ONLINE INVITATION FORM PRIVACY NOTIFICATION

Purpose limitation. The collection and use of personal data should be limited to purposes: (1) which are stated in law and thus can be known (at least in theory) to the individual at the time of the data collection; or (2) for which the individual has given consent.

NATIONAL DAY AWARD with the title of data controller as defined by the Personal Data Protection Law (“the Law”), we care about the safety of your personal data. Therefore, we would like to inform you about processing your personal data.

THE PURPOSE AND LEGAL REASON FOR PROCESSING YOUR PERSONAL DATA

Your personal data is processed for the purposes and legal reasons stated below in accordance with the Personal Data Protection Law.

Your personal data that falls in the category of “Identity Information, Contact Information” which has been obtained in order to carry out NATIONAL DAY AWARD activities;

In compliance with the legitimate interest of the data controller for the purposes of registering you to the expo, allowing your entrance to the expo and contacting you,

Your personal data, namely your identity and contact information, will be processed in order to send commercial electronic messages in compliance with the legal reason “explicit consent of the person in question”, provided that you have given your approval according to The Law on the Regulation of Electronic Commerce and the secondary regulations.

TRANSFERRING YOUR PERSONAL DATA

GETDC may share your personal data for the purposes stated above with its domestic and/or foreign associates and subsidiaries (and/or third party business associates which are necessary for carrying out the operation) provided that you have given your approval according to The Law on the Regulation of Electronic Commerce and the secondary regulations.

METHODS FOR COLLECTING PERSONAL DATA

NATIONAL DAY AWARD collects your personal data by means of online invitation form which can be found on the website https://nationaldayawards.org. Also, your personal data is collected when you contact GETDC through other methods and disclose them.

STORING THE PERSONAL DATA

Your personal data will be processed and stored in line with the statement in the law, in compliance with the legitimate interest of the data collector as part of Article of the Personal Data Protection law. In this context, your personal data will be processed and stored with the purposes and methods stated above in compliance with the Law, provided that the statement in the law in effect.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

As the data owner, if you submit an application to GETDC and request to exercise your rights stated in the law in compliance with the application procedures determined by the Notice On The Principles And Procedures For The Request To Data Controller, your request will be fulfilled as soon as possible within 30 (thirty) days according to the nature of your request. However, if your procedure requires any additional fees, GETDC may charge a fee according to the tariff determined by the Personal Data Protection Board.

PERSONAL DATA PROTECTION POLICY

Policy, Scope, and Purpose

1. NATIONAL DAY AWARD pledges itself to abide by the principles and rules stipulated by The Law on the Regulation of Electronic Commerce and the secondary regulations and other legislations and to protect the rights and freedoms of the individuals whose data has been processed by NATIONAL DAY AWARD. To that end, the Board of Directors has adopted a written personal data protection policy and system to be applied and developed.

Scope

Terms of the policy cover all information systems and sub-information, contracts, environments and physical areas included in the subject and area of activities of NATIONAL DAY AWARD and all systems and settings produced there for.

This policy applies to all units, staff of the company providing support service, visitors, third parties, interns and contract employees of NATIONAL DAY AWARD.

Purpose of Personal Data Protection Policy and System

The purpose of Personal Data Protection Policy and System is to ensure that NATIONAL DAY AWARD develops and realizes its standards regarding personal data management, to determine and support the organizational objectives and responsibilities, to establish control mechanisms in compliance with the acceptable risk level of NATIONAL DAY AWARD, to fulfill responsibilities that ‘NATIONAL DAY AWARD’ is subject to as per international conventions, the Constitution, the Law, contracts, and codes of practice with respect to personal data protection and to secure the benefits of the individuals in the best way possible.

1. NATIONAL DAY AWARD will abide by personal data protection legislation and data protection principles.

– Data protection principles adopted by ICA Events are provided hereinbelow:

1. To process personal data only on the condition that it is explicitly required considering legitimate corporate purposes,
2. To process only the minimum amount of personal data required in line with said purposes,
3. To provide individuals with explicit information regarding who uses these data and how it is used,
4. To process only relevant and appropriate personal data,
5. To process personal data legally and equitably,
6. To maintain an inventory of personal data categories processed by GETDC,
7. To ensure that the personal data is correct and, if needed, updated,
8. To store the personal data only for a period required by legal regulations, legal responsibilities of GETDC or legitimate corporate benefits,
9. To respect the rights of the individuals regarding their personal data, including the right to access,
10. To keep all personal data safe and secure,
11. To transfer personal data only on the condition that enough protection is available,
12. To apply the exceptions permitted by the legislation,
13. To establish and implement the personal protection system for performing the policy,
14. To determine the internal and external stakeholders of the company who are a party to the personal data protection system and to which extent they are involved in the personal protection system of GETDC,
15.  To determine the employee(s) who have/has special powers and responsibilities regarding the personal data protection syste

Notifications

1. NATIONAL DAY AWARD informs the Board of Personal Data Protection (“the Board of WTE”) that it is the data controller and having this capacity, which data categories it processes.
2. National Day Award determines all personal data categories it processes in the inventory of personal data. The notification is issued in the way and method determined by the Board of WTE and a copy of the notification is stored by WTE.
3. If needed, the notifications are repeated periodically.
4. In order to establish the potential changes that may occur on the notification by the Board of WTE, data processing activities of WTE and the changes thereon are reviewed annually and the Board of WTE is informed, if needed.

In case they violate this policy in any way whatsoever, all units, company staff providing support service, interns and contract employees will be subjected to disciplinary regulations of WTE and if the violation in question constitutes any crime or misdemeanor, relevant authorities are notified accordingly as soon as possible.

The solution partners of WTE, who have access to or have the possibility to access personal data, and all third parties working with WTE are encouraged to read and to abide by this policy. No third party can provide access to personal data processed by WTE without signing a written confidentiality agreement which stipulates responsibilities whose standards are at least as strict as the ones of WTE and the supervising right of WTE thereon.

Definitions

Explicit consent: means freely given, specific and informed consent, Anonymization: means rendering personal data impossible to link with an identified or identifiable natural person, even through matching them with other data, President: means President of the Personal Data Protection Authority

Data subject: (natural person concerned) means the natural person, whose personal data are processed

Personal data: means any information relating to an identified or identifiable natural person,

Sensitive personal data: The data regarding the race, ethnicity, political view, philosophical belief, religion, sect and other beliefs, appearance, association, foundation or union membership, health, sexual life, criminal records and security precautions as well as biometric and genetic data of the individuals, Processing of personal data: means any operation which is performed on personal data, wholly or partially by automated means or non-automated means which provided that form part of a data filing system, such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use thereof,

The Board: means the Personal Data Protection Board, Authority: means the Personal Data Protection Authority,

Data Processor: means the natural or legal person who processes personal data on behalf of the data controller upon its authorization,

Data filling system: means the system where personal data are processed by being structured according to specific criteria,

Data controller: means the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system.

Document Ownership and Approval

The owner of this document is the Committee of WTE and it is responsible for reviewing this document regularly as per review requirements.

The updated version of this document has been made available to all WTE staff on common areas and has been published at the website of the organization.