I. OBJECTIVE
As Papilon Savunma-Güvenlik Sistemleri Bilişim Mühendislik Hizmetleri İthalat İhracat Sanayi ve Ticaret A.Ş. (“Papilon” or “Our Company”) we attach great importance to ensuring the confidentiality and security of the personal data of our clients who get in contact with us personally or on behalf of a company or an institution, our investors (shareholders), our employees, suppliers and business partners as well as other real persons who establish a contact with us for job application or by visiting our website or in any other way.
Within this scope, in order to explain our rules and policies regarding personal data processing activities carried out by our Company within the framework of the Law on the Protectioın of the Personal Data No.6698 ("KVK Law") and to inform the data owners and to ensure transparency, this Policy on the Protection of Personal Data ("Policy”) has been issued.
Expressions such as "we" and "our" in this Policy are used to refer to Papilon, unless clearly stated otherwise.
II. FIELD OF APPLICATION
This Policy is in the nature of a general clarification notification prepared in accordance with Article 10 of the Law on Protection of the Personal Data,
which sets the rules and policies to be applied by Papilon regarding the processing of personal data and the rights of the data owner. Depending on the type and
nature of the relationship between Papilon and the data owner, it is possible for Papilon to provide data owners with different personal data policies and/or notifications
from this Policy. These special policies and notifications provided to data owners may contain issues that are different from or in addition to the explanations in this Policy.
In this case, the said specific policies and notifications provided to data owners should be considered first.
III. RULES FOR THE PROCESSING OF PERSONAL DATA
1. "Personal Data" Definition
In article 3/I (d) of the KVK Law, "personal data", is defined as all kinds of information about real persons whose identity is identified or can be identified. In this context, anonymous data and data that cannot be associated with a specific person are not considered as personal data within the scope of this Policy.
Personal data are divided into two groups as general data and special data. Pursuant to Article 6 of the Law on KVK, a real person's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal conviction and security measures, biometric and genetic data are considered special quality personal data. In the case of processing data of special nature, special rules stipulated in the KVK Law are followed.
2. General Principles Regarding the Processing of Personal Data
In accordance with Article 3/I (e) of the KVK Law, "data processing" refers to refers to all kinds of operations that can be performed on personal data such as; acquiring, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or blocking the usage of the personal data through fully or partially automatic means or non-automatic means provided that they are part of any data recording system .
As Papilon, we process personal data in accordance with the following principles, within the framework of the purposes stated under the heading of "Processing Purposes of Personal Data" of this Policy:
- Processing in accordance with the rules of law and honesty,
- Keeping them accurate and up-to-date when necessary,
- Processing for specific, clear, and legitimate purposes,
- Being relevant, limited, and proportionate to the purposes for which they are processed,
- Storing them for the period of time stipulated by the relevant legislation or the period deemed necessary for the purpose of the processing.
3. Data Processed by Papilon
Papilon may process general and special personal data with the explicit consent of the data owner or without explicit consent in cases stipulated in Articles 5 and 6 of the KVK Law.
Which data will be processed by Papilon for each data owner may vary depending on various factors such as the type and nature of the relationship between the data owner and Papilon and the communication channels used. In this context, some of the general and special data processed by Papilon are given below.
- Data such as name-surname, profession, title, institution/organization information, educational background, employment history,
gender, marital status, citizenship status and other personal information and information about the guardian, custodian and proxy, if any,
- Data such as date of birth, place of birth, ID number and photograph in identification documents such as identity card, passport, driver's license,
- Contact information such as address, telephone, e-mail and fax number of the home, workplace or temporary residence,
- Visual and audio recordings,
- Customer and procurement process data,
- Communication records such as electronic mail correspondence with Papilon;Visual and audio recordings,
- Internet protocol (IP) address, device ID, unique identifier information, device type, advertisement ID, unique device icon, statistics on web page views, incoming and outgoing traffic information, routing URL, internet log information, location information, information about the transactions and actions carried out through our visited sites and websites, our platforms, our internet network and our advertisements and electronic mail contents.
4. Purposes of Processing your Personal Data
As Papilon, we may process personal data for the following purposes and store for the period required by these purposes:
- To carry out the work and transactions requested by the data owner or to carry out the necessary work and transactions in line with their legitimate interests, provided that they are related to them.
- Establishment and execution of contracts,
- Establishing and developing the company's human resources policies, meeting the employee needs of the company within the framework of these policies, and executing and developing recruitment processes,
- Carrying out our activities in accordance with the legislation,
- Tailoring and improving our services to our customers, providing effective customer service,
- Ensuring and developing coordination, cooperation and efficiency in and between units within our company,
- Ensuring the security of our company's website and other electronic systems and physical environments,
- Conducting investor relations, organizing events for investor satisfaction within this scope,
- Participation in special day celebrations, sweepstakes or competitions, giving gifts and other similar events, promotions and campaigns in favor of the data owner,
- Conducting communication activities,
- Getting your opinion through surveys and voting,
- Investigating, detecting, preventing and reporting violations of the contract and the law to the relevant administrative or judicial authorities,
- Carrying out financial and accounting works,
- To follow up and execute legal affairs,
- Responding requests and enquiries.
5. Domestic and Abroad Persons and Organizations to which Personal Data can be Transferred
Papilon may transfer personal data to third parties at home and abroad for the purposes set out under the heading of this Policy "Purposes of Processing Personal Data" , provided that it complies with the conditions stipulated in the KVK Law and takes the necessary security measures and may store them on servers or other electronic media at home and abroad. Although the third parties to whom personal data can be transferred may vary depending on various factors such as the type and nature of the relationship between the data owner and Papilon, they are generally as follows:
- Real/legal entities to whom the data owner wants to be transferred
- Enterprise companies,
- Authorized institutions and organizations,
- Business partners,
- Suppliers,
- Sub-contractors.
Papilon does not share the acquired personal data with others for the promotion and marketing activities of third parties without the explicit and private consent of the data owner.
6. Methods of Collecting Personal Data
Papilon may collect personal data in written, verbal or other physical or electronic forms for the purposes specified under the heading "Processing Purposes of Personal Data" of this Policy. Although the type and nature of the relationship between the data owner and Papilon may vary depending on various factors, themethods used for collecting personal data are as follows in general:
- Directly from the data owner through physical and electronic media where the data owner communicates with our Company,
- The persons and institutions represented by the data owner/representing the data owner,
- Persons, institutions and organizations indicated as a reference in job applications or included in the applicant's work and education history,
- Through the company's subcontractors, business partners or other contracted persons and organizations,
- Through social media or other public channels.
7. Legal Reasons Regarding the Processing of Personal Data
As Papilon, we process your personal data based on your explicit consent or for the following legal reasons:
- In the event that it is clearly stipulated by the laws,
- When it is necessary to process your personal data since it is directly related to the establishment or performance of a contract with you,
- When it is compulsory for our legal obligation to be fulfilled,
- When the data has been made public by you personally,
- In the event that data processing is compulsory for the establishment, use or protection of a right,
- When data processing is compulsory for our legitimate interests, provided that it does not harm your fundamental rights and freedoms.
8. Storage Period of Personal Data
As Papilon, we store personal data only for the period necessary to achieve the purposes specified in this Policy, except where a longer period is legally required or a longer period is permitted. Personal data the storage period of which has expired are deleted, destroyed or anonymized by us within the framework of Article 7 of the KVK Law.
9. Rights of Data Owner
The personal data owners, in accordance with Article 11 of the Law, have the rights to learn whether their personal data is processed , to request information regarding this if it has been processed, to learn the purpose of the data processing and whether the data is used relevantly, to know the third parties to whom the data is transferred, to request correction in case the data is incomplete or incorrectly processed, to request deletion or destruction of the data if the reasons for processing the data disappear and to notify the third parties to whom the data is transferred, to object to the occurrence of a result against them by analyzing the processed data exclusively through automated systems, to claim compensation for damages in case they suffer damage due to unlawful processing of the personal data.
As a data owner, if you want to use any of your rights specified in Article 11 of the KVK Law, you can fill in the Data Owner Application Form and send it to us by filling out for your requests to be evaluated more properly.
Papilon will finalize the request of the data owners within thirty days at the latest, according to the 13th article of the KVK Law, depending on the nature of the request. Although the requests of the data owners will be concluded free of charge as a rule, if the response of the request requires an additional cost, the data owner may be requested to pay the fee determined within the framework of the relevant legislation.
IV. REVISIONS TO THE POLICY
Papilon may perform revisions in this Policy at various times. The updated version of the Policy prepared by our company can be accessed on the Papilon website and the revisions that can be made in the Policy can be followed on the Papilon website.
As a rule, revisions will be made by uploading them to Papilon's website and will become effective as of this date, but Papilon may notify these revisions in other ways it deems appropriate.