KVKK | Originn

Our Policy and Clarification Text on the Processing and Protection of Personal Data (“KVK”)

ORIGINN Office Services and Management Ltd. Company (“ORIGINN”), we attach importance to protecting the privacy of all personal data of our valued customers, visitors, event participants, employees, business and solution partners. With this document, we aim to inform the real persons whose personal data our Company processes as data controller about our KVK policy and to enlighten them on how we will process and protect personal data. In this context, we take the "Law on the Protection of Personal Data" numbered 6698, which outlines the basic rules regarding the protection and processing of your personal data, and the relevant secondary legislation.

Basic Framework Regarding the Processing and Protection of Personal Data in Accordance with the Law and Related Legislation

In accordance with the Law No. 6698 and the relevant secondary legislation, the following principles will be followed in the processing of personal data;

Compliance with the law and the rules of honesty,
Being accurate and up-to-date when necessary,
Processing for specific, explicit and legitimate purposes,
Being connected, limited and restrained with the purpose for which they are processed,
To be kept for the period required by the relevant legislation or for the purpose for which they are processed.

In accordance with the law, personal data cannot be processed without the explicit consent of the person concerned. However, in the presence of one of the following situations, personal data may be processed without seeking explicit consent;

clearly stipulated in the law,
It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally valid,
Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract,
It is mandatory for the data controller to fulfill its legal obligation,
The person concerned has been made public by himself,
Data processing is mandatory for the establishment, exercise or protection of a right,
Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are of special nature. is personal data. Special categories of personal data cannot be processed without the explicit consent of the person concerned. However, in the presence of one of the following situations, special categories of personal data may be processed without seeking explicit consent;

Personal data other than health and sexual life may be processed without seeking the explicit consent of the person concerned, in cases stipulated by the laws.
Personal data related to health and sexual life are only for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, by persons or authorized institutions and organizations under the obligation of secrecy without seeking the explicit consent of the person concerned. can be processed.

Although it has been processed in accordance with the legislation, in the event that the reasons for its processing disappear, personal data is deleted, destroyed or anonymized by the data controller ex officio or upon the request of the data subject.

Personal data can only be transferred with the explicit consent of the person concerned. Personal data;

One of the situations in which personal data is allowed to be processed without seeking consent, or
In case of existence of one of the situations in which special categories of personal data are allowed to be processed without consent, provided that adequate measures are taken,

may be transferred without seeking the explicit consent of the person concerned.

In order to transfer the data abroad, the explicit consent of the person is required. In cases where there is no explicit consent of the data owner, but at least one of the other conditions mentioned above is met, if there is sufficient protection in the country where the data is transferred and there is not enough protection in the country where the data is transferred, the data controller undertakes in writing together with the data controller in the relevant foreign country and the Personal Data Protection Board It can be transferred abroad, provided that permission is obtained from.

The following situations are not covered by the Law;

Processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with,
Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics,
Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime,
Processing personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security,
Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.

Procedures and Principles to be Applied in the Processing of Personal Data by ORIGINN

Processed Personal Data and its Categorization

The data and categories processed by ORIGINN are as follows;

Candidate Employee Information: Identity, education, curriculum vitae, work experience, interview and similar information given within the scope of job application, belonging to data owners who apply to ORIGINN to work and share their information in this context.

Employee Performance Information and Transaction Records: The records and information that ORIGINN keeps in order to evaluate the performance and development of its employees, and the records of work and actions performed by ORIGINN's personnel in relation to the work (entry-exit record, location information, vehicle tracking information, e-mail correspondence) records, interview and travel information within the scope of work, expense expenditure information.

Financial Information: Information such as credit card information, payments, current account relationship, debt balance, tax office and number information that ORIGINN processes as a result of its commercial and financial activities.

Visual and Audio Information: Visual and audio recording data such as photographs, cameras, audio recordings of the personal data owner. Audio and video recording to be taken in meetings, meetings and talks made through digital meeting channels.

Safety Information: Information and records such as entrance and visit information of the physical place, recordings of security cameras, as well as information such as user name, password, IP address regarding the transaction security of ORIGINN and related parties.

Legal Transaction Information: Data contained in legal documents such as court decision, authorized body decision, enforcement office decision and processed in order to determine and fulfill rights, receivables, debts, obligations within the scope of legal relations and legal obligations.

Contact Information: The address used to reach and communicate with people, landline or mobile phone number, e-mail address, social media user profile information data and similar data.

Identity and Personal Information: Republic of Turkey identity number, identity card serial number, citizenship numbers of other countries, passport numbers, name-surname, date-place of birth, place of registration, photograph, occupational information and identity card, driver's license, passport, marriage passport, cards belonging to professionals, similar and all other information contained in the cards containing identity information, as well as residence certificate and certified identity card information.

Location Information: Data used to detect or track the location of the data subject.

Customer Information: Information about the products and services offered to customers and customers who benefit from our products or services within the scope of the commercial activity offered (customer number, professional information, preferences and needs information regarding products and services, service usage periods, fee and payment information, etc.)

Suggestion, Request, Complaint Information: Personal data of the transmitting person regarding any suggestion, request or complaint communicated to ORIGINN, and records of the content of the submitted suggestion, request, complaint.

Special Qualified Personal Data: Data about the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric data. and genetic data.

Personal Information: Personal data that forms the basis for the personal rights of ORIGINN personnel and ORIGINN's customers (all kinds of information and documents that are legally required to be entered in the personnel file).

Marketing Information: Information and data collections showing usage habits, tastes and cookies for use in ORIGINN's marketing activities.

Purposes and Legal Reasons for Processing Personal Data:

ORIGINN processes personal data for the following purposes;

To be able to fulfill its obligations and duties arising from the written/verbal contract or commercial relationship with the person whose personal data is processed;
To serve people better;
To provide alternative services;
Ensuring information security;
Providing physical security;
Making and tracking visitor records;
Follow-up of finance, accounting and legal affairs;
Execution of corporate communication, promotion, marketing and customer relations activities;
Ensuring that data is accurate and up-to-date;
Meeting information requests from authorized and official institutions in accordance with the current legislation for the purpose of.

ORIGINN will not use your personal data for purposes other than processing and will not transfer and/or disclose it to third parties without your consent or any other reason stipulated in the relevant legislation. Information that is required to be shared with public institutions and organizations and/or judicial authorities as per the legislation is not within this scope.

Persons / Organizations to which Personal Data Processed by ORIGINN can be transferred

ORIGINN's domestic and foreign sister companies, franchise partners, affiliates, affiliates, joint ventures, business and venture partners, banks and financial institutions that ORIGINN provides services within the scope of carrying out its commercial activities, human resources companies and all their branches and offices can be shared with

Collection Method of Personal Data

Your personal data; It can be collected in written, verbal, digital or electronic media through channels such as ORIGINN headquarters and branches, officials, personnel, website, call center, security cameras, security systems, devices that keep entry-exit records.

Storage of Personal Data

ORIGINN retains personal data at least for the period required by its legal obligations and in any case until the relevant statute of limitations expires. With the disappearance of the purpose of processing personal data, we anonymize, delete or destroy personal data in accordance with the Law. Within the scope of storage of personal data, ORIGINN takes the necessary technical, legal and administrative measures in order to fulfill its obligations and In order to comply with these obligations, it trains its relevant personnel and makes the necessary assignments.

Precautions Taken for Ensuring Data Security

The following measures are taken by ORIGINN in order to fulfill the obligations under the Law and this KVK Policy;

Establishing a firewall to prevent cyber attacks or unauthorized access via the Internet,
Taking appropriate security measures to protect the physical environments containing personal data against attacks, risks and violations and controlling the entrances and exits,
Taking appropriate software and hardware measures to protect electronic media containing personal data against attacks, risks and violations,
Obtaining a commitment from companies where personal data are shared and services are provided regarding physical and electronic security measures, that the security measures they take are sufficient and that they act in accordance with the Law,
Giving in-company trainings and carrying out studies for the adoption of the KBK policy,
Determining the internal personal data access policy and limiting it to mandatory situations.

Rights of Data Owners

The rights of data owners within the framework of Article 11 of the Law are as follows;

a) Learning whether their personal data is processed or not,

b) Requesting information if personal data has been processed,

c) To learn the purpose of processing personal data and whether it is used in accordance with its purpose,

ç) To know the third parties whose personal data are transferred in the country / abroad,

d) Requesting correction of personal data if it is incomplete / incorrectly processed,

e) Requesting the deletion / destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,

f) Requesting notification of the transactions made in accordance with subparagraphs (d) and (e) above, to third parties to whom personal data is transferred,

g) Objecting to the emergence of a result against them due to the analysis of personal data exclusively by automated systems, and

ğ) To request the compensation of the damage in case of loss due to unlawful processing of personal data.

In the following cases, in accordance with the Law the data owner is unable to make a request from the data controller regarding the above-mentioned rights other than the compensation of the damages;

Personal data processing is necessary for the prevention of crime or for criminal investigation,
Processing of personal data made public by the person concerned,
Personal data processing is necessary for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institution, based on the authority given by the law,
The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.

Application Regarding the Exercise of Rights

You may submit your requests within the scope of Article 11 of the above-mentioned Law, which regulates the rights of the data subject, in writing or by registered electronic mail (KEP) address, secure electronic signature, mobile signature or the relevant person, in accordance with the "Communiqué on Application Procedures and Principles to the Data Controller". By using the e-mail address previously reported to ORIGINN by ORIGINN and registered in ORIGINN's system, Kazım Dirik Mah. 296/2 Sok. No: 33 Bornova, İzmir in writing or info@originn.com.tr You can send it to your e-mail address.

In the application;

Name, surname and signature,
Turkish identity number for citizens of the Republic of Turkey, nationality, passport number or identity number, if any, for foreigners,
Domicile or workplace address for notification,
If available, the e-mail address, telephone and fax number for notification,
Demand,

must be present. Information and documents related to the subject are attached to the application.

Information and Consent Form on the Protection of Personal Data

ORIGINN Office Services and Management Ltd. Company (“ORIGINN”), we attach importance to protecting the privacy of all personal data of our valued customers, visitors, event participants, employees, business and solution partners. In this context, we would like to inform you about the "Law on the Protection of Personal Data" no. The subject of this Information and Approval Form is the processing of personal data of ORIGINN's customers, visitors, prospective customers, event participants, employees, business and solution partners and their shareholders, officials and employees.

Lighting Obligation

ORIGINN is a company that offers office, event and professional/commercial kitchen areas and carries out business and organizational services related to these. ORIGINN acts as a data controller under the Law. In this context, ORIGINN will record your personal data as data controller; will hide; will update it in order to continue its commercial activities; where permitted by the legislation, its sister companies, franchise partners, affiliates, subsidiaries, joint ventures, business and venture partners, banks and financial institutions that ORIGINN receives services within the scope of carrying out its commercial activities, human resources companies and all their will be able to share the branches with their offices under the conditions where data processing is allowed; will be able to classify and operate as specified in the Law.

Collection Method of Personal Data

Purposes of Processing and Transferring Personal Data and Legal Reasons:

ORIGIN, To be able to fulfill its obligations and duties arising from the written/verbal contract or commercial relationship with the person whose personal data is processed; to serve people better; to provide alternative services; ensuring information security; physical, legal, commercial security; making and tracking visitor records; follow-up of financial, accounting and legal affairs; conducting corporate communication, promotion, marketing and customer relations activities; Related to the products and services provided by ORIGINN personalizing, recommending and promoting it in line with the person's tastes and needs; ensuring that data is accurate and up-to-date; In order to meet the information requests from authorized and official institutions in accordance with the current legislation, other persons and organizations authorized by the legislation and ORIGINN will deem appropriate, as specified in the Law and in line with the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law. will be able to work. Except for the information that is required to be shared with public institutions and organizations and/or judicial authorities as per the legislation, ORIGINN will not use your personal data for purposes other than processing and will not transfer and/or disclose to third parties without your consent or any other reason stipulated in the relevant legislation.

Persons / Organizations to which Personal Data Processed by ORIGINN can be transferred

ORIGINN's domestic and foreign resident sister companies, franchise partners, affiliates, affiliates, joint ventures, business and venture partners, banks and financial institutions that ORIGINN receives services within the scope of carrying out its commercial activities, human resources companies and all their branches can be shared with their offices.

Your Rights Under Article 11 of the Law

By applying to ORIGINN; a) to learn whether your personal data is processed, b) to request information if your personal data has been processed, c) to learn the purpose of processing your personal data and whether it is used in accordance with its purpose, ç) to know the third parties to whom your personal data is transferred at home / abroad, d) to know that your personal data is incomplete / to request correction if it has been wrongly processed, e) to request the deletion / destruction of your personal data within the framework of the conditions stipulated in Article 7 of the Law, f) to request that the third parties to whom your personal data has been transferred be notified of the transactions made in accordance with subparagraphs (d) and (e) listed above, g ) you have the right to object to the emergence of a result against you due to the analysis of your personal data exclusively by automated systems, and ğ) to request the compensation of the damage in case you suffer damage due to the unlawful processing of your personal data.

You may submit your requests within the scope of Article 11 of the Law, which regulates the rights of the person concerned, to ORIGINN in writing or by the registered electronic mail (KEP) address, secure electronic signature, mobile signature or the person concerned, in accordance with the "Communiqué on Application Procedures and Principles to the Data Controller". by using the e-mail address previously reported and registered in ORIGINN's system, to Kazım Dirik Mah. 296/2 Sok. No: 33 Bornova, İzmir in writing or info@originn.com.tr You can send it to your e-mail address. In the application; name, surname and signature, Turkish identity number for citizens of the Republic of Turkey, nationality for foreigners, passport number or identification number, if any, place of residence or workplace address for notification, e-mail address for notification, telephone and fax number, if any, subject to request. . Information and documents related to the subject are attached to the application.

Data Controller: ORIGINN Office Services and Management Ltd. Company

Contact Information: Kazım Dirik Mah. 296/2 Sok. No: 33 Bornova, Izmir

In cases where there is no provision in this form, the provisions of the Law and related secondary legislation shall apply.

In line with the explanations above, I have been fully informed and in accordance with the Law on the Protection of Personal Data No. 6698, ORIGINN Ofis Hizmetleri ve İşletmeciliği Ltd. Company to collect, process, update, periodically check my personal data, keep it in database and data recording systems, and its sister companies, franchise partners, subsidiaries, affiliates, joint ventures, business and venture partners, all of which are resident in the country or abroad. I express my explicit consent to the sharing of branches and offices and the keeping and storage of my personal data by them.