HUMAN RESOURCES, FOR INFORMATION PROCESSING

IN PROTECTION OF PERSONAL DATA

LIST OF THINGS TO BE CONSIDERED

1. Be sure to inform the employee candidate who is applying for a job! He/She Should Be Made to Read the Clarification and Information Text.

1.1. Resume and CV samples containing the candidate's personal information and the personal data attached are among the data that must be taken into consideration within the scope of the Personal Data Protection Law No. 6698 (KVKK) and its relevant legislation.

1.2. How long the data collected from employee candidates will be kept in the company database, to whom it will be transferred, and when it will be destroyed or anonymized should be shared with the candidate in detail.

2. Resume information, CV samples and information and documents submitted should be stored under safe conditions.

2.1. Storage conditions of application documents (digital or physical) must be protected against any physical office accident or cyber attack in electronic environment. If the information is in the physical environment, it should be stored in locked cabinets that cannot be accessed by anyone other than the relevant officer, and if it is in the digital environment, it should be stored in ways where the necessary IT solutions have been designed against cyber attacks.

3. It must be ensured that the references given in the application form or CVs received are approved.

3.1. For application forms or CVs containing reference information, the candidate must also obtain consent from the person he or she refers to. In order to do this, the CV owner can create an approval process through digital environments or submit this declaration to the institution to which he/she is applying through a written form during the interview.

4. The content of the personnel file should be harmonized with the KVKK legislation.

4.1.According to the KVKK, if health information or criminal records included in special personal data are requested from the candidate, the storage conditions must comply with the KVKK processes.

5. Be sure to add a KVKK clause to employee contracts!

5.1. You must convey your employees' rights regarding KVKK in printed or digital media. You can definitely add a clause to your employment contracts stating that your employee has obtained and accepted the KVKK procedure you have submitted.

6. Don't forget to get approval before sharing your employees' photos!

6.1.Sharing employee photos without permission on social media accounts, website, digital or printed media is considered a reason for violation. Approval must be obtained from the employee beforehand.

7. Care should be taken when positioning security cameras!

7.1. In case of recording with security cameras in common areas and work offices; Care should be taken to position the angles of the cameras in a way that does not interfere with the employee's private life.

7.2. Care should be taken not to place the camera in a way that directly views the employees' screens. Visual lighting icons and directions should be placed to let them know that there are security cameras inside the company and outdoors.

8. In Personnel Attendance Control Systems (PDKS) and security solutions to be implemented, care should be taken not to scan biometric data such as fingerprints, palm prints, facial recognition or eye retina. If these systems are used, explicit consent must be obtained from the relevant person.

8.1. You can produce alternative solutions to biometric fingerprint or other biometric data in the security solutions you use at company entrances and exits. For example, systems that can load the employee's ID and perform contactless transition, card pass systems can be a solution to this problem.

9. Risk analyzes regarding data security should be made by the IT unit/department.

10. It is necessary to take precautions regarding the storage conditions and data security of personal data stored in electronic media. For this reason, the IT unit/department should be ensured to take the necessary technical measures against possible cyber attacks.