KVKK | idf

IZMIR DESIGN FACTORY
Processing and Protection of Personal Data

(“KVK”) Our Policy and Clarification Text

ORIGINN Office Services and Management Ltd. As İzmir Design Factory, our company and affiliate/sub-brand (together referred to as “ORIGINN IDF”), you, our valued customers, visitors, event participants, course and training participants, our employees, mentors, guides, and stakeholders in universities operating in the country and abroad, We attach importance to the protection of the privacy of all personal data of our business and solution partners. With this document, we aim to inform the real persons whose personal data we process as data controllers about our KVK policy and to enlighten them on how we will process and protect personal data. In this context, we take the "Law on the Protection of Personal Data" numbered 6698, which outlines the basic rules regarding the protection and processing of your personal data, and the relevant secondary legislation.

Basic Framework Regarding the Processing and Protection of Personal Data in Accordance with the Law and Related Legislation

In accordance with the Law No. 6698 and the relevant secondary legislation, the following principles will be followed in the processing of personal data;

Compliance with the law and the rules of honesty,
Being accurate and up-to-date when necessary,
Processing for specific, explicit and legitimate purposes,
Being connected, limited and restrained with the purpose for which they are processed,
For the period stipulated in the relevant legislation or required for the purpose for which they are processed.
preservation.
In accordance with the law, personal data cannot be processed without the explicit consent of the person concerned. However, in the presence of one of the following situations, personal data may be processed without seeking explicit consent;

clearly stipulated in the law,
Being unable to express their consent due to actual impossibility, or
the life of the person or another person whose consent is not given legal validity
or it is necessary for the protection of bodily integrity,
Provided that it is directly related to the conclusion or performance of a contract,
It is necessary to process the personal data of the parties to the contract,
It is mandatory for the data controller to fulfill its legal obligation,
Made public by the person concerned to be,
Data processing is mandatory for the establishment, exercise or protection of a right,
Provided that it does not harm the fundamental rights and freedoms of the data subject,
Data processing is mandatory for the legitimate interests of the controller.
Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are of special nature. is personal data. Special categories of personal data cannot be processed without the explicit consent of the person concerned. However, in the presence of one of the following situations, special categories of personal data may be processed without seeking explicit consent;

• Personal data other than health and sexual life may be processed without seeking the explicit consent of the person concerned, in cases stipulated by the laws.

• Personal data related to health and sexual life are only subject to the explicit consent of the person concerned by persons under the obligation of keeping confidentiality or authorized institutions and organizations for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing. can be processed without calling.

Although it has been processed in accordance with the legislation, in the event that the reasons for its processing disappear, personal data is deleted, destroyed or anonymized by the data controller ex officio or upon the request of the data subject.

Personal data can only be transferred with the explicit consent of the person concerned. Personal data;
• One of the situations in which personal data is allowed to be processed without seeking consent, or
• Personal data of special nature without consent, provided that adequate precautions are taken.

In case of existence of one of the situations where it is allowed to be processed, it can be transferred without seeking the explicit consent of the person concerned.

In order to transfer the data abroad, the explicit consent of the person is required. In cases where there is no explicit consent of the data owner, but at least one of the other conditions mentioned above is met, if there is sufficient protection in the country where the data is transferred and there is not enough protection in the country where the data is transferred, the data controller undertakes in writing together with the data controller in the relevant foreign country and the Personal Data Protection Board It can be transferred abroad, provided that permission is obtained from.

The following situations are not covered by the Law;
• Personal data not to be given to third parties and regarding data security

by real persons completely with himself, provided that the obligations are complied with.

or processed within the scope of activities related to family members living in the same residence,
• Research by anonymizing personal data with official statistics,

processing for purposes such as planning and statistics,
• National defense, national security, public security, public order,

It is processed for art, history, literature or scientific purposes or within the scope of freedom of expression, provided that it does not violate economic security, privacy or personal rights, or constitute a crime,

• Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public safety, public order or economic security,

• Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.

Procedures and Principles to be Applied in the Processing of Personal Data by ORIGINN IDF

Processed Personal Data and its Categorization

The data and categories processed by ORIGINN IDF are as follows;
Financial Information: Information such as credit card information, payments, current account relationship, debt balance, tax office and number information that ORIGINN IDF processes as a result of its commercial and financial activities.
Visual and Audio Information: Visual and audio recording data such as photographs, cameras, videos, audio recordings related to the personal data owner.

Security Information: Information and records such as login and visit information of the physical place, recordings of security cameras, as well as information such as user name, password, IP address regarding the transaction security of ORIGINN IDF and related parties.
Legal Transaction Information: Data contained in legal documents such as court decision, authorized body decision, enforcement office decision and processed in order to determine and fulfill rights, receivables, debts, obligations within the scope of legal relations and legal obligations. Contact Information: Address, landline or mobile phone number, e-mail address, social media user profile information and similar data used to reach and communicate with people.

Identity and Personal Information: Republic of Turkey identity number, identity card serial number, citizenship numbers of other countries, passport numbers, name-surname, date-place of birth, place of registration, photograph, occupational information and identity card, driver's license, passport, marriage passport, cards belonging to professionals, similar and all other information contained in the cards containing identity information, as well as residence certificate and certified identity card information. Location Information: Data used to detect or track the location of the data subject. Customer Information: Information about the products and services offered to customers and customers who benefit from our products or services within the scope of the commercial activity offered (customer number, professional information, preference and need information regarding products and services, service usage periods, fee and payment information, etc.)

Suggestion, Request, Complaint Information: Personal data of the transmitting person regarding any suggestion, request or complaint communicated to ORIGINN IDF and records of the content of the submitted suggestion, request, complaint. Special Qualified Personal Data: Data about the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric data. and genetic data.

Marketing Information: Information and data collections showing usage habits, tastes and cookie records for use in ORIGINN IDF's marketing activities.

Purposes and Legal Reasons for Processing Personal Data:

ORIGINN IDF processes personal data for the following purposes;

To be able to fulfill its obligations and duties arising from the written/verbal contract or commercial relationship with the person whose personal data is processed;
To serve people better;
To provide alternative services;
Ensuring information security;
Providing physical security;
Making and tracking visitor records;
Follow-up of finance, accounting and legal affairs;
Corporate communication, promotion, marketing and customer relations activities
execution;
Ensuring that data is accurate and up-to-date;
Information requests from authorized and official institutions in accordance with the current legislation
in order to be met.
ORIGINN IDF will not use your personal data for purposes other than processing and will not transfer and/or disclose it to third parties without your consent or any other reason stipulated in the relevant legislation. Information that is required to be shared with public institutions and organizations and/or judicial authorities as per the legislation is not within this scope.

Persons / Organizations to which Personal Data Processed by ORIGINN IDF can be transferred

ORIGINN IDF's domestic and foreign sister companies, franchise partners, affiliates, affiliates, joint ventures, business and venture partners, banks and financial institutions that ORIGINN IDF receives service within the scope of carrying out its commercial activities, human resources companies and all their branches can be shared with their offices.

Collection Method of Personal Data

Your personal data; It can be collected in written, verbal, digital or electronic form through channels such as ORIGINN IDF headquarters and branches, officials, personnel, website, call center, security cameras, security systems, devices that keep entry-exit records.

Storage of Personal Data

ORIGINN IDF retains personal data at least for the period required by its legal obligations and in any case until the relevant statute of limitations expires. With the disappearance of the purpose of processing personal data, we anonymize, delete or destroy personal data in accordance with the Law. Within the scope of storing personal data, ORIGINN IDF takes the necessary technical, legal and administrative measures within itself to fulfill its related obligations, and trains and assigns its relevant personnel to act in accordance with these obligations.

Precautions Taken for Ensuring Data Security

The following measures are taken by ORIGINN IDF in order to fulfill its obligations under the Law and this KVK Policy;

• Establishing a firewall to prevent cyber attacks or unauthorized access via the Internet,

• Taking appropriate security measures to protect the physical environments containing personal data against attacks, risks and violations and controlling the entrances and exits,

• Taking appropriate software and hardware measures to protect electronic media containing personal data against attacks, risks and violations,

• Obtaining a commitment from companies that share personal data and receive services regarding physical and electronic security measures, that the security measures they take are sufficient and that they act in accordance with the Law,

• Giving in-company trainings and working on the adoption of the KVK policy,

• Determining the internal personal data access policy and limiting it to mandatory situations.

Rights of Data Owners

The rights of data owners within the framework of Article 11 of the Law are as follows;
a) Learning whether their personal data is processed or not,
b) Requesting information if personal data has been processed,
c) To learn the purpose of processing personal data and whether it is used in accordance with its purpose,

ç) To know the third parties whose personal data are transferred in the country / abroad,
d) Requesting correction of personal data if it is incomplete / incorrectly processed,
e) Requesting the deletion / destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
f) Requesting notification of the transactions made in accordance with subparagraphs (d) and (e) above, to third parties to whom personal data is transferred,
g) Objecting to the emergence of a result against them due to the analysis of personal data exclusively by automated systems, and

ğ) To request the compensation of the damage in case of loss due to unlawful processing of personal data.

In the following cases, in accordance with the Law, the data owner does not make a request for the above-mentioned rights other than the compensation of the damages;

Personal data processing is necessary for the prevention of crime or for criminal investigation,
Processing of personal data made public by the person concerned,
Execution of supervisory or regulation duties and disciplinary investigation or enforcement by authorized and authorized public institutions and organizations and professional organizations in the nature of public institution, based on the authority granted by the law for personal data processing.
necessary for the prosecution,
State economics regarding the budget, tax and financial matters of personal data processing.
and necessary for the protection of its financial interests.

Application Regarding the Exercise of Rights

You may submit your requests within the scope of Article 11 of the above-mentioned Law, which regulates the rights of the data subject, in writing or by registered electronic mail (KEP) address, secure electronic signature, mobile signature or the relevant person, in accordance with the "Communiqué on Application Procedures and Principles to the Data Controller". by using the e-mail address previously notified to ORIGINN IDF and registered in ORIGINN IDF's system, to Kazım Dirik Mah. 296/2 Sok. No: 33 Bornova, İzmir, in writing or by e-mail to info@izmirdesignfactory.com.

In the application;

Name, surname and signature,
Turkish identity number for citizens of the Republic of Turkey, nationality for foreigners,
passport number or identification number, if any,
Domicile or workplace address for notification,
If available, the e-mail address, telephone and fax number for notification,
Demand,
must be present. Information and documents related to the subject are attached to the application.

IZMIR DESIGN FACTORY
Information on the Protection of Personal Data

and Approval Form

In this context, we would like to inform you about the "Law on the Protection of Personal Data" no. The subject of this Information and Approval Form is that of ORIGINN IDF's customers, visitors, prospective customers, event participants, employees, course and training participants, mentors, guides, stakeholders in universities operating in Turkey and abroad, business and solution partners and matters regarding the processing of the personal data of the shareholders, officials and employees of these persons.

Lighting Obligation

ORIGINN IDF is a platform that continues its education and organization services with a focus on design, education, research. ORIGINN IDF acts as a data controller under the Law. In this context, ORIGINN IDF will record your personal data as data controller; will hide; will update it in order to continue its commercial activities; where permitted by the legislation, its sister companies, franchise partners, subsidiaries, affiliates, joint ventures, business and venture partners, banks and financial institutions that ORIGINN IDF receives services within the scope of carrying out its commercial activities, human resources companies and their will be able to share data processing with all branches and offices under the conditions allowed; will be able to classify and operate as specified in the Law.

Collection Method of Personal Data

Your personal data; ORIGINN IDF headquarters and branches, officials, personnel, website, call center, security cameras, electronic-digital-online video chat or meeting organization, software, programs, security systems, devices that keep entry-exit records. may be collected orally, digitally or electronically.

Purposes of Processing and Transferring Personal Data and Legal Reasons:
ORIGINN IDF, to fulfill its obligations and duties arising from the written/verbal contract or commercial relationship with the person whose personal data is processed; to serve people better; to provide alternative services; ensuring information security; physical, legal, commercial security; making and tracking visitor records; follow-up of financial, accounting and legal affairs; conducting corporate communication, promotion, marketing and customer relations activities; Personalizing, recommending and promoting the products and services provided by ORIGINN IDF in line with the tastes and needs of the person concerned; ensuring that data is accurate and up-to-date; In order to meet the information requests from authorized and official institutions in accordance with the current legislation, the legislation

and other persons and organizations that ORIGINN IDF deems appropriate, as specified in the Law and in line with the personal data processing conditions and purposes specified in Articles 5 and 6 of the Law. Except for the information that is required to be shared with public institutions and organizations and/or judicial authorities as per the legislation, ORIGINN IDF will not use your personal data for purposes other than processing and will not transfer and/or disclose to third parties without your consent or any other reason stipulated in the relevant legislation.

Persons / Organizations to which Personal Data Processed by ORIGINN IDF can be transferred

ORIGINN IDF's domestic and foreign resident sister companies, franchise partners, affiliates, affiliates, joint ventures, business and venture partners, banks and financial institutions that ORIGINN IDF provides within the scope of carrying out its commercial activities, human resources companies and their can be shared with all branches and offices.

Your Rights Under Article 11 of the Law

By applying to ORIGINN IDF; a) to learn whether your personal data is processed, b) to request information if your personal data has been processed, c) to learn the purpose of processing your personal data and whether it is used in accordance with its purpose, ç) to know the third parties to whom your personal data is transferred at home / abroad, d) to know that your personal data is incomplete / to request correction if it has been wrongly processed, e) to request the deletion / destruction of your personal data within the framework of the conditions stipulated in Article 7 of the Law, f) to request that the third parties to whom your personal data has been transferred be notified of the transactions made in accordance with subparagraphs (d) and (e) listed above, g ) you have the right to object to the emergence of a result against you due to the analysis of your personal data exclusively by automated systems, and ğ) to request the compensation of the damage in case you suffer damage due to the unlawful processing of your personal data.

You may submit your requests within the scope of Article 11 of the Law, which regulates the rights of the person concerned, to ORIGINN IDF in writing or by registered electronic mail (KEP) address, secure electronic signature, mobile signature or the person concerned, in accordance with the "Communiqué on Application Procedures and Principles to the Data Controller". by using the previously reported e-mail address registered in ORIGINN IDF's system, to Kazım Dirik Mah. 296/2 Sok. No: 33 Bornova, İzmir in writing or by e-mail to info@izmirdesignfactory.com. In the application; name, surname and signature, Turkish identity number for citizens of the Republic of Turkey, nationality for foreigners, passport number or identification number, if any, place of residence or workplace address for notification, e-mail address for notification, telephone and fax number, if any, subject to request. . Information and documents related to the subject are attached to the application.

Data Controller: ORIGINN Office Services and Management Ltd. Company Contact Information: Kazım Dirik Mah. 296/2 Sok. No: 33 Bornova, Izmir

In cases where there is no provision in this form, the provisions of the Law and related secondary legislation shall apply.
In line with the explanations above, I have been fully informed and in accordance with the Law on the Protection of Personal Data No. 6698, ORIGINN Ofis Hizmetleri ve İşletmeciliği Ltd. Company to collect, process, update, periodically check my personal data, keep it in database and data recording systems, and its sister companies, franchise partners, subsidiaries, affiliates, joint ventures, business and venture partners, all of which are resident in the country or abroad. I express my explicit consent to the sharing of branches and offices and the keeping and storage of my personal data by them.

IZMIR DESIGN FACTORY
Processing and Protection of Personal Data

(“KVK”) Our Policy and Clarification Text

IZMIR DESIGN FACTORY
Information on the Protection of Personal Data

and Approval Form

Communication

"The European Commission's support for the production of this publication does not constitute an endorsement of the contents, which reflect the views only
of the authors, and the Commission cannot be held responsible for any use which may be made of the information contained therein."

IZMIR DESIGN FACTORY Processing and Protection of Personal Data

(“KVK”) Our Policy and Clarification Text

IZMIR DESIGN FACTORY Information on the Protection of Personal Data

and Approval Form

IZMIR DESIGN FACTORY
Processing and Protection of Personal Data

IZMIR DESIGN FACTORY
Information on the Protection of Personal Data