PRIVACY AND PERSONAL DATA PROTECTION POLICY
Dear Users, Talentius Application is a product/service of CV US SOFTWARE AND CONSULTING LIMITED COMPANY.
1. INTRODUCTION
1.1. In General Ensuring the privacy and security of your personal data is among our top priorities as CV US SOFTWARE AND CONSULTING LIMITED COMPANY (hereinafter referred to as "Talentius" and/or the "Company"). The process managed and the objective targeted with this Privacy and Personal Data Protection Policy ("Policy") and other written policies within our Company regarding the processing and protection of personal data; is to process and protect personal data of the persons whose personal data is processed ("Personal Data Owners") in accordance with the law and to inform the Personal Data Owners.
1.2. Purpose and Scope of the Policy The primary purpose of this Policy is to explain the personal data processing activities carried out by our Company in accordance with the law and the systems adopted for the protection of personal data, and to inform Personal Data Owners in this context. The scope of this Policy relates to all personal data of Personal Data Owners processed through automatic or non-automatic means provided that they are part of any data recording system.
1.3. Application of the Policy and Related Legislation This Policy has been arranged by concretizing it within the framework of the principles set forth by the relevant legislation. Our Company undertakes and accepts that in the event of any incompatibility between the current legislation and this Policy, the current legislation shall apply.
2. DEFINITIONS AND ABBREVIATIONS
Explicit Consent: Consent relating to a specific subject, based on information and expressed with free will. TALENTIUS: TALENTIUS Application offered to Users by CV US SOFTWARE AND CONSULTING LIMITED COMPANY. Constitution: 1982 Constitution of the Republic of Turkey. Anonymization: Rendering personal data impossible to be associated with an identified or identifiable natural person, even if matched with other data. Employee: Employees and interns of CV US SOFTWARE AND CONSULTING LIMITED COMPANY. Candidate Employee: Natural persons who have applied for a job to CV US SOFTWARE AND CONSULTING LIMITED COMPANY by any means or who have submitted their resume and related information. Personal Data: Any information relating to an identified or identifiable natural person. Personal Data Owner/Data Subject/User: Natural person whose personal data is processed. Processing of Personal Data: Any operation performed on data such as obtaining, recording, storing, preserving, changing, reorganizing, explaining, transferring, taking over, making available, classifying or preventing the use of personal data. Board: Personal Data Protection Board. Authority: Personal Data Protection Authority. KVKK: Personal Data Protection Law No. 6698. Special Quality Personal Data: Data concerning race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress, membership of associations, foundations or unions, health, sexual life, criminal convictions and security measures. Periodic Destruction: Erasure, destruction or anonymization process to be carried out ex officio at repeated intervals in the event that all the conditions for processing personal data disappear. Policy: CV US SOFTWARE AND CONSULTING LIMITED COMPANY Privacy and Personal Data Protection Policy. Data Controller: Natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
3. PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA
3.1. Processing of Personal Data in Accordance with the Principles Provided for in the Legislation 3.1.1. Processing in Compliance with Law and Rule of Fairness Our Company has adopted being in compliance with law and rule of fairness as a basic principle in all kinds of transactions to be carried out on personal data and provides information to personal data owners about the purpose of use of the personal data collected. 3.1.2. Ensuring Personal Data are Accurate and Up-to-Date Where Necessary Our Company has a system and process to ensure the accuracy and timeliness of the personal data it processes. In this context, personal data owners can make it possible for their personal data to be kept accurate and up-to-date by applying to our company. 3.1.3. Processing for Specific, Explicit and Legitimate Purposes Our Company clearly specifies the purpose of processing personal data within legitimate and lawful limits. 3.1.4. Being Relevant, Limited and Proportionate to the Purposes for which they are Processed Our Company processes personal data for the purposes related to the field of activity and necessary for the execution of its business. 3.1.5. Preserving for the Period Provided for in the Relevant Legislation or Necessary for the Purpose for which they are Processed Our Company preserves personal data only for the period specified in the relevant legislation or limited to the period necessary for the purpose for which they are processed.
3.2. Processing of Personal Data Based on One or Three of the Personal Data Processing Conditions Specified in Article 5 of the KVKK Our Company processes personal data only based on the explicit consent of the data subject or without explicit consent in cases where it is stated in the law that explicit consent will not be sought. Cases where explicit consent is not sought: a) Clearly provided for by laws, b) Mandatory for the protection of life or physical integrity, c) Processing of personal data belonging to the parties of a contract is necessary, d) Mandatory for our Company to perform its legal obligations, e) Personal data is made public by the data subject, f) Data processing is mandatory for the establishment, exercise or protection of any right, g) Mandatory for the legitimate interests of our Company.
3.3. Processing of Special Quality Personal Data Special quality personal data may be processed by our Company only if adequate measures determined by the Board are taken in the following cases: a) Explicit consent of the data subject, b) Clearly provided for by laws, c) Mandatory for the protection of life or physical integrity, ç) Relates to personal data made public by the data subject, d) Mandatory for the establishment, exercise or protection of any right, e) Necessary for the protection of public health and management of health services, f) Mandatory for the fulfillment of legal obligations in the fields of employment and social security, g) Relates to non-profit organizations for political, philosophical, religious or trade-union purposes.
3.4. Transfer of Personal Data Your personal data may be transferred to our other organizations, supervisory institutions, shareholders, legally authorized public institutions and organizations, suppliers and business partners, cloud service providers for storage and backup, within the framework of the personal data processing conditions and purposes specified in Article 8 and Article 9 of the KVKK.
4. PRINCIPLES REGARDING THE PROTECTION OF PERSONAL DATA
4.1. Technical and Administrative Measures Taken for Ensuring Lawful Processing of Personal Data, Ensuring its Preservation and Preventing Unlawful Access
4.1.1. Technical Measures • Network security and application security are provided. • Closed system network is used in personal data transfers via network. • Key management is applied. • Security measures are taken for information technology systems. • Security of personal data stored in the cloud is provided. • Authority matrix has been created for employees. • Access logs are kept regularly. • Data masking measure is applied when necessary. • Authorities of employees who have a change of duty are removed. • Up-to-date anti-virus systems are used. • Firewalls are used. • Extra security measures are taken for paper-based personal data. • Tracking of personal data security is carried out. • Necessary security measures are taken for physical environments. • Security against external risks (fire, flood, etc.) is provided. • Personal data are reduced as much as possible. • Personal data are backed up securely. • User account management and authority control system are applied. • Internal periodic and/or random audits are carried out. • Log records are kept without user intervention. • Risks and threats have been determined. • Special quality personal data are sent encrypted. • Intrusion detection and prevention systems are used. • Penetration tests are applied. • Data loss prevention software are used.
4.1.2. Administrative Measures
• Disciplinary regulations containing data security provisions are available. • Training and awareness studies are carried out for employees. • Corporate policies on access, use, storage and destruction have been prepared. • Documents are sent in confidential format. • Personal data security policies and procedures have been determined. • Audit of data processor service providers on data security is ensured. • Our employees are informed and trained on personal data protection law. • Contracts with employees include confidentiality and data protection obligations.
4.2. Protection of Special Quality Personal Data Special quality personal data determined by the KVKK and processed lawfully by our Company are protected with sensitivity. Technical and administrative measures are carefully applied for special quality personal data.
5. DATA SUBJECT'S APPLICATION TO DATA CONTROLLER, COMMUNICATION CHANNELS AND EVALUATION PROCESSES
5.1. Subject of Application Everyone has the right to apply to our Company and: a) Learn whether personal data are processed or not, b) Request information if personal data are processed, c) Learn the purpose of processing and whether they are used accordingly, ç) Know the third parties to whom personal data are transferred, d) Request correction of incomplete or incorrect data, e) Request erasure or destruction within Article 7 of the KVKK, f) Object to results against the person through automated systems, g) Request compensation for damage due to unlawful processing.
5.2. Application Method and Address Our communication channels and methods for these rights are located on www.talentius.ai under the name of Application Form to Data Controller.
5.3. Process After Application Applications are responded within 30 days at the latest from the date the request reaches us.
5.4. Application Fee Applications are free of charge. However, if an additional cost is required, the fee determined by the Board will be charged.
6. DISCLOSURE AND INFORMATION OF PERSONAL DATA SUBJECTS
Our Company discloses information to personal data subjects regarding the process of obtaining personal data through this Policy and the Disclosure Text located on our website in accordance with Article 10 of the KVKK.
7. STORAGE PERIODS AND DESTRUCTION OF PERSONAL DATA
Our Company preserves personal data for the period specified in relevant legislation or for a reasonable period suitable for processing purposes. Personal data are destroyed after the mentioned periods expire. TALENTIUS SOFTWARE AND CONSULTING LIMITED COMPANY