TÜRKÇE 
РУССКИЙ GDPR Explained
Approved by the European Commission in 2016 — and effective as of May 25th 2018 — the General Data Protection Regulation (GDPR) is a European privacy law designed to replace the Directive 95/46/EC, which has been the basis of European data protection law since 1995.
The GDPR has been put in place to bring EU privacy law up to speed with recent legal developments, such as the European understanding of privacy as a fundamental human right. It regulates how personal data may be obtained, used and stored, as well as how/when it is removed, with the aim of giving EU citizens and residents more control over their personal information.
With the GDPR in place, companies must:
- Collect data in a fair, legal and transparent way
- Use data in a reasonable manner, and only for the purpose it was collected
- Specify why they need the personal data they collect
- Delete personal data once its purpose has been fulfilled and/or when customers request its removal
- Provide access, including a copy of the relevant data, to any customer/consumer who requests it
Any companies found in breach of these rules are subject to heavy fines. As well as updating existing ones, the GDPR adds some new requirements for compliance. As such, enforcement will be a particularly big issue in the months to come after the GDPR comes into effect.
IMKO TEKSTIL, Data Privacy And GDPR Compliance
The first thing we should point out is that most reputable companies see all of the requirements of the GDPR as representing responsible business practices. At IMKO TEKSTIL we’ve always felt that data privacy is extremely important, and we already have extensive security and privacy measures in place.
You’ll find a few of the measures we’ve been taking outlined below:
1. Data Processing Addendum (DPA)
We offer a DPA which has contractual terms that line up with all GDPR requirements, for any of our customers collecting data from those in the EU. We’ve be added this to our Terms of Service on May 25th, with no action required on your part.
As a small team with no legal counsel on staff, we regret to say that we’re unable to make individual changes to our DPA or sign customers’ DPAs.
2. Training And Awareness
We’ve assembled a privacy team comprised of leaders from all areas of our business, from Engineering to Marketing and Ops, and headed up by a DPO (Data Protection Officer).
All employees, existing and new, will be made aware of GDPR regulations. Plus, where appropriate, additional training will be available for all members of our team.
3. Consent And Cookies
Our updated cookie policy outlines, in completely transparent terms, what happens to your data (and how it’s used) when you visit our site. You’ll also find information about how to change the way your browser handles cookies if you’re not happy with your current setup.
4. Data Inventory
We’ve taken an in-depth look at the way we collect and process customer data, categorizing and taking inventory of everything from cookies to chat conversations. As well as validating our approach to personal data, we’ve also made sure that the appropriate privacy and security safeguards are in place across our entire infrastructure and software ecosystem. You’ll find information about this entire process in our Privacy Policy.
5. Updates To Our Third Party Vendor Contracts
We’ve performed a deep review of all our third party vendors and their GDPR compliance. The result of this assessment is that, from May 25th 2018 on wards, all of our third party vendors are GDPR compliant. We’re also glad to say that many took additional measures to ensure that they were ready for GDPR well before this deadline.
6. Terms Of Service And Privacy Policy
We have updated our Terms of Service and Privacy Policy to describe, as clearly as possible, what types of personal data we collect and process, why and how we use it, who we share it with and how long we store it for. Transparency is important to us here at IMKO TEKSTIL, which is why we’ve renewed our efforts to keep these documents easy to access and the language used in them simple to understand.
7. Access, Portability and Deletion
Parts of the GDPR explicitly address data subject rights, which concerns the rights individuals have in relation to their own personal information. We think it’s important to clarify that we store all conversations and personal data for up to 6 years unless your account is deleted. Information is stored and processed with only fully vetted DPA compliant vendors and, in the case of account deletion, we dispose of all data (in accordance with our Terms of Service and Privacy Policy) within 60 days.
The GDPR states that EU customers must be able to access, update and/or remove personal data. Our self service platform allows you, and has always allowed you, to access both your data and data belonging to your customers. You can search for and delete any end user conversations from within IMKO TEKSTIL. You can also access, update, retrieve and remove personal data concerning “agent” users (including yourself) in your IMKO TEKSTIL account.
Please contact our support team if you need to export end user data in a computer readable format.
8. Risk Assessment (Data Protection Impact Assessments)
Our managed data protection impact assessment (DPIA) process, which is a requirement of the GDPR, allows us to identify and minimize the data protection risks of any project. We’ll always collaborate on a solution to address any risk identified, big or small, in order to mitigate its impact on data privacy.
We’ve always taken security and privacy into account when looking at the implementation of new features or changes, discussing the potential impact on privacy and security for IMKO TEKSTIL customers, and we’ll continue with this risk assessment process as we expand our offerings.
9. Breach Management
Since IMKO TEKSTIL has always handled a good deal of personal data, we already had a breach management and communication plan in place (and have done so for some time). We have, however, updated this process to comply with GDPR regulations. Specifically, we re-examined the escalation process and approach to data subject notification.
Contacting IMKO TEKSTIL
If you have any questions about these Terms, please contact IMKO TEKSTIL at:
IMKO TEKSTIL,
GDPR@IMKOtekstil.com.tr