1. INTRODUCTION
This Personal Data Protection and Privacy Policy has been prepared to inform the relevant parties and persons about the processes and principles of processing personal data by Aden Gayrimenkul Değerleme ve Danışmanlık A.Ş.
2. BASIC PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA
Personal data processing activities are carried out in accordance with the relevant legislation within the scope of legal grounds, basic principles regarding the processing of personal data, processing conditions of personal data, purposes of processing, storage periods and transfer principles.
2.1 LEGAL REASONS FOR DATA PROCESSING ACTIVITIES
Personal data processed within the framework of company activities in Aden Gayrimenkul Değerleme ve Danışmanlık A.Ş. are kept for the period stipulated in the relevant legislation. In this context, personal data are processed within the framework of the relevant laws and
Law on Protection of Personal Data No. 6698
Zoning Law No. 3194 Settlement Law No. 5543 Expropriation Law No. 2942 Cadastre Law No. 3402 Forest Law No. 6831 Public Procurement Law No. 4734 Tax Procedure Law No. 213 Capital Market Law No. 6362 Banking Law No. 5411
Social Insurance and General Health Insurance Law No. 5510 Law on Regulation of Broadcasts on the Internet and Combating Crimes Committed Through These Broadcasts No. 5651 Turkish Code of Obligations No. 6098 Occupational Health and Safety Law No. 6331 Labor Law No. 4857 Turkish Commercial Code No. 6102 Regulation on Obtaining Valuation Services for Banks and Authorization and Activities of Institutions to Provide Valuation Services to Banks Regulation on Archive Services Regulation on Health and Safety Measures to be Taken in Workplace Buildings and Attachments
Other regulations in force under these laws and regulations, and are kept for the storage periods stipulated in the relevant laws.
2.2 GENERAL PRINCIPLES ON THE PROCESSING OF PERSONAL DATA
The following principles are applied when processing personal data by Aden Gayrimenkul Değerleme ve Danışmanlık A.Ş.
Compliance with the law and the rules of honesty, Being accurate and up-to-date when necessary, Processing for specific, explicit and legitimate purposes, Being connected, limited and measured with the purpose for which they are processed, To be kept for as long as required by the relevant legislation or for the purpose for which they are processed. 2.3 PERSONAL DATA PROCESSING CONDITIONS
Aden Gayrimenkul Değerleme ve Danışmanlık A.Ş. processes personal data by obtaining the express consent of the persons concerned. However, in the special cases specified below, data can be processed without the explicit consent of the data owner;
It is clearly stipulated in the law, It is compulsory for the protection of the life or physical integrity of the person or another person,
who is unable to express his consent due to actual impossibility or whose consent is not legally valid, It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract, It is mandatory for the data controller to fulfil its legal obligation, o It has been made public by the data owner, Data processing is mandatory for the establishment, exercise or protection of a right,
Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner. 2.4 PURPOSE OF PROCESSING PERSONAL DATA
Your personal data obtained by Aden Gayrimenkul Değerleme ve Danışmanlık A.Ş is processed within the framework of the purposes explained below;
Implementation of emergency management processes, Execution of information security processes, Carrying out the application processes of employee candidates, Fulfilling the obligations arising from the employment contract and legislation for the employees, Exercising the fringe benefits and benefits processes for the employees, Execution of access authorizations, Implementation of activities in accordance with the legislation, Execution of finance and accounting works, Ensuring physical space security, Execution of assignment processes, Follow-up and execution of legal affairs, Conducting communication activities, Planning of human resources processes, Execution/supervision of business activities, Carrying out occupational health / safety activities, Execution of logistics activities, implementation of goods/service purchasing processes, Execution of goods / services sales processes, Implementation of goods / services production and operation processes, Execution of performance evaluation processes, Carrying out risk management processes, Carrying out storage and archiving activities, Execution of contract processes, Ensuring the security of movable property and resources, Execution of wage policy, Ensuring the security of data controller operations, Providing information to authorized persons, institutions and organizations.2.5 TRANSFERRING PERSONAL DATA
In Aden Gayrimenkul Değerleme A.Ş., personal data is not transferred to third parties and institutions without the explicit consent of the data owner regarding the sharing of personal data with third parties.
However, in the presence of one of the following conditions, personal data may be transferred to third parties or parties without the explicit consent of the data owner.
It is clearly stipulated in the law, It is compulsory for the protection of the life or physical integrity of the person or another person,
who is unable to express his consent due to actual impossibility or whose consent is not legally valid, provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract, It is mandatory for the data controller to fulfil its legal obligation, o It has been made public by the data owner, Data processing is mandatory for the establishment, exercise or protection of a right,
Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner. 3. OBLIGATION TO CLARIFY
The information to be conveyed to the data owners within the framework of the disclosure obligation is as follows;
Identity of the data controller and its representative, if any For what purpose personal data will be processed To whom and for what purpose the processed personal data can be transferred Method and legal reason for collecting personal data In the cases listed below, Aden Gayrimenkul Değerleme ve Danışmanlık A.Ş. has no obligation to inform;
Processing of personal data by real persons within the scope of activities related to themselves or their family members living in the same residence, provided that they are not given to third parties and that the obligations regarding data security are complied with, Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics, Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that they do not violate national defense, national security, public security, public order, economic security, privacy or personal rights or constitute a crime, Processing personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security, Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings. Situations where there is no obligation to inform;
o Processing personal data is necessary for the prevention of crime or for criminal investigation,
o Processing of personal data is made public by the data owner himself,o Personal data processing is necessary for the execution of supervisory or regulatory duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and
organizations and professional organizations in the nature of public institution, based on the authority given by the law,
o The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax and financial matters.
4. DATA SUBJECT'S RIGHTS
Your legal rights regarding your personal data;
Learning whether personal data is processed or not, If personal data has been processed, requesting information about it, Learning the purpose of processing personal data and whether they are used in accordance with its purpose, Knowing the third parties to whom personal data is transferred at home or abroad,
Requesting correction of personal data in case of incomplete or incorrect processing,
Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems, To request the compensation of the damage in case of loss due to unlawful processing of personal data. 5. MEASURES TAKEN TO ENSURE DATA SECURITY
Aden Gayrimenkul Değerleme ve Danışmanlık A.Ş. takes the following technical and administrative measures for the protection of personal data and follows up for the continuity of the measures.
5.1 ADMINISTRATIVE MEASURES
Technical measures taken by Aden Gayrimenkul Değerleme ve Danışmanlık A.Ş. to ensure personal data security;
There are disciplinary regulations that include data security provisions for employees. Training and awareness activities are carried out periodically for employees on data security. An authorization matrix has been created for employees. Institutional policies on access, information security, use, storage and destruction have been prepared and started to be implemented. Confidentiality commitments are made. The authorizations of employees who have a change in duty or quit their job in this field are removed. The signed contracts contain data security provisions. Extra security measures are taken for personal data transferred via paper and the relevant document is sent in confidential document format. Personal data security policies and procedures have been determined. Personal data security issues are reported quickly. Personal data security is monitored. Necessary security measures are taken regarding entry and exit to physical environments containing personal data. Physical environments containing personal data are secured against external risks (fire, flood, etc.).
The security of environments containing personal data is ensured. Personal data is reduced as much as possible. In-house periodic and/or random audits are conducted and made. Existing risks and threats have been identified. Protocols and procedures for special quality personal data security have been determined and implemented. If sensitive personal data is to be sent via e-mail, it must be sent in encrypted form and using KEP or corporate mail account. Data processing service providers are periodically audited on data security. Awareness of data processing service providers on data security is ensured. 5.2 TECHNICAL MEASURES
Technical measures taken by Aden Gayrimenkul Değerleme ve Danışmanlık A.Ş. to ensure personal data security;
Network security and application security are provided. Key management is implemented. Security measures are taken within the scope of procurement, development and maintenance of information technology systems. The security of personal data stored in the cloud is ensured Access logs are kept regularly. Data masking is applied when necessary Current anti-virus systems are used. Firewalls are used. Personal data is backed up and the security of the backed up personal data is also ensured.
User account management and authorization control system is implemented and these are also followed. Log records are kept without user intervention. Secure encryption/cryptographic keys are used for sensitive personal data and are managed by different units. Intrusion detection and prevention systems are used. Cyber security measures have been taken and their implementation is constantly monitored.
Encryption is done. Personal data transferred in portable memory, CD and DVD media are encrypted and transferred. Data loss prevention software is used. 6. DATA DESTRUCTION
Principles and procedures regarding the destruction of data processed by Aden Gayrimenkul Değerleme ve Danışmanlık A.Ş at the end of legal periods has been arranged, published and entered into force in the Data Retention and Disposal Policy document.
7. OTHER MATTERS
This policy document is published in two different media, with wet signature (printed paper) and electronically.
This policy is published on the corporate website of Aden Gayrimenkul Değerleme ve Danışmanlık A.Ş.
Personal Data; any information relating to an identified or identifiable natural person. Data Owner / Relevant Person; the natural person whose personal data is processed.
Processing of Personal Data; obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data in whole or in part by automatic or non-automatic means provided that it is a part of any data recording system. Any operation performed on the data, such as blocking.
Anonymization of Personal Data; the fact that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
Deletion of Personal Data; making personal data inaccessible and unusable for the relevant users in any way.
Destruction of Personal Data; making personal data inaccessible, irretrievable and non-reusable by anyone in any way.
EN 
TR 
DE 
AR