We, as MED MARINE Kılavuzluk ve Römorkör Hizmetleri İnş. San. ve Tic. A.Ş. (“MED MARINE”), give priority to ensuring that the personal data of real persons, including our customers, visitors of our web sites or facilities, our real person suppliers and real person employees of our suppliers, our potential employees, our former employees and current employees (hereinafter all together referred to as the “Individuals”) are processed in compliance with the legislation applicable in Turkey, particularly including the Law no. 6698 on the Protection of Personal Data (hereinafter referred to as the “LPPD”) and the secondary legislation the legal basis of which is the LPPD as well as the decisions of the Personal Data Protection Board, (hereinafter all together referred to as the “Data Protection Legislation”), and that those persons whose personal data are processed can effectively exercise their rights.
Accordingly, we process, retain and transfer all personal data of the Individuals, i.e. the personal data we obtain during our activities, in accordance with MED MARINE Personal Data Retention and Destruction Policy (the “Policy”).
Protecting the personal data and looking after the fundamental rights and freedoms of the Individuals whose personal data are processed is the primary principle of our policy regarding the processing of personal data. For this reason, all our activities where personal data are processed are being carried out by protecting the rights of privacy, confidentiality of personal information, confidentiality of communication, freedom of thought and belief. For the purposes of protecting personal data, we take all administrative and technical protection measures as required by the nature of the data in compliance with the Data Protection Legislation and the state-of-the-art technology. This Policy describes our methods of processing, retaining, transferring and deleting or anynoymizing the personal data during our human resources, trade, promotion, marketing, security, social responsibility and similar activities in compliance with the principles stipulated in the LPPD no. 6698.
This Policy covers all kinds of personal data of the Individuals which are processed by MED MARINE. Our Policy applies to all activities of personal data processing owned or managed by MED MARINE, and is addressed and drafted in consideration of the Personal Data Protection Law and the relevant international standards.
This section briefly describes the definitions and abbreviations used in this Policy.
Personal Data: means all kinds of information related to an identified or identifiable real person.
Personal Data Owner (Concerned Person): means the real person whose personal data is processed.
Processing of Personal Data: means all kinds of processes conducted on personal data such as obtaining, recording, storing, preserving, modifying, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data through wholly or partially automatic means, or through non-automatic means provided that it is part of any recording system.
Data Processor: means a real person or legal entity who processes personal data on behalf of the data controller on the basis of the authority granted by the data controller.
Data Controller: means a real person or legal entity who determines the purposes and means of processing personal data, and is responsible for establishment and management of the data recording system.
Express Consent: means the consent granted for a certain matter based upon the information provided and upon free will, which is express beyond doubt and which is limited only with a specific process.
Anonymisation: means making personal data non-associable with an identified or identifiable real person by any means whatsoever, even by matching with other data.
Employee: means an employee of MED MARINE.
Personal Data of Special Nature: means data related to a person’s race, ethnicity, political view, philosophical belief, religion, religious sect or other beliefs, health, fingerprint, appearance, membership to associations, foundations or syndicates, health, sexual life, criminal conviction and safety precautions as well as biometric and genetic data;
The Data Protection Committee of MED MARINE is responsible for drafting, developing, executing and updating this Policy. It reviews this Policy in terms of its up-to-dateness and requirements for development where necessary. The publication of the prepared document on the corporate portal is the responsibility of the Data Protection Committee.
The main personal data of the Individuals processed by MED MARINE can be defined as follows.
The above-summarized personal data which are in our possession, the purposes and terms of processing, groups of persons whose personal data are processed, recipients to whom the data are transferred, whether any data is transferred to abroad as well as the security measures taken have been formatted within an inventory and recorded by the Data Controller MED MARINE in the Data Controllers Registry Information System (VERBIS). These records are publicly available and can be accessed through https://verbis.kvkk.gov.tr/.
Our legal obligations as a Data Controller with respect to the protection and processing of personal data as per the LPPD are listed below:
While gathering personal data, we, as a Data Controller, bear the obligation to inform those individuals whose data are processed regarding the following:
As per our obligation to inform, we, as MED MARINE, attach importance to ensuring that this publicly available Policy is clear, understandable and easily accessible.
We, as a Data Controller, take the administrative and technical measures stipulated in the Data Protection Legislation in order to ensure the security of the personal data in our possession. In this extent, our obligations include preventing processing of personal data in a way contrary to the law and the company policies/rules and preventing access to personal data in a way contrary to the law and the company rules, retaining and storing personal data under proper conditions, and handling the data destruction process in compliance with the law and the company policies/rules. In case of any breach of rules, we apply the necessary sanctions and internal disciplinary rules.
We process personal data for the purposes below:
We process personal data of special nature in cases where required under the laws and by taking the administrative and technical measures stipulated by the Personal Data Protection Board or by obtaining express consents of the relevant persons.
In the exceptional cases specified below, we can process personal data without obtaining express consent from the relevant persons:
We pay attention to allowing access to personal data only by persons who need such access to perform their tasks and jobs and third persons who have a legitimate purpose for such access. In each and every case where we allow third persons access the personal data, we will apply proper measures to ensure that the data are used in compliance with this policy and the confidentiality and integrity of the data are protected. The personal data we have processes can be recorded within an automatic data processing systems used by MED MARINE to effectively perform its activities, processed, and transferred to abroad within the limitations stipulated in the Data Protection Legislation with the knowledge and express consent of the relevant persons, by legal-entity local and global companies and subsidiaries of MED MARINE as well as service providers in the capacity of data processors bearing the obligation of confidentiality from whom MED MARINE purchases services under a service contract. Your personal data will under no circumstances be disclosed to third person save for those mentioned hereinabove.
Except obligatory cases, data is not transferred by means of portable memory sticks. In obligatory cases, such transfer is made under the supervision of those responsible. Sealed envelopes and lockers are used for the security of the data to be transferred on paper. MED MARINE, as the Data Controller, is responsible for taking the necessary technical and administrative measures in this respect.
MED MARINE is responsible for retaining the personal data for a period required in terms of the purpose of personal data processing, reserving the retention periods stipulated in the legislation. Personal data are retained for a period set forth in the legislation or as required for the purposes for which they were processed. Data are stored in physical (cabinets of departments, archives) or electronic (server, cloud etc.) media. Necessary measures for retention and protection of data are taken and media security is provided by MED MARINE. Importance is attached to maintaining data integrity in all digital and physical storage media. In cases where we process personal data for multiple purposes, data are deleted, destroyed or retain by being anonymized if the purposes for processing such data are no longer available or upon the request of the relevant person unless there is any impediment for the deletion of the data under the legislation. The requirements under the Data Protection Legislation are observed in the destruction, deletion and anonymisation processes.
Personal data are deleted, destructed and/or anonymized, if:
The methods used for the deletion and destruction of personal data are specified below. One of the following methods are used according to the manner of retention of personal data.
The responsibility for secure destruction of data retained as document and stored in physical media (cabinets and/or archives) is borne by the managers of the department which has processed such data. Such documents are destructed by being cut, burnt, shredded by means of shredding devices or through similar methods in a way not to allow their being restored or read. For such destruction of the data, support may be received from an expert corporation in the position of data processor.
The responsibility for secure deletion and destruction of data retained in electronic media is borne by the Information Technologies department. Digitally stored data are deleted in a way not to allow access by those concerned, or destructed in a way not to allow making them reusable. The procedures implemented on data stored in any media, either physical or electronic, and destructed are entered into records by by the Information Technologies department.
Personal Data Owners have the following rights over their personal data;
Each and every relevant person whose data are processed under the instructions of the data controller MED MARINE has the right to make an application to the data controller as per article 13 of the LPPD in order to exercise his/her rights under article 11 of the LPPD. The data controller MED MARINE is obliged to either accept or reject - by explaining the reason of rejection - such application latest within 30 (thirty) days. However, for such application to be considered as a duly made application, it should meet all items stipulated in the Communique on Principles and Procedures for Application to Data Controller.
For the application of any relevant person to be accepted as a valid application:
Besides, for an application to be accepted as a duly made application and be evaluated, it should contain all of the following items.
Accordingly, for the exercise of the rights granted to the relevant persons under article 11 of the LPPD, an application containing all items stipulated in the Communique on Principles and Procedures for Application to Data Controller should be submitted to MED MARINE by means of registered mail with return receipt or application in person or electronic mail by using secure electronic signature through the contact and address details specified in this Policy.
Individuals and other relevant persons may contact the Data Protection Committee through firstname.lastname@example.org for any question or concern regarding this Policy or other personal data protection practices of MED MARINE or for any request regarding their rights.