IDENTITY OF THE DATA CONTROLLER
As ISTANBUL TRANSFERS ("Company"), we care about the security and privacy of your personal data and in this regard, within the scope of Law No. 6698 on the Protection of Personal Data ("PDPL"), we present the following information to fulfill the disclosure obligation arising from Article 10 of the Law in our capacity as a "Data Controller" regarding the personal data you have provided to us and shared with us.
WHICH PERSONAL DATA WILL BE PROCESSED
Your personal data is processed through methods such as call center, website, social media, electronic mail, both automatically and non-automatically, verbally, in writing or electronically. The personal data you have provided to us due to your interest in our services and products or your use of products (not limited to the following) can be processed:
Name, surname, date of birth, and other data on your identity,
Contact data such as your phone number, email address, home address,
Behavioral and digital trace information obtained through cookies when using our websites,
Identity and contact information, closed-circuit camera recordings if you visit our company,
Visual and auditory data obtained within the framework of promotional, advertising, campaign, social responsibility projects, and our organizations,
Financial and monetary data such as bank account number, IBAN, billing information if you are our business partner, contact person information, information about company partnership structure, shareholders,
Professional data such as activity certificates, chamber of commerce registration, and signature data when necessary,
If you are an employee of our Company or work in an employer within our business partnership; education data, data regarding your employment relationship, job aptitude and performance; health data; private health insurance and financing data; Social Security Institution data; ID number, visa/passport data; vehicle data and other personal data that can be processed within the scope of your employment contract,
PURPOSE OF PROCESSING PERSONAL DATA
Your personal data is collected and processed within the limits of these purposes and in accordance with the personal data processing conditions and purposes specified in Articles 5 and 6 of the PDPL, to ensure the implementation of commercial activities carried out by our Company and related business processes, management and execution of relationships with business partners and/or suppliers, technical management of our Company's websites, customer management and complaint tracking, product surveys and tracking of questions sent to our Company, conducting necessary work by our business units to enable you to benefit from products and services offered by our Company, planning and execution of product and/or service sales, marketing, and after-sales processes, informing about the contents of our Company's products and services, customer satisfaction, management of customer complaints and requests, customer relations, sending commercial electronic communications by obtaining additional consent in accordance with legal regulations, organizing and conducting events, courses, and other organizations within our Company, conducting and securing legal and commercial relations with our Company and persons in business relations with our Company, administrative operations for communication, employee management and administration, ensuring physical security and audit of Company locations, planning logistics activities, tracking contract processes and/or legal requests, planning and executing Human Resources and personnel recruitment processes, tracking and implementing training and educational activities, planning and/or implementation of occupational health and/or safety processes, conducting research and development activities and ensuring the Company can benefit from incentives, planning and executing corporate communication and corporate governance activities, conducting information security management services, tracking and auditing finance and/or accounting operations, conducting activities for detecting customers' financial risks, determining and implementing the Company's commercial and business strategies, creating and tracking visitor records, to fulfill legal obligations as required or mandated by relevant legislation.
TO WHOM AND FOR WHAT PURPOSE PERSONAL DATA MAY BE TRANSFERRED
Your personal data may be shared with domestic official institutions and organizations, law enforcement, courts and execution offices, domestic/foreign third-party real and legal persons we are related to, service provider companies and their authorities, our business partners and Company shareholders, our group companies and direct or indirect domestic and foreign affiliates, suppliers and support service providers, domestic persons and organizations from whom we receive cloud storage services, within the scope of the provisions of the Law regarding the transfer of personal data and transfer abroad, for the purposes specified in this Disclosure Text.
METHOD AND LEGAL BASIS OF PERSONAL DATA COLLECTION
Collected through application forms, employment contracts, contracts, CVs, electronic tracking and physical access control systems in the workplace (e.g., biometric and card access systems, CCTV), information systems and electronic devices (e.g., telecommunication infrastructure, computers and phones), İŞKUR and third parties (e.g., KKB and Findeks), online websites, cookies created by our own site, site usage measurement systems, and other documents declared by the relevant person through verbal, written, or electronic methods.
Personal data obtained through the methods mentioned above are processed within the framework of personal data processing conditions specified in Articles 5 and 6 of the PDPL, in line with the fundamental principles of personal data protection law.
HOW DO WE STORE YOUR PERSONAL DATA?
Personal data shared with our Company is stored on our domestic secure servers in accordance with relevant legal regulations, PDPL provisions, and Company policies.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
In compliance with the PDPL, when the purpose requiring processing under Article 7/1 is no longer valid and/or the statute of limitations for processing your data has expired, your personal data will be deleted, destroyed, or continued to be used by anonymizing.
OUR MEASURES REGARDING THE SECURITY OF YOUR PERSONAL DATA
Our Company takes necessary technical and administrative measures with available technological capabilities to prevent unlawful processing of your personal data and to ensure the appropriate security level for the safe preservation of your personal data.
RIGHTS OF THE PERSONAL DATA OWNER
According to Article 11 of the PDPL, everyone has the right to apply to the data controller regarding themselves:
a) To learn whether personal data is processed,
b) To request information if personal data has been processed,
c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
d) To know the third parties to whom personal data is transferred domestically or abroad,
e) To request correction if personal data is incompletely or incorrectly processed,
f) To request deletion or destruction of personal data within the framework of conditions specified in Article 7,
g) To request that the operations under items (d) and (e) be notified to third parties to whom personal data has been transferred,
h) To object to the emergence of a result against oneself by analyzing the processed data exclusively through automated systems,
i) To request compensation for damages suffered due to unlawful processing of personal data.
HOW CAN YOU EXERCISE YOUR RIGHTS?
You can submit your applications regarding the above-listed rights by filling out the Application Form, which you can access here, and sending it to the Data Controller.
According to the Communiqué on the Procedures and Principles of Application to the Data Controller, the Application must include the name, surname, signature (if written), T.R. identification number (passport number for foreigners), residential or business address for notification, email address, phone number, fax number, and information about the subject of the request.
The Relevant Person must clearly and comprehensibly state the requested matter in the application containing explanations about the right to be used. Relevant information and documents must be attached to the application.
While the subject of the request must be related to the person's own self, if acting on behalf of another, the applicant must be specifically authorized and document this authorization (special power of attorney). Additionally, the application must contain identity and address information, and documents verifying identity must be attached.
Requests made by unauthorized third parties on behalf of others will not be considered.
HOW LONG WILL YOUR REQUESTS BE RESPONDED TO?
Your rights requests regarding your personal data will be evaluated and responded to within 30 days of receipt. However, if the process requires additional costs, a fee will be charged according to the tariff determined by the Personal Data Protection Board.
If your application is evaluated negatively, the reasoned grounds for rejection will be sent to the address you specified in the application through methods such as email or post, as selected in the Application Form.