Dear Member/Member Representative,
As the Corporate Risk Management Association (the “Association“), we attach great importance on protecting your personal data. In this context, pursuant to Law No. 6698 on the Protection of Personal Data (“PDPL“), we process your personal data in accordance with the PDPL and within the scope of the purposes and limitations specified below, and we take great care to take the necessary administrative and technical measures accordingly. For this reason, we would like to inform you, who are the representatives of our association members or of our legal-person association members, through this “Clarification Text on the Processing of Personal Data of Association Members/Member Representatives” (“Clarification Text“), about our processes of processing your personal data and about your rights under the PDPL.
Personal Data We Process
Based on the membership relation with the Association, we process your following personal data in accordance with the relevant legislation and the Association Regulation:
- IDENTITY INFORMATION: NAME, SURNAME, T.R. IDENTITY NUMBER,[kimlik bilgisi]
- CONTACT INFORMATION:CONTACT ADDRESS, TELEPHONE NUMBER AND EMAIL ADDRESS, AND IF ANY, THE MOBILE PHONE NUMBER, FAX NUMBER OR OTHER COMMUNICATION CHANNELS THAT WE CAN CONTACT YOU, WHICH YOU PREFER TO BE CONTACTED BY THE ASSOCIATION.
- YOUR WORK AND EDUCATIONAL INFORMATION:IN ADDITION TO THE APPLICATION FORM YOU HAVE FILLED WITHIN THE SCOPE OF THE ASSOCIATION MEMBERSHIP, YOU CAN OPTIONALLY ADD THE NAME OF THE INSTITUTION YOU ARE CURRENTLY WORKING FOR, YOUR DUTY IN THIS INSTITUTION, THE LAST INSTITUTION YOU WORKED FOR, THE LAST SCHOOL YOU HAVE GRADUATED, AND YOUR GRADUATION DEGREE.
- SPECIAL QUALIFIED PERSONAL DATA: YOUR RELIGION, PHILOSOPHICAL BELIEF, POLITICAL THINKING AND HEALTH INFORMATION (E.G. INFORMATION SUCH AS CLOTHES, DEVICES AND PROSTHESES THAT ARE OBSERVED FROM THE PHOTO, OPTIONALLY STATED NAMES OF ASSOCIATIONS THAT YOU ARE A MEMBER OF, MAY BE OBTAINED INDIRECTLY WITHIN THE SCOPE OF THE IDENTITY DOCUMENTS AND PHOTOS THAT YOU HAVE SUBMITTED TO THE ASSOCIATION. THE ASSOCIATION DOES NOT INTEND TO PROCESS THIS INFORMATION DIRECTLY.
(The aforementioned data shall constitute personal data under the PDPL to the extent that it belongs to our natural person members and the natural person representatives of the legal person members, and this information shall be collectively referred to as “Personal Data” within this text.)
The Collection Method and Legal Reasons of Collection of Your Personal Data
Your Personal Data is collected and processed in verbal or written form or in electronic media, by means of the application form, which is filled out physically by the website of the Association at www.kryd.org during the membership application to the Association, and by means of the documents provided to the Association in physical form or transferred electronically pursuant to the Association Regulation, and by the information given to the authorized persons of the Association within the scope of various communications (such as contacting the Association by telephone or electronic mail).
In this context, your Personal Data is conducted in line with the purposes and subjects specified in the Regulation of the Association; the organization, management and execution of activities and related processes aimed at the Association’s members or their representatives such as general assemblies, working group meetings, summits, agenda meetings and other member meetings; ensuring communication between the Association and its members regarding the rights and obligations of membership; fulfilling the related rights and obligations; executing internal reporting activities; presenting the necessary information and documents to these institutions, organizations and courts; keeping the books and records required by the Association under the legislation 32 and 25 The data controller is obligatory in order for the Association to fulfill its legal obligations pursuant to Article 5/2(ç) of the PDPL, within the scope of fulfilling its obligations pursuant to the Law on Associations, Regulation on Associations and other legislation; communication with members; providing information on the activities and services of the Association; determination and implementation of its activities and services; application of service policies; communication of members within the Association; providing information within the scope of its activities; ensuring the security and supervision of all facilities of the Association; replication/backup of Article 5/2(f) of the PDPL in order to prevent data losses and to the extent that data processing is compulsory for the legitimate interests of the Association without damaging the fundamental rights and freedoms of the natural person representatives of our legal entity members), and in addition, for the purposes of carrying out legal processes related to the Members, pursuant to Article 5/2(e) of the PDPL, data processing is mandatory for the establishment, use or protection of rights.
In processing your Personal Data, the Association complies with the data processing principles and obligations under the relevant legislation, particularly the Constitution of the Republic of Turkey, the international agreements to which our country is a party, the PDPL, secondary legislation, and the guidelines and principles issued by the Personal Data Protection Board.
Purposes for which Your Personal Data is Processed
Your Personal Data is processed within the scope of following purposes:
- ENFORCING ACTIVITIES IN LINE WITH THE PURPOSES AND WORKING TOPICS STATED IN THE ASSOCIATION REGULATION,
- ORGANIZATION, MANAGEMENT AND EXECUTION OF EVENTS AND RELATED PROCESSES FOR THE ASSOCIATION MEMBERS OR THEIR REPRESENTATIVES SUCH AS GENERAL ASSEMBLY MEETINGS, WORKING GROUP MEETINGS, SUMMITS, AGENDA MEETINGS AND OTHER MEMBER MEETINGS OF THE ASSOCIATION,
- ENSURING COMMUNICATION BETWEEN THE ASSOCIATION AND ITS MEMBERS ON ISSUES RELATED TO MEMBERSHIP RIGHTS AND OBLIGATIONS AND FULFILLING THE RELATED RIGHTS AND OBLIGATIONS,
- PROMOTING THE ASSOCIATION AND PROVIDING INFORMATION ABOUT THE ACTIVITIES CARRIED OUT,
- DETERMINING AND IMPLEMENTING THE ACTIVITIES AND SERVICES OF THE ASSOCIATION, AND CONDUCTING SERVICE POLICIES,
- STRENGTHENING COMMUNICATION AND COOPERATION WITHIN THE ASSOCIATION,
- EXECUTION OF INTERNAL REPORTING ACTIVITIES,
- INFORMING MEMBERS WITHIN THE SCOPE OF THE ASSOCIATION’S ACTIVITIES,
- ENSURING THAT ALL FACILITIES OF THE ASSOCIATION ARE SECURED AND AUDITED,
- SUBMITTING THE NECESSARY INFORMATION AND DOCUMENTS TO THESE INSTITUTIONS, ORGANIZATIONS OR COURTS UPON THE REQUEST OF ADMINISTRATIVE INSTITUTIONS AND ORGANIZATIONS,
- KEEPING OF BOOKS AND RECORDS AS REQUIRED BY THE ASSOCIATION IN ACCORDANCE WITH THE REGULATIONS
- FULFILLING OBLIGATIONS PURSUANT TO THE LAW ON ASSOCIATIONS NO. 5223, THE REGULATION ON ASSOCIATIONS, AND OTHER LEGISLATION,
- TO CARRY OUT LEGAL PROCEDURES REGARDING MEMBERS,
- COPYING/BACKUP TO PREVENT DATA LOSS.
Transfer of Your Personal Data in Turkey or Abroad and Purposes for Transfer
The Association shall be allowed to transfer your Personal Data to the following persons in the form and circumstances specified below, in accordance with the basic principles envisioned by the PDPL and in accordance with the conditions specified in Articles 8 and 9 of the PDPL:
If it is stipulated by any legislation that is in force during the period of processing of personal data, including the Law No. 5223 on Associations and the Regulation on Associations, or it is necessary to share such data in order to fulfill an obligation set forth by the legislation, your Personal Data will be shared with the related institutions and organizations for the Association to fulfill its legal and legal obligations.
In the event that you are a member of the Association or a legal entity member as a natural person representative, your identification, contact information and professional knowledge will be shared with the Provincial Directorate of Associations and other relevant public institutions and organizations for legal reasons that the data controller, the Association, is obliged to fulfill its legal and legal obligations in order to fulfill the various obligations in the Law on Associations and secondary legislation.
The Association receives services from third parties regarding the bulk email. In order to send the e-mails to inform you about the activities of the Association and the activities carried out within the scope of the Association membership, your electronic mail addresses will be shared in the scope of the legitimate interests of the Association, provided that the sending agency during the period does not harm your fundamental rights and freedoms.
From time to time, non-Association organizers work with the purpose of providing various activities and services such as general assembly meetings, working group meetings, summits, agenda meetings and other member meetings within the Association. Names and surnames of the persons attending the event, such as identity cards, to organize the activities and to provide the participants with materials such as identity cards, will be shared with the organizers authorized by the Association for certain activities of the Association, which will carry its title as data processor for the mentioned business, in accordance with the legitimate interests of the Association, provided that the data controller does not harm your fundamental rights and freedoms.
From time to time, non-Association organizers work with the purpose of providing various activities and services such as general assembly meetings, working group meetings, summits, agenda meetings and other member meetings within the Association. Names and surnames of the persons attending the event, such as identity cards, to organize the activities and to provide the participants with materials such as identity cards, will be shared with the organizers authorized by the Association for certain activities of the Association, which will carry its title as data processor for the mentioned business, in accordance with the legitimate interests of the Association, provided that the data controller does not harm your fundamental rights and freedoms. Even though no data is transferred to the relevant companies, in order to provide the information technologies services within the Association, external information technology companies work with the Association.
On the legal grounds that data processing is compulsory for the legitimate interests of the Association provided that it does not harm the fundamental rights and freedoms of our members (or the real person representatives of the legal person members), such companies can access the servers and programs used by the Association from time to time for the purpose of providing technical support, and data under such programs, in this context. However, these companies did not transfer the data to their systems or process or store the data themselves.However, it is not possible for these companies to transfer the data to their own systems or to process and store this data by themselves.
In the event of any disputes about the member’s rights or obligations or the membership of the Association, to the extent and limited to the relevant dispute, your Personal Data may be shared with the Association’s attorneys, consultants and related judicial authorities and executive authorities as well as the data controller if it is mandatory to establish, exercise or protect the rights of the Association.
If the Association is required for the aforementioned purposes of data processing and to perform its activities under the Association Charter, this may be shared only in the context of the legitimate interests of the data controller, the Association, subject to the being mandatory for the establishment, use or protection of the rights of the Association, and not to damage your fundamental rights and freedoms, together with domestic third persons such as consultants, financial consultants, and auditors from which the Association receives services, support and consultancy services, provided that the Association is obliged to establish, use or protect such rights. In addition to the foregoing, if it is necessary to fulfill the legal and/or legal obligations under the legislation in effect at the time of the relevant transaction or request or if such a request comes from official authorities, your Personal Data may be shared with the related institutions and organizations or judicial organs for the purpose of fulfilling the legal and legal obligations.
Your Rights as a Subject under the PDPL
Pursuant to the PDPL, as a relevant person, the PDPL and other applicable legislation:
- TO LEARN WHETHER YOUR PERSONAL DATA HAVE BEEN PROCESSED OR NOT,
- TO REQUEST INFORMATION ABOUT YOUR PERSONAL DATA IF IT HAS BEEN PROCESSED,
- LEARN THE PURPOSE OF PROCESSING THE PERSONAL DATA AND WHETHER IT HAS BEEN USED IN ACCORDANCE WITH THE PURPOSE,
- KNOWING THE THIRD PARTIES TO WHOM YOUR PERSONAL DATA HAS BEEN TRANSFERRED IN TURKEY OR ABROAD,
- REQUEST CORRECTION OF YOUR PERSONAL DATA IF IT HAS BEEN PROCESSED INCOMPLETELY OR INCORRECTLY,
- TO ASK FOR THE DELETION OR DESTRUCTION OF YOUR PERSONAL DATA IN ACCORDANCE WITH THE CONDITIONS STIPULATED BY THE PDPL LEGISLATION,
- V. AND VI. REQUESTING THE TRANSACTIONS MADE UNDER ARTICLES TO BE NOTIFIED TO THE THIRD PARTIES TO THE TRANSFER OF YOUR PERSONAL DATA,
- ANALYSIS OF THE PROCESSED DATA EXCLUSIVELY BY AUTOMATIC SYSTEMS,
- REQUESTING COMPENSATION OF DAMAGES IF YOU SUCCESSFULLY DUE TO THE UNLAWFUL PROCESSING OF PERSONAL DATA
you have the rights set forth above.
Application Methods to the Association within the Scope of Your Rights
Pursuant to the provisions of the Communiqué on the Procedures and Principles of Application to the PDPL and the Data Controller, you are required to submit your request, along with the documents that certify your identity, to exercise your rights under the PDPL mentioned above in accordance with the written and wet signed ORUÇREIS MAH. BARBAROS CAD. delivered by hand to TEKSTILKENT A19 BLOK NO:47 ESENLER-ISTANBUL address. or by registered electronic mail (REM) at info@kryd.orgor by secure electronic signature or mobile signature.