PROTECTION OF PERSONAL DATA AND PRIVACY COMMITMENT
This Personal Data Protection and Confidentiality Statement (hereinafter referred to as the "Undertaking") is on one side {MemberNameSurname} (hereinafter referred to as "Data Processor" or "Confidential Information Receiver") at the address {MemberAddress} and on the other hand, the "Organized Industrial Zone 43" . Street No: 27 38070 Melikgazi / KAYSERİ ”Kilim Mobilya A.S. (hereinafter referred to as the "Data Controller" or "COMPANY") within the scope of the contractual or commercial relationship that will begin and / or continue, within the framework of the terms and conditions stated below.
In this Protocol, Data Processor and Data Controller will hereinafter be referred to separately as "Party" and collectively as "Parties".
The subject of this Undertaking is that within the scope of personal data processing activities carried out within the scope of the contractual or commercial relationship between the Parties and / or ongoing, the Law on the Protection of Personal Data No.6698 (the "Law"), secondary regulations issued under the Law and binding It consists of arranging the terms and conditions regarding the fulfillment of the obligations arising from the decisions of the Personal Data Protection Board.
Secret information : All information and / or documents disclosed in writing or orally regarding the COMPANY itself, its employees, customers, agents, affiliates or third parties, shareholders, subsidiaries and affiliates before and / or after the signature of this Undertaking. It means.This information includes, but is not limited to, the COMPANY's customers, costs, profit, sales, services, products, product development, payment information, account information, bank information, any other financial information, personnel, work and service information, pricing, salary policies and levels, operating methods, technology, ideas, inventions, know-hows, brands, logos, patents, software, source codes, intellectual and industrial property rights, trade secrets, technical processes, formulas, plans, designs, licenses and permits, drawings, layouts, models, projections, business plans, contracts, price offers and all kinds of written or verbal information and / or documents related to all personal data processed in the COMPANY's data recording system.
Related Person : Refers to the real person or persons whose personal data is processed.
Law : 6698 numbered Personal Data Protection Law
Personal data : All kinds of information regarding an identified or identifiable natural person.
Data processor : Refers to the natural or legal person who processes personal data on behalf of the data controller based on the authority given by him.
Data Controller : Refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Receiver of Confidential Information accepts and undertakes to show the same care it does in protecting its own information, as well as protecting the Confidential Information of the COMPANY. The Recipient of the Confidential Information must protect the Confidential Information with great confidentiality, not to disclose the Confidential Information to any third party under any circumstances, without prejudice to the cases explicitly permitted by this Undertaking, only the commencement and / or ongoing commercial relationship between the COMPANY and the COMPANY. It accepts, declares and undertakes to use it for its purposes and not to use it directly or indirectly for other purposes.
The Recipient of the Confidential Information can only share the Confidential Information with the employees who need to learn this information due to their job, with their agents, and is obliged to warn these persons about the confidentiality of the information and the obligations under this Undertaking. Receiver of Confidential Information accepts and undertakes in advance that it will be directly liable to the other Party if its workers, agents or third parties with whom it has an agreement act contrary to the obligations of this Undertaking.
Information that does not fall under the definition of Confidential Information, information independently developed by the Recipient of the Confidential Information without obligation of confidentiality; information obtained without any restrictions from a Party that is not legally obliged to keep confidential; Information that became public without violating the provisions of this Undertaking; The information required to be disclosed pursuant to laws or regulations in force or a court decision or administrative order will not be considered within the scope of this Undertaking.
If the Recipient of the Confidential Information becomes aware of the existence of an unauthorized disclosure arising directly or indirectly from himself, his shareholders, employees, agents, affiliates or third parties with whom he has an agreement, he shall inform the COMPANY immediately and in writing about the violation in question and It will take all necessary precautions to reduce the damage it is exposed to and / or will be exposed to.
The COMPANY has exclusive right to Confidential Information. Any disclosure made within or within the scope of this Undertaking does not grant any intellectual property rights or other rights to the Receiver of the Confidential Information, or a license to use, sell, copy or develop, but is not limited to the aforementioned Confidential Information.
The COMPANY reserves all its rights on the Confidential Information and no rights or obligations are given to the Receiver of the Confidential Information, and the meaning given to it cannot be inferred, except for those explicitly mentioned in this Undertaking. None of the provisions in this Undertaking or the implementation of this Undertaking impose an obligation on the COMPANY to enter into business relations with the other party or restrict the rights of the COMPANY.
Upon the written request of the COMPANY, the Receiver of Confidential Information accepts, declares and undertakes that he will immediately return to the COMPANY all Confidential Information transferred to him within the scope of the contractual relationship between the Parties, except for the information and documents that must be kept legally.
In cases where the Data Processor processes personal data on behalf of the Data Controller pursuant to this Undertaking, it will only process personal data in line with the instructions of the Data Controller, in accordance with the contractual or commercial relationship that will start and / or ongoing between the Parties and in accordance with the procedures and principles specified in the Law, in line with their own interests. It accepts, declares and undertakes that it will not use it within the scope of promotion, advertising or marketing activities.
Data Processor, in accordance with the instructions of the Data Controller, to prevent unlawful access to the personal data by third parties, to prevent deletion, destruction or anonymization, to protect it, to protect the personal data from being changed, damaged or disclosed. It accepts, declares and undertakes that it will take technical and administrative measures.
Data Processor Data with responsible and enters / or enter to contractual or commercial relations in accordance with the Data Officer of that process in the personal data of the Republic of Turkey have gained to handle the instruction, the personal data it receives without the data Responsible written approval of the special provisions in other laws and agreements between the Parties or permitted by express provision in the contract that states without prejudice to, in no way the Republic of Turkey within the limits and / or the Republic of Turkey borders will not transfer outside on to third parties, without the data Responsible written confirmation whether the circuit which handles data received data processing activities shall accept, and warrants.
In cases where the Data Processor is required to share the personal data obtained in accordance with the lawful and legitimate demands of the legally authorized administrative and judicial authorities, the Data Controller will immediately inform the Data Controller of the situation and is obliged to provide the necessary support in all matters concerning the Data Controller.
The Data Processor agrees and declares that it will take all necessary measures to ensure the reliability of its personnel who have access to the personal data obtained from the Data Controller, will provide training on the processing of personal data for the personnel who are authorized to access, increase their awareness and will not receive support from personnel who are not trained and unaware in the processing of personal data. .
The Data Processor shall notify the Data Controller immediately within one (1) business day, without giving any information to the relevant person, in case of a complaint by the Relevant Person regarding the obligations of the Data Controller within the framework of the Law or any request from the Data Controller pursuant to Article 11 of the Law, and in case of data security violation will inform. The Data Processor will provide all kinds of support and cooperate with the Data Controller regarding any complaint and request submitted to the Data Controller. Without being limited to those listed here, Data Processor; It agrees, declares and undertakes that it will convey all the details of the complaint or request to the Data Controller, to notify the Data Controller immediately in cases where the personal data is required to be disclosed as per the Law, and to immediately transfer all kinds of information and documents to the Data Controller.
The Data Processor will allow the Data Controller to audit the data processing activities, provided that it has taken the necessary precautions regarding confidentiality, and will fulfill all reasonable requests and instructions of the Data Controller to check whether it has duly fulfilled its obligations within the scope of this Undertaking. The Data Controller undertakes that the auditing activities will be carried out by a review body within the body of the Data Controller or, if deemed necessary, consisting of independent members and elected by the Data Controller, having sufficient professional qualifications and subject to confidentiality, limited to the processing activities specified within the scope of the service. Requests for audit will be notified to the Data Processor in writing by the Data Controller at the latest 15 (fifteen) days before. The Data Processor may request that the audit request be postponed to a further date for once due to the intensity of business activities and the lack of attendance of the relevant personnel to the audit.This postponement cannot exceed 15 (fifteen) days in any case.
The Data Processor shall promptly return the personal data obtained within 7 days from the termination of this Undertaking or the contractual or commercial relationship between the Parties to the Data Officer or delete them immediately and within 7 days at the latest in accordance with the written instructions of the Data Controller. agrees, declares and undertakes that it will destroy or anonymize.
In the event that the Data Controller suffers any damage, faces legal, administrative or criminal sanctions or is compelled to compensate any damage due to the Data Processor's breach of this Undertaking, the said amounts will be recourse to the Data Processor and upon the first request by the Data Processor immediately It will be paid in cash and at once within 7 days at the latest. In addition to its other legal rights, the Data Controller may request immediate measures, apply for interim measures and / or other appropriate legal remedies. The Data Processor agrees, declares and undertakes to cover all damages incurred by the Data Controller for this reason.
Except for the cases stated above, if the Data Processor breaches its obligations arising from this Undertaking and inflicts material damage on the Data Controller due to this breach, the penal clause amounting to […… .., 00-TL] will be sent to the Data Controller without the need for any written notice and notice. It accepts, declares and undertakes in advance that it will pay in cash and in lump sum within 7 days at the latest, and waive all objections and defenses and criticism requests in this regard.
This Undertaking remains in effect unless a termination notification is made by the Data Controller. Even in the event of termination of any of the contracts made and / or to be made between the parties, this contract continues to be in effect.
This Undertaking is subject to Turkish law, and Kayseri Courts and Enforcement Offices are authorized to resolve all disputes arising from the Undertaking.
This Undertaking constitutes an integral and integral part of all other contracts entered into force and / or afterwards between the Parties.
Processing activities carried out prior to the effective date of the Undertaking within the scope of the contracts concluded between the Parties prior to the effective date of this Undertaking shall not be claimed to be in breach of this Undertaking.
All kinds of dues, fees, stamps and other tax obligations accrued due to the contract will be paid equally by the Parties as stipulated by the relevant legislation.
The Data Processor cannot transfer or assign its rights and obligations arising from this Undertaking to third parties without the written consent of the Data Controller.
This Undertaking, which consists of 9 main articles, was signed in two copies on [*] and entered into force as of the date of signature.
