The Law on the Protection of Personal Data that aims to protect the right of privacy as well as the fundamental rights and freedoms related to the processing of personal data entered in force with the Official Gazette dated April 7, 2016. You can find the information regarding the main topics included in the respective Law down below.
WHAT IS PERSONAL DATA? Personal data stands for all kinds of data regarding individuals and accordingly the concept of personal data as well as for data related to identified or identifiable real or legal persons.
WHAT IS PERSONAL DATA OF SPECIAL NATURE? Personal data of special nature refers to all kinds of personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions and security measures, and the biometric and genetic data.
WHAT IS PROCESSING OF PERSONAL DATA? Processing of personal data refers to all kinds of operations performed upon personal data such as collection, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making retrievable, classification or preventing the use thereof, fully or partially through automatic means or provided that the process is a part of any data registration system, or through non-automatic means.
WHO IS DATA PROCESSOR? A data processor is either a natural or a legal person who processes personal data on behalf of the controller upon his authorization.
WHO IS DATA CONTROLLER? A data controller is either a natural or legal person who determines the purpose and means of processing personal data and is responsible for establishing and managing the data registry system.
WHAT ARE THE GENERAL PRINCIPLES OF PROCESSING PERSONAL DATA?
Personal data may only be processed in compliance with the procedures and principles outlined in this Law.
The following principles shall be complied within the processing of personal data:
- Lawfulness and conformity with rules of bona fides.
- Accuracy and being up to date, where necessary.
- Being processed for specific, explicit and legitimate purposes.
- Being relevant with, limited to and proportionate to the purposes for which they are processed.
- Being retained for the period of time stipulated by the relevant legislation or the purpose for which they are processed.
Explicit consent of the data subject is compulsory for processing personal data.
WHAT ARE THE CONDITIONS OF PROCESSING PERSONAL DATA WITHOUT THE EXPLICIT CONSENT OF THE DATA SUBJECT?
- Personal data may be processed without seeking the explicit consent of the data subject on condition that it is clearly provided for by the laws.
- Personal data of data subjects may be processed without seeking the explicit consent on condition that it is mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his consent or whose consent is not deemed legally valid.
- Personal data of data subjects may be processed without seeking the explicit consent on condition that processing of personal data belonging to the parties of a contract is necessary provided that it is directly related to the conclusion or fulfillment of that contract.
- Personal data of data subjects may be processed without seeking the explicit consent on condition that it is mandatory for the controller to be able to perform his legal obligations.
- Personal data of data subjects may be processed without seeking the explicit consent on condition that the data concerned is made available to the public by the data subject himself.
- Personal data of data subjects may be processed without seeking the explicit consent on condition that data processing is mandatory for the establishment, exercise or protection of any right.
- Personal data of data subjects may be processed without seeking the explicit consent on condition that it is mandatory for the legitimate interests of the controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
WHAT ARE THE CONDITIONS OF TRANSFERRING PERSONAL DATA ABROAD?
Personal data may be transferred abroad provided that the explicit consent of the data subject is received.
Personal data and personal data of special nature may be transferred abroad in cases where the condition of seeking the explicit consent of the data subject does not apply and sufficient protection is provided in the foreign country where the data is to be transferred or the data controllers in Turkey and the related foreign country guarantee sufficient protection in writing and the Board has authorized such transfer, where sufficient protection is not provided.
In cases where the interest of Turkey or the data subject will seriously be harmed, personal data, without prejudice to the provisions of international agreements, may only be transferred abroad upon the permission to be given by the Board after receiving the opinions of related public institutions and organizations.
WHAT ARE THE OBLIGATIONS OF THE CONTROLLER?
The controller or the person authorized by him is obliged to inform the data subjects about the following:
a) The Identity of the controller and his representative, if any,
b) The purpose of data processing,
c) To whom and for what purposes the processed data may be transferred,
ç) The method and legal reason for collecting personal data,
d) Other rights of the data subject stated in the Law herein.
WHAT ARE THE RIGHTS OF DATA SUBJECT?
A data subject has the following rights.
a) To learn whether his personal data are processed or not.
b) To request information if his personal data are processed.
c) To learn the purpose of his data processing and whether this data is used for intended purposes.
ç) To know the third parties to whom his personal data is transferred at home or abroad.
d) To request the rectification of incomplete or inaccurate data.
e) To request the erasure or destruction of his personal data.
f) To request to have the third parties notified regarding the rectification of the incomplete or inaccurate data or the erasure or destruction of personal data.
g) To object to the processing, exclusively by automatic means, of his personal data, which leads to unfavorable consequences for the data subject.
ğ) To request compensation for the damage arising from the unlawful processing of his personal data.
WHAT ARE THE OBLIGATIONS CONCERNING DATA SECURITY?
The controllers are obliged to take all necessary technical and administrative measures to provide a sufficient level of security for the following cases;
a) Preventing unlawful processing of personal data,
b) Preventing unlawful access to personal data,
c) Ensuring the retention of personal data.
The controller shall be held jointly responsible with persons who process personal data on behalf of the controller for taking the respective measures mentioned above.
The controller shall be obliged to conduct necessary inspections or have them conducted with the aim of implementing the provisions of this Law.
The controllers and processors shall not disclose the personal data that they learned to anyone in violation of this Law, neither shall they use such data for purposes other than processing. This obligation shall continue even after the end of their term.
In case the processed data are collected by other parties through an unlawful method, the controller shall notify the data subject and the Board immediately.
In line with the regulations included in the LAW ON THE PROTECTION OF PERSONAL DATA, please be reminded that your personal data used for conducting respective proceedings pertaining to industrial property, is retained and protected under the guarantee of our Company and is not shared with anyone without your explicit consent except for the conditions permitted by the respective Law, and please note that you may contact us anytime for any topic related to your personal data