Informative Text Regarding Personal Data

Informative Text Regarding Personal Data

Data Responsible

BTRisk Bilgi Güvenliği ve BT Yönetişim Hizmetleri Tic.Ltd.Şti.

Yıldız Teknik Üniversitesi Davutpaşa Kampüsü Teknoloji Geliştirme Bölgesi A1 Blok, Z5 34220 Esenler / İSTANBUL

We, BTRisk Information Security and IT Governance Services Co.Ltd. (“BTRisk“);  care about protecting the personal data of our customers, personnel and the people who visit our website.

In this context, we would like to enlighten you as Data Responsible within the scope of Personal Data Protection Law No. 6698 (“KVKK” ).

Personal data you share with BTRisk may be processed and measured in accordance with KVKK, in connection with our activity and service purposes, transferred to third parties in the country and stored for the periods stipulated in the legislation.

Purpose of Processing Your Personal Data

Your personal data will be processed;

  • As required by law and honesty,
  • Limited and measured in connection with the purposes of processing,
  • Accurately and up to date,
  • With specific clear and legitimate purposes

At BTRisk, we process your personal data for the following purposes:

  • Carrying out the necessary activities and conducting activities in this direction in order to carry out the commercial activities carried out by our company in accordance with the legislation and company policies,
  • Suggesting the products and services offered by our company by being customized according to the taste, usage habits and needs of our customers,
  • To inform our customers about our products and services,
  • Advertising, direct marketing, personalized promotion,
  • To improve the services we offer,
  • To analyze our products and services to measure the satisfaction of our customers,
  • Providing trainings to our customers,
  • To carry out the required quality and standard audits to the extent required by the relevant laws and regulations, to improve our products and services or to fulfill the obligations stipulated by the laws and regulations to which we are subject.
  • Personal data of our personnel and people who apply to BTRisk for employment reasons can be processed by BTRisk or legal entities  that BTRisk  cooperates with on account of the obligations stipulated in the Labor Law, labor and social security legislation and other legislation in force, as well as the provision of occupational safety and peace of mind.

Transferring  Your Personal Data

Your personal data may be transferred, in accordance with the above-mentioned purposes, KVKK and in accordance with the applicable legislation, including, but not limited  to, our domestic business partners, business contacts, performance aids for the purpose of our services and consultancy activities, or, in accordance with the regulations, and regulatory supervisory  authorities and official authorities.

Method of Collecting Your Personal Data and Legal Reason

Your personal data may be collected orally, in writing or electronically for the purpose and scope specified above.

Your personal data may be collected by BTRisk or real or legal persons who process data on behalf of BTRisk including but not limited to, on our website, various contracts, job application forms, contact forms on the website, petitions, interviews, business cards, power of attorney, authorization documents, written or oral documents made with BTRisk. communications etc. in written or electronic forms

Your Rights as a Personal Data Owner

  • Within the framework of KVKK and other legislation in force, you have the right to,
  • Learn whether your personal data is processed,
  • Request information if your personal data has been processed,
  • Learn the purpose of processing personal data and whether they are used in accordance with their purpose,
  • Know the third parties to whom your personal data is transferred at home or abroad,
  • To request that your personal data be corrected if it is incomplete or incorrectly processed,
  • To request that your personal data be deleted or destroyed in accordance with the conditions stipulated in the KVKK legislation,
  • If you request correction of missing or incorrect data and deletion or destruction of your personal data, request that this be notified to the third parties to whom your personal data have been transferred,
  • Object to the occurrence of a result against you by analyzing the processed data exclusively through automated systems,
  • If you suffer any damage due to unlawful processing of personal data, request that the damage be remedied.

You may submit your request for your use of these rights in writing or in accordance with another method if the Personal Data Protection Board determines a separate method.

You can contact us by;

  • Sending a wet signed petition and a photocopy of your ID to Yıldız Teknik Üniversitesi Davutpaşa Kampüsü Teknoloji Geliştirme Bölgesi A1 Blok, Z5 34220 Esenler / İSTANBUL
  • Personally applying to the BTRisk Office with a valid identity document,
  • By sending to our registered e-mail address btrisk@hs03.kep.tr by using registered e-mail address (PEP) and secure e-signature or mobile signature,
  • By sending an e-mail to bilgi@btrisk.com from the e-mail address previously notified to BTRisk by the Person concerned and registered in our system.

Pursuant to the Communiqué on the Procedures and Principles of Application to the Data Responsible, the application of the person concerned should  include  the name, surname, the signature if the application is written, T.C. identification number (passport number in case the applicant is foreigner), the address of the place of residence or business subject to notification, the electronic mail address, telephone number and fax number, if any, and the information about the subject matter.

The person concerned should state clearly and clearly what is required in the application, which contains explanations regarding what he or she will do to exercise the rights mentioned above and the right he / she wants to use. Information and documents related to the application should be attached to the application.

Although the subject of the request should be related to the person of the applicant, if the person is acting on behalf of someone else, the applicant must be specifically authorized in this matter and this authorization must be documented (special power of attorney). In addition, the application must contain the identity and address information and the identity documents must be attached to the application.

Requests made by unauthorized third parties on behalf of someone else will not be considered.

How long will your requests for processing your personal data be answered?

Your personal data claims are evaluated and answered within 30 days from the date we receive it. If your application is evaluated negatively, the reasons for the rejection will be sent by e-mail or mail to the address you specified in the application.