Your personal data in the types and categories of name-surname, e-mail address, phone number, your username, IP address, your picture, your test results, personal data obtained through cookies is processed by Maritimetrainer in accordance with the purposes described below pursuant to the fundamental principles stipulated by the Law and within the scope of personal data processing conditions:

To provide Learning Management System To our users

To plan and execute the human resources policies and processes of the company

To execute the required works by our business units to make related persons benefit from the product and services offered by the company and conduct related business processes

To plan and execute the activities required to introduce and recommend the products and services offered by the company to the related persons by privatizing according to their admiration, usage habits, and needs

To carry out required activities by our related business units and to carry out the related business processes in order to realize the commercial activities carried out by the Company

To carry out required works by the related business units for the execution of trade activities conducted by the company and conducting related business processes

To plan and execute the trade and/or business strategies of the company

To procure the legal, technical and commercial business security of the Company and the persons involved in business relations with the Company

Your personal data may be transferred by Maritimetrainer to our business partners, suppliers, and Maritimetrainer affiliates, legally authorized public institutions, and legally authorized private institutions in accordance with the basic principles stipulated by law and within the scope of the personal data processing requirements:

To create Learning Management System for our users

To plan and enforce the human resources policies and processes of the company

To carry out required activities by our business units to make related persons benefit from the products and services offered by the Company and conduct the related business processes

To plan and promote the activities required for the promotion and promotion of the products and services offered by the company to the related persons by privatizing them according to their taste, usage habits, and needs

To carry out the necessary activities by our related business units and to carry out the related business processes in order to realize the commercial activities carried out by the Company

To plan and execute the company's commercial and/or business strategies

To provide the legal, technical, and business-trade security of the Company and the persons in relation with the Company.

Your personal data are collected based on legal reasons through different channels within the compliance of the legislation and the policies of the Company. Your collected personal data is processed and transmitted for the legal reasons of the processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract, processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject and your explicit consent.

As a personal data subject, you have the following rights pursuant to Article 11 of the Law:

To find out whether your personal data is processed,

To request information on whether your personal data is processed,

To find out the purpose of processing your personal data and whether it is being used appropriately for its purpose,

To know about the third parties to whom your personal data is transferred in a domestic or foreign country,

To request the correction of your personal data if it is incomplete or incorrectly processed, and request the declaration to third parties about the process

To request the removal or suppression of your personal data and the declaration to third parties about the transfer of personal data in case of the removal of the reasons subjected to the processing even if the data is processed according to the law and other relative provisions,

To object against the occurrence of a consequence of the analysis of processed data exclusively through automatic systems,

To claim the recovery of the loss in case of damage due to the illegal processing of your personal data.

You can transfer your applications about your rights set forth above to MTR Bilişim Eğitim ve Danışmanlık Limited Şirketi by filling the Data Subject Application Form. Your application shall be concluded unpaid as soon as possible and within thirty days at the latest according to the nature of your request; however, the Company reserves the right to request a fee to be determined by the Personal Data Protection Board in case of an additional cost.

For your information.

MTR BİLİŞİM EĞİTİM VE DANIŞMANLIK LİMİTED ŞİRKETİ

Two cookies are used in the Maritimetrainer Distance Learning System.

1. One of the required ones is the session cookie named MoodleSession. You need to allow this cookie to prevent the frequent closing of your session while browsing through the pages. If you log out or close your Internet browser, this cookie will be deleted both from your computer and from the server.

2. The other cookie is a cookie called MOODLEID, which is used to improve your experience. The cookie only remembers your username in your browser. So, when you come back to this site, the username field on your login page will be filled in for you. You may not agree to use this cookie. But in this case, you will have to re-enter your username every time you visit our website.

The contents of cookie texts are often of nature to be understood by engineers and we recommend that you visit www.allaboutcookies.org or www.aboutcookies.org (in English) if you would like to receive information in a more detailed and understandable language about cookies.

INFO: In our distance education system, advertisements and third-party cookies are strictly forbidden.

We, as MTR Bilişim Eğitim ve Danışmanlık Anonim Şirketi (“The Maritimetrainer” or “The Company”) situated in Esentepe Mahallesi Kelebek Sok. Marmara Kule Apt. No: 2/83 Kartal, İstanbul registered with Istanbul Trade Registry with trade number 784493-0, our priority is to ensure processing of personal data of real persons, including our members, customers, visitors, suppliers and employees, in accordance with the relevant legislation, including Constitution of Turkey, International Covenants that our country is a party on human rights and Personal Data Protection Act No. 6698 ("KVKK"), to ensure that the rights of those, whose date are processed, are effectively used.

Therefore, we carry out the processing, storage and transfer of the data regarding all personal data that we have obtained, including, but not limited to, our users, suppliers, customers, visitors, members, the users visiting the internet site and mobile applications, in short, during all of our activity, in accordance with the Personal Data Protection and Processing Policy of MTR Bilişim, Eğitim ve Danışmanlık Ltd. Şti. ("Policy")

Protecting personal data and considering the fundamental rights and freedoms of real persons collecting personal data is the basic principle of our policy of processing personal data. Therefore, we continue all activities in which personal data are processed, considering the protection of private secrecy, the confidentiality of personal information, the confidentiality of the correspondent, the freedom of thought and belief, and the right to use effective remedies.

We take all administrative and technical measures required by the nature of the data for the protection of personal data in accordance with legislation and current technology.

This Policy describes the methods that we follow to process, store, and transfer, delete or anonymize personal data shared during commercial, promotional, marketing or social responsibility and similar activities within the principles stated in the PDPL.

All personal data processed by the Company, including our visitors, business contacts, partners, employees, suppliers, members, third parties, are covered by this Policy.

Our policy is applied in processing all personal data, owned or managed by the Company, and has been handled and prepared considering the relevant legislation related to PDPL and personal data and the international standards in this area.

This section briefly explains the specific terms and phrases, concepts, abbreviations, etc., in the Policy.

Maritimetrainer, the Company: MTR Bilişim Eğitim ve Danışmanlık Anonim . Şirketi.

Explicit Consent: Consent with regard to a specific topic, based on being informed and free will, in the clearance that leaves no room for doubt, only given in that transaction.

Anonymization: Even if the personal data is matched with other data, it is in no way possible to make the identity impossible to be associated with a specific or identifiable real person.

Employee: Company Personnel.

Personal Data Subject Relevant Person, Personal Data Owner: The actual person whose personal data is being processed.

Personal Data: Any kind of information for the real person whose identity is certain or that it can be identified.

Special Qualified Personal Data: Race, ethnic origin, political thought, philosophical beliefs, religion, sect or other beliefs, health information, fingerprints, costumes and clothing, association, foundation trade union membership, health, sexual life, criminal conviction and security measures data and biometric and genetic data of the persons.

Processing of Personal Data: Any process performed on the data such as obtaining, saving, storing, keeping, altering, rearranging, disclosing, transferring, taking over, obtaining, classifying or using in non-automatic ways, provided that personal data is completely or partially automatic or is part of any data recording system.

Processing Data: A natural or legal person who processes personal data on behalf of the data controller based on the authority grant on.

Data Controller: A natural or legal person responsible identifying for the purposes and means of processing personal data, responsible for establishing and managing of the data logging system.

PDL Board: Personal Data Protection Board.

PDP Agency: Personal Data Protection Agency.

PDPL, KVKK: Law on the Protection of Personal Data published in the Official Gazette dated April 7, 2016, numbered 29677.

Policy: MTR Bilişim Eğitim ve Danışmanlık Ltd. Şti. Personal Data Protection and Processing Policy.

Maritimetrainer Membership System: Company and Company digital platforms membership system.

The Board of Directors is responsible for the oversight of the determining and processing of reporting, reviewing and sanctioning mechanisms in case of failure to comply with the Policy and regulations.

The Board has approved the Policy of Directors.

It is the authoritative consent mechanism for the creation, implementation and, where necessary, updating of the political system.

The Control Department is responsible for taking the necessary precautions to comply with the Policies of the companies receiving external service together with the employees who are in charge and examining the issues in order to examine the issues contrary to the policy.

The PDPL Committee is responsible for the preparation, development, execution and updating of the Administrative Politics. It assesses this Policy in terms of updating and development needs when necessary. The publication of the prepared document on the institutional portal is the responsibility of the PDPL Committee Manager.

The legal responsibilities for the protection and processing of personal data as a data responsibility under PDPL are listed below:

When collecting personal data as data responsibility; we have the following responsibilities to illuminate the Relevant Person:

For what purpose your personal data will be processed

Identity, information in relation to the identity of the representative, if any,

For whom and for what purpose your processed personal data will be transferred

The method of collecting data and the legal cause,

Rights arising from the law.

We take care our Policy, which is disclosed to the public by the Company, to be clear, understandable, easily accessible.

We take administrative and technical measures as prescribed in the legislation to ensure the safety of personal data contained within the company as the data responsibility. Obligations and precautions related to data security are detailed in Sections 9 and 10 of this Policy.

Personal data is any kind of information about the identity of the real person whose identity is certain or can be identifiable. Protection of personal data is only relevant to real persons;

Information that belongs to legal entities and does not contain information about the actual person is excluded from personal data protection. Therefore, this policy does not apply to entities belonging to legal entities.

Race, ethnic origin, political thought, philosophical beliefs, religion, sect or other beliefs, health information, fingerprints, costumes and clothing, association, foundation trade union membership, health, sexual life, criminal conviction and security measures data and biometric and genetic data of the persons are specific personal data.

We process personal data according to the following principles.

We process personal data under the scope of transparency and disclosing responsibilities in comply with the righteousness rules.

We take necessary precautions in our data processing procedures to ensure that processed data is accurate and up-to-date. We offer the opportunity to the Personal Data Subject to update the existing data and correct any errors in the processed data, if any.

We, as a company, process the personal data within the specified legitimate aims to maintain our activities in the ordinary course of the legislation and commercial life, whose scope and content are determined clearly.

We process the personal data as connectedly, limited and measured for the purpose that we determine clearly and precisely. We refrain from processing personal data that is not relevant or does not need to be processed. Therefore, unless we have a legal requirement, we do not process specific personal data or we take explicit consent of the subject when we cannot handle it.

Many regulations in the legislation require personal data to be stored for a certain period of time. For this reason, we store personal data we process for as long as it is required by the applicable legislation or for the purpose of processing personal data.

In the event that storage period stipulated in the legislation expires or the purpose of processing removes, we are deleting, destroying or anonymizing personal data. Our policies and procedures for retention periods are based on the 9.1 article of this Policy.

We process personal data for the following purposes:

Carry out our commercial activities

Provide support services within the scope of the contract and service standards

To determine the preferences and needs of our members / our services and to shape and update the services we provide

Ensure that our legal obligations are fulfilled, as required or required by law.

Evaluate business applications

Get in touch with business contacts with the Company

Marketing

Support the training, development and career processes of our employees

Compliance management

Seller / supplier management

Make legal reporting

Invoicing

Carry out the Maritimetrainer Membership System

Ensure communication between the candidates and employers of the Maritimetrainer

Manage call center processes

Provide corporate communication

Send SMS, newsletters by e-mail, engage in marketing or make notifications.

Administrative and technical measures stipulated in the law and foreseen by PDP and if there is clear consent, or where the legislation requires it, specific personal data will be processed by us

Since specific personal data for health and sexual life are processed from those who are in charge of keeping secrets or authorized institutions and organizations, in order for the protection of public health, preventive medicine, medical diagnosis, treatment and maintenance services, planning and management of health care financing, it cannot be processed except for the date of our employees. Such data belonging to our employees may be processed by the persons envisaged in the law.

We use cookies to improve the functioning and the usage of our internet pages or mobile applications and try to make your time on our digital platforms more efficient and enjoyable. In addition, we take advantage of some cookies to remember preferences you have made in our internet sites and mobile applications and we will provide you with an enhanced and personalized experience.

We can collect your personal data via cookies on our digital platforms; process the data we can collect, transfer and store.

You can get detailed information about the cookies we use from "Maritimetrainer Privacy Policy" or "Cookie Policy".

We process, store and transfer your personal data contained in the document such as resume, diploma, photo, etc. that you shared with us during the application period as an employee candidate, for the purpose of evaluation of the job application. The processing, transmission and storage of personal data you share as employee candidates are covered by this Policy.

Visitors for being member to digital platforms on Maritimetrainer Membership system create membership in the system sharing the following information with us

Name – surname

Electronic mail address

Phone number

Position

Vessel Type Taking Charge in.

The deletion, destruction or anonymization of personal data under this platform is covered by Article 9 of the Policy.

The data processed during memberships of the members who have completed the membership process with our digital platform with the Maritimetrainer Membership System are as follows:

Enrollment records in the trainings opened on the digital platform

Test and exam reports in our platform

Certificates and documents that the user has received as a result of training, examinations and test

Participation in surveys and evaluations

Photographs received and taken for identification at the time of the training application with the open consent of the person and confirmation

Application forms, CVs and personal data obtained through applications made to intermediate institutions will be recorded for use in the evaluation of the employment application. They can create resumes by sharing their knowledge.

It is recommended that personal data processing and privacy policies be reviewed.

Those applying with the Application Form;

Identification information (name, surname, date of birth, ID number)

Contact information (address, e-mail address, telephone number, etc.)

Educational information (graduated schools, etc.)

Work experiences

Foreign language knowledge

Computer skills

Certificate

References

Photograph

Health data

General qualifications such as driving license / travelability

The above information is requested in order to assess whether the candidate creating resume is eligible or not, according to the nature of the application made. The requested health information is processed for employment purposes only under the relevant legislation. They create resumes by sharing their knowledge. In addition, photo-health data may be requested by the employer in order to assess whether the candidate creating resume is eligible or not, according to the nature of the application made. The requested health information is processed for employment purposes only under the relevant legislation.

Information that applicants have shared in the resume can be viewed by employers' companies. It keeps the identity, education and professional information of the applicant under the scope of the legislation and may transfer such data to the solution partners, public institutions and organizations on request.

The deletion, destruction or anonymization of personal data under this platform is covered by Article 9 of the Policy. In the case of a negative result of the job application process, the personal data shared with the employer is the responsibility of the employer and data security.

When a purchase is made, CUSTOMER financial information is transferred to persons and institutions such as banks or credit card companies for processing. Transmitted data;

Credit card number

Expiration date

CVV2

Or those are data in relation to the payment purposes such as bank account information.

At the time of purchase, data such as invoice and payment information of the customer, (name, surname, Turkish ID, wire address, billing address), invoices sent and examples of receipts from payments received from members, payment number, invoice amount, invoice number, invoice cutting date, are taken. These data are processed within the processes carried out with the accounting service, after-sales services, communication, marketing, auditing, control, payment service providers, to manage the invoicing process. When the purchase is made, the financial information belonging to the customer is transferred to the person such as bank or credit card companies for the transaction. Credit card information is not retained in Maritimetrainer databases.

The above-mentioned data are transferred according to Article 8 of this Policy and shared with the 3rd persons.

The deletion, destruction or anonymization of personal data under this platform is covered by Article 9 of the Policy.

The following information is requested from the member or the visitors for the management of the request, support and complaints of the member or visitors in accordance with the quality management system.

Name and surname

E-mail address

Phone number

The operating system that the computer uses and the web browser it accesses to our system

The deletion, destruction or anonymization of personal data is covered by Article 9 of this Policy, within the scope of this application.

We may process personal data without the express consent of exceptional cases arising from the following:

Explicitly stipulated by law

Being compulsory for the protection of the life or physical integrity of the person himself / herself or someone else who cannot explain his /her reason due to actual impossibility.

Being required of the processing of personal data belonging to the parties of the agreement, provided that an agreement is executed or it is directly related to the performance of the agreement.

Being compulsory for the data liability to fulfill its legal obligation.

Being publicized by the relevant person.

Being data processing compulsory for the establishment, usage or protection of a right.

Being data processing mandatory for the legitimate interests of the data controller.

As the Company, we will act on the transfer of personal data in accordance with the decisions and regulations stipulated in PDPB and taken by PDP Board on the transmission of the personal data.

Without prejudice to the exceptional circumstances contained in the legislation, personal data and specific data shall not be transferred to other real persons or legal entities without the explicit consent of the Person Concerned.

In exceptional cases as stipulated by the PDPL and other legislation, without explicit consent of the person concerned, the data may also be transferred to an administrative or judicial institution or organization authorized in accordance with the legislation and limitations.

In addition, with exceptional cases stipulated by the legislation;

In cases described in the policy

In cases where the policy regards private personal data

Along with taking the measures stipulated by PDPB and the relevant legislation, specific personal data may only be transmitted to the those who are in charge of keeping secrets or authorized institutions and organizations, in order for the protection of public health, preventive medicine, medical diagnosis, treatment and maintenance services, planning and management of health care financing.

Personal data, as a rule, cannot be transferred abroad without the consent of the person concerned. However, in cases where one of the exceptional cases of this Policy exists, the third persons only present abroad:

To be present in the countries where adequate countries are available declared by PDP Board

In countries where there is not enough protection, personal data can be transmitted abroad without explicit consent, in cases where data controllers in Turkey and in the stated foreign country undertake an adequate protection in written.

Personal data, as a rule, cannot be transferred abroad without the consent of the person concerned. However, in cases where one of the exceptional cases of this Policy exists, the third persons only present abroad:

To be present in the countries where adequate countries are available declared by PDP Board

In countries where there is not enough protection, personal data can be transmitted abroad without explicit consent, in cases where data controllers in Turkey and in the stated foreign country undertake an adequate protection in written.

Personal data can be transmitted to;

Our suppliers

Our partners and business contacts

Legally authorized public institutions and organizations

Legally authorized private legal persons

Shareholders according to the principles and rules outlined above.

Independent controllers

Included, but not limited to the listed ones for the protection of the personal data;

To organize internal technical organization for the processing and storage of personal data in compliance with legislation

Create a technical infrastructure to ensure the security of data bases in which your personal data is stored

Follow and supervise the processes of the created technical infrastructure

Specify the procedures for reporting technical measures and control processes we have received

Periodically update and renew technical measures

Produce the necessary technological solutions by rethinking the risky situations

Use virus protection systems, security wall and similar software or hardware security products and establish security systems that are technologically advanced

We employ experts in technical fields.

Included, but not limited to the listed ones for the protection of the personal data;

Establish policies and procedures for accessing personal data, including company and subsidiary employees within our company

Inform and educate our employees about the protection and processing of personal data in a lawful manner

Record the measures to be taken by our employees in cases where personal data are processed illegally in contracts and/or Policies we have made with our employee

We monitor the processing of personal data by the partners of the data processors or data processors we work with.

We keep it for the time required for the processing of personal data, without prejudice to the storage periods foreseen in the legislation.

In cases where we process personal data for more than one purpose, if the processing purpose of the data has been discharged or if there is no obstacle to the deletion of data on the request of the Person concerned, the data shall be deleted, destroyed or anonymized. It shall be adhered to the legislation and the decisions of PDP Board on the elimination, deletion or anonymization.

Creating technical sub-structures and related control mechanisms for the deletion, destruction and anonymization of personal data

Taking necessary precautions to safely store personal data

Employ staff with technical expertise

Developing business continuity and emergency plans against the risks that may arise and developing systems for their implementation

We establish security systems in accordance with technological advances in the storage of personal data.

Raising awareness about the technical and administrative risks associated with the storage of personal data by informing our employees

In case of cooperation with third parties for the storage of personal data, we include the provisions for taking necessary security measures for the protection of the personal data transmitted and for the safe keeping of the personal data, to the contracts executed with the companies to which personal date are transmitted.

For Personal data;

Being processed contravene to the law,

Preventing unlawful access,

We take administrative and technical measures according to technological facilities and implementation costs to ensure that they are kept in accordance with the law.

We carry out the necessary inspections within the company and have others to do so,

Train and inform our employees about the legal processing of personal data,

The activities carried out by our company are evaluated in detail in all business units, to process personal data in the context of the business activities carried out by the relevant units in the conclusion of the evaluation

In cases where cooperation with the third parties has been made for the processing of the personal data, include provisions on the receipt of necessary security measures by persons who process personal data in the agreements executed by the companies processing the personal data

In case the personal data is disclosed illegally or there is a data leakage, we shall inform the situation to the PDP Board and conduct the examinations prescribed by the legislation and take precaution.

In order to prevent unlawful access of personal data;

Employ staff with technical expertise,

Periodically update and renew technical measures,

Establish access authorization procedures within our company,

Determine procedures for the reporting of technical measures and control processes we have received,

Create the data recording systems that are in use in our company in accordance with the legislation and conduct periodic controls,

Develop emergency aid plans against possible risks, develop systems for their implementation,

Train and inform our employees about personal access, authorization and information,

In cases where co-operation with third parties is carried out for activities such as processing, storage of personal data, include the provisions for the taking of the necessary security measures by persons providing access to personal data, in the agreements executed by the companies ensuring access to the personal data

We establish security systems within technological developments to prevent unlawful access to personal data.

We take administrative and technical measures to prevent the unauthorized disclosure of personal data and update them accordingly. In the event that we find that the personnel data is disclosed unauthorized, we create systems and sub-structures for reporting this situation to the Person Concerned and the PDP Board.

Despite all administrative and technical precautions, if a disclosure occurs in contradiction to the law, it will be declared by PDP Board by the method.

As part of our liability to disclose, we inform the Personal Data Holder and establish systems and sub-structures for this information and we make the necessary technical and administrative arrangements to use the rights of Personal Data Owner with regard to the personal data.

Personal Data Owner shall have the following rights on the personal data;

Learn whether personal data is processed

Request information if personal data is processed

Learn the purpose of processing personal data and whether they are used appropriately for their purpose

Know the third parties to which personal data are transferred in the country or abroad

Request correction of personal data if it is incomplete or incorrectly processed

Request personal data being erased or destroyed if the reasons for the processing of the personal data are removed.

Request that the abovementioned correction, deletion or destruction shall be reported to a third party to whom personal data is transferred

Object to the occurrence of an unfavorable outcome by analyzing the processed data exclusively through automated systems

Claim that the damage shall be resolved in the event of injury due to the processing of personal data against the blood.

Personal Data Subject, the Request for the personal data

As written and original signed to the address of Esentepe Mahallesi Kelebek Sok. Marmara Kule Apt. No: 2/83 Kartal, İstanbul ESENTEPE MAHALLESİ KELEBEK SK. MARMARA KULE Apt. NO: 2/83 KARTAL/İSTANBUL

To the account of info@maritimetrainer.com

In the application

Name, surname and signature if application is written,

Turkish ID number for the citizens of the Republic of Turkey, citizenship for foreigners, passport number or identity number if any,

Address of main settlement or business address,

E-mail address, telephone and fax number, basis for the notification,

The subject matter of the claim is compulsory.

Information and documents related to the topic are added to the application.

In the written application, the date on which it is communicated is the date of application.

In the application made by other methods; the date on which the application is received by us is the date of the application.

Such requests will be made on an individual basis and requests from unauthorized third parties regarding personal data will not be assessed.

Requests for personal data shall be made as soon as possible and, in any case no later than 30 (thirty) days at a time, or if the conditions in the tariff to be published by the PDP Board in relation to the fee arise, the equivalent of the fee in the tariff shall be concluded.

Additional information and documentation may be requested during or at the time of application.

Applications for personal data; in cases where

Process personal data for purposes such as research, marketing, planning and statistics by bringing them anonymously with official statistics

Process the personal data under art, history, literature or scientific purposes or freedom of expression, provided that it does not infringe or constitute a criminal offense of private secrecy or personal rights,

Process personal data that is personalized by the Personal Data Subject

Not the application based on justification

Include the contrary claim for the relevant legislation of the application

Failure to comply with the application procedure

shall be rejected by justifying.

Requests made in order to enable the start of the response period specified in this Policy should be made by the methods in Article 11.1.

If the request is accepted, the relevant transaction is performed and notified in written or electronic form. In the case of rejection, the applicant is notified in writing or in electronic form by explaining its justification.

If the rejection of the application, the answer we have given is found to be inadequate, not responding within the period. In that case, the applicant shall have the right to complaint to the PDP Board within 30 (thirty) days from the date when the applicant learned the answer and within 60 (sixty) days from the date of application, in any case.

This Policy is stored in two different media, including printed paper and electronic media.

This Policy is reviewed at least once every two years and updated on a case-by-case basis if necessary.

This Policy shall be deemed to have entered into force after its publication on the Company's website.

In case it is decided to be abolished, the wet signed former counterparts of this Policy are cancelled by the Legal Department with the approval of the Department Manager (by putting cancellation stamp or writing cancellation) and kept for 5 years by the legal department.