Homepage > Corporate > Data Storage and Destruction Policy

Data Storage and Destruction Policy

PREAMBLE

NEYİVAR TEKNOLOJİ VE TİCARET ANONİM ŞİRKETİ, with the registered address at Atatürk Mahallesi Ertuğrul Gazi Sokak A Blok No:2 E İç Kapı No:331 Ataşehir/ISTANBUL, Central Registration System (Mersis) No. 0631-1549-2590-0001 hereby commits to comply with the LPDP, applicable regulation and other personal data protection, processing and destruction regulations. The Company would like to inform the data subject about deletion, destruction or anonymization of personal data under Article 7 of the LPDP and Regulation on the Deletion, Destruction and Anonymization of Personal Data published on the Official Gazette on October 28, 2017, No. 30224.

PURPOSE OF THE POLICY

The purpose of this Personal Data Storage and Destruction Policy (Hereinafter referred to as “Destruction Policy”) is to regulate procedures and principles for the security, deletion, destruction and anonymization of personal data, regarding the personal data processed within the scope of various processes carried out by our Company.

SCOPE OF THE POLICY

This Destruction Policy applies to any personal data of our partners, customers, employees, prospective employees, Company officials, employees of affiliates, employees, shareholders, officials of the company we work with, our visitors and third parties, fully or partially processed by automated or non-automated means, provided that it is part of any data recording system.

DEFINITIONS

The following terms under this Policy shall have the meanings specified below:

Express consent:Freely given consent regarding a specific matter based on being informed;
Anonymization:To render it impossible for personal data to be associated in any manner with the identity of a real person who is identified or identifiable, even if they are matched with other data.
Data Subject:A real person whose personal data is processed,
Relevant UserThe persons, other than the person or department responsible for technical storage, protection and backup of data, that process personal data within the data controller’s organization or in line with the power and instructions given by the data controller,
Destruction:Refers to deletion, destruction or anonymization of personal data,
Law:Refers to the Personal Data Protection Law No 6698 dated 24/3/2016,
Recording Medium:Any media containing personal data which are processed by fully or partly automated means, or by non-automated means provided that they are part of a data recording system.
Personal data:Any information relating to an identified or identifiable real person,
i. Processing of personal data:Any transaction carried out on the data, such as obtaining, recording, storage, preservation, alteration, reorganization, disclosure, transfer, takeover, making available or classifying the personal data or preventing its usage, by fully or partly automatic means, or by non-automatic means provided that they are part of a data recording system.
Personal Data Processing Inventory:The inventory where data controllers give details of their data processing activities, which are carried out according to their business processes, by explaining the purpose of the personal data processing, the data categories, the recipient group and the data subject group, and the maximum period for which personal data will be processed for the required purposes, the personal data to be transferred to foreign countries, and the measures taken regarding data security,
Personal Data Storage and Destruction Policy:The policy on which data controllers rely on in the process of determining the maximum time limit required for the purpose for which personal data is processed, and the process of deletion, destruction and anonymization.
Board:Law on Protection of Personal Data
Authority:Personal Data Protection Authority
Periodic Destruction:Deletion, destruction or anonymization procedures specified in the personal data storage and destruction policy to be carried out ex officio at recurrent internals in case that all conditions on processing personal data specified under the Law have disappeared,
Register:Data controller register kept by the Personal Data Protection Authority.
Data processor:Real or legal person who processes the personal data on behalf of and based on the authority granted by the data controller,
Data recording system:Any recording system in which personal data are processed by being structured according to specific criteria;
1. Data controller:Real or legal person who determines the purposes and means of the processing of personal data, and who is responsible for establishment and management of the data recording system.
. For the definition not contained herein, the definitions in the Law and Regulations shall apply.
1. RECORDING MEDIUM
Recording Mediums in which the personal data is retained by the Company are computers used on behalf of the Company, Cloud systems, shared/unshared disk drives used to store data on the network, paper, unit cabinets and archive. The Company shall incorporate the other recording mediums that it may use in addition to the listed recording mediums into the Destruction Policy.
1. REASONS REQUIRING THE STORAGE AND DESTRUCTION OF PERSONAL DATA
The Company may process your personal data if one or more of the below conditions are met:
- Explicit Consent of the Data Subject
- Clearly Provided for by the Laws, Inability to Obtain Explicit Consent Due to Actual Impossibility, Directly Related to the Establishment or Performance of the Agreement,
- Required for the Company to Fulfill its Legal Obligation.
- Made public by the data subject himself,
- Required for the Establishment, Exercising or Safeguarding of A Right.
- Required for the Legitimate Interests of the Company
. For detailed information about the processing of personal data, please refer to our Personal Data Protection Policy available on our website.
Personal data of the data subjects must be destructed at the first periodic destruction when the reasons for the processing of personal data listed above disappeared. All the transactions carried out in relation to deletion, destruction or anonymization of personal data are recorded, and the said records shall be kept for a period of at least three years.
1. SECURITY OF PERSONAL DATA
The Company takes any technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing of personal data to be processed and unlawful access to data as well as to ensure proper security level for retaining data.

In this context, the Company has firstly conducted a study to identify the personal data that are processed by our Company, considering whether the personal data processed is special categories of personal data, the risks that may arise regarding the protection of this data have been identified and the required technical and administrative measures have been implemented to reduce or eliminate such risks.
Regular trainings are provided for employees and managers in order to ensure personal data security, to prevent the unlawful disclosure and sharing of personal data and to raise awareness about Law on Protection of Personal Data.

In addition, employees involved in personal data processing processes are asked to sign non-disclosure agreements as part of their business processes, and if it is discovered that employees have acted contrary to security policies and procedures, the necessary disciplinary process is initiated against them.

The technical systems have been established to monitor and supervise any processes related to the processing of personal data in order to prevent unlawful processing of and access to personal data. Regular internal audits are carried out to prevent unlawful processing of and access to personal data.

Any technical methods with the appropriate level of security are employed and these methods are updated in accordance with the developing technology in order to prevent unlawful access to personal data and to ensure that it is retained in secure mediums.

In the event of an internal or external attack on the company's data recording system, for early diagnosis and early response to the incident, it is regularly checked which software and services are running in the information networks and whether there is any infiltration or any movement that should not be in the information networks and log records of all users are kept regularly.

DESTRUCTION OF PERSONAL DATA

8.1. Reasons for Disposal of Personal Data

The Company shall delete, destruct or anonymize personal data ex officio or upon the request of data subject in accordance with Article 7 of LPPD, although it has been processed in accordance with the legal legislation but the reasons for processing disappear or the period stipulated in the legislation expires.

The company decides the appropriate method for the destruction of personal data, from the methods of deletion, destruction or anonymization takes all necessary technical and administrative measures to ensure that personal data is lawfully deleted, destroyed and anonymized.

8.2. Deletion of Personal Data

Deletion of personal data is the process of rendering personal data inaccessible and non-reusable by relevant users in any way whatsoever. The company takes any technical and administrative measures required to render the deleted personal data inaccessible and non-reusable by the relevant users.

In the process of deletion of personal data, the personal data that will be subject to deletion are first determined. The relevant users who are authorized to access the personal data in question and the authorization of the users over the personal data are determined and related users' access, retrieval and reuse authorizations for the said personal data are removed and revoked.

The personal data stored in printed media are deleted by using the blacking out method. The blacking out process is the process of making the personal data on the relevant document invisible to the relevant users by using fixed ink or by cutting it so that it cannot be recovered and read with technological analysis.

In databases containing personal data, the corresponding lines containing personal data are deleted with database commands (Delete etc.). For the personal data in file operating system, the deletion process is performed with the delete command on the operating system of the file, by deleting personal data or removing the access authorization of the relevant user on the file or directory where the file is located.

8.3. Destruction of Personal Data

Destruction of personal data is the process of rendering personal data inaccessible, non-recoverable and non-reusable by any person in any manner whatsoever. The Company takes any necessary technical and administrative measures in relation to destruction of personal data.

In order to destroy personal data, all copies of the data are detected and, according to the type of systems in which the data is located, the convenient one of the following methods is used: de-magnetization method for the data contained in the magnetized medium; melting, burning or pulverizing optical media and magnetic media, or putting them in a metal shredder; for the personal data contained in hard copy, a paper shredder.

8.4. Anonymization of Personal Data

Anonymization of personal data is the process of rendering it impossible for personal data to be associated with any identified or identifiable natural person in any way, even if the personal data are matched with other data.

The purpose of anonymization is to break the bond between the data and the person identified by such data. the methods either automatic or non-automatic such as grouping, masking, derivation, generalization, randomization, etc. applied to the record system where personal data is retained are some of the anonymization methods.

8.5 Employee Involved in the Personal Data Storage and Destruction Processes

Title	Position	Responsibility
Personal Data Protection Supervisor	In charge of the compliance with the Law on the Protection of Personal Data and implementing the Personal Data Storage and Destruction Policy	To ensure and audit compliance with the Law on the Protection of Personal Data, secondary legislation and Board decisions throughout the company, to ensure compliance with the Personal Data Storage and Destruction Policy and to manage personal data destruction process in accordance with the periodic destruction periods.
Financial Advisor	Responsible for the implementation of Personal Data Storage and Destruction Policy.	To ensure compliance with the Personal Data Storage and Destruction Policy regarding the processes within their duties and to manage personal data destruction processes in accordance with periodic destruction periods
IT Manager	Responsible for the implementation of Personal Data Storage and Destruction Policy.	To ensure compliance with the Personal Data Storage and Destruction Policy regarding the processes within their duties and to manage personal data destruction processes in accordance with periodic destruction periods
Human Resources Officer	Responsible for the implementation of Personal Data Storage and Destruction Policy.	To ensure compliance with the Personal Data Storage and Destruction Policy regarding the processes within their duties and to manage personal data destruction processes in accordance with periodic destruction periods

8.6. Personal Data Categories

Personal Data Category	Description on a Personal Data Category
Identity Information	The data of a real person that contains information about the person's identity. Documents such as identity card, driver's license, passport, professional card containing information such as Turkish ID no, parents name, date of birth, place of birth, marital status, gender, as well as tax number, signature information, SSI number and other data
Contact Details	Phone number, e-mail, address, fax number, IP address and other data
Educational Information	Graduated school details, diploma, course, seminar, conference participation certificate, exam result, foreign language skill and other information
Health Information	Blood type, occupational physician check-up, vaccination card, health reports of any kind
Prospective Employee Information	Personal data received by the company through resume and job application forms at the job application stage (identity and contact details, nationality, health, criminal conviction and security measures information, military service status, education and job experience, certificate, areas of interest, references, marital status, family and relative information, foreign language skill, private car information, driver's license status , resident status (rent - ownership), form of application to the company, salary from his last job)

Personnel Information	Data that is required by law to be in the personal file of the employees of the company and the data that will be the basis for the formation of personal rights (Copy of ID card, extract of identity register (from e-government and civil registry offices), residence and another address certificate (e-government), criminal record (e-government), diploma photocopy, blood type card, copy of driver's license, copy of marriage certificate, copy of spouse and child's ID cards, copy of military discharge certificate, photo, copy of bank account books, copies of previously received training and seminars, tetanus vaccination card, hemogram (as to blood count), full urinalysis, audio, chest radiography 35 x 35, respiratory function test; for motorbikes: hunger blood sugar and ECG, src3 certificate for drivers (international freight, goods transportation) and/or src4 certificate (domestic freight, goods transportation) for drivers; psycho technical certificate)
Special Categories of Personal Data	Data relating to race, ethnic origin, political opinion, philosophic belief, religion, sect or other beliefs, appearance and dressing, membership to association, foundation or union, health, sexual orientation, criminal convictions and security measures as well as biometric and genetic data of people,
Information on Legal Transactions	Data processed by the Company to defend its rights and receivables, to collect its receivables, to pay its debt and for its legal obligations

Financial Information	Bank account number and account information, documents showing financial status, salary, payroll information, private health insurance amount, advance information and other data
Physical Space Security Information	Camera recordings at the entrance to the company's buildings and facilities and within the building and facilities, vehicle license plate information and recordings taken at check points
Information on Family Members and Kith and Kin	Data of the personal data subject's family members (spouse, mother, father and child), kith and kin and emergency contact persons
Location Information	GPS data that detects the location of the data subject during the use of company vehicles

8.7. Contact Group of Personal Data Subject

Contact Group	Description on Contact Group
Employees of Company, Affiliates and Business Partners	All real persons, including the employees of our company, the real persons with whom our company’s affiliated companies and our company have a business relationship, and the shareholders and officials working in legal entities.

Prospective Employee	Real persons who have lodged a job application to our company in any way or have submitted their CVs for review.
Company blue collar employee	Company employee producing goods/products
Employee of subcontractor company	Employees of the subcontractor company having commercial relationship with our Company
Shareholders of the Company	Real persons who are a shareholder of the Company
Company Customers	Real person making use of the products and services offered by our Company
Institution Official	Authorized person who works for the relevant public/private institution.
Company Leads	Real persons making request to benefit from the products and services offered by our Company
Visitors	Real persons visiting company buildings and facilities and websites
Supplier	Parties providing contractual services in accordance with the company's orders and instructions to carry out its commercial activities
Affiliate Companies
Business Partners	Parties with whom the company has established business partnerships in order to carry out its commercial activities
Legally Competent Institution and Organization and legal Entities of Private Law	Legally competent institution and organization and legal entities of private law to whom the company is obliged to share Company’s information and documents under the applicable legislation.

Sayfa Sonu

Company Official

Members of the board of directors of the Company and other authorized persons

8.8. Personal Data Category and Contact Group Matching

Personal Data Category	Contact Group
Identity Information	Employees of Company, Affiliates and Business Partners, Prospective Employee, Company Partners, Company Customers, Company Leads, Visitor, Supplier, Business Partners, Company Official
Contact Details	Employees of Company, Affiliates and Business Partners, Prospective Employee, Company Partners, Company Customers, Company Leads, Visitor, Supplier, Business Partners, Company Official
Educational Information	Employees of Company, Affiliates and Business Partners, Prospective Employee, Company Partners, Company Customers, Company Leads, Visitor, Supplier, Business Partners, Company Official
Health Information	Employees of Company, Affiliates and Business Partners, Prospective Employee, Company Partners, Company Official
Prospective Employee Information	Prospective Employees

Personnel Information	Company Employee, Company Official
Special Categories of Personal Data	Employees of Company, Affiliates and Business Partners, Prospective Employee, Company Partners, Company Customers, Company Leads, Visitor, Supplier, Business Partners, Company Official
Information on Legal Transactions	Employees of Company, Affiliates and Business Partners, Company Partners, Company Customers, Company Leads, Supplier, Company Official
Financial Details	Employees of Company, Affiliates and Business Partners, Prospective Employee, Company Partners, Company Customers, Company Leads, Supplier, Business Partners, Company Official
Physical Space Security Information	Employees of Company, Affiliates and Business Partners, Prospective Employee, Company Partners, Company Customers, Company Leads, Visitor, Supplier, Business Partners, Company Official
Information on Family Members and Kith and Kin	Employees of Company, Affiliates and Business Partners, Prospective Employee, Company Partners, Company Customers
Location Information	Employees of Company, Affiliates and Business Partners, Company Official

8.9. Storage and Destruction Periods

Business Process	Contact Group	Personal Data Category	Storage Period	Destruction Period
Personal Procedure	Company Employees	Personnel Information	15 years	Within 180 days after the end of the storage period
Recruitment Process	Prospective Employee, Intern Prospective Employee	Prospective Employee Details	2 years	Within 180 days after the end of the storage period
Training Process	Company Employees	Credentials and Educational Information	15 years	Within 180 days after the end of the storage period
Physical Space Security Process	Company Employees, Company Prospective Employee, Company Partners, Company Customers, Company Leads, Visitor, Supplier, Business Partners, Company Official	Physical Space Security Information	1 years	Within 180 days after the end of the storage period
Defining process of a system account	Company Employees	Identity Information Contact Details	10 years	Within 180 days after the end of the storage period

Sales Process	Company Customers, Vendors	Identity Information Contact Details, Financial Information,	10 years	Within 180 days after the end of the storage period
Processing of the Employee Information of a Subcontractor Company	Subcontractors, Subcontractor company employees	Identity Information Contact Details	10 years	Within 180 days after the end of the storage period
Salary Process	Company Employees	Identity Information Financial Information	15 years	Within 180 days after the end of the storage period
Switchboard Process	Visitors, Company Customers, Company Leads, Dealers, Suppliers	Identity Information Contact Details	1 years	Within 180 days after the end of the storage period
Visitors’ Records	Visitors	Identity Information, Physical Space Security Information	2 years	Within 180 days after the end of the storage period

Legal Processes	Company Employees, Company Partners, Company Official	Identity information, Information on Legal Transactions	15 years	Within 180 days after the end of the storage period
Internet Access Process	Company Employees	Identity Information, Contact Details	2 years	Within 180 days after the end of the storage period
Process for Debit of Goods to Employees	Company Employees	Identity information	15 years	Within 180 days after the end of the storage period
Communication Process	Company employees	Identity information, Contact Details	2 years	Within 180 days after the end of the storage period
Visitor’s Vehicles Recording Process	Visitors	Identity information, Contact details	2 years	Within 180 days after the end of the storage period
Process of process documentation	Company Employees, Company Official	Identity Information	15 years	Within 180 days after the end of the storage period
Data entry process into public institutions	Company Employees, Company Official	Identity information, Contact Details, Financial Information,	15 years	Within 180 days after the end of the storage period

Visa-booking processes	Company Employees	Identity Information	15 years	Within 180 days after the end of the storage period
Workflow Process	Company Employees	Identity information, Financial Information, Health Information	15 years	Within 180 days after the end of the storage period
Payroll Distribution Process	Company Employees	Identity information, Personnel Information	15 years	Within 180 days after the end of the storage period
Customer Portfolio Creating Process	Company Customers, Company Leads Dealers	Identity information, Contact Details	2 years	Within 180 days after the end of the storage period
Export Shipments	Employees of Business Partners	Identity information, Contact details	10 years	Within 180 days after the end of the storage period
Shipment Process	Company Customers, Employees of Business Partners	Identity Information, Contact Details	10 Years	Within 180 days after the end of the storage period

Scholarship Process	Scholar	Identity Information, Contact Details: Educational Information: Special Categories of Personal Data Financial Information, Information on Family Members and Kith and Kin	10 years	Within 180 days after the end of the storage period
Purchasing and Procurement Process	Suppliers, Company Partners, Company Directors, Vendors	Identity Information, Contact Details, Financial Information,	10 years	Within 180 days after the end of the storage period
Occupational Health and Safety Processes	Company Employees	Identity Information, Contact Details: Health details	15 years	Within 180 days after the end of the storage period
Payment Procedures	Company Customers, Supplier, Vendors	Identity Information, Contact Details, Financial Information,	10 years	Within 180 days after the end of the storage period
Keeping log records,	Guests	Identity Information	2 years	Within 180 days after the end of the storage period

Employee List and Contact Persons Identification Process	Company Employees	Identity Information, Contact Details	10 years	Within 180 days after the end of the storage period
Logistics Operations Process	Company Employees	Identity information, Private Data	15 years	Within 180 days after the end of the storage period
Process of shared information for events	Company Employees, Customers	Identity information, Contact Details	10 years	Within 180 days after the end of the storage period
Collection Process	Company Customers, Vendors	Identity Information, Contact Details: Financial Information	10 years	Within 180 days after the end of the storage period
Official Notice Process	Employees of Business Partners	Identity information	10 years	Within 180 days after the end of the storage period
Agreement Process	Company Customers	Identity Information, Contact Details	10 years	Within 180 days after the end of the storage period

Private Insurance Renewal Process

Company Officials

Identity information,

Financial Information

15 Years

Within 180 days after the end of the storage period

Invoice Process

Vendors

Company Customers

Identity Information

Contact Details

10 years

Within 180 days after the end of the storage period

Quality Management Process

Company Employees

Identity Information

Contact Details

15 years

Within 180 days after the end of the storage period

8.10. Periodical Destruction Intervals

In accordance with Article 7 of LPPD, personal data shall be destructed periodically upon the disappearance of reasons which require the process even if they are processed as per the legal legislation or the period stipulated in the legislation expires. In the first periodical destruction process following the date on which the obligation to delete, destroy or anonymize personal data has become due, our Company shall delete, destroy or anonymize personal data. Periodic destruction shall be carried out for all personal data, twice a year, at intervals of 6 months.

All the transactions carried out in relation to deletion, destruction or anonymization of personal data are recorded, and the aforementioned records are kept for a period of three years, except for other legal obligations.

Technical and Administrative Measures for Personal Data

In accordance with Article 12 of the LPPD, the obligation of the company in the capacity of data controller regarding data security:

toprevent unlawful processing of personal data,
toprevent unlawful access to personal data,
totake any technical and administrative measures to protect them,
To carry out or to have carried out any necessary audit for its company

The company exercises due care to data processing and data security in accordance with the above obligations. The company takes the necessary measures to prevent the personal data of its employees from being shared with third parties, and otherwise notifies the relevant person and the Board.

In the Company;

Network security and application security are ensured.
A closed system network is used for personal data transfers over the network.
Key management is applied.
Security measures are taken within the scope of procurement, development and maintenance of information technology systems.

The security of the personal data stored on the cloud is ensured.
Disciplinary regulations containing data security provisions are in place with respect to the employees.
Training and awareness-raising activities on data security are organized at regular intervals for the employees.
An authorization matrix has been created for the employees.
Access logs are regularly taken.

Corporate policies have been prepared and started to be implemented on the topics of access, information security, usage, storage and destruction.
Data masking measure is implemented when necessary.
Letters of undertaking for confidentiality/privacy are obtained.
Relevant authorizations of the employees whose position has changed, or who have left their job, are revoked.
Up-to-date anti-virus systems are used.
Firewalls are used.
The executed agreements contain provisions on data security.
Additional security measures are taken for personal data that are transferred in hard copy and the relevant documents are sent after being marked as classified.
Personal data security policies and procedures have been determined.
Personal data security issues are reported forthwith.
Security of personal data is monitored.
Necessary security measures are taken regarding entry-to-exit from physical sites containing • personal data.
Security of physical sites containing personal data is ensured against external risks (fire, flood, etc.).
The security of media containing personal data is ensured.
Personal data are minimized to the maximum extent.
Personal data are backed up and the backed-up personal data are protected.
User account management and authorization control system are implemented and are monitored.
In-house periodic and/or random inspections are carried out and caused to be carried out.
Log records are kept in a way that will not allow user intervention.
Current risks and threats have been identified.
Protocols and procedures regarding security of special categories of personal data have been determined and are being implemented.
Special categories of personal data are always encrypted and sent with KEP(registered electronic mail)or corporate mail accounts, in the cases when they are sent by email.

Secure encryption/cryptographic keys are used for special categories of personal data, which are managed by different departments

Intrusion detection and prevention systems are used.
A penetration test is applied.
• Cyber-security measures are taken and their implementation is constantly monitored.
Encryption is made.

Special categories of personal data that are transferred on portable flash memory, CD and DVD are transferred by encryption.

Audits are ensured at certain intervals to ensure data security of data processor service providers.
Awareness-raising activities are carried out to ensure data security of data processor service providers.
Data loss prevention software is used.

The Company adopts all technical and administrative measures regarding cyberattacks regarding personal data of third parties, as well as technical and administrative measures specified in the law and board resolutions and specified in the guidelines to prevent unlawful access to personal data. The Company audits the security of the data inventory it creates in accordance with the legislation, as well as system and software security; and reports to the authorized persons and board if so requested, ensures that personal data are protected as stipulated in the legislation.

Rights of Data Subject

Article 11 of LPDP No. 6698 has come into force on October 7, 2016, and pursuant to relevant article, the rights of the Data Subject thereafter shall be as follows:

The Data Subject may apply to the Company and

a)learnwhether or not their personal data are being processed,
b)requestinformation if his personal data have been processed,
c)findout the purpose of processing the personal data and whether it has been used in accordance with its intended purpose.
d)findout third parties to which their personal data have been transferred at home or abroad
e)torequest the correction of personal data that may have been incompletely or inaccurately processed,
f)torequest deletion or destruction of personal data within the framework of the conditions set forth in Article 7 of the PDPL;
g)incase of correction, deletion or destruction of personal data, to request that such operations be reported to third parties to whom such personal data has been transferred,
h)toobject to the emergence of an outcome which is to the detriment of the person himself as a result of the analyzing of the processed data exclusively through automated systems,

i)to request indemnification for their damages caused by unlawful processing of their personal data.

Application to Data Controller and Application Method

NEYİVAR TEKNOLOJİ VE TİCARET ANONİM ŞİRKETİ, in the capacity of data controller, with the registered address at Atatürk Mahallesi Ertuğrul Gazi Sokak A Blok No:2 E İç Kapı No:331 Ataşehir/ISTANBUL, Central Registration System (Mersis) No. 0631-1549-2590-0001 respects the rights of you, the valuable personal data subjects and strives to help fulfilling your requests in your application. The right to apply to our company with this form prepared as per article 11 of PDPL directly belongs to the personal data owner. In the case of applications filed on behalf of third persons, a proper power of attorney, including power to represent the relevant person, shall be presented.

Pursuant to paragraph 1 of Article 13 of the Law, applications to be made to our Company as data controller with regard to these rights should be forwarded to our Company in writing or by other methods determined by the Personal Data Protection Board ("Board”).

After you fill out and sign the PDP Application Form (“PDP Application Form”) in the Company in a complete and clear manner and send it to our address below in person or by registered mail, we will reply your application no later than 30 (thirty) days. The application regarding such rights must be filed in writing by other methods included in this Personal Data Subject Application Form or determined by the Personal Data Protection Board (“Board”).

In that regard, applications to be lodged in “writing” with our Company may be submitted as follows: by obtaining printout of this Form;

By application in person by the applicant,
Through a Notary Public,
It can be provided by sending it to the registered e-mail address of our Company after signing by the Applicant with “secure electronic signature” in accordance with Electronic Signature Law No. 5070.

Our Company Details

Trade Name	: NEYİVAR TEKNOLOJİ VE TİCARET ANONİM ŞİRKETİ
Address	: Atatürk Mahallesi Ertuğrul Gazi Sokak A Blok No:2 E İç Kapı No:331 Ataşehir/ISTANBUL
Mersis (central registration system) No.	: 0 0631-1549-2590-0001
Registered E-mail Address :	: neyivar@hs02.kep.tr
E-mail Address	: info@neyivar.com

This Policy shall become effective upon publication and shall remain effective until removed from the website. Our Personal Data Storage and Destruction Policy is issued on 13.09.2021. In case of renewal of the entire Policy or its specific articles, the date of effectiveness of the Policy shall be updated.