Important Notices on the Management of Personal Data
When Adapting and Using the next4biz Product

Important Notices on the Management of Personal Data When Adapting and Using the next4biz Product

While designing, authorizing, and configuring processes on the next4biz application and using the application, Corporate Customers of Next4biz must consider the following issues for regulatory compliance regarding personal data and data security:

1.An “Information/Privacy Notice” must be included in every instance of contact with the customer (issue owner).

While collecting customer information or issues with a web form, the link of the corporate Information/Privacy Notice regarding processing personal data must be included on the form, and the purpose for using the collected data must be stated.

2.An authorization matrix that defines authorizations and roles according to the task descriptions must be prepared. In the authorization matrix, the relevant users must be granted access to areas with personal data solely for the purposes of their duties and responsibilities.

A role/authorization matrix must be prepared according to the criticality of personal data for accessing the custom data fields for every search, issue, or customer in addition to searches of customer information and access authorizations.

Definitions on next4biz must be made according to this matrix, which must be checked periodically before and after use. Authorizations must be granted “only to the extent necessary and only to the relevant party or authority.”

3.The data collected/entered on the next4biz application must not be used for any purpose other than responding to requests and resolving the complaints within your organization. Personal data must not be shared with irrelevant departments.

The business units or business partners that will receive issues must be determined with automatic workflows and manual forwarding. No forwarding or workflow must be defined outside of the intended purpose. This data must not be transferred to external environments by means of email, etc.

4.In order to prevent the misuse of the personal data stored in the next4biz application, users must be reminded accordingly every time they access the application.

Additionally, regular notifications must be made within your organization and to your suppliers, and the relevant contracts must include these provisions.

Information notices must be prepared to serve as an announcement and knowledge base for users, and shared within the application.

Announcement Text Example: Personal data created and collected on the Customer Services application must only be used for the purpose of meeting customer complaints and requests. The data cannot be transferred to external environments or used for other purposes.

5.Custom data fields to be created on the next4biz interface must be defined in accordance with the principles of “proportionality” and “data minimization.”

Creation of unnecessary data fields must be prevented while resolving issues.

6.Special category of personal data cannot be collected and processed with the next4biz application.

As per relevant legislation in your country (GDPR in EU and CCPA in USA, Law No. 6698 in Türkiye), special category of personal data includes the data subject’s race, ethnicity, political opinions, philosophical beliefs, religious, sect or other beliefs, appearance or clothing, memberships to associations, foundations or trade unions, medical conditions, sexual life, criminal convictions and security measures, and biometric and genetic data.

a.Data fields that allow a special category of personal data must not be created on the next4biz application.

b.Necessary warnings must be defined on the interface so that users or customers do not upload special category of personal data to the next4biz application.

In issue forms, label-type data fields must be created with the addition of the relevant descriptions. Similarly, these information notices must be used for file upload fields.

Text Example: Please do not enter/upload personal data such as health information, criminal record, political opinions, etc., in this field.

c.Your organization, users, and suppliers must not enter information related to a special category of personal data, and the necessary notifications must be made periodically.

d.Upon receiving an email or a customer issue containing a special category of personal data, the said data must be promptly deleted by the relevant users within the organization.

7.Necessary warnings must be defined on the interface so that sensitive data related to customers’ such as, bank information or payment methods is not uploaded to the next4biz application.

8.Inessential personal data must not be included in automatic or manual notification message templates and messages sent via email or SMS.

9.The “Privacy Notice” and the purpose for sending the email must be added as disclosure notice at the end of emails.

Text Example: This email has been sent to you for informational purposes in response to the issue you have submitted. If you haven’t submitted any issues to our company and this email does not concern you, please send us an email at (your corporate email address).

10.Screenshots, documents, etc., with personal data or any data which is not necessary for the solution must not be uploaded to applications and environments that do not require personal data, such as help desk, email, etc.

Personal data that is not required for the resolution of support requests must not be entered into or uploaded to the help desk on the next4biz application.

Security measures such as anonymization and encryption must be taken for the information files required for the resolution of the issue.
You must periodically inform your employees and suppliers on this matter.

11.You can meet the personal data anonymization requests of your customers via the next4biz API or the Help Desk.

You can use the API method for the anonymization of personal data. Alternatively, you can submit your request to the next4biz support team by logging an issue with the help desk. No personal data is permitted in anonymization requests; there must be technical information and/or a data pattern addressing this data.

Anonymized data cannot be restored. This is why anonymization in records such as complaints, processes, etc., must be handled within the corporation to ensure the fulfillment of operational continuity and legal responsibilities.

12.The methods under the Information Security Category in the next4biz Help Desk Knowledge Base must be used and checked periodically.

next4biz Help Desk Knowledge Base: Information Security Category

  • How can I manage passwords?
  • How can I manage authorizations?
  • Which authorizations affect access to customer data?
  • How can I grant limited authorization for issue-related searches?
  • How can I limit customer search functionality?
  • How can I enable IP restriction for users?
  • What should I consider when using the Help Desk?
  • Two-Step Authentication in the Login Process
  • Confidential Issue Management
  • Authorization of Customer Data Fields
  • How Can I Manage Customer Custom Fields?
  • How Can I Manage Issue Custom Fields?
This site uses local and third party cookies, that help us to provide and improve our services. Deactivation of the cookies is possible by disabling them via your browser settings. In this case, functionalities and usage of the site may not work properly. If you want to find out more, you may access our privacy policy, defining acknowledgement for how gathered data is used. Unless you change the cookie settings, we will consider your acceptance and consent for the cookies.
Privacy Policy