İZMİR METROPOLITAN MUNICIPALITY
CONFIDENTIALITY POLICY FOR WEBSITES AND MOBILE APPLICATIONS
According to the Law Nr. 6698 on the Protection of the Personal Data (“the Law”), our organization prioritizes processing and protecting the personal data pursuant to the laws and complies with the Law in its plans and services.
The key element of this topic is about processing and protecting the personal data of our citizens, employees, employee candidates, visitors and organization, third parties cooperating with us.
Accordingly, our Organization takes necessary administrative and technical measures for protecting the personal data that has been processed pursuant to the related legislation.
We would like to remind you that we are bound by this policy and our Organization’s Policy on Processing and Protecting Personal Data in terms of confidentiality, protection, processing, use, alteration of the related Personal Data as well as communications and other particulars through all websites operated by our Organization, mainly www.izmir.bel.tr, and mobile applications.
When you use the websites and mobile applications owned by our Organization or provide your personal data, you CONSENT for collection, use and processing of your personal data pursuant to this Policy and provisions included in all laws in force.
The information processed by our Organization and considered as personal data pursuant to the Law on the Protection of the Personal Data are listed below. Unless stated otherwise, the term “personal data” used in the terms and conditions presented with this Policy shall refer to the following information.
1) ID Details (Name, Surname, Turkish ID Number, Place and Date of Birth, Educational Background, Photograph, Gender, Profession, Marital Status, Social Security Information, Fellow Citizen Number, Eşrefpaşa Hospital Patient Number)
2) Contact Information (E-mail, Mobile Number, Address, Fax Number)
3) Citizen Connection Info (IP Address)
4) Candidate Info of Job, Internship Applicants
PURPOSES AND LEGAL REASONS OF PROCESSING PERSONAL DATA
Your Personal Data might be processed by our Organization for the following purposes;
1) To be used for services to be provided to you under the laws and related legislations binding on us,
2) To improve our municipal services,
3) To issue information and documents to be basis to the online formalities and procedures,
4) To determine the owner and addressee of the formality and procedure completed through the websites and mobile applications and thus to comply with the liabilities imposed on all judicial and administrative competent authorities on storing, reporting and providing information pursuant to the relevant legislation.
SHARING PERSONAL DATA
The personal data provided to our Organization might be shared with persons, establishments and / or institutions as required / allowed under the law, other law and other legislation that are binding us; with county municipalities for carrying on services provided to the citizens; with universities and public institutions within the scope of binding laws or with approval of the Izmir Metropolitan Municipal Council and also with the third parties providing services in order to perform the municipal activities but this information sharing is subject to the legal restrictions.
HANDING RELATED PERSON REQUESTS
If the personal data owners submits requests related to their rights using the application methods listed on our official website www.izmir.bel.tr under “Protection of Personal Data” section, these requests shall be finalized by our Organization for free within a period of maximum thirty days.
To use your rights, your request including the disclosure of your identifying information should be submitted by completing the form available on www.izmir.bel.tr; delivering the signed copy of the form by hand to İzmir Metropolitan Municipality Editorial Branch Office Cumhuriyet Bulvarı No:1 Kat:3 Konak IZMİR with your ID documents or you might serve it by virtue of a notary or submit the related form to email@example.com with secure electronic signature.
If the Data Owner makes a request that will not allow the Organization to use any related personal data, the same Data Owner accepts that s/he will not be able to fully benefit from the website or mobile applications and states that s/he will bear all kinds of responsibilities arising from this request.
PERSONAL DATA RETENTION PERIODS
Our Organization keeps the personal data for the periods specified under the law and regulations binding us.
If the purpose of processing personal data is not relevant anymore or if the retention periods specified under the related legislation are over, the personal data might be still stored if the personal data is an evidence in any legal dispute or for claiming or defending a right related to the personal data.
TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN FOR PROTECTION OF THE PERSONAL DATA
Our Organization takes necessary technical and administrative measures for preventing unauthorized processing of and unauthorized access to the Personal Data that has been processed by our Organization pursuant to the Law and for assuring protection of the data. These measures are as follows:
1) We take proper technical measures based on the technological developments; these measures are updated and renewed periodically.
2) We limit the access authorizations and review the authorizations regularly.
3) The technical measures taken are periodically reported to the relevant parties, as required under the internal audit mechanism, and the risky particulars are reevaluated to come up with the necessary technological solutions.
4) Software programs and hardware including anti-virus systems and firewalls are installed.
5) Personnel qualified in the technical issues are hired.
6) The applications used to collect personal data are regularly subjected to security scans for identifying any security vulnerabilities. The vulnerabilities discovered are eliminated.
7) Systems keeping up with the technological developments are used for storing Personal Data on secure media.
8) Back-up programs are used for secure storage of the Personal Data but as allowed under the law.
9) Access to the platforms used for storing the Personal Data and access to the data are restricted and only the authorized personnel are allowed to have access to such data only for the purpose of storing the personal data; track records are kept for accesses to the data storage platforms where the Personal Data are kept and unauthorized accesses or attempted accesses are reported to the related parties.
1) The personnel are informed and trained about the Law on the Protection of the Personal Data and processing the Personal Data pursuant to the law.
2) All operations carried out by the Organization are analyzed in detail on department basis and, as a result of this analysis, the Personal Data processing operations of the related departments are determined on department basis.
3) The personnel are trained about the technical measures to be taken for preventing unauthorized access to the Personal Data.
4) In addition to the contracts executed by and between the Organization and the persons that legally received the Personal Data; we sign confidentiality agreements with the persons receiving the Personal Data to confirm that they will take necessary security measures for protecting the Personal Data and they will assure compliance to these measures by their establishments.