In this Policy:
Law; Law No. 6698 on the Protection of Personal Data,
Data Controller; refers to the person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Data Subject; is any living individual who is the subject of Personal Data.
Visitor; persons who access the Website
VenueX adopts this Policy regarding the confidentiality and use of the information processed regarding the persons accessing the Site and other related issues.
Personal data refers to any information relating to an identified or identifiable natural person. For this reason, the regulations regarding personal data in this text shall apply if the relevant information belongs to a natural person. If the relevant information belongs to legal entities, the regulations other than the regulations on personal data in this text shall apply.
VenueX processes the information shared by the Visitor for the purpose of submitting a resume only for the purpose of conducting recruitment processes, and deletes the information transferred by the Visitor after the resume is submitted and does not store it in any way.
Personal data are processed in line with the following basic principles as regulated in the Law:
- Compliance with the law and good faith,
- Being accurate and up to date when necessary,
- Processing for specific, explicit and legitimate purposes,
- Being relevant, limited and proportionate to the purpose for which they are processed,
- Retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed.
It is important to note that whether VenueX collects or processes the data with explicit consent or in accordance with other conditions in the Law, these principles listed above still apply.
Pursuant to the Law, your personal data is collected in written or electronic form by automatic or non-automatic means, and depending on the purpose of processing, it can be processed through other online media or through cookies that provide communication with your devices on the Website, accounts operated on behalf of VenueX on various social media channels, correspondence carried out through our e-mail addresses, other communication methods including text messages or multimedia messages sent for other purposes for our services, and all kinds of communication tools.
As a rule, the data within VenueX are processed as declared by the Visitors upon their declaration. VenueX is not obliged to investigate the accuracy of the data declared by Website visitors or persons who contact VenueX. The declared data is considered correct. The principle of accuracy and timeliness of personal data has also been adopted by VenueX. Our company updates the personal data it has processed as required by the official documents received or upon the request of the person concerned. It takes the necessary measures for this.
If you have any questions about the security of our services, you can contact us via email at firstname.lastname@example.org. Personal data is confidential and VenueX respects this confidentiality. Personal data can only be accessed by authorized persons within the Company. All necessary technical and administrative measures are taken to protect the personal data collected by VenueX and to prevent unauthorized access.
Due to the nature of the Internet, information may circulate on the Internet despite adequate security measures and may be received and used by unauthorized persons. VenueX is not responsible for any damages arising from this use and use.
In the event that VenueX works with different organizations to receive support services, it is ensured that these companies comply with the privacy standards and terms of VenueX.
VenueX cannot be held responsible for any damages that may be caused to any person or organization by the legal or illegal behavior of third parties. Personal information can only be accessed by our authorized representatives and personnel who have agreed to keep the information confidential. VenueX may use anonymized statistical data (age, gender, geographical location, etc.) for the purposes of improving business processes, increasing service quality, improving our portfolio, better recognition of the market and some analyses, etc.
- Collection of Personal Data, Collection Method and Legal Reasons
The information that Visitors send to VenueX while becoming a member of the Site and/or using the Site or Services, collected by automatic means through the Site, shared with VenueX through the Site and/or stored in accessible form while becoming a member of the Site and/or using the Site or Services may fall within the scope of personal data processed under this Policy. The identity and contact information of the Buyers are transmitted to VenueX by the Members.
Personal data may be collected verbally, in writing or electronically through the Website, automatically or non-automatically. If the Visitors access the Website he following information about the Visitor is collected for the legal reasons stated below.
- Data Categories and Data Types
Process Security Information
Username-password, workspace name, data collected through pc/e-mail/system and application user transaction information, internet traffic data (network movements, IP address, visit data, time and date information), cookies.
- Legal Reasons
Your personal data may be processed for the purposes that are the subject of your disclosure to VenueX and for the purposes listed below in terms of each data category:
Process Security Information
- For What Purpose Personal Data Shall Be Processed
In accordance with this text, Users’ personal data is processed for the following purposes in accordance with the above general conditions:
Process Security Information
- Transferring Your Personal Data
VenueX may transfer the Visitor’s information, including personal data, to another country and jurisdiction that does not have the same/similar data protection laws in the jurisdiction where they are located.
Below are the purposes for which Visitor’s personal data may be transferred abroad. Users’ data is also transferred to VenueX’s suppliers in abroad in order to achieve the following purposes.
Transfer Purpose and Transferred Group
- Data Retention Period
The following criteria are utilized in determining the retention periods for the periods during which the processing conditions of personal data obtained by VenueX in accordance with the relevant legislation continue in accordance with the Law and the destruction periods in case the processing conditions disappear:
i. If a period of time is stipulated in the relevant legislation regarding the storage of the personal data in question, this period is complied with. Necessary actions are taken upon expiration of the said period.
ii. If the period stipulated in the relevant legislation expires or if no period is stipulated for the storage of the data in question, the compliance of the storage of the information with the principles, for example; It is questioned whether the VenueX has a legitimate purpose in storing the data. Although it has been processed in accordance with the Law, the data determined that the reasons requiring its processing have disappeared are deleted, destroyed or anonymized.
Minimum 1, maximum 2 years
Law No. 5651
- Technical and Administrative Measures Taken to Ensure Data Security
VenueX undertakes to take all necessary technical and administrative measures and to exercise due diligence to ensure the confidentiality, integrity and security of personal data. In this context, it takes the necessary measures to prevent unlawful processing of personal data, unauthorized access to data, unlawful disclosure, alteration or destruction of data. In this direction, VenueX takes the following technical and administrative measures regarding the personal data it processes:
Anti-virus application. Periodically updated anti-virus application is installed on all computers and servers in the information technology infrastructure of VenueX.
Firewall. The data center and disaster recovery centers hosting VenueX servers are protected by firewalls with periodically updated software; the relevant new generation firewalls control the internet connections of all personnel and provide protection against viruses and similar threats during this control.
Suppliers can access VenueX servers or systems via SSL-VPN defined on Firewalls. A separate SSL-VPN definition has been made for each supplier; with the definition made, the supplier only accesses the systems that it needs to use or is authorized to use.
User definitions. The authorizations of VenueX employees to VenueX systems are limited only to the extent required by their job descriptions; in case of any change in authorization and duty, their system authorizations are also updated.
Information security threat and incident management. Incidents that occur on VenueX servers and firewalls are transferred to the “Information Security Threat and Incident Management” system. This system alerts responsible personnel when a security threat occurs and provides an immediate response to the threat.
Penetration testing. Periodically, penetration tests are performed on the servers in the VenueX system. As a result of this test, security vulnerabilities are closed and a verification test is performed to verify that the relevant security vulnerabilities have been closed. In addition, penetration tests are automatically performed by the Information Security Threat and Incident Management system.
Information Security Management System (ISMS). In the ISMS meetings established within VenueX, the topics in the control forum are audited monthly by the director of information technologies and the director of financial affairs.
Training. In order to increase the awareness of VenueX employees against various information security breaches and to minimize the impact of the human factor in information breach incidents, employees are regularly trained.
Pseudonymized data. Pseudonymization is used for all secondary data processing other than the primary processing purpose (Example: Ahmet Yilmaz à “A… Y…”).
Physical data security. Ensures that personal data on paper media are kept in locked cabinets and accessed only by authorized persons.
Deletion of cookies. Personal data processed through cookies belonging to third parties from which services are received are deleted from the systems of third parties if the membership is terminated.
Although VenueX takes the necessary information security measures, in the event that personal data is damaged as a result of attacks on the Site or VenueX system or is accessed by unauthorized third parties, VenueX immediately notifies the Visitors and the Personal Data Protection Board and takes the necessary measures.
5. Changes and Updates
As VenueX, we have the right to change the Policy in accordance with the Law and to better protect personal data.
This Policy may be revised and updated as new features are added to the Site or new suggestions are received from Visitors. However, in this case, Visitors will be informed by publishing the changes on the Site. We may, in certain material cases, notify Visitors of such changes by e-mail or other conspicuous method reasonably designed to notify Visitors, with additional notices as appropriate. Upon notification of such changes, if the Visitor continues to access the Site and use the Services after the notification period, he/she shall be deemed to have consented to the changes in the Policy. Therefore, we recommend that the Visitor review the Policy each time he/she accesses the Site. If the provisions of the Policy are changed, they become effective on the date of publication.
6. Visitors’ Rights
Visitors have the following rights against the Data Controller VenueX in accordance with Article 11 of the Law;
– To learn whether personal data is being processed or not,
– Request information if personal data has been processed,
– To learn the purpose of processing personal data and whether they are used for their intended purpose,
– To know the third parties to whom personal data are transferred domestically or abroad,
– To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
– Although it has been processed in accordance with the provisions of the Law and other relevant laws, in the event that the reasons requiring its processing disappear, to request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
– In the event that the processed data is analyzed exclusively through automated systems and results in a result to the detriment of the Visitor, do not object to this,
– In case the Visitor suffers damage due to the processing of personal data contrary to the Law, to demand the compensation of the damage.
Complaints/requests to be made by Visitors whose personal data are processed by VenueX in order to exercise their rights will be answered and finalized by VenueX within the shortest possible time and within 30 days at the latest, in a reasoned positive/negative manner. As long as there is no additional cost for the reply process, the process is free of charge; if it requires an additional cost, VenueX may charge the fee in the tariff determined by the Personal Data Protection Board.
The Visitor may submit his/her requests and complaints to the address email@example.com. in person, provided that an identity check is made by the relevant unit of VenueX, or applications made by proxy, provided that a notarized power of attorney is presented, applications made through a notary public, and registered electronic mail addresses, provided that a secure electronic signature is used.
Pursuant to the Law, the Visitor has the right to apply to the Personal Data Protection Board within thirty days from the first response to the first complaint application, thirty days from the date of learning the VenueX’s response, and in any case within sixty days from the date of the first application, and failure to comply with the said periods is a forfeiture of rights. In addition, Visitors can visit the “Contact” page to change their communication preferences.
Company Title: VenueX Bilişim Teknolojileri Anonim Şirketi
Address: Reşitpaşa Mh. Prof. B. Karafakıoğlu Cd.
İTÜ Teknokent Arı 8 Binası No:2/11/2-B
34467 Sarıyer / İstanbul
Tel: +90 212 942 22 12