1.  

    Personal data protection law and authority 

     

    Turkey’s Personal Data Protection Law (KVKK) came into force on 7 April 2016. KVKK stands for General Data Protection Regulation in Turkey and gives citizens, consumers, visitors, suppliers, stakeholders greater control over personal information. The Turkish Data Protection Authority (KVKK) was established as a financially and administratively independent supervisory authority in early 2017.  Personal Data Protection Authority, which is a public legal entity and has administrative and financial autonomy, has been established to carry out duties conferred on it under the Law No. 6698. The Authority is affiliated to the Minister assigned by the President of the Republic. The Headquarters of the Authority is in Ankara The Authority is composed of the Board and the Presidency. Decision making body of the Authority is the Board.

     

    European Union(EU) harmonization processes laws

    Personal Data Protection Law (KVKK) is the regulation, which provides for the rights of the persons whose personal data are processed, the obligations of those who engage in data processing, the methods of ensuring compliance with the rules and the sanctions against those who do not comply with the rules is a regulation on data privacy and security that also affects international actors and third countries in today's world where more and more personal data is processed.

     

    National and international data security standards

    Data protection laws allow people to manage how their personal information is used. Belkim Kimyevi Maddeler San. ve Tic. A.Ş. pays great attention to information security. In this context, an Information Security Management System (ISMS) has been established in our company. Belkim Kimyevi Maddeler San. ve Tic. A.Ş. has ISO/IEC 27001 standard. This standard is approved by the Turkish Accreditation Agency. We attach importance to the confidentiality of private life. In this context, we have a Personal Data Security Management System (PDMS) based on the ISO/IEC 27701 standard.

     

    Obligation of Data Controller to Inform

     

    At the time when personal data are obtained, the data controller or the person authorised by it is obliged to inform the data subjects about the following:

    • The identity of the data controller and of its representative, if any,
    • The purpose of processing of personal data;
    • To whom and for which purposes the processed personal data may be transferred,
    • The method and legal basis of collection of personal data,
    • Application rights to the data controller

     

    Rights of The Data Subject

     

    Each person has the right to request to the data controller about him/her;

     

    • To learn whether his/her personal data are processed or not,
    • To demand for information as to if his/her personal data have been processed,
    • To learn the purpose of the processing of his/her personal data and whether these personal data are used in compliance with the purpose,
    • To know the third parties to whom his personal data are transferred in country or abroad,
    • To request the rectification of the incomplete or inaccurate data, if any,
    • To request the erasure or destruction of his/her personal data under the conditions referred to in Article 7,
    • To request reporting of the operations carried out pursuant to sub-paragraphs (d) and (e) to third parties to whom his/her personal data have been transferred,
    • To object to the occurrence of a result against the person himself/herself by analyzing the data processed solely through automated systems,
    • To claim compensation for the damage arising from the unlawful processing of his/her personal data, has the rights.

     

    Processing of personal data general principles

     

    Personal data shall only be processed in compliance with procedures and principles laid down in this Law or other laws. The following principles shall be complied within the processing of personal data:

    • Lawfulness and fairness
    • Being accurate and kept up to date where necessary.
    • Being processed for specified, explicit and legitimate purposes.
    • Being relevant, limited and proportionate to the purposes for which they are processed.
    • Being stored for the period laid down by relevant legislation or the period required for the purpose for which the personal data are processed.



    Transfer of personal data abroad

    Personal data shall not be transferred abroad without explicit consent of the data subject. Without prejudice to the provisions of international agreements, in cases where interest of Türkiye or the data subject will seriously get harmed, personal data, may only be transferred abroad upon the authorisation to be given by the Board after receiving the opinions of relevant public institutions. The Provisions of other laws relating to the transfer of personal data abroad are reserved. Please get detailed explanation from your lawyer about the issue.

     

    KVKK penalties

    In case of illegal processing of personal data: 1 up to 3 years sentence to prison, the penalty for sensitive data is increased. In case of providing or obtaining data illegally: 2 up to 4 years sentence to prison. In case of non-purging of personal data within the period specified by law: 1 up to 2 years sentence to prison. Administrative fines range from 47,303 TL to 9,463,213 TL and These amounts change every year.

     

    The protection of natural persons in relation to the processing of personal data is a fundamental right.

    Log law in Türkiye

     

    Law No. 5651 is a law regarding the regulation of publications on the internet and the fight against crimes committed through these publications. The article of the law aims to control internet access. Log records are kept for 2 years.

    Electronic commerce regulation law. Message Management System (İYS)

    Law No. 6563. The purpose of this Law is to regulate the principles and procedures regarding electronic commerce. This Law covers commercial communication, the responsibilities of service providers and intermediary service providers, the obligations to provide information regarding contracts made through electronic communication tools and electronic commerce, and the sanctions to be applied. www.iys.org.tr

    Constıtutıon Of The Republıc Of Turkey, Privacy and protection of private life

    Everyone has the right to demand respect for his/her private and family life. Privacy of private or family life shall not be violated. Unless there exists a decision duly given by a judge on one or several of the grounds of national security, public order, prevention of crime, protection of public health and public morals, or protection of the rights and freedoms of others, or unless there exists a written order of an agency authorized by law, in cases where delay is prejudicial, again on the above-mentioned grounds, neither the person, nor the private papers, nor belongings of an individual shall be searched nor shall they be seized. The decision of the competent authority shall be submitted for the approval of the judge having jurisdiction within twenty-four hours. The judge shall announce his decision within forty-eight hours from the time of seizure; otherwise, seizure shall automatically be lifted. Everyone has the right to request the protection of his/her personal data. This right includes being informed of, having access to and requesting the correction and deletion of his/ her personal data, and to be informed whether these are used in consistency with envisaged objectives. Personal data can be processed only in cases envisaged by law or by the person’s explicit consent. The principles and procedures regarding the protection of personal data shall be laid down in law.

     

    Information you will use for communication

    Belkim Kimyevi Maddeler San. ve Tic. A.Ş.

    Address: Gebze OSB, 2 Mah 1000. Cad No 1028/1, 41400 Çayırova/Kocaeli

    E-mail: kvkk@belkim.com 

    SEM: belkim@hs01.kep.tr

    Website: https://belkim.com/