SCC Chamber Corner Event January 10, 2020
SCC Coffee Break Seminar January 09, 2020
SCC Annual Crayfish Party October 20, 2019
SCC website is launched March 28, 2012
More News

SWEEDISH CHAMBER OF COMMERCE
PERSONAL DATA PROCESSING, PROTECTION AND DESTRUCTURE POLICY

1. PURPOSE

This policy contains the basic principles to be followed by the Swedish Chamber of Commerce (“SCC”) regarding the processing, protection and destruction of personal data in accordance with the Personal Data Protection Law Numbered 6698. (the “DPL”).

SCC reserves its right to make arrengements in the policy in order to provide up to date information with regards to its practises and legistations for protection of personal data.

2. DEFINITIONS

Explicit consent: Consent that relates to a specified issue, declared by free will and based on information.

Anonymizing: Rendering personal data to impossible to link with an identified or identifiable natural person, even through matching them with other data.

Relevant person/Data subject: The natural person, whose personal data is processed.

Personal data: Any information that relates to an identified or identifiable individual..

Sensitive data: Data that has been subjected to a stricter protection regime under the DPL what may cause the data subject to be victimized or discriminated when disclosed or lost.

Processing of personal data: The collection, recording, rearrangement and retention of personal data to the extent permitted by law and its transfer to third persons and abroad.

Data Registry System: The registry system, where the personal data is registered according to certain structured criteria.

Data contoller: Natural or legal person who determines the purpose and means of processing personal data and is responsible for establishing and managing the data registry system.

3. GENERAL PRINCIPLES OF PROCESSİNG PERSONAL DATA

a. Processing data in accodrdance with the DPL and conformity with the rules of good faith,
b. Accuracy and being up to date,
c. Process for spesific, public and legal purposes,
d. Being linked to the data processing purposes, explicit and legitimate.
e. Being retained for the period of time stipulated by relevant legistation or the purpose for which they are processed,
f. Destruction upon the expiry of retain period.

Despite being processed under the provisions of the DPL, personal data shall be erased, destructed or anonymized by the controller, ex officio or upon demand by the data subject, upon disappearance of reasons which require the process.

4. CONDITIONS FOR PROCESSING OF PERSONAL DATA

Data process procedure must be based at least one of the conditions that stated in the Article 5 of the DPL. SCC evaluates whether personal data processing activities are based on one of these requirements and stops the data processing procedure if it is not.

SCC takes measures consistent with Article 8 and 9 of the DPL for the personal data which is transferred to third parties in Turkey or abroad.

Personal and sensitive data can not be transferred to another natural or legal person without data subject’s explicit consent except as prescribed by law.

Personal data could be transfered to the competent administrative or judicial institution or organization in the cases stipulated by law even if data subject has no explicit consent.

5. PURPOSES OF PROCESSING PERSONAL DATA

The collection and processing of personal data by SCC should only execute under the stated purposes of SCC’s “The General Information On The Protection Of Personal Data”. 

6. ERASURE OF PERSONAL DATA

When the expiry of legally required periods, completion of judicial proceedings or other requirements are eliminated; personal data is erased, destroyed or anonymized by the SCC ex officio or by the request of the data subject. 

7. ACCURACY AND UPDATE OF DATA

The data is processed as declared upon the declaration of the persons concerned as a rule. SCC does not have to investigate the accuracy of the data. Declared data is considered correct. The principle of accuracy and being up to date of personal data has been assimilated by the SCC. SCC updates the personal data that processed from the documents that received or at the request of the relevant person and takes the necessary measures for it.

8. OBLIGATIONS OF SCC

a. Obligation to Inform Personal Data Subject

SCC enlighten the data subject whose data will be processed during the processing of personal data about how data will be processed. Minimum matters that should be in the clarification text are stated by the Law are these following:

- The identification of data cotroller,
- The purpose of data processing,
- To whom and for what purposes the processed data may be transferred,
- The method and legal reason of collection of personal data,
- Rights that data subject has.

Within this scope, clarification points and texts were determined.

b. Obligation of Respond to Personal Data Subjects Applications

Data subjects may exercise their rights regulated in the DPL by making applications in written or other methods SCC will determine.

In data subject’s application to use the rights that mentioned above; the explanations regarding the right to use must be clearly understood, the subject matter must be related to the applicant himself/herself, and if it is applied on behalf of someone else, he must have the authority to represent it.

In addition, the application must include identification and address information, and the identification documents must also be included in the application. Applications made by unauthorized third parties regarding personal data are not considered.

Personal data subjects’; 

- to learn whether personal data is being processed,
- to request information if personal data are processed,
- to learn purposes of the processing and whether they are used in line with this purpose,
- to know about the third parties within or outside the country to whom the personal data is transferred,
- to request correction of the personal data if the data is processed incompletely or inaccurately,
- to request deletion or destruction of the personal data under the conditions set forth in Article 7 of the DPL,
- to request notification of third persons to whom the personal data are transferred, in case the correction, deletion or destruction of personal data is requested,
- object to negative consequences affecting you which result from analysis of the processed personal data exclusively by automated systems,
-to claim indemnification if the you suffered damage due to illegal processing of your personal data.

According to the content, SCC must respond the application as soon as possible or at last in 30 days. After the assesment process SCC could apply the applications and take actions about it or could deny them for a valid reason.

Personal data subject can complain to SCC in 30 days if its application is rejected, the response is insufficent or the application is not answered within the period.

c. Obligations Concerning Data Security

SCC is obliged to process personal data in accordance with the law, to prevent the unlawful access to such data and to take the necessary technical and administrative measures to ensure the protection of such data. All necessary technical and administrative measures are taken to protect personal data collected and to prevent unauthorized access to avoid victimization of our members and volunteers.

In this context, software compliance with standards, careful selection of third parties and compliance with the data protection policy within the SCC is ensured. Security measures are constantly being renewed and improved.

In case of unlawful disclosure or leakage of personal data, the Personal Data Protection Board (“Board”) shall be notified. In this respect, the necessary measures are taken by making the examinations prescribed by the legislation

9. DATA TRANSACTIONS PRESCRIBED BY LAW

SCC can process data without an explicit consent if it is regulated under the laws, if it is directly related to establishment of a contract or carrying out it, if the data has been publicize by the related person, if it has to be processed to establish a right, usage or protection, in the cases where data processing is a necessity for data controller SCC’s legitimate interests without damaging fundamental rights and freedoms of the related person.

Personal data may be processed in accordance with the activities, services and legitimate purposes of SCC. However, data may not be used for unlawful acts in any way.

10. PROCESSING OF SENSITIVE DATA

Under the DPL, sensitive data means; personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, clothing, membership to associations, foundations or trade-unions, health, sexual life, convictions and security measures, and the biometric and genetic data are deemed to be personal data of special nature.

SCC takes all of the measures that set out by the board in the processing of sensitive data.

SCC can process sensitive data only for the purpose for which it is collected, with the consent of persons in order to carried out and develope its activities.

11. USER INFORMATION AND WEBSITE

Individuals will be informed by the Privacy Statement and if necessary about cookies on SCC-owned websites and other systems or applications.

Users are informed about our applications on web sites. Personal data will be processed in accordence with the Law.

12. DATA OF OUR EMPLOYEES

Personal data of our employees may be processed without consent as far as it is necessary in terms of labor relations and health insurance.

13. TRANSFERRING OF PERSONAL DATA

Personal data may be shared by the SCC in order to sustain the operations and activities of the association with its business and solution partners and for the purposes detailed in the text of the Policy, and may be transferred both domestically and internationally.

SCC has authority to transfer personal data both domestically and abroad in accordance with other conditions in the DPL and upon the consent of the person, in accordance with the terms set by the Board.

14. PRIVACY AND SECURITY OF DATA

As SCC we are taking reasonable technical and administrative measures in order to prevent risks of unauthorized access, accidental data loss, intentional deletion or damage to your personal data.

Necessary systems are established to raise awareness of the existing employees of the SCC’s business units and newly incorporated employees about the protection of personal data and provided trainings to the employees.

Accordingly; SCC undertakes to follow legal principles about personal data processing, to obtain explicit consent for personal or sensitive data, to take required technical and administrative measures in order to prevent risks of unauthorized access and processing data in contrary with law and keeping data safe, to comply with the above-mentioned rights of the personal data owner and to compensate them for any possible damages.

Questions, concerns or complaints:
Please contact SCC;
The Swedish Chamber of Commerce/İsveç Ticaret Odası Derneği Vişnezade Mah. Süleyman Seba Cad. No:7 Akaretler, Beşiktaş, Istanbul, Türkiye
Phone: +90 (212) 317 90 55
E-mail: info@sccturkey.com  

 

Data Protection Policy

 
  Send to Printer