Personal Data Protection Law (KVKK)

DISCLOSURE TEXT AND DATA PROTECTION STATEMENTS

It is important that personal data is processed and stored in compliance with the Personal Data Protection Law No. 6698 (KVKK). For this reason, as MDP TR TEKNOLOJİ LİMİTED ŞİRKETİ (hereinafter referred to as “MDP Group”), we take the utmost care to implement the necessary technical and administrative measures to protect, store and process personal and/or special category personal data belonging to you, in accordance with the law.

We frequently collect personal data from you online as well. Personal data and/or special category personal data collected and recorded during visits to our website are processed in accordance with the Personal Data Protection Law. MDP Group, acting as data controller, collects and stores your data within the limits prescribed by law. We would also like to point out that all personal data and special category personal data collected during your visit to our website are protected within the framework of our Privacy Policy. You may review our Privacy Policy available on this page.

MDP Group does not guarantee the data security or data policy of websites activated by links provided on our website. In this regard, the data security and data policy of the redirected page must be carefully reviewed by you.

1. WHAT IS PERSONAL DATA?

Personal data is defined in Law No. 6698 on the Protection of Personal Data as “any information relating to an identified or identifiable natural person.” As can be understood from the definition, any data that makes you identifiable constitutes personal data. In this context, your personal data cannot be collected or processed by another person without your explicit consent. In addition to these; political opinion, denomination, race, religion, association/foundation membership, health information, philosophical belief, faith, sexual preference, criminal record, criminal conviction information, and biometric data are special category personal data. Collection, transfer and processing of special category personal data requires your separate and explicit written consent. All explanations and information regarding your personal data contained in this disclosure text also cover your special category personal data.

2. LEGAL BASIS

Law No. 6698 on the Protection of Personal Data also requires that data subjects be informed separately and explicitly about the data being collected at the time their consent is obtained. This obligation, referred to as the Obligation to Inform, is set forth in Article 10 of the Law as follows:

“During the collection of personal data, the data controller or the person authorized by the data controller is obliged to inform the relevant persons about; the identity of the data controller and its representative, if any; the purposes for which personal data will be processed; to whom and for what purpose the processed personal data may be transferred; the method and legal reason for collecting personal data; and other rights listed in Article 11.”

In Article 3 of the KVKK, the Data Controller is defined as:

“Natural or legal persons who determine the purposes and means of processing personal data and are responsible for the establishment and management of the data recording system.”

Furthermore, under the same law, a Data Processor refers to a natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.

In this context, the data controller is MDP Group, whose website you are visiting. The information of the Data Controller is as follows:

Company Name: MDP TR TEKNOLOJİ LİMİTED ŞİRKETİ
Address: Bayar Cad. Şehit Mehmet Fatih Öngül Sk. No: 3 Bağdatlıoğlu İş Merkezi Kat: 10 Kozyatağı – Kadıköy / Istanbul
Phone: +90 216 317 77 90
E-mail: info@mdpgroup.com

3. SCOPE OF THE OBLIGATION TO INFORM

In accordance with the provisions explained above, MDP Group is the data controller. Under this capacity, MDP Group informs and enlightens data subjects in this Disclosure Text about the fact that personal data and special category personal data are processed within the limits prescribed by law and in compliance with the law.

Through this obligation to inform, MDP Group has assumed certain obligations as data controller. In this context, these obligations consist of: providing information to data subjects regarding the purposes of processing personal data, the transfer of personal data and the purposes of transfer, to whom the transfer may be made, the rights provided in Article 11 of the KVKK such as updating, deletion, and anonymization directed by the data owner, the purposes, principles and legal bases for collecting personal data.

4. PURPOSES FOR WHICH YOUR PERSONAL DATA IS PROCESSED BY MDP GROUP

Your personal data is processed within the limits prescribed by Law No. 6698 on the Protection of Personal Data and based on the principles of the law. Within the framework of the law, our data processing purposes as MDP Group are:

1. Improving the quality of products and services provided to you;
2. Enabling you to be quickly informed about innovations within MDP Group and about the products and services offered;
3. Identifying personal needs and purposes of use and accordingly delivering tailored goods and service offerings to our customers;
4. Carrying out MDP Group’s commercial activities and ensuring complete performance for you in this context;
5. Informing you about our changing and developing products and services, and providing necessary clarifications when required;
6. Enabling you to benefit in the best possible way from the products and services offered by our company;
7. As MDP Group, developing, determining and establishing our commercial partnerships and strategies on a secure basis, and making the right decisions in our commercial policies and managerial processes;
8. As MDP Group, building our corporate identity on solid foundations and ensuring corporate operations;
9. Achieving the goals of our internal policies and thereby increasing our customers’ satisfaction;
10. Ensuring data security;
11. As MDP Group, developing goods and services offered online;
12. Quickly resolving potential adverse situations;
13. Enabling communication with those who submit requests and complaints to MDP Group;
14. Ensuring compliance with the provisions of the Privacy Policy published on our website.

For all these purposes, data is processed in accordance with the “Conditions for Processing Personal Data” specified in Articles 5 and 6 of Law No. 6698 on the Protection of Personal Data.

5. PRINCIPLES REGARDING THE PROCESSING OF YOUR PERSONAL DATA

MDP Group has adopted the following as its data processing policy principles:

1. Retaining data for the period prescribed by the relevant legislation or required for the purpose for which it is processed;
2. Processing in compliance with the law;
3. Ensuring that data is up to date;
4. Acting in accordance with the rules of honesty;
5. Not using data for purposes other than those for which it was processed;
6. Ensuring that data processing is proportionate and limited to the purpose;
7. Processing in accordance with general morality, customs and traditions;
8. Processing in compliance with all relevant legislative provisions, primarily the provisions of KVKK No. 6698.

6. METHOD OF PROCESSING PERSONAL DATA

In general, personal data is held and processed by MDP Group in two contexts. These contexts can be defined as: explicit consent and compliance with the law. Except in cases explained under the heading “Cases Not Requiring Explicit Consent” below, the explicit consent of the relevant person must be obtained.

Cases Not Requiring Explicit Consent

Law No. 6698 on the Protection of Personal Data stipulates that in certain cases, explicit consent is not required for the processing and retention of data. These cases specified in the second paragraph of Article 5 of the Law are as follows:

• Being explicitly stipulated by law;
• Being necessary for the protection of the life or physical integrity of the person himself/herself or of another person, where it is factually impossible to obtain consent or where the consent would not be legally valid;
• Being necessary for the processing of personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract;
• Being mandatory for the data controller to fulfill its legal obligation;
• Being made public by the data subject himself/herself;
• Being mandatory for the establishment, exercise or protection of a right;
• Being mandatory for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not harmed.

We would like to point out that in the presence of such situations, we have the right to process data as MDP Group without your explicit consent.

7. METHOD BY WHICH YOUR PERSONAL DATA IS COLLECTED BY OUR COMPANY

In increasingly changing and developing technological conditions, data is collected by our company from various channels. The methods of collecting such data are diverse. Although not limited to these, our data collection methods can be listed as follows: website, social media channels, instant messaging tools, e-mails, telephone, fax, manual methods, contracts, all documents and records submitted to our company for the performance of work, and mobile applications. The data reached through these methods may be verbal, written and electronic.

The data collected within MDP Group may be processed and transferred within the conditions specified in this disclosure text in accordance with the conditions, purposes and principles of Law No. 6698 on the Protection of Personal Data as explained above.

8. TRANSFER AND PROTECTION OF DATA

8.1. Transfer of Data

Your data is transferred solely for the purpose of ensuring the performance of the work, in accordance with Law No. 6698 on the Protection of Personal Data and under the conditions of our confidentiality agreement. MDP Group exercises full care during the data transfer process and endeavors to transfer as little data as possible. In this context, MDP Group may transfer data to solution partners and companies in the position of performance assistants.

8.2. Protection of Data

Law No. 6698 on the Protection of Personal Data primarily aims to protect data and prevent unauthorized transfer. We take all necessary technical and administrative measures as MDP Group to prevent the transfer of data to unauthorized third parties, primarily in accordance with the relevant legal provisions. In this context, we particularly bring our internal company policies into compliance with the law and maintain all types of technical software and hardware for the protection of data within our organization. To achieve all this, we primarily endeavor to prevent both our employees within the company and third parties we do business with from acting in violation of our Privacy Policy.

9. RIGHTS OF THE DATA SUBJECT

9.1. General Information Regarding the Application

Article 11 of Law No. 6698 on the Protection of Personal Data sets out the rights of the data subject. Pursuant to this article, your rights as data subject are as follows:

1. Learning whether personal data is being processed;
2. Requesting information if personal data has been processed;
3. Learning the purpose of processing personal data and whether it is used in accordance with its purpose;
4. Knowing the third parties to whom personal data has been transferred domestically or abroad;
5. Requesting correction of personal data if it has been processed incompletely or incorrectly;
6. Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law titled “Deletion, destruction or anonymization of personal data”;
7. Requesting that the third parties to whom personal data has been transferred be notified about the correction of incomplete or incorrectly processed data, or about the deletion or destruction of data upon the request of the person concerned;
8. Objecting to the occurrence of a result against the person himself/herself through the analysis of processed data exclusively by automated systems;
9. Requesting compensation for damages in case of suffering a loss due to the unlawful processing of personal data.

You may submit your requests regarding the rights arising from the law explained above to our company within the framework of the procedure specified in this Disclosure Text. Such requests will be responded to by MDP Group within thirty days at the latest. Applications must be made by the data subject himself/herself. MDP Group will only take into account the application made by the data subject and information will only be shared about the applicant. While applications are free of charge, in the event that the Personal Data Protection Authority determines a fee, the fee determined by the Authority may be requested from you by our company.

9.2. Application Procedure

You are required to transmit the information specified below to our company completely in your application. You may submit your applications in writing directly to our company, as well as through a Notary Public, by registered mail with return receipt, to the registered KEP address of our company, or via the address info@mdpgroup.com.

1. Your First and Last Name
2. Your Turkish ID Number (T.C. Kimlik No.)
3. If you are a foreign national: your nationality, passport number or identity number
4. If submitting a written application: your wet signature at the bottom of the application form
5. The content of your request pursuant to Article 11 of the KVKK
6. Your telephone and/or fax number(s) where we can reach you
7. Your e-mail address where we can reach you
8. Your full address for service of notice

Our company’s contact information is stated in Article 2 of this text.