Your views

As Kosmos Visa Services, we aim to provide the best possible level of service to our customers.


Your views are important to us. To continue to improve our service we need your help. We thank you for sharing your views with us.


We keep a record of your feedback and, if you request a response, we aim to reply in 2 working days.


You may contact us by filling the Survey Form or by Sending Us Email

This is the Security Announcement for applicants whom visit Kosmos Visa Application Centre;

 

Due to Security reasons, the following actions or items will not be permitted or used inside the Visa Application Centre:

 

  • • Cameras, audio/voice records, video records, (i.e. mp3, laptop, recording devices etc.),
  • • Bags, suitcases or back packs, suitcases, zip folders larger than a cabin size bag, (Only a plastic bag containing your application related papers would be permitted.

*The list provided above is not restricted.

  • • Inflammable items (such as matchboxes/ lighters/ fuel etc.) and any sharp objects (such as scissors, pen knives or nail filers.)
  • • Weapons or similar objects, explosive material of any kind.
  • • Pets (Due to potential of allergic reactions of third parties),
  • • Sealed envelope or packages
  • • Food or Beverages,
  • • Security Guards or Kosmos Personnel have the right to prevent admission of suspicious individuals or items in to the office.
  • *The list provided above is not restricted. Security Guards may prohibit other items based on his/her discretion.
  • • Due to security reasons, entrance will only be permitted to the main applicant, their interpreter or if accompanying a physical handicapped applicant. Permission for entry by friends, relatives, business contacts of the main applicant is prohibited.

There is no facility available at Kosmos Visa Application Centre to store prohibited items. We request applicants to make alternative arrangements to store the listed items before entering to the Visa Application Centre. Kosmos Visa Application centre is monitored by cameras on a 7/24 basis based on the security procedures.

 

PROCESSING PERSONAL DATA CLARIFICATION TEXT

 

Law No. 6698 on the Protection of Personal Data (PDPA) published in the Official Gazette dated April 7, 2016 and numbered 29677, in order to protect the fundamental rights and freedoms of individuals, especially the privacy of individuals, in the processing of personal data and to determine the obligations of real and legal persons processing personal data. As Kosmos Visa Services Limited, we would like to inform you in the capacity of ‘data responsible’ in accordance with Article 10 of the Law titled ‘’Clarification Obligation of the Data Officer’’.

 

DATA RESPONSIBLE AND REPRESENTATIVE

 

As Kosmos Visa Services Limited, in the capacity of data responsible, we may use your personal data for the purposes described below; we will be able to process, record, store, classify, update, and disclose to third parties where permitted by law for the purpose which they are committed.

 

PURPOSE OF PERSONAL DATA PROCESSING

 

İn order to benefit from the services we offer as Kosmos Visa Services Limited Company, your personal data is processed in accordance with the basic principles set out in the KVKK and the relevant legislation, your explicit consent and / or the legal legislation that we are subject to KVKK art. 5/2. When considering the services offered by Kosmos Visa Services Limited, your personal data, for you to benefit from these services:

 

  • In the process of meeting the demands of authorized third parties, in particular the implementation and demands of the Foreign Mission,
  • Fulfilment of the provisions of domestic and foreign supervisory and regulatory authorities, relevant public institutions, labour law and other relevant legislation,
  • In recruitment and human resources processes,

 

The above-mentioned data processing activities are carried out in order to continue our commercial activities.

 

It is stored in physical and electronic environment for a suitable period in accordance with the purpose of processing. For this reason, Kosmos Visa Services Limited acts in compliance with its obligations stipulated in all legal regulations, particularly KVKK.

 

 

COLLECTION METHOD OF PERSONAL DATA AND LEGAL REASON

 

Your personal data will be collected by our Company for the purposes listed above and in any oral, written or electronic environment (physical documents, contracts and printed forms; and in the electronic environment through the corporate website, in-house software, complaint management systems, video and audio recording systems). Your collected personal data may be processed and

 

transmitted for the purposes specified in this Clarification Text within the scope of personal data processing conditions, such as explicit consent in article 5 of the Law, explicitly stipulated in laws, the establishment and execution of the contract, the fulfilment of our legal obligation and the achievement of legitimate interests.

 

Your personal data will be processed by our employees so that you can apply for a visa and perform the service we provide.  Your shared personal data and visa applications will be transferred to and kept at the Mission we work with. All your personal data, including those with special qualifications, will be protected in accordance with the regulations governing the mission.

 

PARTIES THAT PERSONAL DATA PROVIDED TO AND PURPOSE OF TRANSFER

Your personal data processed for the purposes above may be transferred to; Foreign Mission, domestic and foreign supervisory and regulatory authorities, relevant public institutions, labour law, other persons and organizations that are allowed by the provisions of the relevant legislation, within the scope of legal authority for the purpose requested by limited, legally authorized public and private legal entities, our company's consultants, our auditors and service providers in accordance with the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law no. 6698.

 

Kosmos Visa Services Limited is required to keep records and documents relating to transactions performed with its customers within the scope of legal regulations for a certain period of time; if you want your personal data to be deleted or destroyed or anonymized, your request may be fulfilled by Kosmos Visa Services Limited after a period of time specified by legal regulations; however, your personal data will not be processed by Kosmos Visa Services Limited during this period and will not be shared with third parties except for the obligations arising from national and international laws, regulations and agreements.

 

 

 

RIGHTS OF THE PERSON WHOSE PERSONAL DATA IS PROCESSED

 

In the event that the party to this Agreement is a natural person, if the customer is official, the customer must be a legal entity, as a personal board of directors, there are provisions of KVKK, Kosmos Visa Services:

 

·              Learn whether personal data is processed,

·              Request information if personal data is processed,

·              Learning the purpose of processing personal data and whether they are used in accordance with their purpose,

·              Knowing the third parties to whom personal data is transferred at domestic or overseas,

·              To request correction of personal data in case of incomplete or incorrect processing,

·              Requesting deletion or destruction of personal data,

·              In case of correcting, deleting or destroying personal data, requesting that these transactions be notified to the third parties to whom the personal data are transferred to,

·              Object to the occurrence of a result against the person by analysing the processed data exclusively through automated systems,

·              Request for compensation in case of damage due to unlawful processing of personal data

Requests submitted within this scope; will be finalize by Kosmos Visa Services Limited for free of charge within thirty days at the latest. However, if a fee is foreseen by the Personal Data Protection Board, the fee in the tariff determined by our Company will be charged.

IF YOU WISH TO CONTACT US FOR YOUR REQUESTS

 

If you want to contact us within  the coverage of Law no. 6698, for feedback or asking questions,  you can deliver personally to the address by hand or you can reach us through the notary with documents supporting your identity and your petition containing your request Kosmos Visa Services Co. Ltd. - Cumhuriyet Street No:139      Harbiye - Sisli - Istanbul - Turkey 

In this context, written applications to be made on the subject will be accepted following the authentication by us and the related parties will be returned within the legal period.

 

Attachment: KVKK Application Form

As employees of Kosmos Visa Services Limited, to manage all kind of risk towards our business continuity and information assets;

 

  • •To document, certify and continuously improve  our information security management system in compliance with the requirements of ISO 27001 standard,
  • •Protecting our information assets against all kinds of threats,
  • •Preparing, maintaining and testing business continuity plans,
  • •Comply with all legal regulations and conventions related to information security,
  • •Systematically managing risks to our information assets,
  • •Ensuring that confidential information of customers is protected and maintained with precision,
  • •Conducting trainings to develop competencies to increase awareness on information security,

 

We pledge to be a pioneering and exemplary organisation in our sector. 

 

 

 

  1. 1. DATA PRIVACY UNDERTAKING

 

This Data Privacy and Security Policy (“Policy”) determines the principles to be followed within Kosmos Visa Services Limited Company and/or by Kosmos Visa Services Limited Company; whilst Kosmos Visa Services Limited Company (Kosmos) fulfils the data protection obligations imposed by Law No. 6698 and other related legislation and additionally processing personal data.

 

Kosmos Visa Services Limited Company undertakes to apply a sufficient and reasonable level of security for the personal data on-site, respect the confidentiality of personal data and comply with this Policy and tools, programs, and processes to be implemented in accordance with this Policy.

 

  1. 2. PURPOSE OF THE POLICY

 

The main purpose of this Policy is to establish the principals of personal data processing and protection of personal data carried out by Kosmos Visa Services Company in accordance with the law, and to ensure transparency by enlightening and informing the persons whose personal data is processed by our company.

 

  1. 3. THE SCOPE OF THE POLICY

 

This Policy includes all departments and employees of Kosmos Visa Services Limited Company.

 

This Policy will cover all activities in which personal data is processed by Kosmos Visa Services Limited Company and will be applied in all kinds of events and actions.

 

This Policy will not be applied to data that are anonymized or are non-personal data.

 

In case new legislations are set, Kosmos Visa Services will provide a higher level of security on personal data in accordance with the new legislation and comply with the regulatory requirements.

 

Where it is deemed to be a legal obstacle to the implementation of this Policy by Kosmos Visa Services Limited, Kosmos Visa Services Limited shall re-determine the steps to be applied, when deemed necessary, in consultation with the Board.

 

 

  1. 4. DEFINITIONS

 

Definitions used here in this Policy are as follows:

 

Explicit consent

Consent on a particular topic, based on information and stated by free will

Anonymization

Personal data to be rendered in such a way that even when matched with other data will by no means be associated with a person whose identity is apparent or can be identified

Personal data

All kinds of information regarding a person whose identity is apparent or can be identified

Processing of personal data

All kinds of processes performed on data acquired by non-automated means where the personal data is automated in whole or partially or is part of any data registry system, such as registration, storing, keeping, changing, rearranging, expounding, transferring, taking over of this data, making it available, categorizing it or preventing it from being used

PDP Law

Law No; 6698 Personal Data Protection Law

PDP Board

Personal Data Protection Board

PDP Institution

Personal Data Protection Institution

Sensitive private data

Data regarding race of people, ethnic origin, political view, philosophical view, religion, sect or other faith, raiment, membership in association, foundation or union, health, sexual life, criminal convictions, security measures, and biometric and genetic data

Data Handler

Real or legal person who processes personal data based on the authority given by the data officer on behalf of the data officer.

Personal data owner

Real person whose personal data is processed and is deemed to be “relevant person” in PDP Law,

Data Officer

Real or legal person who identifies the purposes and means of processing personal data, responsible for the establishment and management of the data recording system

Registry of Data Officers

Data officers’ registry kept by the Presidency under the supervision of Personal Data Protection Board (VERBIS)

Data Inventory

The inventory created by correlating and detailing the personal data processing activities implemented in line with the business processes of Kosmos Visa Services Limited Company; with personal data processing purposes, with the recipient group to which the personal data is transferred and with the related personal data owner

 

  1. 5. PERSONAL DATA INVENTORY AND CATEGORIZATION OF PERSONAL DATA

 

In care of Kosmos Visa Services Limited Company; for the legitimate and lawful personal data processing purposes of Kosmos Visa Services Limited Company, based on and limited to one or more of the personal data processing conditions set forth in Article 5 of the PDP Law, in particular the principles set out in Article 4 on the processing of personal data, complying with all the general principles set forth in the PDP Law and all obligations set forth in the PDP Law and limited to the personal data holders under this Policy (Customers, Employees, Employee Candidates, Visitors, Third Parties, Employees of the Supplier We Work with, Officials and Representatives of Supplier);

 

Are being processed by means of informing the concerned persons, in order to meet the provisions of relevant public institutions, supervisory and regulatory authorities, labour law and other relevant legislations, in our recruitment and human resources processes, in our business connections processes, technical processes, the demands of third parties, and also to meet and to continue the commercial activities of our company.

 

Kosmos Visa Services Limited Company has created a personal data inventory in accordance with the Data Responsible Registry Regulation issued by the Personal Data Protection Authority. Data categories, data sources, data processing purposes, data processing process, Receiver groups to whom the data is transferred and the retention times are found in this data registry.

 

Within this scope, the following types of data categories are included in Kosmos Visa Services Limited Company, but are not limited to these types;

 

Identity information, contact information, personnel information, legal transaction information, customer transaction information, physical space security information, transaction security information, financial information, professional experience information, marketing sales information, audio visual record information, race and ethnicity information, health information, biometric data, criminal conviction and security measures information and other information data category.

  1. 6. GENERAL PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA

 

  1. 6.1. Legal Compliance

 

Our company conducts its personal data processing activities in accordance with the law and honesty rules in accordance with the Constitution, PDP Law and related legislation.

  1. 6.2. Data to be Accurate and Up-to-Date When Needed

 

Our company; taking into account the fundamental rights of the personal data owners and their legitimate interests, ensures that the personal data it processes is accurate and up-to-date, and takes the necessary measures accordingly. In this context, the data on all categories of persons is kept up to date, and all kinds of administrative and technical measures are taken to ensure accuracy and timeliness.

  1. 6.3. Specific, Legitimate and Clear Purposes

 

Our company; processes personal data only for legitimate purposes that are clearly and precisely determined and does not engage in data processing other than those purposes. The purpose of the processing of personal data is determined by our company before the processing activity and is also recorded in the “Personal Data Inventory”.

 

  1. 6.4. Data to be Relevant, Limited and Measured with the Purpose They Are Processed for

 

Personal data are processed by our company to the extent necessary to achieve the specified objectives. Data processing activity is not conducted with the assumption that it can be used later. Within this context, the processes are constantly reviewed and the principle of reducing personal data is tried to be implemented.

 

  1. 6.5. Personal Data to be Retained for the Required Period and to be Deleted Afterwards

 

Our Company only maintains personal data for the period required for the purpose specified or processed in the relevant legislation. In this context, the Company first determines whether or not a period is stipulated for the storage of personal data in the relevant legislation, if a period is determined, acts in accordance with this period, and takes into account the statutory limitation periods and stores the personal data for the period required for the purpose for which they were processed. In the events of expiration of the deadline or discontinuation of the reasons for elimination of data, personal data is deleted, destroyed or made anonymous in accordance with our Company's “Data Destruction Policy”.

  1. 7. CONDITIONS FOR PROCESSING PERSONAL DATA

 

Personal data may only be collected, processed or used under the legal basis specified below.

 

  1. 7.1. Explicit Consent

 

The protection of personal data is a Constitutional right, and fundamental rights and freedoms may be restricted for the reasons specified in the relevant articles of the Constitution and only by law without prejudicing their essence. Pursuant to the third paragraph of Article 20 of the Constitution, personal data may be processed only in cases provided for by law or with the explicit consent of the person. In personal data processing procedures within our company, personal data of a person is processed without seeking explicit consent of the person only if the conditions set forth below are present;

 

  • Explicit consent must be given with free will, otherwise it is void.

 

  • Explicit consent will be sought in writing or electronically from the person concerned. In addition to these situations, verbal consent may be accepted if recorded. In this way, explicit consent will be recorded in a demonstrable manner. People will be informed about their rights before explicit consent is obtained.

 

  • In cases where sensitive personal data is needed to be processed, explicit consent will be obtained in writing.

 

  • The departments that process personal data are obliged to ensure the existence and validity of the explicit consent of the relevant data owner when collecting the personal data, they process. Upon establishment of non-presence of explicit will, data processing activity will be stopped.

 

  1. 7.2. Processing of Personal Data without Obtaining Explicit Consent

 

7.2.1 Where envisaged explicitly by Law,

7.2.2 When it is compulsory for the protection of the life or body integrity of a person himself/herself or of another person who is in a physically unable state to express consent, or where his/her consent is not acknowledged to have legal validity

7.2.3 Where processing of personal data of the parties to the contract is required, provided that it is directly related to the establishment or performance of a contract.

7.2.4 Where it is obligatory for the data officer to fulfil his legal obligation,

7.2.5 Where the data owner has publicized himself/herself,

7.2.6 Where data processing for the establishment, use or protection of a right is compulsory,

7.2.7 Where data processing is mandatory for the legitimate interests of the data officer; without prejudice to the fundamental rights and freedoms of the data owner.

 

  1. 7.3. Processing of Sensitive Personal Data

 

  1. 7.3.1 Sensitive personal data may only be processed if the data owner has explicit consent or is explicitly required by law.
  2. 7.3.2 Personal data relating to health and sex can only be processed without explicit consent for the protection of public health, processing of preventive medicine, medical diagnosis, treatment and care services, planning and management of health care and financing. In the event of such processing, the data officer is subject to secrecy confidentiality.
  3. 7.3.3 When processing sensitive personal data, adequate measures shall be taken by the Board.
  4. 7.3.4 The PDP Committee shall be informed on each occasion where processing of sensitive personal data is necessary.

 

  1. 7.4. Processing the Data of Employees

 

  1. 7.4.1 All personal data processing principles set out above shall also apply to the personal data of employees.
  2. 7.4.2 Personal data of applicants who have not applied via CV collection channels can be processed without explicit consent to initiate a business relationship. In the event that such an application results unfavourably after being considered for an appropriate position, the personal data of the concerned person will be deleted.
  3. 7.4.3 Employee personal data linked to the business relationship and related to the performance of the contract may be processed without the express consent of the employee. In adverse conditions, employee consent, legal obligation, legitimate interest and a similar justification is needed. Legal approval will be obtained for the validity of the relevant justification.

 

 

  1. 8. TRANSFERRING PERSONAL DATA

 

  1. 8.1. Transfer to Third Parties in Turkey

 

  1. 8.1.1. Personal data can only be transferred to third parties in Turkey in cases where the explicit consent of the person concerned has been obtained.
  2. 8.1.2. In cases where at least one of the conditions specified in paragraph 2 of article 5 of personal data law applies, data can be transferred to third parties in Turkey without the explicit consent of the person.
  3. 8.1.3. The relevant department processing the transfer is responsible to ensure compliance with the obligations to be abided when transferring personal data within Turkey.

 

 

 

  1. 8.2 Transfer to Third Parties Abroad

 

  1. 8.2.1. Regarding the transfer of personal data abroad, the explicit consent of the data owner is required in accordance with Article 9 of the PDPL.
  2. 8.2.2. But, in case of presence of conditions which permit processing of personal data including sensitive personal data without explicit consent of the data owner, the personal data may be transferred abroad by Kosmos Visa Services Limited Company without seeking explicit consent of the data owner provided that adequate protection is available in the foreign country to which the personal data will be transferred.
  3. 8.2.3. If the transfer country is not designated by the Board among the countries with sufficient protection, Kosmos Visa Services Limited Company and the data officer/data processing person in the relevant country will undertake adequate protection in writing and obtain permission from the Board.

 

  1. 8.3. Transfer of Personal Health Data

 

  1. 8.3.1. Personal health data cannot be transferred to third parties without being anonymized, without being in compliance with the legislation, without obtaining the necessary permissions and approvals.
  2. 8.3.2. Personal data relating to health can be transferred to public institutions and organizations where protection of public health, preventive medicine, medical diagnosis, processing of treatment and care services are clearly envisaged within the framework of planning and management of health care services and by the Law.
  3. 8.3.3. In case of a compulsory transfer of personal health data, approval must be obtained from the legal department.
  4. 8.3.4. The relevant department is responsible for ensuring compliance with the obligations to be met during the transfer of health data.

 

  1. 9. RIGHTS OF PEOPLE CONCERNED

 

  1. 9.1. Kosmos Visa Services Limited Company will respond to the following requests of the relevant persons for whom it holds personal data within the periods specified in the law:

 

  1. 9.1.1. Information on whether their personal data is processed or not,
  2. 9.1.2. Knowledge of what personal data is processed,
  3. 9.1.3. Whether their personal data is transferred or not,
  4. 9.1.4. Information of third parties to whom personal data is transferred and of the contact persons of third parties,
  5. 9.1.5. The purpose of processing personal data,
  6. 9.1.6. Responding when a person asks for relevant personal data to be updated,
  7. 9.1.7. Request of anonymizing, deleting, or destroying of personal data,
  8. 9.1.8. Receive a copy of personal data from Kosmos Visa Services Limited Company

 

  1. 9.2. In cases where data owners think that Kosmos Visa Services Limited Company is not acting within the scope of this Policy when processing their data, and/or when they exercise their rights; they can contact the below PDPL Responsible of Kosmos Visa Services Limited Company by using their contact information. (At the same time they can apply via PDPL application form found on the internet site within the scopes of the rights set out above.)

 

PDPL Responsible:Kosmos Visa Services Limited Company

E-mail:

Address:

Phone:

 

  1. 10. CONFIDENTIALITY

 

All personal data processed in Kosmos Visa Services Limited Company, are confidential by law. Employees may carry out collection, processing, transfer, use, deletion, destruction, anonymization activities on personal data only within the authorization defined to them. Otherwise, employees are prohibited from carrying out these activities. In addition, employees may not use personal data for individual or commercial purposes.

  1. 11. SECURITY

 

The security of personal data is under the responsibility of the employee, the department and Kosmos Visa Services Limited respectively. Personal data must be protected against loss, unlawful processing, abuse, any processing by unauthorized persons. These security measures cover all personal and electronically stored personal data.

Kosmos Visa Services Limited Company takes technical and administrative measures according to technological facilities and implementation costs to ensure that personal data is processed lawfully.

 

  1. 11.1. Technical Measures Taken to Ensure the Legal Processing of Personal Data and Prevention of Unlawful Access to Personal Data.

 

 

Kosmos Visa Services Limited has taken all kinds of technical, technological security measures to protect your personal data and protects your personal data against possible risks. For Example;

  1. 11.1.1 Cyber security measures have been taken and its implementation is continuously monitored.
  2. 11.1.2 Licensed antivirus software is used and updates are made to ensure that information and information processing facilities are protected from malware.
  3. 11.1.3 Firewalls are used for information technology systems containing personal data to be protected from unauthorized access threats over the internet.
  4. 11.1.4 Employees are granted access authority to the extent necessary for their work and duties as well as their authorities and responsibilities. Entity owner users’ access rights are reviewed at regular intervals. Access rights of the files and folders which are in the file server/common area are periodically reviewed.
  5. 11.1.5 Authentication, encryption and network connectivity checks are performed for the security of network services.
  6. 11.1.6 Access logs are maintained regularly.
  7. 11.1.7 Patch management and software upgrades are in progress.
  8. 11.1.8 Personal data is backed up and the security of the backed up personal data is also ensured.
  9. 11.1.9 Encryption is performed for systems and applications.
  10. 11.1.10 Necessary physical security measures are taken for entering and exiting physical environments containing personal data and unauthorized entry and exit is prevented.
  11. 11.1.11 Security of physical environments containing personal data's security against external risks (electric leakage, fire, flood etc.) is provided.
  12. 11.1.12 Access to systems containing personal data is provided by means of using user name and password.
  13. 11.1.13 No Sensitive Personal Data Transfer is made through the network. Procedures for the management of sensitive personal data are available.
  14. 11.1.14 User authorizations of the software are carried out; security tests of this software are regularly performed/procured.
  15. 11.1.15 Security measures are taken within the scope of procurement, development and maintenance of new information technology systems and maintenance, development and improvement of existing systems.

 

  1. 11.2. Administrative Measures Taken to Ensure the Legal Processing of Personal Data and Prevention of Unlawful Access to Personal Data

 

  1. 11.2.1 A management framework is established within the institution to initiate and control information security operation and practices.

 

  1. a.A PDPL Committee and Contact Person are appointed and their job descriptions are defined.
  2. b.PDPL Application channels are determined.
  3. c.Violation, claim/complaint management workflows are identified.
  1. 11.2.2 Main principles, policies and procedures for the processing and protection of personal data are determined.

 

  1. a.Data Processing and Retention Policy is formed.
  2. b.A Policy on Processing and Protection of Personal Data is formed.
  3. c.Information Security Management Policy is formed.
  4. d.Sensitive Personal Data Security Policy is formed.

 

  1. 11.2.3. Existing risks and threats are identified within the scope of processed personal data.
  2. 11.2.4. Training and awareness-raising activities are being carried out for employees on personal data security.
  3. 11.2.5. Roles and responsibilities and job descriptions related to data security have been determined in order to ensure that employees and contractors are aware of and fulfil their information security responsibilities.
  4. 11.2.6. There is a disciplinary process in place for employees if they do not comply with the security policies, principles and procedures.
  5. 11.2.7. Confidentiality commitments are made.
  6. 11.2.8. Clarification text is published for the employees, customers, suppliers, etc.
  7. 11.2.9. Processes that require explicit consent are identified and implemented.
  8. 11.2.10. Internal periodic and/or spot checks are conducted and are being conducted. Confidentiality and security vulnerabilities are eliminated according to the results of the audits.
  9. 11.2.11. It is evaluated whether there is a need for personal data for the purpose of processing and personal data are reduced as much as possible.
  10. 11.2.12. In the event of the data being attained by others via illegal means, necessary measures are taken by the employees to inform the relevant person and the Board as soon as possible.

 

 

 

  1. 11.3. Measures to be Taken in Case of Unlawful Disclosure of Personal Data


In the event that the processed personal data is obtained by others by illegal means, Our Company will notify the relevant data owner and the Board as soon as possible (maximum 72 hours).

 

  1. 12. PERSONAL DATA PROCESSING ACTIVITIES AT ENTRANCES AND WITHIN THE BUILDING

 

  1. 12.1. In order for Kosmos Visa Services Limited Company to ensure security, Kosmos Visa Services Limited Company is engaged in personal data processing with security camera monitoring and monitoring of guest entrances and exits.
  2. 12.2. Personal data processing activities are performed by Kosmos Visa Services Limited Company by means of security cameras and by recording guest entrances and exits.
  3. 12.3. Within the scope of monitoring by means of security camera, Kosmos Visa Services Limited Company aims to protect the interests of the company and other persons in ensuring their safety.
  4. 12.4. This monitoring activity is carried out in accordance with the Law on PDPL and Private Security Services and related legislation.
  5. 12.5. In this context, the information that camera monitoring is performed is announced to all employees and visitors and people are enlightened. Notification letters are posted at the entrances of the monitored areas.
  6. 12.6. In accordance with Article 12 of the PDP Law, necessary technical and administrative measures are taken by Kosmos Visa Services Limited Company to ensure the security of personal data obtained from camera monitoring.

 

  1. 13. MONITORING VISITOR ENTRANCE AND EXITS WITHIN THE MANAGEMENT BUILDING, AND THE ESTABLISHMENT ENTRANCES AND IN THE ESTABLISHMENT

 

  1. 13.1. For the purpose of ensuring security and other purposes specified in this Policy, personal data processing activities are followed by Kosmos Visa Services Limited Company at Kosmos Visa Services Limited's premises for the monitoring of guest entrances and exits.
  2. 13.2. Personal data owners are enlightened whilst identity data of persons coming to Kosmos Visa Services Limited premises as a guest are obtained or are presented to the access of guests via texts that are hung in Kosmos Visa Services Company or by other means.
  3. 13.3. The data obtained for the purpose of guest entry-exit tracking are processed only for this purpose and the related personal data are recorded to the data recording system in physical environment.
  4. 13.4. Imaging is not performed in areas where privacy is high.

 

 

  1. 14. STORAGE OF RECORDS FOR INTERNET ACCESS OFFERED TO OUR GUESTS WITHIN THE PREMISES OF KOSMOS VISA SERVICES LIMITED COMPANY

 

Aiming to ensure security by Kosmos Visa Services Limited and other purposes specified in this Policy, internet access can be provided by Kosmos Visa Services Limited Company to visitors who request it during their stay in our buildings and facilities. In this case, log records of your internet access are kept in accordance with the provisions of the Law No. 5651 and the provisions of the legislation regulated in accordance with this Law; these records can only be requested by authorized public institutions and organizations or are processed with the aim to fulfil our legal obligation during audit processes to be performed within Kosmos Visa Services Limited Company.

 

  1.  15. CONDITIONS OF DESTRUCTION OF THE PERSONAL DATA (DELETION, DESTRUCTION AND ANONYMISING)

 

Pursuant to Article 7 of PDP Law No. 138 of the Turkish Penal Code, and according to “regulations about Deletion, Elimination and Anonymization of Personal Data''; personal data is deleted, destroyed or made anonymous based upon own discretion of Kosmos Visa Services Limited Company or at the request of the personal data owner, if the reasons that require processing cease to exist even though data is processed in accordance within the provisions of the law. Kosmos Visa Services Limited Company has created a Policy in accordance with the provisions of the regulation on this subject, and pursuant to this Policy destruction is being carried out according to the nature of the data. In accordance with this regulation, periodic destruction dates are determined, and with the commencement of the obligation a calendar for periodic destruction has been created at various intervals by Kosmos Visa Services Limited Company.

 

  1. 16. INFRINGEMENT CASES

 

Each employee working for Kosmos Visa Services Limited Company is obliged to inform an action or event he/she thinks is incompatible with the restrictions mentioned in Personal Data Protection Law No. 6698 and within the scope of this Policy to the department managers.

 

As a result of notifications made, and considering the legislation, the PDPL committee of Kosmos Visa Services Limited Company is obliged to inform the relevant person or authorized institution (PDPL) regarding the infringement acts or incidents.

 

  1. 17. RESPONSIBILITIES

 

The hierarchies of responsibilities within Kosmos Visa Services Limited are employee, and department respectively. In this context;

 

  1. 17.1. Employees are responsible for all personal data located within their work area, whether printed or computerized, and shall comply with the terms set forth in the law and this Policy in any processing of this data.
  2. 17.2. Department managers are responsible for all personal data processed by employees within their departments, whether printed or computerized, and guarantee that the department operates in accordance with the provisions of the law and this Policy for any processing of this data.
  3. 17.3. Department managers will contribute to the implementation of this Policy in their respective departments by conducting checks and audits.
  4. 17.4. Manager employees are responsible for personal data processing within their area and shall ensure that personal data is processed in accordance with the law and this Policy.
  5. 17.5. Departments are obliged to inform the PDPL Committee of Visa Services Limited Company in all the cases of new data processing, data deletion, uncertainty and the like.

 

  1. 18. EXECUTIVE POWER

 

In the implementation of this Policy, Kosmos Visa Services Limited has established a management structure to ensure compliance with the regulations of the PDP Law and the enforcement of the Standard for the Protection and Processing of Personal Data.

 

Within the Kosmos Visa Services Limited Company, in accordance with the decision of the top management of the company a Personal Data Protection Committee (“Committee”) is established to manage the Policy herein and other Policies linked to and associated with this Policy.

 

  1. 19. EFFECTIVE DATE OF POLICY

 

This Policy came into force on 23 September 2019.