As ICE Group, we maintain our efforts related to Personal Data Protection, to which we pay utmost attention since the establishment of our company, based on an approach in parallel with “Personal Data Protection Law (PDPL)”. In this context, below you may find some terms defined by the law as well as information on our data processing processes to fulfill our responsibilities.
What is PDPL?
Personal Data Protection Law (PDPL) is approved by Grand National Assembly of Turkey on the date of 24.03.2016, and entered into force upon promulgation in the Official Gazette dated 07.04.2016 and numbered 29677.
The Law is based on the conformity of all persons and organizations that process data in line with the essential objectives such as ensuring privacy of personal data, protection, and preventing unauthorized use thereof. Our company is also obligated to abide by this Law, just like other organizations, and all personal data processed as part of our company’s processes are under such scope.
What is Personal Data?
All data or data sets, which render a person identifiable directly or indirectly, are considered as personal data. Examples of this are identifying information such as name, surname, place/date of birth, phone number, personal background, photographs, audio recordings, etc. which directly belong to or created in the name of the person.
What is Data Processing?
All kinds of procedures on the personal data are considered as “data processing”. Therefore, archiving, storing, modifying, rearranging, disclosure, transfer, analysis and classification of data are under the scope of data processing.
Who is Data Subject / Data Owner?
One of the most frequently mentioned terms in the law and our corporate policies is “data subject” or “data owner”. This term refers to natural persons whose personal data are processed.
Who is Data Controller?
Data controller is the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system. In this respect, our company is the Data Controller with regard to the data of our customers, visitors, and employees.
Who is Data Processor?
Data processor is the natural or legal persons who process the data on behalf of the data controller. These persons may be natural or legal persons authorized by the data controller to process the personal data.
Data Processing Conditions
All data controllers are entitled to process data only in cases where the following conditions are met or the data subject gives his/her explicit consent:
It is expressly provided for by the laws,
It is directly related to the establishment or performance of the contract,
It is necessary for the data controller to comply with its legal obligation,
Personal data being made public by the data subject himself/herself,
Data processing is necessary for the establishment, exercise or protection of any right,
Legitimate interests of the data controller,
Meeting the demands of the Data Owner.
PDPL grants the data subjects the right to request information on through what processes their personal data is processed and the current state of their personal data. As the company, we are obligated to respond to the requests of data subjects within 30 days.
Pursuant to Article 13 of the Personal Data Protection Law regulating the “Application to the Data Controller”, the data subject/data owner shall make the requests relating to the implementation of this Law to the data controller in writing. Thus, you need to apply to our company in writing or submit your written request via our direct channel which we can access fastest in order for your request to be processed. For detailed applications, you can use the Data Owner Request Form under the Information and request forms section of our website.
Data controller or data processor organizations and persons are obligated by the Law to inform the data owners regarding the personal data they process.