ISMS Policy

The main theme of the TS EN ISO 27001:2013 Information Security Management System is to show that information security management is provided in human, infrastructure, software, hardware, customer information, organizational information, third-party information and financial resources, to ensure risk management, to measure information security management process performance and to regulate relations with third parties on information security-related issues in Interdata. 

The aim of our ISMS policy, in this direction, is:

To protect Interdata information assets against all kinds of threats that may arise from inside or outside, knowingly or unknowingly, to ensure accessibility to information through business processes, to meet legal legislation requirements, to work towards continuous improvement,
To ensure the continuity of the three basic elements of the Information Security Management System in all activities carried out:

Accessibility

Demonstrating the accessibility of information, when necessary, by those who are authorized

Integrity

Demonstrating the accuracy and intactness of the information,

Confidentiality

Preventing unauthorized access to important information

  • Dealing with the security of not only the data kept in the electronic environment, but also all the data in written, printed, oral and similar media.
  • Raising awareness by giving Information Security Management trainings to all personnel.
  • Reporting all actual or suspicious vulnerabilities in Information Security to the ISMS Team and to ensure that they are investigated by the ISMS Team.
  • Preparing, maintaining and test business continuity plans.
  • Determining the existing risks by making periodic evaluations on Information Security and reviewing and following the action plans, as a result of the evaluations.
  • Preventing all kinds of disputes and conflicts of interest that may arise from contracts.
  • Meeting business requirements for information accessibility and information systems.

Personal Data Protection Law (PDPL)

First of all, we would like to state that your data is processed by the data supervisor by the procedures and principles stipulated in the Law on Personal Data Protection No. 6698 and other legislations.

Under Article 10 of the law, our purpose is to enlighten you in the most transparent and comprehensive way about your rights and the identity of our company, which is the data supervisor, for what purpose the personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and the other details listed in Article 11 of the Law and detailed in Article 7.

In this context, we would like to point out that our policy, which we consider in every situation that requires the processing and sharing of your data, is to ensure this data is obtained and preserved by the law and is only transferred to the extent permitted when necessary.
Since you have reached our company call center, your identification number, tax office and tax identification number, bank account information, information about the authorized institutions and organizations you are subject to, your name and surname are processed to carry out the activity by the legislation and fulfill our legal obligations.

Our company can only share your data with relevant persons & institutions under the following conditions:

  • Based on the consent of the people or stipulated in the laws, especially the legislation to which we are subject
  • Necessary for the establishment or performance of the contract
  • Obligatory for the fulfillment of the legal obligation
  • Requested by authorized public institutions and organizations or required by legitimate interests
  • Provided that adequate measures are taken within the framework of security and confidentiality principles specified in PDPL
  • Legal and real persons, suppliers, sub-contractors, business partners, shareholders, legal, financial and tax consultants, auditors, audit companies with whom we have contracts, by our direct/indirect & domestic/abroad activities to carry out company activities
  • Public institutions or organizations that are authorized to request this data as required by law
  • Within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the PDPL
  • In particular, during our data processing activities, administrative and technical security measures required by law are applied with precision in order to process your data securely. Your data, which is the subject of this clarification text, is kept limited to the authorized person's access only.
  • Your data will be deleted, destroyed, or anonymized at the end of the storage period as explained in the data supervisor's personal data processing, storage and destruction policy. 


Under Article 11 of the Law, personal data owners have the right to:

  • Learn whether personal data is processed or not
  • Request information if personal data has been processed
  • Learn the purpose of processing personal data and whether they are used for the purpose
  • Know the third parties to whom personal data is transferred at home or abroad
  • Request correction of personal data in case of inaccurate or incomplete processing and request the information of third parties to whom the transaction is transferred.
  • Request the deletion or destruction of personal data if the reasons for processing disappear, although it has been processed by the provisions of Law No. 6698 and other relevant laws.
  • Request the notification of the third parties to whom personal data is transferred about the transaction carried out in this context.
  • Object to the emergence of a result against the person himself by deleting the processed data exclusively through automatic processes
  • Request the compensation for the damage in case of damage due to the illegal processing of personal data

In your application regarding your rights as personal data owners, the following must be added to the application:

  • Your name
  • Your surname
  • If your application is in written form, your signature
  • Turkish Identity Number
  • If you are a foreigner, your nationality
  • Your passport number or ID number, (if any)
  • Your place of residence or workplace address for notification
  • Your notification e-mail address, telephone and fax number, if any
  • Your topic of request
  • Your information and documents on the subject (if any)


Under Article 13 of the Law, our company, as the data supervisor, concludes the requests in the application free of charge, as soon as possible and within thirty days at the latest, depending on the nature of the request, and forwards the response to the applicant's e-mail address or physical address (at its own discretion).


However, if the transaction requires an additional cost, the fee in the tariff determined by the Board may be collected from the applicant.
You can find the application form on our website. You can send your written applications to our address, Muallimköy Neighbourhood, Deniz Street, Bilişim Vadisi No: 143 41480 Gebze/Kocaeli, by attaching the necessary documents. You can also submit your applications with the secure electronic signature defined in the Electronic Signature Law No. 5070, or by using the mobile signature or the e-mail address previously reported to the data supervisor by the data supervisor and registered in the system, with the expression 'Personal Data Information Request Application' in the subject part of the address.
According to the nature of your request, information and documents that will allow identification must be provided to us completely and accurately.

Relevant Person Application Form

Can be found here.