As İlkay Denizcilik, we attach importance to the security of personal data. In this context, we deemed it appropriate to inform all of our interlocutors about the "Law on the Protection of Personal Data", which was established in order to protect the fundamental rights and freedoms of individuals and personal data.
Law No. 6698 on the Protection of Personal Data was published in the Official Gazette on 7 April 2016 and entered into force. This law includes general principles that must be observed in the processing of personal data, the conditions for the processing of personal data and the rights of the data owners. The purpose of this law is "to protect the fundamental rights and freedoms of individuals, especially the privacy of private life in the processing of personal data, and to regulate the obligations and procedures and principles to be complied with by real and legal persons processing personal data".
General Information on the Law on Protection of Personal Data
Personal data is defined as "any information relating to an identifiable or identifiable natural person". By any kind of information, it is meant not only information about the individual's name, surname, date of birth and place of birth, but also information relating to the physical, family, economic, social and similar characteristics of the individual.
Sensitive (private) personal data is a special type of personal data. The legislator, in view of the possibility that this information could be used in a way that could cause discrimination against individuals, regulated the conditions of processing sensitive personal data more strictly. This data; data on race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, disguise and dress, association, foundation or union membership, health, sexual life, biometric data or criminal convictions and security measures.
Processing of personal data covers all kinds of data processing such as obtaining, saving, storing, preserving, changing, transferring, taking over this data.
There are a number of principles / procedures that must be followed in order to process personal data in accordance with the law. Accordingly, data processing must first comply with the law and the code of integrity. Other principles are that the processed data is accurate and up-to-date when necessary, that data processing is carried out for specific, clear and legitimate purposes, and that the processing is linked to the purpose, limited and measured. Furthermore, the processed data should not be stored longer than necessary for the purpose.
Terms of Processing of Personal Data
As a rule, personal data cannot be processed without the express consent of the data owner. In order to obtain explicit consent, the data owner should be informed in detail about the process. However, in exceptional cases, according to Article 5 of the law, personal data can be processed without the explicit consent of the data owner. These exceptions are:
Clearly foreseeing the processing of data in the law,
It is compulsory for the protection of the life or body integrity of the person or someone else who is unable to disclose his consent due to the impossibility or whose consent is not granted legal validity,
The processing of personal data of the parties to the contract is required, provided that it is directly related to the establishment or performance of a contract,
It is obligatory for the data officer to fulfill his legal obligation,
Having been publicized by the person concerned,
Data processing is mandatory for the establishment, use or protection of a right, and data processing is compulsory for the legitimate interests of the data officer, provided that it does not harm the fundamental rights and freedoms of the person concerned.
Sensitive personal data, other than health and sexual life, may only be processed without express consent in cases expressly provided by law. Data on health and sexual life, on the other hand, are intended only for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. can be processed without searching.
Lighting Responsibility of Data Officer
According to the Law, data officers are obliged to enlighten the data holders for whom they process personal data. Within the scope of the fulfillment of this obligation, the following information shall be provided by the company to the data owners when necessary:
The identity of the data officer and the representative, if any,
The purpose for which personal data will be processed,
To whom and for what purpose personal data can be transferred,
Method and legal reason of personal data collection,
Rights of the data owner.
Rights of Data Owners
Article 11 of the Law gives certain rights to data owners. According to this, everyone has to apply to the data responsible;
To learn whether personal data is processed or not,
If personal data has been processed,
Terms of Processing of Personal Data
As a rule, personal data cannot be processed without the express consent of the data owner. In order to obtain explicit consent, the data owner should be informed in detail about the process. However, in exceptional cases, according to Article 5 of the law, personal data can be processed without the explicit consent of the data owner. These exceptions are:
Clearly foreseeing the processing of data in the law,
It is compulsory for the protection of the life or body integrity of the person or someone else who is unable to disclose his consent due to the impossibility or whose consent is not granted legal validity,
The processing of personal data of the parties to the contract is required, provided that it is directly related to the establishment or performance of a contract,
It is obligatory for the data officer to fulfill his legal obligation,
Having been publicized by the person concerned,
Data processing is mandatory for the establishment, use or protection of a right, and data processing is compulsory for the legitimate interests of the data officer, provided that it does not harm the fundamental rights and freedoms of the person concerned.
Sensitive personal data, other than health and sexual life, may only be processed without express consent in cases expressly provided by law. Data on health and sexual life, on the other hand, are intended only for the protection of public health, preventive medicine, medical diagnostics, treatment and care services, planning and management of health services and financing, and the confidential consent of the owner of the data by authorized persons and institutions. can be processed without searching.
Lighting Responsibility of Data Officer
According to the Law, data officers are obliged to enlighten the data holders for whom they process personal data. Within the scope of the fulfillment of this obligation, the following information shall be provided by the company to the data owners when necessary:
The identity of the data officer and the representative, if any,
The purpose for which personal data will be processed,
To whom and for what purpose personal data can be transferred,
Method and legal reason of personal data collection,
Rights of the data owner.
Rights of Data Owners
Article 11 of the Law gives certain rights to data owners. According to this, everyone has to apply to the data responsible;
To learn whether personal data is processed or not,
Request information if personal data is processed,
To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
Knowing the third parties to whom personal data is transferred at home or abroad,
Request correction of personal data in case of incomplete or incorrect processing,
To request the deletion or destruction of personal data in accordance with the conditions provided for in Article 7,
Requesting notification of correction, deletion or destruction to third parties to whom personal data is transmitted,
Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
In the event that the personal data is damaged due to unlawful processing, it has the right to demand the damages.
Your requirement is presented with respect to your information.