Vendor
Get a Quote
Shop
Vendor
Get a Quote
Shop

Type To Search

Protocol

Home Protocol

PROCESSING OF PERSONAL DATA RELATED PROTOCOL

  1. Article – Parties

This Protocol on the Processing of Personal Data (Protocol), in line with the purposes of the Personal Data Protection Law No. 6698; Regarding the processing and transfer of personal data, Aydınlı Sb. Mah. 1st St. Located at No:1 Tuzla/ İstanbul, HT Solar Enerji A.Ş. with (HT Solar) __ resident at _ It was signed between.

HT Solar and _ together will be referred to as the Parties.

  1. Article 2 – Definitions

Mentioned in this Agreement;

Data Controller: HT Solar, which determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system, and  _’yi ,

Contracts: All offers, policies, contracts and other agreements subject to the processing of personal data offered and/or signed between the parties,

Related person: The real person whose personal data is processed,

Service: All services to be provided according to the contract/s made and/or to be made between the parties,

Personal Data: Any information processed regarding an identified or identifiable natural person within the scope of the service,

Special Personal Data: Data regarding people's race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data,

Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. Any action performed on data such as blocking,

Destruction of Personal Data: Deletion, destruction or anonymization of Personal Data,

Security Breach: Illegal disclosure of any personal data or unauthorized access to the Data Processor's systems by any method,

Law: Personal Data Protection Law No. 6698,

Board: Personal Data Protection Board,

Organisation: Personal Data Protection Authority

Legislation: All of the law and secondary legislation, the decisions taken by the Board and the guides published,

Technical and Administrative Measures: All necessary technical and administrative measures to ensure the appropriate level of security specified in the Law and to ensure the preservation of personal data,

expresses.

For definitions not included in this Protocol, the definitions in the legislation will apply.

  1. Article – Purpose and Scope of the Protocol

This Protocol applies to all agreements that have entered into force and will enter into force between the Parties; It aims to ensure the security of personal data transferred between the Parties and to regulate the rights and obligations of the Parties accordingly.

The processing activity within the scope of this Protocol consists of all kinds of personal data sharing between the Parties verbally, in writing, or through electronic means and other means.

The Parties agree that in the event of a conflict between the contract, the Protocol and any written/oral arrangements signed between them regarding the processing of personal data before the date of signature of this Protocol, and the provisions of this Protocol, the provisions of this Protocol shall prevail.

  1. Article – Nature of Data Processing Activity

Regarding the processing of personal data within the scope of the service; HT Solar, which has the title of Data Controller within the framework of the relevant legislation, and HT Solar, which also has the title of Data Controller. ___, undertakes to establish adequate protection required to protect personal data in the transfer and processing of personal data.

Sides; Depending on the nature of the transfer activity, they can be described as Data Transferor or Data Transferee.

  1. Article – Obligations of the Parties

The parties shall use personal data in accordance with the relevant legislation and this Protocol; It will be processed in a limited and measured manner, to the extent that the commercial relationship between the parties requires the processing activity in question and only in connection with this purpose.

In cases where personal data is collected directly from the relevant persons by one of the Parties within the framework of the nature of the service between the Parties; The Party collecting the data will fulfill the obligation to inform specified in Article 10 of the Law and, if necessary, the processes of collecting explicit consent in accordance with the legislation.

The parties will be subject to an indefinite confidentiality obligation regarding personal data processing activities within the scope of this Protocol.

The Parties will process personal data within the scope of this Protocol only within the borders of the Republic of Turkey.

The Parties undertake to keep the personal data subject to transfer accurate and up-to-date, and to submit all kinds of documents, records and evidentiary information confirming the accuracy of the personal data to the other Party in accordance with the principles specified in the Law, in order to fulfill this obligation.

  1. Article – Administrative and Technical Measures

Regarding the personal data they process in all kinds of physical and electronic media within the scope of the service, the parties shall provide appropriate security services in order to prevent the unlawful processing of personal data, to prevent unlawful access to personal data and to ensure the preservation of personal data, within the framework of the obligations regulated in the 1st paragraph of Article 12 of the Law. is responsible for ensuring the level of

The parties take the necessary technical and administrative measures, taking into account the nature of the personal data they process and the magnitude of the damage that will occur in case of violation. The parties also agree that if special data is processed within the scope of the service; He accepts that he is obliged to take the measures determined by the Board regarding the processing of special categories of data.

The Parties are obliged to take the necessary measures stipulated in the legislation to prevent unauthorized access to personal data by both their own personnel and third parties and to prevent the use of personal data outside the transfer principles in this Protocol.

If defined usernames and/or passwords or other login methods are defined between the Parties for the purpose of logging into the systems containing personal data, the Parties are obliged to ensure all kinds of security regarding this access defined for them. Each Party will be responsible if all its employees, to whom it has access to the relevant system screens, act contrary to the legislation and this Protocol. In this context, the Parties are obliged to provide the necessary information and instructions to their employees.

  1. Article – Audit

The Parties accept and declare that they are subject to the control of the other Party when necessary regarding the processing of personal data within the scope of this Protocol. The Parties may carry out such inspections, directly or through a third party authorized by them, at times agreed upon with the other Party, or may request the other Party to carry out the said inspection itself.

  1. Article – Sharing of Personal Data with Third Parties

The parties are obliged to ensure that personal data within the scope of this Protocol is transferred only to third parties in accordance with the Law and the Protocol. In case of transfer of the personal data in question, the contracts to be made with third parties must include at least the protection within the scope of this Protocol. In case of data sharing with third parties, the Parties reserve the right to request detailed information on this issue from the data transferring Party.

In cases where it is necessary to share data in response to the lawful requests of competent administrative or judicial authorities, the other Party will be immediately informed of the situation and the necessary cooperation will be made in terms of the legal and commercial interests of the Parties.

  1. Article – Notification Obligation

If any request is submitted by the relevant person in accordance with Article 11 of the Law or if any security breach is detected or there is a suspected situation regarding data security, if this situation may affect the interests of the other Party, the Parties shall, without giving any information to the relevant persons. will notify the other Party within one (1) business day. In this context, all reasonable details regarding the situation in question will be communicated to the requesting Party, and the Parties will provide each other with all kinds of convenience in managing the process in order to fulfill the obligations arising from the legislation.

  1. Article – Destruction of Personal Data

Sides; In case the contract between them is terminated or its validity period expires, the personal data subject to transfer within the scope of this Protocol will be returned to the transferring Party together with its backups, depending on the requesting Party's preference, or the personal data will be completely deleted or destroyed by the relevant Party in accordance with the legislation. If there are provisions that prevent the Company from fulfilling this obligation, it accepts that it will take the necessary technical and administrative measures to ensure the confidentiality of the personal data subject to transfer and will stop the data processing activity.

  1. Article – Duration of the Agreement and Termination

This Protocol shall enter into force on the date signed by the Parties.

If any of the contracts made and/or to be made between the Parties regarding the provision of the service are terminated, this Protocol will remain in force. Even if the business or commercial relationship between the parties is completely terminated, the provisions specified in this Protocol will remain in force indefinitely.

If the Parties fail to fulfill their obligations within the framework of this Protocol or fail to comply with the Law and other legal regulations for any reason, the Parties; accepts that they have the right to suspend the transfer of personal data and terminate all agreements between them that require the processing of personal data.

The Parties undertake to reserve the right to seek recourse against each other for all damages, including but not limited to administrative or judicial sanctions, lawsuits and demands, that may arise as a result of non-compliance with this Protocol or legislation, in proportion to their faults.

…/…./…….

HT Solar Enerji A.Ş.                                                                                                 ___

EK 1

Data Subject Person Groups whose Personal Data is Processed within the Scope of the Protocol

Personal Data Categories Processed Within the Scope of the Protocol

Third Parties to whom Personal Data is Transferred within the Scope of the Protocol

Technical and Administrative Measures to be Taken

Additional Precautions to be Taken for Special Personal Data