A. PURPOSE
In accordance with the Personal Data Protection Law; To prevent the unlawful acquisition, processing and access of personal data. To ensure that organizational, technical, administrative and technological measures are taken on personal data processed in line with specific, legitimate and clear purposes.
B. SCOPE
To ensure the security of personal data obtained and processed or being processed in accordance with the Personal Data Protection Law in our institution, whether in digital or physical environment, in all different places and environments.
C. IMPLEMENTATION
A Personal Data Security Management System has been established in our institution. Each employee is responsible for working in accordance with personal data security and acting in accordance with information security. For those who do not work in accordance with information security and do not comply with the determined rules, the “Information Security Incident Violation Form” is filled out to contribute to the data security of the institution.
As BEKS ÇORAP, in order to work in accordance with the Personal Data Protection Law and the legal regulations of the Personal Data Protection Authority, the Board of Directors, Personal Data Protection Committee and Data Controller Communication Representative are appointed as the Data Controller to develop the necessary policies, procedures, instructions and forms, to establish a manageable system regarding KVKK and to supervise this established system and to make the necessary improvements.
All employees involved in the relevant process are jointly responsible for the protection of personal data in accordance with the KVKK Policy and procedures prepared by the institution.
Personal data is protected with organizational, administrative, technical and technological facilities and applications, and security is tightened regularly with internal and external audits.
Experts with experience and technical experience are employed in order to ensure information security and personal data security.
BEKS ÇORAP employees receive awareness training on personal data, special personal data and protection of personal data; and the legal processing of personal data. KVKK/GDPR Committee provides technical training on KVKK to the Data Controller Communication Representative.
Access to personal data is authorized in our institution. In order to ensure that employees who need to access personal data have access to the personal data in question, the Data Controller Communication Representative and the KVKK/GDPR Committee are jointly responsible for the creation and implementation of these procedures.
BEKS ÇORAP employees can access personal data only within the authority granted to them and in accordance with the relevant KVKK procedure. If an additional authority has been granted, even by mistake, it is the employee's responsibility to report this. If the employee exceeds the access authorization, any access and processing they have performed is unlawful and will result in the termination of their employment contract for just cause.
In the event that BEKS ÇORAP employees suspect that there is a breach of the security of Personal Data; unauthorized access; disclosure of special personal data or that the security of personal data has not been sufficiently ensured, they immediately report the situation to the Data Controller Communication Representative via the Information Security Incident Violation Form. Any suspected violation is communicated to the KVKK/GDPR Committee through the relevant officers.
Detailed KVKK policies, procedures, instructions and forms regarding the collection, processing, security, updating, deletion and anonymization of Personal Data are created by the Data Controller Representative and the Committee.
Every BEKS ÇORAP employee who is allocated an institution's mobile device is included in the Privileged Rights Table. Employees are responsible for the security of their mobile devices allocated to their use.
BEKS ÇORAP employees are responsible for the security of physical files within their area of responsibility. Files are protected in accordance with the Clean Desk Clean Screen Policy.
In case of requested or additionally requested security measures for the security of personal data, all employees are obliged to comply with additional security measures and ensure the continuity of these security measures.
BEKS ÇORAP takes software and technological measures regarding data security in order to comply with the Personal Data Protection Law. It implements solutions such as Firewall, antivirus program, UTM, Sandbox, HoneyPot, DLP in accordance with the institution's budget and priority. Penetration tests are performed.
Business continuity is essential in our institution. Backup programs are used and adequate security measures are taken to prevent loss, damage and integrity of personal data. Our institution has established a high-speed radio link communication system in accordance with disaster recovery scenarios to be used in necessary cases.