The Purpose and Scope of the Policy Preparation

Personal Data Protection and Processing Policy (“Policy”) has been prepared to indicate the rules and principles that we, as Vigo Teknoloji ve Lojistik A.Ş. (“Vigo” or “Company”), consider when processing personal data.

The policy covers all natural persons whose personal data are processed by our Company.

We may need to make updates to this Policy from time to time. Updates are posted on the https://vigovigo.com/ website.

Terms Used in the Policy

The terms used in the Policy and their explanations are given in the table below. Definitions not specified in the table shall be deemed to be used as defined in the Law on Protection of Personal Data No. 6698 and secondary regulations.

Explicit Consent: Consent about a specific subject, based on information and expressed with free will.

Anonymization/Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person under any circumstances, even by pairing it with other data.

Employee: Vigo employee.

Relevant Person / Data Owner: The natural person whose personal data is processed.

Destruction: Deletion, destruction or anonymization of personal data.

Law: Law on Protection of Personal Data dated 24/3/2016 and numbered 6698.

Board: Personal Data Protection Board.

Institution: Personal Data Protection Authority.

Sensitive Personal Data: Data related to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric data. and genetic data.

Data Processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.

Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Data Registration System: The registration system in which personal data is processed and structured according to certain criteria.

Personal Data

Personal data refers to any information relating to an identified or identifiable natural person. In other words, any information that identifies or serves to identify a person is personal data. For example, your identity number, education level, age, shopping habits are your personal data.

Processing of Personal Data

Processing of personal data, obtaining, recording, storing, keeping, changing, rearranging, disclosing, transferring, taking over, making available, classifying personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system. means any operation performed on the data, such as preventing its use or use.

Data Controller

Vigo determines the purposes and means of processing personal data regarding the personal data processing activities it carries out while conducting Company operations, and is responsible for the establishment and management of the data recording system in which personal data is processed. In this context, our Company acts as a data controller for many personal data processing activities.

Our company is responsible for deciding how to store, use and transfer your personal data in the personal data processing activities where it acts as the data controller. In some cases, our Company does not determine the purposes and means of processing personal data; may process personal data with the instructions of another company. In this case, the Company will act as a data processor within the scope of the Law. This Policy contains information about the personal data processing activities for which the Company acts as the data controller.
In some cases, there may be situations where Vigo and another data controller determine the purposes and means of processing personal data together (there may be more than one data controller responsible for the processing of your personal data). This Policy informs about the data processing purposes and means of Vigo; In order to be informed about how other data controllers process your personal data, please review the policy of the relevant data controller.

Personal Data Collection Channels

Vigo collects your personal data from various channels. Your personal data may be collected directly by you (for example, when you apply for a job). In some cases, your personal data is obtained through third parties.

Vigo informs the relevant persons about the methods by which it collects personal data in accordance with its disclosure obligation.

Personal Data Processing Principles

Vigo acts in accordance with the following principles in all activities where it processes personal data:

• Compliance with the law and honesty rules. We carry out our data processing activities in accordance with all applicable legislation, especially the Law No. 6698 and secondary regulations.
• Being accurate and up-to-date when needed. We always keep channels open to ensure that your personal data is accurate and up-to-date.
• Processing for specific, explicit and legitimate purposes. We specify the purposes for which personal data will be processed, and we present these purposes to the information of the relevant person in a transparent and understandable manner.
• Being relevant, limited and proportionate to the purpose for which they are processed. We do not process personal data that is not related to the realization of the purpose or that is not needed, and we do not carry out personal data processing activities to meet possible needs.
• To be stored for the period required by the relevant legislation or for the purpose for which they are processed. If there is a period stipulated in the legislation for the storage of personal data, it complies with this period; If such a period is not foreseen, we retain personal data only for as long as necessary for the purposes of processing.

Legal Reasons for Personal Data Processing

According to the Law on the Protection of Personal Data, at least one of the legal grounds (data processing conditions) specified in the Law must be present in order for personal data to be processed. These legal grounds are arranged separately for sensitive personal data and non-specific personal data (hereinafter referred to as personal data). The legal grounds for the processing of personal data and the processing of sensitive personal data are explained under two headings below:

Legal Reasons for Processing Personal Data

The legal grounds for the processing of personal data are included in Article 5 of the Law. According to this article, personal data,

• Explicitly stipulated in the Laws of data processing (“Explicitly stipulated in the Laws”),
• The person who is unable to express his consent due to actual impossibility or whose consent is not given legal validity is compulsory for the protection of himself or someone else's life or physical integrity (“Actual impossibility”),
• Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract ("Constitution or performance of the contract"),
• Data processing is mandatory for the Company to fulfill its legal obligations (“Legal obligation”),
• The personal data has been made public by the person concerned (“Publicization of the data owner”),
• Data processing is mandatory for the establishment, exercise or protection of a right (“establishment, exercise or protection of a right”),
• Provided that fundamental rights and freedoms are not harmed, data processing is compulsory for the legitimate interests of the Company (“Legitimate interest”),
• It can be processed if one or more of the legal reasons exist.

If there is no legal reason listed, your personal data can only be processed if you have your explicit consent. If there is one of the legal reasons stated, the method of obtaining your express consent is not applied for the processing of your personal data.

Legal Reasons for Processing Private Personal Data

Private personal data includes the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and The legal grounds for the processing of special quality personal data are included in article 6 of the Law. According to this article, special categories of personal data,

For special data other than health and sexual life, it is stipulated in the law,

For sensitive data related to health and sexual life, one of the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, and persons or authorized institutions and organizations that are under the obligation to keep these data confidential. processing by

It can be processed if there are legal reasons. If there is no legal reason listed, your personal data can only be processed if you have your explicit consent. If there is one of the legal reasons stated, the method of obtaining your express consent is not applied for the processing of your personal data.

Transfer of Personal Data

In order for personal data to be transferred to third parties, at least one of the legal reasons specified in the Law must exist, as is the case with the processing of personal data. When transferring personal data to third parties, Vigo performs the transfer in accordance with the principles set forth in Articles 8 and 9 of the Law.

Depending on the nature of each data processing activity, the purposes of transferring personal data and the parties to which they are transferred may change. In case of such a situation, the relevant persons will be informed within the clarification text specific to that process.

Storage of Personal Data

Personal data is kept by our Company in accordance with the principle of "preserving personal data for the period required by the relevant legislation or for the purpose for which they are processed". Personal data is deleted, destroyed or anonymized by our Company in the event that the period stipulated in the legislation or for the purpose of processing expires.

Personal Data Security

Our company takes the necessary technical and administrative measures to prevent the unlawful processing of personal data, to prevent unlawful access to data, and to ensure that data is kept securely.

Below are the main technical and administrative measures taken by the Company regarding data security:

• Network security and application security are provided.
• A closed system network is used for personal data transfers via the network.
• Security measures are taken within the scope of procurement, development and maintenance of information technology systems.
• Access logs are kept regularly.
• Data masking is applied when necessary.
• User account management and authorization control system is implemented and these are also followed.
• Data loss prevention software is used.
• Apart from the ones stated here, other technical and administrative measures are also taken by the Company, taking into account the nature of personal data and the degree of confidentiality required. The measures taken to ensure the security of sensitive personal data are specified in the "Privacy Personal Data Protection and Processing Policy.

Rights Regarding Personal Data

• Learning whether your personal data is processed,
• If we are processing your personal data, requesting information about it,
• To learn the purpose of processing your personal data and whether they are used in accordance with the purpose,
• Knowing the third parties to whom we transfer your personal data, if any, in the country or abroad,
• Requesting correction of your personal data in case of incomplete or incorrect processing and requesting that we notify the third parties to whom we have transferred the personal data, if any, of the transaction carried out in this context,
• Requesting the deletion or destruction of your personal data in the event that the reasons requiring processing are removed, even though we have been processed in accordance with the law and relevant legislation, and requesting that we notify the third parties to whom we have transferred your personal data, if any, of the transaction carried out in this context,
  Objecting to situations where your personal data we process is analyzed exclusively through automated systems, and if there are situations that result in a negative outcome,
• Requesting compensation for your damage in case you suffer damage due to unlawful processing of your personal data.
• In addition to the above, in cases where we process your personal data based on your explicit consent, you always have the right to withdraw your explicit consent by contacting us.
• To exercise your rights, you can fill out the Data Owner Application Form at https://vigovigo.com/, send your request to the Contact Person e-mail address [email protected] via your e-mail address registered in our systems, or send your request to the Data Controller Application Procedures and Principles. You can forward your requests to us using other methods specified in the Communiqué.
• If you send us your request regarding your rights, we will respond to your request as soon as possible and within thirty days at the latest, depending on the nature of your request.
• You will not be charged a separate fee for exercising your rights. However, if your transaction requires an additional cost, we may charge you the fee in the tariff determined by the Personal Data Protection Authority. In such a case, we will inform you of the additional cost."

Contact

For all your questions regarding this Policy or the processing of your personal data, you can contact us via the contact information below.

Contact Person E-mail Address: [email protected]
Company Address: Kozyatağı Mah. Değirmen Sok. Nida Kule No:18 K:7 Bağ.No.16 Kadıköy / İstanbul
Phone: +850 822 67 05