top of page

OUR LPPD POLICY AND CLARIFICATION TEXT

ARTICLE 1 – INTRODUCTION

 

As YOUTH'S EMPOWERMENT AND ACTION PLAN ASSOCIATION (referred to as “Association” or “YEAP”), our association carries out activities in the field of youth work and ensures that the personal data of our current and potential audience, target groups, partners and stakeholders with whom we cooperate, employees or other third parties are legally protected. Processing and preservation is an extremely important issue for our association.

 

This Policy on the Processing and Protection of Personal Data (“Policy”) and the obligations to be fulfilled regarding the processing and protection of personal data stipulated within the framework of the Law on the Protection of Personal Data No. 6698 (“LPPD”) and other secondary legislation, and the procedures and principles to be applied in this context are regulated.

 

​

ARTICLE 2 – PURPOSE OF THE POLICY

 

The main purpose of this Policy is to explain the personal data processing activities carried out in accordance with the law regarding the processing and protection of personal data within our Association and at the level of its affiliated partnerships, and to inform the data owners about the personal data processed by our Association.

 

​

ARTICLE 3 – SCOPE OF THE POLICY

 

The provisions of this Policy cover all personal data of our current and potential audience, target groups, cooperating partners and stakeholders, employees or third parties, fully or partially automated or non-automatically processed within our Association, provided that it is a part of any data recording system.

 

​

ARTICLE 4 – DEFINITIONS

 

Explicit Consent: It refers to the consent that is based on information and freely expressed regarding a certain subject.

 

Personal Data: It means all kinds of information (name-surname, TR, e-mail, address, date of birth, credit card number, etc.) related to an identified or identifiable natural person.

 

Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, It refers to all kinds of operations performed on data such as classification or prevention of use.

 

Personal Data Owner/Relevant Person: Refers to the real persons (customers, suppliers, employees, visitors, etc.) whose personal data are processed.

 

Special Qualified Personal Data: Data related to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric data. and genetic data are special categories of personal data.

 

Data Processor: It refers to the natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

 

Data Controller: It refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. In this context, our association is considered as the data controller.

 

​

ARTICLE 5 – BASIC PRINCIPLES AND PERSONAL DATA PROCESSING METHOD

 

This Policy aims to embody the rules stipulated by the LPPD and the relevant secondary legislation, and is a guiding regulation that determines the methods to serve the said purpose. In this context, our Association will analyze the data processing activities carried out by following this policy, determine all necessary actions and take all necessary administrative and technical measures. With the implementation of the actions, compliance with this policy will be ensured by operating the internal audit system and this compliance will be maintained. In addition to the internal audit practice, efforts will be made to raise the awareness of the employees, the necessary compliance processes will be carried out for the new employees of our Association, and the necessary arrangements will be made in the relations of our Association with its subsidiaries and business partners.

 

In all these processes, our Association is aware that the personal data processed in order to ensure legal compliance must comply with the general principles and provisions determined in accordance with the LPPD and other relevant legislation. In this regard, the basic principles to be considered in all personal data processing activities within the scope of Article 4 of the LPPD are as follows:

 

Compliance with the law and honesty rules.

Being accurate and up-to-date when necessary.

Processing for specific, explicit and legitimate purposes

Being relevant, limited and proportionate to the purpose for which they are processed.

To be kept for the period required by the relevant legislation or for the purpose for which they are processed.

In this context, all kinds of data processing activities to be carried out on the data such as obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by our Association. principles will be taken into account.

 

​

ARTICLE 6 - SECURITY OF PERSONAL DATA

 

Pursuant to article 12 of the LPPD, YEAP is obliged to take all necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the unlawful processing and access of personal data and to ensure the preservation of personal data. In addition, all kinds of security measures that may be determined by the decisions of the Personal Data Protection Board (“Board”) in the future will be taken into consideration and applied.

 

Personal data processed in a common database of YEAP and its subsidiaries will be kept confidential within the framework of technical and administrative measures taken in accordance with Article 12 of the LPPD and will not be shared with third parties in any way.

 

YEAP should set up systems to establish the necessary internal audit systems regarding the functioning of the measures in terms of technical and administrative measures to be taken in line with Article 12 of the LPPD, and to carry out and have internal audits done as a result of the established system. This internal audit association will be examined by the units or officials determined by the authorities and necessary actions will be taken.

 

YEAP is obliged to notify the personal data owner and, if necessary, to the Board, as soon as possible, in the event that the processed personal data is obtained by third parties by means contrary to the law or the rule of good faith.

 

In the event that the risk of personal data security breach committed by our association, the possibility of realization of risks related to data protection and their realization situations are determined, the losses to be caused will be determined accurately and appropriate technical and administrative measures will be taken immediately. While determining these risks, first of all, the nature and quantity of personal data (i) whether it is sensitive personal data, (ii) the degree of confidentiality required by its nature, and (iii) the damage that may arise in terms of the person concerned in case of a security breach will be taken into consideration.

 

After defining and prioritizing these risks, control and solution alternatives for reducing or eliminating the said risks; cost, applicability and usefulness will be evaluated in line with the principles, necessary technical and administrative measures will be planned and put into practice.

 

​

ARTICLE 7 – PROTECTION OF PRIVATE PERSONAL DATA

 

Personal data of special nature, data related to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures within the scope of LPPD and biometric and genetic data. In the event that these data are processed unlawfully, special importance is attached due to the risk of causing serious victimization or discrimination of the persons concerned.

 

In this respect, our Association shows special sensitivity in protecting all kinds of data attributed as "special quality" and special quality personal data processed in accordance with the law. The technical and administrative measures taken by our association in accordance with article 6 of this Policy for the protection of personal data are also carefully implemented in terms of special quality personal data and necessary inspections are implemented.

 

In accordance with the legislation in force and provided that the measures to be determined by the Board are taken, the personal data of special nature varies depending on whether the personal data owner has express consent or not. Accordingly, special categories of personal data:

 

Personal data is processed with the explicit consent of the owner.

If the personal data owner does not have express consent,

Special categories of personal data other than the health and sexual life of the personal data owner, in cases stipulated by the laws,

Persons or authorized institutions and organizations that are under the obligation to keep confidential, only for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing. processed by.

 

​

ARTICLE 8 – CLARIFICATION OBLIGATION

 

YEAP is obliged to inform the personal data owners about the reason and the method their data will be processed during the acquisition of personal data. Minimum matters regarding the obligation to inform are regulated under article 10 of the LPPD:

Identity of our association and its representative, if any, as the data controller,

For what purpose personal data will be processed,

To whom and for what purpose personal data can be transferred,

Method and legal reasons for collecting personal data,

Rights of the personal data owner.

Accordingly, YEAP will first determine personal data collection channels, and clarification points and texts will be determined for each channel.

 

​

ARTICLE 9 – RIGHT OF APPLICATION OF PERSONAL DATA OWNERS

 

Personal data owners regarding their personal data processed within our Association will be able to benefit from some of the rights stipulated under Article 11 of the LPPD by applying to our Association, which is the data controller. In this context, personal data owners:

 

Learning whether personal data is processed or not,

If personal data has been processed, requesting information about it,

Learning the purpose of processing personal data and whether they are used in accordance with its purpose,

Knowing the third parties to whom personal data is transferred at home or abroad,

Requesting correction of personal data in case of incomplete or incorrect processing,

Requesting the deletion or destruction of personal data,

Requesting notification of the transactions and personal data to third parties,

Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,

In the event that personal data is damaged due to unlawful processing, it has the right to demand the compensation of the damage.

 

​

ARTICLE 10 – OBLIGATION TO REGISTER WITH THE DATA CONTROLLERS REGISTRY

 

Our association will register in the Data Controllers Registry by submitting the documents and information regarding the applications specified in accordance with the LPPD and the Regulation on the Data Controllers Registry, within the period to be determined and announced by the Board and as long as it falls within the scope of the obligation.

 

​

ARTICLE 11 - TRANSFER OF PERSONAL DATA

 

As a rule, the transfer of personal data will be legitimate and lawful, with the explicit consent of the personal data owner or in line with the exceptions stipulated in Article 5 of the LPPD, or in line with the exceptions stipulated in the LPPD article 6/3 with reference to the other laws, provided that adequate measures are taken. YEAP will provide personal data transfer within the framework of these principles and conditions.

 

However, while transferring personal data abroad, YEAP will either provide the explicit consent of the relevant personal data owner or provide one of the conditions specified in line with the exceptions stipulated within the framework of Article 5 of the LPPD or in line with the exceptions stipulated in the LPPD article 6/3, provided that adequate measures are taken. and also in the foreign country to which the personal data will be transferred; In the absence of sufficient protection, data controllers in Turkey and in the relevant foreign country will be able to transfer abroad without seeking the explicit consent of the data subject, provided that they undertake an adequate protection in writing and that the permission of the Board is available.

 

​

ARTICLE 12 – IMPLEMENTATION OF THE POLICY AND RELEVANT LEGISLATION

 

The current law, secondary regulations and other relevant legislation on the processing and protection of personal data and this Policy will be implemented within YEAP. However, if there is any incompatibility or conflict between the legislation in force and this Policy, our Association accepts that the current legislation will find an area of application.

 

This Policy has been embodied within the framework of YEAP applications of the rules determined by the relevant legislation in force, and our Association carries out the necessary systems and preparations to act in accordance with the effective periods stipulated within the scope of LPPD.

 

​

ARTICLE 13 – ENFORCEMENT OF THE POLICY

 

The policy is made available to everyone whose personal data is processed on the website of our Association (www.yeapassociation.org).

 

 

CLARIFICATION TEXT ON PERSONAL DATA

​

Informing, Law on Protection of Personal Data No. 6698 to inform the personal data owner about the process regarding the acquisition, storage, transfer, sharing and processing of personal data shared with YOUTH'S EMPOWERMENT AND ACTION PLAN ASSOCIATION (“Association” or “YEAP”). (“LPPD”), it is done due to legal obligation in accordance with article 10. YEAP reserves the right to make changes in this clarification text due to legislative changes and the methods to be determined by the Personal Data Protection Board. YEAP attaches great importance to keeping personal data confidential and not sharing this information with third parties. YEAP takes the necessary administrative and technical measures in accordance with Article 12 of the LPPD and other relevant provisions in order to prevent the unlawful use of your data in the processing and transfer processes of your personal data, and to ensure its preservation and data security. On behalf of the existence of personal data that you shared and/or will share with YEAP, we would like to present the following for your information.

 

a) Data Controller

In accordance with the Personal Data Protection Law, your personal data; "as a data controller" can be processed by YEAP within the scope described below.

b) Purpose of Processing Personal Data

The personal data collected can be used to ensure that customers can benefit from the services within the scope of business intermediation, ensure the execution of human resources policies, ensure employment, carry out commercial activities, ensure the legal and commercial security of those who have a business relationship with YEAP, determine and implement commercial and business strategies, and fulfill legal obligations. It is processed in accordance with the law within the personal data processing conditions specified in Articles 5 and 6 of the LPPD.

c) Transfer of Processed Personal Data

The personal data collected are for the purposes of enabling customers to benefit from the services within the scope of business intermediation, ensuring the execution of human resources policies, ensuring employment, ensuring the legal and commercial security of people in business relationship with YEAP, determining and implementing commercial and business strategies, and fulfilling legal obligations; Personal data processing specified in Articles 8 and 9 of Law No. be transferred in accordance with its terms and purposes.

d) Method and Duration of Personal Data Collection

Personal data by YEAP through different channels and based on different legal reasons; It is collected in order to improve the products and services offered, to enable customers to benefit from the services within the scope of business intermediation, to provide employment and to carry out commercial activities. Collected personal data can be processed and transferred for the purposes specified in articles (b) and (c) of this Clarification Text within the scope of personal data processing conditions and purposes specified in Articles 5 and 6 of the LPPD Law.

 

Personal data is collected and processed by YEAP in the following ways, including but not limited to;

 

1) Job applications made through the yeapassociation.org website

2) Applications or resumes prepared through career internet portals,

3) Email

4) References

5) Personal application form,

 

Personal data is controlled automatically or manually by YEAP consultants and is kept on the server provided by the domestic internet service provider.

 

YEAP, in case of establishing a contractual relationship in accordance with the Regulation on the Deletion, Destruction or Anonymization of Personal Data, and our Association's Personal Data Storage, Anonymization and Destruction Policy and other relevant legislation, for the duration of the contract and for the periods permitted by the laws, and in case it is not established. personal data is retained for the period required by the purpose of processing, within 6 months from the date of application to YEAP or if a period is not stipulated in the legislation. The retained data is deleted, destroyed or anonymized after the reasons for processing the data in accordance with Article 7 of the LPPD.

 

e) Rights of the Data Owner as per Article 11 of the LPPD

Personal data owners:

1) Learning whether personal data is processed or not,

2) If personal data has been processed, requesting information about it,

3) Learning the purpose of processing personal data and whether they are used in accordance with its purpose,

4) To know the third parties to whom personal data is transferred in the country or abroad,

5) Requesting correction of personal data in case of incomplete or incorrect processing,

6) Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing disappear, although it has been processed in accordance with the provisions of the LPPD and other relevant laws, and requesting the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,

7) Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,

8) In case of loss due to unlawful processing of personal data, it has the right to demand the compensation of the damage.

In accordance with paragraph 1 of Article 13 of the LPPD, Data Owners are required to submit their requests to exercise their rights stated above in "written" or by other methods to be determined by the Personal Data Protection Board.

In order to exercise the above-mentioned rights, data owners can submit their requests together with the necessary information identifying their identities and explanations about the rights they want to use, together with the "Application Form" located at www.yeapassociation.org. Detailed information on the application form and ways are included in the application form published on the website.

 
bottom of page