MUSICHOOL
DATA SUBJECT RELATIONS GUIDE
TABLE OF CONTENTS
1. PURPOSE AND SCOPE 3
2. BASIS 3
3. DATA CONTROLLER 3
4. DATA SUBJECT 3
5. DEFINITIONS 3
6. DATA SUBJECT RIGHTS 5
6.1 Right to Request Information 5
6.2 Right to Request Correction 5
6.3 Right to Request Destruction 5
6.4 Right to Request Notification to Third Parties in Case of Destruction or Correction 5
6.5 Right to Request Compensation for Damages 5
7. APPLICATION METHODS
8. ACTION PLAN
9. DATA BREACH POSSIBILITY
10. VIOLATIONS AND SANCTIONS
11. REVISION
Purpose and Scope
In the field of personal data protection, Musichool OÜ declares that responding to the rights and requests of natural persons whose rights are protected, namely data subjects, is one of the most important obligations of the data controller, and that it shows maximum sensitivity to compliance with data privacy legislation. In this context, in accordance with the Personal Data Protection Law No. 6698 and other legislation containing special provisions, the Musichool Data Subject Relations Guide has been prepared for the purpose of planning relationship management processes in order to respond to the requests and applications of data subjects.
With this guide, application methods to be made to Musichool and the processes for responding to data subject applications within the scope of data protection regulations are regulated.
Musichool
Published in accordance with the PDPL and the Communiqué on the Procedures and Principles for the Implementation of Personal Data; prepared in accordance with Musichool PDPL Policy and publications and guides published by the Personal Data Protection Authority.
Musichool
Determines the purposes and means of processing personal data processed under its legal entity, responsible for data processing; is the data controller in accordance with the PDPL and is obliged to respond to requests and applications directed by the data subject to its legal entity.
Data Controller
Musichool, which determines the purposes and means of processing personal data processed under its legal entity and is responsible for data processing activities, is the data controller in accordance with the PDPL and is obliged to respond to data subject requests and applications submitted to its legal entity.
Definitions
Important definitions in the Musichool Data Subject Relations Guide and legislation are listed in the table below with their meanings:
| Term | Description |
|---|---|
| Personal Data | All kinds of information relating to an identified or identifiable natural person |
| Special Categories of Personal Data | Data concerning race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data |
| Data Subject | The identified or identifiable natural person whose personal data is processed (Concerned person) |
| Data Breach | In personal data protection law; processed personal data falling into the hands of third parties through illegal means |
| Data subject may request notification to third parties they have designated regarding the fate and current status of their personal data for which they requested intervention under 6.2 and 6.3. | Personal Data; Processing |
| Data Controller | The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system |
| PDPL | Personal Data Protection Law No. 6698 dated March 24, 2016, published in the Official Gazette dated April 7, 2016 and numbered 29677 |
| 29677 | Personal |
| Data, | The Board that will provide the necessary coordination within the Company within the scope of ensuring, maintaining and sustaining compliance with personal data protection legislation by Musichool |
Data Subject Rights
In accordance with Article 11 of the PDPL, personal data subjects can apply to Musichool and make requests regarding the following rights concerning themselves.
Right to Request Information
The data subject may apply to Musichool and request:
- Whether their personal data is being processed
- Information about this if their personal data has been processed
- The purpose of processing personal data and whether they are used in accordance with this purpose
- To whom this data has been transferred domestically or abroad
- Any other information regarding the protection and processing of their personal data
Right to Request Correction
The data subject may request correction if their personal data has been processed incorrectly or incompletely by Musichool.
Right to Request Destruction
The data subject may request deletion, destruction or anonymization of their personal data held within Musichool. Data subject may request notification to third parties they have designated regarding the fate and current status of their personal data for which they requested intervention under 6.2 and 6.3. Data subject may request notification to third parties they have designated regarding the fate and current status of their personal data for which they requested intervention under 6.2 and 6.3.
Right to Request Compensation for Damages
The data subject has the right to request compensation for damages suffered as a result of processing contrary to the PDPL. In this context, the data subject must be able to prove that they have suffered damage and that the damage in question was caused by Musichool's unlawful processing of personal data.
Application Methods
The data subject has the opportunity to submit their application containing clear and simple explanations regarding the rights written in Article 11 of the PDPL to Musichool through the following methods.
| Application Method | Description |
|---|---|
| Registered Electronic Mail | Email: Via electronic mail to info@musichool.co |
| In-Person Application | By coming in person to the address written below belonging to Musichool with identity documents |
| Postal / Notary Channel |
Via notary or registered mail
Address: Põhja-Tallinna linnaosa, Paavli tn 5a/1, 10412, Harju maakond, Tallinn, Estonia |
For third parties to apply on behalf of data subjects as representatives, they must present a special power of attorney issued through notary.
Action Plan
As data controller, Musichool concludes the requests of data subjects regarding their personal data in the shortest time and within 30 days at the latest, according to the nature of the request, in accordance with Article 13 of the PDPL. For this purpose, the following points are applied:
- If an application regarding the rights in Article 11 of the PDPL is made to Musichool in accordance with the application methods mentioned above; the application is notified to the Data Security Board in the shortest time and within 24 hours at the latest.
- Upon hearing of the application; the Data Security Board convenes within 24 hours at the latest and necessary preparations are made.
- After the preparation phase; a personal data report is created by the Data Security Board within 10 days in accordance with the requests.
- Together with the personal data report, the application is answered in the shortest time and within 30 days at the latest from the notification of the application.
Data Breach Possibility
If the data subject application submitted to Musichool contains findings regarding a possible data breach, the Musichool Data Breach Procedure should be implemented in this context. The breach possibility is notified to the Data Security Board immediately and within 24 hours at the latest.
Violations and Sanctions
In case of violation of policies and procedures regarding personal data published by the data controller by employees; the employee's defense is taken according to the Labor Law No. 4857 and disciplinary action is taken according to the law. The violation may constitute a crime under the Turkish Penal Code No. 5237.
Revision
This Guide enters into force from the moment it is approved by the Data Security Board. The Data Security Board is also authorized regarding the changes to be made within this Guide and how they will be implemented.
Musichool Data Subject Relations Guide is reviewed at least once a year in any case, and if there are necessary changes, it is updated by submitting it to the approval of the Data Security Board. In case of conflict between the regulations included in this Guide and the legislation in force, primarily the PDPL, the provisions of the legislation will apply.
Musichool reserves the right to make changes in the Data Subject Relations Guide in parallel with the legal regulations to be made by the PDPL Authority, which is the administrative authority. Revisions that may occur in this guide or legislation will be added to the guide by specifying the date and subject, and will be accepted as an integral part of the guide after the necessary announcements are made.