top of page

Donizetti Musical Instruments Trade Limited Company
Personal Data Protection and Processing Policy

 

1. Introduction

Donizetti Musical Instruments (hereinafter referred to as "Rodrigo Muzik" or "Company") attaches utmost importance to the legal processing of personal data of its customers, business partners, employee candidates and other real persons contacted, excluding employees, who purchase products and services.

Therefore, among many other works, our Company aims to comply with the legislation in force, especially the Personal Data Protection Law No. 6698 ("Law") by preparing this Personal Data Protection and Processing Policy ("Policy").

Rodrigo Muzik shows maximum effort to take the necessary administrative and technical measures to protect the personal data of everyone it comes in contact with while carrying out its commercial activities. In this direction, our company, everyone whose personal data is processed,

  • To prevent the processing of personal data in accordance with the law, to inform the relevant persons in this direction, and to obtain the explicit consent of the data subject before processing the personal data, in cases not covered by the exception, and to prevent illegal recording or sharing of this data,

  • To be informed transparently about which personal data belonging to him are processed,

  • To be able to exercise his rights on his personal data within the framework permitted by the Law,

aims to provide

2. About the Policy

This Policy includes the Company's declarations and explanations regarding the processing of personal data belonging to real persons other than our Company's employees, particularly customers and employee candidates who purchase products and services by the Company, within the scope of the Law.

Our company reserves the right to make changes in the Policy in order to provide up-to-date information on practices and legal regulations on the protection of personal data. In case the changes made in the policy are fundamental changes, the data owners will be informed through various channels.

This Policy has been prepared for the purpose of providing information on which personal data Rodrigo Muzik processes while continuing its commercial activities, for what purpose it processes this data, the method of collecting personal data and its legal reason, and for which purposes this data can be transferred to which third parties. In addition, disclosure statements, express consents, commitments, forms and other documents containing information and approval to be prepared separately for the relevant persons have been prepared in accordance with this policy.

Personal data is collected by our company through the following channels, by automatic means or by non-automatic methods provided that they are part of the data recording system:

  • Within the scope of your job applications to our company,

  • During your visits to our company campuses,

  • Within the scope of processing the personal data of the parties to the contract, provided that the contract is signed between our company and you and the business relationship is established or it is directly related to the performance of the contract in question.

In addition, your personal data;

  • Use of software and applications made available via a computer or certain smart device ("Application");

(The channels listed above will be briefly referred to as "Digital Media".)

  • Except for Digital Media, it can be processed within the scope of printed forms, contracts, documents transmitted by you (shortly referred to as "Physical Media").

Issues related to the processing of personal data of employees whose personal data are processed by our company are regulated within the scope of Rodrigo Music Instruments Employee Disclosure Statement.

3. Definitions

  • Explicit consent: It refers to the declaration of consent on a specific subject, based on information and freely disclosed by the data owners.

  • Anonymization: It means making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.

  • Relevant Person: Refers to the real person whose personal data is processed.

  • Personal data: It means all kinds of information related to an identified or identifiable natural person.

  • Special categories of personal data: It refers to data that is subject to a stricter protection regime within the scope of the Law, which may cause the Relevant Person to be victimized or discriminated against in cases such as their disclosure or disappearance.

  • Processing of personal data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, It refers to all kinds of operations performed on data such as classification or prevention of use.

  • Data registration system: It refers to the registration system in which personal data is processed and structured according to certain criteria.

  • Data controller: It refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

4. Your Personal Data Collected

Your personal data collected by our company may vary depending on the nature of the legal relationship you have established with our company (customer, visitor or job applicant, etc.). Accordingly, your personal data collected by our Company through all channels, including Digital Media, are categorically as follows:

 

  • Identity Information (TC identity number, insurance policy number, name, surname, passport number, identity card serial number, driver's license number and serial number, photo, gender, place of birth, date of birth, age, occupation, place of registration, valid identity card sample, etc.)

  • Contact Information (E-mail address, telephone number, fax number, mobile phone number, social media contact information, address, etc.)

  • Location Data (location information obtained while using our services associated with the person or using our Company's vehicles, etc.)

  • Customer Information (Customer number associated with the person, customer income information, customer occupation information, license plate, information about the vehicle, education information, etc.)

  • Family Members and Close Information (Identity information, contact information and professional, educational information etc. about the children, spouses of the Relevant Person)

  • Customer Transaction Information (an instruction associated with the person and a demand-based CDR (call detail record), call center records, credit card statement, account statement, box office receipts, customer instructions, records recorded in channels for this, etc.)

  • Employee Candidate Information (resume, interview notes, personality test results, etc.)

  • Transaction Security Information (website password and password information, etc.)

  • Risk Management Information (various query results and records associated with a personal Relevant Person and submitted by public institutions, address registration system records, IP address tracking records, etc.)

  • Financial Information (credit/debit card information, bank account information, IBAN information, premium payment information, balance information, credit balance and other financial information)

  • Physical Space Security Information (Entry/exit records of the company's environments, visit information, camera records, etc.)

  • Legal Transaction and Compliance Information (information requests from judicial and administrative authorities or data in decisions, etc.)

  • Audit and Inspection Information (Information regarding all kinds of records and transactions regarding the legal pursuit and assertion of our rights associated with the Relevant Person, etc.)

  • Sensitive Personal Data (race, ethnicity, political opinion, philosophical belief, religion, sect or other belief, disguise and dress, association, foundation or union membership information, data on health and sexual life, criminal convictions and security measures) data, biometric data, genetic data)

  • Marketing Information (Reports and evaluations showing the habits and tastes of the person associated with the Related Person and to be used for marketing purposes, targeting information, cookie records, information derived from data enrichment activities, surveys made with the person, satisfaction surveys, campaigns and information and evaluations obtained as a result of direct marketing studies. etc.)

  • Request/Complaint Management Information (information and records collected regarding requests and complaints made to our Company regarding our products and services associated with the person, and information on reports or correspondence in which the results of these are evaluated by the relevant business units, etc.)

  • Visual and Audio Data (photos, camera recordings, audio recordings, etc.)

5. Our Personal Data Processing Purposes

Your personal data obtained may be processed by our Company within the scope of the personal data processing conditions specified in Articles 5 and 6 of the Law and for the purposes listed below:

  • Planning and Execution of Corporate Communication Activities,

  • Planning of Human Resources Processes

  • Fulfilling Obligations Originated from Legislation,

  • Planning and Execution of the Operational Activities Required for the Ensuring that the Company's Activities are Conducted in accordance with the Relevant Legislation,

  • Ensuring Data is Accurate and Up-to-Date

  • Giving Information Based on Legislation to Authorized Institutions

  • Planning and Execution of Market Research Activities for Sales and Marketing of Products and Services

  • Management of Relations with Business Partners,

  • Execution of Strategic Planning Activities,

  • Planning and Execution of Sales Processes of Products,

  • Planning and Execution of Sales Processes of Services,

  • Planning and Execution of Customer Relationship Management Processes,

  • Follow-up of Contract Process Requests

  • Planning and Execution of Corporate Sustainability Activities,

  • Planning and Execution of Activities of Non-Governmental Organizations

  • Planning and Execution of Company Audit Activities

  • Loan Payment Transactions Tracking

  • Planning and Execution of Operation Processes

  • Representation and Hospitality, Communication and Information Transfer

  • Planning, Auditing and Execution of Information Security Processes,

  • Creation and Management of Information Technologies Infrastructure,

  • Ensuring the Security of Company Operations

  • Planning and Execution of Business Continuity Activities

  • Planning and Execution of Activities to Perform Efficiency/Efficiency Analysis of Business Activities,

  • Planning and Execution of Activities for Realization of Appropriateness Analysis of Business Activities,

  • Execution of Strategic Planning Activities,

  • Planning and Execution of Marketing Processes of Services

  • Recruitment / Employment

  • Execution of Personnel Supply Processes

  • Creating and Tracking Visitor Records

  • Follow-up of Accounting and Finance Affairs

  • Follow-up of Legal Requests,

  • Follow-up of Legal Affairs,

  • Event Management,

  • Planning and/or Execution of the Company's Financial Risk Processes,

  • Planning and/or Execution of the Company's Operational Risk Processes

  • Planning and/or Execution of Customer Satisfaction Activities

  • Ensuring the Security of Company Campuses and/or Facilities,

  • Ensuring the Security of Company Operations,

  • Ensuring the Security of Company Fixtures and/or Resources.

 

6. Transfer of Personal Data

Your personal data may be shared with our suppliers and business partners, from whom we receive support in establishing, conducting and terminating your relationship with our Company, including the parties that provide products or services to our Company or on behalf of our Company, and the parties with which we cooperate to make you benefit from products and services. Your personal data may also be shared with legally authorized public institutions and private individuals within the scope of their authority. In these cases where your personal data is shared, our Company takes the necessary measures to ensure that the party with whom the data is shared carries out processing and transfer activities in accordance with the rules in this Policy and the provisions of the legislation.

Personal Data can be shared with our group companies, business partners, suppliers, legally authorized public institutions and organizations and legally authorized private institutions within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law, It can be transferred abroad within the framework of the procedural principles indicated in Article 9 and the decisions of the Personal Data Protection Board.

If the transfer of your Personal Data abroad is only;

  • Having Your Express Consent, or

  • In cases where your explicit consent is not provided but one or more of the other data processing conditions specified in the Law are met;

    • There is adequate protection in accordance with the decision of the Personal Data Protection Board in the country where the data is transferred, and

    • In the event that there is no adequate protection in the country where the data is transferred, provided that our Company undertakes in writing with the Data Controller in the relevant foreign country and that the permission of the Personal Data Protection Board is obtained.

can be realized.

 

7. Retention of Personal Data

Our company determines the storage periods of personal data by taking into account the legislation in force and the purposes of processing the data subject to the process. In this context, if there are statute of limitations related to legal obligations regarding personal data processing activity, they are definitely taken into account. In the event that the purpose of processing personal data disappears, the data is deleted, destroyed or anonymized unless there is another legal reason or basis that allows the personal data to be kept.

 

8. Principles on Data Privacy

Our company acts in accordance with the general principles explained below within the scope of all Personal Data Processing activities.

 

  • Acting in accordance with the law and the rules of honesty: Our company acts in accordance with the legislation in force and abides by the rules of honesty in all personal data processing processes.

  • Accuracy and timeliness: Our company provides the data owners with the opportunity to update their personal data and takes the necessary measures to ensure that the data is transferred to the databases correctly.

  • Processing for specific, clear and legitimate purposes: Our company limits personal data processing activities to specific and legitimate purposes and clearly informs data owners about such purposes through clarification texts.

  • Being connected, limited and proportional to the purpose for which they are processed: Personal data are processed by our Company in connection and limited manner for this purpose, to the extent necessary for the purpose notified to the Relevant Person at the time of their provision.

  • Retention for the period stipulated in the relevant legislation or required for the relevant purpose: Our company retains personal data for this period, if a certain period of time is determined within the scope of the legislation in force. If such a period is not specified in the legislation, reasonable retention periods are determined by taking into account the purpose of data use and our Company's procedures, and the data is kept limited to this period. Following the expiry of the aforementioned periods, the data is deleted, destroyed or anonymized in accordance with our Company's procedures.

  •  

9. Use of CCTV (Closed Circuit Camera System)

If you visit our company's campuses, your visual and audio data can be obtained through the closed-circuit camera system and stored only for the period required for the purposes listed below. With the use of closed circuit camera system, it is aimed to prevent and monitor anti-social behavior and criminal behavior, to ensure the security of our company's campuses and tools and equipment in our company's campuses, to protect the health and safety of visitors and employees visiting our company's campuses. All necessary technical and administrative measures will be taken by our Company to ensure the security of your data obtained through the closed circuit camera system.

10. Exercise of Rights by the Related Person

In order to exercise the above-mentioned rights, it is possible to apply through the Related Application form provided by the Company.

Applications can be made by one of the following methods, together with documents that will enable you to identify yourself:

  • Fill out the form and send the wet signed copy to Gazi Bulv. No:93/B Basmane Konak/İzmir address,

  • Signing the form with a secure electronic signature issued within the scope of Electronic Signature Law No. 5070 and sending it via registered e-mail to support@donizettimuzik.com,

  • Following another method specified in the Communiqué on the Procedures and Principles of Application to the Data Controller determined by the Personal Data Protection Board.

  •  

Our company responds to data owners who want to exercise such rights within the limits stipulated in the Law, within a maximum of thirty days, as stipulated in the Law. In order for third parties to request an application on your behalf, a special power of attorney issued by you through a notary public on behalf of the person who will apply must be present.

Although your applications are processed free of charge as a rule, if a fee schedule is foreseen by the Personal Data Protection Board, a fee may be charged over this tariff.

Our company may request information from the Related Person in order to determine whether the applicant is a Relevant Person or not, and may ask questions about the application to the Relevant Person in order to clarify the issues specified in the application.

 

11. Rights of the Relevant Person

According to Article 11 of the Law, data owners have the following rights against the data controller:

  • To learn whether personal data about himself is processed,

  • If personal data about him/her is processed, requesting information about it,

  • Learning the purpose of processing personal data and whether they are used in accordance with its purpose,

  • Knowing the third parties to whom personal data is transferred at home or abroad,

  • Requesting correction of personal data in case of incomplete or incorrect processing,

  • Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in the relevant legislation,

  • Requesting the notification of the transactions made as a result of the correction, deletion and destruction requests to the third parties to whom the personal data has been transferred,

  • Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,

  • To request the compensation of the damage in case of loss due to unlawful processing of Personal Data.

  •  

12. Data Security

In order to ensure the security of your personal data, our company takes reasonable technical and administrative measures to prevent unauthorized access risks, accidental data loss, deliberate deletion or damage to data.

In this context, our Company;

  • Records access to personal data,

  • Ensuring data security by using software and hardware including virus protection systems and firewalls,

  • Following up the personal data processing activities on a business unit basis,

  • In accordance with Article 12 of the Law, it ensures that the necessary inspections are carried out in order to ensure the implementation of the provisions of the Law,

  • Ensuring the compliance of internal policies and procedures and data processing activities with the Law,

  • Makes authorizations in accordance with the nature of the data accessed within the company,

  • Subjecting access to Special Quality Personal Data to more stringent measures,

  • Passing additional security checks on persons who have access to Special Qualified Personal Data,

  • In case of access to personal data from outside the Company for reasons such as outsourcing, our Company takes commitments from the external service provider to ensure compliance with the Law,

  • It takes the necessary actions to inform all its employees, especially those who have access to personal data, about their duties and responsibilities under the Law.

 

13. Your Questions and Comments

If you wish to convey your questions and comments to our Company within the scope of this Policy, Tatlısu Mh. Turgut Ozal Bulvari Vitir Sk. No:1 Ümraniye – Istanbul by post or via  address.

bottom of page