Personal Data Protection Notice

Personal Data Protection Notice

Personal Data Protection Notice

Obligation of the Data Controller to Inform
Article 10 – (1) During the collection of personal data, Nazar Concept (the data controller) or the person authorized by it is obliged to inform the relevant individuals about:

a) The identity of the data controller and, if any, its representative,
b) The purposes for which personal data will be processed,
c) To whom and for what purposes the processed personal data may be transferred,
ç) The method and legal basis of personal data collection,
d) Other rights listed in Article 11.

Rights of the Data Subject
Article 11 – (1) Everyone has the right to apply to Nazar Concept (the data controller) regarding themselves and to:

a) Learn whether personal data is being processed,
b) Request information if personal data has been processed,
c) Learn the purpose of processing personal data and whether it is used in accordance with that purpose,
ç) Know the third parties to whom personal data is transferred domestically or abroad,
d) Request the correction of personal data if it is incomplete or inaccurately processed,
e) Request the deletion or destruction of personal data within the framework of the conditions set forth in Article 7,
f) Request notification of the actions taken pursuant to subparagraphs (d) and (e) to third parties to whom personal data has been transferred,
g) Object to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems,
ğ) Request compensation for damages in case of loss arising from the unlawful processing of personal data.

Obligations Regarding Data Security
Article 12 – (1) Nazar Concept (the data controller) is obliged to take all necessary technical and administrative measures to ensure an appropriate level of security in order to:

a) Prevent the unlawful processing of personal data,
b) Prevent unlawful access to personal data,
c) Ensure the safeguarding of personal data.

(2) If personal data is processed by another real or legal person on behalf of Nazar Concept (the data controller), it is jointly responsible with such persons for taking the measures specified in the first paragraph.

(3) Nazar Concept (the data controller) is obliged to carry out or have carried out the necessary audits within its institution or organization to ensure the implementation of the provisions of this Law.

(4) Data controllers and data processors may not disclose the personal data they have learned to others in violation of this Law, nor may they use it for purposes other than processing. This obligation continues even after they leave their duties.

(5) In the event that processed personal data is obtained by others through unlawful means, Nazar Concept (the data controller) shall notify the relevant person and the Board as soon as possible. If deemed necessary, the Board may announce this situation on its own website or by any other method it deems appropriate.