Personal Data Protection
Kuzey Güney VIP Transfer
PERSONAL DATA PROCESSING AND PROTECTION POLICY

Introduction

With the enactment of Law No. 6698 on the Protection of Personal Data (“Law”), important obligations have been placed on those who process personal data, in order to protect individuals’ fundamental rights and freedoms, particularly their right to privacy. Kuzey Güney VIP Transfer (“Company”), whose registered office is located at Ercan Airport, Nicosia, Turkish Republic of Northern Cyprus, adopts a meticulous and sensitive approach to fulfill its obligations and ensure that all its data processing activities comply with the relevant regulations. For this purpose, the Company’s personal data processing procedures are outlined in this Personal Data Processing and Protection Policy (“Policy”), which is established based on the Law and relevant legislation.

Purpose and Scope

Purpose
This Policy is prepared to inform individuals and employees about the Company’s activities regarding personal data processing and protection. It provides a detailed guide regarding the processes, principles, and practices the Company has implemented to meet its obligations under the Law and related regulations.

Scope
The groups of data subjects whose personal data is processed by the Company are specified below. The personal data of individuals, such as employees, job candidates, family members of employees, supplier representatives, customers, and visitors, are processed and protected either automatically or through non-automated means within a data recording system, under the terms of this Policy.

Data Subject Group Definitions

  • “Employee” refers to individuals who have an employment contract with the Company.
  • “Job Candidate” refers to individuals who are under consideration for an employment contract with the Company.
  • “Employee’s Family Member” refers to close family members such as a spouse or children of employees.
  • “Customer” refers to individuals whose data is processed by the Company through verbal or written agreements, or potential customers being considered for its services.
  • “Customer’s Representative” refers to individuals employed by legal entities (customers) that the Company provides services or products to, whose data is processed as part of the customer relationship.
  • “Supplier Representative” refers to individuals working on behalf of entities from which the Company purchases goods or services.
  • “Visitors” refers to individuals who visit the Company’s locations or its e-commerce website.
  • “Third Parties” refers to individuals whose personal data is processed but who are not specifically defined in other categories under this Policy.

Policy and Applicable Law
This Policy aims to ensure the systematic implementation of obligations arising from the Law and other relevant legislation concerning the processing of personal data. The Company prioritizes complying with the law and protecting the personal data of individuals in accordance with the Constitution of the Turkish Republic of Northern Cyprus. In case of any conflict between this Policy and applicable legislation, the Company will ensure compliance with the applicable law.

Effective Date and Changes to the Policy
This Policy was prepared under the leadership of the Company’s Personal Data Protection Committee and was approved by the relevant authority on {14.05.2022}, coming into effect on that date. The policy will be reviewed and updated every six months by the Personal Data Protection Committee, and any necessary changes will be made to ensure compliance with the current legal framework. These updates will be published on the Company’s website and may be communicated to relevant individuals via different channels.

ARTICLE – DEFINITIONS

  • “Receiver Group” refers to the category of natural or legal persons to whom personal data is transferred by the data controller.
  • “Data Subject” refers to the natural person whose personal data is processed.
  • “Personal Data” refers to any information relating to an identified or identifiable natural person.
  • “Personal Data Processing” refers to any operation performed on personal data, whether or not by automated means, such as collection, recording, storage, alteration, retrieval, transfer, dissemination, or destruction.
  • “Sensitive Personal Data” refers to data related to race, ethnicity, political opinion, religious beliefs, health, sexual life, criminal convictions, or security measures, including biometric and genetic data.
  • “Data Category” refers to the classification of personal data based on shared characteristics.
  • “Personal Data Protection Authority” refers to the Personal Data Protection Board.
  • “Request Management Procedure” refers to the procedure guiding how individuals can exercise their rights under Article 11 of the Law, and how the Company responds to these requests.
  • “Data Controller” refers to the entity responsible for determining the purposes and means of processing personal data.
  • “Website” refers to the Company’s online presence, including its corporate website and e-commerce platform.

ARTICLE – PERSONAL DATA PROCESSING

The Company adheres strictly to the provisions of the Law in processing personal data from the moment it is first collected until the data is destroyed. One of the primary goals of this Policy is to transparently inform data subjects about the Company’s principles regarding personal data processing and protection. The methodology followed in this Policy is based on ensuring that the data subject can track the entire journey of their personal data within the Company’s processes.

The following questions will be answered for each data subject:

  • What categories of personal data does the Company process?
  • Does the Company process any sensitive personal data?
  • How does the Company ensure transparency and obtain the explicit consent of data subjects?
  • In what circumstances does the Company process personal data without the explicit consent of the data subject?
  • What principles does the Company follow in personal data processing?
  • For what purposes does the Company process personal data?
  • Where does the Company store personal data?
  • To whom does the Company transfer personal data, both domestically and internationally?
  • What are the Company’s policies regarding data retention and destruction?

Categories of Personal Data Processed by the Company

The Company processes personal data in line with the principles outlined in Article 4 of the Law and based on the conditions specified in Articles 5 and 6, for the purposes stated in Protocol Article 3.5.

Personal Data Categories

  • Identity: Information such as name, surname, national ID number, nationality, parent’s names, date of birth, gender, employment details, etc.
  • Contact Information: Phone number, email address, fax number, and social media accounts.
  • Employment Data: Education, certifications, language skills, CV, leave data, social security number, performance evaluations, etc.
  • Legal Transactions: Information related to legal actions, including garnishment notices.
  • Customer Data: Invoice, delivery, and order details.
  • Security Data: Information like internet traffic data, IP addresses, and other security-related data.
  • Financial Data: Banking information, credit card details, salary, bonuses, etc.
  • Professional Experience: Previous employment and certifications.
  • Marketing Data: User behavior data gathered through cookies.
  • Audio-Visual Records: Photos, voice, and video recordings.
  • Other Information: Family contact details, personal assets, and other personal data relevant to specific needs.

Sensitive Personal Data Processed by the Company

Sensitive personal data includes information on race, ethnic origin, political opinion, philosophical beliefs, religion, health, sexual life, and criminal convictions. The Company processes this type of data only when necessary, and in the smallest scope possible, while taking all necessary administrative and technical measures to protect it.

The Company adheres to strict protocols when handling sensitive personal data, ensuring it is stored in a manner that limits access to only authorized personnel.

Personal Data Being Processed for Purposes Related to and Limited by the Purpose of Processing

The company processes data solely for specific, clear, and legitimate purposes and only to the extent necessary to achieve these purposes. The company is aware that any personal data processing activity that does not serve these defined purposes would be in violation of the law, and with this awareness, it ensures that data processing is done in a proportionate manner.

Retention for the Duration Required by Relevant Legislation or as Necessary for the Purpose

The company retains personal data for as long as required by the relevant legislation. If no time limit is specified in the applicable laws, the company will retain the data only for as long as necessary for the purpose. If the purpose has been fulfilled and the data retention period has passed, the company will destroy the personal data in accordance with the Personal Data Retention and Deletion Policy.

Company’s Personal Data Processing Purposes

The company processes personal data in accordance with the principles set out in Article 4 of the Law, and under the conditions stipulated in Articles 5 and 6, for the following purposes:

  • Managing emergency situations,
  • Managing information security processes,
  • Managing the recruitment and placement processes for candidates, interns, and students,
  • Managing employee application processes,
  • Managing employee satisfaction and loyalty processes,
  • Fulfilling contractual and legal obligations related to employees,
  • Managing employee benefits and rights,
  • Conducting audits and ethical activities,
  • Organizing training activities,
  • Managing access rights,
  • Ensuring compliance with legal requirements in operations,
  • Managing finance and accounting operations,
  • Managing customer loyalty related to the company, products, and services,
  • Managing assignment processes,
  • Following up on legal matters,
  • Conducting internal audits, investigations, and intelligence activities,
  • Managing communication activities,
  • Planning human resources processes,
  • Conducting business activities and audits,
  • Ensuring occupational health and safety,
  • Collecting and evaluating suggestions for process improvement,
  • Ensuring business continuity,
  • Managing sales of goods and services,
  • Managing customer relations,
  • Conducting customer satisfaction activities,
  • Organizing events and activities,
  • Conducting marketing analysis,
  • Managing advertising, campaigns, and promotions,
  • Managing risk management processes,
  • Archiving and storage processes,
  • Managing contract processes,
  • Conducting strategic planning activities,
  • Managing requests and complaints,
  • Managing the compensation policy,
  • Managing marketing processes for products and services,
  • Ensuring the security of data controller operations,
  • Managing foreign personnel work and residence permit processes,
  • Managing investment processes,
  • Conducting talent/career development activities,
  • Providing information to authorized persons, institutions, and organizations,
  • Managing organizational activities,
  • Creating and tracking visitor records.

Environments in Which Personal Data is Stored

Personal data processed fully or partially through automated or non-automated methods as part of a data recording system falls within the scope of recording environments.

Personal data collected by the company may be recorded in various environments depending on the nature of the data, the purpose of processing, and the frequency of use. The company stores personal data in electronic and physical environments securely in accordance with the relevant legislation and international data security principles.

Electronic Environments:

  • Software, cloud, centralized servers, portable media, databases, etc.

Physical Environments:

  • Locked or unlocked cabinets, archives, paper, network devices, flash-based media, magnetic tapes, magnetic disks, mobile phones, optical disks, printers, door access/security systems, etc.

The company processes and stores personal data in line with the specific and legitimate purposes, principles outlined in this Policy, and the retention periods defined by the relevant legislation.

Transfer of Personal Data

The company may transfer personal data to certain recipient groups within the country and abroad for specific purposes, in accordance with the principles set out in this Policy and as per the provisions of the Law.

Domestic Transfer of Personal Data:

When transferring personal data within the country, the company adheres to the following conditions:

  • If the relevant individual has given explicit consent, personal data may be transferred within the country.
  • Personal data may be transferred without the explicit consent of the individual if there is a clear legal provision in the applicable legislation allowing the transfer.
  • Personal data may be transferred without the individual’s explicit consent if necessary for the protection of someone’s life or physical integrity and the individual is unable to give consent due to physical impossibility or if consent is not legally recognized.
  • Personal data may be transferred to third parties necessary for the establishment or performance of a contract to which the individual is a party, without their explicit consent.
  • If the company is obligated to fulfill a legal requirement, personal data may be transferred to third parties without the explicit consent of the individual.
  • Personal data that has been made public by the individual may be transferred to third parties for the purpose of publicizing.
  • Personal data may be transferred to third parties if necessary for the establishment, exercise, or protection of a right, even without the individual’s explicit consent.
  • Personal data may be transferred to third parties if necessary for the legitimate interests of the company, provided it does not harm the fundamental rights and freedoms of the individual.

Transfer of Personal Data Abroad:

The company may transfer personal data abroad only with the explicit consent of the relevant individual.

Without explicit consent, personal data may be transferred abroad if:

  1. The country or countries to which the data will be transferred are recognized by the Personal Data Protection Authority as having adequate protection, or
  2. If the country is not on this list, written commitments from foreign data controllers providing adequate protection have been obtained, and authorization is granted by the Authority.

Additionally, personal data may be transferred abroad in the following cases, even without the individual’s explicit consent:

  • If there is a legal provision regarding the transfer in the relevant legislation,
  • If necessary to protect someone’s life or physical integrity and the individual is unable to give consent,
  • If necessary for the performance of a contract to which the individual is a party,
  • If the company is legally required to transfer the data,
  • If the data has been made public by the individual,
  • If necessary for the establishment, exercise, or protection of a legal right,
  • If the transfer is required for the legitimate interests of the company, without harming the individual’s fundamental rights.

Sensitive Personal Data may be transferred abroad by the company, following the principles outlined in this Policy, after obtaining explicit consent, or without explicit consent in certain cases, provided that adequate safeguards are in place.

Personal Data Retention and Deletion Policy

The company retains personal data for the period required by relevant legislation, and if no such period is stipulated, personal data is stored for a reasonable period based on the purpose and commercial practices. Upon the expiration of the retention period, the company will delete, destroy, or anonymize the personal data in accordance with the Personal Data Retention and Deletion Policy.

Rights of the Relevant Individual

The relevant individual has the right to apply to the company regarding their personal data in accordance with the Personal Data Protection Law and the regulations set out in the relevant legislation. Specifically, they have the right to:

  • Learn whether personal data is being processed,
  • Request information about the personal data being processed,
  • Learn the purpose of processing personal data and whether it is being used appropriately,
  • Learn about third parties to whom personal data is transferred domestically or abroad,
  • Request the correction of incorrect or incomplete personal data,
  • Request the deletion or destruction of personal data,
  • Request that corrections, deletions, or destructions be communicated to third parties to whom the data has been transferred,
  • Object to the analysis of data solely based on automated systems that result in unfavorable outcomes,
  • Request compensation for damages incurred due to the unlawful processing of personal data.

Company’s Request Management

The company has prepared procedures to protect the rights of the relevant individual and fulfill its obligations under the Law. The company will make every effort to provide the requested information free of charge within 30 days. If the process incurs additional costs, the relevant individual may be charged according to the fee set by the Authority. The company will review the request and either accept or reject it with an explanation. If the request is accepted, the company will take necessary actions accordingly. If the request is due to a mistake by the company, the fee will be refunded to the individual.

The relevant individual may exercise their rights by completing the application form in Annex 1, and submitting it to Kuzey Güney VIP Transfer, Lefkoşa, North Cyprus via notary, KEP, or email, or by delivering it personally, or by email to {info@kuzeyguneyviptransfer.com}.

Kuzey Güney VIP Transfer

KVKK APPLICATION FORM

Under Article 11 of the Personal Data Protection Law No. 6698 (“the Law”), data subjects (“Applicant”), defined as individuals whose personal data is processed, have the right to make certain requests regarding their personal data. While exercising these rights, the applicant may submit their request in writing, through registered electronic mail (KEP), by sending it to the electronic mail address registered in our system, or by using an electronic mail address not registered in our system, in accordance with Article 13, paragraph 1 of the Law.

To ensure that your request under the Personal Data Protection Law can be fulfilled, please complete the application form below clearly and fully, and send it by postal mail to the address Kuzey Güney VIP Transfer, Ramadan Cemil Mey. GİRNE/KYRENIA, CYPRUS, Turkey with your wet signature.

Applications sent to us will be responded to within thirty days from the date we receive your request, in accordance with Article 13, paragraph 2 of the Law, depending on the nature of your request. Our responses will be sent to you in writing or electronically, as per the provisions of Article 13 of the Law.

PERSONAL DATA SUBJECT’S IDENTIFICATION AND CONTACT INFORMATION

  • Full Name:
  • K.K.T.C. Identity Number (for Turkish citizens) /
    Passport Number or Identity Number (for foreign nationals):
  • Address for Notification / Business Address:
  • Mobile Phone:
  • Phone Number:
  • Fax Number:
  • Email Address:

Please indicate your relationship with the company:
(Customer, business partner, job applicant, former employee, shareholder, etc.)

PERSONAL DATA SUBJECT’S SELECTION OF RIGHTS TO EXERCISE

(Please check the box next to the statement(s) that correspond to your request)

  • ☐ I would like to know whether your company is processing personal data about me.
  • ☐ If your company is processing personal data about me, I request information regarding these data processing activities.
  • ☐ If your company is processing personal data about me, I would like to know the purposes of processing and whether these personal data are used in accordance with their intended purposes.
  • ☐ If my personal data has been transferred to third parties within or outside the country, I would like to know the identities of these third parties.
  • ☐ I believe my personal data is incomplete or incorrect, and I request it to be corrected.
  • ☐ Despite my personal data being processed in compliance with the law and other applicable legal provisions, I request the deletion of my personal data.
  • ☐ I request the correction of incomplete or incorrect personal data that I believe has been transferred to third parties.
  • ☐ I request the deletion of my personal data from the third parties to whom it has been transferred.
  • ☐ I believe that my personal data has been analyzed exclusively through automated systems and that this analysis has led to a result that adversely affects me. I object to this result.

EXPLANATION ABOUT THE REQUEST

(Please provide a detailed explanation regarding your request under the Personal Data Protection Law and specify the personal data related to your request.)

……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………..

ATTACHMENTS

(Please list any documents you wish to include to support your request.)

……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

PLEASE SELECT HOW YOU WOULD LIKE TO RECEIVE THE RESPONSE TO YOUR APPLICATION:

  • ☐ I would like the response to be sent to my address.
  • ☐ I would like the response to be sent to my email address. (If you choose email, we will be able to respond more quickly.)
  • ☐ I would like to receive the response in person. (If someone else is to collect the response on your behalf, a notarized power of attorney or authorization document is required.)

To mitigate legal risks arising from unlawful or unfair data sharing and, especially, to ensure the security of your personal data, our company reserves the right to request additional documents or information (e.g., a copy of your ID or driver’s license) to verify your identity and authorization.

Our company does not accept responsibility for any claims resulting from incorrect or outdated information provided or unauthorized applications.

Personal Data Subject’s Full Name:
Application Date:
Signature:

Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings".
Settings Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year.
Save Accept all
Scroll to Top