gain-logo
Log In
Sign Up
Log In

Privacy Policy

Personal Data Protection and Privacy Policy

1- INTRODUCTION

The right to the Protection of Personal Data, which is protected in accordance with the relevant articles of the Law on the Protection of Personal Data No. 6698 (“Law”), which is the basic legislation in the protection of personal data, and Article 20, Paragraph 3 of the Constitution of the Republic of Turkey, is meticulously protected by GAİN MEDYA A.Ş. (“Company”) as a fundamental human right, and data processing activities are carried out meticulously within the framework of the limitations included in all relevant legislation.

The basic principles included in Article 4 of the Law are meticulously followed by the Company within the scope of data processing activities.

2- PURPOSE OF THE POLICY

The purpose of this Personal Data Protection Policy (“Policy”) is to ensure that all data processing activities are carried out by the Company in a transparent and lawful manner and that personal data owners can access all information they request within the scope of their rights set forth in the legislation during and after the entire data processing process carried out by the Company.

In line with the purpose of preparing the Policy, it is ensured that the organizational units within the Company organization collect which data and for what purpose, whether this data is transferred abroad and the method used during data processing are determined.

3- SCOPE OF THE POLICY

This Policy covers all personal data of employees, institution managers, workplace visitors, website visitors, GAİN members and subscribers, customers and other third parties whose data is directly or indirectly processed due to the Company's activities, processed automatically or non-automatically provided that it is part of any data recording system.

4- DEFINITIONS

The definitions explained below are taken from the Regulation on the Data Controllers Registry, which entered into force with Law No. 6698.

Explicit Consent: Consent based on information and expressed with free will regarding a specific subject.
Destruction: Refers to the processes of destroying, deleting or anonymizing personal data.
Contact Person: The natural person notified by the data controller during registration in the Registry for communication to be established with the Institution regarding the obligations of legal entities resident in Turkey and the legal entity data controller representative not resident in Turkey within the scope of the Law and secondary regulations to be issued based on the Law.

Law No. 6698: Law No. 6698 on the Protection of Personal Data, published in the Official Gazette dated April 7, 2016 and numbered 29677.

Personal Data: Any information related to an identified or identifiable natural person.

Processing of Personal Data: Any operation performed on data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data, either fully or partially by automatic means or non-automatic means provided that it is part of any data recording system.

Board: Personal Data Protection Board.

Institution: Personal Data Protection Institution.
Special Personal Data: Data related to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, foundation or union membership, health, sexual life, criminal conviction and security measures of individuals, as well as biometric and genetic data.

Policy: The policy on the processing and protection of personal data created by the Data Controller.

VERBIS: A registration system in which real and legal persons who process personal data must register before starting to process personal data and in which they will enter categorical information about the personal data they are processing.

Data Processor: A real or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.

Data Registration System: A registration system in which personal data is structured and processed according to certain criteria.
Relevant Person (Data Owner): A real person whose personal data is processed.
Regulation: The Regulation on the Deletion, Destruction or Anonymization of Personal Data, which was published in the Official Gazette dated October 28, 2017 and entered into force.
Data Controller: The natural or legal person who determines the purposes and means of processing personal data, and is responsible for the establishment and management of the data recording system.

5- INTERNAL KVKK COMMISSION

In line with this Policy, the Personal Data Protection Commission (“Commission”), consisting of at least one person assigned by the Company from each department (Financial Affairs, Drama, Program/Documentary/Internal Productions, Foreign Licensing and Sales, Product Development and Software, Broadcast Planning, Marketing) in order to ensure data security, to guarantee the continuity of compliance with the Law and secondary legislation, and to prevent unlawful processing of data,