As TALYA BİLİŞİM TİCARET VE SANAYİ A.Ş. (hereinafter referred to as “Talya” or “the Company”), we would like to state that we work diligently to ensure the security and protection of the personal data you share with us. Talya is a “data controller” under the circumstances specified in this text and in the Privacy Policy. We process your personal data in accordance with the Law No. 6698 on the Protection of Personal Data (“KVK”), and we take proportional and adequate administrative and technical measures to protect them.
Within this framework, the personal data of visitors to our website, users of our services, our business partners, and our customers are processed under the conditions described below and within the limits stipulated by law. For more detailed information on how your personal data is processed, you may review our Privacy Policy, which is part of our disclosure obligation.
We are not responsible for the data security measures provided by third-party websites shared on our website, or by the organizations that own those websites. We recommend that you review the data security policies of those websites and/or organizations.
KEY CONCEPTS
Explicit consent: Consent that is based on information and freely expressed concerning a specific subject.Anonymization: Making personal data unrelatable to an identified or identifiable natural person, even by matching it with other data.Data subject: The natural person whose personal data is processed.Personal data: Any information relating to an identified or identifiable natural person.Employee handling personal data: Employees who process personal data on behalf of the organization as part of their job description.Processing of personal data: Any operation performed on personal data, whether wholly or partly by automated means or by non-automated means which form part of a data filing system, such as collection, recording, storage, preservation, alteration, reorganization, disclosure, transfer, acquisition, making available, classification or prevention of use.Committee: The internal Committee established under the “Directive on Duties and Responsibilities of the KVKK Committee,” responsible for monitoring all personal data processes, checking compliance with policies, and managing personal data processes on behalf of the organization.Board: Personal Data Protection Board Authority: Personal Data Protection Authority KVK: Law No. 6698 on the Protection of Personal Data Special Categories of Personal Data: Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, biometric and genetic data. Data processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority given. Data recording system: The system where personal data is processed in a structured manner according to specific criteria. Data controller: A natural or legal person who determines the purposes and means of processing personal data, and who is responsible for the establishment and management of the data recording system. Joint data controller: Another data controller with whom the organization shares personal data during the course of commercial and corporate activities and processes personal data jointly during that time.Independent data controller: Another data controller to whom the organization shares personal data only once in the course of its commercial and corporate activities.
3. IDENTITY OF THE DATA CONTROLLER
TALYA BİLİŞİM (or the “Organization”) holds the status of “Data Controller” for all natural persons it comes into contact with while conducting its commercial activities, including but not limited to employees, employee candidates, customers, suppliers, supplier employees, and visitors, and is obliged to fulfill the legal obligations arising from this status.
TALYA BİLİŞİM fulfills these obligations through compliance and control tools, along with administrative measures and appropriate and proportionate technical measures.
TALYA BİLİŞİM processes your personal data in the capacity of “Data Controller” as defined in Article 3 of the Law No. 6698 on the Protection of Personal Data. The contact information is as follows:
Title: TALYA BİLİŞİM TİCARET VE SANAYİ A.Ş Address: Akdeniz University Antalya Technopark, R&D Building 3, Dumlupınar Boulevard, No: 758/3 Campus, ANTALYA Websites: www.talyabilisim.com.tr, www.medisoft.com.tr, isafe.com.tr, www.elektraotel.com, www.elektraweb.com, spasatis.com, sparezervasyon.com Phone: +90 (242) 227 91 00
You can reach us via this postal address or via e-mail at [email protected].
LEGAL BASIS AND SCOPE
Article 10 of Law No. 6698 imposes an obligation on data controllers to inform individuals whose personal data is being processed. This obligation to inform requires that you be made aware of your rights listed in Article 11 of the Law, as well as the identity of the data controller, the purposes for processing personal data, the recipients and purposes of data transfers, the methods and legal grounds for collecting personal data, and how you can exercise your rights as a data subject.
As Talya, through this “Clarification Text” and our “Privacy Policy,” we aim to inform you that your personal data is processed within the limits and conditions set forth in the applicable legislation.
PURPOSES OF PROCESSING YOUR PERSONAL DATA
Your personal data is processed in accordance with the principles set forth in the Personal Data Protection Law (KVKK), for the following purposes:
Purposes Related to Management Processes:
Conducting commercial activities,
Ensuring business continuity and maintaining legal and administrative work security,
Planning and executing business and application strategies,
Managing occupational health and safety processes,
Providing presentations, promotions, and information about the organization, its services, and products,
Fulfilling obligations arising from legislation and contracts,
Ensuring the physical security of premises within and around the organization,
Receiving legal support,
Using printed, periodic, and non-periodic publications via electronic and other social media tools,
Managing dealership processes,
Establishing and maintaining communication with members of the press and media organizations,
Informing the public about the organization’s activities,
Conducting job interviews in a timely and effective manner,
Completing tasks in a timely and appropriate manner,
Planning and conducting activities at local, national, and international levels,
Managing relations with domestic and international business partners and group companies,
Carrying out transactions related to intellectual and industrial property,
Promoting, marketing, and informing about the organization, its products, and services,
Receiving notifications and feedback from customers and potential customers,
Providing technical support to customers,
Responding to questions from customers and potential customers,
Providing support regarding electronic invoicing services,
Participating in events such as fairs and seminars.
Purposes Related to IT Processes:
Establishing and updating IT and communication infrastructure,
Managing users of IT tools and systems,
Managing corporate e-mail accounts,
Managing, auditing, and terminating e-mail accounts of departing employees,
Managing, monitoring, and auditing portable and/or desktop electronic devices,
Carrying out operations related to mobile application users,
Managing operations related to website members,
Ensuring data security and archiving data,
Keeping internet access logs,
Tracking vehicles and their users belonging to the organization,
Protecting and managing the digital assets and rights of customers.
Your personal data is processed in line with the personal data processing conditions specified in Articles 5 and 6 of the KVKK for the purposes listed above.
Methods of Processing Personal Data
We process your data in compliance with the principles set forth in Article 4 of the Law and by obtaining your explicit consent. However, in the presence of one of the lawful bases listed in Article 5 of the Law—such as when data processing is clearly stipulated in laws, when processing is necessary due to actual impossibility, when processing is directly related to the establishment or performance of a contract, or when it is necessary for the data controller to fulfill a legal obligation—we may also process your personal data without obtaining explicit consent.
To Whom and for What Purposes We Transfer Personal Data
As Talya, we transfer the personal data that we collect and process in compliance with the Law on the Protection of Personal Data (KVKK) for the purpose of business continuity and the execution of our services. These transfers are carried out under confidentiality agreements to: public institutions and organizations, domestic and international entities with which we have commercial or sectoral relations, domestic and international institutions and service providers from which administrative and technical services are procured, the company's solution partners, and domestic and international entities acting as service providers.We may also share users’ email addresses with third-party companies we collaborate with. Furthermore, in order to benefit from infrastructure and services necessary for electronic communication channels, and from cloud computing service providers that offer enhanced data security, your data may be transferred abroad. This includes the use of commonly preferred instant messaging or online communication tools.For detailed information on with whom and how we share your data, please refer to our Privacy Policy.
Kişisel Verilerinizin Paylaşılması
8.1 Sharing of Your Personal Data Domestically Within the framework of the personal data processing conditions specified in Article 8 of the Personal Data Protection Law;
In cases necessary for planning and executing the commercial activities conducted by the organization, personal data may be shared with domestic and foreign group companies, business partners, subsidiaries, consultancy firms, other service providers, as well as private institutions and organizations and public institutions and authorities;
With real and legal persons providing services in areas such as business continuity, legal, technical, and commercial security, human resources, occupational health and safety, and the planning and execution of emergency processes and strategies, along with third parties they collaborate with;
With persons and third parties they cooperate with, who have signed contracts within the scope of services procured by the organization;
With external suppliers providing services or socio-economic benefits to employees and the third parties they cooperate with;
With our business partners, consultancy firms, suppliers, private institutions and organizations, courts, public institutions, and authorized authorities, in cases necessary for the organization to fulfill its legal obligations;
With domestic and international service providers supplying infrastructure and services required for corporate electronic communication channels and ensuring data security, including IT, archiving, or cloud service providers;
With foreign-based platforms and applications we procure services from to use online communication channels and tools such as instant messaging, file sharing, video conferencing, and email.
8.2. Talya shares data with domestic and international suppliers in order to maintain effective communication with users and members of our websites, and to ensure the efficiency, popularity, and satisfaction of visitor expectations of the sites. As a data controller, Talya takes necessary measures to the extent possible to verify that these organizations and services it uses comply with the obligations stipulated by law and obtains the required legal guarantees.
With Microsoft, based in the USA, for office operations and processes,
With Facebook, based in the USA, via the WhatsApp application used as an instant messaging tool for communication between employees and customers for business purposes,
With Google, Wetransfer, and Microsoft, all based in the USA, for sharing large files for business purposes,
With Microsoft, based in the USA, via Azure which provides data center and cloud server services,
With Tawk.to, based in the USA, to provide instant support to customers through the website,
With Ammy (USA), Anydesk (Germany), and Teamviewer (Germany), which provide remote access to offer technical support to customers,
With Microsoft, based in the USA, via the Skype application for video conferencing services,
With Google (USA) and Yandex (Russia) for corporate email services, and with Twilio via the SendGrid application which provides email server services,
With Apple (USA), Microsoft (USA), and Google (USA) which provide mobile and desktop operating systems for daily business activities,
With Facebook, Twitter, Instagram, and LinkedIn, all USA-based social media service providers offering services from abroad,
And with Google, Sharethis, Cloudflare, and Tawk.to, all based in the USA, who provide the cookies we use on our websites for mandatory, performance, functionality, targeting, and advertising purposes.
You can access the privacy policies of each service provider via the following links:
Your personal data may vary depending on the services, products, or commercial activities provided by our company; however, in accordance with Articles 4, 5, and 6 of the KVKK, it may be collected verbally, in writing, or electronically, by automated or non-automated means, through offices, websites, social media channels, mobile applications, and similar domestic and international platforms, and processed by updating accordingly.
How Do We Protect Your Personal Data?
All necessary technical and administrative measures are taken by Talya to protect the personal data collected, to prevent unauthorized access, and to avoid any harm to our customers and prospective customers. Within this framework, we ensure that the software we use complies with standards, that data processing agreements are signed with data processors and third parties with whom data is shared, and that our company’s Privacy Policy is strictly followed.
Your Rights as the Data Subject
As the owner of personal data, you have the rights listed in Article 11 of the KVKK as follows:
To learn whether personal data is processed,
To request information if personal data has been processed,
To learn the purpose of processing personal data and whether it is used accordingly,
To know the third parties to whom personal data is transferred domestically or abroad,
To request correction of personal data if it is processed incompletely or inaccurately and to request that the related transaction be notified to third parties to whom the data has been transferred,
To request deletion or destruction of personal data if the reasons requiring processing no longer exist despite being processed in accordance with the KVKK and other relevant laws, and to request that this be notified to third parties to whom the data has been transferred,
To object to the emergence of a result against themselves by analyzing processed data exclusively through automated systems,
To demand compensation for damages if personal data is processed unlawfully and causes harm.
You can download the "Data Subject Application Form" regarding your rights under Article 11 of the Law regulating the rights of the data subject and the application procedure, and obtain detailed information from our organization. How to make applications regarding personal data is explained in detail in the "Clarification Text for Data Subject Applications" attached to the relevant form. For more information and to facilitate exercising your rights as a data subject, you can review our Privacy Policy.
