PERSONAL DATA PROTECTION POLICY
Coin Store and all of its personnel undertake to comply with the principles and rules of the Republic of Turkey Constitution regarding the protection of personal data, Personal Data Protection Law No.6698 (“KVKK”) and other legislation and to protect the rights of individuals whose data is processed by Coin Store. For this purpose, Coin Store has adopted a written personal data protection policy and system to be implemented and developed.
The purpose of the Personal Data Protection Policy is to ensure that Coin Store sets and realizes its own standards in the management of personal data; determining and supporting organizational goals and obligations, establishing control mechanisms in line with the Coin Store acceptable risk level; Coin Store is to fulfill the obligations it is subject to in accordance with international conventions in the field of personal data protection, the Constitution, laws, contracts and professional rules, and to protect the interests of individuals in the best way.
The policy provisions cover all information systems and sub-information, contracts, environmental and physical areas, and systems and regulations produced for all of these, which are involved in the processing of personal data in Coin Store's fields of activity and work areas. This policy covers all units of Coin Store , support company employees, intern and contracted personnel. KVKK or any action that violates this policy is evaluated within the scope of the relevant legislation and sanctions are applied accordingly.
Coin Store's solution partners, public institutions and all third parties working with Coin Store are invited to read and comply with this policy. No third party can access personal data processed by Coin Store without a written confidentiality agreement, which includes the obligations of at least as strong as Coin Store regarding the protection of personal data and the right to control them.
Explicit consent: Consent on a specific subject, based on information and declared with free will,
Anonymization: Making personal data unrelated to a certain or identifiable natural person under any circumstances, even by matching with other data,
Relevant person / Data subject: The real person whose personal data is processed,
Personal data: All kinds of information regarding an identified or identifiable natural person,
Special quality (sensitive) personal data: Regarding the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures. biometric and genetic data,
Processing of personal data: Obtaining, recording, storing, preserving, changing, rearranging, disclosure, transferring, taking over, making available, by means of non-automatic means, provided that personal data are fully or partially automated or are part of any data recording system, All kinds of operations performed on the data such as classification or prevention of use,
KVKK: Law No. 6698 on the Protection of Personal Data,
Board: Personal Data Protection Board,
KVK Institution: Personal Data Protection Authority,
KVK Committee: The structure that will provide the necessary coordination within the scope of ensuring, preserving and maintaining compliance with the Personal Data Protection Legislation,
KVK Commitment: The document in which the legal obligations of the third parties to whom data is shared are determined,
Data processor: The natural or legal person who processes personal data on his behalf based on the authority given by the data controller,
Data recording system: The recording system in which personal data are structured and processed according to certain criteria,
Registry: Registry of data controllers kept by the KVK Institution,
Data controller: Real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,
Contact Person: The real person who is notified by the Data Supervisor during registration to the Registry for the communication to be established with the KVK Authority regarding the obligations of the data controller,
Coin Store is the data controller in accordance with the KVKK.
Everyone who is a Coin Store staff is responsible for developing, promoting and promoting correct practices in the processing of personal data within Coin Store.
The KVK Committee has been established as a committee in charge of managing the personal data protection system and ensuring and documenting compliance with KVKK and other related legislation and is responsible to the board of directors in these matters.
The members of the KVK Committee are appointed by the board of directors, taking into account their expertise and experience in personal data protection legislation and practices, and report directly to the board of directors.
Duties and Responsibilities of the KVK Committee:
The committee should inform the board of directors about Personal Data Protection legislation and developments.
The Committee is responsible for ensuring that Coin Store's policies and procedures are up-to-date, that data processing audits are carried out in accordance with the scheduled schedule and that they comply with the relevant legislation.
The Committee acts together with the relevant personnel in all personal data protection issues.
Coin Store provides information and advice on personal data protection legislation and compliance to its relevant partners and support providers.
Coin Store provides information and advice to its staff on their obligations in accordance with personal data protection legislation.
Coin Store monitors the compliance of data processing activities with personal data protection legislation.
Coin Store strictly adheres to the development and maintenance of personal data protection policy and related procedures and processes.
In the context of compliance with personal data protection legislation, Coin Store assigns responsibilities.
It ensures that all personnel involved in personal data processing are provided with the necessary training and awareness.
It monitors and reports compliance with Personal Data Protection Legislation by ensuring regular audits.
Provides information and advice for personal data protection impact analysis reports.
It acts in cooperation and liaison with the KVK Board.
Coin Store acts as the contact point and representative before the KVK Board and provides information and advice to the Board when necessary.
It ensures that the process of notifying information security incidents and investigations to the Board is run.
It contributes to the business continuity plan process.
Provides information and advice on keeping corporate records.
Coin Store ensures that the scale at which personal data is collected, kept, used and the conditions of storage in accordance with information security standards.
It provides supervision and evaluations regarding compliance with the protection of personal data, security practices and other controls that may be required.
It makes additional suggestions for determining and implementing controls to ensure confidentiality, integrity and accessibility of personal data.
Within Coin Store, it presents the issues that pose potential risks in terms of personal data and its suggestions on this subject to the agenda of the Management Committee.
The KVK Committee may request cooperation from all personnel, including access to systems and records, while performing the duties of Coin Store regarding the collection, processing and storage of personal data.
All personnel of Coin Store who process personal data are responsible for complying with the Personal Data Protection legislation.
Coin Store is responsible for carrying out the necessary notifications and trainings so that all personnel are aware of their responsibilities in the field of personal data protection and have the necessary awareness.
Coin Store personnel are obliged to ensure the accuracy and up-to-dateness of all personal data provided to or related to Coin Store.
5.1. Data Protection Principles
Coin Store will comply with the personal data protection legislation and data protection principles. The data protection principles adopted by Coin Store include:
To process personal data only if it is clearly necessary for legitimate institutional purposes,
To process the minimum amount of personal data required for these purposes and not to process more data than necessary,
Providing individuals with clear information about who and in what way their personal data is used,
To process only relevant and appropriate personal data,
To process personal data fairly and in accordance with the law,
To keep an inventory of personal data categories processed by Coin Store,
Keeping personal data accurate and up-to-date when necessary,
To keep personal data only for the period required by legal regulations, legal obligations or legitimate corporate interests of Coin Store,
Respecting the rights of individuals regarding their personal data, including the right to access,
Keeping all personal data safe,
Transferring personal data abroad only in accordance with the express consent of the persons or in the presence of sufficient protection,
To apply the exceptions permitted in accordance with the legislation,
Establishing and implementing the personal data protection system for the implementation of the policy,
To determine the internal and external stakeholders that are parties to the personal data protection system and to what extent they are included in the personal data protection system of Coin Store, when necessary,
To determine personnel who have special powers and responsibilities regarding the personal data protection system.
All personal data processing activities should be carried out in accordance with the following data protection principles. Coin Store's policies and procedures aim to ensure compliance with these principles:
Compliance with the law and honesty rules,
Being accurate and up-to-date when necessary,
Processing for specific, explicit and legitimate purposes,
Being connected, limited and measured with the purpose for which they are processed,
Being kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed.
Personal data are processed in accordance with the law and the rule of honesty and transparently.
Accordingly, Coin Store includes privacy statements regarding its personal data processing activities in data collection channels and related forms. The areas where clear and understandable information will be placed and announced by Coin Store regarding whom and which data is processed for what purposes are determined by taking the opinion of the KVK Committee. These notifications include the following:
Identity and contact information of Coin Store as data controller,
The types of personal data processed,
Purposes of processing personal data,
Methods of collecting personal data,
The legal reason for processing personal data,
The envisaged retention period of personal data,
Rights of the data owner,
Third parties with whom data can be shared.
Personal data can only be processed for specific, explicit and legitimate purposes. Ko
The reasons / purposes for processing personal data are determined in the personal data inventory, and personal data cannot be used other than the specified purpose without any other legal justification or the explicit consent of the data owner. In case conditions arise that require a personal data to be used for purposes other than those specified in the personal data inventory, this situation is notified to the KVK Committee by the relevant personnel / unit. The KVK Committee checks the appropriateness of the new purpose and, if necessary, ensures that the data owner is informed about the new purpose and new data processing activities.
Personal data must be processed in an appropriate, relevant and limited extent appropriate for the purposes of processing.
The KVK Committee is obliged to ensure that personal data that are not explicitly required for the purpose of processing are not collected and processed.
The KVK Committee is informed about all data collection channels.
The KVK Committee checks that the processed data is appropriate and relevant through the personal data inventory updated annually.
The KVK Committee audits that all data processing methods are appropriate and relevant with an annual internal audit / external audit.
The site is responsible for the cessation of data processing in terms of personal data that it determines to be unsuitable, unrelated, or excessive for the purpose of processing, and the safe destruction of the processed data in accordance with the procedure defining the storage and destruction process.
Personal data must be accurate and up to date.
The accuracy and currency of data kept for a long time should be reviewed. Coin Store is responsible for the training of all personnel on accurate and up-to-date collection and storage of their data.
The accuracy and up-to-dateness of the data kept for the personnel is under the responsibility of the relevant personnel.
Employees / customers / institutions with whom they are in contact and other relevant persons should inform Coin Store in order to update the personal data.
The KVK Committee may instruct the relevant unit to review the accuracy or currency of certain data through the evaluation of the data inventory, the type, storage period and amount of the processed data.
Personal data should be processed in such a way that the data subject can only be identified if necessary for the purpose of data processing.
Backup of personal data, etc. In order to protect the rights and freedoms of individuals, secure disposal methods determined by the Board are applied to protect the rights and freedoms of individuals in cases of storage beyond the specified period or in cases of data security weakness.
Written approval of the KVK Committee is obtained when the personal data needs to be processed longer than the specified periods in accordance with the procedure in which the storage and destruction process is defined.
Coin Store informs the Personal Data Protection Board ("KVK Board") about which it is the data controller and which categories of personal data it processes. Coin Store determines all personal data categories it processes in its personal data inventory.
The notification is made in accordance with the procedure and method to be determined by the KVK Board, and a copy of the notification is kept by the Compliance Unit.
If deemed necessary by the relevant legislation or the KVK Board, the notifications are repeated periodically.
The KVK Committee annually reviews the data processing activities of Coin Store and the changes in them in order to identify potential changes that may occur in the notification made to the KVK Board and informs the KVKK Board if necessary.
5.3. Risk assessment
Coin Store identifies the risks associated with the processing of certain types of personal data.
Coin Store has a procedure to assess the risks of processing personal information on individuals. This evaluation is carried out by taking into account the third parties who process data on behalf of Coin Store. Coin Store manages the risks identified as a result of the assessment in a way that does not create any incompatibility with this policy.
If a particular type of data processing activity is likely to pose a high risk on personal rights and freedoms in line with its structure, context and purposes, Coin Store should conduct an impact analysis before data processing activity and manage potential risks. For multiple data processing activities involving similar risks, a single assessment may be based.
At the end of the impact analysis, if it is understood that Coin Store is about to start a data processing activity that may pose a high risk on personal rights and freedoms, the approval of the KVK Committee is sought on this issue. If the KVK Committee deems necessary, it receives an opinion from the KVK Board on the subject.
In risk management, the system and controls applied in accordance with the system adopted by Coin Store in accordance with the Information Security Policy and Risk Management Policy are applied.
5.4. Obtaining Open Consent
Coin Store accepts the consent of the data owner as explicit consent, which is based on information and expresses the will to process data with free will, expressed by written / verbal declaration or explicit confirmatory action, regarding certain data processing activities. Explicit consents are obtained in writing or systematically in a way that is suitable for proof. Explicit consent can always be revoked by the data owner.
In the event that data processing based on explicit consent will be continuous or will be repeated, explicit consents received are checked. The up-to-dateness and accuracy of these explicit consents are the responsibility of the relevant unit. Explicit consent forms or other relevant means of proof regarding data processing based on explicit consent are kept by the relevant unit.
5.5. Data security
All personnel are obliged to ensure that the data processed by Coin Store and under their responsibility are kept secure and not disclosed to the third party unless they sign a confidentiality agreement.
Only those who need access to personal data should have access to it.
Information security incidents regarding personal data are reported to the KVK Board and the relevant person within the shortest time and within 72 hours at the latest, after they are determined by the KVK Committee.
5.6. Data Sharing
Personal data can only be shared with third parties in accordance with the law and fairness. Accordingly, one of the following conditions is sought in order to share personal data:
Obtaining the explicit consent of the data owner,
It is clearly stipulated in the laws,
It is compulsory for the protection of the life or physical integrity of the person who is unable to disclose his consent due to the actual impossibility or whose consent is not legally valid,
Provided that it is directly related to the establishment or execution of a contract to which Coin Store is or will be a party, it is necessary to process the personal data of the parties to the contract,
It is mandatory for Coin Store to fulfill its legal obligation.
It is made public by the person concerned,
Data processing is mandatory for the establishment, use or protection of the rights of Coin Store,
Provided that the fundamental rights and freedoms of the relevant person are not harmed, data processing is mandatory for the legitimate interests of Coin Store.
Personal data can only be transferred abroad provided that the above conditions are met and adequate protection is available in the target country or the explicit consent of the data owner is obtained for this transfer.
In the transfer of personal data abroad, the list of countries with sufficient protection determined by the Board is taken into account.
In case of transferring personal data abroad, in accordance with the KVKK and the relevant legislation, the KVK Committee provides the necessary permissions and notifications before the Board.
All transactions regarding the sharing of personal data should be recorded in writing with their reasons. These records are audited periodically by the KVK Committee.
In the event that there is a regular data sharing relationship without a legal basis or legal obligation, a KVK Commitment is made that determines the conditions of data sharing with the party in question. The KVK Commitment includes at least the following:
The purpose or purposes of sharing,
Potential third party buyers or type of recipient and right of access conditions,
What is the data to be shared,
General principles of data processing,
Data security measures,
Storage period of shared data,
Rights of the data owner, access requests, procedures to respond to applications and complaints,
Reviewing the termination of the sharing agreement, and
Responsibility and sanctions for non-compliance or individual breach of staff.
5.7. Records Management
Personal data cannot be kept longer than necessary for the purposes of processing. The classification of records containing personal data and their storage periods are determined in accordance with the relevant documents.
Personal data that have expired or that need to be destroyed upon the rightful request of the data owner are anonymized or deleted or destroyed in accordance with the procedure in which the storage and destruction process is defined.
5.8. RIGHTS OF DATA OWNERS
Data owners have the following rights regarding data processing activities and records at Coin Store:
Learning whether personal data is processed,
If their personal data has been processed, to request information regarding this,
Learning the purpose of processing personal data and whether they are used appropriately for their purpose,
To know the third parties to whom personal data are transferred domestically or abroad,
To request correction of personal data in case of incomplete or incorrect processing,
Request the deletion or destruction of personal data for which there is no legal justification or basis for processing in accordance with the KVKK or this policy,
Request notification of the correction or deletion made upon his request to third parties to whom personal data have been transferred,
To object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
To demand the compensation of the damage in case of damage due to unlawful processing of personal data.
Application Procedure of the Data Owner
Data owners can apply to Coin Store for their requests regarding their rights listed above, in accordance with the application procedures stipulated in the Communiqué on Application Procedures and Principles to the Data Controller.
In this case, Coin Store will conclude the request free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, Coin Store will be able to charge the fee in the tariff determined by the Personal Data Protection Board. The processes for receiving, forwarding and finalizing the requests are carried out in accordance with the relevant procedure.
In order for data owners to direct their requests, the access rights and contact information of the data owners are included in the privacy statements and on the website of Coin Store.
Regardless of the job description, all personnel of Coin Store are obliged to direct the data owners about the correct application method for their data subject access requests. Coin Store personnel should be informed by the KVK Committee on how to act on requests from data owners.
In this context, by filling out the "Data Owner Application Form" below;
With the personal application * of the Data Owner,
Through a notary *,
By verifying identity via registered mail *,
You can apply via Registered Electronic Mail **.
* Blockchain Lab Yazılım A.Ş. Software Incorporated Company ESENTEPE MAHALLESİ BÜYÜKDERE CAD. ASTORIA Sit. NO: 127 A / 24 ŞİŞLİ / İSTANBUL, or
* By writing "Personal Data Protection Law Information Request" in the subject section on the address of [REM Address *].
Data Owner Application Form (PDF) [The Data Owner Application Form we have shared in this section will be linked]
BLOCKCHAIN LAB YAZILIM ANONİM ŞİRKETİ
ESENTEPE MAHALLESİ BÜYÜKDERE CAD. ASTORIA Sit. NO: 127 A / 24 ŞİŞLİ / İSTANBUL
VKN (Tax Identification Number): 4650883238
Tax Office: Zincirlikuyu
CONTACT FORM DISCLOSURE TEXT
Blockchain Lab Yazılım A.Ş. Ş., we attach importance to the security of your personal data that we process as data controller defined in the Law on Protection of Personal Data No.6698. Therefore, we would like to inform you about the processing of your personal data.
PURPOSE OF PROCESSING YOUR PERSONAL DATA AND LEGAL REASON
Your personal data is processed in accordance with the Personal Data Protection Law No.6698 and secondary regulations for the following purposes and legal reasons:
In this context, your personal data such as name-surname, e-mail address and telephone number obtained by filling out the Contact Form are processed for the purpose of recording and responding to your communication requests in line with your explicit consent.
TRANSFER OF PERSONAL DATA
Coin Store does not collect your personal data but