PERSONAL DATA PROTECTION POLICY


Based on this policy, the Turkish Green Crescent Society commits to the protection of the personal data that is collected, processed, stored and archived of all internal parties (board of directors, disciplinary board, board of supervisors, scientific board, candidate employees, employees, employees’ family members, candidate interns, volunteers, donors, contracted employees, visitors to our facilities and affiliated partnership employees) and that of the third parties with which we are in contact (civil service and government agency employees, clients, academicians, potential suppliers, current suppliers, campaign participants and other third parties), in pursuant with Personal Data Protection Law No.6698, and implements the following eight principles:

Personal Data:
• are collected, processed, stored and archived in compliance with laws and good faith practices;
• are processed for specific, legitimate and clear purposes;
• are processed in a relevant, limited and measured manner, in accordance with the purpose for which they are processed.
• Maximum effort is made to ensure data validity and actuality; as such, correct data are collected and the continuity of data actuality is ensured.
• Data are stored for as long as stipulated in the relevant legislation, or as required for the purposes for which they are processed.
• The rights and requests of the data owners are taken into consideration during processing. As stipulated in the law, the data owner has the following rights:

- To find out whether or not their personal data has been processed;
- To request information regarding the processing of their personal data;
- To be made aware of the grounds on which their personal data were processed, and whether they were used for the intended purpose;
- To request information about any third parties to whom their personal data has been transferred, whether at home or abroad;
- To request their personal data be corrected in the event of data being missing or processed incorrectly;
- To request that personal data with no legal justification or grounds be deleted or erased, to ensure personal data are processed in compliance with Personal Data Protection Law or this policy;
- To request that third parties be notified of the requested correction or deletion of any personal data they may have;
- To object to any outcome of an exclusively automated analysis of the processed data that may have a negative effect on the person;
- To claim indemnification in the event of any losses incurred due to any illegal processing of personal data.

• The necessary measures relating to the technical and administrative safety of data are taken while processing personal data (the necessary physical, environmental and systematic measures are taken).

• Personal data are shared in accordance with legal exceptions or open consent. The personal data of internal parties and third parties are collected, processed, stored and archived by the Turkish Green Crescent Society in accordance with the eight above-mentioned principles.