(1) Purpose and Scope
a) Purpose: This document defines the policies of the Prosumer Economy Society (hereinafter referred to as the SOCIETY) regarding the collection, processing, protection, and destruction of personal data collected in relation to the “First International Prosumer Economy Conference” (hereinafter referred to as the CONFERENCE) organized by the SOCIETY, within the framework of the Law on Protection of Personal Data numbered 6698 (hereinafter referred to as the LAW).
b) Scope: This document covers the collection, processing, protection, and destruction policies of personal and specially qualified personal data collected from participants (hereinafter referred to as PARTICIPANTS) registering for the CONFERENCE by the SOCIETY. The collection, processing, protection, and destruction of personal and specially qualified personal data collected regarding SOCIETY employees are outside the scope of this document.
(2) Definitions
a) Explicit Consent: Informed and freely given consent regarding a specific subject.
b) Personal Data: Any information related to an identified or identifiable real person.
c) Specially Qualified Personal Data: Data regarding individuals’ race, ethnicity, political opinions, philosophical beliefs, religion, sect, or other beliefs, appearance and attire, membership in associations, foundations, or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.
d) Processing of Personal Data: Any operation performed on data, whether or not by automated means, such as collection, recording, storage, preservation, alteration, reorganization, disclosure, transfer, retrieval, making available, classification, or use of data.
e) Destruction: Deletion, destruction, or anonymization of personal data.
f) Deletion of Personal Data: The process of making personal data inaccessible and unusable for the relevant users.
g) Anonymization of Personal Data: The process of making personal data unidentifiable or untraceable to a specific or identifiable real person, even if matched with other data.
h) Data Controller: A natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
i) Data Subject: The real person whose personal data is processed.
j) Participant: Individuals who register for the CONFERENCE.
k) Website: The CONFERENCE website.
(3) Collected Personal Data and Processing of This Data
a) Collected Personal Data
i) Personal Data The SOCIETY may collect personal data listed in ANNEX 2a from PARTICIPANTS.
ii) Specially Qualified Personal Data The SOCIETY may collect specially qualified
personal data listed in ANNEX 2b from PARTICIPANTS. No other Specially Qualified Personal Data will be requested.
b) Collection of Personal Data
i) Data provided directly by PARTICIPANTS: The data other than location and navigation information from the personal data listed in ANNEX 2a and ANNEX 2b is entered by the PARTICIPANT into the designated fields in the system with their explicit consent during registration.
ii) Data Collected During Transactions: The SOCIETY also collects information not previously provided by PARTICIPANTS with the explicit consent of PARTICIPANTS for the purpose of conducting transactions.
iii) Data Collected Through Cookies: The SOCIETY also indirectly collects navigation information of PARTICIPANTS on the WEBSITE through cookies. This navigation information includes details about the device used by the PARTICIPANT, visit details, and information about the use of the WEBSITE (including IP address, geographic location, browser type and version, operating system, source page to access the WEBSITE, visit length, visited pages, and navigation sequence during the visit).
c) Processing of Collected Personal Data
The SOCIETY uses the collected personal data for the purposes specified in the Privacy Policy. In doing so, it operates according to the following principles:
i) Compliance with the law and fairness,
ii) Accuracy and, when necessary, updating,
iii) Processing for specific, clear, and legitimate purposes,
iv) Being relevant, limited, and proportionate to the purpose for which they are processed,
v) Retention for the duration specified in the relevant legislation or as long as necessary for the purposes for which they were processed.
d) Data Controller: In all transactions and actions covered by this policy document, the SOCIETY acts as the Data Controller. Representative information related to this responsibility is shown in ANNEX 4.
(4) Storage and Sharing of Personal Data
a) Data Security: The SOCIETY takes all necessary reasonable measures within the framework
of the LAW, relevant other legislation, and international standards to ensure the security of the data stored on servers in the digital environment.
b) Transmission and Sharing of Data Personal data is shared with third parties only in accordance with the provisions of the LAW and with the explicit consent of the PARTICIPANTS.
(5) Destruction of Personal Data
a) Conditions for Deletion and Anonymization
Personal Data and Specially Qualified Personal Data shall be destroyed within the periods specified in ANNEX 1 if any of the conditions specified in ANNEX 1 occur. In cases where personal data is shared and transferred, Data Controller takes necessary legal and administrative measures to ensure that this deletion process is also implemented by the persons and organizations with whom the data is shared and transferred.
b) Deletion and Anonymization Periods
Deletion and anonymization processes are as shown in ANNEX 1. A data scan is conducted by the Data Controller every six months to determine whether the deletion conditions stated here have occurred. However, the first data scan will be carried out urgently, and the necessary personal data will be permanently deleted in accordance with this policy document.
c) Deletion and Anonymization Processes
Among the deletion and anonymization methods, the one deemed appropriate by the Data Controller is selected for the deletion process. These processes are recorded by the Data Controller. These records are kept by the Data Controller for 3 years.
i) Deletion Procedures
The deletion process, which is the process of making personal data inaccessible and unusable for the relevant users, is applied as the permanent deletion of data held in digital media from all tables, databases, and received database backups associated with database commands in the database as defined by the personal data related to the commands specified. The Data Controller takes the necessary measures to ensure that this process is carried out in line with its purpose.
ii) Anonymization Procedures
The anonymization process, which is the process of making personal data unable to be associated with a specific or identifiable real person in any way, even if matched with other data, is applied as making all data fields that clearly identify the individual being deleted and only the records related to the individual being described with just a serial number, so that these data can no longer be associated with the relevant person. The details of this application are included in ANNEX 3. Data fields that can be used in matching with a person are determined as Critical Fields, and their anonymization methods are determined. The Data Controller takes the necessary measures to ensure that this process is carried out in line with its purpose.
(6) Rights and Obligations
a) Rights of the Data Subject
i) Learning whether personal data is processed,
ii) Requesting information if personal data is processed,
iii) Learning the purpose of the processing of personal data and whether they are used in line with that purpose,
iv) Knowing the third parties to whom personal data are transferred at home or abroad,
v) Requesting correction if personal data is incomplete or incorrectly processed and requesting that this correction be notified to third parties to whom personal data have been transferred,
vi) Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the LAW and requesting that this request be notified to third parties to whom personal data have been transferred,
vii) Objecting to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems,
viii) Having the right to demand compensation for the damages suffered due to the unlawful processing of personal data.
b) Exercising the Rights of the Data Subject
Data subjects can exercise their rights, including the right to have their personal data deleted, by clicking on the “Submit a Request” link at https://good4trust.zendesk.com/hc/tr or by sending an email to mail@good4trust.org. These requests will be responded to by the Data Controller within 30 days.
c) Data Controller’s Obligation to Inform
i) Identity of the data controller and, if any, its representative,
ii) The purpose for which personal data will be processed,
iii) To whom and for what purpose the processed personal data may be transferred,
iv) The method of collection and legal basis for collecting personal data,
v) The obligation to provide information about other rights listed in Article 6a.
d) Data Controller’s Obligation for Data Security
i) To prevent the unlawful processing of personal data,
ii) To prevent unauthorized access to personal data, to take the necessary measures to prevent employees from sharing such information after the termination of the relationship with the employee, including after the relationship with the employee is terminated as part of their duties,
iii) To ensure the preservation of personal data, to take all necessary technical and administrative measures to ensure the appropriate level of security to ensure the purpose of securing the data, and to perform audits,
iv) In case it is determined that personal data has been accessed through unlawful means, to notify the situation to the data subject and the Personal Data Protection Board.
| Condition | Storage Time | Destruction Time |
| (1) Changes or abolition of the relevant legislation provisions forming the basis for the processing or storage of personal data. | From the occurrence of the condition, the general statute of limitations period of 10 years | Within 180 days from the occurrence of the condition |
| (2) Elimination of the purpose requiring the processing or storage of personal data. | From the occurrence of the condition, the general statute of limitations period of 10 years | Within 180 days after the end of the retention period |
| (3) Elimination of the conditions requiring the processing of personal data in Article 5 and Article 6 of the LAW. | From the occurrence of the condition, the general statute of limitations period of 10 years | Within 180 days after the end of the retention period |
| (4) In cases where the processing of personal data is based solely on explicit consent, the individual withdraws their consent. | Within 180 days after the end of the retention period | |
| (5) Acceptance by the data controller of the application made by the data subject regarding the deletion, destruction, or anonymization of personal data within the framework of the rights of the data subject in Article 11 (e) and (f) of the LAW (this application will be responded to by the Data Controller within 30 days). | Within 180 days from the occurrence of the condition | |
| (6) If the data controller rejects the application made by the data subject for the deletion, destruction, or anonymization of personal data, finds the response insufficient, or does not respond within the period stipulated in the LAW; filing a complaint with the Board and approval of this request by the Board. | Within 180 days from the occurrence of the condition | |
| (7) Despite the expiration of the maximum storage period requiring the retention of personal data, the absence of any condition justifying the continued storage of personal data for a longer period. | Within 180 days from the occurrence of the condition |
Annex 2a – Collected Personal Data and Collection, Transfer Information
| Data Category | Data | From whom it was collected | How it is collected | Transfer Information |
| ID | Name and Surname | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| ID | Gender | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| Contact Information | E-Mail Adress | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| Contact Information | Phone Number | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| Contact Information | City and Country | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| CV Information | Organization | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| CV Information | Education | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| CV Information | Student ID | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| CV Information | Job | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| CV Information | Proposal | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| Location | IP Adress | PARTICIPANT | It is collected through Google Analytics. | |
| Navigation Information | Device used during the visit | PARTICIPANT | It is collected through Google Analytics. | |
| Navigation Information | Browser type and version used during the visit | PARTICIPANT | It is collected through Google Analytics. | |
| Navigation Information | Operating system of the device used during the visit | PARTICIPANT | It is collected through Google Analytics. | |
| Navigation Information | The source web page visited | PARTICIPANT | It is collected through Google Analytics. | |
| Navigation Information | Visited pages | PARTICIPANT | It is collected through Google Analytics. | |
| Navigation Information | Visit duration | PARTICIPANT | It is collected through Google Analytics. |
ANNEX 2 – Anonymization Details of Collected Personal Data
| Data Category | Data | Critical Area | Anonymization Form |
| ID | Name and Surname | X | It will be deleted and filled with random characters |
| ID | Gender | X | |
| Contact Information | E-Mail Adress | X | It will be deleted and filled with random characters |
| Contact Information | Phone Number | X | It will be deleted and filled with random characters |
| Contact Information | City and County | Will be stored for statistical purposes | |
| CV | Job | Will be stored for statistical purposes | |
| CV | Education | Will be stored for statistical purposes | |
| Location | IP Adress | X | Deletion of this data collected through Google Analytics will be requested from Google Analytics. |
| Navigation | Device used during the visit | Deletion of this data collected through Google Analytics will be requested from Google Analytics. | |
| Navigation | Browser type and version used during the visit | Deletion of this data collected through Google Analytics will be requested from Google Analytics. | |
| Navigation | Operating system of the device used during the visit | Deletion of this data collected through Google Analytics will be requested from Google Analytics. | |
| Navigation | The source web page visited | Deletion of this data collected through Google Analytics will be requested from Google Analytics. | |
| Navigation | Visited pages | Deletion of this data collected through Google Analytics will be requested from Google Analytics. | |
| Navigation | Visit duration | Deletion of this data collected through Google Analytics will be requested from Google Analytics. |
ANNEX 4 – Data Controller and Data Controller Representative
| Data Controller | Data Controller Representative | ||
| Name and Surname | Title | E-Mail Adress | |
| Prosumer Economy Society | Neşet Kutluğ | Manager | neset@good4trust.org |
Article 7- (1) Personal data shall be deleted, destroyed, or anonymized by the data controller ex officio or upon the request of the data subject if the reasons necessitating its processing have ceased to exist, despite being processed in compliance with this Law and other relevant legislation. (2) The provisions in other laws regarding the deletion, destruction, or anonymization of personal data shall apply. (3) Procedures and principles regarding the deletion, destruction, or anonymization of personal data shall be regulated by a regulation.
Article 5- (1) Personal data cannot be processed without the explicit consent of the data subject. (2) In case one of the following conditions exists, the processing of personal data is possible without seeking the explicit consent of the data subject: a) When expressly provided by the laws. b) When it is necessary for the protection of the life or physical integrity of the data subject or another person who is unable to express his consent due to actual impossibility or whose consent is not legally valid. c) When it is necessary for the conclusion or performance of a contract, provided that it is directly related to the parties of the contract. ç) When it is necessary for the data controller to fulfill its legal obligation. d) When it is made public by the data subject themselves. e) When data processing is necessary for the establishment, exercise, or protection of a right. f) When data processing is necessary for the legitimate interests pursued by the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
Article 6- (1) The data related to individuals’ race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, clothing and dress, membership in associations, foundations or trade-unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data, are considered as personal data of special nature. (2) The processing of personal data of special nature without the explicit consent of the data subject is prohibited. (3) Personal data other than health and sexual life data mentioned in the first paragraph may be processed without the explicit consent of the data subject in cases stipulated by the laws. However, personal data related to health and sexual life can only be processed without the explicit consent of the data subject for the purposes of protection of public health, performing preventive medicine, medical diagnosis, treatment, and care services, planning and managing health services and their financing, by persons or authorized public institutions and organizations under the obligation of confidentiality. (4) In the processing of personal data of special nature, taking additional measures determined by the Board is mandatory.
Article 11- (1) Everyone has the right to apply to the data controller and, by reference, to learn whether personal data related to them are processed; a) to request information as to if personal data has been processed, b) to learn the purpose of the processing of personal data and whether they are used in accordance with the purpose, c) to know the third parties in the country or abroad to whom personal data have been transferred, d) to request the rectification of the incomplete or inaccurate data, e) to request the deletion or destruction of personal data within the framework of the conditions set out in Article 7, f) to request notification of the operations made as per subparagraphs (d) and (e) to third parties to whom personal data have been transferred, g) to object to the occurrence of a result against the person himself/herself through the analysis of the processed data exclusively by automated systems, ğ) to claim compensation for the damages in case the person incurs damages due to the unlawful processing of personal data.
(1) Purpose and Scope
a) Purpose: This document defines the policies of the Prosumer Economy Society (hereinafter referred to as the SOCIETY) regarding the collection, processing, protection, and destruction of personal data collected in relation to the “First International Prosumer Economy Conference” (hereinafter referred to as the CONFERENCE) organized by the SOCIETY, within the framework of the Law on Protection of Personal Data numbered 6698 (hereinafter referred to as the LAW).
b) Scope: This document covers the collection, processing, protection, and destruction policies of personal and specially qualified personal data collected from participants (hereinafter referred to as PARTICIPANTS) registering for the CONFERENCE by the SOCIETY. The collection, processing, protection, and destruction of personal and specially qualified personal data collected regarding SOCIETY employees are outside the scope of this document.
(2) Definitions
a) Explicit Consent: Informed and freely given consent regarding a specific subject.
b) Personal Data: Any information related to an identified or identifiable real person.
c) Specially Qualified Personal Data: Data regarding individuals’ race, ethnicity, political opinions, philosophical beliefs, religion, sect, or other beliefs, appearance and attire, membership in associations, foundations, or unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data.
d) Processing of Personal Data: Any operation performed on data, whether or not by automated means, such as collection, recording, storage, preservation, alteration, reorganization, disclosure, transfer, retrieval, making available, classification, or use of data.
e) Destruction: Deletion, destruction, or anonymization of personal data.
f) Deletion of Personal Data: The process of making personal data inaccessible and unusable for the relevant users.
g) Anonymization of Personal Data: The process of making personal data unidentifiable or untraceable to a specific or identifiable real person, even if matched with other data.
h) Data Controller: A natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
i) Data Subject: The real person whose personal data is processed.
j) Participant: Individuals who register for the CONFERENCE.
k) Website: The CONFERENCE website.
(3) Collected Personal Data and Processing of This Data
a) Collected Personal Data
i) Personal Data The SOCIETY may collect personal data listed in ANNEX 2a from PARTICIPANTS.
ii) Specially Qualified Personal Data The SOCIETY may collect specially qualified
personal data listed in ANNEX 2b from PARTICIPANTS. No other Specially Qualified Personal Data will be requested.
b) Collection of Personal Data
i) Data provided directly by PARTICIPANTS: The data other than location and navigation information from the personal data listed in ANNEX 2a and ANNEX 2b is entered by the PARTICIPANT into the designated fields in the system with their explicit consent during registration.
ii) Data Collected During Transactions: The SOCIETY also collects information not previously provided by PARTICIPANTS with the explicit consent of PARTICIPANTS for the purpose of conducting transactions.
iii) Data Collected Through Cookies: The SOCIETY also indirectly collects navigation information of PARTICIPANTS on the WEBSITE through cookies. This navigation information includes details about the device used by the PARTICIPANT, visit details, and information about the use of the WEBSITE (including IP address, geographic location, browser type and version, operating system, source page to access the WEBSITE, visit length, visited pages, and navigation sequence during the visit).
c) Processing of Collected Personal Data
The SOCIETY uses the collected personal data for the purposes specified in the Privacy Policy. In doing so, it operates according to the following principles:
i) Compliance with the law and fairness,
ii) Accuracy and, when necessary, updating,
iii) Processing for specific, clear, and legitimate purposes,
iv) Being relevant, limited, and proportionate to the purpose for which they are processed,
v) Retention for the duration specified in the relevant legislation or as long as necessary for the purposes for which they were processed.
d) Data Controller: In all transactions and actions covered by this policy document, the SOCIETY acts as the Data Controller. Representative information related to this responsibility is shown in ANNEX 4.
(4) Storage and Sharing of Personal Data
a) Data Security: The SOCIETY takes all necessary reasonable measures within the framework
of the LAW, relevant other legislation, and international standards to ensure the security of the data stored on servers in the digital environment.
b) Transmission and Sharing of Data Personal data is shared with third parties only in accordance with the provisions of the LAW and with the explicit consent of the PARTICIPANTS.
(5) Destruction of Personal Data
a) Conditions for Deletion and Anonymization
Personal Data and Specially Qualified Personal Data shall be destroyed within the periods specified in ANNEX 1 if any of the conditions specified in ANNEX 1 occur. In cases where personal data is shared and transferred, Data Controller takes necessary legal and administrative measures to ensure that this deletion process is also implemented by the persons and organizations with whom the data is shared and transferred.
b) Deletion and Anonymization Periods
Deletion and anonymization processes are as shown in ANNEX 1. A data scan is conducted by the Data Controller every six months to determine whether the deletion conditions stated here have occurred. However, the first data scan will be carried out urgently, and the necessary personal data will be permanently deleted in accordance with this policy document.
c) Deletion and Anonymization Processes
Among the deletion and anonymization methods, the one deemed appropriate by the Data Controller is selected for the deletion process. These processes are recorded by the Data Controller. These records are kept by the Data Controller for 3 years.
i) Deletion Procedures
The deletion process, which is the process of making personal data inaccessible and unusable for the relevant users, is applied as the permanent deletion of data held in digital media from all tables, databases, and received database backups associated with database commands in the database as defined by the personal data related to the commands specified. The Data Controller takes the necessary measures to ensure that this process is carried out in line with its purpose.
ii) Anonymization Procedures
The anonymization process, which is the process of making personal data unable to be associated with a specific or identifiable real person in any way, even if matched with other data, is applied as making all data fields that clearly identify the individual being deleted and only the records related to the individual being described with just a serial number, so that these data can no longer be associated with the relevant person. The details of this application are included in ANNEX 3. Data fields that can be used in matching with a person are determined as Critical Fields, and their anonymization methods are determined. The Data Controller takes the necessary measures to ensure that this process is carried out in line with its purpose.
(6) Rights and Obligations
a) Rights of the Data Subject
i) Learning whether personal data is processed,
ii) Requesting information if personal data is processed,
iii) Learning the purpose of the processing of personal data and whether they are used in line with that purpose,
iv) Knowing the third parties to whom personal data are transferred at home or abroad,
v) Requesting correction if personal data is incomplete or incorrectly processed and requesting that this correction be notified to third parties to whom personal data have been transferred,
vi) Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the LAW and requesting that this request be notified to third parties to whom personal data have been transferred,
vii) Objecting to the occurrence of a result against the person by analyzing the processed data exclusively through automated systems,
viii) Having the right to demand compensation for the damages suffered due to the unlawful processing of personal data.
b) Exercising the Rights of the Data Subject
Data subjects can exercise their rights, including the right to have their personal data deleted, by clicking on the “Submit a Request” link at https://good4trust.zendesk.com/hc/tr or by sending an email to mail@good4trust.org. These requests will be responded to by the Data Controller within 30 days.
c) Data Controller’s Obligation to Inform
i) Identity of the data controller and, if any, its representative,
ii) The purpose for which personal data will be processed,
iii) To whom and for what purpose the processed personal data may be transferred,
iv) The method of collection and legal basis for collecting personal data,
v) The obligation to provide information about other rights listed in Article 6a.
d) Data Controller’s Obligation for Data Security
i) To prevent the unlawful processing of personal data,
ii) To prevent unauthorized access to personal data, to take the necessary measures to prevent employees from sharing such information after the termination of the relationship with the employee, including after the relationship with the employee is terminated as part of their duties,
iii) To ensure the preservation of personal data, to take all necessary technical and administrative measures to ensure the appropriate level of security to ensure the purpose of securing the data, and to perform audits,
iv) In case it is determined that personal data has been accessed through unlawful means, to notify the situation to the data subject and the Personal Data Protection Board.
| Condition | Storage Time | Destruction Time |
| (1) Changes or abolition of the relevant legislation provisions forming the basis for the processing or storage of personal data. | From the occurrence of the condition, the general statute of limitations period of 10 years | Within 180 days from the occurrence of the condition |
| (2) Elimination of the purpose requiring the processing or storage of personal data. | From the occurrence of the condition, the general statute of limitations period of 10 years | Within 180 days after the end of the retention period |
| (3) Elimination of the conditions requiring the processing of personal data in Article 5 and Article 6 of the LAW. | From the occurrence of the condition, the general statute of limitations period of 10 years | Within 180 days after the end of the retention period |
| (4) In cases where the processing of personal data is based solely on explicit consent, the individual withdraws their consent. | Within 180 days after the end of the retention period | |
| (5) Acceptance by the data controller of the application made by the data subject regarding the deletion, destruction, or anonymization of personal data within the framework of the rights of the data subject in Article 11 (e) and (f) of the LAW (this application will be responded to by the Data Controller within 30 days). | Within 180 days from the occurrence of the condition | |
| (6) If the data controller rejects the application made by the data subject for the deletion, destruction, or anonymization of personal data, finds the response insufficient, or does not respond within the period stipulated in the LAW; filing a complaint with the Board and approval of this request by the Board. | Within 180 days from the occurrence of the condition | |
| (7) Despite the expiration of the maximum storage period requiring the retention of personal data, the absence of any condition justifying the continued storage of personal data for a longer period. | Within 180 days from the occurrence of the condition |
Annex 2a – Collected Personal Data and Collection, Transfer Information
| Data Category | Data | From whom it was collected | How it is collected | Transfer Information |
| ID | Name and Surname | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| ID | Gender | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| Contact Information | E-Mail Adress | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| Contact Information | Phone Number | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| Contact Information | City and Country | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| CV Information | Organization | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| CV Information | Education | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| CV Information | Student ID | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| CV Information | Job | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| CV Information | Proposal | PARTICIPANT | It is entered by the PARTICIPANT during registration. | |
| Location | IP Adress | PARTICIPANT | It is collected through Google Analytics. | |
| Navigation Information | Device used during the visit | PARTICIPANT | It is collected through Google Analytics. | |
| Navigation Information | Browser type and version used during the visit | PARTICIPANT | It is collected through Google Analytics. | |
| Navigation Information | Operating system of the device used during the visit | PARTICIPANT | It is collected through Google Analytics. | |
| Navigation Information | The source web page visited | PARTICIPANT | It is collected through Google Analytics. | |
| Navigation Information | Visited pages | PARTICIPANT | It is collected through Google Analytics. | |
| Navigation Information | Visit duration | PARTICIPANT | It is collected through Google Analytics. |
ANNEX 2 – Anonymization Details of Collected Personal Data
| Data Category | Data | Critical Area | Anonymization Form |
| ID | Name and Surname | X | It will be deleted and filled with random characters |
| ID | Gender | X | |
| Contact Information | E-Mail Adress | X | It will be deleted and filled with random characters |
| Contact Information | Phone Number | X | Veri girildi ise silinerek rastgele karakterlerle doldurulacak |
| Contact Information | City and County | İstatistiksel amaçlar için saklanacak | |
| CV | Job | Will be stored for statistical purposes | |
| CV | Education | Will be stored for statistical purposes | |
| Location | IP Adress | X | Deletion of this data collected through Google Analytics will be requested from Google Analytics. |
| Navigation | Device used during the visit | Deletion of this data collected through Google Analytics will be requested from Google Analytics. | |
| Navigation | Browser type and version used during the visit | Deletion of this data collected through Google Analytics will be requested from Google Analytics. | |
| Navigation | Operating system of the device used during the visit | Deletion of this data collected through Google Analytics will be requested from Google Analytics. | |
| Navigation | The source web page visited | Deletion of this data collected through Google Analytics will be requested from Google Analytics. | |
| Navigation | Visited pages | Deletion of this data collected through Google Analytics will be requested from Google Analytics. | |
| Navigation | Visit duration | Deletion of this data collected through Google Analytics will be requested from Google Analytics. |
ANNEX 4 – Data Controller and Data Controller Representative
| Data Controller | Data Controller Representative | ||
| Name and Surname | Title | E-Mail Adress | |
| Prosumer Economy Society | Neşet Kutluğ | Manager | neset@good4trust.org |
Article 7- (1) Personal data shall be deleted, destroyed, or anonymized by the data controller ex officio or upon the request of the data subject if the reasons necessitating its processing have ceased to exist, despite being processed in compliance with this Law and other relevant legislation. (2) The provisions in other laws regarding the deletion, destruction, or anonymization of personal data shall apply. (3) Procedures and principles regarding the deletion, destruction, or anonymization of personal data shall be regulated by a regulation.
Article 5- (1) Personal data cannot be processed without the explicit consent of the data subject. (2) In case one of the following conditions exists, the processing of personal data is possible without seeking the explicit consent of the data subject: a) When expressly provided by the laws. b) When it is necessary for the protection of the life or physical integrity of the data subject or another person who is unable to express his consent due to actual impossibility or whose consent is not legally valid. c) When it is necessary for the conclusion or performance of a contract, provided that it is directly related to the parties of the contract. ç) When it is necessary for the data controller to fulfill its legal obligation. d) When it is made public by the data subject themselves. e) When data processing is necessary for the establishment, exercise, or protection of a right. f) When data processing is necessary for the legitimate interests pursued by the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
Article 6- (1) The data related to individuals’ race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, clothing and dress, membership in associations, foundations or trade-unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data, are considered as personal data of special nature. (2) The processing of personal data of special nature without the explicit consent of the data subject is prohibited. (3) Personal data other than health and sexual life data mentioned in the first paragraph may be processed without the explicit consent of the data subject in cases stipulated by the laws. However, personal data related to health and sexual life can only be processed without the explicit consent of the data subject for the purposes of protection of public health, performing preventive medicine, medical diagnosis, treatment, and care services, planning and managing health services and their financing, by persons or authorized public institutions and organizations under the obligation of confidentiality. (4) In the processing of personal data of special nature, taking additional measures determined by the Board is mandatory.
Article 11- (1) Everyone has the right to apply to the data controller and, by reference, to learn whether personal data related to them are processed; a) to request information as to if personal data has been processed, b) to learn the purpose of the processing of personal data and whether they are used in accordance with the purpose, c) to know the third parties in the country or abroad to whom personal data have been transferred, d) to request the rectification of the incomplete or inaccurate data, e) to request the deletion or destruction of personal data within the framework of the conditions set out in Article 7, f) to request notification of the operations made as per subparagraphs (d) and (e) to third parties to whom personal data have been transferred, g) to object to the occurrence of a result against the person himself/herself through the analysis of the processed data exclusively by automated systems, ğ) to claim compensation for the damages in case the person incurs damages due to the unlawful processing of personal data.