Privacy Policy

  • KVKK
  • Privacy Policy

1. PURPOSE and SCOPE

As DOST CAM, we place importance on the protection of your personal data and private information. Therefore, as the Data Controller, our Company shows all necessary effort and care to ensure that your personal data is processed in accordance with the Personal Data Protection Law No. 6698 ("KVK Law") by being used, recorded, stored, updated, transferred, and/or classified within the framework explained below, in connection with our business purposes.

In this context, our Company takes all technical and administrative measures to ensure the appropriate level of security in order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, and to prevent the unlawful processing, unlawful access, and to ensure the preservation of your personal data, in accordance with the Law and Regulations established for the protection of personal data.

The target audience of this text is all-natural persons and our employees whose personal data is processed on our Website and in our corporate processes. As DOST CAM, we provide services through our web-based and cloud-based services ("Services") over the internet. This Privacy Policy covers all of these software, mobile applications, sites, and applications.

Our Website  : https://www.dostcam.com.tr

Personal information processed on our Site is processed in accordance with the legislation on the protection of personal data. Regarding our web-based services, we are in the "data controller" status only for those who open a user account and use our Website, and this Privacy Policy is valid only concerning the processing of data belonging to these individuals.

Our Customers who process and record data using our Services are data controllers independent of us. In these cases, since our Company is only in the "data processor" status, we recommend that you consult the privacy policies, clarification texts, and similar documents of our Customers who process your personal data when necessary.

On the other hand, we do not provide any guarantee regarding the data security and data protection practices and policies of third-party websites to which we provide links on our Site. In this regard, we recommend that you also review the data security and data protection policies of the relevant data controller. 

2. BASIC CONCEPTS

  • Explicit consent: Consent that is based on information regarding a specific subject and declared with free will.
  • Anonymization: Making personal data impossible to associate with an identified or identifiable natural person under any circumstances, even by matching it with other data.
  • Data subject: The natural person whose personal data is processed.
  • Personal data: Any information relating to an identified or identifiable natural person.
  • Employee with access to personal data: Employees who process the personal data of data subjects on behalf of the organization as required by their job description.
  • Processing of personal data: Any operation performed upon personal data such as obtaining, recording, storing, preserving, altering, rearranging, disclosing, transferring, taking over, making available, classifying, or preventing the use of such data, whether fully or partially by automatic means or by non-automatic means, provided that it is part of any data recording system.
  • Committee: The internal Committee established within the organization in accordance with the "Directive on the Duties and Responsibilities of the KVKK Committee," which has tasks such as monitoring all personal data processes carried out by the organization, its units, and employees, checking compliance with policies, and carrying out personal data processes on behalf of the organization.
  • Board: The Personal Data Protection Board.
  • Authority: The Personal Data Protection Authority.
  • KVK: The Personal Data Protection Law No. 6698.
  • Special Categories of Personal Data: Data related to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.
  • Data processor: The natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
  • Data recording system: The recording system in which personal data is structured and processed according to specific criteria.
  • Data controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
  • Joint data controller: Other data controllers with whom the organization shares personal data within the scope of its commercial and corporate activities and carries out processing activities on personal data jointly during this sharing.
  • Independent data controller: Other independent data controllers who process the personal data of the same individuals within the scope of their commercial and corporate purposes.

 

3. IDENTITY OF THE DATA CONTROLLER

DOST CAM is in the "Data Controller" status towards all-natural persons with whom it comes into contact and whose personal data it processes while carrying out its commercial activities, especially employees, employee candidates, customers, suppliers, supplier employees, and visitors, and is obliged to fulfill the obligations arising from the law. DOST CAM fulfills these obligations through administrative measures taken via compliance and control tools, and with appropriate and proportionate technical measures.

DOST CAM  processes your personal data as the "Data Controller" defined in Article 3 of the Personal Data Protection Law No. 6698, and its contact information is as follows:

DOST CAM is in the "Data Controller" status towards the natural persons whose personal data it processes. As DOST CAM  data controller, it fulfills its obligations arising from the law and Board decisions by taking administrative measures and appropriate and proportionate technical measures. Our identity as the "Data Controller" and  our contact information where you can reach us regarding personal data are as follows:

Title :

DOST CAM A.Ş.

Address :

10008 Sokak No:14 A.O.S.B Çiğli/ İzmir

Our Websites:

https://www.dostcam.com.tr

Phone : 

+90 (232) 376 78 86

e-mail (for KVKK):

kvkk@dostcam.com.tr

 

4. DATA SUBJECTS WHOSE PERSONAL DATA IS PROCESSED

DOST CAM generally and intensively processes the data of data subjects within the scope of this Privacy Policy and other administrative and technical measures. In the processing of personal data belonging to natural persons who fall outside these categories, this Privacy Policy and other organizational data processing policies will also be followed. The categories of natural persons whose personal data are processed are:

  • Employees,
  • Employee Candidates
  • Interns,
  • Natural Person Customers, Corporate Customer Representatives
  • Potential Natural Person Customers, Corporate Customer Representatives
  • Natural Person Suppliers, Corporate Supplier Representatives,
  • Potential Natural Person Suppliers, Corporate Supplier Representatives,
  • Public officials and Authorized Persons,
  • Visitors,
  • Site visitors,
  • Mobile Application Users,
  • Third-Party Natural Persons

 

5. PURPOSES OF PROCESSING PERSONAL DATA

Personal data belonging to data subjects in our organization is processed entirely and directly related to the organization's activities and the commercial, business, or  legal connection with the data subject, for the purposes of; 

 

  1. Ensuring Network Security
  2. Securing Receivables
  3. Paying Advances,
  4. Managing Maintenance Processes
  5. Conducting press relations,
  6. Managing Dealer Sales
  7. Completing Documents
  8. Checking if Documents are Missing
  9. Following up on information and complaint requests,
  10. Managing information technology infrastructure,
  11. Carrying out Call Center Operations,
  12. Personal Data of Employee Candidates
  13. Measuring Employee Performance,
  14. Providing instant communication among employees,
  15. Printing Business Cards for Employees,
  16. Providing socio-economic benefits to employees,
  17. Providing Fringe Benefits to Employees,
  18. Insuring Employees,
  19. Developing Employee Skills,
  20. Carrying out Employee Leave Processes,
  21. Protecting the Health of Employees,
  22. Sharing Information with Solution Partners
  23. Processed for the purpose of Sharing Files,
  24. Carrying out education processes
  25. Selling Additional Services/Products
  26. Managing, monitoring, inspecting electronic devices,
  27. Conducting promotion and communication through electronic channels,
  28. Ensuring participation in events,
  29. Attending events,
  30. Calculating Overtime,
  31. Carrying out Intellectual and Industrial Property-Related Transactions,
  32. Providing Support for Financing
  33. Making Price Quotes
  34. Carrying out processes related to assignments,
  35. Providing Legal Assurance
  36. Carrying out Legal Processes,
  37. Managing Returns
  38. Making Execution Deductions
  39. Informing Relevant Parties
  40. Providing Instant Communication with Relevant Parties
  41. Carrying out Human Resources Processes,
  42. Keeping Internet Access Records,
  43. Processed for the purposes of operating Internet services.
  44. Providing Instant Communication for Business Purposes
  45. Receiving job applications,
  46. Conducting Job Interviews,
  47. Conducting Business Relations
  48. Managing Occupational Health and Safety Processes, 
  49. Carrying out Processes Related to Employment Contracts,
  50. Planning and Executing Business Strategies,
  51. Ensuring Business Continuity and Security,
  52. Carrying out Recruitment,
  53. Carrying out Departure from Work Processes,
  54. Carrying out Import/Export Processes
  55. Informing the Public,
  56. Protecting the Organization's Interests,
  57. Managing Corporate E-mail Accounts,
  58. Carrying out Corporate Policies,
  59. Paying Salaries,
  60. Purchasing Goods, Products, and Services,
  61. Having Financial Audits and Controls Done,
  62. Ensuring Venue Security,
  63. Tracking Work Hours,
  64. Creating Customer Records
  65. Ensuring Customer Satisfaction,
  66. Providing Support to Customers
  67. Taking Online Orders
  68. Checking payment ability
  69. Making Payments,
  70. Creating Preliminary Accounting Records
  71. Creating and Storing Personnel Files,
  72. Conducting Performance Evaluations,
  73. Receiving Potential Customer Requests
  74. Reaching Potential Customers
  75. Providing Support to Potential Customers
  76. Receiving Quotes from Potential Suppliers
  77. Conducting advertising and marketing,
  78. Making Official Notifications
  79. Determining Sales Price
  80. Carrying out Sales and Marketing Operations,
  81. Taking and Managing Orders
  82. Carrying out System User operations,
  83. Managing internship / vocational training applications
  84. Carrying out Internship Processes,
  85. Conducting Stock Management
  86. Making Presentations, Promotions, and Providing Information,
  87. Making Collections
  88. Ensuring Facility Security,
  89. Managing Test Drives,
  90. Benefiting from Incentives,
  91. Carrying out commercial activities,
  92. Providing Remote Work Opportunities,
  93. Accruing Wages
  94. Performing Product Assembly
  95. Conducting Product Promotion and Launch
  96. Procuring Products and Services,
  97. Exporting Products
  98. Transporting Products
  99. Ensuring Data Security and Archiving Data,
  100. Fulfilling Legal and Contractual Obligations,
  101. Carrying out Mandatory Private Pension Operations.

 

6. LEGAL GROUNDS AND CATEGORIES OF PERSONAL DATA PROCESSED

6.1. Personal Data of Our Employees, Employees Working with Indefinite-Term Employment Contracts, and Interns

The organization processes the personal data of employees, employee candidates, and interns,

  • Employment Contract,
  • Labor Law No. 4857,
  • Turkish Code of Obligations No. 6098,
  • Social Security and General Health Insurance Law No. 5510,
  • 6Occupational Health and Safety Law No. 6331,
  • Private Pension Savings and Investment System Law No. 4632,
  • Enforcement and Bankruptcy Law No. 2004,
  • Law on Certain Regulations Regarding the Turkish Employment Agency No. 4904,
  • Vocational Education Law No. 3308,
  • Turkish Commercial Code No. 6102,
  • Electronic Signature Law No. 5070,
  • Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through These Publications,
  • Social Security Transactions Regulation,
  • Identity Notification Law No. 1774,
  • Regulation on the Payment of Wages, Premiums, Bonuses, and All Kinds of Remuneration of This Nature Through Banks and similar laws, regulations, and communiqués.

We process data of our employees and interns in the categories of IDENTITY, COMMUNICATION, PERSONNEL, FINANCIAL, VISUAL AND AUDIO RECORDS, LEGAL TRANSACTION, PROFESSIONAL EXPERIENCE,  PHYSICAL SPACE SECURITY, TRANSACTION SECURITY and special categories of data such as HEALTH, PHILOSOPHICAL BELIEF, RELIGION, SECT AND OTHER BELIEFS, CRIMINAL CONVICTION AND SECURITY MEASURES .  

6.2. Personal Data of Employee Candidates

We process data of Employee Candidates in the categories of IDENTITY, COMMUNICATION, PERSONNEL, PROFESSIONAL EXPERIENCE, PHYSICAL SPACE SECURITY, VISUAL AND AUDIO RECORDS, and OTHER which they share with us willingly through tools like resumes, letters of intent, or which are shared with us by online employment platforms and/or talent agencies where they have shared them for the purpose of sharing with all relevant organizations, and special categories of data such as PHILOSOPHICAL BELIEF, RELIGION, SECT AND OTHER BELIEFS,  CRIMINAL CONVICTION AND SECURITY MEASURES, and HEALTH.

6.3. Personal Data of Representatives of Our Customers and Suppliers

The organization processes the personal data of natural person customers and suppliers with whom it establishes relations while carrying out its commercial activities, as well as representatives of customer and supplier institutions and natural persons,        

  • Service Contract,
  • Turkish Code of Obligations No. 6098,
  • Enforcement and Bankruptcy Law No. 2004,
  • Turkish Commercial Code No. 6102,
  • Tax Procedure Law No. 213,
  • General Communiqués of the Tax Procedure Law and similar laws, regulations, and communiqués.

We process data of potential and existing natural person customers, corporate customer representatives, and potential and existing natural person suppliers and corporate supplier representatives in the categories of IDENTITY, COMMUNICATION, PERSONNEL, LEGAL TRANSACTIONS, CUSTOMER TRANSACTIONS, FINANCIAL, PROFESSIONAL EXPERIENCE, TRANSACTION SECURITY, PHYSICAL SPACE SECURITY, VISUAL AND AUDIO RECORDS, and OTHER and special categories of data such as PHILOSOPHICAL BELIEF, RELIGION, SECT AND OTHER BELIEFS, HEALTH.  

6.4. Personal Data of Authorized Persons, Consultants, and Public Employees

The organization processes the personal data of auditors, consultants, and public employees who carry out control and audit tasks in order to carry out commercial and manufacturing activities and to ensure their sustainability and quality,

  • Turkish Commercial Code No. 6102,
  • Customs Law No. 4458,
  • Tax Procedure Law No. 213,
  • Labor Law No. 4857,
  • Law on Certain Regulations Regarding the Turkish Employment Agency No. 4904,
  • Social Security and General Health Insurance Law No. 5510,
  • General Communiqués of the Tax Procedure Law and similar laws, regulations, and communiqués.

In this context, the organization processes personal data of auditors, consultants, and public officials in the categories of IDENTITY, COMMUNICATION, PERSONNEL, and OTHER.

6.5. Personal Data of Our Visitors

We process the personal data of visitors for the purpose of ensuring information and facility security,

  • Within the scope of Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through These Publications and as required by our legitimate interest.

In this context, personal data of visitors in categories such as IDENTITY, COMMUNICATION, TRANSACTION SECURITY, PHYSICAL SPACE SECURITY are processed.

6.6. Personal Data of Website Visitors and Internet Service Users

As required by our legitimate interest, we process the personal data of our website visitors,

  • According to 56Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through These Publications,
  • Regulation on Internet Mass Use Providers dated 11/04/2017 and numbered 30035.

In this context, we process data of internet site visitors in the categories of IDENTITY, COMMUNICATION, PERSONNEL, CUSTOMER TRANSACTIONS, VISUAL AND AUDIO RECORDS  . More information about cookies is available in our "Cookie Policy".

6.7 Personal Data of Our Interns

We process the personal data of interns doing internships at our organization,

  • Labor Law No. 4857,
  • Turkish Code of Obligations No. 6098,
  • Occupational Health and Safety Law No. 6331,
  • Enforcement and Bankruptcy Law No. 2004,
  • Law on Certain Regulations Regarding the Turkish Employment Agency No. 4904,
  • Vocational Education Law No. 3308,
  • Turkish Commercial Code No. 6102,
  • Electronic Signature Law No. 5070,
  • Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through These Publications,
  • Regulation on Internet Mass Use Providers dated 11/04/2017 and numbered 30035,
  • Social Security Transactions Regulation,
  • Identity Notification Law No. 1774, Regulation on the Payment of Wages, Premiums, Bonuses, and All Kinds of Remuneration of This Nature Through Banks,
  • Turkish Civil Code No. 4721,
  • Turkish Penal Code No. 5237 and similar laws, regulations, and communiqués.

We process data of our interns in the categories of IDENTITY, COMMUNICATION, PERSONNEL, PROFESSIONAL EXPERIENCE, PHYSICAL SPACE SECURITY, VISUAL AND AUDIO RECORDS, and OTHER and special categories of data such as PHILOSOPHICAL BELIEF, RELIGION, SECT AND OTHER BELIEFS,  CRIMINAL CONVICTION AND SECURITY MEASURES and HEALTH.

 

  1. RIGHTS OF THE DATA SUBJECT

The organization acknowledges that the data subject has the right to give consent before the data is processed, and after the data is processed, has the right to determine the fate of their data. 

In this sense, data subjects can apply to the Contact Person to;

  1. a) Learn whether their personal data is processed,
  2. b) Request information if their personal data has been processed,
  3. c) Learn the purpose of processing their personal data and whether they are used in accordance with their purpose,

ç) Know the third parties to whom personal data is transferred domestically or abroad,

  1. d) Request correction of personal data if it is incomplete or incorrectly processed,
  2. e) Request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
  3. f) Request notification of the operations carried out pursuant to subparagraphs (d) and (e) to third parties to whom personal data has been transferred,
  4. g) Object to the emergence of a result against them by analyzing the processed data exclusively through automated systems,

ğ) Request compensation for damages if they suffer damage due to the unlawful processing of personal data.

However, individuals do not have any rights regarding anonymized data within the Company. Personal data may be shared with relevant institutions and organizations as required by the business and contractual relationship, or in the event of the exercise of legal authority by judicial or public authorities.

Requests within the scope of the listed rights are made by filling out the organization's Application Form completely and sending it to the Contact Person with a wet signature via registered mail with return receipt, along with photocopies of identification (only the front face photocopy for the ID card). You can review the Personal Data Applications Clarification Text regarding the application process. 

9. BASIC RULES TO BE FOLLOWED IN PROCESSING PERSONAL DATA

DOST CAM  units and employees will pay attention to the following basic rules, upon which the Privacy Policy and other corporate policies are built, when processing the personal data of data subjects:

  1. Compliance with law and principles of honesty: The organization checks and questions whether the conditions specified in the KVKK, such as informing the data subject and obtaining the data subject's explicit consent for data processing when necessary, are met for the personal data it collects or that is shared with it by other parties. It acts in accordance with the principles of honesty when informing data subjects, obtaining their explicit consent, or responding to their applications for information.
  2. Being accurate and up-to-date when necessary: The organization strives to ensure that the personal data it processes and keeps in its databases contain accurate information, to the extent that control mechanisms allow. It takes care to keep the data up-to-date as much as possible. It encourages data sources to share accurate information and to make updates in case of changes. It pays attention to checking that the data is accurate and up-to-date at the collection stage.
  3. Processing for specific, explicit, and legitimate purposes: The organization processes personal data only for the specific, explicit, and legitimate purposes set out in this Privacy Policy.
  4. Being relevant, limited, and proportionate to the purpose for which they are processed: The organization takes care not to process personal data for any purpose other than the purpose for which it was processed, and when such a need arises, to inform the data subject and obtain their explicit consent when necessary. It uses data only to the extent required by the service and limited to the purpose for which it is processed. It does not process, use, or have data used for purposes other than business purposes. When personal data needs to be processed for another purpose, it ensures that corrections are made in the relevant compliance tools and control tools under the supervision and approval of the Committee.
  5. Adherence to Time : The organization takes care to retain personal data for the period stipulated in the relevant legislation or for the period necessary for the purpose for which they are processed. It retains personal data arising from contracts within its structure for as long as the periods of conflict specified in the relevant laws, and the requirements of commercial and tax law. However, when these purposes cease to exist, the organization deletes or anonymizes the personal data. The retention period for each category of data is specified in the Personal Data Inventory.
  6. Data Minimization: The organization, its units, and employees take care to collect data only in the categories related to the purpose and in the amount required by the processing purpose, and to process it in their systems only as long as necessary, beyond the scope and periods mandated by laws and relevant legislation.
  7. Deletion and Destruction: The organization retains the personal data it processes for the periods stipulated in the relevant legislation such as laws, social security, obligations, tax, and commercial law to which it is subject, and/or for the periods required by the processing purpose. At the end of these periods, it deletes, destroys, or anonymizes the personal data whose term has expired, in accordance with the Personal Data Retention, Deletion, Destruction, and Transfer Policy and with the permission and supervision of the Committee.
  8. Confidentiality and Data Security: Care is taken to ensure general confidentiality rules and data security throughout all processes of processing, transferring, and storing personal data in the organization, and operations are carried out in accordance with the policy documents and rules created for this purpose. Care is taken to take the necessary administrative and technical measures.

10. TRANSFER OF PERSONAL DATA

As DOST CAM, the personal data we collect and process is transferred to organizations with which we have a business relationship, service providers and solution partners from whom we receive administrative, legal, and technical services, located domestically and abroad, in order to ensure business continuity and carry out services, and to official institutions/organizations in cases of legal obligation, in accordance with Article 8 of the Law.

As a data controller, we conduct necessary checks as much as possible to ensure that the institutions and organizations with which we share data fulfill their obligations arising from the Law, and we secure the obligations of the parties through data transfer agreements.

10.1. Matters to be Observed in Personal Data Transfer

  1. During personal data sharing, it is ensured that the data transfer is secured by signing a data transfer agreement, undertaking, or similar documents with all parties to whom data is transferred.
  2. Each unit and employee must anticipate the risks that the recipient of the personal data transfer may pose regarding personal data and take care to prevent the occurrence of situations that would create risk.
  3. Care is taken to comply with KVKK and related legislation in the use of foreign-origin applications and services.
  4. It is mandatory to ensure that data transfers to parties and suppliers are made through appropriate and secure tools and channels, that the natural persons to whom personal data is transferred are authorized by the recipient, and that any copies and duplicates created for the purpose of personal data transfer are deleted from all media as soon as their function ends.
  5. Organization units and employees are obliged to observe the sensitivities and practices of the parties and suppliers to whom they transfer data regarding personal data, and to report situations that may pose a risk to their superiors in a timely manner. Organization employees must request the necessary support from their superiors in a timely manner regarding situations and problems they cannot resolve concerning personal data.

10.2. Situations Where Personal Data is Transferred and Parties to Whom Transfer is Made

Personal data is shared with the following parties, who are data controllers and data processors, within the framework of the purposes specified below  

  1. Financial audit firms for the fulfillment of the Independent Financial Audit Obligation.
  2. With the employee's previous and next employers,
  3. With lawyers for the follow-up and execution of legal processes,
  4. With the OSGB (Joint Health and Safety Unit) firm from which service is received, to fulfill Occupational Health and Safety obligations,
  5. With IT firms to obtain technical support and maintenance for the software and applications used,
  6. With supplier firms and individuals for the procurement of goods and services,
  7. With the Financial Advisor from whom service is received, for keeping and auditing financial records,
  8. With Banks from which service is received, to carry out payment transactions,
  9. With insurance companies for the execution of insurance processes and transactions,
  10. With Banks from which service is received, to carry out collection transactions,
  11. With consulting firms that provide consultancy services for the development of commercial activities and business processes, and ensuring legal compliance,
  12. With distributor organizations and business partners for the execution of commercial activities and business processes,
  13. With authorized persons and organizations, public institutions, and judicial bodies to fulfill legal obligations.
  14. With organizations providing services in the field of employment for workforce procurement,
  15. With IT firms to obtain technical support and maintenance for the software and applications used, With firms from which services are received for advertising, promotion, and marketing purposes,
  16. With educational institutions and organizations for the creation and follow-up of internship records,
  17. With business partners to find suitable job opportunities,
  18. With business partners to offer new products and services,

10.3. What is the Nature and Scope of International Transfer?

DOST CAM  shares personal data with service providers located abroad for the purposes of running our website, developing services, carrying out office work and operations, and providing services to users and visitors, ensuring their satisfaction, meeting their expectations, and communicating.  In this context,

You can access the privacy policies of each service provider at the following links:

11. AUDIT, APPLICATIONS, AND DATA BREACH NOTIFICATIONS

The organization may have the necessary internal and external audits conducted regarding the protection of personal data. Applications made by data subjects are answered by the Committee, taking the opinion of the relevant unit, within 30 days at the latest.

When the organization is notified of any breach related to personal data, it notifies the KVKK Board without delay and within 72 hours at the latest from the date it learned of the situation. It also informs the relevant parties and individuals in the same way.

12. UPDATE

This policy document is updated when the organization's personal data processing conditions, tools, purposes,  and scope change, and in cases where the parties with whom personal data is shared change. The updates made in each article are kept in a separate table