KVKK Policy

MF Production Television and Film Inc.

POLICY ON PROTECTION AND PROCESSING OF PERSONAL DATA 

 

 CONTENTS

  1. PURPOSE AND SCOPE OF THE POLICY
  2. DEFINITIONS
  • PRINCIPLE OF PROCESSING PERSONAL DATA
  1. PERSONAL DATA PROCESSING CONDITIONS AND EXCEPTIONAL CASES
  2. PERSONAL DATA CLASSIFICATION
  3. ENSURING THE SECURITY OF PERSONAL DATA
  • PURPOSES OF PROCESSING PERSONAL DATA
  1. In terms of Security Camera Application in the Workplace
  2. Regarding Personal Data of Customers, Potential Customers and Business and Solution Partners
  3. Regarding Visitors' Personal Data
  4. Regarding Personal Data of Job Candidates
  5. Regarding Personal Data of Employees
  6. Regarding Personal Data of Subcontractors
  • TRANSFER OF PERSONAL DATA DOMESTIC AND ABROAD
  1. DESTRUCTION OF PERSONAL DATA
  2. RIGHTS OF THE PERSONAL DATA OWNER
  3. CLOSING PROVISIONS

 

 

  1. PURPOSE AND SCOPE OF THE POLICY

 

In order to ensure compliance with the Personal Data Protection Law No. 6698 (“KVKK” ) and relevant legal regulations published in the Official Gazette dated 07.04.2016 and numbered 29677, the procedures and principles adopted and to be implemented by our Company are regulated by this Policy within the scope of the data controller’s obligation to inform.

Regarding your personal data processed by our company; the practices and principles regarding your processed personal data, the principles of processing personal data, the purposes and conditions of processing personal data, the transfer of your personal data within the country and abroad, the destruction of your personal data and your rights on your processed personal data are notified to you below.

MF Yapım Televizyon ve Filmcilik A.Ş. (Hereinafter referred to as “MF Yapım”) will act in accordance with the procedures and processes specified in this Policy in order to comply with the KVKK and other relevant regulations and to process, use, destroy, transfer and other matters of your personal data in accordance with the Law and other regulations.

This Policy may be updated from time to time based on changes in legislation and/or conditions. In case of an update, it will be notified via the Company website and other channels.

 

 

  1. DEFINITIONS

 

 

Explicit Consent:  

Consent based on informed consent and expressed freely on a specific subject.

 

Anonymization:

Making personal data in such a way that it cannot be associated with an identified or identifiable natural person in any way, even by matching it with other data.

 

Personal Data:

Any information relating to an identified or identifiable natural person.

 

Processing of Personal Data:

Any operation performed on personal data, such as obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data, either fully or partially by automatic means or non-automatic means provided that it is part of any data recording system.

 

Personal Data Owner:

The natural person whose personal data is processed.

 

Special Personal Data:

Data regarding individuals' race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, appearance and dress, membership of associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data are special personal data.

Data Processor:

A natural or legal person who processes personal data on behalf of the data controller based on the authority granted to him.

 

Data Controller:

The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

 

 

 

 

  • PRINCIPLES OF PROCESSING PERSONAL DATA

 

Our company carries out its personal data processing activities within the framework of the principles and fundamentals listed below, in accordance with Article 4 of the KVKK, which regulates the procedures and fundamentals regarding the processing of personal data.

  1. Compliance with Law and the Rule of Integrity

Our company processes your personal data in accordance with the KVKK and other laws and regulations that are mandatory due to the nature of the work carried out.

 

  1. Being Accurate and Up-to-date

Our company carries out the necessary procedures and takes technical and administrative measures to ensure that the personal data provided by the data owner is not changed without permission or in violation of the truth, and to update the personal data upon request by the data owner when there is a change regarding the processed data.

 

  1. Processing for Specified, Clear and Legitimate Purposes

Your personal data processed by our company is processed in accordance with the purpose of processing and within the framework notified to you.

 

  1. Linkage, Limitation and Proportionality to Processing Purposes

Our Company does not process personal data that does not overlap with its activities, is not needed within the scope of Company activities, and goes beyond the purpose of processing.

 

  1. Storage for the Period Stipulated in the Relevant Legislation or Necessary for the Purpose for which they are Processed

Your data processed within the framework of KVKK and other relevant laws and regulations are kept for the period stipulated in the relevant legislation or required to be kept due to the nature of the personal data processed.

 

 

  1. PERSONAL DATA PROCESSING CONDITIONS AND EXCEPTIONAL CASES

 

– General personal data to be processed within the framework of company activities;

  1. a) Provided that the explicit consent of the data owner is obtained, or
  2. b) Explicitly stipulated in the laws,
  3. c) It is necessary for the protection of the life or physical integrity of the person or another person who is unable to give his consent due to a physical impossibility or whose consent is not legally valid,
  4. d) The processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or execution of a contract.
  5. e) Mandatory for the data controller to fulfill its legal obligations.
  6. f) Made public by the relevant person himself,
  7. g) Data processing is mandatory for the establishment, exercise or protection of a right,
  8. h) Data may be processed without the explicit consent of the data owner if one of the situations in which data processing is mandatory for the legitimate interests of the data controller exists, provided that it does not harm the fundamental rights and freedoms of the data subject.

– Special personal data to be processed within the framework of company activities;

  1. a) Data will not be processed unless the explicit consent of the data owner is received,
  2. b) Except for special personal data related to health and sexual life, it may be processed without the explicit consent of the data owner in cases prescribed by law,
  3. c) Special data related to health and sexual life may be processed without the explicit consent of the data owner for the purposes of protecting public health, providing preventive medicine, medical diagnosis, treatment and care services, and planning and managing health services and their financing.

 

  1. PERSONAL DATA CLASSIFICATION

 

 

Identity Information

The information written on your identity card, including but not limited to name, surname, mother's name, father's name, place of birth, date of birth, marital status, religion, blood type, registered province, district and neighborhood.

Contact Information

Your contact data requested from you or provided by you in order to be able to contact you, such as your home telephone number, mobile telephone number, residence address or other address information, and e-mail address.

 

Personal Information

    Photocopy of identity card,

    Identity register copy,

    Residence Certificate,

    Health report,

    Photocopy of diploma,

    Criminal record,

    Passport photo,

    Document stating family status,

    Military service status certificate,

    Employment Contract / Service Contract,

    SGK employment entry declaration,

    Your criminal record (criminal record),

    Information and documents regarding your health condition.

 

Bank Account Information

    Bank account number, IBAN number, other information regarding credit card and debit card.

Background Information

    Your educational information, school information regarding your education, certificate information, information about your educational status and training, as written in your CV or requested by our Company or provided by you,

    Location, date and duration information regarding your work experience written in your CV or requested by our Company or provided by you, information regarding your previous job and position, and all kinds of information regarding your work experience,

    Your photograph, as written in your CV or requested by our Company or provided by you,

    Your driver's license and the information written on your driver's license, as written on your CV or requested by our Company or provided by you,

    Your references and information regarding your references, as written in your CV or requested by our Company or provided by you.

 

Visitor Information

    The company name of the visitors to the company, their vehicle license plate, if any, the person visited and other information.

 

 

  1. ENSURING THE SECURITY OF PERSONAL DATA

 

As MF Yapım, we carry out the technical and administrative measures deemed necessary to ensure the security of your personal data, which we process within the framework of our company activities, in accordance with the KVKK and relevant legislation, within the framework of the necessary technological infrastructure; in this direction, we take precautions against data breaches, unauthorized access, data loss, unauthorized modification of data and other threats and carry out the necessary inspections.

In this context, we identify current risks and threats, train our employees and carry out awareness activities, determine policies and procedures regarding personal data security, ensure personal data minimization, create necessary confidentiality agreements with data processors; use firewalls and up-to-date anti-virus programs to ensure cyber security, configure our existing software and hardware, perform software updates and audits; ensure the security of physical and electronic environments containing personal data, and take the necessary measures to prevent unauthorized persons from violating your data security with key management, access logs, user account management, infiltration control and encryption methods.

 

  • PURPOSES OF PROCESSING PERSONAL DATA

 

Your personal data is processed for the purposes of fulfilling company activities and legal obligations and is limited to these.

In this direction,

  1. In terms of Security Camera Application in the Workplace

 

  • Within MF Yapım, in order to protect the life and property of employees and to ensure workplace safety in accordance with the Occupational Health and Safety Law No. 6331, the Labor Law No. 4857 and secondary legislation, security camera monitoring is carried out at various points. In areas where monitoring is carried out, information that monitoring is being carried out is provided with a camera warning sign.
  • Security cameras are positioned within the limits of proportionality to ensure workplace security and the legitimate interests of the employer.

 

  1. Regarding Personal Data of Customers, Potential Customers and Business and Solution Partners

 

  • To provide more effective service to our customers, suppliers and business partners; to be able to carry out legal and financial processes,
  • Ability to effectively carry out all processes related to orders received, including cargo and return procedures,
  • Ensuring workplace safety, commercial security and economic security,
  • Within the scope of Social Compliance-Ethics audits, the auditing of the compliance of business activities carried out by authorized private law real and legal persons with social compliance and ethical criteria,
  • In order to improve the service offered by our company and to ensure product satisfaction, your identity information, contact information, financial identity information and other personal data provided to us and requested by us may be processed in order to carry out the necessary workflow processes by our relevant departments.

 

  1. Regarding Visitors' Personal Data

 

  • Personal data regarding visitors to our Company, such as the company name, vehicle license plate, and time of visit, are processed in electronic and physical environments for the purpose of ensuring internal order and the safety of life and property.

 

 

  1. Regarding Personal Data of Job Candidates

 

  • Forwarding job applications and CVs to the relevant department to check suitability for the job and to proceed to the interview process,
  • Determining and examining whether you have the necessary qualifications for the position you are applying for, at the time of application, during the application process and during all procedures to be carried out during the application period.
  • Searching for your references and getting references about you,
  • At the end of the job application process, if the job interview is successful, you can be placed in your position at the workplace,
  • If the job interview is not successful at the end of the job application process, the identity information, contact information, CV information and other personal data of the candidates are processed in line with the purpose and methods of informing you about the job opportunity after the necessary evaluations are made again when a suitable position opens up in our Company or in our group companies Terda Terlik Dağ. San. Tic. Ltd. Şti. and Bilgiçler Yapı İnşaat Ltd. Şti.

 

  1. Regarding Personal Data of Employees
  • Ensuring internal company order, workplace peace and security,
  • Processing personal data of employees and interns for the purpose of fulfilling legal obligations such as creating and keeping personnel files and sharing them with inspector public institutions and organizations and authorized private law real or legal persons during workplace inspections,
  • Recording all transactions performed by employees in the fileserver system through logging,
  • Including visuals regarding our company's organization and other activities on corporate social media accounts,
  • Using methods to determine the entry and exit times of employees and other electronic surveillance methods to ensure the safety of the workplace and employees and to protect life and property,
  • The Company may organize activities such as fairs, seminars, training, conferences, trips, social events and accommodation and transportation services by the Company and/or third parties on behalf of the Company, carry out visa procedures, inform the Company about developments, contact the employee and his/her relatives when necessary, provide motivational gifts (such as gifts, promotions), promote and advertise the Company's activities and record personal data of employees by the Company and transfer them to third parties in the country or abroad,
  • Processing of general and special personal data of employees within the scope of documents and papers that must be kept within the scope of OHS activities and sharing them with the workplace physician and health officers,
  • Fulfilling the procedures related to the performance of the services provided to the employees, and transferring the relevant personal data of the employees to third parties with whom the Company has a contractual relationship, to the extent necessary,
  • Keeping records of GSM lines, credit cards or vehicles allocated to employees within the scope of the employer's management rights,
  • Your identity information, CV information, personnel information, bank account information, communication information, contact information and other personal data can be processed in line with the purpose and methods of recording the correspondence made with the corporate e-mail account allocated to the employee's use and the e-mail files containing these correspondences in the cloud system available abroad.
  1. Regarding Personal Data of Subcontractors
  • Processing for the purpose of fulfilling legal obligations such as creating and keeping personnel files and sharing them with inspector public institutions and organizations and authorized private law real or legal persons during workplace inspections,
  • Processing of general and special personal data of subcontractors within the scope of documents and papers that must be kept within the scope of OHS activities and sharing them with the workplace physician and health officers,
  • Your identity information, personnel information, bank account information, communication information, contact information and other personal data may be processed in line with the purposes and methods of determining the entry and exit times of employees and using other electronic surveillance methods in order to ensure the security of the workplace and employees and to protect life and property.

 

 

  • TRANSFER OF PERSONAL DATA DOMESTIC AND ABROAD

 

Your personal data; 

  • To banks, third parties with whom the employer works, occupational health and safety specialists, workplace physicians and healthcare personnel in order to fulfill the obligations of the employer within the scope of the employment contract,

 

  • Your personal data is transferred to Microsoft Office applications, cloud solutions, SAP applications and backup systems located abroad for the administration and management of the company's business, the implementation of company policies and the efficient management and execution of the workflow.

 

  • External service providers, whose technical and administrative security measures required by the legislation and industry practices have been checked by the Company within the scope of carrying out the Company's commercial and other activities, and whose commitments regarding this matter have been arranged between the parties,

 

  • In addition, it can be transferred to our business partners, suppliers, third parties from whom we receive services within the scope of company activities and abroad in order to provide products and services.

 

  • Upon request or when necessary in line with our legal obligations, your personal data may be shared with enforcement offices or courts (at all levels), as well as relevant ministries, directorates, Social Security Institution, İŞKUR and other persons.

 

 

  1. DESTRUCTION OF PERSONAL DATA

 

Personal data processed within the scope of our company's activities are stored for the purpose of processing and for the period necessary to achieve this purpose and for the retention period stipulated in the relevant legislation.

Data that has lost its function, whose storage period has expired, and is requested to be destroyed by the data owner, if possible within the framework of the legislation, are destroyed using the appropriate method of deleting, destroying or anonymizing personal data listed in Article 7 of the KVKK.

Deletion of personal data is the process of making personal data inaccessible and reusable for the relevant users in any way.

Destroying personal data is the process of making personal data inaccessible, irreversible and reusable by anyone.

Anonymization of personal data means making personal data incapable of being associated with an identified or identifiable natural person in any way, even if matched with other data.

 

  1. RIGHTS OF THE PERSONAL DATA OWNER

 

Regarding the personal data processed within the scope of our Company's activities, the data owner may apply to our Company within the framework of your rights listed in Article 11 of the KVK;

  1. a) To learn whether your personal data is being processed,
  2. b) Requesting information regarding the processing of personal data,
  3. c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
  4. d) To know the third parties to whom personal data is transferred, either domestically or abroad,
  5. e) Request correction of personal data in case it is processed incompletely or incorrectly,
  6. f) Request the deletion or destruction of personal data within the framework of the conditions set forth in Article 7 of the KVKK,
  7. g) To request that the operations carried out in accordance with subparagraphs (d) and (e) be notified to third parties to whom personal data has been transferred,
  8. h) To object to the emergence of a result to the detriment of the person himself/herself, by means of analysis of the processed data exclusively through automatic systems,
  9. i) In case of damages due to unlawful processing of personal data, they have the right to demand compensation for the damages.

 

  1. CLOSING PROVISIONS

 

If you exercise your rights listed above and apply to our Company regarding the above-mentioned issues, your requests in your application will be finalized free of charge within thirty (30) business days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost for the Company, the fee in the tariff determined by the Personal Data Protection Board may be requested. 

In matters related to the processing of your personal data, you must submit your application to our Company by filling out and signing the application form available on the Company's website and personally proving your identity.

For MF Yapım employees, it is also possible to apply to our Company using the KVKK Application Form available at the Administrative Affairs Department or the OHS Specialist.

 

MF Production Television and Film Inc. Contact Information

Head Office Address: Bebek Mah. İnşirah Slope No:7 D:1 Beşiktaş/İstanbul

Email address for contact: info@mfyapim.com

Movies
TV Shows
Videos
Search