Click to View Information Application Form
As Urla Sahne, we attach great importance to the privacy and safety of your personal data. In this context, we would like to inform you on how we process the personal data belonging to our guests, suppliers, business partners, their employees and authorities, and all other third parties, as well as for what purposes we use this information, and how we protect it.
All concepts and expressions used in this statement shall have the meaning attributed to them in Law No. 6698 on the Protection of Personal Data (“ KVKK“) and relevant regulations. The term “you” in this statement refers to your party. The term “personal data” has been used in this document to also include personal data of special nature. Please see Appendix – Abbreviations for a full list of meanings expressed by the terms and abbreviations used in the Policy.
We would like to remind you that if you do not accept the terms of this statement, you should not convey any personal data to us. If you prefer not to convey any personal data to us, it may not be possible for us at times to provide you with services and respond to your requests, or we may not guarantee the full functionality of the services we offer to you.
We would like to remind you that it is your responsibility to ensure that the personal data you provide to our Company is accurate, complete, and up to date. Beyond that, if you share the personal data of other persons with us, it shall also be incumbent upon you to gather this information in accordance with all legal obligations in your locality. This shall mean that you have obtained the consent of the third parties in question as regards our gathering, processing, using and disclosing their personal data, and our Company shall not be held liable in this respect.
ABOUT URLA SAHNE
Urla Sahne is operated by Kassanov Hotel Management and Tourism Inc. accommodation and catering services in the hospitality industry.
The expressions “ we” or “ Company” or “ Urla Sahne” refer to the personal data processing activities of the Data Controller, Kassanov Hotel Management and Tourism Inc. (“ Urla Sahne“), which is registered with the number 51695-5 at Istanbul Trade Register and operates at the address, Gümüşsuyu Mah. Asker Ocağı Cad. No:1 Beyoğlu/İstanbul.
OUR PRINCIPLES FOR PROCESSING PERSONAL DATA
All personal data processed by our Company are processed in accordance with KVKK and relevant regulations. As per Article 4 of KVKK, the following are the fundamental principles we uphold when processing your personal data:
DATA SUBJECT CATEGORIES
The following are the categories of data subjects, except for the employees whose data is processed by our Company (including interns and employees of subcontractors). We have a separate, internal policy for processing the personal data of our employees. Those who fall outside the scope of the categories listed below can also send us requests as per KVKK; their requests shall also be evaluated.
RELEVANT PERSON CATEGORY |
EXPLANATION |
Customer |
Real and/or legal persons (such as agencies or other hotels) staying at our facility and/or benefiting from the services we offer |
Potential Customer |
Real or legal persons that have stayed at our hotel and/or have taken an initiative to or shown interest in benefiting from our services, or are considered, in conformity with rules of bona fides, to have such an interest |
Visitor |
Real persons who entered the physical premises (offices etc.) of our Company on the occasion of an event or for other purposes, or who visited our website |
Third Person |
Third-party real persons who are associated with the abovementioned real persons for the purposes of ensuring the commercial transactional safety between our Company and the abovementioned persons, protecting their rights, and achieving their interests (e.g. sureties, companions, family members and relatives) or all real persons whose personal data our Company has to process even though it is not explicitly stated in the Policy (e.g. former employees, suppliers of our suppliers) |
Employee and Intern Candidates |
Real persons who applied for a position at our Company or dropped their CVs or related information for our review |
Group Company Employee |
Employees and representatives of companies belonging to the Kassanov Hotel Management and Tourism Inc. of which Urla Sahne is a member |
Employees, Shareholders, Officials of the Institutions with Which We Cooperate |
Real persons, including shareholders and officials, that work at organizations with which our Company has a business relationship (including, but not limited to, business partners and suppliers) |
WHEN DO WE COLLECT YOUR PERSONAL DATA?
We collect your personal data typically in the following situations:
We shall process the personal data we collect in the abovementioned situations only in accordance with this Statement.
WHICH TYPES OF PERSONAL DATA DO WE PROCESS ABOUT YOU?
The personal data we process about you varies depending on the nature of the business relationship between you and us (e.g. customer, supplier, business partner etc.) and on the means of communication you choose to contact us (e.g. phone, email, written document etc.).
Basically, we process your information when you contact us via phone or email to make a reservation at our hotel; when you stay at our hotel; when you receive services such as tennis courses, events, restaurant etc.; when you attend events held at our hotel; when you participate in surveys we hold or interact with us in any other way. In this context, the personal data we process about you can be broken down into the categories:
Data categories |
Examples |
ID information |
Information found of ID documents such as name, surname, title, date of birth etc. |
Contact information |
Email, phone number, address |
Pictures and/or videos that can identify you |
Pictures, videos and audio that is processed when you visit our Company or when you attend an event organized by our Company, for reasons of security |
Financial data |
Bank account data, invoice information, credit card information |
Any other information you voluntarily decide to share with Urla Sahne |
Personal data you share with us of your own accord (personal data you convey to us in order for your secretarial requests to be met), feedback, opinion, requests, complaints, assessments, and comments that you share with us, and our evaluations regarding the same, as well as uploaded files, fields of interest, and information shared with us for our detailed review before we establish a business relationship with you |
Electronic data collected automatically |
We may also collect electronic data that is sent to us by your computer, smartphone, or other device when you visit or use our website, or interact with us through other electronic channels (e.g. device hardware model, IP address, operating system version and settings, your date and duration of using our digital channels or products, your actual location when you activate location-based products or features, the links you click, movement sensor data etc.) |
Information on legal transaction and compliance |
Your personal data, as well as audit and inspection data arising from our legal obligations, payment of our debt, identification of our legal receivables and rights, and need for compliance with our Company policies |
Customer/Supplier data |
Information obtained regarding data subject customers/suppliers or employees and signatories working for any customer/supplier as a result of the operations conducted by our business units, and information necessary for creating reservations for the restaurant, events and other services |
Management and security information |
Information and assessments regarding events that have the potential to impact the employees, executives, or shareholders of our company, including license plates and vehicle information, travel and transport information, and facial composite information |
Personal data collected from other sources |
We may also collect your personal data from public databases, and using the methods and platforms with which our business partners collect data on our behalf, to the extent that is lawful as per existing laws and regulations. For instance, before we establish a business relationship with you, we may do research about you using public records in order to ensure the technical, administrative, and legal security of our commercial activities and transactions. In addition, it is also possible that the personal data of third parties might be conveyed to us through you (e.g. the personal data of any of your guests, sureties, companions, family members etc.). In order for us to manage our technical and administrative risks, we may process your personal data via methods that are used in accordance with generally accepted legal and commercial conventions and the principle of bona fides. |
PROCESSING THE PERSONAL DATA OF EMPLOYEE CANDIDATES
We process the personal data of Employee Candidates such as the schools they graduated from, prior business experiences, disability status etc. so that we can better understand their qualifications and evaluate their fitness for the vacant position, and in order to verify the accuracy of the information they have provided to us, do research about the candidate by contacting third parties, comply with the relevant regulations, and implement the recruitment rules and human resources policies of our Company.
The personal data of employee candidates is processed via the job application form, the applications submitted to our Company physically or via email, or through recruitment or consultancy firms; interviews conducted face-to-face or online, checks carried out about the employee candidate by our Company; and recruitment tests conducted by human resources experts in order to verify the fitness of the employee candidate for the vacant position.
When applying for a position, employee candidates are informed via a detailed disclosure statement – as per KVKK – before they share their personal data with us, and their explicit consent is sought for the processing of their personal data.
PROCESSING THE PERSONAL DATA OF VISITORS AT OUR HOTEL
Our Company processes the personal data of visitors to our facility during their check-in and check-out processes, for the purposes of ensuring the physical safety of our Company, employees, and visitors, and monitoring compliance with workplace rules. In that regard, in order to monitor the visitor check-in/check-out activity, the name-surname and Turkish identification numbers of visitors are verified through their ID cards and noted down in the visitor book. In addition, visitors are given visitor cards in exchange for ID cards during their time at the facility, and their ID cards are returned upon leaving.
The visitor is informed with a disclosure statement located at the security checkpoint before their personal data is collected and processed. However, since our company has a legitimate interest in this case, we do not seek the explicit consent of the visit as per Article 5/2/f of KVKK. This data is only kept in the physical visitor book and not transferred to another environment unless the Company’s security is under threat. However, this information can be utilized to prevent crime or ensure the security of the Company.
We make copies of the ID cards of the individuals who come to the facility as visitors to our guests, and share them with legal authorities, in accordance with our legal obligations.
In addition, we provide internet connection to the visitors who request it throughout their visit in order to ensure their safety and for the purposes stated in the Policy. In this case, the log records for their internet access are recorded as stipulated by Law No. 5651 and relevant regulations; these records are shared only when requested by legal authorities, and processed only for the purpose of fulfilling our legal obligations during internal audit processes at our Company.
The log records made in this context can only be accessed by a select group of Kassanov employees. The Company employees who have access to the abovementioned records can only access them when responding to requests by public authorities or for use in internal audit processes.
PROCESSING PERSONAL DATA VIA CLOSED CIRCUIT CAMERA RECORDING
Security cameras are used to ensure the safety of our Company and facility, which involves processing personal data. Our Company has the following purposes for its security camera monitoring: enhance the quality of the services on offer, ensure the physical and material safety of the individuals at our hotel and facility, prevent misconduct, and protect the legitimate interests of data subjects.
The personal data processing activity conducted by our Company via security cameras, is being carried out in accordance with the Constitution, KVKK, Law No. 5188 on Special Security Services, and relevant regulations.
Our Company processes personal data in keeping with the purposes for which they are collected as per Article 4 of KVKK, and in a limited and measured manner. Individuals are never monitored in a way that pursues security goals at the expanse of infringing upon their privacy. In that regard, warning signs are placed in common halls where CCTV recording is conducted, and thereby informing data subjects. However, their explicit consent is not sought as the Company has a legitimate interest in preserving CCTV records. In addition, as per Article 12 of KVKK, we take all necessary technical and administrative measures to ensure the security of personal data obtained as a result of the CCTV monitoring activity.
In addition, a procedure has been prepared and implemented by our Company governing the locations where CCTV cameras are installed, the angles that the cameras monitor, and the time periods for which records are kept. This procedure is taken into account before CCTV cameras are installed. Installing cameras in a way that transcends the purpose of security and infringes upon the privacy of individuals is not allowed. Only select Company personnel can access CCTV recordings, and their authorizations are regularly reviewed. The personnel who can access these records sign a letter of undertaking, committing that they shall protect the personal data in a lawful manner.
Image recording is made through the security camera in the general areas of our company and in order to ensure facility security, and the recording process is supervised by the management.
FOR WHICH PURPOSES DO WE USE YOUR PERSONAL DATA?
Our purposes for using your personal data vary depending on the nature of the business relationship between you and us (e.g. guest, customer, supplier, business partner etc.). The main purposes for which we process your personal data are listed below. Personal data processing activities regarding Employee Candidates are explained in the section above titled “The Processing of Personal Data Belonging to Employee Candidates”.
Our Purposes for Processing Personal Data |
Examples |
Evaluating potential suppliers/business partners |
Managing our assessments and conflict-of-interest evaluations as per our risk rules, and promoting the services provided by our facilities |
Guest/Customer Establishing and managing relationships with guests and customers, and managing and closing out our contracts with our suppliers/business partners |
Taking and closing out your reservations for your stay at Urla Sahne, making your registration for your stay, fulfilling your requests before and during your stay at our hotel, enabling you to benefit from the services we provide, creating the necessary health forms for you to benefit from services such as tennis, etc., fulfilling your requests for travel, airport welcome, and tours, responding to and resolving your complaints and demands quickly, taking your reservations for you to have an enjoyable time at our restaurants, providing food of your choice (vegan, vegetarian or other types), determining your room bill, organizing events such as seminars and conferences at our hotel, storing your lost belongings and delivering them to you, providing you with tailoring services, ensuring your security, managing the payment and invoicing processes related to your stay, making offers to our individual and group guests, carrying out the purchasing transactions for the services of our Company, tabling offers, supplying materials, invoicing, creating and executing contract, ensuring the legal transaction safety after the signing of the contract, continuously improving services, assessing new technologies and practices, determining and implementing the commercial and business strategies of our Company, managing operations (request, offer, assessment, order, budgeting, and contract) financial operations, managing financial matters, providing alternatives to real/legal persons with which we have a business relationship, organizing the business processes we conduct with agencies, reviewing the invoices and bills coming from outlets, managing the suppliers for events, meeting the secretarial needs and requests of guests, identifying the individuals who have the potential to harm others, procuring from the pharmacy the medication requested by guests, and creating attendee lists for events held at the facilities |
Managing appropriate marketing processes |
Sending marketing messages via email and phone regarding our services, conducting satisfaction surveys or evaluating your opinions, complaints and comments you post on social media, online platforms, or other venues, giving you feedback, informing our customers of what’s new about our company and of our campaigns, managing ad campaigns, and sending out ads and media bulletins |
Communication and support (upon your request) |
Responding to your queries for information about our services, providing support as regards requests coming through our channels of communication, and updating our records and database |
Compliance with legal obligations |
Managing taxation and insurance processes; fulfilling our legal obligations arising from Law No. 5651 and relevant regulations, Law No. 6563 on Regulation of Electronic Commerce and relevant regulations, Turkish Penal Code No. 5237, Law No. 6698 on Protection of Personal Data, and Identity Notification Law No. 1774; managing processes at public institutions; managing relevant processes within the context of compliance with the laws and regulations we are subject to regarding obligations to store records and to notify, compliance and audit, audits and inspections by authorities, following and concluding lawsuits, and disclosing data at the request of legal authorities; Creating emergency plans and risk documents as per the requirements specified in order to fulfill our legal obligations in accordance with the KVKK, in our dealings with regulatory institutions or as stipulated by existing regulations |
Protecting the Company’s interests and security |
Conducting the auditing activities necessary for protecting the interests of the Company, checking against conflicts of interest, ensuring the legal and commercial security of the persons that have a business relationship with our Company, storing CCTV recordings in order to protect the Company’s equipment and assets, taking the necessary technical and administrative security measures, carrying out the necessary efforts to improve the quality of the services we offer, implementing and monitoring the implementation of workplace rules, managing processes related to quality control, planning and executing social responsibility activities, protecting the commercial reputation of the Kassanov group companies and the credibility they inspire, reporting, dealing with, and taking measures against all incidents, accidents, complaints, theft etc. that take place on the facility, declaring the rules that must be upheld in case of any emergency that might arise during repairs and maintenance, measuring the professional competence of contractors, regulating the check-ins and check-outs or company employees, carrying out quality inspections and fulfilling our legal obligations for reporting and other issues, evaluating the fitness of suppliers, reporting the incidents that take place at the facility 24/7 in order to maintain security |
Planning and executing the company’s commercial activities |
Determining, planning, and implementing the short-term, medium-term, and long-term policies of the Company, determining and implementing the Company’s commercial and business strategies; conducting activities as regards communications, market research, social responsibility, purchasing, and customs, organizing the logistics of goods in free movement as part of export-import operations |
Reporting and auditing |
Ensuring communication with companies belonging Kassanov Hotel & Tourism Inc., conducting the internal auditing and reporting processes related to necessary business activities |
Protecting rights and interests |
Mounting legal defense against legal rights claims such as lawsuits, investigations etc. filed against our Company |
HOW DO WE USE YOUR PERSONAL DATA FOR MARKETING PURPOSES?
Since marketing activities are not considered among the exceptions regulated in Article 5/2 and 6/3 of KVKK, we seek your consent as a rule for processing your personal data for marketing purposes. Our Company may send you regular promotional messages regarding our products, services, events, campaigns, and promotions. Such promotional communications may be sent to you via email, mail, or social network belonging to third parties.
In order to provide you with the most effective and custom-made experience, these communications may be tailored to your preferences (for instance, when you tell us to send you messages in a particular manner, or as we find out from your visits to our websites and mobile sites, or based on the links you clicked in our emails).
We may pursue marketing activities for purposes such as presenting you with campaigns, advantages and other opportunities with your consent, sending you electronic commercial messages (such as ad campaigns, customer satisfaction surveys), sending you gifts and promotions, conducting corporate communications, events, and receptions, and related promotional activities.
When stipulated by existing regulations, we shall seek your consent before launching any such activity. In addition, you shall reserve the right to revoke (suspend) your consent any time you see fit. You may opt out of email and SMS messages and therefore stop all marketing communications by following the link embedded in each email and SMS.
You may contact us any time to ask us to stop sending you any marketing messages (you can find contact details in the section titled “What are Your Rights Regarding Your Personal Data?”).
FOR WHICH LEGAL REASONS DO WE PROCESS YOUR PERSONAL DATA?
We process your personal data in accordance with the legal reasons specified below, as per the Turkish Commercial Code No. 6102, Turkish Code of Obligations No. 6098, Tax Procedure Law No. 213, Article 5 of KVKK and relevant electronic commerce regulations:
Legal Reason |
Examples |
We process your personal data by seeking your consent in cases where it is necessary as per KVKK and relevant regulations (We would like to remind you that you may always revoke your consent) |
We seek your consent to conduct marketing activities. |
Whenever existing regulations permit |
Naming the relevant person on the invoice as per Article 230 of Tax Procedure Law |
When it is necessary to protect the critical interests of a person |
Transferring the medical data of a guest/employee that faints at a meeting to a physician |
When we are obliged to enter into a contract with you, execute the contract, and fulfill our obligations arising from the contract |
Obtaining the bank account information of a guest due to our contractual relationship with the said guest |
Fulfilling our legal obligations |
Fulfilling our tax obligations, and submitting to court information that is requested by a court order |
When your personal data is made public by you |
You sending us email for us to contact you, an employee candidate writing their information on a website that collects job applications, using information that you made public on social media and similar platforms |
Our obligation to process data for establishing or protecting a right, using our legal rights, and mounting a defense against legal claims made against us |
Storing and using when necessary documents that are in the form of proof/evidence |
When our legitimate interests necessitate it so long as fundamental rights and freedoms are not violated |
Ensuring the security of our company’s communications and information, managing the Company’s activities, identifying dubious transactions and researching them in compliance with our risk rules, benefiting from storage, maintenance, and support services in order to receive IT services, leveraging cloud technology in order to ensure the effectiveness of Company activities and benefit from technological developments |
We would like to underline that should you choose to revoke an explicit consent you provided to us, you shall be removed from the commercial membership program that requires the processing of personal data based on explicit consent, and you shall not be able to benefit from any advantages that necessitate this type of processing as of the day you revoke your consent.
WHEN DO WE SHARE YOUR PERSONAL DATA?
Domestic Transfer of Personal Data
Our Company is under the obligation of acting in accordance with the regulations, including KVKK, and decisions made by the Board. As a principle, the personal data and personal data of special nature belonging to data subjects cannot be shared by our Company with other real or legal persons without the explicit consent of these data subjects.
On the other hand, it is possible to share this data without explicit consent in situations specified in Article 5-6 of KVKK. Our Company may share personal data with third parties based in Turkey unless otherwise stipulated in the law or relevant regulations (or in a contract entered into with the data subject), so long as it complies with all the conditions specified in KVKK and other regulations and takes the necessary security measures outlined in regulations.
International Transfer of Personal Data
Just as our Company may transfer personal data to third parties in Turkey, it may also share it with international actors after processing it in Turkey or processing and storing it abroad, in accordance with the Law and relevant regulations and taking the necessary security precautions specified in the law. We transfer your personal data using cloud technology taking all necessary technical and administrative measures in the process. We do this to manage our Company’s activities in the most effective manner possible and to leverage existing technology.
As per Article 9 of KVKK, we seek the explicit consent of data subjects before transferring personal data internationally. However, as per Article 9/2/a of KVKK, if an exception listed in Article 5/2 or 6/3 of KVKK exists or
(a) sufficient protection is provided in the foreign country where the data is to be transferred,
(b) the controllers in Turkey and in the related foreign country guarantee sufficient protection in writing and the Board has authorized such transfer,
International transfer of personal data becomes possible without seeking explicit consent.
In that regard, in exceptional cases where explicit consent is not needed as per the law, our Company seeks to ensure that there is sufficient protection in the foreign country. The Personal Data Protection Board shall determine whether there is sufficient protection in the foreign country, and where sufficient protection is not provided, the controllers in Turkey and in the related foreign country shall guarantee sufficient protection in writing and the Board must authorize such transfer.
Domestic and International Parties to Which Personal Data is Transferred
We share your personal data only in accordance with the following compulsory purposes. We take special care not to share your personal data otherwise. The parties with which we share personal data are listed below:
Your personal data which is being shared is processed only on the condition that your explicit marketing consent has been achieved, and that the data in question is used by the hotel you previously stayed in. You can access detailed information as to how your personal data is processed for marketing purposes in the Policy section titled “How Do We Use Your Personal for Marketing Purposes?”.
FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?
We store your personal data solely for the purposes for which we collected them and for a period of time necessary to fulfill the said purposes. We determine these periods separately for each business process, and we destroy your personal data in accordance with KVKK if there are no other reasons for which we should keep them at the end of the process.
We take into account the following criteria when determining when do destroy your personal data:
HOW DO WE DESTROY YOUR PERSONAL DATA?
As per Article 138 of the Turkish Penal Code and Article 7 of KVKK, despite being processed under legal provisions and other related laws, personal data shall be erased, destructed or anonymized by the controller, ex officio or upon demand by the data subject, upon the disappearance of reasons which require the process.
In that regard, we have prepared a Policy on Storing and Destroying Personal Data. Our Company reserves the right to not honor the requests of the data subject in cases where we have a legal right and/or obligation to store personal data. When personal data is processed automatically – provided that it is part of a data recording system – we implement the procedure of physically destroying the data in a manner that ensures it can never be used again. When our Company cooperates with another person or entity to process personal data on its behalf, the personal data in question shall be deleted by this person or entity irrevocably. As per law, our Company may anonymize personal data when the reasons for which they were processed no longer apply.
METHODS OF DESTROYING PERSONAL DATA
Deleting Personal Data
Despite being processed in accordance with the law, personal data shall be erased by our Company ex officio or upon demand by the data subject, upon the disappearance of reasons which require the process. Deleting personal data refers to the process by which personal data can never be accessed or used again. Our Company takes all necessary technical and administrative measures to ensure that deleted personal data becomes inaccessible to users and cannot be used again for any purpose.
The Process of Deleting Personal Data
The process that must be followed while deleting personal data is as follows:
Methods of Deleting Personal Data
Data Recording Medium |
Explanation |
Personal Data Found in Servers |
For personal data found in servers whose period of storage has ended, the system administrator deactivates the right to access the data, and then deletes the data itself. |
Personal Data Found in Electronic Media |
Personal data found in electronic media whose period of storage has ended is rendered inaccessible and unusable to all employees (relevant users) other than the database administrator. |
Personal Data Found in Physical Media |
Personal data found in physical media whose period of storage has ended is rendered inaccessible and unusable to all employees other than the document archive administrator. In addition, documents are crossed out/painted/deleted line by line to ensure they are completely unintelligible. |
Personal Data Found in Portable Media |
Personal data kept in flash storage whose period of storage has ended is encrypted by the system administrator and stored in a secure environment, with only the system administrator authorized to access it using encryption keys. |
Since personal data can be stored in various recording media, they must be deleted using methods fit for the type of medium they are found in. The following examples illustrate this point:
Application-as-a-Service Cloud Solutions (Office 365, Salesforce, Dropbox etc.): In cloud systems, data should be deleted using the delete command. While carrying out this procedure, it must be ensured that the user does not have the ability to retrieve any deleted data.
Personal Data in Written Form: Personal data in written form should be obscured. Obscuring is done by shredding the paper if possible, and if not, painting the paper in indelible ink and thereby making it irrevocably unintelligible.
Office Files Found in a Central Server: The file should be deleted with the delete command in the operating system, or it should be rendered inaccessible by removing the users’ access to the index where the file or folder in question is located. While carrying out this procedure, it must be ensured that the user is not the system administrator.
Personal Data Found on Portable Media: Personal data found on portable media should be stored with encryption and deleted using software fit for use on this media.
Databases: The lines where personal data are found must be deleted with database commands (DELETE etc.). While carrying out this procedure, it must be ensured that the user is not the database administrator.
Destroying Personal Data
Despite being processed in accordance with the law, personal data shall be erased by our Company ex officio or upon demand by the data subject, upon the disappearance of reasons which require the process. Destroying personal data refers to the process by which personal data can never be accessed or used again. The data controller is obligated to take all technical and administrative measures with regard to destroying personal data.
Data Recording Medium |
Explanation |
Personal Data Found in Physical Media |
Personal data in written form whose period of storage has ended is irrevocably destroyed using shredders. |
Personal Data Found in Optical/Magnetic Media |
Personal data on optical or magnetic media whose period of storage has ended is destroyed by melting, burning, or grinding the media. In addition, magnetic media are put through a special device that exposes the media to extreme magnetic force, rendering any information that is on it inaccessible. |
Destroying Physically: Personal data can be processed automatically, provided that it is part of any data recording system. When personal data is processed automatically, we implement the procedure of physically destroying the data in a manner that ensures it can never be used again.
Deleting safely from software: While deleting and/or destroying personal data processed automatically or semi-automatically and stored in digital environments, we use methods that ensure personal data is irrevocably deleted from any relevant software.
Secure Data Deletion by Expert: In some cases, our company can cooperate with an expert for deleting personal data. In such cases, personal data are deleted/destroyed by the expert in a manner that renders the data irrevocable.
Obscuring: This refers to rendering personal data physically unintelligible.
Methods of Destroying Personal Data
In order to destroy personal data, it is necessary to find all copies of the said data and destroy them using one or more of the methods listed below, depending on the system in which the data is located:
Peripheral Systems: The methods of destruction that can be used depending on the type of medium/environment are found below: i) Network devices (switch, router etc.): The storage media found in these devices are fixed. Such products typically have a delete command but lack a destroy command. Personal data must be destroyed using one or more of the methods listed in (a). ii) Flash-based media: Personal data found on flash-based hard disks with interfaces such as ATA (SATA, PATA etc.) and SCSI (SCSI Express etc.) must be destroyed using the command if it is supported, and if not, one or more of the methods mentioned in (a), or the method of destroying data recommended by the manufacturer must be used. iii) Magnetic tape: This refers to media that carry data with micro magnets found on flexible tape. Personal data must be deleted using de-magnetization by exposing the media to highly magnetic environments, or by way of physically burning or melting the media. iv) Units such as magnetic disks: This refers to media that carries data using micro magnets found on flexible (plate) or fixed media. Personal data must be deleted using de-magnetization by exposing the media to highly magnetic environments, or by way of physically burning or melting the media. v) Mobile phones (SIM cards or fixed storage areas): There is a delete command in smartphones; however, there is no command to destroy. Personal data must be destroyed using one or more of the methods listed in (a). vi) Optical disks: this refers to data storage media such as CDs and DVDs. Personal data must be destroyed by physically burning, grinding, or melting the media. vii) Peripheral units such as printers, fingerprint-activated access gates whose data recording media are modular: Confirming that all data storage media are taken out of the relevant devices, personal data must be destroyed by using one or more of the methods listed in (a). viii) Peripheral units such as printers and fingerprint-activated access gates whose data storage media are fixed: There is a command to delete data in most such devices, but there isn’t a command to destroy data. Personal data must be destroyed using one or more of the methods mentioned in (a).
Paper and microfiche: Personal data on the said media must be destroyed by permanently destroying the media. While carrying out this procedure, the media must be shredded to pieces so small that they cannot be put back together by putting the media in a paper shredder, both horizontally and vertically, if possible. Personal data transferred to an electronic environment by scanning a paper document must be destroyed using one or more of the methods listed in (a).
Cloud Environment: Personal data must be encrypted in cloud systems, and encryption keys must be separate for each cloud solution procured for storing personal data. When the business relationship with a cloud provider ends, all copies of the encryption keys must be destroyed to render personal data inaccessible. In addition to the abovementioned environments, the destruction of personal data on devices that need repair or have been sent for maintenance is carried out as follows: i) destroying personal data found on a device using one or more of the methods mentioned in (a) before the said device is sent to third-party firms such as manufacturers, vendors, or service providers; ii) In cases where it is not possible or appropriate to destroy data, removing and storing the data storage media, and sending other parts to third-party firms such as manufacturers, vendors, and service providers, iii) taking the necessary measures to ensure that the technicians who come in to do maintenance work or repairs on the equipment are not able to copy personal data and transfer it outside the company.
Anonymizing Personal Data
Anonymizing personal data refers to the process by which personal data can never be associated with an identified or identifiable person, even by cross-referencing it with other sources of data. As per law, our Company may anonymize personal data when the reasons for which they were processed no longer apply. To verify that data is anonymized, it is necessary to ensure that data cannot be associated with an identified or identifiable person using any data storage methods, including the retrieval of the data by the data controller or recipient groups, and/or comparing the data with other data sources. Our company takes all technical and administrative measures with regard to anonymizing personal data.
As per Article 28 of KVKK, anonymized personal data can be processed for purposes such as research, planning, and statistics. Such processing is outside the scope of KVKK; therefore, the explicit consent of the data subject shall not be sought.
Methods of Anonymizing Personal Data
Anonymizing personal data refers to the process by which personal data can never be associated with an identified or identifiable person, even by cross-referencing it with other sources of data.
To verify that data is anonymized, it is necessary to ensure that data cannot be associated with an identified or identifiable person using any data storage methods, including the retrieval of the data by the data controller or recipient groups, and/or comparing the data with other data sources.
Anonymizing personal data refers to a process by which all direct and/or indirect identifiers in a dataset are taken out, thereby preventing the relevant person to be identified or to be singled out in a group or crowd. Data that does not point to a specific person as a result of the abovementioned procedure is considered anonymized. In other words, anonymized data is data that has lost its ability to identify a person, and its connection with the person has been severed. The purpose of anonymizing data is severing the connection between the data and the person that the data identifies. The methods to severe this connection, such as grouping, masking, deriving, generalizing, and randomizing – which are applied to the records kept in the data recording system housing the personal data in question – are called anonymization methods. The data that is processed with anonymization methods must have lost its ability to identify a person.
The following are examples of methods of anonymization:
Anonymization Techniques that Do Not Create Value Irregularity: When methods that do not introduce value irregularity are used for anonymization purposes, the values that the data in the cluster have are not subjected to any change, addition, or omission; instead, changes are introduced to entire rows and columns in the cluster. Therefore, while the data set at large is modified, the values located in the fields preserve their original state.
Removing Variables
This is an anonymization technique whereby one or more of the variables in a table are removed. This means removing all columns in the table. This method can be used on the grounds that the variable is a highly effective identifier, an alternative solution cannot be found, the variable is too sensitive to be made public, or it doesn’t serve analytical purposes.
Removing Records
This method involves removing a row that is unique in the dataset, which strengthens anonymization and reduces the possibility of generating extrapolations based on the dataset. In general, the records that are taken out are records that do not have common values with other records and that can easily be guessed by individuals familiar with the dataset. For instance, let’s say that only one person was included to represent an entire sector in a dataset that contains survey results. In this case, it might be preferable to remove the record referring to the individual, rather than removing the entire “sector” variable.
Local Suppression
The purpose of local suppression is to make the dataset more secure and reduce the risk of predictability. If the combination of values belonging to a record creates a rare situation, and this causes the likelihood of that person being singled out to rise, then the value that causes the rare situation is changed to “unknown”.
ç. Generalization
This refers to the process whereby a special value in the personal data is converted into a more generic value. This is the most frequently used technique when creating cumulative reports and in operations conducted over aggregate numbers. The new values show the aggregate values or statistics referring to a group that makes it impossible to identify a single person. For example, let’s say that a person with a Turkish identification number of 12345678901 purchased diapers from an e-commerce platform, and then purchased wet wipes. Using the generalization method, we can achieve a result that says xx% of the people who purchase diapers from the e-commerce platform also buy wet wipes.
Top and Bottom Limit Coding
The method of top and bottom limit coding is implemented by defining a category for a certain variable and combining the values that remain in the grouping created by this category. Generally, the lowest and highest values of a variable are brought together, and a new definition is made for these values.
Global Coding
Global coding is a grouping method used for datasets to which bottom and top coding cannot be applied or which don’t include numeric values or have values that cannot be listed numerically. Generally, it is used where certain values are grouped to facilitate making predictions and assumptions. A common and new group is formed for the selected values and all the records in the dataset are replaced with this new definition.
Sampling
In the sampling method, instead of the whole dataset, a subset taken from the dataset is disclosed and shared. In this way, as it is not known whether a person, who is known to be within the whole dataset, is found in the disclosed or shared sample subset, the risk of making accurate predictions on the persons is reduced. Simple statistical methods are used in the determination of the subset to be used for sampling. For example, if a dataset concerning the demographics, professions and health conditions of women living in Istanbul is disclosed or shared after anonymization, it may be meaningful to scan and make predictions from the dataset concerning a woman who is known to be living in Istanbul. However, if the data is disclosed or shared after anonymization by leaving only the records of the women whose registered province is Istanbul and removing the records of those who are registered in other provinces, since an intruder who has accessed the data cannot predict whether a woman, who is known to live in Istanbul, is registered in Istanbul or not, he/she will not be able to make accurate predictions about whether the information of the woman he/she knows is included in this body of data.
Anonymization Methods That Create Value Irregularity: In contravention to the abovementioned methods, in methods that create value irregularity, the current values are altered, and the values of the dataset are distorted. In this case, as the values of the records are changing, it is necessary to precisely calculate the benefit is expected to be obtained from the dataset. Although the values in the data set are indeed changing, it may still be possible to benefit from this body of data by protecting the overall statistics from being distorted.
Micro-aggregation
In this method, all the records in the dataset are first arranged in a meaningful order, and then the whole set is divided into a certain number of subsets. Afterward, the average value for the specified variable in each subset is calculated, and the value in the subset for that variable is replaced with the average value. Therefore, the average value of that variable valid for the whole dataset will not change.
Data Swapping
Data swapping refers to record alterations obtained by swapping the values of a subset of variables between selected pairs of records. This method is typically used for variables that can be categorized, and the main idea is to transform the database by swapping the values of the variables between the records of the individuals.
Adding Noise
In this method, additions and omissions are applied to ensure a determined level of distortion in a selected variable. This method is employed mostly for datasets that contain numerical values. Distortion is applied equally to each value.
Statistical Methods That Strengthen Anonymization
As a result of bringing some values of anonymized datasets together in unique scenarios, the possibility may emerge of being able to determine the identities of the people in the records or making assumptions concerning their personal data.
For this reason, the anonymization procedure may be strengthened by minimizing the uniqueness of the records within the dataset by applying various statistical methods to the anonymized datasets. The main objective of these techniques is to minimize the risk of disrupting anonymization while preserving, to a certain degree, the benefit to be obtained from the data set.
K-Anonymity
Being able to identify persons or predict information belonging to a certain person in the anonymized data sets when indirect identifiers fall together in the right combinations has called into question the reliability of anonymization processes. Therefore, the necessity arose of making the datasets anonymized by means of various statistical methods more reliable. K-anonymity has been developed to enable the definition of more than one person using certain fields in a dataset so as to prevent people who demonstrate individual characteristics in certain combinations from being exposed. In the event that there are more records than one regarding the combinations formed by gathering some of the variables in a dataset, the probability of identifying the persons that correspond to this combination is reduced.
L-Diversity
L-Diversity method, developed on the basis of the studies carried out on the deficiencies of K-anonymity, takes into account the diversity formed by the sensitive variables corresponding to the same variable combinations.
T-Closeness
Although the L-diversity method provides diversity in personal data, as the method does not care about the content and sensitivity levels of the personal data, there may be circumstances where it cannot provide sufficient protection. The anonymization of personal data in such a way by calculating the closeness levels of the values among them and dividing them into subclasses according to these closeness levels is called the method of T-closeness.
Choosing the Anonymization Method
Our Company decides on which of the abovementioned methods and techniques to use depending on the nature of the data on hand, and the following features and properties of the dataset that we own:
Nature of the data,
Data size,
Type of physical media used to store data,
Data diversity,
The benefit expected from the data / the purpose of processing the data,
The frequency of processing the data,
The reliability of the party to which data will be transferred,
Whether the effort to anonymize the data will be meaningful,
The scope of the impact that might occur if the anonymized nature of the data is harmed,
Distribution of the data,
Controlling the access of the users to the data, and
The probability that an individual may make a meaningful effort to prepare and launch an attack that will distort the anonymity of the data.
When anonymizing a body of data, our Company checks, through the agreements it strikes and the risk analyses it conducts, whether the anonymized data would regain its ability to identify a person when combined with information that is public or that is known to be at other companies that the company shares the data with.