Scroll Down

1. PURPOSE AND SCOPE
These Privacy and Personal Data Protection Principles (hereinafter referred to as the “Principles”) set forth the principles adopted by Karadeniz Teknik Test Tic. Ltd. Şti. ("Company") (hereinafter referred to as the “Company”) regarding the protection of personal data and aim to inform all relevant groups of persons within the scope of the Personal Data Protection Law No. 6698 (hereinafter referred to as “KVKK No. 6698”).
2. PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA
As the Company, in our capacity as the Data Controller, we process your personal data within the framework of the following principles.
2.1 Processing in Compliance with the Law and the Principle of Good Faith
In the processing of your personal data, actions are taken in compliance with the principles introduced by legal regulations as well as the general principle of trust and good faith. Pursuant to this principle, while striving to achieve our purposes of processing personal data, we also take your interests and reasonable expectations into account, do not abuse our rights, and act in accordance with the principle of transparency in our data processing activities.
2.2 Ensuring That Personal Data Are Accurate and Up to Date When Necessary
In line with this principle, which emphasizes the importance of the accuracy and up-to-date status of personal data, periodic checks and updates are carried out and necessary measures are taken so that the processed data are accurate and up to date, taking your legitimate interests into account. Within this scope, systems are established within the Company to verify the accuracy of personal data and make the necessary corrections. In addition, the accuracy of the sources from which personal data are collected is checked, and requests arising from the inaccuracy of personal data are taken into consideration. Therefore, this principle is also implemented in compliance with your right to request the correction of personal data under KVKK No. 6698.
2.3 Processing for Specific, Explicit and Legitimate Purposes
Your personal data are processed on the basis of explicit, specific and legitimate data processing purposes. In this context, we ensure that our personal data processing activities can be clearly understood by the relevant persons and clearly identify and express in Article 3 of these Principles the purposes on which such activities are based and the legal processing conditions.
2.4 Being Relevant, Limited and Proportionate to the Purpose for Which They Are Processed
Your personal data are processed in a manner that is proportionate, related to the purpose and limited so that the envisaged purpose or purposes can be achieved, and the processing of personal data that are unrelated to or unnecessary for the fulfillment of the purpose is avoided. Again, within the scope of this principle, personal data are not collected or processed for purposes that do not currently exist but are only contemplated to arise in the future.
2.5 Retention for the Period Prescribed by the Relevant Legislation or Necessary for the Purpose for Which They Are Processed
Your personal data are retained only for the period prescribed by the relevant legislation or necessary for the purpose for which they are processed. In this regard, the Company takes and implements the relevant administrative and technical measures. Within this scope, it is first determined whether a period is prescribed by the relevant legislation for the retention of personal data; if a period has been specified, compliance is ensured with such period, and if no period has been specified, personal data are retained for the period necessary for the purpose for which they are processed. In the event that the necessity of the relevant processes ceases to exist, access to your personal data by unrelated departments is prevented within the scope of the deletion action specified in KVKK No. 6698. Upon the expiry of the period or the disappearance of the reasons requiring processing, if there is no legal reason allowing their processing for a longer period, your personal data are destroyed or anonymized in accordance with the personal data protection legislation.
3. CONDITIONS FOR PROCESSING PERSONAL DATA
Your personal and special categories of personal data may be processed within the framework of the conditions set out below under KVKK No. 6698.
3.1 Explicitly Provided for by Laws
The main rule is that personal data cannot be processed without the explicit consent of the relevant persons; however, as an exception to this rule, your personal data may be processed in cases where the processing of personal data is explicitly provided for by laws.
3.2 Inability to Obtain the Explicit Consent of the Data Subject Due to Actual Impossibility
Your personal data may be processed where it is mandatory to process the personal data of the relevant person who is unable to express consent due to actual impossibility or whose consent cannot be deemed legally valid, in order to protect the life or physical integrity of such person or another person.
3.3 Being Directly Related to the Establishment or Performance of a Contract
Your personal data may be processed where it is necessary to process the personal data of the parties to a contract, provided that it is directly related to the establishment or performance of the contract.
3.4 Fulfillment of the Legal Obligation of the Company
Your personal data may be processed where processing is mandatory for the Company to fulfill the legislation, contractual and similar legal obligations to which it is subject and for which it is responsible.
3.5 Public Disclosure of Personal Data
Where your personal data have been made public by you, in other words shared with the public by you, they may be processed in connection with and proportionate to the purpose of making them public.
3.6 Necessity of Data Processing for the Establishment or Protection of a Right
Your personal data may be processed where data processing is mandatory for the establishment, exercise or protection of the said right within the scope of carrying out and managing processes relating to the legal and commercial rights held by the Company.
3.7 Processing of Data Based on Legitimate Interest
Your personal data may be processed where data processing is necessary for the legitimate interests of the Company. In the event that our Company needs to process data based on this processing condition, it makes an assessment by also taking your fundamental rights and freedoms into account and makes a decision according to the outcome of such assessment.
3.8 Processing Based on Explicit Consent
Although the processing of personal data based on explicit consent is the main rule, in the presence of the other conditions specified in this article, the explicit consent of the relevant persons is not relied upon. Otherwise, this may constitute an abuse of rights. In this context, your personal data are processed based on your explicit consent in cases where they are not processed on the basis of any of the conditions specified in these Principles.
3.9 Processing of Special Categories of Personal Data
Special categories of personal data, pursuant to Article 6 of KVKK No. 6698
  • the explicit consent of the relevant person is present,
  • it is explicitly provided for by laws,
  • it is mandatory for the protection of the life or physical integrity of the person who is unable to disclose consent due to actual impossibility or whose consent is not legally valid, or of another person,
  • it relates to personal data made public by the relevant person and is in line with the intention of making them public,
  • it is mandatory for the establishment, exercise or protection of a right,
  • it is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, and the planning, management and financing of health services by persons under an obligation of confidentiality or authorized institutions and organizations,
  • it is mandatory for the fulfillment of legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance,
  • it is possible in the case of foundations, associations and other non-profit organizations or formations established for political, philosophical, religious or trade union purposes, provided that it is in compliance with the legislation and purposes to which they are subject, limited to their fields of activity, and not disclosed to third parties; and that it relates to their current or former members and affiliates or persons who are in regular contact with such organizations and formations.
4. TRANSFER OF PERSONAL DATA
Your personal and special categories of personal data may be transferred to our domestic business partners, public institutions and organizations and similar parties within the scope of Article 2 of these Principles. While such transfers are carried out, compliance with Article 8 of KVKK No. 6698 is observed. Where necessary, your explicit consent is obtained and the transfer is carried out within this framework.

Your personal and special categories of personal data may be transferred to our domestic business partners, public institutions and organizations and similar parties, as well as to our business partners abroad, within the scope of Article 2 of these Principles. While such transfers are carried out, compliance with Articles 8 and 9 of KVKK No. 6698 is observed. Where necessary, your explicit consent is obtained and the transfer is carried out within this framework.
5. SECURITY OF PERSONAL DATA
The Company takes all reasonable administrative and technical measures to ensure the security of personal data, to prevent unlawful processing, to prevent risks of unauthorized access, accidental data loss, intentional deletion of data or damage to data.
The necessary technical and physical measures are taken to a reasonable extent in order to prevent access to personal data by persons other than those who have access authority. Within this scope, in particular, the authorization system is designed in such a way that it is not possible for persons and systems to access more personal data than necessary.
The Company carries out and has carried out the necessary audits within its own institution or organization in order to ensure the implementation of the provisions of KVKK No. 6698.
The measures taken are as follows.
  • Network security and application security are ensured.
  • A closed system network is used in personal data transfers via network.
  • Security measures are taken within the scope of the procurement, development and maintenance of information technology systems.
  • The security of personal data stored in the cloud is ensured.
  • Disciplinary regulations containing data security provisions are available for employees.
  • Training and awareness studies on data security are conducted for employees at certain intervals.
  • An authorization matrix has been established for employees.
  • Access logs are regularly maintained.
  • Corporate policies on access, information security, use, retention and disposal have been prepared and put into practice.
  • Data masking measures are applied when necessary.
  • Confidentiality undertakings are executed.
  • The authorizations of employees who change duties or leave their jobs in this area are revoked.
  • Up-to-date anti-virus systems are used.
  • Firewalls are used.
  • Signed contracts include data security provisions.
  • Additional security measures are taken for personal data transferred on paper, and the relevant documents are sent in confidential document format.
  • Personal data security policies and procedures have been determined.
  • Personal data security issues are reported rapidly.
  • The security of personal data is monitored.
  • Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
  • The security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured.
  • The security of environments containing personal data is ensured.
  • Personal data are minimized as much as possible.
  • Personal data are backed up, and the security of backed-up personal data is also ensured.
  • User account management and authorization control systems are implemented and monitored.
  • Periodic and/or random internal audits are carried out and commissioned.
  • Log records are kept in a way that prevents user intervention.
  • Existing risks and threats have been identified.
  • Protocols and procedures for the security of special categories of personal data have been determined and are implemented.
  • If special categories of personal data are to be sent by e-mail, they are sent encrypted and by using KEP or a corporate e-mail account.
  • Intrusion detection and prevention systems are used.
  • Penetration testing is carried out.
  • Cyber security measures have been taken and their implementation is continuously monitored.
  • Encryption is carried out.
  • Special categories of personal data transferred via portable memory, CD or DVD are transferred in encrypted form.
  • Data processors are audited at certain intervals regarding data security.
  • Awareness of data security is ensured for data processing service providers.
  • Data loss prevention software is used.
6. RIGHTS OF THE DATA SUBJECT, APPLICATION PROCEDURES AND PRINCIPLES
6.1 Rights of the Data Subject
The rights of the data subject are regulated in Article 11 of KVKK No. 6698 as follows. Everyone may, by applying to the data controller, with respect to himself/herself;
  • a) To learn whether personal data are processed.
  • b) To request information if personal data have been processed.
  • c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose.
  • ç) To know the third parties to whom personal data are transferred domestically or abroad.
  • d) To request correction of personal data if they have been processed incompletely or incorrectly.
  • e) To request the deletion or destruction of personal data within the conditions stipulated in Article 7 of the Law,
  • f) To request notification to third parties to whom personal data have been transferred of the transactions carried out pursuant to subparagraphs (d) and (e),
  • g) To object to the emergence of a result against the person himself/herself by means of analyzing the processed data exclusively through automated systems.
  • h) To request compensation for damages in the event of suffering damage due to the unlawful processing of personal data.
has the following rights.
6.2 Application Procedures and Principles
As a data subject, you may submit your requests regarding your rights under Article 11 of KVKK No. 6698 by filling out the relevant form in accordance with the procedures and principles set out in the Data Subject Application Form available on our website and, in any case, through our KEP address, *** e-mail address; by a communication that you will send with a mobile signature or e-signature, or by your signed written application that you will make in person to *** address with the relevant form, or through a notary public, provided that it meets the minimum conditions stipulated by the Communiqué on the Procedures and Principles of Application to the Data Controller. The Company will finalize your application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the process requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board shall be charged by the Company.