The personal data protection is among the values which our Company TURQUOISE YACHT INDUSTRY INC. (“TURQUOISE YACHT or Company”) pays attention in terms of the corporate. The protection and processing of personal data of our Customers, Customer Candidates, Trainers, Company Shareholders, Company Officials, Visitors, and Employees, Shareholders and Officials of our Business Partners managed with this Policy are constituted the most important part of this subject.
According to Article 20 of the Constitution of the Republic of Turkey, all real persons have right to requests the protection of personal data related to him/her. TURQUOISE YACHT exercises due diligence and for the protection personal data of our Customers, Customer Candidates, Traineers, Company Shareholders, Company Officials, Visitors, and Employees, Shareholders and Officials of our Business Partners managed with this Policy in terms of the protection of the personal data as constitutional right and makes it the company policy.
Within this scope, the necessary administrative and technical measures are taken by TURQUOISE YACHT to protect personal data in accordance with the relevant legislation.
This Policy will provide detailed explanations related to the basic principles listed below and adopted by TURQUOISE YATCH in the processing of personal data:
The main purpose of this policy is to make explanations regarding personal data processing activity carried out by TURQUOISE YACHT in compliance with the law and systems adopted by for personal data protection and within this scope, to provide clearness and transparency by informing the persons whom personal data are processed by our company mainly Customers, Customer Candidates, Trainees, Company Shareholders, Company Officials, Our Visitors, Employees, Shareholders and Officials of Our Business Partners and Third Parties.
This policy is related to all personal data of Customers, Customer Candidates, Trainees, Company Shareholders, Company Officials, Our Visitors, Employees, Shareholders and Officials of Our Business Partners and Third Parties which are processed manually provided that they are automatic or a part of any data entry system.
The scope of practice of this policy related to the personal data owners involved in aforementioned categories can be whole of the policy as well as only can be certain provisions of the policy.
The relevant legal regulations in force regarding personal data processing and protection will be practiced primarily. In the event that there is noncompability between the legislation and the Policy in force, our Company accepts to practice legislation in force.
The policy is constituted of concretisation and regulation of rules set forth by Personal Data Protection Law (PDPL) numbered 6698 within the scope of TURQUOISE YACHT practices. Our Company is carried out the necessary system and preparations in order to behave in compliance with the validity period foreseen in the PDPL
This Personal Data Protection and Processing Policy regulated by our Company as 1st version are dated as 15.January.2018. In case of the renewal of entire policy or certain articles, the validity date and version of the policy will be updated. The policy is published in official internet site (https://www.turquoiseyachts.com) of our Company and presented to the access of the relevant persons upon request of the personal data owners.
Our Company prevents illegal processing of personal data which it processes, illegal access to the data, takes necessary administrative and technical measures for providing the appropriate level of security in order to protect data and within this scope, makes or has made necessary audits in compliance with Article 12 of the PDPL.
Our Company takes necessary legal, technical and administrative measures regarding the data security in below mentioned issues and show ultimate attention and diligence on this subject. The actions and measures taken by our Company in order to provide “data security” in accordance with the Article 12 of the PDPL are specified below.
Our Company carries out necessary channels, internal operation, administrative and technical regulations in compliance with Article 13 of the PDPL in order to evaluate rights of personal data owners and to make necessary information to the personal data owners.
In accordance with Sub Paragraph 1 of Article 13 of PDPL, the personal data owners should forward their requests related to use aforementioned rights to our Company in written or via other methods determined by Personal Data Protection Board. Due to the Personal Data Protection Board has not determined any method in this stage, it is required to forward the applications to our Company in written in accordance with the mandatory provision of the law.
In order to use aforementioned rights by the personal data owners, the forwarding of their requests with necessary information identifying their identities and the explanations related to the rights which they would like to use to our Company by specifying to which one of the rights specified in Article 11 of the law is related; will be provided to answer applications faster and effectively.
Within this framework, the channels and procedures which the applications to be forwarded to our Company in written within the scope of using rights specified in aforementioned Article 11 of same law based on Article 13 of PDPL are explained below.
The requests involving the explanations for right of personal data owner from the rights specified in the Article 11 of PDPL which will be requested to use; can be forwarded by filling form in www.turquoiseyachts.com address or forwarded a signed copy of the form to the Güzelyalı Mahallesi Malkoçoğlu sokak No:3/1 34903 Güzelyalı Pendik İstanbul Turkey with the documents identifying the identity of data owner by hand personally and can be sent via notary or other methods specified in the PDPL.
If the third persons would like to apply on behalf of personal data owners, there should be special power of attorney to be prepared by data owner via notary on behalf of the person who will apply.
It is given particular attention to some of the personal data with PDPL due to that they can be caused to unjust treatment and discrimination of the persons when processing illegally.
These data are; race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other beliefs, appearance, association, foundation or trade union membership, health, sexual life, criminal conviction and data related to security measures and biometric and genetic data.
Our Company behaves sensitively in the protection of specific personal data determined as “specific” with the PDPL and processed legally. Within this scope; the administrative and technical measures taken by our Company for the protection of the personal data are practiced meticulously in terms of specific personal data and the necessary audits are provided.
Our Company discloses to the personal data owners during obtaining of personal data in compliance with the Article 10 of the PDPL. Within this scope, our Company discloses regarding identity of our Company, for which purpose the personal data will be processed, to whom and for which purpose the processed personal data will be forwarded, the method and legal reason of personal data collection and the rights of the personal data owner within the scope of Article 11 of the PDPL.
It is specified that everybody has right to informing regarding personal data related to him/her in Article 20 of the Constitution. Accordingly, the “information request” is considered among the rights of personal data owner in Article 11 of the PDPL. Within this scope, our Company makes necessary informing in compliance with Article 20 of the Constitution and Article 11 of the PDPL in the event that the personal data owner requests information.
In addition to this, our Company provides informing the relevant persons in personal data processing activities and the accountability and transparency within this frame by announcing to the personal data owners and relevant persons that it carries out the personal data processing in compliance with all issues in the PDPL and especially “Legal and Honesty” rule with various documents particularly this Policy document which are opened to the public. Also, our Company informs the relevant persons regarding its own activities and issues specified by law with many different methods especially when applying the “explicit consent” of the persons.
Our Company engages in the personal data processing activity in compliance with Article 20 of the Constitution and Article 4 of PDPL, law and honesty rules regarding personal data processing; true and when required, updated; limited and measuredly by pursuing a certain, clear and legal purposes. Our Company protects personal data as long as the period foreseen by laws or personal data processing purpose.
Our Company processes the personal data based on one or several conditions in Article 5 of the PDPL related to the personal data processing in accordance with Article 20 of the Constitution and Article 5 of the PDPL.
Our Company behave accordingly to the regulations foreseen in respect of the specific personal data in compliance with Article 6 of the PDPL.
Our Company behave accordingly to the regulations regarding personal data transfer foreseen by law and specified by the PDP Board in compliance with Article 8 and 9 of the PDPL.
The personal data are processed in the business relationship also without taking approval in the event that it is required for establishment, implementation and conclusion of business agreement. The personal data of the candidates are processed when starting the employment relationship. If the candidate is rejected, the information belonging to the candidate is protected as long as the data protection period for a later election stage of the candidate and at the end of this stage, they are deleted, disposed or anonymised.
The personal data belonging to the employee can also be processed without taking approval in order to explicitly specify the processing in the relevant legislation or to carry out legal obligation determined by the legislation.
The personal data belonging to the employee can also be processed without taking approval for the legitimate interests of the Company when required. The legitimate interests are generally legal (for example, filing, implementing or defencing of the legal rights) or economical (for example, evaluation of the Company) interests. In the personal circumstances which are required the protection of the employee interests, the personal data are not processed for legitimate interests. It is determined whether there are interests required the protection before processing the data.
When the data belonging to the employees are processed based on the legitimate interests of the Company, it is examined whether the processing is measured or not. It is controlled whether the legitimate interest of the Company is violated a right of the employee which should be protected when taking of this control measures and it is implemented only if it is measured.
If the personal data is processed as a part of employment relationship via automatic systems exclusively (for example, a part of personnel selection or evaluation of ability profile), the employee has right to object occurrence of result to him/her.
The telephone equipment, e-mail addresses, intranet and internet with the intracompany networks are provided by the Company principally for duties related to the work. These are work tools and Company sources. There is no general audit related to the telephone and e-mail communication or use of intranet or internet. In order to prevent attacks to the IT infrastructure or individual users, the protective measures blocked the harmful content or analysing the modelling of the attacks are taken in passing of the Company network. The uses of the telephone equipment, e-mail addresses, and intranet/internet or intracompany social networks are protected for a limited period due to security reasons. The evaluation of these data related to the person is made only if there is concrete suspicion related to the violation of legal arrangements or MB Holding or Turquoise Yacht regulations. These controls are carried out by the relevant departments only provided that the principle of proportionality is protected.
Our Company behaves accordingly to the principles bringing with the legal arrangements in the personal data processing and general trust and honesty rules. Within this scope, our Company considers principle of proportionality in the personal data processing and does not use the personal data expect their purpose.
Our Company provides the correctness and update of the personal data processed by considering the fundamental rights of the personal data owners and its own legitimate interests. It takes necessary measures accordingly.
Our Company determines the legal and lawful personal data processing purpose explicitly and definitely. Our Company processes the personal data connected with the services which it presents and as much as it is required for them. For which purpose the personal data will be processed by our Company is determined only before starting the personal data processing activity yet.
Our Company processes the personal data in the manner that would be convenient to be able to realize the determined purposes and prevents the processing of the personal data which are not related to the realization of the purpose or not needed.
Our Company protects the personal data only as long as the period required for the processing purpose or specified in the relevant legislation. Within this scope, our Company determines primarily whether it is foreseen a period for the protection of the personal data in the relevant legislation, if this period has been determined, it behaves accordingly to this period, if this period has not been determined, it protects the personal data as long as the period required for processing purpose. In the event that the period has been ended or the reasons required to process has been removed, the personal data are deleted, disposed or by our Company, destroy processes are operated or anonymised.
In accordance with Article 20 of the Constitution, the personal data can only be processed in cases foreseen by law or with explicitly consent of the person. Our Company processes the personal data in this direction and in compliance with the Constitution only in cases foreseen by law or with explicit consent of the person.
Giving the explicit consent of the personal data owner is only one of legal basis which enables processing of the personal data in compliance with the law. Except the explicit consent, the personal data can be processed in the event that there is other below mentioned conditions. As well, the basis of the personal data processing activity can be based on one of the below mentioned conditions; more than one of these conditions can be basis of the personal data processing activity. In the event that the processed data are specific personal data, the following conditions are implemented.
Even if the legal basis for processing of the personal data by our Company are differed, it is behaved in compliance with the general principles specified in Article 4 of the Law numbered 6698 in all kinds of personal data processing activity.
One of the personal data processing conditions is the explicit consent of the owner. The explicit consent of the personal data owner should be explained related to the certain subject, based on informing and with his/her free will. The explicit consent of the customer, potential customers and visitors are taken with the relevant methods in the processing of the personal data depending on the explicit consent of the personal data owner.
In the event that it is foreseen by law, the personal data of the data owner can be processed in compliance with the law.
The personal data of the data owner can be processed in the event that the processing of the personal date is compulsory in order to protect life or body integrity of the person who cannot explain his/her consent due to actual impossibility or having invalid consent or of another person.
It is possible to process the personal data in the event the processing of the personal data belonging to the parties of the agreement is required provided that is related with the establishment or execution of the agreement directly.
The personal data of the data owner can be processed in the event that the processing is mandatory in order to fulfil the obligations by our Company as data responsible.
In the event that the data owner disclosures the personal data by himself/herself; the relevant personal data can be processed.
In the event that the data processing is compulsory in order to establish, use or protect a right, the personal data of the data owner can be processed.
In the event that the data processing is compulsory for legitimate interests of our Company, the personal data of the data owner can be processed provided that it is not damaged to the fundamental rights and freedoms of the personal data owner.
Our Company behaves accordingly to the arrangements foreseen by the PDPL in the processing of the personal data determined as “specific” by the PDPL
The certain personal data bearing a risk that causes to unjust treatment or discrimination of the persons when processing illegally are determined as “specific” data in Article 6 of the PDPL. These data are race, ethnic origin, political party membership, philosophical belief, religion, religious sect or other beliefs, appearance, association, foundation or trade union membership, health, sexual life, criminal conviction and data related to security measures and biometric and genetic data.
Our Company can transfer the personal data of the data owner and specific personal data to the third parties (MB Holding, business partners and other third parties) by taking necessary security measures in line with the legal personal data processing purposes. Our Company behaves accordingly to the arrangements foreseen in Article 8 of the PDPL in this direction.
Our Company can transfer the personal data of the data owner and specific personal data to the third parties abroad by taking necessary security measures in line with the legal personal data processing purposes. The personal data are transferred by our Company to the foreign countries (“Foreign Countries Having Sufficient Protection”) announced by the PDP Board that they have sufficient protection or if there is no sufficient protection, to the foreign countries which the data responsible in Turkey and the relevant foreign country commit the sufficient protection and to the foreign countries having the permission of PDP Board (“Foreign Countries Which the Data Responsible Committed the Sufficient Protection is Resided”). Our Company behaves accordingly to the arrangements foreseen in Article 9 of the PDPL in this direction.
Our Company informs to which personal data owner groups are processed which personal data, processing purposes and storage periods of the personal data of the data owner to the personal data owner within the scope of disclosure obligation in compliance with the Article 10 of the PDPL.
The personal data (Customers, Customer Candidates, MB Holding Customer, Visitor, Third Party, Trainee, Company Shareholder, Company Official, Employees, Shareholders and Officials of the Institution which we are in cooperation) are processed before our Company; in line with legitimate and legal personal data processing purposes of our Company, based on and as limited one or a couple of personal data processing conditions specified in Article 5 of the PDPL and in compliance with the general principles specified in the PDPL especially the principles related to the personal data processing specified in Article 4 and all obligations regulated in the PDPL and as limited with the periods within the scope of this Policy by informing the relevant persons in accordance with article 10 of the PDPL.
The Company processes the personal data as limited with the purposes and conditions within the personal data processing conditions which specified in Sub Paragraph 2 of Article 5 and Sub Paragraph 3 of Article 6 of the PDPL. These purposes and conditions are to process the personal data;
Within this scope, TURQUOISE YACHT processes your personal data for the following purposes:
In the event that the processing activity performed with the aforementioned purposes are not met any of the conditions foreseen within the scope of the PDPL, the explicit content of the personal data owner related to the relevant processing process are obtained by TURQUOISE YACHT.
In the event that it is foreseen in the relevant laws and legislations, TURQUOISE YACHT protects the personal data as long as the period specified in these legislations.
If any period related for how long they should be stored is not arranged in the legislation, the Personal Data is processed as long as the period required to process in accordance with the implementation of TURQUOISE YACHT related to the activity carried out when processing of that data by TURQUOISE YACHT and practices of commercial life, the is deleted, disposed and anonymized.
If the personal data processing purpose has been ended; and it has been come to the end of the storage period specified by the relevant legislation and TURQUOISE YACHT; the personal data can be stored only in order to constitute evidence in possible legal disputes or to claim the relevant right depending on the personal data or to constitute the defence. The storage period is determined by taking the period of limitation for claiming of aforementioned right in the constitution of the period here and examples in the claims directed to TURQUOISE YACHT in the same subjects before as a basis in despite of the period of limitation has been ended. In this case, it is not reached to the personal data stored for any other purpose and only it is reached to the relevant personal data if it is required to use in the relevant legal dispute. Also here, the personal data are deleted, disposed or anonymized after ending of the aforementioned period. The access permission to the relevant Personal Data is only belonging to the persons who perform duty by the Data Responsible in the capacity of Data Processor in the Information Technologies during this period.
TURQUOISE YACHT informs the person group which the personal data are transferred to the personal data owner in compliance with Article 10 of the PDPL.
TURQUOISE YACHT IND. INC. can transfer the personal data of the data owner managed with the Policy in compliance with Article 8 and 9 of the PDPL:
The personal data processing activities made by TURQUOISE YACHT at General Directorate, Pendik Shipyard, Kocaeli Shipyard, Port and Shipyards are carried out in compliance with the Constitution, PDPL and other relevant legislation.
In order to provide security by our Company, it is engaged in a personal data processing activity intended to follow up of the entry and exits of the visitors via security camera at Istanbul and Kocaeli locations of our Company.
The personal data processing activity is carried out by our Company by using the security cameras and recording the entry and exits of the visitors.
TURQUOISE YACHT’s follow up activity via security camera has aim for protection of interests related to providing the security of the company and other persons and within this scope; our Company behaves accordingly to the Constitution, PDPL and other relevant legislation.
The image records of our visitors are taken via camera surveillance activity of our Company at the building, facility entrance and within the facility. Our Company has aims such as increasing the quality of service presented, providing the reliability, providing the security of the company, customers and other persons and protecting the interests of the customers related to the service get within the scope of monitoring with the security camera.
Our Company behaves accordingly to the arrangement in the PDPL in the execution of camera surveillance activity for security purpose.
The camera surveillance activity carried out by Our Company is continued in compliance with Law on Private Security Services and the relevant legislation. Only the limited numbers of Company employees have access to the records recorded and stored in the digital environment. Also, the security guard can watch the live camera images. The limited number of the persons having access to the records declares that will protect the privacy of the data reached with the non-disclosure commitment.
The necessary technical and administrative measures are taken by our Company in order to provide the security of personal data obtained as a result of camera surveillance activity in compliance with Article 12 of the PDPL.
Except the aforementioned camera records; our Company engages in personal data processing activity to follow up of visitor’s entry and exits at the building and facilities of our Company in order to provide the security and for the purposes specified in this Policy.
The said personal data owners are informed when taking the name and surnames of the persons who come to our Company building as visitor or via texts hanging in the Company or presented to the access of the visitors in other manners. The data obtained to follow up entry and exits of the visitors are only processed for this purpose or the relevant personal data are recorded into data recording system in the physical environment.
The internet access can be provided by our Company to the visitors who request as long as the period stayed in the locations of our institutions in order to provide security and for the purposes specified in this Policy. In this case, the log records related to your internet access are recorded in accordance with the Law numbered 5651 and mandatory provision of the legislation regulated according to this Law; these records are processed only in order to request by the authorized public institutions and organizations or to fulfil the our relevant legal obligations in audit processes to be carried out within the Company.
Only the limited numbers of the Company employees have access to the log records obtained within this framework. The Company employees having access to the said records reach to these records only in order to use claim and audit processes coming from the authorized public institutions and organizations and share with the legally authorized persons. The limited number of the persons having access to the records declares that will protect the privacy of the data reached with the non-disclosure commitment.
The internet movements of the visitors in the site are recorded via technical means (for example, cookies etc.) in the internet sites of our Company in order to ensure that the visitors of these sites carry out their visits in compliance with their visit purposes; to show them customized contents and to engage in online advertising activities. The approval information related to the cookies use is taken from all users at the entry of our Company’s internet site.
The detailed explanations related to these activities made by our Company and the protection and processing of the personal data are involved in “Privacy and Security” texts of our internet site.
The personal data are deleted, disposed or anonymized upon the own decision of the TURQUOISE YACHT or request of the personal data owner in the event that the reasons required their processing are removed in despite of they have been processed according to the relevant law provisions regulated in Article 138 of Turkish Criminal Law and Article 7 of the PDPL.
The personal data are deleted, disposed or anonymized upon the own decision of the TURQUOISE YACHT or request of the personal data owner in the event that the reasons required their processing are removed in despite of they have been processed according to the relevant law provisions regulated in Article 138 of Turkish Criminal Law and Article 7 of the PDPL. Within this scope, our Company develops the necessary operating mechanisms regarding this subject by taking necessary technical and administrative measures within the Company in order to fulfil the relevant obligations and trains, employs and provides awareness the relevant business unit in order to behave accordingly to these obligations.
TURQUOISE YACHT can delete or dispose the personal data upon the own decision of the TURQUOISE YACHT or request of the personal data owner in the event that the reasons required their processing are removed in despite of they have been processed according to the relevant law provisions. The deletion or disposal techniques commonly used by TURQUOISE YACHT are listed below:
The personal data can be processed manually provided that they are a part of any data entry system. When deleting/disposing such data, the physically disposal system is implemented in the manner that the personal data would not be used later.
When deleting/disposing of data processed automatic ways completely or partially and stored in digital environment; the methods related to deletion of the data from software are used in the manner that the data cannot recovered again.
In some cases, TURQUOISE YACHT can agree with an expert to delete personal data on its behalf. In such situation, the personal data are deleted/disposed by an expert in the manner that cannot be recovered again.
The anonymization of the personal data is expressed that under no circumstances the personal data cannot be associated with a specific or identifiable real person even if it compares with another data. TURQUOISE YACHT can anonymise the personal data processed legally when the reasons required processing of them are removed.
The personal data anonymised can process due to reasons such as research, planning and statistics in compliance with Article 28 of the PDPL. Such processing is out the scope of the PDPL, there is no need to receive explicit consent of the data owner. Due to the personal data processed by anonymising are out of the PDPL, the rights regulated in Chapter 2 of the Policy will not be valid for these data. The anonymization techniques commonly used by TURQUOISE YACHT are listed below.
The data masking is the anonymization method of the personal data by taking basic distinctive information of the personal data with data masking.
Many data are aggregated with the data aggregation and it is not rendered that cannot associated with any person.
A content more general than the personal data is created with the data derivation method and it is not rendered that cannot be associated with any person.
It is provided to break the connection between the values and persons by mixing the values in the personal data set with data mixing method.
We use cookies at our Web sites and e-mail messages for various purposes in order to present our services effectively and to develop our consumer experience. Also, we develop a way to share the experiences by our reliable partners and to make customer experiences in their Web sites more quality. This principle is described the cookies categories which we use (and using by our partners), for which purposes do these cookies use and how can you change your preferences?
The Cookies are small information pieces stored into hard disk of your computer by your browser. When you revisit your Web site every time, your Web browser sends cookies to us that you can login in order to match your area of interests and preferences or you can benefit from our services and thus it provides that we can customize your user experience.
The cookies which we used allow us to determine each consumer who revisits our site and thus there is no need that you enter same information more than one times. The cookies also help us to understand the density model of the visitors in our Web sites in order to make the availability quite practical.
Some cookies types using in our Web sites are as follows:
Basic cookies
The basic cookies can be used in order to provide the services that you request from our Web site. We are not able to provide the services to you which you requested without these cookies. For example, these cookies can be used for following purposes:
The performance cookies can be used to collect information regarding how can be our Web site, announcements and e-mail messagesusedand to inform us when the error occurred. These cookies can be used to collect more detailed technical information such as the last visited page, number of visited pages, whether the e-mails have been opened or not, which part of our Web site or e-mails have been clicked and times passing between the clicks. As well, these information can be associated with details such as your IP address, domain or browser information, they can be analysed only by combining with other user’s information without going the way to define you directly.
For example, these cookies can be used in our Web sites for following purposes:
We are able to get access to the directing cookies sent to your devices by the Web sites of our business partners. These cookies are used to determine each visitor directed to our Web site by our business partnersandto understand whether these visitor benefit from any of Turquoise Yachtsproduct or service or not. These informationcan be shared with our business partners provided that they should be anonymousand use in the manner that would be prevented to identify your identity directly.
We use this informationin order to fulfil the obligations that we have against our business partners in accordance with the agreement andto help our partners in development the activity of our partner’s Web sites.
We can use non obligatory functional cookies in order to activate various auxiliary features involved in our Web site.
For example, these cookies can be used in our Web site for following purposes:
The cookies for target audience for advertising purpose can be used to present advertisings closest to your area of interest in our Web site. These cookies can be collected quite detailed information regarding your browser habits (which product and service you clicked) presented in the period when you are in our Web site. Also, these cookies can be used to recognize you when you revisit our Web site and/orone of Web site belonging to our advertising partner’s network.
For examples, these cookies can be used to collect information regarding Turquoise Yachts products and services which you surfed or examined in our Web site, thus:
they can present advertisings for Turquoise Yachts products and services which you view in the Web sites.
When using our Web site, some cookies which are not able to be controlled by Turquoise Yachts can be hidden in your computer. This situation occurs when there is a third party web site sourced content in the page which you visit and cause to record the cookies from the said third party services. However, no personal information is stored in these cookies unless you are not login into your account.
For example, the sources of these cookies can be these places:
Turquoise Yachtsis not controlled storage these kinds of cookies or access to such cookies. You should examine privacy and cookies principles of these services in order to learn how the said third parties use these cookies.
Most of the browsers allow that you delete cookies from hard disk of your computer, prevent acceptance of cookies or get warning before storing of a cookies.
If you block or delete cookies, we may not able to restore your preferences or customization settings which you determined before andlimited to customise your online use.