Policy Regarding Special Categories of Personal Data

SCOPE

Article 6 of the Law No. 6698 on the Protection of Personal Data ("THE LAW") defines certain personal data as "SPECIAL CATEGORY PERSONAL DATA", which, if processed unlawfully, carry the risk of causing harm or discrimination to individuals.

Special categories of personal data include information relating to a person's race, ethnic origin, political opinion, belief, religion, sect or other beliefs, appearance and clothing, membership in associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.

PROCESSING OF SPECIAL CATEGORY PERSONAL DATA

...Company (the Company) shows particular sensitivity in processing Special Categories of Personal Data, the protection of which is believed to be of greater importance in various respects from the perspective of the Data Subject/Relevant Person.

Special Categories of Personal Data are processed by the Company in accordance with the Law, provided that adequate measures determined by the Board are taken, and under the following conditions:

If the Data Subject/Relevant Person has given their explicit consent, or
Unless the Data Subject/Relevant Person has given explicit consent, special categories of personal data other than those relating to the Data Subject's health and sexual life may be processed only in cases stipulated by law, while special categories of personal data relating to the Data Subject's health and sexual life may only be processed by persons or authorized institutions and organizations under an obligation of confidentiality for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and the planning and management of health services and their financing.

MEASURES REGARDING THE PROCESSING OF SPECIAL CATEGORY PERSONAL DATA

In accordance with Article 6 of the Law and the Board's decision dated 31.01.2018 and numbered 2018/10, the company, acting as the data controller, takes the following measures regarding the processing of Special Categories of Personal Data:

This Policy establishes a systematic, clearly defined, manageable, and sustainable system for the security of sensitive personal data.
Regarding Employees involved in the processing of special categories of personal data,
- Regular training is provided on the security of Special Categories of Personal Data, in accordance with the law and related regulations.,
- Confidentiality agreements are in place.,
- The scope and duration of access authorization for users with data access rights are clearly defined.,
- Authorization checks are carried out periodically.,
- Employees who change roles or leave the company will have their authorizations in this area immediately revoked. In this context, they will receive back the inventory assigned to them by the Data Controller.
If the environments where Special Categories of Personal Data are processed, stored and/or accessed are electronic environments,
- Personal data is protected using cryptographic methods.,
- Cryptographic keys are stored securely in different environments.,
- All transactions involving personal data are securely logged.,
- Security updates for environments where Personal Data is stored are continuously monitored, necessary security tests are regularly conducted/commissioned, and test results are recorded.,
- If Personal Data is accessed through software, user authorizations for that software are configured, security tests of these software programs are regularly performed/commissioned, and the test results are recorded.,
- If remote access to Personal Data is required, at least a two-factor authentication system is provided.
If the environments where Special Categories of Personal Data are processed, stored and/or accessed are physical environments;
- Depending on the nature of the environment where Special Categories of Personal Data are stored, adequate security measures are taken (against electrical leaks, fire, flooding, theft, etc.).,
- Physical security of these areas is ensured to prevent unauthorized entry and exit.
If Special Categories of Personal Data are to be transferred
- If personal data needs to be transmitted via email, it is transmitted in encrypted form using a corporate email address or a Registered Electronic Mail (KEP) account.,
- If data needs to be transferred via portable memory devices, CDs, DVDs, etc., it is encrypted using cryptographic methods, and the cryptographic key is stored on a different medium.,
- When data transfer is performed between servers in different physical locations, data transfer is carried out by establishing a VPN between the servers or using the sFTP method.,
- If Personal Data must be transmitted in paper format, necessary precautions are taken against risks such as theft, loss, or unauthorized access to the documents, and the documents are sent in "Confidential" format.
In addition to the measures mentioned above, technical and administrative measures aimed at ensuring the appropriate level of security, as specified in the Personal Data Security Guide published on the website of the Personal Data Protection Authority, should also be taken into consideration.

TRANSFER OF SPECIAL CATEGORY PERSONAL DATA

The company may transfer the Special Categories of Personal Data it has lawfully obtained to third parties in accordance with data processing purposes and by taking the necessary security measures. Accordingly, the company may transfer Special Categories of Personal Data to third parties if one of the processing conditions specified in the section above and one of the conditions specified below are met.

If the Data Subject/Relevant Person has given their explicit consent,
If there is an explicit provision in the laws regarding the transfer of Special Categories of Personal Data,
If it is necessary for the protection of the life or physical integrity of the Data Subject/Relevant Person or another person, and the Data Subject/Relevant Person is unable to express their consent due to factual impossibility or if their consent is not legally valid;
If the transfer of personal data belonging to the parties to a contract is necessary, provided that it is directly related to the establishment or performance of the contract,
If the company needs to transfer personal data in order to fulfill its legal obligations,
If Special Categories of Personal Data have been made public by the Data Subject/Relevant Person,
If the transfer of Special Categories of Personal Data is necessary for the establishment, exercise or protection of a right,
Personal data transfer may be necessary for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the Data Subject/Relevant Person.

TRANSFER OF SPECIAL CATEGORY PERSONAL DATA ABROAD

The company may transfer the Special Categories of Personal Data of the Data Subject/Relevant Person to foreign countries where the data controller has adequate protection or undertakes to provide adequate protection, in line with legitimate and lawful Personal Data processing purposes, by exercising due diligence, taking the necessary security measures and adequate precautions foreseen by the Board, in the following cases.

If the personal data owner has given their explicit consent, or
Unless the personal data owner has given explicit consent;
- Special categories of personal data of the Data Subject/Relevant Person, excluding those related to their health and sexual life (such as race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and clothing, membership in associations, foundations or trade unions, data relating to criminal convictions and security measures, as well as biometric and genetic data), may be processed in cases stipulated by law.,
- Special categories of personal data relating to the health and sexual life of the Data Subject/Relevant Person may only be processed by persons or authorized institutions and organizations under an obligation of confidentiality, for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, and planning and managing health services and their financing.

THIS POLICY IS IMPLEMENTED BY MIPO TECHNOLOGY INC. (KVKK COMMITTEE BOARD OF DIRECTORS, GENERAL DIRECTORATE).

Best regards...

MIPO TECHNOLOGY INC.

Mipo M17

Mipo M25

Mipo M33

Mipo M46 Plus

Mipo M46 Pro

Mipo M59

MIPO S43 GEO

MIPO WATCH S36

MIPO WATCH K3 – PINK

MIPO WATCH K3 – BLUE

MIPO WATCH S24 – SILVER

MIPO WATCH S24 – BLACK

MIPO WATCH S22 – Silver

MIPO WATCH S22 – Black

Policy Regarding Special Categories of Personal Data

FREE SHIPPING

ONLINE PAYMENT

24/7 SUPPORT

%100 GÜVENLİ