Privacy Policy
AS ESTONE TEKNOLOJI HIZMETLERI SANAYI TICARET LIMITED SIRKETI POLICY FOR CONFIDENTIALITY AND PROTECTION OF PERSONAL DATA
1. POLICY OBJECTIVE AND SCOPE
The objective of this Policy for Confidentiality and Protection of Personal Data (“POLICY”) is to inform individuals in relation to the processing of personal data of suppliers, online and physical visitors, members, customers, shareholders and partners of ESTONEFAIR’s (“Data Supervisor”).
2. PRINCIPLES IN RELATION TO PROCESSING OF PERSONAL DATA
Processing in Compliance with Law and Principle of Honesty
In the processing of personal data, the principles which are enshrined in legal regulations, and those which are related to general confidence and honesty are being complied with.
Ensuring that the Personal Data is Accurate and Up-To-Date when Necessary
Periodical verifications and updates are made so that the data processed are accurate and up-to-date, and the necessary measures are taken accordingly. In this context, systems for controlling the correctness of personal data and making necessary corrections are implemented in ESTONEFAIR. These changes and updates can be made by members on the My Account page at www.ESTONEFAIR.com
Processing for Specific, Clear and Legitimate Purposes
Personal data are processed in accordance with clear, specific and legitimate data processing purposes. The purpose for which the data will be processed is described in detail below.
Being related to and Limited to the Purpose of Processing thereof, and Being Measured
In order for the envisaged purpose/purposes to be realized, personal data are processed in a measured manner and which is related to and limited to the purpose, and we abstain from processing the personal data which are not related to achieving the purpose or which are not needed.
Preserving for the Period Stipulated in the Relevant Legislation or the Period Required for the Purpose of Processing Thereof
ESTONEFAIR preserves personal data only for the period prescribed in the relevant legislation or the period required for the purpose of processing thereof. In this context, first of all we identify whether a period is stipulated in the relevant legislation for the preservation of personal data, if a period is prescribed, we act in accordance with it, and if no period is prescribed, we preserve the personal data for the period required for the purpose of processing thereof. In case of expiry of such period or in case the reasons requiring them to be processed cease to exist, provided there is no legal reason for allowing them to be processed for longer periods, personal data are deleted, destroyed or anonymized in accordance with ESTONEFAIR’s Policy on Preservation and Destruction of Personal Data.
Preservation periods have been additionally indicated below.
3. TERMS AND CONDITIONS IN RELATION TO PROCESSING OF PERSONAL DATA
Express consent of the relevant person is only one of the conditions that needs to be satisfied according to the law and which makes processing of personal data legally possible. Apart from express consent, personal data may also be processed in case of the existence of one of the below-specified conditions stipulated by the law.
The basis on which personal data processing activity is carried out may be one or more than one of the below-specified conditions specified by the law. In the case where the personal data processed constitute private personal data; conditions listed under the heading “Circumstances Where Private Personal Data May be Processed” will be applied.
Individuals are informed of which personal data are being processed under this hereby POLICY, for which purposes and reasons the personal data are being processed, from which resources the personal data are collected, with whom these personal data will be shared, and how they will be used.
4. PURPOSE OF PROCESSING OF PERSONAL DATA
Processing Conditions
Personal data are processed subject to the following conditions. The conditions are;
The relevant activity in relation to the processing of your personal data is explicitly stipulated by laws,
The processing of your personal data by ESTONEFAIR is directly related to and necessary for the conclusion or performance of a contract,
The processing of personal data is mandatory for the fulfillment of ESTONEFAIR’s legal obligation,
Provided that the personal data has been shared with public by the individuals; to be processed by ESTONEFAIR in a proportional manner for the purpose of publicity.
Processing by ESTONEFAIR of personal data is mandatory for the establishment, exercise or protection of rights of ESTONEFAIR or its individuals or third persons,
Provided that the fundamental rights and freedoms of individuals are not infringed, the processing personal data is obligatory in order to uphold the legitimate interests of ESTONEFAIR,
The processing of personal data by ESTONEFAIR is mandatory for the preservation of the life and physical integrity of the data owner or another person, and in such a case where the owner of personal data is in a position where he /she cannot give his/her consent due to an actual impossibility or legal invalidity.
In the case that the above conditions are satisfied; ESTONEFAIR seeks to obtain the express consent of the personal data owners in order to process personal data.
Processing Purposes
ESTONEFAIR shall process personal data for the following purposes:
Candidate Working Group:
Ensuring completion and implementation of human resources policies and processes,
Planning the selection and evaluation procedures of candidate worker’s applications,
Implementing required operations within the framework of occupational health and safety regulations,
The communication activities necessary for the placement of the working candidate,
Internship recruitment, placing and planning of operational processes.
For intern lawyers; To fulfill the legal requirements within the scope of professional solidarity under the Legal Profession Act.
For the Customer Group:
Fulfilling the legal requirements stipulated in the law on electronic trade and the Turkish code of commerce.
Planning activities focusing on customer satisfaction and/or experience.
Legal, regulatory and company management legislations and ensuring compliance with correct application.
Preparation of product to be delivered in accordance with the customer’s order and providing assurance that delivery shall be made e within guaranteed time frame.
In cases of cancellation and returns, relaying information to relevant department to ensure that the customer is reimbursed as soon as possible.
Establishing and implementing processes for ensuring the security of information.
For the risk to be reduced to an acceptable level.
Risk Management.
Forming Access Authorization and Control Matrix.
Identifying Data Transfer techniques.
Creating data preservation processes and procedures
Identification and implementation of remote access procedures and processes
Use of results derived from the sharing of anonymous data within the framework of customer CRM applications in decision support systems.
Correct targets within the scope of campaign planning, feasibility studies and CRM.
Invoicing and regular pursuance.
Fulfilling company obligations.
Data collection to form a customer portfolio.
Data collection to bring a product which is not in stock for customers.
For the Supplier Group (Supplier, Supplier Executive, Supplier Employee):
Management of the business process with suppliers.
Foreseeing the liability for suppliers to preserve confidentiality indefinitely.
For Online Visitors:
Requirement of adherence to legislative regulations.
Logging of online visitors and user’s system actions.
For Shareholders/Partners:
Obtaining information and documents required for the management of legal and administrative procedures.
5. SAFETY OF PERSONAL DATA
To ensure the safety of personal data, reasonable measures are taken which will prevent risks of unauthorized access, accidents and data losses, deliberate deletion of data or damages to data.
6. EFFECTIVENESS AND UPDATABILITY
This hereby POLICY has entered into force on date of publication. The Policy may be updated for the purpose of adaptation to changing conditions and compliance with the legislation. Information regarding the relevant update will be provided via www.ESTONEFAIR.com
ANNEX-1
DEFINITIONS STATED IN THE POLICY
Express Consent: Consent in relation to a specific matter, which is based on informing and which is expressed with free will.
Anonymization: Anonymization of personal data is to render it impossible for personal data to be associated in any manner with the identity of a real person who is is identified or identifiable, even if they are matched with other data.
Personal Data Owner: Real persons whose personal data is being processed. For example, Members, Customers...
Personal Data: means any kind of information about an identified or identifiable real person.
Private Personal Data: Data in relation to race, ethnic origin, political opinion, philosophic belief, religion, sect or other beliefs, appearance, membership to associations, foundations or unions, health, sexual life, imprisonment and security measures and biometric and genetic data are private personal data.
Personal Data Protection: Any transaction carried out with the data, such as obtaining, recording, storage, preservation, alteration, reorganization, disclosure, transfer, takeover, making available, classifying the personal data or blocking its usage by full or partly automatic means, or by non-automatic means provided that they are part of a data entry system.
Data Processor: Real and legal persons who process personal data on behalf of the data supervisor depending on the authorization granted by the data supervisor.
Data Responsible: Real and legal persons who determine the aims and tools with which personal data will be processed, real and legal persons responsible for responsible for the establishment and management of the data record system.
LPPD: means the Law on the Protection of Personal Data No. 6698.