Our Privacy Policy
PRIVACY POLICY
As MUTLULARTRANSPORT.COM, we attach great importance to the safety of our visitors and customers. In this context, we have prepared 2 important pages, KVKK Clarification Text and Cookie Policy, in order to protect your personal data and to provide you with more enlightening information.
Our Company Information
Title: Mutlular Transport
Address:
Email Address: [email protected]
Mersis Number:
Telephone:
1. PURPOSE
As MUTLULAR TRANSPORT; The processing and data of real persons, including our members, customers, visitors, suppliers and employees, in accordance with the relevant legislation, in particular the Constitution of the Republic of Turkey, the International Conventions on human rights to which our country is a party, and the Law on the Protection of Personal Data No. 6698 (“KVKK”). It is our priority to ensure that the rights of the persons who are processed are used effectively.
Therefore, but not limited to those listed; Our employees, suppliers, customers, visitors, members, users visiting our stores, our website and mobile applications, in short, the processing, storage and transfer of data regarding all personal data we obtain during our activities are in accordance with MUTLULAR TRANSPORT(MUTLULARTRANSPORT.COM) Personal Data Protection and Processing Policy. (the “Policy”).
Protecting personal data and observing the fundamental rights and freedoms of natural persons whose personal data are collected are the basic principles of our policy regarding the processing of personal data. For this reason, we carry out all our activities in which personal data are processed, by protecting the privacy of private life, confidentiality of personal information, confidentiality of communication, freedom of thought and belief, and the right to use effective legal remedies.
For the purpose of protecting personal data, we take all administrative and technical protection measures required by the nature of the data in accordance with the legislation and up-to-date technology.
This Policy explains the methods we follow for the processing, storage, transfer, deletion or anonymization of personal data shared during our commercial, promotion-marketing or social responsibility and similar activities within the framework of the principles mentioned in the PDPL.
2. SCOPE
All personal data processed by the Company, including our visitors, business contacts, business partners, employees, suppliers, members, third parties, are within the scope of this Policy.
Our policy is implemented in all activities related to the processing of personal data owned or managed by the Company, and has been handled and prepared by considering the KVKK and other relevant legislation regarding personal data and international standards in this field.
3. DEFINITIONS and ABBREVIATIONS
In this section, special terms and phrases, concepts, abbreviations, etc. in the Policy. briefly explained.
MUTLULARTRANSPORT.COM: MUTLULAR TRANSPORT
Explicit Consent: Confirmation regarding a certain subject, based on information and free will, with a clear and unambiguous, limited only to that transaction.
Anonymization: It is the rendering of personal data that cannot be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
Employee: Company Personnel.
Personal Data Owner (Relevant Person): The real person whose personal data is processed.
Personal Data: Any information relating to an identified or identifiable natural person.
Sensitive Personal Data: The person's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, health information, fingerprints, clothing, association, foundation or union membership, health, sexual life, criminal conviction , and data on security measures, as well as biometric and genetic data.
Processing of Personal Data: Obtaining, recording, storing, storing, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system or any kind of operation performed on the data, such as preventing its use.
Data Processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
KVK Board: Personal Data Protection Board.
KVK Authority: Personal Data Protection Authority.
KVKK: The Law on the Protection of Personal Data published in the Official Gazette dated 7 April 2016 and numbered 29677.
Policy: MUTLULARTRANSPORT Personal Data Protection and Processing Policy.
4. ROLE AND RESPONSIBILITIES
4.1. Board of Directors
The Board of Directors is responsible for the oversight of the determination and operation of notification, review and sanction mechanisms in case of non-compliance with the Policy, rules and regulations.
Personal Data Protection and Processing Policy has been approved by the Board of Directors.
It is the authorized approval mechanism to ensure that the policy is created, implemented and updated when necessary.
4.2 Control Unit
By taking the necessary measures for the compliance of the foreign service companies with the Policy, together with the employees involved.
The Audit Unit is responsible for examining the issues in order to examine the issues contrary to the policy.
4.3 Information Systems Commission
The Information Systems Commission is responsible for the preparation, development, execution and updating of this Policy. It evaluates this Policy in terms of timeliness and development needs when necessary.
It is the responsibility of the Information Systems Commission Manager to publish the prepared document on the institution portal.
5. LEGAL OBLIGATIONS
Legal obligations within the scope of protection and processing of personal data as a data controller pursuant to KVKK are listed below:
5.1. Our obligation to inform
While collecting personal data as a data controller;
For what purpose your personal data will be processed
Our identity, information on the identity of our representative, if any
To whom and for what purpose your processed personal data can be transferred
The way we collect data and the legal reason
We have an obligation to inform the Related Person about the rights arising from the law.
As a company, we take care to ensure that this Policy, which is open to the public, is clear, understandable and easily accessible.
5.2. Our obligation to ensure data security
As the data controller, we take the administrative and technical measures stipulated in the legislation to ensure the security of the personal data in our responsibility.
Obligations and measures regarding data security are detailed in the 9th and 10th sections of this Policy.
6. CLASSIFICATION OF PERSONAL DATA
6.1. Personal data
Personal data; Any information relating to an identified or identifiable natural person.
The protection of personal data is only related to real persons, and information belonging to legal entities that do not contain information about the real person is excluded from personal data protection. Therefore, this Policy does not apply to data belonging to legal entities.
6.2. Special categories of personal data
Data on people's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, their clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data are privately owned. qualified personal data.
7. PROCESSING PERSONAL DATA
7.1. Our personal data processing principles
We process personal data in accordance with the principles below.
7.1.1. Processing in accordance with the law and honesty rules
We process personal data in accordance with the rules of honesty, transparently and within the framework of our disclosure obligation.
7.1.2. Ensuring that personal data is accurate and, where necessary, up to date
We take the necessary measures in our data processing procedures to ensure that the processed data is accurate and up-to-date. We also allow the Personal Data Owner to apply to us to update their existing data and to correct any errors in their processed data, if any.
4. ROLE AND RESPONSIBILITIES
4.1. Board of Directors
The Board of Directors is responsible for the oversight of the determination and operation of notification, review and sanction mechanisms in case of non-compliance with the Policy, rules and regulations.
Personal Data Protection and Processing Policy has been approved by the Board of Directors.
It is the authorized approval mechanism to ensure that the policy is created, implemented and updated when necessary.
4.2 Control Unit
By taking the necessary measures for the compliance of the foreign service companies with the Policy, together with the employees involved.
The Audit Unit is responsible for examining the issues in order to examine the issues contrary to the policy.
4.3 Information Systems Commission
The Information Systems Commission is responsible for the preparation, development, execution and updating of this Policy. It evaluates this Policy in terms of timeliness and development needs when necessary.
It is the responsibility of the Information Systems Commission Manager to publish the prepared document on the institution portal.
5. LEGAL OBLIGATIONS
Legal obligations within the scope of protection and processing of personal data as a data controller pursuant to KVKK are listed below:
5.1. Our obligation to inform
While collecting personal data as a data controller;
For what purpose your personal data will be processed
Our identity, information on the identity of our representative, if any
To whom and for what purpose your processed personal data can be transferred
The way we collect data and the legal reason
We have an obligation to inform the Related Person about the rights arising from the law.
As a company, we take care to ensure that this Policy, which is open to the public, is clear, understandable and easily accessible.
5.2. Our obligation to ensure data security
As the data controller, we take the administrative and technical measures stipulated in the legislation to ensure the security of the personal data in our responsibility.
Obligations and measures regarding data security are detailed in the 9th and 10th sections of this Policy.
6. CLASSIFICATION OF PERSONAL DATA
6.1. Personal data
Personal data; Any information relating to an identified or identifiable natural person.
The protection of personal data is only related to real persons, and information belonging to legal entities that do not contain information about the real person is excluded from personal data protection. Therefore, this Policy does not apply to data belonging to legal entities.
6.2. Special categories of personal data
Data on people's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, their clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data are privately owned. qualified personal data.
7. PROCESSING PERSONAL DATA
7.1. Our personal data processing principles
We process personal data in accordance with the principles below.
7.1.1. Processing in accordance with the law and honesty rules
We process personal data in accordance with the rules of honesty, transparently and within the framework of our disclosure obligation.
7.1.2. Ensuring that personal data is accurate and, where necessary, up to date
We take the necessary measures in our data processing procedures to ensure that the processed data is accurate and up-to-date. We also allow the Personal Data Owner to apply to us to update their existing data and to correct any errors in their processed data, if any.
To become a member of their digital platforms through the Mutlulartransport.com system, visitors;
Name surname
Email address
Phone number
Date of Birth-TR ID
They create a membership in the system by sharing their information with us.
Deletion, destruction or anonymization of personal data within the scope of this platform is within the scope of Article 9 of this Policy.
7.7. Processing of personal data collected within the scope of Job Application
Personal data obtained through application forms, CVs and applications made to intermediary institutions will be recorded to be used for the evaluation of the job application.
They are advised to review their personal data processing and privacy policies. Those who apply with the Application Form;
Identity information (name, surname, date of birth, TR ID number)
Contact information (address, e-mail address, phone number, etc.)
Educational information (graduated schools, etc.)
Work experiences
foreign language knowledge
Computer skills
Certificate
Reference
Photograph
health data
General information such as driver's license/travelability etc.
They create a resume by sharing their information. Depending on the nature of the application, the employer may request additional photographic-health data from the member who creates the CV in order to evaluate whether he is qualified for the job in question. The requested health information is processed only for employment purposes within the scope of the relevant legislation.
The information shared by the applicants within the scope of the CV can be viewed by the employer companies. Within the scope of the legislation, it stores the identity, education and profession information of the APPLICANT and can transfer these data to solution partners, public institutions and organizations upon request.
Deletion, destruction or anonymization of personal data within the scope of this platform is within the scope of Article 9 of this Policy. In the event of a negative result of the job application process, the processing and data security of personal data shared with the employer is the responsibility of the employer.
7.8. Processing of personal data collected within the scope of Purchase Transactions
When a purchase is made, the financial information of the CUSTOMER is transferred to individuals and institutions such as bank or credit card companies to perform the transaction. Transferred data;
Credit Card Number
Expiration date
CVV2
or data related to payment purposes, such as bank account information.
During the purchase, data such as invoice and payment information of the customer (name, surname, tc, phone number, invoice address), sent invoices and receipt samples of payments received from members, payment number, invoice amount, invoice number, invoice date are obtained. . These data are; managing the invoicing process, accounting, after-sales services, communication, marketing, auditing, control, and payment service providers. When the purchase is made, the financial information of the customer is transferred to persons such as bank or credit card companies in order to carry out the transaction. Credit card information is not kept in Mutlular Transport databases.
During shopping, video recording is made in stores for security purposes and to view cashier transactions. In distance sales made by phone, voice recordings are taken in order to make safe sales.
The above-mentioned data is transferred in accordance with article 8 of this Policy and shared with third parties.
Deletion, destruction or anonymization of personal data within the scope of this platform is within the scope of Article 9 of this Policy.
7.9. Exceptional cases where express consent is not sought in the processing of personal data
In exceptional cases listed below and arising from the law, we may process personal data without express consent:
expressly stipulated in the law
It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract
Data processing is mandatory for the establishment, exercise or protection of a right
It is necessary for us to process your data for our legitimate interests as data controller, provided that it does not harm fundamental rights and freedoms.
Exceptional cases where sensitive personal data can be processed without the explicit consent of the Relevant Person are specified in article 7.3 of this Policy.
8. TRANSFER OF PERSONAL DATA
8.1. Transfer of personal data to the country
As a company, we act in line with the decisions and regulations stipulated in the KVKK and taken by the KVK Board regarding the transfer of personal data.
Without prejudice to the exceptional circumstances in the legislation, personal data and sensitive data are not transferred by us to other real persons or legal entities without the explicit consent of the Relevant Person.
In exceptional cases stipulated by the KVKK and other legislation, the data may be transferred to the authorized administrative or judicial institution or organization in the manner stipulated in the legislation and within the limits, without the explicit consent of the Relevant Person.
In addition, with the exceptional cases stipulated by the legislation;
In cases described in the Policy
Regarding the special categories of personal data, the Policy applies in the cases listed.
With the taking of the measures stipulated by the KVK Board and the relevant legislation, the personal data of the Relevant Person's health and special quality only for the purpose of protecting public health, conducting preventive medicine, medical diagnosis, treatment and care services, planning and managing the financing of health services. It can be transferred to persons or authorized institutions and organizations that are under the obligation to keep it, without seeking explicit consent.
8.2. Transfer of personal data abroad
As a rule, personal data is not transferred abroad without the explicit consent of the Relevant Person. However, in cases where one of the exceptional cases of this Policy exists, third parties abroad can only:
Being in countries where there is sufficient protection declared by the KVK Board
In case of being located in countries where there is no adequate protection, the data controllers in Turkey and in the foreign country in question must undertake an adequate protection in writing and the KVK Board has permission
In such cases, personal data may be transferred abroad without express consent.
8.2.1. Transfer of personal data abroad for the purposes of providing our services and marketing activities
We work with service providers located abroad for purposes such as developing the website and digital platforms, conducting surveys, increasing the variety of products and services according to the preferences of visitors and members, and measuring user experience. It is recommended to examine the relevant policies of the service providers it cooperates with regarding the processing and protection of personal data.
8.3. Institutions and organizations to which personal data is transferred
Personal data;
To our suppliers
To our business partners and business contacts
to technical services
To transport companies
To cargo companies
Legally authorized public institutions and organizations
Legally authorized private law persons
It can be transferred to our partners according to the principles and rules described above.
Independent audit firms
8.4. Measures we take regarding the legal transfer of personal data
8.4.1. technical measures
To protect personal data, but not limited to those listed;
To make in-house technical organization for the processing and storage of personal data in accordance with the legislation.
It creates the technical infrastructure to ensure the security of the databases where your personal data will be stored.
Follows and controls the processes of the technical infrastructure created
It determines the procedures for reporting the technical measures and audit processes we take.
Periodically updates and renews technical measures.
Risky situations are re-examined and necessary technological solutions are produced.
It uses virus protection systems, firewalls and similar software or hardware security products and establishes security systems in line with technological developments.
We employ employees who are experts in technical matters.
8.4.2. Administrative measures
To protect your personal data, but not limited to those listed;
Establishes policies and procedures for accessing personal data, including company and subsidiary employees within our company.
Informing and training our employees on the legal protection and processing of personal data
In the contracts we make with our employees and/or the Policies we create, the company records the measures to be taken in case of unlawful processing of personal data by our employees.
We control the processing of personal data of the data processors we work with or the partners of the data processors.
9. STORAGE OF PERSONAL DATA
9.1. Keeping personal data for the period required by the relevant legislation or for the purpose for which they are processed.
We keep personal data for as long as required by the purpose of processing personal data, without prejudice to the storage periods stipulated in the legislation.
In cases where we process personal data for more than one purpose, the data is deleted, destroyed or anonymized and stored if the purposes of processing the data disappear or there is no legal obstacle to the deletion of data upon the request of the Relevant Person. In matters of destruction, deletion or anonymization, the provisions of the legislation and the decisions of the KVK Board are complied with.
9.2. Measures we take regarding the storage of personal data
9.2.1. technical measures
It creates technical infrastructures and related control mechanisms for the deletion, destruction and anonymization of personal data.
Takes necessary measures to keep personal data safe
Employs employees with technical expertise
It creates business continuity and emergency plans against possible risks and develops systems for their implementation.
We establish security systems in accordance with technological developments regarding the storage areas of personal data.
9.2.2. Administrative measures
Raising awareness by informing our employees about the technical and administrative risks related to the storage of personal data
In case of cooperation with third parties for the storage of personal data, contracts made with companies to which personal data are transferred; We include provisions regarding taking the necessary security measures for the protection and safe storage of the transferred personal data of the persons to whom personal data is transferred.
10. SECURITY OF PERSONAL DATA
10.1. Our obligations regarding the security of personal data
Personal data;
To prevent illegal processing,
To prevent illegal access,
To ensure that it is stored in accordance with the law,
We take administrative and technical measures according to technological possibilities and implementation costs.
10.2. Measures we take to prevent unlawful processing of personal data
Carries out and has the necessary inspections made within our company,
To train and inform our employees about the legal processing of personal data,
The activities carried out by our company are evaluated in detail for all business units, and as a result of the said evaluation, personal data is processed specifically for the commercial activities carried out by the relevant units,
In contracts made with companies that process personal data, in cases where cooperation is made with third parties for the processing of personal data; It includes provisions regarding the taking of necessary security measures by the persons who process personal data,
In case of unlawful disclosure of personal data or data leakage, we notify the KVK Board about the situation and carry out the investigations stipulated by the legislation and take the measures.
10.2.1. Technical and administrative measures taken to prevent unlawful access to personal data
To prevent unlawful access to personal data;
Employs employees with technical expertise,
Periodically updating and renewing the technical measures,
Establishes access authorization procedures within our company,
It determines the procedures regarding the reporting of the technical measures and audit processes we take,
It creates the data recording systems used in our company in accordance with the legislation and makes periodic audits,
It creates emergency aid plans against the risks that may occur and develops systems for their implementation,
We train and inform our employees about accessing and authorizing personal data,
In contracts with companies that provide access to personal data, in cases where cooperation is made with third parties for activities such as processing and storing personal data; It includes provisions regarding taking the necessary security measures of persons accessing personal data,
We establish security systems within the scope of technological developments in order to prevent unlawful access to personal data.
10.2.2. Measures we take in case of unlawful disclosure of personal data
We take administrative and technical measures to prevent the unlawful disclosure of personal data and update them in accordance with our relevant procedures. If we detect that personal data has been disclosed without authorization, we establish systems and infrastructures to notify the Related Person and the KVK Board.
In the event of an unlawful disclosure despite all the administrative and technical measures taken, this may be announced on the website of the KVK Board or by any other method, if deemed necessary by the KVK Board.
11. RIGHTS OF PERSONAL DATA SUBJECT
Within the scope of our disclosure obligation, we inform the Personal Data Owner and establish systems and infrastructures for this information.
We make the necessary technical and administrative arrangements for the Personal Data Owner to exercise their rights regarding their personal data. On the Personal Data Owner's personal data;
Learning whether personal data is processed
If personal data has been processed, requesting information about it
Learning the purpose of processing personal data and whether they are used in accordance with the purpose
Knowing the third parties to whom personal data is transferred at home or abroad
Requesting correction of personal data if it is incomplete or incorrectly processed
Requesting the deletion or destruction of personal data in case the reasons requiring the processing of personal data disappear
Requesting notification of the above-mentioned correction, deletion or destruction processes to third parties to whom personal data has been transferred
Objecting to the emergence of an unfavorable result by analyzing the processed data exclusively through automated systems
Requesting the compensation of the damage in case of loss due to unlawful processing of personal data
has rights.
11.1. Exercise of rights regarding personal data
Personal Data Owner requests his/her personal data
If your e-mail address is registered in your system, it can be forwarded to the e-mail account of [email protected].
In the application,
a) Name, surname and signature if the application is written,
b) For citizens of the Republic of Turkey, T.R. identification number, nationality for foreigners, passport number or identification number, if any,
c) Domicile or workplace address for notification,
ç) If available, the e-mail address, telephone and fax number for notification,
d) Subject of the request,
must be present.
(3) Information and documents related to the subject are attached to the application.
(4) In written applications, the date of notification is the application date.
(5) In applications made by other methods; The date on which the application reaches us is the application date.
Such requests will be made individually and requests made by unauthorized third parties regarding personal data will not be taken into consideration.
11.2. Evaluation of the application
11.2.1. Application response time
Requests regarding personal data are concluded as soon as possible and in any case within 30 (thirty) days at the latest, free of charge, or against the fee in the tariff if the conditions in the tariff to be published by the KVK Board are met.
Additional information and documents may be requested during the application or while the application is being evaluated.
11.2.2. Our right to refuse the application
Applications regarding personal data;
Processing personal data for purposes such as research, marketing, planning and statistics by anonymizing with official statistics
Processing personal data for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate privacy or personal rights or constitute a crime
Processing of personal data made public by the Personal Data Owner
The application is not based on a just cause,
The application contains a request contrary to the relevant legislation,
Failure to comply with the application procedure
rejected with justification.
11.3. Evaluation procedure of the application
In order for the response period specified in this Policy to begin, you must send the requests made using the methods in article 11.1 and with information and documents proving the identity of the applicant.
If the request is accepted, the relevant action is applied and a written or electronic notification is made. In case of rejection of the request, the applicant is notified in writing or electronically by explaining the reason.
11.4. Right to complain to the Personal Data Protection Board
In cases where the application is rejected, the answer we give is insufficient or the answer is not given on time; The applicant has the right to complain to the KVK Board within 30 (thirty) days from the date of learning the answer and in any case within 60 (sixty) days from the date of application.
12. PUBLICATION AND STORAGE OF THE DOCUMENT
This Policy is stored in two different media, printed paper and electronic media.
13. UPDATE PERIOD
This Policy is reviewed at least once every two years and updated in accordance with the principles as needed.
14. EFFECTIVENESS
This Policy is deemed to have entered into force after its publication on the Company's website.
15. REVOCATION
In the event that it is decided to be revoked, the wet signed old copies of this Policy are canceled and signed by the Legal Unit with the written approval of the Department Manager (with an annulment stamp or an annulment) and kept by the Legal Unit for a period of 5 years.
16. Turning Off Browser Cookies
Detailed information can be obtained from our Cookie Policy page.