Protection of Personal Data
Protection of Personal Data
Sel Uluslararası Tas. Oto. Ins. Ve Dis Tic. Ltd. Sti. attach importance to the security of personal data. In this context, we deemed it appropriate to inform all our interlocutors about the "Law on the Protection of Personal Data", which was established to protect the fundamental rights and freedoms of individuals and personal data.
Law No. 6698 on the Protection of Personal Data was published in the Official Gazette on 7 April 2016 and entered into force. This law includes general principles to be complied with in the processing of personal data, the conditions for the processing of personal data and the rights of the data owners. The purpose of this law is "to protect the fundamental rights and freedoms of individuals, especially the privacy of private life in the processing of personal data, and to regulate the obligations and procedures and principles to be complied with by real and legal persons processing personal data".
General Information on the Law on Protection of Personal Data
Personal data is defined as "any information relating to an identifiable or identifiable natural person". By any kind of information, it is meant not only information about the individual's name, surname, date of birth and place of birth, but also information about the individual's physical, family, economic, social and similar characteristics.
Sensitive (private) personal data is a special type of personal data. The legislator has regulated the conditions for the processing of sensitive personal data more stringently, considering that there is a possibility that this information may be used in a manner that could lead to discrimination against persons. This data; data on race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, disguise and dress, association, foundation or union membership, health, sexual life, biometric data or criminal convictions and security measures.
The processing of personal data covers all kinds of data processing such as obtaining, saving, storing, preserving, changing, transferring, taking over this data.
There are a number of principles / procedures that must be followed in order to process personal data in accordance with the law. Accordingly, data processing must first comply with the law and the code of integrity. Other principles are that the processed data is accurate and up-to-date when necessary, that data processing is performed for specific, clear and legitimate purposes, and that the processing is purpose-related, limited and measured. Furthermore, the processed data should not be stored longer than necessary for the purpose.
Terms of Processing of Personal Data
As a rule, personal data cannot be processed without the express consent of the data owner. In order to obtain explicit consent, the data owner should be informed in detail about the process. However, in exceptional cases, according to Article 5 of the law, personal data can be processed without the explicit consent of the data owner. These exceptions are:
Clearly foreseeing the processing of data in the law,
It is compulsory for the protection of the life or body integrity of the person or someone else who is unable to disclose his / her consent due to the impossibility or whose consent is not granted legal validity,
Provided that the personal data of the parties to the contract are processed, provided that it is directly related to the establishment or performance of a contract,
It is obligatory for the data officer to fulfill his legal obligation,
Having been publicized by the person concerned,
Data processing is mandatory for the establishment, use or protection of a right, and data processing is compulsory for the legitimate interests of the data officer, provided that it does not harm the fundamental rights and freedoms of the person concerned.
Sensitive personal data, other than health and sexual life, may only be processed without express consent in cases expressly provided by law. Data on health and sexual life, on the other hand, are intended only for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. can be processed without searching.
Lighting Responsibility of Data Officer
According to the Law, data officers are obliged to enlighten the data holders for whom they process personal data. Within the scope of the fulfillment of this obligation, the following information shall be provided by the company to the data owners when necessary:
The identity of the data officer and the representative, if any,
The purpose for which personal data will be processed,
To whom and for what purpose personal data can be transferred,
Method and legal reason of personal data collection,
Rights of the data owner.