Clarification Letter on Protection of Personal Data (KVKK)
It includes the processing, storage and transfer of personal data of real persons, including all our customers, members, suppliers, visitors, users and employees, and all personal data we obtain during our activities, and the explanation on how Beat Run Crew processes it.
All administrative and technical protection measures required by the nature of the data for the purpose of protecting personal data are carried out in accordance with the current legislation and current technology.
This text explains the methods we follow for the processing, storage, transfer and deletion or anonymization of personal data shared during our commercial, promotional-marketing or social responsibility and similar activities within the framework of the principles mentioned in the KVKK.
This includes all personal data processed by Beat Run Crew, including our visitors, customers, business contacts, business partners, employees, suppliers, members, and third parties.
DEFINITIONS AND ABBREVIATIONS
Explicit Consent: The consent given on a specific subject, based on being informed and free will, in clarity that does not leave room for hesitation, limited to that transaction.
Anonymization: It is the rendering of personal data that cannot be associated with an identified or identifiable natural person, even by matching with other data.
Employee: Company Personnel.
Personal Data Owner (Relevant Person): The real person whose personal data is processed.
Personal Data: All kinds of information regarding an identified or identifiable natural person.
Special Qualified Personal Data: People’s race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, health information, fingerprints, attire and clothing, association, foundation or union membership, health, sexual life, criminal conviction. and biometric and genetic data related to security measures.
Processing of Personal Data: Obtaining, recording, storing, storing, changing, reorganizing, disclosing, transferring, taking over, making available, classifying personal data completely or partially automatically, or by non-automatic means provided that they are part of any data recording system. or any action taken on the data, such as preventing its use.
Data Processor: Real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.
Data Supervisor: Real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
KVKK: Personal Data Protection Law No.6698, published in the Official Gazette dated April 7, 2016 and numbered 29677.
Board: The Personal Data Protection Board,
Authority: The Personal Data Protection Authority,
KVKK Policy: Beat Run Crew Personal Data Protection and Processing Policy,
Digital Platform: All social platforms, including websites and mobile applications owned by Beat Run Crew,
Beat Run Crew (Membership System): It indicates the membership system of all existing digital platforms and websites belonging to Beat Run Crew.
ROLES AND RESPONSIBILITIES
The Company Management is responsible for the supervision of the determination, supervision and operation of notification, inspection and sanction mechanisms in case of non-compliance with the KVKK Policy, rules and regulations. The Policy on Protection and Processing of Personal Data has been approved by the Company Management. The Company Management is the authorized approval mechanism to ensure that the Personal Data Protection and Processing Policy is established, implemented and updated when necessary.
Legal obligations within the scope of protection and processing of personal data as a data controller in accordance with the KVKK are listed below:
Beat Run Crew pays attention to the purpose for which your personal data will be processed, transferred, to whom and for what purpose your personal data can be transferred, and the obligation to illuminate.
As Beat Run Crew, administrative and technical measures stipulated in the legislation are taken to ensure the security of personal data under our responsibility.
CLASSIFICATION OF PERSONAL DATA
Personal data; all kinds of information regarding an identified or identifiable natural person.
The protection of personal data is only related to real persons, and information belonging to legal entities that does not contain information about a real person is excluded from personal data protection. Therefore, this KVKK Policy is not applied to data belonging to legal entities.
Individuals’ race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, attire and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are private. qualified personal data.
PROCESSING OF PERSONAL DATA
We take the necessary measures in our data processing procedures to ensure that the data is accurate and up to date. It is possible to apply to the Personal Data Owner to update his / her existing data and to correct the errors in the processed data, if any.
Unless there is a legal requirement, personal data of special nature are not processed or when it is required, express consent is obtained regarding the subject.
Many regulations in the legislation require personal data to be stored for a certain period of time. Therefore, the personal data we process are stored for the period stipulated in the relevant legislation or required for the purposes of processing personal data.
We delete, destroy or anonymize personal data in case the storage period stipulated in the legislation expires or the processing purpose disappears.
Personal data are processed for the following purposes:
Conducting commercial activities.
Providing support services within the scope of the contract and within the framework of Service Standards.
To determine the preferences and needs of our members / visitors and to shape and update the services we provide within this scope.
Fulfilling our legal obligations as required or required by legal regulations.
Evaluation of job applications
To contact people who have a business relationship with the company.
Sales and marketing.
Managing the relationship between the Seller and the Supplier.
To make legal reporting.
To run the Beat Run Crew Membership System.
To communicate between Beat Run Crew candidates and employers
To provide corporate communication.
To individualize Beat Run Crew campaigns and to suggest campaigns and promotions according to their interests.
Providing the liaison between the company and the transportation or technical service after purchasing the product specific to Beat Run Crew.
Sending newsletters, marketing activities or notifications via SMS, E – mail.
Special quality personal data are processed by us by taking the administrative and technical measures stipulated by the laws and stipulated by the KVK Board and if there is express consent or when required by the legislation.
Cookies are used to improve the functioning and usage of our internet pages or mobile applications. Efforts are made to make the time spent on our digital platforms more efficient. In addition to these, we use some cookies to remind the preferences made on our websites and other social platforms and thus provide convenience to the user.
We can collect your personal data through cookies on our digital platforms, process, transfer and store the data we collect.
You can find detailed information about the cookies we use on our website.
During the application process you will make as an employee candidate, you can share your CV, diploma, photo, etc. with us. We process, store and transfer your personal data in other documents in order to evaluate your job application. The processing, transfer and storage of personal data you share as an employee candidate are within the scope of this KVKK Policy.
Personal data of Beat Run Crew employees; Apart from this Policy, Beat Run Crew is collected, processed and stored within the framework of Human Resources and accounting department.
Within the scope of other memberships provided through the Membership System, the following information is obtained with express consent:
Company Information, if any,
Whether they want to be notified by SMS and by e-mail.
The deletion, destruction or anonymization of personal data within the scope of this platform is described in Article 9 of the KVKK Policy.
7.1. Processing of personal data collected within the scope of Job Application:
Personal data obtained through application forms, resumes and applications made to intermediary institutions will be recorded to be used for the evaluation of the job application.
It is recommended to review personal data processing and privacy policies.
Those who apply with the Application Form;
Identity Information (Name, Surname, Date of Birth, T.R. Identity Number),
Contact Information (Address, E – mail Address, Telephone No. etc.),
Educational Information (Graduated Schools etc.),
Foreign Language Knowledge,
Driving License / Traveling etc. They create a resume by sharing their general information.
According to the nature of the application, the above information is requested from the candidate who creates a resume, in order to evaluate whether he is qualified for the job in question. The requested health information is only processed for employment purposes within the scope of the relevant legislation.
The deletion, destruction or anonymization of personal data within the scope of this platform is described in Article 9 of the KVKK Policy. In the event of a negative result of the job application process, the processing of personal data shared with the employer and data security are under the employer’s responsibility.
When a purchase is made, the financial information of the CUSTOMER is transferred to persons and institutions such as banks or credit card companies in order to carry out the transaction. Data transferred;
Credit Card Number,
Credit card expiration date,
Or data related to payment purposes, such as bank account information.
During the purchase, the invoice and payment information of the customer (Name Surname, TR Identity Number, Telephone Number, Invoice Address), invoices sent and receipt samples for payments received from members, payment number, invoice amount, invoice number, invoice date, etc. data is received. These data; Managing the invoicing process, accounting, after-sales services, communication, marketing, audit, control, and payment service providers. When the purchase is made, the financial information of the customer is transferred to legal entities such as banks or credit card companies in order to carry out the transaction. Credit card information is not stored in Beat Run Crew databases.
Voice recording can be taken for the follow-up of sales operations and after-service quality or for the follow-up and proper implementation of supply and transportation services. The above-mentioned data are transferred according to Article 8 of the KVKK Policy and shared with third parties.
The deletion, destruction or anonymization of personal data within the scope of this platform is explained in Article 9 of the KVKK Policy.
7.2. Exceptional cases where explicit consent is not sought in the processing of personal data:
In exceptional cases listed below and arising from the law, we may process personal data without obtaining explicit consent;
It is clearly stipulated in the laws,
It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his consent due to the actual impossibility or whose consent is not legally valid,
It is mandatory for the data controller to fulfill his legal obligation,
It is made public by the person concerned,
Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract,
Data processing is mandatory for the establishment, use or protection of a right,
It is obligatory for us to process your data for our legitimate interests as a data controller, provided that fundamental rights and freedoms are not damaged.
TRANSFER OF PERSONAL DATA
We act in line with the decisions and regulations stipulated in the KVKK regarding the transfer of personal data.
Without prejudice to the exceptional circumstances in the legislation, personal data and data of special nature are not transferred by us to other real persons or legal entities without the express consent of the Relevant Person. As a rule, personal data are not transferred abroad without the express consent of the Related Person.
However, in cases where one of the conditions specified in the second paragraph of Article 5 and the third paragraph of Article 6 in the KVKK, the third persons abroad;
Being in countries with sufficient protection declared by the KVK Board,
The presence of an adequate protection and permission to commit in writing the CTL Board responsible for the data in the case of Turkey and foreign countries concerned to take place in countries where there is adequate protection,
Personal data can be transferred abroad without explicit consent.
8.1. Transfer of personal data abroad for the purposes of providing our services and marketing activities:
We work with service providers from abroad, not limited to these, for the purposes of developing the website and digital platforms, conducting surveys, increasing the variety of products and services according to the preferences of visitors and members, and measuring the user experience, and in the future, we have developed and changed opportunities and needs. In line with this, we can work with other service providers of this kind, cooperate or be included in the systems. It is recommended that the relevant policies of the service providers we cooperate with regard to the processing and protection of personal data.
8.2. Institutions and organizations to which personal data are transferred:
Personal data are transferred to the following institutions and organizations according to the principles and rules described above;
To our suppliers,
Shipping and Cargo companies,
Companies providing and receiving marketing and sales services,
Legally authorized public institutions and organizations,
Legally authorized private law persons.
8.3. Measures taken to transfer personal data in accordance with the law:
The following procedures are performed to protect personal data;
To carry out in-house technical organization for the processing and storage of personal data in accordance with the legislation,
To create the technical infrastructure to ensure the security of the databases where your personal data will be stored,
To follow the processes of the technical infrastructure created and to make inspections,
Periodically updating and renewing technical measures,
To produce necessary technological solutions by re-examining risky situations,
Using virus protection systems, firewalls and similar software or hardware security products and establishing security systems in accordance with technological developments,
To cooperate with companies and / or people who are experts in technical matters.
8.4. To protect your personal data;
Establishing policies and procedures for access to personal data, including employees of the company and affiliates within our company,
Our employees are informed and trained on the legal protection and processing of personal data,
In the contracts we make with our employees and / or the policies we create, the company records the measures to be taken in cases where personal data are illegally processed by our employees.
STORAGE OF PERSONAL DATA
Personal data are kept for the period required by the purpose of processing personal data, without prejudice to the storage periods stipulated in the legislation.
In cases where we process personal data for more than one purpose, the data is deleted, destroyed or stored by anonymization in the event that the purposes of processing the data disappear or there is no obstacle in the legislation to delete the data at the request of the Relevant Person. The provisions of the legislation and the decisions of the KVK Board are complied with regarding destruction, deletion or anonymization.
9.1. Measures taken regarding the storage of personal data;
Technical infrastructures and related control mechanisms are established for the deletion, destruction and anonymization of personal data,
Necessary technical measures are taken for the safe storage of personal data,
Security systems are established in accordance with technological developments regarding the storage areas of personal data,
Awareness is raised by informing our employees about the technical and administrative risks associated with the storage of personal data,
In case of cooperation with third parties for the storage of personal data, contracts with companies to which personal data are transferred; Provisions regarding the protection and safe storage of the personal data of the persons to whom the personal data is transferred take the necessary security measures.
SECURITY OF PERSONAL DATA
Administrative and technical measures are taken according to technological possibilities and application costs to prevent unlawful access, storage and processing of personal data.
Our employees are trained and informed about the legal processing of personal data,
In cases where cooperation is made with third parties for the processing of personal data, in contracts made with companies that process personal data; Provisions regarding taking necessary security measures for persons who process personal data are included,
In case of unlawful disclosure of personal data or data leakage, the KVK Board informs the KVK Board of the situation and makes the investigations stipulated by the legislation and measures are taken.
10.1. To prevent unlawful access to personal data;
Employees with technical expertise are employed,
Technical measures are periodically updated and renewed,
Access authorization procedures are established within our company,
The procedures for reporting the technical measures and audit processes we have taken are determined,
The data recording systems used in our company are established in accordance with the legislation and periodically audited,
Our employees are trained and informed about access to personal data and authorization,
In the contracts made with companies that provide access to personal data in cases where cooperation is made with third parties for activities such as the processing and storage of personal data; It includes provisions regarding the necessary security measures for persons accessing personal data,
Security systems are established within the scope of technological developments in order to prevent illegal access to personal data.
RIGHTS OF THE PERSONAL DATA OWNER
Within the scope of our disclosure obligation, the Personal Data Owner is informed and systems and infrastructures related to this notification are established.
On the data of Personal Data Owners;
Learning whether personal data is processed and making a request,
To know the third parties to whom personal data are transferred domestically or abroad,
Learning the purpose of processing personal data and whether they are used appropriately for their purpose,
To know the third parties to whom personal data are transferred domestically or abroad,
Requesting correction of personal data in case of incomplete or incorrect processing,
To request the deletion or destruction of personal data in case the reasons requiring the processing of personal data disappear,
Request notification of the above-mentioned correction, deletion or destruction operations to third parties to whom personal data have been transferred
Objecting to an unfavorable result arising from the analysis of the processed data exclusively through automated systems,
To demand the compensation of the damage in case of damage due to the processing of personal data illegally,
they have the rights.
11.1. Exercising the rights regarding personal data
Personal Data Owner will be able to send his / her personal data request by sending an e-mail to email@example.com.
In the application;
a) Name, Surname and signature if application is in writing,
b) Citizens of the Republic of Turkey; T.R. Identification number.,
c) For foreigners; nationality, passport number or foreigner identification number, if any,
ç) Place of residence or workplace address for notification,
d) E – mail address, telephone and fax number for notification, if any,
e) Subject of the request,
Must be found.
In addition, information and documents related to the subject are attached to the application. In written applications, the date of notification is the date of application. For applications made via e – mail; the date the application is received is the application date.
These requests will be made individually and requests made by unauthorized third parties regarding personal data will not be taken into consideration.
11.2. Evaluation of the application and Response Time:
Requests for personal data are concluded as soon as possible depending on the nature and within 30 (thirty) days at the latest in any case.
During the application or while the application is being evaluated, additional information and documents may be requested from the applicant, and the date that the requested additional information and / or documents are received will be accepted as the application date in terms of response time.
11.3. Refusal of application:
Applications regarding personal data;
Processing personal data for purposes such as research, marketing, planning and statistics by anonymizing them with official statistics,
Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate the privacy of private life or personal rights or constitute a crime,
Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security,
Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution procedures,
Processing of personal data made public by the Personal Data Owner,
The application is not based on a just cause,
The application contains a request that is contrary to the relevant legislation,
Failure to comply with the application procedure,
In their case, they are justified and rejected.
In order to start the response period specified in the KVKK Policy, you must send the requests made with the methods described above and with the information and documents proving the identity of the applicant.
If the request is accepted, the relevant process is applied and a written or electronic notification is made. If the request is rejected, the reason is explained to the applicant in writing or electronically.
In cases where the application is rejected, the response we have given is insufficient or the response is not given in time the applicant has the right to make a complaint to the Personal Data Protection Board within 30 (thirty) days from the date of learning the answer, and in any case within 60 (sixty) days from the date of application.
PUBLISHING AND STORAGE OF THE DOCUMENT
The KVKK Policy is stored in two different media, printed on paper and electronically. It is reviewed and updated at least every two years. The KVKK Policy is deemed to have entered into force after its publication on the beatruncrew.com website.
The Data Controller will take all necessary technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing of personal data, to prevent unlawful access to personal data and to ensure the protection of personal data.
If there is a period stipulated in the legislation for the storage of your personal data according to the types of data, the Data Controller will abide by this period; If such a period is not stipulated, it will keep the data for the time required for the purpose for which it was processed. If there is no valid reason for further storage of personal data, that data will be deleted, destroyed or anonymized.
In case of a decision to annul it, old copies of the KVKK Policy with wet signature are canceled with the written approval of the Company Management (by stamping the cancellation stamp or writing cancellation) and stored for 5 (five) years.