COMMITMENT TO THE PERSONAL DATA PROTECTION LAW & REGULATIONS
Next4biz declares to comply with Turkish Law No. 6698 on the Protection of Personal Data (“KVKK”) and other applicable laws and regulations such as General Data Protection Regulation (“GDPR”) when we process personal data in the European Union region and California Consumer Privacy Act (“CCPA”) when we process personal data in the USA.
PURPOSE OF PROCESSING PERSONAL DATA
Next4biz offers online services and products in the digital environment by providing licenses to the software it develops for process management, customer relations, and customer services. Therefore, Next4biz processes personal data only in case of necessity for its software to function as a platform that helps organizations design and manage their customer relations and business processes. The personal data is processed only within the scope of purposes described in the contract and protected by Next4biz in accordance with Law No. 6698 in Türkiye (VERBIS (Personal Data Metadata and Pattern Definition Legal Platform) and in accordance with GDPR and CCPA as well. In the event that the purpose for processing personal data no longer exists, Next4biz destroys the personal data. Next4biz destroys personal data upon formal request of the data subject and the data controller as well. Save for legal exceptions mentioned in the law such as the data processor’s obligations to keep the data for a limited period of time.
ENSURING INFORMATION SECURITY
Next4biz implements various administrative and technical measures to prevent unauthorized access to personal data and to comply with Law on the Protection of Personal Data (no. 6698) in Türkiye and to comply with GDPR and CCPA.
We ensure to take necessary technological, physical, and administrative measures in means of information security components. Next4Biz carefully develop security policies and apply standards for information security management complied with ISO27001 and ISO27701 and standards for personal data protection complied with BS10012. Next4biz manages the information security management system and undertakes activities to control, prevent, and monitor.
Next4biz is in direct contact with its corporate customers (data controllers) using its products and services. However, no direct contact occurs between Next4biz and data subjects/ end users benefiting from the Next4biz products and services through next4biz’s corporate customers. If these data subjects request to access, alter or erase information stored on our products, they should directly contact their data controllers.
All employee contracts at Next4biz include particular clauses on information security and privacy. We take care to recruit reliable, competent, and customer-oriented people who are aware and capable of fulfilling privacy and legal requirements.
STORAGE AND TRANSFER OF PERSONAL DATA
As part of the customer services, customer relations, and process management software that Next4biz provides, the personal data of data subjects who are clients to our corporate customers is stored and processed in a digital environment. Instead of being stored in the headquarters, the data is kept in digital format in highly secure data centers where the services are provided.
In line with the aforementioned purposes and scope, Next4biz may transfer the processed personal data within the conditions described in the law and/or the consent of the data subjects to third parties if the processing is required for the customer’s benefit, for the fulfillment of the requested level of service, for on-site R&D activities, and for data troubleshooting and relevant support activities.
PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA
Next4biz does not process special categories of personal data of third parties (including the data subject’s race; ethnicity; political opinions; philosophical beliefs; religion or other beliefs; appearance or clothing; memberships to associations, foundations or trade unions; medical conditions; sexual life; criminal convictions and security measures; and biometric and genetic data) unless clear consent is provided in compliance with relevant laws.
Next4biz software is a product that offers Customer Relations, Customer Services, and Business Process Management features. We implement and update all necessary administrative and technical precautions to ensure the protection of personal data. However, next4biz is not a product developed to process special categories of personal data.
We highly recommend our customers not to load and process special categories of personal data and give detailed reasons for that in the document named: Article 6 of the Important Notices on the Management of Personal Data When Adapting and Using the next4biz Product.
DESTRUCTION OF PERSONAL DATA
Our Company retains the personal data it collects and stores it for the duration of its legal obligations set forth in the relevant Law or for the duration of its legal obligations arising from any contract and from protecting our legitimate interests. For the personal data subject to status as data controller; Next4biz keeps any collected and stored personal data as long as its obligations arising from the Law continue or for a period deemed appropriate for the purpose of fulfillment of its obligations and protection of its rights arising from the contracts.
Data anonymization and destruction process upon requests will be considered due to relevant legislation and for the data in status of “data controller”. Periodic data destruction is executed for the personal data in status of data controller.
For the status of “data processor” the relevant data controller will be responsible for data destruction.
This Statement does not apply to instances where we merely process data on behalf of corporate clients who are data controllers for their benefit, such as when we act as only a data processor.
RESPONSIBILITIES OF NEXT4BIZ
Next4biz is responsible for fulfilling this commitment to protect personal data and privacy as part of its services and products. Accordingly, we act in compliance with the Law on the Protection of Personal Data.
- Our employees are informed about their obligation to refrain from disclosing any personal data they obtained as part of their jobs to any third parties. They are also aware of the rule that forbids using personal data outside of its intended purpose, and they understand that they remain liable even after the termination of their employment contract.
- All necessary administrative and technical precautions are implemented to prevent the illegal processing of and access to personal data, and to ensure the security of information.
- Our Company takes all available and necessary technological precautions to process personal data, to store it in safe environments, and to prevent its loss or modification.
- In compliance with relevant laws , our Company conducts internal audits regularly and obtains the services of independent cyber security companies to conduct penetration tests on the safety measures in place.
- In the event that any personal data processed by our Company is obtained illegally by others despite all the necessary precautions implemented by us, we inform the data subject and the data controller of the situation.
- If the data subjects wish to use their rights granted in Article 11 of Law No. 6698, or to get information about their personal data, request its destruction or other action from us, they must send their written and signed requests to Next4biz Bilgi Teknolojileri A.Ş. Sahrayı Cedit Mahallesi Halk Sokak Pakpen Plaza No.: 40/ to our registered email address email@example.com with a secure electronic signature. Requests are only processed following the verification of identity of the data subject.
Next4biz Bilgi Teknolojileri A.Ş.