CHAT365.COM.TR SECURITY MEASURES

1. TECHNICAL MEASURES

• All personal data in the application are stored in cloud systems. The data center of the cloud service provider is located as a local data center in Istanbul and personal data is stored in the cloud without being transferred abroad, in compliance with the Personal Data Protection Law No. 6698 (KVKK) and the European Data Protection Regulation (GDPR).
• The security of personal data stored in the cloud is ensured and security solutions such as IPS-IDS/DDOS and Firewall are used by the cloud service provider to detect and prevent cyber-attacks instantly. Thanks to the Disaster Recovery and Back-up services of the cloud service provider, in the event that personal data is damaged, destroyed, stolen or lost for any reason, CHAT365 users are ensured to be operational as soon as possible by using the back-up data.
• In addition to the security measures taken by the cloud service provider, network security and application security are also ensured within SETABAYT. In this context,
  • Authorization matrix has been created for employees.
  • Two-step identity verification is performed.
  • Flash memory and CD use is prohibited.
  • Access logs and log records of all transactions performed through the application are kept regularly and without user intervention.
  • The authorizations of employees who change their duties or leave their jobs are removed.
  • Firewall (firewall) is used.
  • User account management and authorization control system is implemented and these are also monitored.
• All updates performed by SETABAYT employees on CHAT365 are first performed on the test driver and it is aimed to ensure that application development and troubleshooting processes do not interrupt the operation of the application in any way.
• SETABAYT attaches the highest degree of importance to personal data confidentiality and personal data security is regularly monitored; security of environments containing personal data is ensured. In this context, existing risks and threats have been identified, in-house periodic and/or random audits are carried out and penetration tests are regularly performed. All measures regarding information security have been taken within the Company and we have ISO 27001 information security certificate.
• The customer information that CHAT365 users process on the application is only visible to the users and the personnel they authorize, and customer information is not accessible by SETABAYT personnel in any way. Thus, user-customer privacy is ensured at the highest level through CHAT365.
• In accordance with KVKK and GDPR, a Personal Data Retention and Destruction Policy has been prepared, and all personal data are processed within the framework of this policy and destroyed when necessary.

 

2. ADMINISTRATIVE MEASURES

• Necessary security measures are taken for entry and exit to all physical and electronic environments containing personal data, and unauthorized personnel are prevented from entering physical environments by determining the authorization of employees. In addition, the use of systems and applications is encrypted to ensure that only authorized personnel can access electronic media containing personal data.
• Provisions regarding data security and protection of personal data are included in the contracts signed with employees and confidentiality agreements containing provisions on data security are signed with employees. In addition, training and awareness-raising activities on data security are organized for employees at regular intervals.
• In addition to employees, confidentiality agreements are signed separately with service providers and service recipients.
• A Personal Data Storage and Destruction Policy has been prepared in accordance with KVKK and GDPR on access, information security, use, storage and destruction, and personnel in charge of data processing and destruction processes have been identified and put into practice.
• In accordance with the principle of data minimization, personal data is processed only to the extent necessary and personal data is reduced as much as possible.
• Data processing service providers, especially cloud service providers, are periodically audited on data security.