Personal Data Policy
Policy on Processing and Security of Sensitive Personal Data
Policy on Processing and Security of Sensitive Personal Data
As Tasimacim Transportation Logistics Brokerage Services Limited Company (hereinafter referred to as “Tasimacim” or “Company”), we process special categories of personal data and ensure the security of such data in accordance with the Personal Data Protection Law No. 6698 and the relevant legislation. This Policy on Processing and Security of Special Categories of Personal Data (“Policy”) has been prepared in accordance with the decision of the Personal Data Protection Board dated 31/01/2018 and numbered 2018/10 (“Board Decision”) regarding the “Adequate Measures to be Taken by Data Controllers in the Processing of Special Categories of Personal Data” in order to determine the measures we take as a data controller for the processing of special categories of personal data. This Policy and Tasimacim’s Personal Data Security Policy (“Security Policy”) are complementary to each other, and the Security Policy should be examined for issues not mentioned in this Policy. Tasimacim, as the data controller, shall act in accordance with this Policy while processing, sharing with third parties and storing in data recording media the personal data of special nature.
This Policy covers our activities to ensure the appropriate level of security of special categories of personal data that we have acquired and may acquire belonging to the following persons:
Within the framework of this Policy, Tasimacim shall take necessary administrative and technical measures to process the special categories of personal data of the persons mentioned in Article 2 in accordance with the personal data protection legislation and to ensure the security of such data. This Policy may be amended and updated by the relevant units at any time in line with the changes in the law or relevant legislation or in the activities of Tasimacim.
Tasimacim is obliged to comply with the general principles specified in the KVK Law regarding the processing of personal data. In this context, Tasimacim will act in accordance with the following principles when processing special categories of personal data:
Tasimacim is obliged to process special categories of personal data in accordance with the conditions specified in Article 6 of the KVK Law together with the general principles mentioned above. In this context, Tasimacim may carry out special categories of personal data processing activities based on one of the following conditions:
Obtaining the explicit consent of the data subject for the processing of special categories of personal data or,
Except for personal data relating to health and sexual life, the processing of special categories of personal data should be stipulated in the law
Tasimacim may share sensitive personal data with third parties in accordance with the data processing conditions specified in Articles 8 and 9 of the KVK Law. During the transfer of sensitive personal data to third parties, Tasimacim shall take the security measures specified in the Board Decision. In this context, Tasimacim may transfer special categories of personal data
Tasimacim maintains special categories of personal data in accordance with the general principles and processing conditions mentioned above in detail. Regarding the environments where special categories of personal data are stored and/or accessed, Tasimacim shall take the security measures specified in the Board Decision. In this context, Tasimacim,
Tasimacim takes the following measures specified in the Board Decision for its employees who process special categories of personal data:
Tasimacim has established the Personal Data Security Policy in accordance with the technical and administrative measures specified in the Personal Data Security Guide published on the website of the Authority in order to ensure the security of all personal data it processes, including personal data of special nature. This Special Categories of Personal Data Security Policy includes the technical and administrative measures taken by the Company to ensure the appropriate level of security in order to ensure the lawfulness of the personal data processed, to prevent unlawful access and to ensure its preservation.