Last Update Date: 18.01.2021
NARKASA SOFTWARE TRADE CORPORATION
THE PROCESSING AND PROTECTION OF PERSONAL DATA POLICY
A-) Introduction
The right to the protection of personal data is accepted as a basic human right in many international texts and the Constitution of the Republic of Turkey. This right also covers the protection of personal data, receiving information, accessing these data, requesting their correction or deletion and getting informed about whether they are used for their purposes.
Narkasa Software Trade Corporation (Bybit Türkiye) carefully observes the right to protect your personal data when processing them.
B-) Scope and purpose
This ‘Processing and Protection of Personal Data Policy’ (POLICY) has been drafted to provide information about the collection, processing, transfer and protection of personal data of visitors of the Bybit Türkiye website and mobile applications under the domain name https://bybit-tr.com or subdomains connected to this domain, users who open an account, persons who contact Bybit Türkiye physically or electronically and provide information, Bybit Türkiye employees, shareholders, officials, current and potential business partners in accordance with the Personal Data Protection Code No. 6698, European Union General Data Protection Regulation (GDPR) provisions and regulations and legal regulations of the country to which the person is subject.
This POLICY forms an integral part of the user agreement concluded between Bybit Türkiye and the user who opened an account with the Bybit Türkiye platform.
Users who open an account through Bybit Türkiye's website and mobile applications must state that they have read and accepted the "Clarification Document" drafted within the scope of this POLICY.
In addition, this POLICY also includes the "Cookie Policy" of Bybit Türkiye.
Bybit Türkiye reserves the right to adjust and update this POLICY at any time in order to comply with legislative changes or adapt to new requirements.
C-) DEFINITIONS
Express consent: Informed consent on a specific subject which is announced freely,
Anonymization: Making personal data unable to be associated with an identified or identifiable natural person under any circumstances, even if they are matched with other data,
Person involved: Natural person whose personal data are processed,
Code: The Personal Data Protection Code No. 6698,
Personal data: All types of information about an identified or identifiable natural person,
Processing personal data: the fully or partially automated or non-automated acquisition, recording, storage, safekeeping, modification, reorganization, disclosure, transfer, receiving, making ready for acquisition, classification, or the prevention of use of personal data and all types of actions taken on such data for the purposes of making them part of a data registration system.
Anonymization of personal data: the rendering of personal data in such a manner that they cannot be associated with an identified or identifiable natural person under any circumstances, even if they are matched with other data.
Deletion of personal data: the process of making personal data inaccessible and unavailable in any way for relevant users.
Destroying personal data: the process of making personal data inaccessible, unrecoverable and unavailable
Committee: The Committee for the Protection of Personal Data
Institution: The Institution for the Protection of Personal Data
Data processor : A natural or legal person who processes personal data based on the authority given by the data officer on his behalf,
Data registration system: A registration system where personal data is processed according to certain criteria,
Data officer: The natural or legal person who determines the objectives and means of processing personal data and is responsible for the establishment and management of the data registration system,
D-) EXPLANATIONS ON SOME BASIC CONCEPTS
1-) Express Consent
According to both the Law and many international regulations, personal data can be processed with the "express consent" of the person. Express consent is valid if it is related to a certain subject, the consent is informed and is freely stated by the person involved.
Bybit Türkiye seeks the "express consent" of the person involved according to the category of personal data to be processed.
2-) Personal Data
Any information that makes a real person specific or identifiable is considered to be personal data. In other words, personal data give information about the personal, professional, family, economic, cultural, social and psychological characteristics of a person and make that person identifiable and distinguishable from other people. In this context, for example, the person's name, surname, date of birth, place of birth, identity, passport, tax, social security number and phone number, vehicle license plate, CV, photo, image and sound records, fingerprints, genetic information, IP addresses of the devices used, location information, registry records and similar information are also considered as personal data.
The categories of personal data processed by Bybit Türkiye are stated below.
3-) The data controller
The data controller, who is defined and processes personal data within the scope of this policy is Narkasa Software Trades Corporation (“Bybit Türkiye”), which is registered at the Chamber of Commerce of Istanbul under number 184965-5 and Central Civil Registration System number 0629108212100001.
The contact information of Bybit Türkiye can be found below:
Address (Headquarters): Huzur Mahallesi Maslak Ayazağa Caddesi No:4 H/201 Sarıyer/İstanbul
KEP Address : narkasa@hs01.kep.tr
e-mail : destek@narkasa.com / kisiselveri@narkasa.com
E-) Basic principles regarding the processing of personal data
In the processing of personal data Bybit Türkiye acts in accordance with the basic principles set forth in many national and international legal regulations, as well as set forth in the code on the processing and protection of personal data with number 6698 and the European Union General Data Protection Regulation (GDPR).
These principles are listed below:
- The principle of acting in accordance with the law and good faith in the processing of personal data
- The principle of keeping personal data accurate and up to date when necessary.
- The principle of processing personal data for specific, explicit and legitimate purposes.
- The principle of processing personal data linked to the purpose for which they are processed in a limited and proportional fashion.
- The principle of keeping personal data for the period stipulated in the relevant legislation or for the purpose for which it is processed.
F-) Conditions for processing personal data (legal basis)
The conditions for the processing of personal data or the ‘legal basis’ thereof are explained below. Personal data may be processed in the event that at least one of these conditions is present.
There may be more than one personal data processing requirement for the purpose of personal data processing. For example, personal data which are processed to keep the personal file of the employee (legal basis) are also deemed necessary for the execution of the contract and the fulfillment of legal obligations.
Bybit Türkiye processes personal data under the following conditions (legal basis).
1-) Express Consent of the Person involved (Express Consent)
As a rule the express consent of the person involved is required in the processing of personal data but in the presence of at least one of the other conditions listed below, personal data may also be processed without the express consent of the person involved.
For this reason, it is necessary to determine whether the purpose of processing personal data is based on one of the processing conditions other than express consent. Only in the case that this purpose does not meet at least one of the processing conditions other than express consent, the express consent of the person involved must be obtained.
2-) Conditions for Processing Personal Data for which the Express Consent of the Person is not Required
a-) Clearly Stipulated in the law (legal Provision)
If there is a clear provision in the law or in secondary regulations based on the law (such as directives etc.) stating that personal data can be processed, personal data may be processed based on this provision. For example, according to labor law, the data controller as an employer must keep a personal file for each employee. In this context, the personal data are processed on the condition that it is clearly stipulated in the law.
b-) Actual Impossibility
Personal data of the person involved may be processed in cases where it is necessary for the protection of his or someone else’s life or bodily integrity shen the person is unable to disclose his consent due to actual impossibility or whose consent is not legally valid. An example is using the mobile phone belonging to an unconscious victim of a traffic accident to contact his relatives.
c-) Required for the Establishment or Execution of the Contract (Execution of the Contract)
Provided that it is directly related to the establishment or execution of a contract, personal data of the parties to the contract may be processed for this purpose when deemed necessary. For example; obtaining the bank account information of the recipient in order to make a payment to the creditor on the basis of a contract.
d-) Mandatory for the Data Controller to Fulfill his Legal Obligation (Legal Liability)
In cases where data processing is mandatory for the data controller in the fulfillment of his legal obligation, the personal data of the person involved may be processed. For example, submitting invoices of customers as part of a tax audit.
e-) Having Personal Data published by the Person involved (Publicly available)
Personal data that have been made public by the person involved or in other words disclosed to the public in any way may be processed. For example when employees share their phone and e-mail addresses for communication purposes on a website.
F-) When Processing Personal Data is Mandatory for Establishing, Exercising or Protecting a Right (Establishment, Protection, Exercise of a Right)
If it is necessary for the establishment, exercise or protection of a right, the personal data of the person involved may be processed. For example, in a lawsuit filed by the employee against the company, the personal data of the employee are submitted to the court or information such as a contract or invoice belonging to a customer are stored for the duration of the statute of limitation.
g-) Requirement of Data Processing for the Legitimate Interests of the Data Controller, Provided that it does not harm the Fundamental Rights and Freedoms of the Person involved (Legitimate Interest)
Provided that the fundamental rights and freedoms of the person involved, are not harmed, the data can be processed when necessary for the legitimate interests of the data controller. For example, the processing of employee data to regulate employee personal status is in the legitimate interest of the company owner.
Also, the legitimate interest clause is not a condition that can be used in all cases in which other conditions cannot be applied.
G-) TERMS OF PROCESSING DATA OF AN EXCEPTIONAL NATURE
Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing and attire, association, foundation or union membership, health, sexual life, criminal conviction and security measures and biometric and genetic data are data of an ‘exceptional nature.’
It is forbidden to process data of an ‘exceptional nature’ without the express consent of the person involved. However, personal data other than concerning health and sexual life can be processed without the express consent of the person concerned in situations stipulated by the law. Personal data relating to health and sexual life, on the other hand, can only be processed by persons under the obligation of professional secrecy or authorized institutions and organizations for the purpose of protecting public health, conducting preventive medical services, medical diagnosis, treatment and healthcare services, planning and managing health services and financing, without seeking the express consent of the person involved.
Bybit Türkiye acts in accordance with the abovementioned conditions in the processing of personal data of an ‘exceptional nature.
H- PERSONAL DATA WHICH ARE PROCESSED BY Bybit Türkiye, THE PROCESSING PURPOSES AND CONDITIONS
a-) Personal data which are processed
All personal data processed by Bybit Türkiye acting in the capacity of data controller are listed below by category, scope and type:
Data Category | Scope | Type | |
1 | Identification | Name, last name, name of mother-father, date of birth, place of birth, nationality, marital status, identification serial number, identity number, other information on the identity card/document or passport or an internationally valid driver’s license, photograph confirming the identity etc. | Personal data |
2 | Contact | Address (work or home address), residence document confirming the address, utilities invoice and similar documents, phone number, e-mail address, registered e-mail address (KEP) etc. | Personal data |
3 | Employment | Payroll information, disciplinary investigations, employment registration, CV information, performance evaluation reports etc. | Personal data |
4 | Legal processes | Information in correspondence with judicial institutions, documents in case files etc. | Personal data |
5 | Customer processe | Account settings of users who have opened an account through the website and mobile application, call and support center records, invoice and receipt information, transactions performed by the user with the cryptocurrency wallet etc. | Personal data |
6 | Physical location security | Employee and visitor entrance and exit records, camera records etc. | Personal data |
7 | Process security | IP address information, operating system, network system, browser type and settings, computer and mobile device information, website and mobile application login and logout information etc. | Personal data |
8 | Finance | Balance sheet information, financial performance information, credit and risk information, asset information, bank, electronic money or intermediary financial institution account information, bank, electronic money or intermediary financial institution name, IBAN and account number, swift information, receipt information, invoice information, payment methods (cash, credit card, etc.) etc. | Personal data |
9 | Professional experience | Diploma information, courses attended, professional training information, certificates etc. | Personal data |
10 | Marketing | Historic information on website and mobile application visits, survey information, cookie records, information obtained through campaigns, website and mobile applications usage habits etc. | Personal data |
11 | Audio and visual records | Visual and audio recordings (photo, video, sound recordings) etc. | Personal data |
b-) Purpose and conditions of processing personal data (legal basis)
The purposes and the conditions (legal basis) of personal data processed by Bybit Türkiye acting in the capacity of data controller are listed in the table below:
Data category | Processing purpose | Processing conditions (Legal basis) |
|
1 | Identity | Execution of emergency management processes Execution of information security processes Conducting employee candidate / intern / student selection and placement processes Conducting the application processes of candidates Execution of employee satisfaction and loyalty processes Fulfillment of obligations arising from employment contracts and legislation Execution of processes regarding additional rights and benefits for employees Conducting audit/ ethical activities Carrying out training activities Execution of access rights Carrying out activities in accordance with the legislation Managing finance and accounting Managing loyalty processes to the company / products / services Ensuring the security of physical locations Managing assignment processes Following up and executing legal affairs Conducting internal audit / investigation / intelligence activities Conducting communication activities Planning human resources processes Execution / inspection of business activities Carrying out occupational health / safety activities Receiving and evaluating suggestions for the improvement of business processes Carrying out activities to ensure business continuity Execution of goods / service purchasing processes Carrying out after-sales support services for goods / services Execution of goods / service sales processes Carrying out the production and operation processes of goods / services Execution of customer relationship management processes Carrying out customer satisfaction activities Organization and event management Conducting marketing analysis studies Conducting performance evaluation processes Sending mail and cargo Execution of advertisement / campaign / promotion processes Execution of risk management processes Managing storage and archive activities Conducting activities with regard to social responsibility and civil organisations Managing contract processes Conducting sponsorship activities Carrying out strategic planning activities Following up on requests / complaints Ensuring the security of assets and resources Execution of wage policies Carrying out marketing processes for products / services Ensuring the security of data controller operations Conducting talent / career development activities Giving information to authorized persons, institutions and organizations Carrying out management activities |
Express Consent Legal Provision Execution of the Contract Legal Liability Establishment, Protection and Use of Rights Legitimate Interest |
2 | Contact | Execution of emergency management processes Execution of information security processes Conducting employee candidate / intern / student selection and placement processes Conducting the application processes of candidates Execution of employee satisfaction and loyalty processes Fulfillment of obligations arising from employment contracts and legislation Execution of processes regarding additional rights and benefits for employees Conducting audit/ ethical activities Carrying out training activities Execution of access rights Carrying out activities in accordance with the legislation Managing finance and accounting Managing loyalty processes to the company / products / services Managing assignment processes Following up and executing legal affairs Conducting internal audit / investigation / intelligence activities Conducting communication activities Planning human resources processes Execution / inspection of business activities Carrying out occupational health / safety activities Receiving and evaluating suggestions for the improvement of business processes Carrying out activities to ensure business continuity Execution of goods / service purchasing processes Carrying out after-sales support services for goods / services Execution of goods / service sales processes Carrying out the production and operation processes of goods / services Execution of customer relationship management processes Carrying out customer satisfaction activities Organization and event management Carrying out marketing analysis activities Conducting performance evaluation processes Sending mail and cargo Execution of advertisement / campaign / promotion processes Execution of risk management processes Managing storage and archive activities Conducting activities with regard to social responsibility and civil organisations Managing contract processes Conducting sponsorship activities Carrying out strategic planning activities Following up on requests / complaints Ensuring the security of assets and resources Execution of wage policies Carrying out marketing processes for products / services Ensuring the security of data controller operations Conducting talent / career development activities Giving information to authorized persons, institutions and organizations Carrying out management activities |
Express Consent Legal Provision Execution of the Contract Legal Liability Establishment, Protection and Use of Rights Legitimate Interest |
3 | Employment | Conducting employee candidate / intern / student selection and placement processes Conducting the application processes of candidates Execution of employee satisfaction and loyalty processes Fulfillment of obligations arising from employment contracts and legislation Execution of processes regarding additional rights and benefits for employees Conducting audit/ ethical activities Carrying out training activities Carrying out activities in accordance with the legislation Managing assignment processes Following up and executing legal affairs Conducting internal audit / investigation / intelligence activities Conducting communication activities Planning human resources processes Execution / inspection of business activities Carrying out occupational health / safety activities Conducting performance evaluation processes Execution of risk management processes Managing contract processes Execution of wage policies Conducting talent / career development activities Giving information to authorized persons, institutions and organizations |
Legal Provision Execution of the Contract Legal Liability Establishment, Protection and Use of Rights Legitimate Interest |
4 | Legal processes | Carrying out activities in accordance with the legislation Following up and executing legal affairs Execution of risk management processes Managing contract processes |
Legal Provision Execution of the Contract Legal Liability Establishment, Protection and Use of Rights Legitimate Interest |
5 | Customer processes | Execution of information security processes Carrying out activities in accordance with the legislation Managing finance and accounting Following up and executing legal affairs Carrying out activities to ensure business continuity Execution of goods / service purchasing processes Carrying out after-sales support services for goods / services Execution of goods / service sales processes Carrying out the production and operation processes of goods / services Execution of customer relationship management processes Carrying out customer satisfaction activities Carrying out marketing analysis activities Execution of advertisement / campaign / promotion processes Execution of risk management processes Following up on requests / complaints Giving information to authorized persons, institutions and organizations |
Express Consent Legal Provision Execution of the Contract Legal Liability Establishment, Protection and Use of Rights Legitimate Interest |
6 | Physical location security | Execution of emergency management processes Execution of information security processes Fulfillment of obligations arising from employment contracts and legislation Execution of processes regarding additional rights and benefits for employees Conducting audit/ ethical activities Execution of access rights Ensuring the security of physical locations Following up and executing legal affairs Conducting internal audit / investigation / intelligence activities Execution / inspection of business activities Carrying out occupational health / safety activities Execution of risk management processes Ensuring the security of assets and resources Giving information to authorized persons, institutions and organizations Keeping and following up on records of visitors |
Legal Provision Execution of the Contract Legal Liability Establishment, Protection and Use of Rights Legitimate Interest |
7 | Security of processes | Execution of information security processes Fulfillment of obligations arising from employment contracts and legislation Execution of processes regarding additional rights and benefits for employees Execution of access rights Carrying out activities in accordance with the legislation Following up and executing legal affairs Conducting internal audit / investigation / intelligence activities Conducting communication activities Planning human resources processes Execution / inspection of business activities Execution of goods / service purchasing processes Carrying out after-sales support services for goods / services Execution of goods / service sales processes Carrying out the production and operation processes of goods / services Execution of customer relationship management processes Carrying out customer satisfaction activities Carrying out marketing analysis activities Execution of risk management processes Following up on requests / complaints Giving information to authorized persons, institutions and organizations |
Express Consent Legal Provision Execution of the Contract Legal Liability Establishment, Protection and Use of Rights Legitimate Interest |
8 | Finance | Conducting the application processes of candidates Fulfillment of obligations arising from employment contracts and legislation Execution of processes regarding additional rights and benefits for employees Conducting audit/ ethical activities Carrying out training activities Carrying out activities in accordance with the legislation Managing finance and accounting Following up and executing legal affairs Conducting internal audit / investigation / intelligence activities Carrying out activities to ensure business continuity Execution of goods / service purchasing processes Carrying out after-sales support services for goods / services Execution of goods / service sales processes Carrying out the production and operation processes of goods / services Execution of customer relationship management processes Execution of advertisement / campaign / promotion processes Execution of risk management processes Managing contract processes Conducting sponsorship activities Following up on requests / complaints Giving information to authorized persons, institutions and organizations Carrying out management activities |
Express Consent Legal Provision Execution of the Contract Legal Liability Establishment, Protection and Use of Rights Legitimate Interest |
9 | Professional experience | Conducting employee candidate / intern / student selection and placement processes Conducting the application processes of candidates Execution of employee satisfaction and loyalty processes Fulfillment of obligations arising from employment contracts and legislation Execution of processes regarding additional rights and benefits for employees Carrying out training activities Carrying out activities in accordance with the legislation Managing assignment processes Planning human resources processes Execution / inspection of business activities Receiving and evaluating suggestions for the improvement of business processes Execution of goods / service sales processes Conducting performance evaluation processes Execution of risk management processes Managing contract processes Execution of wage policies Conducting talent / career development activities Giving information to authorized persons, institutions and organizations |
Legal Provision Execution of the Contract Legal Liability Establishment, Protection and Use of Rights Legitimate Interest |
10 | Marketing | Execution of information security processes Carrying out activities in accordance with the legislation Managing loyalty processes to the company / products / services Following up and executing legal affairs Conducting internal audit / investigation / intelligence activities Conducting communication activities Execution of goods / service purchasing processes Carrying out after-sales support services for goods / services Execution of goods / service sales processes Carrying out the production and operation processes of goods / services Execution of customer relationship management processes Carrying out customer satisfaction activities Organization and event management Carrying out marketing analysis activities Execution of advertisement / campaign / promotion processes Execution of risk management processes Following up on requests / complaints Carrying out marketing processes for products / services Giving information to authorized persons, institutions and organizations |
Express Consent Legal Provision Execution of the Contract Legal Liability Establishment, Protection and Use of Rights Legitimate Interest |
11 | Visual and audio records | Execution of information security processes Fulfillment of obligations arising from employment contracts and legislation Execution of access rights Carrying out activities in accordance with the legislation Ensuring the security of physical locations Following up and executing legal affairs Conducting internal audit / investigation / intelligence activities Conducting communication activities Planning human resources processes Execution / inspection of business activities Execution of customer relationship management processes Organization and event management Conducting performance evaluation processes Execution of advertisement / campaign / promotion processes Execution of risk management processes Following up on requests / complaints Giving information to authorized persons, institutions and organizations Keeping and following up on records of visitors |
Legal Provision Execution of the Contract Legal Liability Establishment, Protection and Use of Rights Legitimate Interest |
J-) TRANSFER OF PERSONAL DATA
The personal data listed in Article (H-a) of this policy may be transferred domestically for the purposes specified in Article (H-b) of this policy with the express consent of the person involved and in conformity with the other conditions set forth in article 8 of the Code where the express consent is not sought.
Nevertheless, the personal data may also be transferred abroad with the explicit consent of the person involved and without his express consent in conformity with the other conditions stipulated in article 9 of the Code in case the data are protected in the relevant country sufficiently or in the lack thereof Bybit Türkiye and the data officer in the relevant country guarantee adequate protection.
In this regard, personal data such as information regarding identity, communication, customer transactions, transaction security, finance, marketing, criminal conviction and security measures can be transferred to Bybit Türkiye's domestic subsidiaries, shareholders, business partners, representatives, consultants, third party service providers, auditors, legally authorized / competent public institutions and organizations or those abroad.
Among the personal data categories, Bybit Türkiye processes, information regarding location, personnel, legal processes, physical location security, professional experience, visual and audio records and health information data are not transferred abroad.
K-) RIGHTS AND OBLIGATIONS
1-) Obligations of the Data Controller
a-) Obligation to inform
During the acquisition of personal data the data controller is obliged to inform the person involved about the identity of the data controller and its representative, for what purposes the personal data will be processed, to whom and for what purpose the personal data can be transferred, the method and legal reason for collecting personal data and what the rights of the person involved are.
The data controller provides the necessary information to all persons with the "Clarification Document" prepared within the scope of the information obligation of Bybit Türkiye and also receives "approval" from users who open an account through the website and mobile applications that they have read this text.
b-) Obligations Regarding Data Security
The data controller needs to ensure the appropriate level of security in order to prevent unlawful processing of personal data, to prevent unlawful access to personal data and to take all necessary technical and administrative measures for the protection of personal data.
Bybit Türkiye or real and legal persons who process data on behalf of Bybit Türkiye keep the processed personal data confidential in data recording systems and take all necessary technical and administrative security precautions to prevent illegal access to these data. In this regard, Bybit Türkiye declares and guarantees that it shows the highest level of attention and care, conducts the necessary inspections and uses the most up-to-date technologies.
Within the scope of administrative measures regarding personal data security, Bybit Türkiye constantly analyzes existing risks and threats, creates a high level of awareness by educating its employees, subjects these works and processes to certain policies and procedures, reduces the personal data that do not need to be processed as much as possible and continuously warns and inspects data processors. There are disciplinary regulations concerning data security provisions for those who work in this field. Training and awareness activities on data security are carried out periodically for employees. An authority matrix has been created for the employees. The authority of employees who change their jobs or leave their jobs is revoked. Personal data security policies and procedures have been determined. Personal data security problems are reported quickly. Personal data security is monitored. Necessary security measures are taken for entering and exiting physical locations containing personal data. Physical environments containing personal data are secured against external risks (fire, flood, etc.). The security of environments containing personal data is ensured. Personal data is reduced as much as possible. In-house periodic and/ or random inspections are carried out.
Within the scope of technical measures regarding personal data security, Bybit Türkiye provides network security and application security, uses a closed system network for personal data transfers through the network, applies key management, takes security measures within the scope of procurement, development and maintenance of information technology systems, ensures the security of personal data stored in the cloud, regularly keeps access logs, practices corporate policies with regard to access, information security, use, storage and disposal, implements data masking measures when necessary, uses up-to-date anti-virus systems, firewalls, makes back-ups of personal data and ensures the security of backed up personal data, implements user account management and authorization control systems and monitors them, keeps logs without interference of the user, sends encrypted e-mails when personal data of an extraordinary nature are concerned via the registered e-mail address (KEP) or corporate mail account, uses secure encryption / cryptographic keys for personal data of an extraordinary nature, uses intrusion detection and prevention systems, performs penetration testing, manages the implementation of cyber security measures, performs encryption, encrypts the data of an extraordinary nature which are transferred into a portable memory, CD, DVD media and uses data loss prevention software.
c-) Obligation to React on the Applications of Persons Involved and the Fulfillment of Committee Decisions
The data controller should conclude the applications made by the person concerned as soon as possible and within thirty days at the latest, depending on the nature of the request. The data controller accepts or rejects the request by explaining the reason and notifies the person involved in writing or electronically. If the request stated in the application is accepted, the data controller takes the necessary actions. In other cases the person involved may file a complaint with the Committee.
Detailed explanations on this matter are given below in the section on "Rights of the Person involved".
d-) Obligation to notify
Another obligation of the data controller is to inform the person involved and the Committee within 72 hours at the latest in the event that personal data are illegally accessed, obtained, or damaged, despite the security measures taken.
Bybit Türkiye guarantees to comply with this obligation.
2-) RIGHTS OF THE PERSON INVOLVED
Within the scope of Article 11 of the Code, the person involved may at any time make the following requests to the Bybit Türkiye data officer regarding his own data;
- Informing whether personal data is processed,
- If data are processed, to request information in this regard,
- Requesting information about the purpose of processing his personal data and whether the data are used in accordance with this purpose,
- Requesting insight in to which domestic or foreign third parties the personal data are transferred,
- In the event that personal data are incomplete or incorrectly processed, requesting their correction and notification to third parties to whom the personal data are transferred,
- Requesting the deletion, destruction or anonymization of personal data in the event that the grounds requiring data processing cease to exist, even if the data have been processed in accordance with legal provisions and other relevant laws and the notification to third parties to whom the personal data is transferred,
- To object to any negative occurrences which have emerged as a result of analyses of the data processed exclusively through automated systems,
- Requesting to cover the damages incurred due to the illegal processing of personal data, The provisions of Article 28 of the Code are reserved.
Application method:
The person involved may send his notifications regarding the aforementioned rights in the following manners:
Via mail to the address of Bybit Türkiye at Huzurevler Mahallesi Maslak Ayazağı Caddesi No:4 H/201 Sarıyer/İstanbul/Turkey,
To the registered electronic e-mail address (KEP), via a secured electronic signature, a mobile signature or the e-mail address previously registered with Bybit Türkiye . E-mails may be sent to kisiselveri@narkasa.com or the Bybit Türkiye KEP address: narkasa@hs01.kep.tr,
Via the “application form”.
If a request is made by a third party on behalf of the person concerned, a power of attorney issued by a notary public must also be submitted on behalf of the applicant.
It is obligatory that the following information is mentioned in the application;
- Name, surname and if the application is in writing a signature,
- For citizens of the Republic of Turkey T. C. identification number, for nationals of other countries the passport number or, if present, identification number
- Official residential or company contact address,
- E-mail address, telephone and fax number, if any,
- Subject of the request,
Information and documents regarding the request should be included in the application.
Bybit Türkiye declares and undertakes to finalize the request free of charge as soon as possible and within thirty days at the latest depending on the nature of the request.
In cases where the application is rejected by Bybit Türkiye , the answer given is insufficient or the application is not answered in due time; the person involved has the right to object to the Committee within thirty days from the date of receipt of the response of Bybit Türkiye and in any case within sixty days from the date of application.