Personal Data Protection and Processing Policy

Any information relating to an identified or identifiable person. (A particular person’s identity, address, e-mail, education, phone number, status of employment, permanent address etc.)

PRIVATE CATEGORIES OF PERSONAL DATA

Data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dressing, membership of association, foundation or trade-union, health, sexual life, criminal conviction and security measures, and biometrics and genetics are private categories of personal data.

EXPLICIT CONSENT

Freely given specific and informed consent on a particular topic.

BUSINESS PARTNERS

The parties that our company cooperates with.

PROCESSING OF PERSONAL DATA

All transactions performed on personal data, such as collection, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making retrievable, classification or preventing the use .

DATA SUBJECT

The natural person whose personal data is processed.

DATA CONTROLLER

Natural or legal person who determines the purposes and means of the processing of personal data, and who is responsible for establishment and management of the filing system.

DATA PROCESSOR

Natural or legal person who processes personal data based on the authority granted by and on behalf of the data controller.

APPLICANT

Natural person who filed a job or internship application to our company by any means or allow resume and related information to be inspected by our company.

SUPPLIER

Parties who provide service to our company agreeable with our company’s orders and instructions in the scope of agreement.

ANONYMIZATION

Rendering personal data impossible to link with an identified or identifiable natural person, even through matching them with other data.

Pursuant to article 4 of KVKK, MOMENTUP being in the position of data controller, acts in such means in the processing of personal data:

• Lawfulness and conformity with rules of bona fides:

  Complying with laws and good faith rules appeals to the obligation to act according to the law principles and other legal regulations regarding the processing of personal data. While trying to achieve data processing objectives, the data inspector will take into account the interest and reasonable expectations of those concerned, according to the rules of good faith.

  MOMENTUP acts according to rules of bona fides and principles provided by the law and other legal regulations in the processing of personal data.

• Accuracy and being up to date, when it's necessary:

  In order to provide accurate and up-to-date personal data; sources of the personal data should be stated, accuracy of the source should be tested, requests that may arise due to inaccurate personal data should be taken into consideration and necessary measures should be taken in this context.

  MOMENTUP, always take measures in order to provide the accuracy and up-to-dateness of data subject’s information.

• Processing for specific, clear and legitimate purposes:

  Personal data processed by MOMENTUP are related to and necessary for its business or provided service. In this respect, MOMENTUP places importance on compliance with the principle of specificity and explicitness in Statement of Disclosure Requirement where purposes of personal data processing is explained.

• Personal data are relevant to, limited and proportionate to the purposes for which they are processed:

  Data being proportionate to the purposes for which they are processed requires the avoidance of processing personal data that is not relevant with and not needed for the purposes. In this respect MOMENTUP provides adequate data for the purposes and avoids processing data that is not needed for the purpose.

• Being retained for the period of time stipulated by relevant legislation or the purpose for which they are processed:

  According to the “being limited to purpose” principle of personal data, data should be retained for the period of time in accordance with the purpose for which they are processed. In this respect, if there is stipulated period of time by relevant legislation MOMENTUP complies with it. If there is no such stipulated period of time data is retained for the period that is needed for the purpose. In case of both exceeding the period of time stipulated in relevant legislation which MOMENTUP is liable to due to legal obligations, and exceeding the period of time needed for the purpose, persona data is deleted, destroyed or anonymised by MOMENTUP pursuant to Regulations on Deletion, Destruction, and Anonymization of Personal Data.

  Hereby our Policy is indispensable to perpetuate our company’s pursuance.

Your personal data is collected by, apart from possible changes related to services provided by MOMENTUP and commercial activities of MOMENTUP, bodies of MOMENTUP, the website, social media, client meeting and similar means, in verbal, written and electronic forms; and they are preserved pursuant to the applicable legislation, within the legally implemented period time and within the period of time that is needed for the purpose of data processing.

Also, when you use our call centers or website, visit our company or website, participate in trainings, seminars or organizations held by our company to benefit from the services, your personal data may be processed.

Personal data are processed by MOMENTUP or natural or legal persons that will be appointed by MOMENTUP, within the purposes stated below, pursuant to the applicable legislation, mainly article 5 and 6 of KVKK where obligations of data processing are stated:

• To offer, improve, develop and diversify our company’s products and services
• To fulfill our legal liabilities as it is obligated and necessitated by legal regulations
• To fulfill liabilities of contract of employment for employees and/or applicable legislation, increase employees’ level of performance and employee satisfaction, determine training and career planning or to provide job safety,
• To carry out recruitment and job applications processes in accordance with MOMENTUP’s human resources policy
• To manage communication with suppliers and business partners
• To contact with people who are in business alliance with the company
• To reassure the legal and commercial related safety of MOMENTUP and person who are in business relations with MOMENTUP
• Product advertising, marketing
• Customer satisfaction survey
• Gift or Give aways
• Management of compliance
• Management of vendor/supplier
• Legal reporting
• Billing
• Activity management
• Management of law, provision and financial affairs
• To give authorized institutions and organizations legal information
• Administration of processes of membership through social networks
• Administration of processes of call centers
• To provide infrastructure of E-Commerce
• To provide mobile applications related to mobile commerce
• Activities of R&D
• To provide corporate communication
• To send bulletins through e-mail or to send notifications

Personal data shall not be processed without obtaining the explicit consent of the data subject. Personal data may be processed without obtaining the explicit consent of the data subject if one of the below conditions exists:

To prevent illegally processing of personal data and accessing personal data legally, and to provide legal preservation of data we apply technical and administrative precautions that are both stipulated in law and stated below:

Constituting procedures for authorization of access within MOMENTUP, constituting information security awareness programmes to make sure that employees of MOMENTUP have awareness of their responsibilities and roles regarding personal data security; granting access to personal data to people who needs them for execution and performance of service and making sure your data are processed by authorized within confidentiality.

When there are collaborations with third parties in order to process personal data, contracts signed by data processing parties include provisions related to confidentiality and persons processing data taking necessary measures.

If a violation to Data Security is confirmed and under circumstances where we have legal liability to report; procedures of notification to Board of Relevant Person and Private Data Protection are constructed.

Private categories of personal data are processed by us by taking necessary measures as determined by the Board of Protection of Personal Data and as stipulated in law, if there is explicit consent or under circumstances that are required by applicable legislation.

Health and sexuality involving private categories of personal data are not processed by our organization except for our employees’ data due to their processability by authorized institutions and organizations or persons who have confidentiality obligation for the purpose of protecting public health, performing protective medicine, diagnosis, treatment and care services and for the purpose of planning of financing with the health services.

We process, preserve and transfer your personal data that are in your resume, certificate or within the professional knowledge of yours that you have provided for the purpose of consideration of your job application. The information you shared as job applicants are assessed, processed and preserved both in the scope of this Policy and MOMENTUP Employee Data Processing Policy.

To whom and under with what purposes processed personal data may be transferred;

Among the purposes stated above, personal data may be transferred to;

• Our suppliers and solution partners limited to the purpose of being able to supply external products and services
• Business partners and connections
• Persons and institutions we receive service for preserving of personal data on cloud environment
• Group companies
• Legally authorized administrative and official authorities
• Legally authorised private law persons
• Our shareholders limited to purpose of designing strategies regarding commercial activity of our organization

According to article 8 and 9 of KVKK and rules and principles stated above.

For the purposes of legal personal data processing stated in this policy, MOMENTUP may take necessary technical and administrative measures and transfer personal data to third parties located domestically and abroad (storage, archiving, information technologies support (server, hosting, programme, cloud informatics), third parties that provide us service, business partners with whom we collaborate and/or get service, supplier firms, banks, financial cooperations, consulting firms that provide support in law and taxes, and other related realms where transfer is necessary for determined purposes(especially academics within R&D service) and authorized institutions and cooperation.

MOMENTUP may transfer personal data to foreign countries that are declared to have sufficient security by the Board of Protection of Personal Data or under circumstances where no sufficient security exists, foreign countries that are given the allowance by the Board of Protection of Personal Data and written undertaking of sufficient security from data controllers in both Turkey and in the foreign country. Accordingly, MOMENTUP acts in compliance with the stipulated regulations in article 9 of KVKK.

Your personal data is gained through website, various contracts, any kinds of information forms, job application forms, social media applications and not limited to stated here, all sorts of verbal, written or electronic environment by MOMENTUP or data processing natural or legal persons working for MOMENTUP, for the purpose of maintenance of MOMENTUP’s commercial activities, for offering products and services according to laws and for fulfilling responsibilities arised from laws completely and accurately.

As personal data subjects, if you send your requests to MOMENTUP regarding your rights, with the means that are regulated in this Policy, MOMENTUP will conclude your request in thirty days at the latest, according to the content of the request, and free of charge. However, if the Board of Protection of Personal Data stipulates a cost, it will be charged according to determined rates by MOMENTUP.

In accordance with Article 11 of KVKK, data subjects have the right to:

• Learn whether or not her/his personal data have been processed
• Request information as to processing if her/his data have been processed
• Learn the purpose of processing of the personal data and whether data are used in accordance with their purpose
• Know the third parties in the country or abroad to whom personal data have been transferred
• Request rectification in case personal data are processed incompletely or inaccurately
• Request deletion or destruction of personal data that is processed by operation of Personal Data Protection Law no. 6698 and other relevant law, if causes of processing ceased to exist
• Request notification of the operations made as per indents (e) and (f) to third parties to whom personal data have been transferred
• Object to occurrence of any result that is to her/his detriment by means of analysis of personal data exclusively through automated systems
• Request compensation for the damages in case the person incurs damages due to unlawful processing of personal data

Personal data that is processed in accordance with KVKK and other relevant laws shall be deleted, destroyed or anonymised either ex officio or upon request by the data subject pursuant to article 7 of KVKK (pursuant to Regulation on Deletion, Destruction, and Anonymization of Personal Data) in case of conditions for processing of personal data on articles 5 and 6 of KVKK cease to exist.

MOMENTUP fulfills its obligation in this context, in accordance with the technical and administrative measures to be taken within the general principles on article 4 and in the scope of article 12, provisions of applicable legislation and the Board of Protection of Personal Data.

According to paragraph 1 of article 13 of KVKK, Personal Data Subject can send your requests regarding your rights via the email address info@momentup.com

In your application which has the purpose of using the stated rights that you own as a personal data subject, it is required for the request to be explicit and understandable, that the subject is yourself and that you are authorized and have the authorization document if you are acting on behalf of another person, that the request should include information of identification and address and that documents enhancing your identification are added.

Applications in the scope of this context are concluded as soon as possible and within thirty days at the least. Applications are currently free of charge. However, if the transaction requires a cost, a fee may be charged according to determined rates by the Board of Protection of Personal Data.

Legally acquired personal data via purchase of a product/service and in other means prior to the effective date of KVKK, 7th of April 2016 are processed and preserved in accordance with the terms and conditions stated in this Policy.

In this context, MOMENTUP takes necessary actions to inform regarding its all employees’ duties and responsibilities, especially employees who have access to personal data.

This Protocol herein is revised at least once per year and is shared with you if necessary as it is updated in accordance with the principles that would be .

Personal data obtained during recruitment process and job assigning of applicants and specific personal data obtained according to job description (belongs to the person who shared his/her information for job application, personal data used during application consideration period), from MOMENTUP or MOMENTUP’s business alliances or natural or legal persons authorized from MOMENTUP is processed accordingly purposes stated below and also stated at MOMENTUP Personal Data