As Kosmos Visa Services, we aim to provide the best possible level of service to our customers.

 

Your views are important to us. To continue to improve our service we need your help. We thank you for sharing your views with us.

 

We keep a record of your feedback and, if you request a response, we aim to reply in 2 working days.

 

You may contact us by filling the Survey Form or by Sending Us Email

This is the Security Announcement for applicants whom visit Kosmos Visa Application Centre;

 

Due to Security reasons, the following actions or items will not be permitted or used inside the Visa Application Centre:

 

 

 

The list provided above is not restricted.

 

 

 

 

 

 

Security Guards or Kosmos Personnel have the right to prevent admission of suspicious individuals or items in to the office.

 

*The list provided above is not restricted. Security Guards may prohibit other items based on his/her discretion.

 

Due to security reasons, entrance will only be permitted to the main applicant, their interpreter or if accompanying a physical handicapped applicant. Permission for entry by friends, relatives, business contacts of the main applicant is prohibited.

 

There is no facility available at Kosmos Visa Application Centre to store prohibited items. We request applicants to make alternative arrangements to store the listed items before entering to the Visa Application Centre. Kosmos Visa Application centre is monitored by cameras on a 7/24 basis based on the security procedures.

 

Protection of your personal data
 

As Kosmos Visa Services Limited Company, we respect and attach importance to the privacy of applicants. For this reason, we would like to provide information about the Personal Data Protection Law*, which is in force to protect the fundamental rights and freedoms of applicants in the use of their personal data. Personal data of applicants via internet, call center channels; They can communicate it to us verbally, in writing or electronically.

We use this data;

• Accepts on behalf of the Consulate General of Greece;
• Always keeps it safely,
• We do not share it with anyone except organizations permitted by law.
By contacting us at any time;
• Purpose of using your personal data,
• You can find out which organizations it was shared with and for what purpose.
• You can request correction of your incomplete or incorrectly recorded or used information.
To get detailed information about the law, you can review the law on the official website of the Turkish Grand National Assembly.
*Personal Data Protection Law No. 6698 ("KVKK")
Kosmos Visa Services Limited Company.

PROCESSING PERSONAL DATA CLARIFICATION TEXT

 

Law No. 6698 on the Protection of Personal Data (PDPA) published in the Official Gazette dated April 7, 2016 and numbered 29677, in order to protect the fundamental rights and freedoms of individuals, especially the privacy of individuals, in the processing of personal data and to determine the obligations of real and legal persons processing personal data. As Kosmos Visa Services Limited, we would like to inform you in the capacity of ‘data responsible’ in accordance with Article 10 of the Law titled ‘’Clarification Obligation of the Data Officer’’.

 

DATA RESPONSIBLE AND REPRESENTATIVE

 

As Kosmos Visa Services Limited, in the capacity of data responsible, we may use your personal data for the purposes described below; we will be able to process, record, store, classify, updat

e, and disclose to third parties where permitted by law for the purpose which they are committed.

 

 

YOUR PROCESSED PERSONAL DATA

Within the scope of your use of our company's products and services, the following personal data are processed:

 

• Your Identity Information (Your identity data by which we can identify you, such as your name, surname, T.R. identity number, name of your parents, place of birth and date of birth, gender, marital status),

• Your Contact Information (Your address, mobile phone, e-mail address and other communication data),

• Your Financial Data (Bank account number, IBAN number, credit card information, payment information, billing information, financial data such as assets)

• Customer Transaction (Order and request information, information on box office receipts)

• Professional Experience (Vocational knowledge, educational knowledge, etc.)

• Your Audio Visual Recordings (such as your photo and call center audio recording)

• Marketing (Shopping history information, survey, cookie records, etc.)

• Transaction Security (such as website navigation information, IP address, website login/logout information, password and password information)

• Health (Blood group information)

• Biometric Data (Fingerprint information)

• Your other personal data that you personally transmit within the framework of your requests, suggestions and complaints.

• Other (Your data such as insurance policy information, passport information, wage and payroll information, travel information, accommodation information, signature, travel document type, travel document number, school information, other countries to be visited, parent's name-surname, parent's year of birth, parent's nationality information, spouse-child's name-surname, spouse-child's nationality information, spouse-child's year of birth; data such as the name-surname and nationality information of the person you will be traveling with)

 

 

 

 

PURPOSE OF PERSONAL DATA PROCESSING

İn order to benefit from the services we offer as Kosmos Visa Services Limited Company, your personal data is processed in accordance with the basic principles set out in the KVKK and the relevant legislation, your explicit consent and / or the legal legislation that we are subject to KVKK art. 5/2. When considering the services offered by Kosmos Visa Services Limited, your personal data, for you to benefit from these services:

 

• Fulfillment of information sharing, reporting and notification obligations of public institutions and authorized third parties, primarily related mission applications and requests,
• Execution of relevant transactions during the visa application process,
• Execution of consultancy activities related to visa transactions,
• Ensuring that our company activities are carried out in accordance with company procedures or relevant legislation,
• Execution of customer relations management processes,
• Execution of contract processes,
• Execution / audit of business activities,
• Execution of communication activities,
• Evaluation of requests and complaints,
• Fulfillment of information and document storage obligations arising from legal legislation,
• Execution of finance and accounting affairs,
• Management of our legal processes,
• In order to provide you with better and more reliable services without interruption, personal data will be processed within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698.

 

 

COLLECTION METHOD OF PERSONAL DATA AND LEGAL REASON

 

Your personal data is processed by our Company through different channels (the head office and branches where you can contact Kosmos's management center, branches or business partners, call center, web, websites and similar electronic transaction platforms, social media or other publicly available media or through other group companies or other persons and organizations with whom they have agreements, in written, verbal, audio or video recording or other physical or electronic media.

We process your personal data, which we collect in accordance with the above methods, based on one or more of the following legal reasons:

• Your explicit consent (for data processing activities specified in the consent text)
• National and international legal regulations necessitate processing (Regulation (EC) No. 767/2008 (VIS Regulation), Regulation (EC) No. 810/2009 (Visa Code) and Council Decision No. 2008/633/JHA, Code of Obligations, Commercial Code, Tax Procedure Code, Consumer Law, etc.)
• For the establishment, exercise or protection of a right Data processing is mandatory,
• It is necessary for the performance of the contract we have concluded with you or your company,
• The processing of your personal data is necessary for our legitimate interests, provided that it does not harm your fundamental rights and freedoms.

Your personal data will be processed by our employees in order to make your visa application and to fulfill the service we offer. Your shared personal data and visa applications will be transferred to and kept by the Mission we work for. All your personal data, including those of a special nature, will be protected within the framework of the regulations applicable to the relevant mission.

For detailed information, please see the “Personal Data Processing and Protection Policy”.

 

PARTIES THAT PERSONAL DATA PROVIDED TO AND PURPOSE OF TRANSFER

Your personal data processed within the scope of the above purposes may be transferred to the relevant Mission, domestic and foreign supervisory and regulatory authorities and relevant public institutions stated in the relevant mission's disclosure text, legally authorized public and private legal entities, our company's consultants, our auditors and our service providers within the scope of the personal data processing conditions and purposes specified in Articles 8 and 9 of Law No. 6698, limited to the purpose requested within its legal authority.

Your personal data may be transferred to our suppliers, insurance companies, notaries, banks and financial institutions located in Turkey and/or abroad and with whom we cooperate in order to continue our company's activities and business processes, our consultancy firms from which we receive support in areas such as law, financial consultancy, tax, etc., legally authorized public institutions and private persons, domestic and/or foreign storage, archiving, information technology support (server, hosting, software, cloud computing, etc.) etc. that process personal data on behalf of our company. It may be transferred to our service providers from whom we receive support in their fields, within the framework of the personal data processing conditions specified in Articles 8 and 9 of Law No. 6698 and for the purposes specified above.

 

 

RIGHTS OF THE PERSON WHOSE PERSONAL DATA IS PROCESSED

 

In the event that the party to this Agreement is a natural person, if the customer is official, the customer must be a legal entity, as a personal board of directors, there are provisions of KVKK, Kosmos Visa Services:

 

·              Learn whether personal data is processed,

·              Request information if personal data is processed,

·              Learning the purpose of processing personal data and whether they are used in accordance with their purpose,

·              Knowing the third parties to whom personal data is transferred at domestic or overseas,

·              To request correction of personal data in case of incomplete or incorrect processing,

·              Requesting deletion or destruction of personal data,

·              In case of correcting, deleting or destroying personal data, requesting that these transactions be notified to the third parties to whom the personal data are transferred to,

·              Object to the occurrence of a result against the person by analysing the processed data exclusively through automated systems,

·              Request for compensation in case of damage due to unlawful processing of personal data

Requests submitted within this scope; will be finalize by Kosmos Visa Services Limited for free of charge within thirty days at the latest. However, if a fee is foreseen by the Personal Data Protection Board, the fee in the tariff determined by our Company will be charged.

IF YOU WISH TO CONTACT US FOR YOUR REQUESTS

 

If you want to contact us within  the coverage of Law no. 6698, for feedback or asking questions,  you can deliver personally to the address by hand or you can reach us through the notary with documents supporting your identity and your petition containing your request Kosmos Visa Services Co. Ltd. – ‘’Astoria AVM, Esentepe Mah. Büyükdere Cad No 127 Astoria B1 kati M32 Esentepe/Şişli/İstanbul’’ In this context, written applications to be made on the subject will be accepted following the authentication by us and the related parties will be returned within the legal period.

 

If a request is made electronically:

By signing the KVKK Application Form with an electronic or mobile signature with a "secure electronic signature" certificate defined in the Electronic Signature Law No. 5070, it can be sent to our Company's Registered Electronic Mail (KEP) address: "[email protected]". , or you can send it to the e-mail address “[email protected]” by using the e-mail address you have previously notified our Company and registered in our systems.

 

(We may request additional verifications (such as sending a message to your registered e-mail address or calling you) in order to determine whether the application belongs to you and to protect your rights. If the application is made by third parties on behalf of personal data owners, the person who will apply will be notarized by the data owner. A specially authorized power of attorney is required.)

 

Your requests submitted to our company will be answered in writing or electronically as soon as possible and within thirty days at the latest, depending on the nature of your request

 

 

KOSMOS VISA SERVICES LIMITED COMPANY

Address: “Astoria AVM, Esentepe Mah. Büyükdere Cad No 127 Astoria B1 floor M32 Esentepe/Şişli/İstanbul”

Tel: (0850) 474 20 21

Email : [email protected]

Attachment: KVKK Application Form

As employees of Kosmos Visa Services Limited, to manage all kind of risk towards our business continuity and information assets;

 

• To document, certify and continuously improve  our information security management system in compliance with the requirements of ISO 27001 standard,
• Protecting our information assets against all kinds of threats,
• Preparing, maintaining and testing business continuity plans,
• Comply with all legal regulations and conventions related to information security,
• Systematically managing risks to our information assets,
• Ensuring that confidential information of customers is protected and maintained with precision,
• Conducting trainings to develop competencies to increase awareness on information security, we PLEDGE to be a pioneering and exemplary organisation in our sector. 

“https://www.kosmosvize.com/” domain name (“Website”), “Astoria AVM, Esentepe Mah. It is operated by "Kosmos Visa Services Limited Company" (hereinafter referred to as "Kosmos Visa" for short) located at Büyükdere Cad No 127 Astoria B1 floor M32 Esentepe/Şişli/İstanbul. Kosmos Vize, as the data controller, is responsible for determining the purposes and means of processing personal data and establishing and managing the data recording system.

 

In accordance with the Personal Data Protection Law No. 6698 (“Law”), including but not limited to the collection, storage and transfer of your personal data obtained in connection with your use of the Website, Article 3 of the Law titled “Definitions”. We would like to inform you about the processing within the scope of [1] and the procedures and principles of such processing.

 

1. Purpose for which Personal Data will be Processed:

 

Personal data, according to Article 3 of the Law titled "Definitions", personal data; It refers to “all kinds of information regarding an identified or identifiable natural person”. This data includes your name, address, e-mail address or telephone number, etc. There may be information. In addition, information/data collected through the use of cookies and that does not directly allow you to be identified (for example, information such as how you use the Website, which parts of the site you visit), if these are based on an identity assigned to the user/visitor and therefore are collected and stored in an individualized manner. and if it has been evaluated, it can be considered personal data.

 

We process the personal data of internet users and visitors who use the Website through cookies in order to facilitate the use of the Website and to customize the Website in line with the interests and needs of users and visitors. We also process anonymous and aggregated statistical data that allows us to understand how users and visitors of the Website use the Website and to help us improve the structures and contents of the Website. This data is not information that can enable us to identify you.

 

2.To whom and for what purpose personal data may be transferred:

 

In accordance with Articles 8 and 9 of the Law, your collected personal data may be shared with these authorities upon the request of legally authorized authorities in order to fulfill our legal obligations as Kosmos Visa.

 

3.Method and Legal Reason for Collecting Personal Data:

 

Personal data about current and potential internet users and visitors are collected by Kosmos Vize by placing cookies on the Website, for the legitimate interest of Kosmos Vize, provided that Kosmos Vize can carry out its activities and offer the products within the scope of its activity and does not harm the fundamental rights and freedoms of the data owners. It is collected based on legal reasons.

 

4.Network Server Data Logging:

 

When you log in to the Website, your web browser is set to automatically transfer the following data to our internet server, and then saves the following information/data in the data records.

 

Date of entry,

Entry time,

URL of the application website,

Received files,

The amount of data transmitted,

Browser type and version,

OS,

IP address,

The domain name of your Internet access provider.

 

5.Cookies

 

Cookies are small text files placed on your hard drive by the website server. In this way, we automatically obtain certain data such as the IP address, the browser used, the operating system on your computer and your internet connection.

 

This Website is owned by Google Inc. It uses Google Analytics, a web analysis service provided by (“Google”). Google Analytics uses cookies to help the website analyze how users use the site. The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to Google and stored by Google on servers in the USA. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on Website activity and providing other services relating to Website activity and internet usage.

 

Mandatory, functional and analytical cookies used by our site:

 

It is mandatory for the website interface and features to be used as desired.

It allows you to speed up activities during future visits.

By enabling us to understand how the website is used by visitors, it helps us gather statistical data and develop content in line with this data.

Under no circumstances do we collect, store or process data that can identify you, and it does not constitute personal data.

 

COOKIE TYPE

 

PURPOSES OF COOKIE USE

 

1. NECESSARY COOKIES

These types of cookies enable the Website to function properly and allow you to use all the features the Website offers. An example of this is remembering the previous action when returning to a page within the same session. These cookies do not identify you. If you do not accept these cookies, you may not be able to benefit from all the features of the Website.

 

2.PERFORMANCE COOKIES

These types of cookies collect information about how the Website is used so that we can improve it. For example, it collects data/information about which pages you visit most, time spent on the Website and error messages you encounter. The data/information collected by these cookies is recorded anonymously. No information that could identify you is stored.

 

3. FUNCTIONAL COOKIES

These types of cookies allow us to offer you a more personalized experience. These allow us to remember data such as your username and language preferences so that you do not have to re-enter this information on subsequent visits. The information stored in these cookies is anonymous. If you do not accept such cookies, the performance and functionality of the Website may be affected and some content on the Website may not be accessible.

 

4. TARGETING/ADVERTISING COOKIES

These types of cookies are used to present content/products that are relevant to you and your interests. For example, we do not use targeting or advertising cookies to personalize the advertisements and content presented to you on the Website, to limit the frequency with which you see the same advertisement on the Website, and to measure the effectiveness of our advertising campaigns.

 

6.Manage Cookie Settings

We recommend that you accept cookies so that you can use the Website in the most efficient way possible. You can view the Website without cookies. Internet browsers are set up to accept cookies at any time. You can always stop the use of cookies through your browser settings. Please use your browser's help function to learn how to change the settings for managing your cookies. Please note that when you stop the use of cookies or change cookie settings, some functions of our website may not work properly.

You can configure your browser to block cookies for all sites or specific sites, alert you when a cookie is being created, block third-party cookies, or treat all cookies as session cookies.
• Google Chrome: https://support.google.com/chrome/answer/95647
• Mozilla Firefox: https://support.mozilla.org/tr/kb/cerezleri-silme-web-sitelerinin-bilgilerini-kaldirma
• Microsoft Edge: edge://settings/clearBrowserData
• Safari: https://support.apple.com/tr-tr/guide/safari/sfri11471/mac
• Opera: https://www.operaturkiye.net/cerezleri-nasil-sebilirim/index.html

7. Rights of the Data Owner

In accordance with Article 11 of the Law titled "Rights of the Relevant Person"; As a data owner, by applying to Kosmos Vize in writing or through other methods determined by the Personal Data Protection Board[2], to learn whether your personal data is being processed, to request information if your personal data is processed, to determine the purpose of processing of personal data and whether it is suitable for their purpose. to learn whether your personal data is used or not, if your personal data is transferred to third parties at home or abroad, to know the third parties to whom personal data is transferred, to request correction of your personal data if it is incomplete or incorrectly processed, and to request that the transaction carried out in this context be notified to third parties to whom personal data is transferred, to request that your personal data be processed in accordance with the Law and Requesting the deletion or destruction of your personal data in the event that the reasons requiring processing are eliminated, even though it has been processed in accordance with other relevant legal provisions, and requesting that the transaction carried out in this context be notified to third parties to whom the personal data has been transferred, preventing a result to your detriment by analyzing the processed data exclusively through automatic systems. You have the right to object and to request compensation for the damage if you suffer damage due to unlawful processing of your personal data.

 

Your requests in your application will be finalized free of charge by Kosmos Visa as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the process requires an additional cost for Kosmos Visa, the fee determined by the Personal Data Protection Board may be charged.[3]

 

8.Use of Rights, Application and Communication

Within the scope of the law, you can submit your requests regarding your above-mentioned rights to “Astoria AVM, Esentepe Mah.” by filling out the Application Form to the Data Controller prepared accordingly and signing it with a wet signature. You can deliver it personally to the address "Büyükdere Cad No 127 Astoria B1 floor M32 Esentepe/Şişli/İstanbul", or send it through a notary public and other methods specified in the Law.

 

9.Links to Other Websites

The Website contains links to other websites. We have no influence on whether the administrators of these sites comply with data protection provisions. Kosmos Vize is not responsible for the content of the sites it links to (and the contents of other sites to which those sites link) and has no authority to intervene in the content of the sites it links to.

 

10.Changes

Since the Website changes and develops depending on technological and legal developments, this Cookie Policy will be updated from time to time accordingly, and the current version of the Cookie Policy is published at https://www.kosmosvize.com/ and is always available for your access. will be kept.

 

11.Explicit Consent

By continuing to use our website, you agree that we can place cookies on your device. If you do not want to accept cookies in connection with your use of our website, you must do one of the following:

 

Change your browser information to block all or some cookies; or stop using our Website.

 

[1] According to Article 3.1.(e) of the Law titled "Definitions", "Processing of Personal Data": Obtaining, recording and storing personal data by fully or partially automatic or non-automatic means, provided that it is part of any data recording system. It refers to all kinds of operations performed on data such as preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing its use.

 

[2] In accordance with the "Communiqué on Procedures and Principles of Application to the Data Controller" dated 10.03.2018 and numbered 30356; Data owners may submit their requests within the scope of their rights specified in Article 11 of the Law, in writing or via registered electronic mail (KEP) address, secure electronic signature, mobile signature or electronically, which has been previously reported to Kosmos Vize by the data owners and registered in the Kosmos Visa system. It is forwarded to Kosmos Vize by using the postal address or through a software or application developed for the application purpose.

 

[3] In accordance with the "Communiqué on Procedures and Principles of Application to the Data Controller" dated 10.03.2018 and numbered 30356; If the data owner's application will be answered in writing, no fee will be charged for up to ten pages. A processing fee of 1 Turkish Lira may be charged for each page over ten pages. If the response to the application is given on a recording medium such as a CD or flash memory, the fee that may be requested by Kosmos Vize cannot exceed the cost of the recording medium.

1. INTRODUCTION

The principles adopted in the execution of personal data processing activities carried out by Kosmos Vize Hizmetleri Limited Şirketi (hereinafter referred to as “Kosmos”) within the framework of this Personal Data Protection and Processing Policy (“Policy”) and Kosmos data processing activities are regulated in the Personal Data Protection Law No. 6698. (the “Law”) explains the basic principles adopted in terms of compliance with the regulations and informs the personal data owners about the legal provisions and general principles adopted by our Company.

With full awareness of our responsibility in this context, your personal data is processed and reasonably protected within the scope of this Policy.

 

2. PURPOSE OF THE POLICY

 

The main purpose of this Policy is to set forth the principles of personal data processing and the protection of personal data, carried out in accordance with the law by Kosmos, and to ensure transparency by enlightening and informing the persons whose personal data are processed by our company.

 

3. THE SCOPE OF THE POLICY

 

This Policy; Regarding your personal data processed by Kosmos; The principles of the processing of personal data and personal health data, the purposes and conditions of the processing of this data, the transfer and destruction of this data in the country and abroad, and the practices and principles regarding your rights on the processed data are notified to you below.

 

4. ACCESS AND UPDATE

The policy is published on the website of our Company and made available to the relevant persons upon the request of the personal data owners and updated when necessary. (Your personal data that we collect and process must be accurate and up-to-date when necessary in accordance with Article 4 of the Personal Data Processing Law No. 6698. Therefore, in case of any change in your personal data, you can report your current and accurate personal information with the methods described in the Clarification Text on our website. .)
Our company reserves the right to make changes in the Policy in line with the legal regulations.

In case of conflict between the current legislation, especially the Law, and the regulations included in this Policy, the provisions of the legislation shall apply.

 

5. DEFINITIONS

Definitions used here in this Policy are as follows:

 

 

6. PERSONAL DATA INVENTORY AND CATEGORIZATION OF PERSONAL DATA

 

Before the Kosmos; In line with the legitimate and lawful personal data processing purposes of Kosmos, based on and limited to one or more of the personal data processing conditions specified in Article 5 of the KVK Law, in particular the principles specified in Article 4 regarding the processing of personal data, Personal data owners (Product and Service User, Potential Product and Service Buyer, Employees, Employee Candidates, Visitors, Supplier Employees, Supplier Authorities, Shareholders/Partners, Employees' Relatives, Consultants, Trainers, Inviting Persons and Reference Persons);

• Fulfilling the information sharing, reporting and informing obligations of public institutions and authorized third parties, especially the applications and requests of the relevant Mission,
• Ensuring that our company activities are carried out in accordance with company procedures or relevant legislation,
• Execution of customer relationship management processes,
• Execution of contract processes,
• Execution / supervision of business activities,
• Execution of communication activities,
• Evaluation of requests and complaints,
• Fulfillment of information and document retention obligations arising from legal legislation,
• Execution of finance and accounting works,
• Managing our legal processes,
• In order to provide you with uninterrupted better and reliable service, personal data will be processed in accordance with the processing conditions and purposes specified in Articles 5 and 6 of the Law No. 6698.

Kosmos has created a personal data inventory in accordance with the Data Controllers Registry Regulation issued by the Personal Data Protection Authority. This data inventory includes data categories, data source, data processing purposes, data processing process, recipient groups to which the data is transferred, and retention periods.

In this context, the following types of data categories exist in Kosmos, but are not limited to these types;

Identity Information	Written in your identity card; Name, surname, mother's name, father's name, place of birth, date of birth, marital status, religion, blood group, registered province, district and neighborhood and the information written on your identity card without being limited to these.
Contact Information	Requested or given by you in order to be able to communicate with you; your contact data such as home phone number, mobile phone number, residential address or other address information, e-mail address.
Personal Information	Copy of identity card, For example the population Register, Certificate of residence, Health report, Diploma copy, Criminal record, Passport photograph, Document stating the family status, Military status document, Employment Contract / Service Contract SSI employment entry declaration, Your criminal record (criminal record), • Information and documents related to your health status.
Professional Experience	Diploma information, courses attended, vocational training information, certificates, etc.
Bank Account Information (Finance)	Bank account number, IBAN number, other information regarding the bank card.
Curriculum Vitae Information	Your education information, school information about your education, certificate information, education status and information about your education, which is written in your CV or requested by Kosmos or given by you, Place, date and duration information about your work experience, which is written in your CV or requested by Kosmos or given by you, information about your previous job and task, any information about your work experience, Your photo in your CV or requested by Kosmos or given by you, Your driver's license written in your CV or requested by Kosmos or given by you, and the information in your driver's license, Your references and information about your references written in your CV or requested by Kosmos or given by you.
Location	Location information of the current location
Physical Venue Security (Visitor Information)	Camera recording, internet access information of visitors to the company,
Health Data	All kinds of health information and data (disability information, blood type information, personal health information,)
Criminal Conviction Data	Criminal record information obtained while creating the personal file,
Customer Transaction	Invoice, promissory note, check information, information in box office receipts, order information, request information,
Legal Action	Information in correspondence with judicial authorities, such as information in the case file,
Marketing	Historical service information, survey, cookie records, information obtained through campaign work.
Transaction Security	IP address information, website login and exit information, password and password information,
Financial Data	Your financial data such as your bank account number, IBAN number, credit card information, payment information, billing information, and assets.
Audio-Visual Recordings	Audio-visual recordings,
Biometric Data	Biometric fingerprint information,
Other	Your data such as insurance policy information, passport information, wage and payroll information, travel information, accommodation information, signature, travel document type, travel document number, school information, other countries to be visited, parent's name-surname, parent's year of birth, parent's nationality information, spouse-child's name-surname, spouse-child's nationality information, spouse-child's year of birth; your data such as the name-surname and nationality information of the person you will be traveling with.

 

7. GENERAL PRINCIPLES ON THE PROCESSING OF PERSONAL DATA

7.1. Legal Compliance

Our company carries out its personal data processing activities in accordance with the law and honesty rules, in accordance with the Constitution, the KVK Law and the relevant legislation. In this context, our Company takes action by determining the legal grounds that will require the processing of personal data, takes into account the requirements of proportionality, does not use personal data outside of what is required for the purpose, and does not perform any processing activities without the knowledge of individuals.
7.2. Accurate and up-to-date data when necessary

Our company; It ensures that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights of personal data owners and their own legitimate interests, and takes the necessary measures in this direction. In this context, data on all categories of persons are tried to be kept up-to-date, and all kinds of administrative and technical measures are taken to ensure accuracy and up-to-date.
7.3. Definite, Legitimate and Clear Purpose

Our company; It processes personal data only for clearly and precisely determined legitimate purposes and does not process data other than these purposes. The purpose for which personal data will be processed by our company is determined before the processing activity and is also processed in the "Personal Data Inventory".

7.4. Relating to the Purpose for which Data are Processed, Limited and Measured

Personal data is processed by our company to the extent necessary to achieve the determined purposes. Data processing is not carried out with the assumption that it can be used later. In this context, processes are constantly reviewed and the principle of reducing personal data is tried to be implemented.

7.5. Retention of Personal Data as Necessary and Deletion Afterward

Our company retains personal data only for as long as required by the relevant legislation or for the purpose for which they are processed. In this context, our Company first determines whether a period is foreseen for the storage of personal data in the relevant legislation, if a period is determined, it acts in accordance with this period. In the event that the period expires or the reasons requiring its processing disappear, personal data is deleted, destroyed or anonymized in accordance with our Company's "Data Destruction Policy".

 

 

8. TERMS OF PROCESSING PERSONAL DATA

Personal data may only be collected, processed or used within the scope of the legal bases set out below.

8.1. Open Consent

In Article 3 of the Law, explicit consent is defined as “consent based on information and expressed with free will regarding a specific subject”. In addition, in Article 20, paragraph 3 of the Constitution, it is stipulated that personal data can only be processed in cases stipulated by law or with the express consent of the person. Express consent is foreseen as the fundamental reason for compliance with the law in Law No. 6698 for both special personal data and non-special personal data.
Articles 5, 6, 8 and 9 of the Law include cases where data processing conditions are not met and consent is required, and our company processes personal data by obtaining express consents declared with free will and obtained in a provable manner (written, electronic or recorded verbally). In the case of processing of special personal data, express consents will be obtained in writing when necessary.

Process managers who process personal data are obliged to ensure the existence and validity of the express consent of the relevant data owner while the personal data they process is being collected. If it is determined that there is no explicit consent (except for the exceptions below), no data processing activity will be carried out.

8.2. Processing of Personal Data without Explicit Consent

In the presence of one of the following conditions, it is possible to process personal data without seeking the explicit consent of the data subject:
8.2.1 expressly stipulated in laws,
8.2.2 The person who is unable to express his consent due to actual impossibility or whose consent is not given legal validity is compulsory for the protection of himself or someone else's life or physical integrity,
8.2.3 It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
8.2.4 It is mandatory for the data controller to fulfill its legal obligation,

8.2.5 It has been made public by the data owner himself,
8.2.6 Data processing is mandatory for the establishment, exercise or protection of a right,
8.2.7 Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data owner,
In such cases, it can be processed without express consent.

8.3. Processing of Private Personal Data

Our company shows special sensitivity in the processing of special personal data, the protection of which is of more critical importance for data owners in various aspects. In this context, such data is not processed without the explicit consent of the data owners, provided that sufficient measures determined by the Board are taken. However, it can be processed without explicit consent, provided that sufficient measures are taken and in the presence of the following reasons:
8.3.1. It is clearly prescribed by law,
8.3.2. It is mandatory for the protection of the life or physical integrity of the person who is unable to give his/her consent due to a de facto impossibility or whose consent is not legally valid, or of another person,
8.3.3. It is related to the personal data made public by the relevant person and is in accordance with the will to make it public,
8.3.4. It is mandatory for the establishment, exercise or protection of a right,
8.3.5. It is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, and the planning, management and financing of health services by persons under the obligation of confidentiality or authorized institutions and organizations,

8.3.6. It is mandatory for the fulfillment of legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance,

8.3.7. It is for the current or former members and members of foundations, associations and other non-profit organizations or formations established for political, philosophical, religious or union purposes, provided that it complies with the legislation they are subject to and their purposes, is limited to their fields of activity and is not disclosed to third parties; or it is for persons who are in regular contact with these organizations and formations,

The KVKK Committee will be informed in every case where special personal data needs to be processed.

 

 

9. TRANSFER OF PERSONAL DATA

Your personal data may be transferred to the relevant Mission, domestic and foreign supervisory and regulatory authorities and relevant public institutions specified in the relevant mission's disclosure text, legally authorized public and private legal entities, our company's consultants, our auditors and our service providers within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of Law No. 6698, limited to the purpose requested by the relevant mission within its legal authority.

Your personal data may be transferred to our suppliers, insurance companies, notaries, banks and financial institutions located in Turkey and/or abroad and with whom we cooperate in order to continue our company's activities and business processes, our consultancy firms from which we receive support in areas such as law, financial consultancy, tax, etc., legally authorized public institutions and private persons, domestic and/or foreign storage, archiving, information technology support (server, hosting, software, cloud computing, etc.) etc. that process personal data on behalf of our company. It may be transferred to our service providers from whom we receive support in their fields, within the framework of the personal data processing conditions specified in Articles 8 and 9 of Law No. 6698 and for the purposes specified above.

 

10.  RIGHTS OF RELATED PERSONS

10.1 Kosmos will respond within 30 days to the requests of the persons whose personal data it processes, within the scope of the following rights:

(1) Learning whether personal data is processed or not,
(2) If personal data has been processed, requesting information about it,
(3) Learning the purpose of processing personal data and whether they are used in accordance with its purpose,
(4) To know the third parties to whom personal data is transferred in the country or abroad,
(5) Requesting correction of personal data in case of incomplete or incorrect processing and requesting notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
(6) Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing cease to exist even though it has been processed in accordance with the provisions of the KVK Law and other relevant laws, and requesting the notification of the transaction made within this scope to the third parties to whom the personal data has been transferred,
(7) Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
(8) To request the compensation of the damage in case of loss due to unlawful processing of personal data.

10.2 Data owners can apply within the scope of the above-mentioned rights with the information and documents that will determine their identities and with the KVKK application form on the website with the methods specified below or other methods determined by the Personal Data Protection Board.

 

11. PRIVACY AND DATA SECURITY PRECAUTIONS;

All of the personal data processed within Kosmos is confidential, as specified in Article 12 of the Law;
a) To prevent the unlawful processing of personal data,
b) To prevent unlawful access to personal data,
c) To ensure the protection of personal data,
takes all necessary technical and administrative measures to ensure the level of security appropriate for its purpose.
11.1 Technical Measures Taken to Ensure Legal Processing of Personal Data and to Prevent Unlawful Access to Personal Data

Kosmos has taken all kinds of technical and technological security measures to protect your personal data and protects your personal data against possible risks. E.g;
• Network security and application security are provided.
• Security measures are taken within the scope of procurement, development and maintenance of information technology systems.
• Access logs are kept regularly.
• The authorizations of employees who have a change in duty or quit their job in this field are removed.
• Current anti-virus systems are used.
• Firewalls are used.
• Personal data security is monitored.
• Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
• The security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured.
• The security of environments containing personal data is ensured.
• Personal data is backed up and the security of the backed up personal data is also ensured.
• User account management and authorization control system is implemented and these are also followed.
• Log records are kept without user intervention.
• Intrusion detection and prevention systems are used.
• Encryption is done.
11.2 Administrative Measures to Ensure Legal Processing of Personal Data and to Prevent Unlawful Access to Personal Data

• A management framework has been established to initiate and control information security operation and implementation within the organization.

a. KVKK Committee and Liaison person have been appointed and their job descriptions have been determined.
b. KVKK Application channels have been determined.
c. Violation, claim/complaint management workflows have been determined.
• Main Principles, policies and procedures regarding the processing and protection of personal data have been determined.

a. Data Processing and Retention Policy Has Been Established.
b. A Policy on the Processing and Protection of Personal Data has been established.
c. A Policy Regarding the Security of Special Quality Personal Data has been established.
• Existing risks and threats have been determined within the scope of processed personal data.
• Training and awareness activities are carried out for employees on personal data security.
• Roles, responsibilities and job descriptions regarding data security have been determined in order to ensure that employees and contractors are aware of and fulfill their information security responsibilities.
• Confidentiality commitments are made.
• Employee, customer, supplier etc. Clarification text has been published for
• Processes requiring explicit consent are determined and implemented.
• In-house periodic and/or random audits are conducted and made. It eliminates privacy and security vulnerabilities that arise as a result of audits.
• Whether there is a need for the aforementioned personal data for the purpose of processing is evaluated and personal data is reduced as much as possible.
• If the data is obtained by others illegally, necessary measures are taken by the employees to inform the relevant person and the Board as soon as possible.

11.3 Measures to be Taken in Case of Unlawful Disclosure of Personal Data

In case the processed personal data is obtained by others illegally, our Company will notify the relevant data owner and the Board as soon as possible (within 72 hours maximum).

12. DISPOSAL (DELETE, DESTRUCTION AND ANONYMIZATION) CONDITIONS OF PERSONAL DATA

In accordance with Article 138 of the Turkish Penal Code, Article 7 of the KVK Law and the "Regulation on the Deletion, Destruction and Anonymization of Personal Data" issued by the Institution; Despite the fact that it has been processed in accordance with the provisions of the relevant law, in the event that the reasons requiring its processing are eliminated, personal data is deleted, destroyed or anonymized upon Kosmos' own decision or upon the request of the personal data owner. Kosmos has created a Policy in accordance with the provisions of the regulation on this subject and in accordance with this Policy, destruction is made according to the nature of the data. In accordance with this regulation, periodic destruction dates have been determined by Kosmos, and a calendar has been established according to which periodic destruction will be carried out at various intervals with the commencement of the obligation.

 

13. EXECUTION

A management structure has been established to ensure that Kosmos complies with the regulations of the KVK Law in the execution of this Policy.

 

 

14. EFFECTIVE DATE OF THE POLICY

This Policy entered into force on 07.01.2022 and was updated on 06.08.2024.