K.V.K.K. Politikası 3
3.2 Obligations Regarding Data Security
3.2.1 Technical Measures:
COŞKUNOĞLU PESTİL takes the necessary technical measures, as much as possible, to prevent unauthorized access, data breach and unlawful access, and to prevent accidental data loss, change and destruction. The obligation in question relates to both electronic and physical media. In this context, COŞKUNOĞLU PESTİL determines technical procedures and rules, observing confidentiality in design, and reviews them at certain frequencies. In accordance with these designs, the Data Classification and Protection Procedure, which is an annex to this Data protection and processing Policy, has been created by COŞKUNOĞLU PESTİL. According to this process, various Data Classes have been created and protection principles for the created classifications have been determined.
COŞKUNOĞLU PESTİL ensures the implementation of security measures such as encryption, masking and anonymization by taking into account the existing risks that may occur in this context and by following the current technology. The main technical measures taken by COŞKUNOĞLU PESTİL to prevent unlawful access to personal data are listed below:
New technological developments are followed and technical measures are taken on systems, especially in the field of cyber security, and the measures taken are periodically updated and renewed.
Access and authorization technical solutions are implemented within the framework of legal compliance requirements determined specifically for each department.
Access authorizations are limited and authorizations are reviewed regularly. Access restrictions are imposed on former employees and accounts are closed.
Technical measures taken in accordance with COŞKUNOĞLU PESTİL's internal operations are reported to the relevant users, risky issues are re-evaluated and the necessary technological solutions are produced.
Software and hardware including virus protection systems, firewalls, Data Vulnerability security and firewalls are installed.
Technically knowledgeable personnel are employed.
In order to detect security vulnerabilities in applications where personal data is collected, applications are regularly subjected to external impact testing and the vulnerabilities found are closed according to the results of this test.
3.2.2 Administrative Measures:
COŞKUNOĞLU PESTİL employees can access personal data only in accordance with the scope and purpose of the task in question. Employees may not process personal data to which they have access for personal or commercial purposes; cannot disclose personal data or disclose this information to unauthorized persons for these purposes. COŞKUNOĞLU PESTİL has determined the Principles for the Processing of Personal Data by making the necessary arrangements in the relevant Workplace Regulations for its employees. The provisions of this Regulation are in the nature of employment contracts for COŞKUNOĞLU PESTİL Employees and it is anticipated that sanctions will be imposed in case of non-compliance. The supervision and management of departments' personal data security is organized by the Information Security Unit. Awareness is created to ensure that the legal requirements determined on a business unit basis are met, and the necessary administrative measures are implemented through internal policies, policies and procedures and training to ensure the control of these issues and the continuity of the implementation.
COŞKUNOĞLU PESTİL informs its employees that the personal data they obtain for business purposes cannot be disclosed to anyone else in violation of the provisions of the Law and cannot be used for purposes other than processing, and that this obligation will continue after they leave office.
3.2.3. Training of COŞKUNOĞLU PESTİL Employees on the Protection and Processing of Personal Data
COŞKUNOĞLU PESTİL organizes the necessary training for company headquarters, factory and store employees in order to raise awareness to prevent unlawful processing of personal data, unlawful access to data and to ensure the preservation of data.
3.3 Data Controllers Registry
COŞKUNOĞLU PESTİL is/will be registered in the data controllers registry established in accordance with the relevant legislation. The relevant registry includes the following information; Personal Data Security Inventory and Data Destruction and Storage Procedure will be submitted to the Data Controllers Registry in accordance with secondary legislation.
Identity and address information of the data controller and his representative, if any
For what purpose personal data will be processed
Explanations about the data subject person group and groups and the data categories belonging to these people
Recipients or recipient groups to whom personal data can be transferred
Personal data intended to be transferred to foreign countries
Measures taken regarding personal data security
Maximum period required for the purpose for which personal data is processed