Privacy Policy
PRINCIPLES OF PRIVACY AND PROTECTION OF PERSONAL DATA
PURPOSE AND SCOPE
These Privacy and Personal Data Protection Principles (hereinafter referred to as the “Principles”) determine the principles adopted by Miamax Global Dış Ticaret Limited Şirketi (hereinafter referred to as the “Company”) regarding the protection of personal data and aim to inform all relevant person groups within the scope of the Personal Data Protection Law No. 6698 (hereinafter referred to as “LPPD No. 6698”).
PRINCIPLES ON PROCESSING PERSONAL DATA
As a company, we process your personal data as the Data Controller within the framework of the following principles.
Processing in Accordance with Law and Fairness
In the processing of your personal data, we act in accordance with the principles brought by legal regulations and the general rule of trust and honesty. In accordance with this principle, we take your interests and reasonable expectations into consideration, do not abuse our rights and act in accordance with the principle of transparency in our data processing activities, especially while trying to achieve our personal data processing purposes.
Ensuring Personal Data is Accurate and Up-to-date Where Necessary
In line with this principle, which emphasizes the importance of the accuracy and currency of personal data, your legitimate interests are taken into account, and periodic checks and updates are made to ensure that the processed data is accurate and up-to-date, and necessary measures are taken in this direction. In this context, systems are established within the Company to check the accuracy of personal data and make necessary corrections. In addition, the accuracy of the sources from which personal data is collected is checked and requests arising from inaccuracies in personal data are taken into consideration. Therefore, this principle is also applied in accordance with the right to request correction of your personal data pursuant to the KVKK No. 6698.
Processing for Specific, Clear and Legitimate Purposes
Your personal data is processed based on clear, specific and legitimate data processing purposes. In this context, we ensure that our personal data processing activities are clearly understandable to the relevant persons, and we determine and clearly state the purposes and legal processing conditions they are based on in Article 3 of these Principles.
Being Relevant, Limited and Proportionate to the Purpose for Which They Are Processed
Your personal data is processed in a measured, purpose-related and limited manner in order to achieve the intended purpose/purposes, and the processing of personal data that is not related to the achievement of the purpose or is not needed is avoided. Again, within the scope of this principle, personal data is not collected or processed for purposes that do not exist and are intended to be realized later.
Preservation for the Period Stipulated in the Relevant Legislation or Necessary for the Purpose for which they are Processed
Your personal data is stored only for the period stipulated in the relevant legislation or necessary for the purpose for which it is processed. In this regard, the Company takes and implements the relevant administrative and technical measures. In this context, first of all, it is determined whether a period is stipulated in the relevant legislation for the storage of personal data, if a period is specified, this period is complied with, if no period is specified, personal data is stored for the period necessary for the purpose for which it is processed. If the necessity of the relevant processes ceases to exist, access to your personal data by unrelated departments is prevented within the scope of the deletion action specified in the KVKK No. 6698. If the period expires or the reasons requiring processing cease to exist, and if there is no legal reason allowing them to be processed for a longer period, your personal data is destroyed or anonymized in accordance with the personal data protection legislation.
CONDITIONS FOR PROCESSING PERSONAL DATA
Your personal data, personal and special personal data within the scope of KVKK No. 6698 can be processed under the conditions set out below.
Explicitly Provided in Laws
The basic rule is that personal data cannot be processed without the explicit consent of the relevant persons. According to this exception, your personal data may be processed in cases where the processing of personal data is explicitly provided for in the laws.
Failure to Obtain the Explicit Consent of the Person Concerned Due to Actual Impossibility
Your personal data may be processed if the processing of personal data is necessary to protect the life or physical integrity of the relevant person or another person who is unable to give his/her consent due to a de facto impossibility or whose consent cannot be validated.
Direct Interest in the Establishment or Performance of the Contract
Your personal data may be processed if it is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or execution of the contract.
Fulfillment of the Company's Legal Obligations
Your personal data may be processed if processing is mandatory in order to fulfill the legislation, contracts and similar legal obligations to which the Company is bound and responsible.
Making Personal Data Public
If your personal data is made public by you, that is, shared with the public, it may be processed in a manner that is proportionate and in connection with the purpose of making it public.
Data Processing is Necessary for the Establishment or Protection of a Right
Within the scope of carrying out and managing the processes related to the legal and commercial rights that the Company has, your personal data may be processed if data processing is mandatory for the establishment, exercise or protection of the said right.
Processing of Data Based on Legitimate Interest
If data processing is necessary for the legitimate interests of the Company, your personal data may be processed. In case our Company needs to process data depending on the processing condition, it evaluates your fundamental rights and freedoms and makes a decision according to the results of the evaluation.
Processing Based on Explicit Consent
Although the main rule is that personal data is processed based on explicit consent, if the other conditions specified in this article are present, the explicit consent of the relevant persons is not relied upon. Otherwise, abuse of rights may be mentioned. In this context, your personal data is processed based on your explicit consent in cases where it is not processed based on any of the conditions specified in these Principles.
Processing of Special Personal Data
We process your special personal data based on your explicit consent in accordance with Article 6 of the KVKK numbered 6698. Again, in the same article, we can process your special personal data other than health and sexual life only in cases prescribed by law, and your special personal data related to health and sexual life only for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and their financing, by paying attention to the issues regarding processing by persons or authorized institutions and organizations under a confidentiality obligation, without seeking your explicit consent.
TRANSFER OF PERSONAL DATA
Your personal and private data may be transferred to our business partners, public institutions and organizations and similar in Turkey or to our business partners abroad within the scope of Article 2 of these Principles. While such transfers are being made, compliance with Articles 8 and 9 of the KVKK No. 6698 is observed. If necessary, your explicit consent is obtained and the transfer is provided within this framework.
SECURITY OF PERSONAL DATA
In order to ensure the security of personal data and to prevent unlawful processing, the Company takes all reasonable administrative and technical measures to prevent the risks of unauthorized access, accidental data loss, deliberate deletion of data or damage to data.
All reasonable technical and physical measures are taken to prevent access to personal data by people other than those authorized to access it. In this context, the authorization system in particular is designed in a way that prevents people and systems from accessing more personal data than necessary.
The Company carries out and has carried out the necessary audits in its own institution or organization in order to ensure the implementation of the provisions of the KVKK No. 6698.
The measures taken are as follows.
Network security and application security are provided.
A closed system network is used for personal data transfers via the network.
Security measures are taken within the scope of information technology systems procurement, development and maintenance.
There are disciplinary regulations in place for employees that include data security provisions.
Training and awareness activities are carried out for employees on data security at regular intervals.
An authority matrix has been created for employees.
Access logs are kept regularly.
Institutional policies regarding access, information security, usage, storage and destruction have been prepared and implemented.
Confidentiality commitments are made.
The authority of employees who change their duties or leave their jobs is revoked in this area.
Up-to-date anti-virus systems are used.
Firewalls are used.
The signed contracts contain data security provisions.
Extra security measures are taken for personal data transferred via paper, and the relevant documents are sent in a confidential document format.
Personal data security policies and procedures have been determined.
Personal data security issues are reported quickly.
Personal data security is monitored.
Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
The security of environments containing personal data is ensured.
Personal data is reduced as much as possible.
Personal data is backed up and the security of the backed up personal data is also ensured.
User account management and authorization control systems are implemented and monitored.
Periodic and/or random audits are carried out within the institution.
Log records are kept without user intervention.
Current risks and threats have been identified.
Protocols and procedures for the security of special personal data have been determined and implemented.
If special personal data is to be sent via e-mail, it must be encrypted and sent using a KEP or corporate mail account.
Intrusion detection and prevention systems are used.
Cyber security measures have been taken and their implementation is constantly monitored.
Encryption is being done.
Personal data transferred via portable memory, CD or DVD is encrypted.
Data processing service providers are audited periodically regarding data security.
Awareness of data processing service providers regarding data security is ensured.
Data loss prevention software is used.
RIGHTS OF THE RELATED PERSON, APPLICATION PROCEDURES AND PRINCIPLES
As the relevant person, if you have a request regarding your rights stipulated in Article 11 of Law No. 6698 and if you are a citizen of the European Union, you can submit your requests regarding your rights such as withdrawing your explicit consent, obtaining information regarding your data and accessing this data, correcting, deleting or limiting the processing of your personal data in certain cases, data portability under certain conditions, objecting to the processing of your personal data and similar rights within the scope of the GDPR by filling out the Application Form Regarding the Protection of Personal Data, which you can obtain from our website, or by submitting your application that meets the minimum conditions stipulated in the Communiqué on the Procedures and Principles of Application to the Data Controller, using the methods below. We, as the Company, will finalize your application free of charge as soon as possible and within thirty days at the latest, depending on the nature of your request. However, if the transaction requires an additional cost, the Company will charge the fee in the tariff determined by the Personal Data Protection Board. If your application is rejected, the response is found insufficient or the response is not given on time upon your application, you can inform us about this and, as the relevant person, you have the right to apply to the competent data protection authority in your country within thirty days from the date you learn of our response and, in any case, within sixty days from the date you made your application in accordance with the procedure.