Page 1

PERSONAL DATA
RELATED TO PROCESSING
BASIC PRINCIPLES

Page 3
2

I. In General
It has been accepted in international documents and many countries
to the processing of personal data reflected in the application
There are basic principles regarding 4 of the Law.
The procedure for the processing of personal data and
The principles are in accordance with Convention No. 108 and European No. 95/46/EC.
It was arranged in parallel with the Union Directive. This
by; considered in the processing of personal data in the law.
The general (basic) principles are:
• Compliance with the law and honesty rules,
• Being accurate and up-to-date when necessary,
• Processing for specific, explicit and legitimate purposes,
• Being connected, limited and restrained with the purpose for which they are processed,
• For the purpose stipulated in the relevant legislation or for which they are processed.
maintained for as long as necessary.
Principles regarding the processing of personal data
should be at the core of data processing activities and
personal data processing activities in accordance with these principles
should be carried out.

one

Page 4

A) Law and Integrity
Principle of Compliance with the Rules
Compliance with the law and the rule of honesty, personal
in the processing of data by laws and other legal
act in accordance with the principles established by the regulations
signifies the obligation to do so. Honesty
In accordance with the principle of compliance with the rule, the data controller
persons concerned while trying to achieve their objectives in processing.
should take into account their interests and reasonable expectations. About
one does not expect and does not have to wait
act in a way that prevents consequences from occurring
it has to. In accordance with the principle, also for the person concerned
that the data processing activity in question is transparent and
information and warning obligations of the responsible person
must act appropriately.
The principle of being in compliance with the law and the rule of honesty, other
principles are also inclusive. to the law
compliance with legal norms in general and universal
compliance with legal principles. compliance with the law
The scope is broad, including regulatory compliance.
For example, an illegal practice can also
entails illegality.

2nd

Page 5

Compliance with the rules of honesty is in our law, Civil
The honesty rule regulated in Article 2 of the Law,
personal data is not violated while processing. This principle is personal
regarding the non-abuse of the right while processing the data.
requires compliance with the law. Honesty
the rule of trust, while using the rights of individuals,
as expected of an appropriate and reasonable person
means to behave. The limits of the honesty rule,
expected from an objective person in every concrete case
is determined by the behavior, the subjective situation of the people is taken into consideration.
is not taken into account. There is a violation of the rule of honesty
in cases where it is possible, the person uses his right and
acting within its limits, but contrary to the purpose of the right
the way it moves.
Honesty in terms of protection of personal data
rule, it is necessary for individuals to process data themselves.
based on the rules of law that authorizes or orders
for the purpose of this rule of law in their acts
processing the least possible amount of data,
not acting in a way that people cannot foresee
require such behavior.
interests of data controllers, data subjects and reasonable
take into account their expectations, the honesty rule
is required. private person without justification
data in a way that violates the privacy and dignity of your life.

3

Page 6

processing will undoubtedly constitute a violation of this principle.
For example, within the framework of privacy, reasonable
requesting or requesting data that is not
against the rules of honesty by the data controller
processing is against this principle.
Integrity rule, through other principles of data protection
embodied with. Without complying with these principles, the data
processing is in accordance with the rule of honesty and therefore law.
will be contrary to data processing.
For example, deletion of personal data before a legal entity
technical storage and protection of data
and by those responsible for its backup
Although access to data is possible,
storage of data within the said legal entity,
the number of persons responsible for the protection and backup
in the event that it is determined more than necessary, by these persons
providing access to deleted personal data integrity
would violate the rule.
Whether this principle is applicable
Within the scope of the fundamental rights and freedoms regime of the Constitution
must be evaluated. Processing of personal data,
means an interference with a person's fundamental rights.
and that this interference is considered fair and lawful.
fundamental rights and freedoms of the Constitution.

4

Page 7

comply with the restrictions
mandatory. Emphasis on legality
One of the most important points that needs to be
means the legal system. The law of a data processing
authorized, even commanded, by
presumed that it is lawful.

B) Correctly and When Necessary
Up-to-Date Principle
Importance of accuracy and timeliness of personal data
With this principle emphasizing this, the relevant person stipulated in the Law,
the right to request correction of data is compatible.
Keeping personal data accurate and up-to-date,
relevant as well as in the interest of the data controller.
for the protection of the fundamental rights and freedoms of the individual.
is also necessary. Personal data is accurate and necessary
active care to ensure that it is up to date
obligation; data controller based on this data
if it reveals a result about the person concerned
applies (for example, lending transactions). Except this
The data controller always provides the information of the person concerned correctly and
It should keep the channels open to ensure that it is up to date.

5

Page 8

Personal information that is out of date or incorrectly maintained
material and moral damage due to data
possible. For example, a data controller
phone number registered in the system is not correct
or is no longer used by the person concerned, o
erroneous because it does not reflect real data about the person.
can cause results. Again,
the address information of a person registered incorrectly belongs to himself
failure to receive notifications in a timely manner or to the wrong person
In case of notification, the person concerned is material and moral.
may be harmed. This principle protects the rights of the person concerned.
as well as for the interests of the data controller.
In order to keep personal data accurate and up-to-date;
The sources from which personal data are obtained must be specific, personal data
The accuracy of the source from which the data is collected should be tested,
Requests due to inaccuracy of personal data
should be taken into account and
precautions should be taken.

6

Page 9

C) Specific, Clear and Legitimate
Principle of Processing for Purposes
The purposes of processing personal data are specific, legitimate and clear.
the principle of being;
• Personal data processing activities by the person concerned.
be clearly understandable,
• Which legal process of personal data processing activities
ascertained based on the condition
to be made,
• Personal data processing activity and this activity
will provide clarity of purpose
to be presented in detail
provides.
This policy clearly states the data processing purpose of the data controller.
and precisely determine and that this purpose is legitimate
makes it mandatory. data controllers,
data for other purposes other than the purposes they have indicated to the person
their responsibilities due to these acts.
will arise. If the purpose is legitimate, the data controller

7

Page 10

the data he processes, the work he has done or presented
means that it is connected to and necessary for the service.
is coming. For example, a clothing store
legitimate purpose for customers to process name-surname information
It is legitimate to carry the mother's maiden name while
will not be considered within the scope of the purpose.
Only the data controller for the purposes of processing personal data
known or predictable in terms of
is against the principle. In this respect, the purposes of personal data processing
in the legal proceedings and texts (explicit consent,
lighting, answering the applications of the person concerned, data
specificity and clarity
should be sensitive in compliance with the principle of technical-legal
The use of terminology should be avoided. On this basis
compliance, as well as compliance with the principle of honesty
also important in terms of

8

Page 11

D) For The Purpose For Which They Are Processed
Connected, Limited and Metered
Principle of Being
processed

data

determined

your goals

to be feasible, the purpose
not related to the realization or need
avoiding the processing of unheard personal data
requires. Again, the later emergence
to meet the potential needs
data should not be processed. because it is probable
data processing for needs, a new data processing
means activity. In this case, 5 of the Act.
Processing of personal data regulated in Article
one of the conditions must be met. also
data processed only for the realization of the purpose
will be limited to the personal data required. Goal
data processing other than necessary for
would violate the principle. The important thing here is
providing sufficient data to achieve the objective
not necessary for any other purpose
avoiding data processing. not available and
personal use for intended purposes
data should not be collected or processed.

9

Page 12

The principle of proportionality, realization with data processing
Striking a reasonable balance between the desired goal
means. That is, the purpose of data processing
means to make it happen. For example, credit
social life and social life of the person applying for the card.
information about their preferences for social activities
request is contrary to the principle of proportionality.
will be able to.

D) Envisioned in the Related Legislation
or For The Purpose For Which They Are Processed
As Long as Required
Principle of Conservation
As a requirement of the "limitation of purpose principle" of personal data
in accordance with the time required for the purpose for which they are processed.
must be preserved. In this regard, the data controller,
responsible for taking administrative and technical measures. of the law
As stated in Article 12, the data controller; personal
to prevent unlawful processing of data,
to prevent unlawful access to data, and
appropriate for the protection of personal data.
all necessary measures to ensure the level of security
must take technical and administrative measures.

10

Page 13

In this regard, the data controller, personal data storage
and disposal policy and principles, storage
durations and the technical and
to determine administrative measures and to protect personal data on these principles.
responsible for its proper preservation.
Purpose limitation principle for the storage of personal data
storage determined by the data controller in accordance with
as well as the relevant periods to which the data controller is subject.
Storage periods determined within the scope of the legislation
available. According to this; data controllers, relevant personal data
If there is a period stipulated in the legislation for
will; if such a period is not foreseen,
only for as long as is necessary for the purpose for which they are processed.
will be able to store it. For further data storage
if there is no valid reason, that data will be deleted,
will be destroyed or anonymized. In the future
reusable or any
retention of personal data for other reasons
will not be able to go his way.
In addition, the data controller, pursuant to Article 16 of the Law,
Processing of personal data when applying for registration
Data Controllers Registry for the maximum time required for the purpose
Considering Article 9 of the Regulation on
detecting and reporting this period
has to.

11th

Page 14

Data notified to the Registry by the data controller
processing purposes of the categories and
maximum storage required for their processing as
The duration of the expiry and the periods stipulated in the legislation are different.
may be. In this case, maximum protection in the legislation
If a period of time is foreseen, this period is foreseen; or
this category of data based on the longest
Notification is made to Sicily.
It should be noted here that the legislation
made in order to comply with these periods stipulated in the scope of
storage activities determined by the data controller
exceeds their retention period, these activities are only
fulfilling the obligations laid down in the legislation
should be conducted as a limited storage and processing activity.
In accordance with the legal obligations of the data controller
the periods stipulated within the scope of the legislation to which it is subject,
and the retention periods determined by the data controller.
In case of exceeding the personal data data controller
deleted, destroyed or anonymized by
must be brought.

12

Page 16
15

Nasuh Akar Mah. 1407. Street No:4 06520
Balgat-Çankaya/Ankara // www.kvkk.gov.tr
Tel: 0 (312) 216 50 50 // Fax: 0(312) 216 50 52

