Policy on Personal Data Protection of The Tohum Autism Foundation

Policy on Personal Data Protection of The Tohum Autism Foundation

1. Aims of Policy on the Personal Data Protection

i. This Policy on the Personal Data Protection(“Policy”) indicates the approach
on processing personal data of The Tohum Autism Early Diagnosis and
Education Foundation and The Commercial Enterprice of The Tohum Autism
Early Diagnosis and Education Foundation (“The Tohum Autism”), and also
states;
i. Personal Data: any information relating to an identified or identifiable natural
person;
ii. Processing of Personal Data: any operations carried out on personal data
such as collection, recording, storage, retention, alteration, re-organization,
disclosure, transferring, taking over, making retrievable, classification or
preventing the use thereof, fully or partially through automatic means or
through non-automatic means only for the process which is a part of any data
registry system set out in the Law;
iii. Sensitive Personal Data: Personal data relating to the race, ethnic origin,
political opinion, philosophical belief, religion, sect or other belief, clothing,
membership of associations, foundations or trade-unions, information relating
to health, sexual life, convictions and security measures, and the biometric
and genetic data;
iv. Data Controller: the natural or legal person who determines the purposes for
which and means by which personal data is processed and is responsible for
establishing and managing the data registry system.;
v. Data Processor: the natural or legal person who processes the personal datas
according to given authority by the Tohum Autism Foundation;
vi. Data Subject: the natural person, whose personal data is processed;
vii. Data Registry System: the registry system which the personal data used by
the Tohum Autism Foundation is registered into through being structured
according to certain criteria;
viii. Board: the Personal Data Protection Board;

ix. Authority: the Personal Data Protection Authority;
x. Law: The Law on the Protection of Personal Data No. 6698 was published in
the Official Gazette on 7 April 2016 and 29677 numbered entered into force.

b. This policy aims to provide compliance with the procedures/law and
legistlations applicable. This policy and Tohum Autism Foundation aim to
enlighten the data subjects in respect to;
i. Contents and categories, ways of using, person and institutions that are
domestic and international,
ii. Ways of processing personal datas,
iii. Ways of retaining personal datas,
iv. Rights of subjects,
v. Precautions related to Personal Data Protection.

2. Personal Data gathered by Tohum Autism and Purposes of Processing

Personal Data
a. Purpose of Tohum Autism is all the purposes stated on the note of The Tohum
Autism Early Diagnosis and Education Foundation
b. In relation to the purpose of Tohum Autism and not limiting to the information
below; Tohum Autism can gather and process the personal data of the
students who are trained in The Tohum Autism Foundation Private Special
Education School, parents of these students, its partners, associates,
volunteers, suppliers, funders, donors, visiters, employees work in the
cooperative institutions, customers, candidates, employees, tranees,
authorities, and other third-persons:
i. Identitiy papers and their copies such as identitiy card, driving lisenc
e, passport, residence document, identity register copy, marriage
certificate and etc;
ii. Documents including titles, rental agreement, payroll, declaration of
property, green card and etc;
iii. Documents about health status such as reports, blood tests, bloud type,
vaccination, medical analysis, clean bill of health and etc.
iv. Biometric and genetic data including photograph,video, fingerprint;
v. Address details containing home, office, telephone number and e-mail.

vi. Financial information such as bank account, credit card, health
insurance, billing and etc;
vii. Records of voice call;
viii. Other information including demobilization, conviction and criminal record
about security measures;
ix. Any official document attests the sign of the data subject.

c. With the exceptions of Article 5(2)(c) of Act, Tohum Autism undertakes to
process Personal Data within the scope of the purposes and the basis stated
below:
i. To run Tohum Autism’s actions, planning and performing the
operational action.
ii. In order to provide the data security, transferring data domestic and
abroad.
iii. Interanl and external supervision, and financial tracking.
iv. IT, service of legal counseling
v. Forward plans
vi. Keeping statistics,
vii. Tracking pass actions.
viii. Order and control in workplace; and providing adaptation and
management.
ix. Organizing and following up records of visiters
x. Archiving informations gathering from Tohum Autism’s activities.
xi. Planning and/or performing corporate communication/responsibility/
Project activities.
xii. Planning and performing Tohum Autism’s policies and operations on
human resource
xiii. Smoothing operations of recruitment procedure.
xiv. Planning and performing commercial and/or business strategies
of The Commercial Enterprice of The Tohum Autism Early Diagnosis
and Education Foundation.
xv. Solutions of commercial disputes

xvi. Providing legal, technical, commercial and occupational security
of Tohum Autism and any relevant people related with Tohum Autism
for business purposes.
xvii. Planning, reviewing and performing processes of data security
xviii. Organising and running the substructure of the information
Technologies.

3. Methods of the Data Collection

Tohum Autism will collect the Personal Data via methods stated below:

i. Electronic mail
ii. Telefax
iii. Telephone
iv. Post
v. Courier
vi. Manuel delivery

4. Consent to monitoring and tranferring

a. Domestic data monitoring and transferring
It is possible with the direct consent of subject for monitoring and transferring
to domestic natural and legal persons about their data personal data. If there
is no direct consent, it is only possible when there is conditions stated below:
i. To be prescribed by law clearly;
ii. Being obligatory to protect individuals or others’ lifes and bodily integrity for
who cannot explain their consent because of the de facto impossibilities or
who cannot be allowed for legal validity;
iii. Being requred to process personal data belongs to contracting parties, on
the conditiyon that it is directly relevant with drawing up a contract and
executing it;
iv. Being obligatory for Tohum Autism to perform its legal obligations
v. To make it well-known by who is interested

vi. Being obligatory to process data in order to establish, exercize or protect a
right
vii. Being obligatory to process data for Tohum Autism’s legitimate interests
only if there no damage to basic rights and liberties

b. Processing and Transferring Sensitive Personal Data
It is only possible with the explicit consent of relevant persons to process and transfer
sensitive personal data. If there is no consent, Processing and transfering data
depends on the conditions below:
i. Personal data without health and sexual life can be processed without the
consent of subject as prescribed by laws
ii. Personal data related health and sexual life can be processed without the
consent of subject for the purposes of protecting public health, preventive
medicine, medical diagnosis, operating treatment and care services, planning
and conducting health services and financial issues
c. Processing and Transferring Personal Data Abroad
It is possible to process and transfer personal data to third natural and legal persons
abroad with the explicit consent of data subject, bu if there is no explicit consent,
Tohum Autism can process data only in the following cases that:

Without the explicit consent of data subject if there are conditions stated under Article
3.a and 3.b of the Law,

The country is approved by Board as “Adequate Country” in respect to protection. If
there is no adequate protection, Tohum Autism and data controllers in relevant
countries guarantee the protection in written

Withoout prejudice to provision of international convention, Tohum Autism can
transfer with the consent from Board by taking state institutions and organizations’
opinion if Turkey and interests of relevant data subject get harmed.

5. Security of Personal Data

a. Tohum Autism shall provide security of personal data for the purposes mentioned
below and take all kinds of technical and organizational measures aimed at providing
appropriate level of security.
i. to prevent unlawful processing of personal data,
ii. to prevent unlawful access to personal data,
iii. to ensure the retention of personal data.

b. In the case of processing personal data by other natural and legal person in behalf
of Tohum Autism, Tohum Autism is responsible in conjunction with the others who
process data for taking measures stated in Article 4.a of the Law.
c. Tohum Autism have to make an inspection and have it inspected in order to
provide to implement provisions of Law in its institutions and organizations
d. those who process personal data with Tohum Autism must not share personal
data they learned with the other in defiance of provisions of Law and must not
misuse to process. This obligation also continues after their duties are expired
e. In the case of being acquired processed personal data by the others illegally,
Tohum Autism informs to data subject and Board about that case as soon as
possible

6.Rights of Data Subject

a. Data Subjects Have the Following Rights Regarding Their Personal Data.
i. To find out whether their personal data is processed or unprocessed;
ii. To request to be informed if their personal data is processed;
iii. To learn the purpose of processing personal data and whether it is used in
accordance with its purpose or not;
iv. To find out which third parties personal data is transferred to domestic or
abroad;
v. To request correction of personal data if it is processed incompletely or
incorrectly;

vi. To request the deletion or destruction of personal data in accordance with
Article 7th of the Law;
vii. To request that third parties to whom the personal data are transferred are
notified of the transactions made pursuant to Articles 5.a.v and 5.a.vi of the
Policy
viii. To object to the emergency of a conclusion against only by analyzing the
processed personal data through automated systems owner of the data by
himself
ix. To request to remove damage if personal data is damaged due to the illegal
data processing
b. In order to exercise rights stated in Article 5.a of Policy, relevant persons send
their requests via secure e-signature in written, mobile signature or e-mail declared
before by related person to Tohum Autism and registered in the Tohum Autism’
system or via programs and applications developed to serve appeal’s purposes to e-
mail address of Tohum Autism info@tohumotizm.org.tr or to mailing address
“Merkez Mah. Sıracevizler Cad. Zülfikarlar İşhanı No:27, Kat:3 34380
Şişli/İstanbul/Türkiye”

i. Name, surname and sign if application is written;
ii. Turkish identification number for Turkish citizen, nationality, passport number
and personal identification number for foreigners;
iii. Residence and office address;
iv. E-mail, telephone and fax number if available;
v. It is mandatory to include request topic.

7. Precautions to Preserve and Protect Personal Data Updated and Properly

Tohum Autism preserve personal data updated and properly within the scope of
following ways:
i. Current back up;
ii. MEBSİS;
iii. Fonzip, salesforce, euromessage, dataport;
iv. Firewall;

v. Antivirirus programs
vi. Executive limitations and delegations

8. Changes Coming in Personal Data Protection Policy

Tohum Autism shall make legal changes to the extend required by Policy . This
Policy changed will be valid when it is shared on site https://tohumotizm.org.tr
Tohum Autism also announces changes via e-mail to customers, employees and
authorities.