Creentech, which operates in the fields of technological infrastructure supply, sales, installation and support services, server room design consultancy and commissioning services, and cybersecurity solutions, has the principle of exceeding the expectations of its customers, employees, institutions to which it provides services and products, and other social stakeholders. The company derives its strength from its trained and continuously developing human resources. It has set itself the vision of bringing the technologies of the future to Turkey.

Adding value to our customers in the field of information technologies and increasing their competitiveness; Our goal is to provide high-quality, flexible, nationwide, integrated solutions with our competent team.

Our Values:

• Our employees are our most important asset; their personal and professional development is important to our company.
• We strive to create an honest, tolerant, respectful, and dedicated work environment for our employees within a team spirit for continuous training, development, and improvement.
• We believe in the continuity of learning, improvement, and change.
• In our activities;
We embrace a data-driven, process-oriented approach and the importance of human resources. We adopt and implement transparency, consistent and accessible leadership in management. Our goal is to do all work right the first time and on time every time by ensuring the participation of all our employees. We make every effort to benefit society, the natural environment and humanity. We provide high-quality services that meet the demands and expectations of our customers, and we maintain customer satisfaction by providing pre- and post-sales support. We contribute to a sustainable environment by reducing the consumption of natural resources and the amount of waste. We take all necessary precautions, have the necessary tools and equipment, and ensure their use when required, in accordance with the current occupational safety and health (OSH) legislation and other OSH requirements. We increase our productivity by adopting the goal of zero work accidents and zero occupational diseases and taking the necessary precautions. We increase our services.
• We work to protect our employees from work accidents and occupational diseases, to create safe and healthy working conditions, and to eliminate hazards and reduce risks by proactively evaluating occupational health and safety risks and opportunities.
• We work to ensure and maintain the compliance of our services with customer demands, national and international standards, and legal regulations.
• We ensure that the confidentiality of customer and personnel information is communicated to all employees and that activities are carried out to protect the principle of confidentiality.
• Our goal is to identify, evaluate, and reduce risks related to the confidentiality, integrity, and access of information to acceptable levels.
• We work to minimize vulnerabilities and threats through infrastructure, work environment, hardware, software, and training investments.
• To measure the performance of information security processes and generate targets from this data.
• To meet the information security requirements of our business, our customers, and legal requirements.
• Within the framework of our company policy, we aim to ensure the sustainability of the successes we have achieved, to take them to higher levels, and to ensure that our employees see the development of our brand awareness as one of their common and primary goals.

• PURPOSE AND SCOPE

The purpose of the Information Security Policy is to prevent information security incidents or minimize the risk of damage in order to ensure the business continuity of Creentech and reduce the impact of potential threats. In this context, the goal is to establish an Information Security Management System and be compliant with the ISO 27001 standard.

This policy covers the information assets within Creentech.

• RESPONSIBILITY

The Information Security Management System (ISMS) has been established within Creentech to maintain the confidentiality, integrity, and accessibility of information by implementing asset and risk management processes and to provide assurance to relevant parties that risks are managed correctly.

• POLICY

• The Information Security Policy ensures all of the following requirements:
• The goal of the policy is to protect the company's information assets against internal and external intentional or unintentional threats.
  • Our goal is to identify, assess, and reduce risks to the confidentiality, integrity, and accessibility of information to acceptable levels.
  • We work to minimize vulnerabilities and threats through investments in infrastructure, work environment, hardware, software, and training.
  • Protecting information from unauthorized access
  • Measuring the performance of information security processes and generating targets from this data
  • Meeting the information security requirements of our business, our customers, and legal requirements
  • Developing and improving business continuity plans
  • Providing Information Security training to all employees
  • Ensuring that all Information Security breaches or suspected breaches are reported to and investigated by the Information Security Management System Team
• Procedures and related instructions have been defined to support this policy.
• All management personnel are required to ensure that the units they manage comply with this policy and related instructions.
• Compliance with the Information Security Policy is mandatory for all employees.

• PURPOSE AND SCOPE

This policy defines the processes of planning, establishing, implementing, using, monitoring, reviewing, maintaining, and improving the Service Management System (SMS) implemented within Creentech. It also aims to ensure compliance with the requirements of the ISO/20000-1 standard.

The Service Management Policy provides a framework for effectively managing and continuously improving Creentech's IT services. This policy aims to improve the quality of service by covering critical issues such as compliance with standards, risk management, personnel management, and customer relations.

• RESPONSIBILITY

Senior management regularly conducts a systematic review of service performance. Management Review is conducted within the scope of technical and other management meetings.
The Management Systems Representative has general authority and responsibility for the implementation and management of the Service Management System.

The Management Representative carries out their authority and responsibilities together with the Service Management System Team.

• POLICY

• We aim to continuously improve the ISO 20000-1 Service Management System.
• As CREENTECH, we work to meet the standards in each service process and to improve service processes in order to fully fulfill the Contract and Customer requirements.
Ensuring customer satisfaction is our main goal. We enter calls into the system, plan the process, and resolve calls within the timeframe specified in the defined service level agreements. All incident, request, version, and change records are kept in the help desk application. We keep all resources and equipment under our responsibility, and all configuration elements needed within service processes, under control. We aim to establish and maintain good relationships between service providers and customers based on understanding customers and their businesses. Customer satisfaction surveys are conducted. Results and customer complaints are evaluated, and corrective measures are taken. Internal and external audits are conducted to control the functioning of processes, and corrective and preventive actions are taken. We comply with all legal requirements that must be implemented within the scope of the Service Management System.

 

 

This instruction aims to fulfill the obligations regarding the processing of personal data by Creentech Bilişim Teknolojileri A.Ş. (the Company) and to inform the relevant individuals within the scope of the Law No. 6698 on the Protection of Personal Data (KVKK).

Data Controller

In accordance with the Law No. 6698 on the Protection of Personal Data (KVKK), your personal data may be processed by CED Teknoloji Danışmanlık Bilişim ve Destek Hizmetleri Ticaret Anonim Şirketi (the Company) as the data controller within the scope explained below.

Purposes for Which Personal Data Will Be Processed

Your personal data will be processed for the following purposes; Personal data is processed in accordance with the legal grounds specified in Articles 5 and 6 of the KVKK (Personal Data Protection Law) for the purposes of conducting internal company activities, implementing human resources policies, occupational health and safety processes, communication activities, conducting contract processes, customer relations and ensuring security.

Situations Requiring Explicit Consent

Our company obtains the explicit consent of the data subject for data processing activities that are not legally required and are not included in Articles 5/2 and 6/3 of the KVKK, and only processes data based on this explicit consent.

To Whom and for What Purpose the Processed Personal Data May Be Transferred

Your collected personal data; Personal data may be transferred to our business partners, suppliers, Group companies, shareholders, legally authorized public institutions and private individuals within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVKK (Personal Data Protection Law). Your personal data will not be used for purposes other than those stated above, and will not be shared or transferred to third parties except for legal obligations and official institutions/organizations. Transfer of Data Abroad Our company may transfer personal data abroad only with the explicit consent of the data subject or when the legal conditions specified in Article 9 of the KVKK are met and to countries where adequate protection is provided as determined by the Personal Data Protection Board. Method and Legal Basis of Personal Data Collection Your personal data will be collected by the Company in accordance with the legislation; Personal data is collected through various channels such as partnerships, group companies, affiliates, and solution partners with whom we cooperate or have contractual relationships.

In this regard, your personal data collected may be processed and transferred within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the KVKK (Personal Data Protection Law) and for the purposes specified in Articles (II) and (III) of this Disclosure Statement.

Measures Regarding the Protection of Personal Data

The company takes all necessary technical and administrative measures regarding the protection of personal data.

In this context: access control, data masking, encryption, log tracking, antivirus applications are used, and employees are given regular KVKK training.

Personal Data Retention Period and Destruction Policy

Personal data is stored for a period appropriate to the processing purpose; At the end of the relevant legal periods, the data is deleted, destroyed, or anonymized within the framework of the Company’s 'Data Storage and Destruction Policy'. The periods of destruction processes are evaluated and implemented by the relevant departments.

Rights of the Personal Data Subject as Listed in Article 11 of the KVKK

As personal data subjects, if you submit your requests regarding your rights to the Company using the methods set out below in this Disclosure Statement, you will receive a response as soon as possible and within 30 days at the latest after the evaluation of the request. However, if a fee schedule is foreseen by the Personal Data Protection Board, CED Teknoloji Danışmanlık Bilişim ve Destek Hizmetleri Ticaret A.Ş. will collect the fee from the relevant party according to the determined schedule.

In this context, personal data subjects;

• To find out if personal data has been processed,
• If personal data has been processed;
• The right to request information regarding this,
• The right to learn the purpose of processing personal data and whether it is used in accordance with its purpose,
• The right to know the third parties to whom personal data is transferred, domestically or abroad,
• The right to request the correction of personal data if it is incomplete or inaccurate, and to request that the action taken in this regard be notified to the third parties to whom the personal data has been transferred, to request the deletion or destruction of personal data if the reasons requiring its processing have ceased to exist, even if it has been processed in accordance with the provisions of Law No. 6698 and other relevant laws, and to request that the action taken in this regard be notified to the third parties to whom the personal data has been transferred,
• The right to object to a result that is detrimental to the data subject, especially as a result of the automatic analysis of the processed personal data,
• The right to demand compensation for damages if damages are incurred due to the unlawful processing of personal data.

 

Request Submission Management

In accordance with the first paragraph of Article 13 of the KVKK (Personal Data Protection Law), you can submit your request regarding the exercise of your rights mentioned above by attaching documents confirming and verifying your identity. You can submit your requests regarding these rights, along with documents verifying your identity, to:

- By registered mail with return receipt: Karanfil Cad. Hardal Sok. No:4, Levent Mahallesi, Beşiktaş/ISTANBUL

- Through registered electronic mail (KEP) address

- Through the e-mail address previously notified to our company and registered in our system

Applications will be evaluated and finalized within 30 days in accordance with Article 13 of the KVKK.

Data Inventory

As CED Technology Consulting Information and Support Services Trade Inc., in accordance with Article 16 of the Law No. 6698 on the Protection of Personal Data (“Law”), data controllers who are natural or legal persons processing personal data must register with the Data Controllers Registry (“Registry”) before starting to process personal data. In this context, our company has notified the Data Controllers Registry Information System (https://verbis.kvkk.gov.tr) of the Personal Data Protection Board that the data is processed under the headings listed below.

• Relevant User
• Relevant Person Group
• Data Category
• Personal Data
• Business Process
• How Data Was Obtained
• Purpose of Data Processing
• Method of Processing
• Access Authorities
• Storage Medium
• Storage Period
• Periodic Destruction Period
• Destruction Method
• Recipient Group
• Internal Company
• Shared Party
• Transfer Method
• Transfer Purpose
• External Company
• Shared Party
• Transfer Method
• Transfer Purpose
• Abroad
• Shared Party
• Transfer Method
• Transfer Purpose
• Was Commitment Obtained from the Recipient Data Controller?
• Is Board Permission Available?
• Country
• Legal Basis
• Security Measures Taken
• Technical and Administrative Measures