DATA SUBJECT RELATIONS GUIDE
TABLE OF CONTENTS
OBJECTIVE AND SCOPE
In the field of personal data protection, acknowledging that responding to the rights and demands of data subjects -- namely, the natural persons whose rights are protected -- is one of the most important obligations of the data controller, and demonstrating the utmost sensitivity regarding compliance with data privacy legislation, Musichool OÜ (hereinafter referred to in accordance with the Personal Data Protection Law No. 6698 (hereinafter "KVKK Law") and other legislation containing special provisions) has prepared the Musichool Data Subject Relations Guide for the purpose of planning the processes of responding to the requests and applications of data subjects and managing data subject relations.
This guide regulates the application methods to be made to Musichool within the scope of data protection regulations and the processes for responding to data subject applications.
LEGAL BASIS
Published in accordance with the KVKK Law, this guide has been prepared in compliance with the Communique on the Application Procedures and Principles Regarding Data, the Musichool KVKK Policy, and the publications and guides issued by the Personal Data Protection Authority.
DATA CONTROLLER
Musichool, which determines the purposes and means of processing personal data processed under its legal entity and is responsible for the data processing activity, is the data controller in accordance with the KVKK Law and is obliged to respond to data subject requests and applications submitted to its legal entity.
DEFINITIONS
The important definitions found in the Musichool Data Subject Relations Guide and in the legislation, together with their meanings, are set out in the table below:
| Term | Definition |
|---|---|
| Personal Data | Any information relating to an identified or identifiable natural person |
| Special Category Personal Data | Data concerning race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or trade union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data |
| Data Subject | The identified or identifiable natural person whose personal data is processed (Relevant person) |
| Data Breach | In personal data protection law; the acquisition of processed personal data by third parties through unlawful means |
| Processing of Personal Data | Any operation performed on data such as obtaining, recording, storing, preserving, altering, reorganizing, disclosing, transferring, taking over, making available, classifying, or preventing the use of personal data |
| Data Controller | The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system |
| KVKK Law | The Personal Data Protection Law No. 6698, dated March 24, 2016, published in the Official Gazette dated April 7, 2016 and numbered 29677 |
| Data Security Board | The Board established within the Company by Musichool to ensure the necessary coordination within the scope of ensuring compliance with, maintaining and sustaining personal data protection legislation |
RIGHTS OF THE DATA SUBJECT
Pursuant to Article 11 of the KVKK Law, personal data subjects may apply to Musichool and make requests regarding the following rights concerning themselves.
6.1. Right to Request Information
The data subject may apply to Musichool and request:
- Whether their personal data is being processed,
- For what purpose it is being processed,
- Whether it is being used in accordance with the processing purpose determined by Musichool,
- To whom this data has been transferred, both domestically and abroad, and
- Any other information regarding the protection and processing of their personal data.
6.2. Right to Request Correction
The data subject may request the correction of their personal data in the event that it has been processed incorrectly or incompletely by Musichool.
6.3. Right to Request Destruction
The data subject may request the deletion, destruction, or anonymization of their personal data held within Musichool.
6.4. Right to Request Notification to Third Parties in Case of Destruction or Correction
The data subject may request that Musichool notify the third parties they have designated regarding the outcome and current status of the personal data for which they have requested intervention under sections 6.2. and 6.3.
6.5. Right to Claim Compensation for Damages
The Data Subject has the right to claim compensation for damages suffered as a result of processing contrary to the KVKK Law. In this context, the data subject must be able to prove that they have suffered damage and that the damage in question arose from Musichool's processing of personal data in a manner contrary to the Law.
APPLICATION METHODS
The data subject has the opportunity to submit their application, which contains their explanations clearly and simply expressing their rights under Article 11 of the KVKK Law, to Musichool through the methods listed below.
| Application Method | Description |
|---|---|
| Registered Electronic Mail | By electronic mail to the email address info@musichool.co |
| In-Person Application | By presenting identity documents in person at the Musichool address written below |
| Mail / Notary Channel | By notary public or by registered mail with return receipt |
Address: Musichool OÜ, Pohja-Tallinna linnaosa, Paavli tn 5a/1, 10412, Harju maakond, Tallinn, Estonia
For third parties to make applications in the capacity of representative on behalf of data subjects, they must present a special power of attorney issued through a notary public.
ACTION PLAN
Musichool, in its capacity as data controller, pursuant to Article 13 of the KVKK Law, finalizes the requests of data subjects regarding their personal data in the shortest time possible and within 30 days at the latest, depending on the nature of the request. For this purpose, the following procedures are carried out.
POSSIBILITY OF DATA BREACH
If the data subject application submitted to Musichool contains findings regarding a possible data breach, the Musichool Data Breach Procedure must be put into practice in this context. The possibility of a breach is immediately reported to the Data Security Board within 24 hours at the latest.
VIOLATIONS AND SANCTIONS
In the event that policies and procedures regarding personal data published by the data controller are violated by employees, the employee's defense is taken in accordance with the Employment Contract and Labor Law No. 4857, and a disciplinary measure appropriate to the act is established. In cases where the act also constitutes a crime under the Turkish Penal Code No. 5237 or other laws, the necessary judicial authorities are notified.
REVISION
This Guide enters into force from the moment it is approved by the Data Security Board. The Data Security Board is also authorized regarding the changes to be made within this Guide and how they will be put into practice.
The Musichool Data Subject Relations Guide is reviewed at least once a year in any case, and if there are necessary changes, it is updated by submitting it for the approval of the Data Security Board. In the event of a conflict between the legislation in force, primarily the KVKK Law, and the regulations contained in this Guide, the provisions of the legislation shall apply.
In parallel with the legal regulations to be made by the KVKK Authority, which is the administrative authority, Musichool reserves the right to make changes to the Personal Data Retention and Destruction Policy.
Any revisions that may occur in this policy or legislation will be added to the guide with the date and subject specified, and after the necessary announcements are made, they will be considered an integral part of the guide.