Personal Data Protection Policy

  1. Image Note
  2. Personal Data Protection Policy

MAO SOFTWARE PERSONAL DATA PROTECTION, PROCESSING, AND DELETION POLICY

I. PURPOSE AND SCOPE

The primary purpose of the Personal Data Protection, Processing, and Deletion Policy is to inform the relevant parties about the methods implemented by MAO SOFTWARE in the lawful processing, protection, and deletion of personal data. In this context, it aims to ensure transparency by informing, among others, our website members, customers, prospective customers, employees, job applicants, managers, company visitors, employees of our partner companies, and other third parties whose personal data are processed.

This Personal Data Protection, Processing, and Deletion Policy applies to all personal data processed automatically or by non-automatic means, provided that it is part of any data recording system, of website members, customers, and prospective customers, as well as our employees, prospective employees, managers, company visitors, employees of partner companies, and third parties.

II. OBJECTIVE

MAO SOFTWARE takes the necessary measures and establishes internal processes to ensure compliance with regulations regarding the processing, protection, and deletion of personal data.

III. DEFINITIONS

  • Explicit Consent: Consent given for a specific matter, based on information and expressed with free will.
  • Anonymization: Rendering personal data impossible to associate with an identifiable or identified person even by matching them with other data.
  • Relevant Person: The natural person whose personal data is processed.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing of Personal Data: Any operation performed on personal data, whether by automatic or non-automatic means, such as collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, making available, classification, or prevention of use.
  • Board: The Personal Data Protection Board.
  • Authority: The Personal Data Protection Authority.
  • Law: The Law on the Protection of Personal Data.
  • Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority given by them.
  • Data Recording System: A recording system where personal data are processed according to certain criteria.
  • Data Controller: A natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

IV. PRINCIPLES FOR PROCESSING PERSONAL DATA

a. Compliance with Law and Good Faith: MAO SOFTWARE processes personal data lawfully and in good faith. It considers the principles of proportionality and necessity, processing only as much personal data as required.

b. Accuracy and Up-to-dateness: MAO SOFTWARE ensures that the personal data it processes is accurate and up-to-date and takes necessary measures to this end.

c. Processing for Specific, Explicit, and Legitimate Purposes: MAO SOFTWARE processes personal data relevant and necessary for the services it provides. If the purpose of processing personal data is not clearly specified due to the nature of the service, it informs data subjects beforehand. Personal data is not processed for any purposes other than those specified.

d. Relevance, Limitation, and Proportionality: Personal data is processed to achieve the specified purposes and is not processed if it is not related to or necessary for achieving these purposes.

e. Retention for the Duration Necessary: MAO SOFTWARE retains personal data for periods stipulated by the Law or for as long as necessary for the purposes for which they are processed.

V. CONDITIONS FOR PROCESSING PERSONAL DATA

MAO SOFTWARE processes personal data in compliance with the conditions set forth by the Law and relevant regulations. Personal data is processed with the explicit consent of data subjects as a rule. However, in the presence of the following conditions specified in the Law, personal data may be processed without the explicit consent of the data subject:

  • a) Explicitly stipulated by law.
  • b) Necessary to protect the life or physical integrity of a person who is unable to express their consent due to actual impossibility or whose consent is not legally valid.
  • c) Directly related to the establishment or performance of a contract, processing personal data of the parties to the contract is necessary.
  • d) Necessary for the data controller to fulfill their legal obligations.
  • e) The data subject has made the data public themselves.
  • f) Necessary for the establishment, exercise, or protection of a right.
  • g) Necessary for the legitimate interests of the data controller, provided it does not harm the fundamental rights and freedoms of the data subject.

Sensitive personal data, which is considered more delicate, is not processed without the explicit consent of the data subject.

The Law stipulates that special measures may be introduced for the processing of sensitive personal data. In this context, MAO SOFTWARE takes the measures specified by the Board when processing sensitive personal data. Additionally, sensitive personal data other than those related to health and sexual life may be processed without the explicit consent of the data subject in cases specified by law.

VI. ENSURING THE SECURITY OF PERSONAL DATA

MAO SOFTWARE utilizes technological capabilities and takes necessary technical and administrative measures to ensure the lawful processing and retention of personal data.

Employees, business partners, and suppliers are informed that they must not disclose personal data they obtain during their work to anyone unlawfully or use it for purposes other than processing. They are required to give necessary commitments in this regard.

MAO SOFTWARE uses technological means and takes necessary technical and administrative measures to prevent the unlawful or unauthorized disclosure, access, or transfer of personal data. Additionally, if personal data processed is obtained by others through unlawful means, MAO SOFTWARE establishes a system to inform the relevant person and the Board as soon as possible.

VII. TRANSFER OF PERSONAL DATA

The transfer of personal data to institutions and organizations within or outside the country is conducted in accordance with the regulations stipulated in the Law. Necessary security measures are taken during the transfer of personal data, and systems are established and preventive measures are taken to prevent the unlawful processing of personal data.

VIII. RIGHTS OF THE DATA SUBJECT

MAO SOFTWARE makes necessary arrangements to ensure that data subjects can exercise their rights under the Law. Data subjects have the following rights under the Law:

  • To learn whether their personal data is processed,
  • To request information if their personal data has been processed,
  • To learn the purpose of processing their personal data and whether it is used in accordance with the purpose,
  • To know the third parties to whom personal data is transferred domestically or abroad,
  • To request the correction of incomplete or incorrect personal data,
  • To request the deletion or destruction of personal data if the reasons for processing no longer exist,
  • To request the notification of the correction and deletion processes to third parties to whom personal data has been transferred,
  • To object to a result against them arising from the analysis of processed data exclusively through automated systems,
  • To demand compensation for damages in case of unlawful processing of personal data.

If the data subject wishes to exercise any of these rights, their request will be fulfilled free of charge within 30 days at the latest. If the request incurs an additional cost, this expense may be charged to the data subject making the request.

IX. SECURITY AND CONFIDENTIALITY

MAO SOFTWARE undertakes to keep personal data confidential, ensure its security, and take all necessary technical and administrative measures in accordance with the Law.

X. DELETION, DESTRUCTION, OR ANONYMIZATION OF PERSONAL DATA

MAO SOFTWARE deletes, destroys, or anonymizes personal data ex officio or upon the request of the data subject if the reasons for processing no longer exist. To fulfill this obligation, MAO SOFTWARE takes necessary technical and administrative measures and establishes the necessary mechanisms.

XI. CHANGES TO THE POLICY

This Policy may be changed by the Company Management whenever deemed necessary or needed.