CHAPTER 1 : INTRODUCTION
1.1. INTRODUCTION
With the Law on the Protection of Personal Data, the subject of protecting the data of the persons whose data is processed
has become a basic necessity for every company. For this reason,
in addition to paying maximum attention to accessing the private life and information of individuals
and taking effective and deterrent measures in this regard, being transparent to our customers,
potential customers, visitors, company officials, all of the parties and institutions we cooperate with,
in short, people we directly or indirectly
contact with our company whose data
Our process is the main goal of our company data policy.
With this Policy, our company determines and implements the rules
for the processing of personal data within the framework of transparency and clarity principles.
1.2. PURPOSE AND SCOPE OF THE POLICY
The main purpose of this policy is to protect the fundamental rights, especially the right of privacy, and freedom of the persons whose data have been processed, in the processing of personal data, and in this sense, to ensure the transparency of every activity of our company through public disclosure.
The extent of the provisions of this policy is all personal data of the persons whose data we process directly or indirectly.
1.3. APPLICATION OF THE POLICY
In case of incompatibility between the current legislation and our policy, the current legislation will be applied with priority and in case there is another policy or regulation on the same subject for more specific purposes other than this main policy, primarily the articles containing special provisions will be applied. The provisions of other policies and documents that conflict with this policy and the relevant legislation will not be applied.
CHAPTER 2: ISSUES RELATED TO THE PROCESSING OF PERSONAL DATA
2.1. GENERAL PRINCIPLES IN THE PROCESSING OF THE PERSONAL DATA
2.1.1 Compliance with the Law and Rules of good faith
While processing the personal data, the data must be obtained and processed by the law and rules of good faith. While processing the data, Radissonbet.com is operated by GSR Technology N.V.. processes the data with the highest sensitivity and control per the law and rules of good faith.
2.1.2 Being Accurate and up-to-date when necessary
The processed data must be accurate and up-to-date when recency is necessary for data of individuals. Radissonbet.com is operated by GSR Technology N.V. checks the accuracy of the processed data in every processing stage and makes the necessary preparations to keep it up-to-date when necessary.
2.1.3 Processing for Specific, Explicit, and Legitimate purposes
During the processing of the data, it should be clear which data is processed, how much of them are processed, and for what purpose they are processed and, it should be by the law, namely, legitimate. Radissonbet.com is operated by GSR Technology N.V.. only processes data for legitimate purposes and takes care to ensure that the data to be obtained during this processing are specific. Radissonbet.com is operated by GSR Technology N.V.. processes the data clearly and explicitly so that the information obtained is not used for different purposes and does not cause any misunderstanding.
2.1.4 Being Related, Limited, and Proportional to the purposes for which they are processed
Data must be processed in a controlled manner while being faithful, limited, and measured to the purpose of the processing. While processing data,Radissonbet.com is operated by GSR Technology N.V. only processes the data of the data owners in a measured manner, limited and related only to the purpose for which they are processed.
2.1.5 Retaining them for the period of time stipulated by the relevant legislation or the period deemed necessary for the purpose of the processing
Processed personal data must be acted upon with maximum protection following the period specified in the relevant legislation or the period of the relevant purpose. In this context, if a period is stipulated for the storage of personal data in the relevant legislation, Radissonbet.com is operated by GSR Technology N.V.. retains personal data limited to these periods. If a period is not stipulated in the legislation or there is no legal reason to keep the data for any longer, Radissonbet.com is operated by GSR Technology N.V.. retains personal data for as long as necessary for the purpose for which they are processed. Thus, the security of data owners is ensured at the maximum level. (For more information See Chapter 6.4)
2.2 TERMS OF PROCESSING PERSONAL DATA
2.2.1 Terms Of Processing Personal Data
Radissonbet.com is operated by GSR Technology N.V.. processes the data of data owners by the law and the provisions of the relevant legislation below.
Terms Of Processing General Personal Data
General Data Concept: The concept of any personal data processed by Radissonbet.com is operated by GSR Technology N.V., which does not fall into the sensitive data category specified in this section, constitutes the general category of personal data.
General Condition: Personal data cannot be processed without the explicit consent of the relevant person.
Exceptions: In case of the existence of one of the following conditions, it is possible to process personal data without seeking the explicit consent of the relevant person:
Explicitly stipulated by the law.
In case it is mandatory for the protection of the life or bodily integrity of the person or another person’s life or bodily integrity, who is unable to express their consent due to actual impossibility, or whose consent is not legally valid.
In case it is mandatory to process the personal data of the parties of the contract,
provided that it is directly related to the establishment or execution of a contract.
In case it is mandatory for the data controller to fulfill their legal obligation.
Being publicized by the person concerned.
If the data processing is required for the establishment, exercise, or protection of a right.
If data processing is required for the legitimate interests of the data controller,
provided that the fundamental rights and freedoms of the relevant person are not harmed.
Terms Of Processing Sensitive Personal Data
Sensitive Personal Data: Data about convictions, security measures with biometric and genetic data of people concerning race, ethnicity, political thought, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership to an association, foundation, or trade union, medical condition, sexual life.
General Condition: It is forbidden to process sensitive personal data without the explicit consent of the relevant person.
Exceptions and Special Conditions: Personal data other than health and sexual life specified in the first paragraph may be processed without seeking the explicit consent of the relevant person, in cases stipulated by the laws.
Our company obtains the express consent of the relevant data owners while processing and storing sensitive data regarding the retaining of records of sensitive health problems.
Personal data related to health and sexual life can only be processed by persons and organizations under the obligation of confidentiality to protect public health, conducting preventive medicine, medical diagnosis, treatment and care services, the planning and management of health services and their financing, without the express consent of the relevant person.
Conditions of the Board of the Personal Data Protection Institution: In the processing of sensitive personal data, it is also necessary to take adequate measures determined by the Board.
CHAPTER 3: PROTECTION OF PERSONAL DATA
3.1. SECURITY OF PERSONAL DATA
By Article 12 of the Personal Data Protection Law, Radissonbet.com is operated by GSR Technology N.V. takes all kinds of technical and administrative measures according to technological possibilities and implementation costs to ensure that personal data is processed by the law. Data supervisors and data processors cannot unlawfully disclose the personal data they have learned to others and cannot use them for purposes other than processing.
The necessary training has been given to Radissonbet.com is operated by GSR Technology N.V. personnel regarding technical issues, awareness of the employees is created, and audits are carried out. Radissonbet.com is operated by GSR Technology N.V.’s relevant department and contracted legal consultancy works in coordination on this subject.
3.1.1. Measures Taken To Ensure The Legal Processing Of Personal Data
The main technical and administrative measures taken by Radissonbet.com is operated by GSR Technology N.V. to ensure the legal processing of personal data:
Personal data processing activities carried out within the body of Radissonbet.com is operated by GSR Technology N.V. are audited by technical systems and reported to the relevant persons.
Personal data processing activities carried out by the work units of Radissonbet.com is operated by GSR Technology N.V.; the requirements that will be fulfilled in order to ensure that these activities comply with the personal data processing provisions sought by Law No. 6698 are determined exclusively for each department and the activity carried out by the relevant unit.
Ensuring compliance with the law and the procedure prepared for the relevant departments are implemented through administrative measures, in-company policies, and training.
3.1.2. Measures Taken to Prevent Unlawful Access
Radissonbet.com is operated by GSR Technology N.V. takes technical and administrative measures according to the nature of the data to be protected to prevent the imprudent or unauthorized disclosure, access, transfer, or any other unlawful access to personal data. The main technical and administrative measures taken by Radissonbet.com is operated by GSR Technology N.V. to prevent unlawful access to the personal data:
Technical measures taken with access and authorization technical solutions are reported periodically, and the necessary technological solutions are produced by re-evaluating the issues posing a risk. Software and hardware that include logging, virus protection systems, and firewalls are installed.
Personnel with technical knowledge are employed.
Access and authorization to personal data processes are designed and implemented within the company in accordance with business unit-based legal compliance requirements.
Employees are informed that the personal data they have learned cannot be disclosed to others in violation of the provisions of the Personal Data Protection Law and all other relevant legislation, that they cannot use it for purposes other than processing, and that this obligation will continue after their resignation, and necessary commitments are taken from them in this direction.
Provisions regarding that the persons to whom personal data are transferred will take the necessary security measures for the protection of personal data are added to the contracts concluded with the persons to whom personal data are transferred per the law by Radissonbet.com is operated by GSR Technology N.V. and/or mutual agreement texts are signed.
3.1.3. Measures Taken for Storing Personal Data in Secure Environments
Radissonbet.com is operated by GSR Technology N.V. takes the necessary technical and administrative measures to store personal data in secure environments and to prevent their elimination, loss, or alteration for unlawful purposes.
Main administrative measures taken by our company for storing the personal data in secure environments:
Systems suitable for technological developments are used to store personal data in secure environments.
Personnel specialized in technical matters are employed.
Technical security systems are established for the storage areas, the technical measures taken are reported to the relevant person, subjects that pose a risk are re-evaluated and the necessary technological solution is produced.
To ensure the safe storage of personal data, backup programs are lawfully used.
Non-digital data are kept in locked cabinets and can only be accessed by authorized persons.
3.2. AUDIT
By the 3rd paragraph of Article 12 of the Protection of Personal Data Law, the data supervisor is obliged to carry out or have the necessary audits carried out in their institution or organization to ensure the implementation of the provisions of this law.
3.2.1. Audit of Measures Taken on Personal Data Protection
Radissonbet.com is operated by GSR Technology N.V. and our contracted legal consultancy company perform audits or have them performed to establish the data security described above and to ensure the regularity and continuity of the measures taken.
The results of these audits are reported to the relevant department or management within the scope of the internal functioning of our company, and the necessary activities for the improvement of the measures taken are carried out following the Protection of Personal Data Law and other legislation and this company policy.
3.2.2. Supervising The Increasing of Business Units’ Awareness of Personal Data Protection and Processing
Radissonbet.com is operated by GSR Technology N.V.provides the necessary training to the business units through the seminars and sessions carried out to increase awareness towards preventing the illegal processing of personal data, illegal access to the data, and ensuring the protection of data. Radissonbet.com is operated by GSR Technology N.V. updates and renews its training in parallel with the updates in the relevant legislation. Necessary systems are established to raise awareness about the protection of personal data, and the relevant department of our company and our contracted legal consultancy company carry out the audits related to the subject.
The results of the training carried out to raise awareness on the protection and processing of personal data are reported to our company, and participation in these training is mandated and controlled by Radissonbet.com is operated by GSR Technology N.V.
3.3. CONFIDENTIALITY
To prevent the disclosure and transfer of personal data in violation of the provisions of the law and policy, access to these data and the transactions arising from other security deficiencies that may occur, Radissonbet.com is operated by GSR Technology N.V. takes all necessary measures within the possibilities and according to the nature of the personal data to be protected.
The necessary training has been given to Radissonbet.com is operated by GSR Technology N.V. personnel regarding this subject and the employment of knowledgeable personnel on this subject is ensured. Personal data processing activities are examined and audited by Radissonbet.com is operated by GSR Technology N.V. in detail and periodically. In case the technology allows , necessary measures are taken in the processing of personal data and it is essential to update and improve the measures taken. Radissonbet.com is operated by GSR Technology N.V.’s relevant department and contracted legal consultancy work in coordination on the execution of these activities and the audit of them.
3.4. UNAUTHORIZED DISCLOSURE OF PERSONAL DATA
CHAPTER 4: ORGANIZATIONAL MEASURES TO PROTECT THE COMPANY PERSONAL DATA
Radissonbet.com is operated by GSR Technology N.V. establishes a management structure to ensure the enforcement of the Policy of Processing and Protection of Personal Data.
A committee is established within the body of Radissonbet.com is operated by GSR Technology N.V. to manage this Policy and other policies related to this Policy. The duties of the committee to be established are stated below. Apart from these duties, the committee also performs other duties assigned by the senior management. The committee executes all of its activities with the approval of the senior management.
To prepare the basic policies regarding the Protection and Processing of Personal Data and, if necessary, the amendments to be made on these policies,
To decide how to implement and how to follow the implementation of the policies regarding the Protection and Processing of Personal Data,
Making assignments and ensuring coordination within the company,
To determine the points that need to be performed to ensure compliance with the Personal Data Protection Law and the relevant legislation and to ensure that these points are implemented,
To raise awareness within the Company and the institutions with which the Company cooperates on the Protection and Processing of Personal Data and to organize training within this scope,
To ensure that required measures are taken by identifying the risks that may incur in the company’s personal data processing activities,
To decide on the applications of personal data owners at the highest level,
To follow the developments and regulations on the protection of personal data and to take the necessary actions
Contact persons are the persons who are notified to the registry during registration by Radissonbet.com is operated by GSR Technology N.V. for the communication between the contracted legal consultancy company and the organization. This real person or persons to be notified are members of our department assigned to do this job within our company.
According to the Regulation on the Registry of Data Supervisors, Radissonbet.com is operated by GSR Technology N.V. limited the function of the contact person as the point of contact, to ensure that the requests made by the relevant persons to the data supervisor are answered quickly and effectively. Thus, it is aimed to respond to the problems or questions of data owners whose personal data are processed in the fastest and most explanatory way, but the contact person is not legally authorized to represent the data supervisor. For this reason, apart from providing information, they have no duty or authority other than to answer the questions of the person who has contacted the company and the data owner or contact person by law and to inform our company about this issue. As soon as Radissonbet.com is operated by GSR Technology N.V.. is informed by the contact person, the authorized department or institution assigned by our company will take action regarding the problem as soon as possible and the necessary procedures will be carried out. During these processes, the personal data owner or the relevant person will be informed about all these processes and procedures, and if necessary, the personal data owner or related persons will be contacted by the authorized department or our company.
CHAPTER 5: THIRD PARTIES TO WHICH PERSONAL DATA IS TRANSFERRED AND THE PURPOSE OF THE TRANSFER
Our company notifies the personal data owner of the groups of persons to whom personal data is transferred following the Article4 104 of the PPD Law.
Radissonbet.com is operated by GSR Technology N.V., by the Articles 8 and 9 of the PPD Law (see Chapter 2/Title 2.1.5), may transfer the personal data of data owners managed by policy to the following categories of persons:
(i) Business partners,
(ii) Suppliers,
(iii) Joint companies,
(iv) Shareholders,
(v) Authorities,
(vi) Legally authorized public institutions and organizations,
(vii) Legally authorized private legal persons
of the Company.
The extent of the above-mentioned persons to whom the transfer is made and the data transfer purposes are stated below.
The Definition Purpose of Data Transfer
Joint Companies Companies The transfers
are made to ensure that all kinds of commercial and organizational measures that require the participation of companies are carried out.
Shareholders Real persons who are shareholders of the company According to the provisions of the relevant legislation,
it is limited to the purposes of its activities within the scope of corporate law, event management, and corporate communication processes.
Company Authorities Company board of directors In accordance with the provisions of the relevant legislation, the transfer is limited to designing the strategies regarding the commercial activities of the company, ensuring the management at the highest level and auditing purposes
members and other authorized real persons
Legally Authorized Public Institutions and Organizations Public institutions and organizations authorized to receive information and documents from the company following the provisions of the relevant legislation The transfer is limited to
the purpose requested by the
relevant public institutions and organizations within their legal authority
Legally Authorized Private Persons Suppliers Private persons authorized to receive information and documents from the company following the provisions of the relevant legislation The transfer is limited to the purpose requested by the relevant private persons within the scope of their legal authority
The parties that provide services to the company on a contractual basis under orders and instructions of the company while carrying out the commercial activities of the company. To ensure the services that the company procures from the supplier and that is necessary to fulfill the commercial activities of the company are provided to the company
CHAPTER 6: DELETING PERSONAL DATA, STORAGE PERIODS and DATA INVENTORY
6.1. Liability of Radissonbet.com is operated by GSR Technology N.V.
Radissonbet.com is operated by GSR Technology N.V. registered under No. 155130 at, Kaya Richard J. Beaujon Z/N Landhuis Joonchi II, Curaçao. This website is licensed and regulated by Curaçao eGaming (Curaçao license No. 1668 JAZ issued by Curaçao eGaming).
6.2. Deletion, Destruction or Anonymization of Personal Data
6.2.1.Deletion and Destruction of Personal Data
Deletion of personal data is defined in the 8th Article of the regulation as “the process of making personal data inaccessible and unusable for the relevant users in any way”.
Destruction of personal data is defined in the 9th Article of the regulation as “the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way”.
6.2.2. Methods of Deletion of Personal Data
a) Application Type Cloud-Based Solutions as a Service (Office 365, Salesforce, etc.)
Data in the cloud system is deleted by issuing the delete command. While the process is taking place, the relevant user does not have the authority to restore the deleted data on the cloud system.
b) Personal Data on Paper Media
Personal data in paper media are deleted using the blackout method. Blackout operation is done in such a way that the personal data on the relevant document is cut where possible, it is made invisible to the relevant user by using fixed ink so that it cannot be restored and read by technological solutions.
c) Office Files on the Central Server
The file is deleted with the delete command in the operating system or the access rights of the relevant user on the directory where the file is located are removed.
d) Personal Data on Portable Media
Personal data in flash-based storage media is stored encrypted and deleted using software suitable for these media
e) Databases
The relevant lines containing personal data are deleted by database commands. While performing the said process, the relevant user is not a database administrator.
6.2.3. Personal Data Destruction Methods
a) Physical Destruction
Personal data can be processed with non-automatic means provided that they are a part of any data registry system. While such data is destroyed, physical destruction of personal data is applied in a way that it will not be used later.
b) De-magnetizing
It is the process of making the data incomprehensible and unreadable by exposing the magnetic media to a high magnetic field by passing it through a special device.
c) Paper Media
Destruction processes in this environment are the methods of destroying the papers by bringing them to incomprehensible dimensions with shredding and clipping machines.
6.2.4. Anonymization of Personal Data
Anonymization of personal data in the 10th Article of the regulation is defined as “the process of making personal data non-associable with an identified or identifiable natural person under any circumstances, even if it is matched with other data.’’
6.2.4.1. Methods of Anonymization of Personal Data
a) Masking
A method of anonymization is provided by removing or deleting the distinct attributes or characteristics of the data owners whose data is processed.
Example: Preventing the identification of the data owner by removing information such as TR Identity Number, etc., which enables the identification of the Personal Data Owner.
b)Data Shuffling, Permutation
This method is aimed to anonymize the data by relocating some of the information of the data owners who have data in the system.
Example: Ensuring that the Personal Data Owner is not recognized by relocating the sub-valued information alongside the data which is considered as the main category in the employee information.
c) Data Derivation
It is ensured that the information becomes undetectable or undefinable by adding or subtracting the variables in the data in the system to a certain extent.
Example: Only specifying the neighborhood or district where the personal data owner lives, instead of explaining in detail the residence of the data owner.
d) Aggregation
The process to convert the relevant personal data from a specific value to a more general value. With this method, the data is generalized and personal data is rendered unrelated to any person.
Example: Instead of specifying the neighborhoods where the employees live, specifying how many employees live in the X neighborhood.
6.2.4.2. Radissonbet.com is operated by GSR Technology N.V.’s Choosing Procedure of the Anonymization Method
One or more of the anonymization methods described above will be selected by the committee formed by the company to ensure the enforcement of this policy, in line with all relevant legislation and the interests of Radissonbet.com is operated by GSR Technology N.V. in business life. Detailed information about the committee has been described in the previous chapter. (see chapter 4)
The anonymization method to be chosen will be determined by the committee, taking into account the following issues:
Nature of the data
Size of the data
Structure of the data in physical environments
Diversity of data
Purpose of the processing of data
Anonymization will be carried out in line with the storage periods and principles outlined in the personal data inventory chapters of this policy.
6.3. STORAGE PERIOD
Radissonbet.com is operated by GSR Technology N.V. stores personal data in its data inventory by the periods determined in all relevant legislation.
In the absence of any period determined in the relevant legislation regarding these periods, Radissonbet.com is operated by GSR Technology N.V. stores the personal data within the periods determined in accordance with the interests of our company provided that it is in accordance with the laws and regulations, and practices arising from the sector in which the company is located in and when storage is no longer required, it is deleted or destroyed or anonymized in the ways described above.
If the purpose of processing and storing personal data has disappeared and the periods determined in all relevant legislation regarding personal data and the principles determined by our company in this policy (see chapter 2.2.1 (e) and (f)) has passed, personal data can also be stored for use in all kinds of legal disputes that may arise in the future. The personal data specified in this section are only stored for use in legal disputes and cannot be used for any other purpose. In line with the explanations above, all foreseen measures and precautions are taken by Radissonbet.com is operated by GSR Technology N.V.
For example, using the information in the data system to determine the residential area of the employee to determine the authorized court in the lawsuit to be filed against the employee who has left the workplace due to the wrongful termination of the contract can be evaluated within this scope. (The scope of the above explanations is not limited to the example given.)
6.4. PERSONAL DATA INVENTORY
It refers to the data (Word, excel vs.) which can be submitted to the PPD Institution when necessary and in which the data processed separately in each department within the body of Radissonbet.com is operated by GSR Technology N.V. by the Regulation on LPPD and Data Supervisor Registry are collected and the deletion, destruction, and the anonymization process is performed by the legislation and company policy as explained above.
What should be included in a personal data inventory according to the definition in the regulation:
i. Personal Data Processing Purposes
ii. Data Category
iii. The maximum periods required for the processing of personal data which is created by associating with the transferred recipient group and the data subject group
iv. Personal periods foreseen to be transferred to foreign countries
v. Data security measures taken
Considering the above-mentioned criteria, information regarding the processes to be made with personal data will be collected in the relevant inventory. Inventory content can be stored in digital media such as Word and Excel in line with our company’s own interests following the law and legislation and content that cannot be stored in a digital environment can be stored in paper media as well.
The deletion, destruction, anonymization processes of personal data described in chapter 6 are carried out by Radissonbet.com is operated by GSR Technology N.V. or by a person authorized by Radissonbet.com is operated by GSR Technology N.V., in the personal data inventory.
6.4.1. Preparation of Personal Data Inventory
If there is a provision in the relevant legislation regarding the preparation procedure of the Personal Data Inventory, the personal data inventory will be prepared by Radissonbet.com is operated by GSR Technology N.V. following those provisions. In cases where there is no provision in the relevant legislation regarding the preparation method of the Personal Data Inventory, our company is free to choose which method to prepare the personal data inventory with, taking into account its internal working discipline and business processes.
CHAPTER 7: RIGHTS OF THE DATA OWNER AND THE RULES ON THE USE OF THESE RIGHTS
7.1. RIGHTS OF THE PERSONAL DATA OWNER
Radissonbet.com is operated by GSR Technology N.V. carries out the necessary channels, internal processes, administrative and technical regulations following the 13th Article of the PPD Law to evaluate the rights of personal data owners and to provide the necessary information to personal data owners.
If personal data owners submit their requests regarding their rights listed below in writing to our company, our company concludes the request free of charge within thirty days at the latest, depending on the nature of the request. However, if a fee is stipulated by the PPD Board, the fee in the tariff determined by the PPD Board will be collected from the applicant. Personal data owners have the following rights;
To learn whether personal data has been processed or not,
Request information if their personal data have been processed,
Find out the purpose of processing personal data and whether they are used appropriately for their purpose,
Knowing the third persons in the country or abroad to whom personal data have been transferred,
Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the process made within this scope to the third parties to whom the personal data has been transferred,
Although their data has been processed in accordance with the provisions of the PPD Law and other related laws, requesting the removal or destruction of their personal data in case the reasons requiring the processing of the data are not valid anymore and to notify the third parties to which the personal data has been transferred,
Objecting to the emergence of a result against the person themselves through the analysis of the processed data exclusively through automated systems,
To demand that the loss be recovered in case the person is harmed due to the unlawful processing of personal data.
Pursuant to the 13th Article5 of the Law on Protection of Personal Data, personal data owners are required to submit their requests for exercising their rights mentioned above to our Company by “written” or other methods determined by the Personal Data Protection Board.
7.1.1. Right to Access Personal Data
The related persons have the right to access their personal data without any charge. The interests of the company and its legitimate right to retain data are protected under the Personal Data Protection Law and relevant legislation; the right to change and delete is pursued. Radissonbet.com is operated by GSR Technology N.V. informs the related person of their rights to;
• Learn whether personal data is processed or not,
• Request the information related to personal data if personal data has been processed,
• Learn the purpose of processing the personal data and whether they are used for this purpose or not,
• Learn the third parties to whom their personal data have been transferred domestic or abroad.
7.1.2. Right to Change or Delete Personal Data
The related persons have the right to change or delete their personal data without any charge. In this context, the related person has the right to;
• Request the correction of incomplete or incorrect processing of personal data
• Request the deletion or destruction of personal data if the reasons requiring the processing of personal data no longer exist,
• Request notification of the correction, deletion or destruction processes mentioned above to third parties to whom personal data are transferred and
• Object to an adverse result arising through the analysis of the processed data exclusively through automated systems.
7.1.3. Ensuring the Up-to-dateness of Personal Data
Pursuant to the Personal Data Protection Law, there is an obligation to ensure that personal data is accurate and up-to-date when necessary, therefore, the relevant party should notify our company of the situation changes in order to keep personal data accurate and up-to-date. If the data change is not notified to Radissonbet.com is operated by GSR Technology N.V. in writing by the relevant person, Radissonbet.com is operated by GSR Technology N.V.. is not responsible for any damage or enforcements occurring/will occur from the data not being updated.
7.2. PROTECTION OF THE RIGHTS OF PERSONAL DATA OWNER
In accordance with Article 12 of the Personal Data Protection Law, the data supervisor must take all the necessary technical and administrative measurements to ensure the appropriate security level to prevent;
• Illegal processing of personal data,
• Illegal access to personal data,
• And to ensure the conservation of personal data.
Radissonbet.com is operated by GSR Technology N.V. registered under No. 155130 at, Kaya Richard J. Beaujon Z/N Landhuis Joonchi II, Curaçao. This website is licensed and regulated by Curaçao eGaming (Curaçao license No. 1668 JAZ issued by Curaçao eGaming).
Radissonbet.com is operated by GSR Technology N.V. registered under No. 155130 at, Kaya Richard J. Beaujon Z/N Landhuis Joonchi II, Curaçao. This website is licensed and regulated by Curaçao eGaming (Curaçao license No. 1668 JAZ issued by Curaçao eGaming).
In order to register for this website, the user is required to accept the General Terms and Conditions. In the event the General Terms and Conditions are updated, existing users may choose to discontinue using the products and services before the said update shall become effective, which is a minimum of two weeks after it has been announced.
7.3. CONDITIONS WHERE THE PERSONAL DATA OWNER CANNOT CLAIM THEIR RIGHTS
Since the following cases are excluded from the extent of the relevant law following the 28th Article of the Personal Data Protection Law, personal data owners cannot claim the following rights in these cases:
• Processing the personal data for the purposes of investigation, planning, and statistics by anonymizing with official statistics,
• Processing personal data within the context of artistic, historical, literary, or scientific purposes or freedom of speech provided that the personal data does not breach the national defence, national security, public security, public order, economic security and confidentiality of private life or personal rights, and does not constitute a crime,
• Processing the personal data within the scope of preventive, protective, and intelligence operations executed by public institutions and organizations authorized by the law to ensure national defence, national security, public safety, public order or economic security and
• Processing the personal data by judicial or enforcement authorities in relation to the investigation, proceedings, litigation, or execution procedures.
Personal data owners, pursuant to the 28th Article of the Law on PPD, may not claim their other rights, except the right to demand compensation for the damage, in the following cases:
• When processing personal data is required for the prevention of committing an illegal act or criminal investigation,
• Processing of personal data publicized by the personal data owner,
• Processing personal data being required for disciplinary investigation or prosecution and conducting supervisory or regulatory duties by the authorized public institutions and organizations and professional public organizations by the power granted by the law.
CHAPTER 9: PERSONAL DATA PROCESSING ACTIVITIES PERFORMED IN Radissonbet.com is operated by GSR Technology N.V. FACILITIES AND DATA PROCESSING ACTIVITIES PERFORMED ON THE WEBSITE
PERSONAL DATA PROCESSING ACTIVITIES IN BUILDINGS, FACILITY PREMISES AND ENTRANCES
Personal data processing activities conducted by Radissonbet.com is operated by GSR Technology N.V. at the entrance locations and in the buildings and premises are carried out in accordance with the Constitution, the Law on PPD and other relevant legislation.
In order to ensure security, Radissonbet.com is operated by GSR Technology N.V. conducts monitoring activities with security cameras in the buildings and premises, and data processing for tracking guest entrance and exits.
The company carries out personal data processing through the use of security cameras and recording of guest entrances and exits.
CAMERA SURVEILLANCE ACTIVITY AT Radissonbet.com is operated by GSR Technology N.V. BUILDING, ENTRANCES, AND WITHIN PREMISES
In this section, we will explain the camera-surveillance system of Radissonbet.com is operated by GSR Technology N.V., and give information on how personal data, privacy, and human fundamental rights are protected. Within the scope of surveillance activity with security cameras, Radissonbet.com is operated by GSR Technology N.V.. aims to protect the interests of the company and other persons regarding their security.
Legal Basis of Camera Surveillance Activity
Radissonbet.com is operated by GSR Technology N.V. conducts camera surveillance activities by the Law on Private Security Services and related legislation.
Surveillance with Security Cameras According to the PPD Law
Radissonbet.com is operated by GSR Technology N.V. complies with the regulations of the Law on PPD in conducting surveillance activities with security cameras. To ensure security in the buildings and facilities, Radissonbet.com is operated by GSR Technology N.V. carries out surveillance activities in line with the purposes stipulated in the relevant legislation in force and in accordance with the personal data processing requirements set forth in the PPD Law.
Announcement of Camera Monitoring Activities
By the 10th Article of the PPD Law, the personal data owner is informed by Radissonbet.com is operated by GSR Technology N.V.. In the clarification done by Radissonbet.com is operated by GSR Technology N.V. regarding the general issues, there is more than one method of notification regarding the surveillance activities. In this way, it is aimed to prevent damage to the fundamental rights and freedoms of the personal data owner, to ensure transparency, and to elucidate the data subject.
Concerning the camera surveillance activity conducted by Radissonbet.com is operated by GSR Technology N.V..; this Policy is published on Radissonbet.com is operated by GSR Technology N.V.’s website (online Policy regulation) and a notification letter stating that surveillance will be carried out is posted at the entrances of the areas which are surveilled (clarification in place).
The Purpose of Surveillance Activities with Cameras and Limitation of Purpose
By the 4th Article of the Law on PPD, Radissonbet.com is operated by GSR Technology N.V.. processes personal data in a limited and restrained manner in connection with the purpose for which it was processed.
The purpose of video surveillance by Radissonbet.com is operated by GSR Technology N.V. is limited to the purposes set out in this Policy. In this respect, security camera coverage, the number of them, and when to conduct surveillance is determined in a way that is sufficient enough to achieve the security purpose and is limited for this purpose. Areas, where personal privacy takes precedence of the security goals (e.g. toilets), are not surveilled.
Ensuring the Security of the Data Obtained
Necessary technical and administrative measures are taken by Radissonbet.com is operated by GSR Technology N.V.. by the 12th Article of the PPD Law to ensure the security of personal data obtained as a result of camera surveillance.
Retention Period of Personal Data Obtained by Surveillance with Cameras
The detailed information about the retention period of personal data obtained by camera surveillance activities of Radissonbet.com is operated by GSR Technology N.V. is presented in the article of the 6.4 Policy, titled “Retention Period of Personal Data”.
Persons Who Can Access Information Obtained as a Result of Surveillance and Persons This Information is Transferred to
Only a limited number of Radissonbet.com is operated by GSR Technology N.V.. employees have access to records that are recorded with live camera recordings and stored digitally. A limited number of people who have access to the records declare, through the confidentiality commitment, that they will protect the confidentiality of the data they access.
MONITORING OF ENTRIES AND EXITS OF GUESTS IN THE COMPANY’S BUILDING, ENTRANCES, AND PREMISES
To ensure company security and in line with the purposes of this Policy, personal data processing is performed to track entrance and exits of guests in Radissonbet.com is operated by GSR Technology N.V. buildings and premises.
Subject personal data owners are informed when their names and surnames are obtained when entering the premises of Radissonbet.com is operated by GSR Technology N.V.. as a guest, or through the texts that are posted before Radissonbet.com is operated by GSR Technology N.V. or otherwise made available to guests. The data obtained for tracking guest entrance and exits are processed for this purpose only, and the personal data are recorded in the data recording system in physical domains.
STORAGE OF RECORDS OF THE INTERNET ACCESS PROVIDED TO THE COMPANY’S GUESTS AND WEBSITE VISITORS
To ensure company security and in line with the purposes of this Policy, Radissonbet.com is operated by GSR Technology N.V.can record the logs of the internet access of the guests for the duration of their stay in the facilities by Law No. 5651 and the mandatory provisions of the legislation regulated following this Law.
Only a limited number of Radissonbet.com is operated by GSR Technology N.V. employees have access to the log records obtained within this framework.
These records are only processed and shared with third parties when requested by authorized public institutions and organizations or to fulfill our legal obligations in audit processes to be carried out within Radissonbet.com is operated by GSR Technology N.V. Co. and/or protecting our legal rights and establishing Radissonbet.com is operated by GSR Technology N.V.’s defense rights.
VISITORS OF THE COMPANY’S WEBSITE
On the websites owned by Radissonbet.com is operated by GSR Technology N.V.., internet movements within the site are recorded by technical means (e.g. cookies) to ensure that visitors of these sites conduct their visits on the sites in a manner suitable for the purpose of their visit, to show them customized content and to carry out online advertising activities.
Detailed explanations about the protection and processing of personal data regarding these activities of Radissonbet.com is operated by GSR Technology N.V. are included in the “Company’s Website Privacy Policy” texts of the websites.
CHAPTER 10: EFFECTIVE AND UPDATEABILITY
Radissonbet.com is operated by GSR Technology N.V.e on 26 March 2017. All or part of the Policy may be updated. Policy is published on the Radissonbet.com is operated by GSR Technology N.V. website (www.radissonbet365.com) and made available to the relevant persons upon the request of the personal data owners.
ANNEX-1 : DEFINITIONS
Sensitive Personal Data refers to making personal data unable to be associated with any identified or identifiable real person in any way even when personal data is paired with other data.
Institution refers to the Personal Data Protection Authority.
Data Processor refers to the natural or legal person who processes personal data on behalf of the data supervisor, based on the authority given by them.
Data Supervisor refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Explicit Consent refers to the consent expressed with free will that is based on information, regarding a particular subject.
Anonymisation refers to making personal data unable to be associated with any identified or identifiable real person in any way even when personal data is paired with other data.
Business Partner refers to the companies to which personal data is transferred and with which Radissonbet.com is operated by GSR Technology N.V. establishes business partnerships for purposes such as carrying out projects, receiving services, in person, or together with joint companies while carrying out commercial and all kinds of organizational activities.
Personal Data refers to any information relating to an identified or identifiable natural person.
LPPD Article 7
(1) Although it has been processed following the provisions of this Law and other relevant laws, in the event that the reasons for its processing disappear, personal data are deleted, destroyed, or anonymized by the data supervisor ex officio or upon the request of the relevant person.
(2) The provisions in the relevant laws regarding the deletion, destruction, or anonymization of personal data are reserved.
(3) The procedures and principles regarding the deletion, destruction, or anonymization of personal data are regulated by regulations.
TCC article 138
(1) Those who are obliged to destroy the data are sentenced to imprisonment from one year to two years if they do not fulfill their duties within the system despite the expiry of the periods stipulated by the laws.
(2) (Annex: 21/2/2014-6526/5 Article) If the subject data of the crime is data that needs to be eliminated or destroyed by the provisions of the Criminal Procedure Code, the penalty to be imposed is increased onefold.
¹ ARTICLE 12- (1) Data supervisor; must take all the necessary technical and administrative measures to ensure the appropriate level of security a) to prevent the unlawful processing of personal data, b) to prevent unlawful access to personal data, c) to ensure the preservation of personal data.
² (3) The data supervisor is obliged to carry out or have the necessary audits carried out in their institution or organization to ensure the implementation of the provisions of this Law.
³ ARTICLE 7- Although it has been processed by the provisions of this Law and other relevant laws, in the event that the reasons for its processing disappear, personal data is deleted, destroyed, or anonymized by the data controller ex officio or upon the request of the data subject.
The provisions in other laws regarding the deletion, destruction, or anonymization of personal data are reserved.
4 ARTICLE 10- (1)-c) To whom and for what purpose the processed personal data can be transferred,
5 ARTICLE 13- The related person submits their requests regarding the implementation of this Law to the data supervisor in writing or by other methods to be determined by the Board. The data supervisor concludes the requests in the application free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the process requires an additional cost, the tariff determined by the Board is charged. The data supervisor accepts or rejects the application and notifies the concerned in writing or electronically. In case the request mentioned in the application is found acceptable, the data supervisor does what is necessary. In case the application is caused by the fault of the data supervisor, the fee is returned to the relevant person.