CAMERA RECORDING ILLUMINATION TEXT
This information notice has been prepared by DÄ°GÄ°TAL KURYE TEKNOLOJÄ° HÄ°ZMETLERÄ° A.Åž. (“DÄ°JÄ°TAL KURYE” or the “Company”) in its capacity as data controller, within the scope of Article 10 of the Law No. 6698 on the Protection of Personal Data (“Law”) and the Communiqué on the Principles and Procedures to be Followed in Fulfilling the Obligation to Inform.
I. Data Controller
Pursuant to the Law, your personal data are processed by DÄ°JÄ°TAL KURYE, acting as the data controller, within the scope explained below.
II. Methods of Collecting Personal Data and Legal Grounds
This Camera Information Notice is intended to inform you that video surveillance equipment has been installed in DÄ°JÄ°TAL KURYE’s buildings, facilities, campuses, workplaces, annexes, audit areas, around production areas, stores, courtyards, entrance gates, exterior façades, office entrances, event areas, cafeterias, canteens, visitor waiting lounges, parking lots, security booths, floor corridors and other service areas, as well as in other areas where the warning sign below is displayed (hereinafter referred to as the “Company premises”).
In accordance with the Law, as data controller and for the purpose of ensuring security, DÄ°JÄ°TAL KURYE carries out personal data processing activities by recording and processing the images of individuals and of items passing within the range of 9 security cameras and a video surveillance system. The system operates continuously, 24 hours a day, 7 days a week, and the recording process is supervised by the Administrative Affairs department. Through the video surveillance system, visual information, photographs relating to natural persons, and camera recordings are processed.
Your personal data are collected via closed‑circuit camera systems in electronic environment, for the purpose of ensuring the security of DİJİTAL KURYE facilities, within the framework of the personal data processing conditions set out in Article 5 of the Law. Based on the legal grounds in Article 5 of the Law, they are processed automatically for the purposes of fulfilling a legal obligation (for example, monitoring compliance with occupational health and safety rules, detecting and preventing unauthorized access to work areas in order to ensure information security) or ensuring the legitimate interests of the data controller, provided that this does not harm the fundamental rights and freedoms of the data subject (for example, keeping camera recordings to ensure the security of physical premises, detecting and investigating breaches of workplace rules), or in cases explicitly provided for by law (primarily the Law No. 5188 on Private Security Services, the Labor Law No. 4857, the Occupational Health and Safety Law No. 6331, and other applicable legislation).
III. Purposes of Processing Personal Data
Your above‑mentioned personal data may be processed in accordance with Article 4 of the Law, in connection with, limited to and proportionate to the purposes for which you have disclosed these data to us, and for the purposes listed below:
· Protecting the Company premises and the individuals, property and products located therein from all kinds of attacks, theft, robbery or any kind of damage
· Ensuring the security of the Company premises, infrastructure, products and operations and taking measures against all kinds of security violations
· Providing information to authorized institutions and organizations
· Ensuring the legal, technical and commercial occupational safety of the Company and of persons who are in a business relationship with the Company
· Planning, auditing and execution of information security processes
· Controlling entries and exits to and from the workplace
· Creating and monitoring visitor records
· Planning and/or execution of occupational health and/or safety processes and fulfillment of obligations related to these purposes
· Preventing fires and similar disasters
· Managing the areas in which the Company premises are located (such as technoparks, shopping malls, parking lots, private areas)
· Detecting and investigating breaches of workplace rules
· Carrying out emergency management processes
IV. Transfer of Personal Data
Our Company pays utmost attention to processing your personal data in compliance with the principles of “need to know” and “need to use,” ensuring necessary data minimization and taking the required technical and administrative security measures. Since ensuring the security of the Company premises, ensuring compliance with workplace rules, and operating digital infrastructures necessarily require continuous data flows with different stakeholders, we are obliged to transfer the personal data we process to third parties for specific purposes.
In line with and limited to the realization of the above‑mentioned purposes, your personal data may be shared and processed domestically or abroad with our business partners, our affiliates and subsidiaries, group companies, our business partners and service providers that provide, operate or offer services for our IT infrastructure, our business partners and service providers that offer services in the areas of quality control of services, complaint management and risk analysis, legally authorized public institutions and private persons or entities, third parties, and, in cases where required by the legitimate interests of the data controller, specifically designated third parties, limited to the purposes set forth in this information notice. In addition:
· For the purpose of ensuring the security of the Company and its premises, data such as camera recordings may be shared with the security company and the service provider that establishes or operates the technical infrastructure
· For the purpose of storing physical and electronic employee data, they may be shared with infrastructure providers
· For audit and due‑diligence activities, they may be shared with experts, law firms and audit companies, and with public institutions, insurance companies, social support funds, and business consultants in order to fulfill regulatory and contractual obligations
· They may be shared with competent administrative and supervisory boards and/or other competent supervisory institutions and organizations
· They may be shared with administrative authorities, judicial authorities or relevant law enforcement units in order to resolve legal disputes or upon request as required by the relevant legislation.
VI. Destruction of Personal Data
DÄ°JÄ°TAL KURYE retains your processed personal data for the periods stipulated in the legislation, and where no specific period is set out in the legislation, personal data are stored for as long as required by DÄ°JÄ°TAL KURYE applications and commercial practices in connection with the services provided when processing that data, and thereafter only for periods deemed necessary in practice for the purpose of serving as evidence in potential legal disputes.
Following the expiry of the aforementioned periods, such personal data are deleted, destroyed or anonymized at the first periodic destruction date, in accordance with Article 7 of the Law.
VII. Rights of the Data Subject
As a data subject whose personal data are processed, you may exercise your rights under Article 11 of the Law, which regulates the rights of the data subject (to learn whether personal data are processed, to request information regarding such processing, to learn whether they are used in line with the purpose of processing, to know the third parties to whom they are transferred, to request the rectification of incomplete or inaccurate processing, to request deletion or destruction, to request notification of all such actions to third parties, to object to analyses based solely on automated processing, and to request compensation for damages) by contacting info@dijitalkurye.com.tr or using the form available at www.dijitalkurye.com.tr, in accordance with the Communiqué on the Principles and Procedures for the Exercise of the Data Subject’s Rights Before the Data Controller.
For a person other than the data subject to make a request, a notarized special power of attorney issued by the data subject specifically for the person who will apply must be provided for the relevant matter.
If fulfilling your requests involves an additional cost, DÄ°JÄ°TAL KURYE may charge the applicant the fee set out in the tariff determined by the Personal Data Protection Board (“Board”). If DÄ°JÄ°TAL KURYE responds to your application via a storage medium such as CD or flash drive, a fee may be charged that will not exceed the cost of the recording medium. Your request regarding the rights set out for the personal data subject shall be answered in compliance with the law and the principle of good faith, as soon as possible and at the latest within thirty (30) days. If your application is rejected, the grounds for rejection will be sent to the address you specified in your application via e‑mail or postal mail. In cases where your application is rejected, the response is deemed insufficient, or your application is not answered in due time, the personal data subject may lodge a complaint with the Board within thirty days from the date they learn of DÄ°JÄ°TAL KURYE’s response, and in any case within sixty days from the date of application, pursuant to Article 14 of the Law.