MUSICHOOL10 coupon code for 10% off all courses! ๐ŸŽถโ—Free Workshops Start your music journey! ๐ŸŽตโ—Emre Yรผcelen Vocal training has started! ๐ŸŽคโ—Compel Partnership Special music production workshops! ๐Ÿฅ
MUZIKOGREN %20 indirim! ๐ŸŽถ
Login
Musichool

Musichool Personal Data Breach Procedure

TABLE OF CONTENTS

  • Objective and Scope
  • Legal Basis
  • Data Controller
  • Definitions
  • Data Breach / Data Breach Risk
  • Action Plan
  • Violations and Sanctions
  • Revision

    • OBJECTIVE AND SCOPE

    Musichool Oรœ ("Musichool"), which demonstrates the utmost sensitivity regarding compliance with data privacy legislation, adopts a risk-based approach in this regard.

    Although policies and procedures regarding personal data maintained in the capacity of data controller have been established and published in accordance with the Personal Data Protection Law No. 6698 (hereinafter referred to as "KVKK Law") and other legislation containing special provisions, the Musichool Personal Data Breach Procedure has been prepared for the purpose of planning the measures to be taken, initial actions, correspondence and processes to be followed in the event of a breach of said policies or processes relating to personal data.

    This procedure details the action plan to be implemented in the event that personal data and special categories of personal data processed within Musichool under data protection regulations are obtained by third parties through unlawful means.

    LEGAL BASIS

    The Musichool Data Breach Procedure has been published in accordance with the KVKK Law and the Announcement Regarding the Decision Dated 24.01.2019 and Numbered 2019/10 on the Procedures and Principles of Personal Data Breach Notification; and has been prepared in compliance with the Musichool KVKK Policy and the publications and guides issued by the Personal Data Protection Authority.

    One of the most critical obligations of the data controller is to ensure the security of personal data processed within its organization. For this purpose, Musichool, pursuant to Article 12 of the KVKK Law;

    • To prevent unlawful processing of personal data,
    • To prevent unlawful access to personal data,
    • To ensure the preservation of personal data

    takes all necessary technical and administrative measures to ensure an appropriate level of security.

    DATA CONTROLLER

    Musichool, which determines the purposes and means of processing personal data processed under its legal entity and is responsible for data processing activities, is the data controller pursuant to the KVKK Law.

    DEFINITIONS

    The important definitions contained in the Musichool Data Breach Procedure and the legislation, together with their meanings, are set out in the table below:

    TermDefinition
    Personal DataAny information relating to an identified or identifiable natural person
    Special Category Personal DataData concerning race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or trade union membership, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data
    Data SubjectThe identified or identifiable natural person whose personal data is processed (Relevant person)
    Data BreachIn personal data protection law; the acquisition of processed personal data by third parties through unlawful means
    Data ControllerThe natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system
    Processing of Personal DataAny operation performed on data such as obtaining, recording, storing, preserving, altering, reorganizing, disclosing, transferring, acquiring, making available, classifying or preventing the use of personal data
    KVKK AuthorityThe Personal Data Protection Authority
    Data Security BoardThe Board established within the Company by Musichool to ensure the necessary coordination in ensuring compliance with, maintaining and sustaining personal data protection legislation

    DATA BREACH / DATA BREACH RISK

    Pursuant to the KVKK Law, the obtaining, processing, or sharing of data defined as personal data or special category personal data with third parties domestically or abroad without obtaining explicit consent from the data subject, or despite having obtained explicit consent, the transfer of personal data to third parties by breaching published policies on the protection of personal data, the unlawful interference with data in physical or electronic environments resulting in their transfer to third parties, and the failure to take adequate data security measures in physical and electronic environments shall be classified as a data breach or data breach risk.

    ACTION PLAN

    In the event of a data breach, the situation shall be reported to the relevant data subjects and the Personal Data Protection Board as soon as possible and within 72 hours at the latest. The following processes shall be implemented in order to comply with the 72-hour notification period.

    Upon detection of a data breach, the relevant personnel shall make a verbal notification to the Data Security Board officials without delay and within 60 minutes at the latest, or to Musichool officials if these individuals cannot be reached. Upon notification of the breach, the Data Security Board must convene within 24 hours at the latest and carry out work on the processes set out below.

    6.1. DETERMINATION OF THE CAUSE OF THE DATA BREACH

    • Sending personal data to incorrect recipients
    • Theft or loss of documents/devices
    • Storage of data in insecure environments
    • Malicious software
    • Social engineering
    • Sabotage
    • Accident / Negligence
    • Other

    6.2. DATA SUBJECTS AFFECTED BY THE BREACH

    Data subjects affected by the breach shall be informed about the breach within a reasonable time.

    Following the breach, requests and applications from data subjects regarding their personal data shall be processed immediately and evaluated in accordance with the Musichool Data Subject Relations Guide.

    PERSONAL DATA CATEGORIES

    • Identity
    • Contact
    • Location
    • Personnel Legal Proceedings
    • Customer Transactions
    • Physical Space Security
    • Transaction Security
    • Risk Management
    • Finance
    • Professional Experience
    • Marketing
    • Visual and Audio Recordings

    SPECIAL CATEGORY PERSONAL DATA CATEGORIES

    • Race and Ethnic Origin
    • Political Opinion
    • Philosophical Belief
    • Religion, Sect and Other Beliefs
    • Clothing and Appearance
    • Association Membership
    • Foundation Membership
    • Trade Union Membership
    • Health Information
    • Sexual Life
    • Criminal Convictions and Security Measures
    • Biometric Data
    • Genetic Data

    NUMBER OF PERSONS AFFECTED BY THE BREACH

    • Estimated Number of Persons: ...
    • Estimated Number of Records: ...

    GROUPS OF PERSONS AFFECTED BY THE BREACH

    • Employees
    • Users
    • Subscribers/Members
    • Customers and Potential Customers
    • Other

    IMPACT OF THE BREACH ON INDIVIDUALS

    • Loss of control over personal data
    • Identity theft
    • Discrimination
    • Restriction of rights
    • Fraud
    • Financial loss
    • Reputational damage
    • Loss of security of personal data
    • Other

    POTENTIAL RISKS ARISING FROM THE BREACH

    IMPACT OF THE BREACH ON THE ORGANIZATION

    • Unknown
    • Low: No loss of effectiveness has occurred.
    • Medium: We have lost the ability to provide an important service to some of our users.
    • High: We have lost the ability to provide all important services to all of our users.

    RECOVERY TIME

    • Normal
    • Supported
    • Extended
    • Irreversible
    • Completed

    WHETHER THE INFORMATION SYSTEM WAS AFFECTED BY A CYBER ATTACK

    • Yes
    • No

    VIOLATIONS AND SANCTIONS

    In the event that policies and procedures regarding personal data published by the data controller are violated by employees; the employee's defense shall be taken in accordance with the Employment Contract, the KVKK Confidentiality Undertaking and the Labor Law No. 4857, and a disciplinary measure appropriate to the act shall be established. In cases where the act also constitutes a crime under the Turkish Penal Code No. 5237 or other laws, the necessary judicial authorities shall be notified.

    REVISION

    This Guide shall enter into force from the moment it is approved by the Data Security Board. The Data Security Board is also authorized regarding the changes to be made within this Guide and how they will be put into practice.

    The Musichool Personal Data Breach Procedure shall be reviewed at least once a year in any case, and if there are necessary changes, it shall be updated by submitting it for the approval of the Data Security Board. In the event of a conflict between the legislation in force, primarily the KVKK Law, and the regulations contained in this Procedure, the provisions of the legislation shall apply.

    Musichool reserves the right to make changes to the Personal Data Breach Procedure in parallel with the legal regulations to be made by the KVKK Authority, which is the administrative authority. Revisions that may occur in this procedure or in the legislation shall be added to the procedure specifying the date and subject, and after the necessary announcements are made, they shall be deemed an integral part of the procedure.

    Other Legal Policies

    Privacy PolicyPersonal Data Protection and Processing PolicyDisclosure TextPersonal Data Retention and Destruction PolicyDistance Sales and Service AgreementUser and Membership AgreementCancellation and Refund PolicyData Subject Relations GuideInstructor Agreement