Phone

+90 (264) 295 83 00
T:+90 (264) 295 83 00

Türkiye’nin Yeni ve Yenilikçi Hidrolik Kırıcı Markası: Olimpa İş Makinaları

İletişim
Hanlı Sakarya Mah. Başak Sok. No: 64 İç Kapı No: Z2 54580 Arifiye / Sakarya
+90 264 295 83 00
+90 212 549 93 39
+90 248 252 90 51
[email protected]
Google map

KVKK Clarification Text

  • Summary of our KVKK Compliance policy and disclosure text from here you can download it.
  • You can download the KVKK application form here.

What is KVKK? What does KVKK mean?

KVKK is the abbreviation consisting of the first letters of the Personal Data Protection Law No. 6698; It has entered into force in order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data and to regulate the procedures and principles to be followed by real and legal persons who process personal data in whole or in part by automatic means or by non-automatic means provided that they are part of any data recording system.

It also refers to the abbreviations consisting of the first letters of the Personal Data Protection Authority, which is an institution with administrative and financial autonomy and a public legal entity whose establishment is regulated by this law, and the Personal Data Protection Board, whose powers and duties are listed in the relevant law.

KVKK What is Personal Data? What is Sensitive Personal Data?

Any information relating to an identified or identifiable natural person, which reveals the identity structure of the person and is personalized (name, surname, date of birth, home address, work address, e-mail address, IP address, telephone number, fax number, credit card information, citizenship number, tax number, passport number, social security number, driver’s license number, vehicle license plate, resume, photograph, video, etc.) is considered as personal data within the scope of the Personal Data Protection Law No. 6698.) are considered as personal data within the scope of the Law No. 6698 on the Protection of Personal Data, and their processing by real or legal persons is only possible with the explicit consent of the data subject.

In addition, Article 6 of the Law No. 6698 on the Protection of Personal Data lists race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal conviction and security measures, and biometric and genetic data as sensitive personal data and prohibits their processing without the explicit consent of the data subjects.

What is KVKK Explicit Consent? What is a Clarification Text?

Article 3 of the Law No. 6698 on the Protection of Personal Data titled Definitions defines explicit consent as consent regarding a specific subject, based on information and expressed with free will; as it is understood from this definition, explicit consent must be based on information.

The fact that a certain formal requirement is not stipulated in terms of how this information will be made and how to obtain explicit consent makes it possible to fulfill the obligations of Disclosure and Explicit Consent electronically with the Disclosure Text and the acceptance button under it or through the call center, provided that the burden of proof is on the data controller.

When did the KVKK enter into force?

The European Union adopted the “Directive of the European Parliament and of the Council of Europe on the Protection of Individuals with regard to the Processing and Free Movement of Personal Data” in 1995 in order to harmonize the regulations between member states regarding the protection of personal data. This Directive is based on the legal provisions in the domestic laws of the Member States, including Turkey, and the European Union General Data Protection Regulation(GDPR) 2016/679, which was passed by the European Parliament, the European Council and the European Commission in 2016, entered into force in 2018 and is still the applicable legislation in the EU today.

In Turkey, the LPPD was prepared for the purpose of effective protection of human rights, accession negotiations with the EU and increasing international cooperation and trade, and submitted to the Presidency of the Turkish Grand National Assembly on 26 December 2014; it was enacted into law on 24 March 2016 and entered into force after being published in the Official Gazette dated 7 April 2016 and numbered 29677.

Who is KVKK Mandatory for?

Article 2 of the Law No. 6698 on the Protection of Personal Data defines the scope of the law as “applicable to natural and legal persons who process personal data in whole or in part by automatic means or by non-automatic means, provided that they are part of any data recording system”.

Processing of personal data refers to all kinds of operations performed on personal data such as obtaining, recording, storing, retaining, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data; and everyone is subject to the obligation to comply with the regulations introduced by the KVKK, without making any distinction between real and legal persons who perform these actions.

Who is the KVKK Data Controller? Who is the Data Processor?

Article 3 titled Definitions of the Law No. 6698 on the Protection of Personal Data defines the Data Controller as the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

The Data Processor is defined in the same article as a natural or legal person who processes personal data on behalf of the Data Controller based on the authorization granted by the Data Controller. In order to distinguish between the two concepts, it is necessary to identify the person who will answer the “why” and “how” of the processing activity.

What should be done within the scope of KVKK?

Pursuant to the Law No. 6698 on the Protection of Personal Data, the obligations of the Data Controller, enlightening the applications of the data subjects (data subject: the person whose personal data is processed), data security Taking the necessary measures to ensure that the Data Controllers Registry (VERBIS) registration, responding to the applications of the data subjects, deletion, destruction or anonymization of personal data ex officio or upon the request of the data subject in the event that the reasons requiring the processing of personal data disappear, and fulfillment of the decisions of the Personal Data Protection Board.

What are KVKK Penalties and Sanctions?

According to the Turkish Penal Code No. 5237, anyone who unlawfully records Personal Data shall be punished with imprisonment from one year to three years; anyone who unlawfully obtains or disseminates such data (this penalty may be increased by half depending on the nature of the data) shall be punished with imprisonment from two years to four years; anyone who acts against the obligation to delete, destroy or anonymize such data shall be punished with imprisonment from one year to two years.

In addition, according to the Law No. 6698 on the Protection of Personal Data, administrative fines ranging from 5,000 Turkish Liras to 10,000 Turkish Liras are imposed on data controllers who fail to fulfill the disclosure obligation, from 15,000 Turkish Liras to 1,000,000 Turkish Liras on those who fail to fulfill the obligations regarding data security, and from 20,000 Turkish Liras to 1,000,000 Turkish Liras on those who violate the obligation to register with the Data Controllers Registry.

What are the Differences between KVKK and GDPR?

Although EU legal regulations were taken as a model during the preparation of the Law No. 6698 on the Protection of Personal Data, there are some differences between the KVKK and the GDPR;

While under the GDPR, any company or individual who processes data (including third parties such as cloud service providers), even if not a data controller, is also considered responsible for the lawful processing of data, Article 18/2 of the Law No. 6698 on the Protection of Personal Data sets a different level of responsibility for the data controller and the data processor, imposing administrative fines only on data controllers and the obligation to register with the registry of data controllers only covers data controllers.

Although the concept of the right to be forgotten, which is generally expressed as the right of individuals to control their personal data and delete it when possible, has been included in the framework of a legal regulation for the first time with the GDPR; there is no individual regulation regarding this in the Law No. 6698 on the Protection of Personal Data, and this concept is shaped by the decisions of the Supreme Court and the Constitutional Court in our country.

While the GDPR envisages significant sanctions of €200 million or four percent of the service provider’s global revenue for violations of data protection rules, the Personal Data Protection Law No. 6698 provides for relatively lower administrative fines (5 thousand Turkish Lira – 1 million Turkish Lira).

Regulations on institutions such as the “right to data portability” regulated by the GDPR, “mandatory data protection officer” for the processing of sensitive data and “mandatory data protection impact assessment” for risky data processing activities are not included in the Law No. 6698 on the Protection of Personal Data.

It also refers to the abbreviations consisting of the first letters of the Personal Data Protection Authority, which is an institution with administrative and financial autonomy and a public legal entity whose establishment is regulated by this law, and the Personal Data Protection Board, whose powers and duties are listed in the relevant law.

KVKK What is Personal Data? What is Sensitive Personal Data?

Any information relating to an identified or identifiable natural person, which reveals the identity structure of the person and is personalized (name, surname, date of birth, home address, work address, e-mail address, IP address, telephone number, fax number, credit card information, citizenship number, tax number, passport number, social security number, driver’s license number, vehicle license plate, resume, photograph, video, etc.) is considered as personal data within the scope of the Personal Data Protection Law No. 6698.) are considered as personal data within the scope of the Law No. 6698 on the Protection of Personal Data, and their processing by real or legal persons is only possible with the explicit consent of the data subject.

In addition, Article 6 of the Law No. 6698 on the Protection of Personal Data lists race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal conviction and security measures, and biometric and genetic data as sensitive personal data and prohibits their processing without the explicit consent of the data subjects.

What is KVKK Explicit Consent? What is a Clarification Text?

Article 3 of the Law No. 6698 on the Protection of Personal Data titled Definitions defines explicit consent as consent regarding a specific subject, based on information and expressed with free will; as it is understood from this definition, explicit consent must be based on information.

The fact that a certain formal requirement is not stipulated in terms of how this information will be made and how to obtain explicit consent makes it possible to fulfill the obligations of Disclosure and Explicit Consent electronically with the Disclosure Text and the acceptance button under it or through the call center, provided that the burden of proof is on the data controller.

When did the KVKK enter into force?

The European Union adopted the “Directive of the European Parliament and of the Council of Europe on the Protection of Individuals with regard to the Processing and Free Movement of Personal Data” in 1995 in order to harmonize the regulations between member states regarding the protection of personal data. This Directive is based on the legal provisions in the domestic laws of the Member States, including Turkey, and the European Union General Data Protection Regulation(GDPR) 2016/679, which was passed by the European Parliament, the European Council and the European Commission in 2016, entered into force in 2018 and is still the applicable legislation in the EU today.

In Turkey, the LPPD was prepared for the purpose of effective protection of human rights, accession negotiations with the EU and increasing international cooperation and trade, and submitted to the Presidency of the Turkish Grand National Assembly on 26 December 2014; it was enacted into law on 24 March 2016 and entered into force after being published in the Official Gazette dated 7 April 2016 and numbered 29677.

Who is KVKK Mandatory for?

Article 2 of the Law No. 6698 on the Protection of Personal Data defines the scope of the law as “applicable to natural and legal persons who process personal data in whole or in part by automatic means or by non-automatic means, provided that they are part of any data recording system”.

Processing of personal data refers to all kinds of operations performed on personal data such as obtaining, recording, storing, retaining, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data; and everyone is subject to the obligation to comply with the regulations introduced by the KVKK, without making any distinction between real and legal persons who perform these actions.

Who is the KVKK Data Controller? Who is the Data Processor?

Article 3 titled Definitions of the Law No. 6698 on the Protection of Personal Data defines the Data Controller as the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

The Data Processor is defined in the same article as a natural or legal person who processes personal data on behalf of the Data Controller based on the authorization granted by the Data Controller. In order to distinguish between the two concepts, it is necessary to identify the person who will answer the “why” and “how” of the processing activity.

What should be done within the scope of KVKK?

Pursuant to the Law No. 6698 on the Protection of Personal Data, the obligations of the Data Controller, enlightening the applications of the data subjects (data subject: the person whose personal data is processed), data security Taking the necessary measures to ensure that the Data Controllers Registry (VERBIS) registration, responding to the applications of the data subjects, deletion, destruction or anonymization of personal data ex officio or upon the request of the data subject in the event that the reasons requiring the processing of personal data disappear, and fulfillment of the decisions of the Personal Data Protection Board.

What are KVKK Penalties and Sanctions?

According to the Turkish Penal Code No. 5237, anyone who unlawfully records Personal Data shall be punished with imprisonment from one year to three years; anyone who unlawfully obtains or disseminates such data (this penalty may be increased by half depending on the nature of the data) shall be punished with imprisonment from two years to four years; anyone who acts against the obligation to delete, destroy or anonymize such data shall be punished with imprisonment from one year to two years.

In addition, according to the Law No. 6698 on the Protection of Personal Data, administrative fines ranging from 5,000 Turkish Liras to 10,000 Turkish Liras are imposed on data controllers who fail to fulfill the disclosure obligation, from 15,000 Turkish Liras to 1,000,000 Turkish Liras on those who fail to fulfill the obligations regarding data security, and from 20,000 Turkish Liras to 1,000,000 Turkish Liras on those who violate the obligation to register with the Data Controllers Registry.

What are the Differences between KVKK and GDPR?

Although EU legal regulations were taken as a model during the preparation of the Law No. 6698 on the Protection of Personal Data, there are some differences between the KVKK and the GDPR;

While under the GDPR, any company or individual who processes data (including third parties such as cloud service providers), even if not a data controller, is also considered responsible for the lawful processing of data, Article 18/2 of the Law No. 6698 on the Protection of Personal Data sets a different level of responsibility for the data controller and the data processor, imposing administrative fines only on data controllers and the obligation to register with the registry of data controllers only covers data controllers.

Although the concept of the right to be forgotten, which is generally expressed as the right of individuals to control their personal data and delete it when possible, has been included in the framework of a legal regulation for the first time with the GDPR; there is no individual regulation regarding this in the Law No. 6698 on the Protection of Personal Data, and this concept is shaped by the decisions of the Supreme Court and the Constitutional Court in our country.

While the GDPR envisages significant sanctions of €200 million or four percent of the service provider’s global revenue for violations of data protection rules, the Personal Data Protection Law No. 6698 provides for relatively lower administrative fines (5 thousand Turkish Lira – 1 million Turkish Lira).

Regulations on institutions such as the “right to data portability” regulated by the GDPR, “mandatory data protection officer” for the processing of sensitive data and “mandatory data protection impact assessment” for risky data processing activities are not included in the Law No. 6698 on the Protection of Personal Data.

This site is registered on wpml.org as a development site.