Policy on the Protection and Processing of Personal Data

1. Purpose and Scope

The Personal Data Protection Law No. 6698 ("the Law") came into effect on April 7, 2016. This Policy on the Protection and Processing of Personal Data ("Policy") of Hatay Psychologists Association ("the Association") aims to ensure compliance with the Law and to establish the principles and procedures to be followed for the protection and processing of personal data by the Association. This Policy sets out the conditions and fundamental principles for the processing of personal data by the Association. The Association conducts all its activities in compliance with this Policy. This Policy covers all personal data other than those of the Association’s employees. The processing of employee data is regulated through a separate information notice.

2. Enforcement and Amendments

The Policy has been made public by being published on the Association's website. The right to make changes to the Policy in line with legal regulations is reserved.

3. Personal Data Processing Activities

Data subjects covered by this Policy include all real persons whose personal data are processed by the Association, excluding employees. These include individual association members, visitors to the association premises or website, job applicants, applicants to and recipients of services from the association, and all other real persons.

• Purposes of Personal Data Processing The Association may process personal data for the following purposes in accordance with the Law: a) Management of Sponsorship and Grant Processes: Execution of sponsorship and grant activities.
  b) Conducting Activities: Event management, business continuity, and information security processes. c) Human Resources Management: Recruitment and human resources processes. d) Legal and Security Purposes: Tracking legal claims and occupational health and safety procedures. e) Promotion and Communication: Planning the Association’s promotional activities.
• Categories of Personal Data The categories of personal data processed by the Association include:
  1. Identity Information (e.g., ID card, passport details)
  2. Contact Information (e.g., phone number, address, email)
  3. Physical Security Information (e.g., camera recordings, fingerprints)
  4. Financial Information
  5. Candidate Employee Information (e.g., job application data)
  6. Legal and Compliance Information (e.g., legal claims, debts, compliance procedures)
  7. Special Category Data (e.g., health-related sensitive data)
  8. Request/Complaint Management Data (e.g., information related to requests and complaints)
• Conditions for Processing Personal Data

The Association processes personal data under the following conditions: a) Explicit Consent of Data Subjects: Consent is obtained for processing personal data. b) Other Conditions Prescribed by Law: Personal data may be processed without consent within the scope of legal obligations and requirements.

1. Data Sharing

The Association may share personal data only in accordance with the Law and when necessary, with third parties with whom cooperation is established. Data sharing is limited to the necessary data only, and the rights of data subjects are protected. The Association may share personal data with the following:

1. a) Authorized public institutions and private entities (for legal obligations)
2. b) Suppliers, service providers, software companies
3. c) Financial institutions and banks (for payments and transactions)
4. d) Project partners or any cooperating organizations and institutions
5. Data Protection and Security

The Association takes necessary technical and administrative security measures to ensure the protection of personal data. These measures aim to prevent data loss, unauthorized access, and unlawful processing; security vulnerabilities are regularly evaluated. Personal data are stored only for the legally required periods. At the end of this period, data are either destroyed or anonymized.

6. Rights of Data Subjects

Data subjects have the following rights: a) To learn whether their personal data are being processed b) To request information regarding the processed data c) To request the correction of data d) To request the deletion or anonymization of data e) To object to data processing activities Data subjects may contact the Association to exercise these rights.

7. Implementation and Review of the Policy

This Policy is implemented by relevant departments and managers designated by the Association. The Association is responsible for taking all necessary legal and administrative measures for the protection of personal data. The Policy may be updated in parallel with legal regulations and technological developments. The updated version of the Policy will be published on the Association’s website and/or social media platforms and communicated to all relevant parties.