Internship Applications

PRIVACY POLICY

[●] and its affiliates operating in Türkiye (the “Company”), in line with its commercial approach and service philosophy focused on customer satisfaction and security, has adopted the following fundamental principles in order to protect the confidentiality of the information you provide through its corporate website [●] (the “Website”).

The information submitted by users on the Website for the purposes of product/service applications and information updates, as well as uploaded photographs, cannot be viewed by other internet and digital channel users.

The Company may disclose such information only within the scope of necessary authorizations and applicable legal regulations. Where regulatory authorities and/or legislative or executive bodies request disclosure of user information, the Company shall disclose such information solely within the limits of its legal authority.

The undertakings set forth in this Privacy Policy apply only within the Website and do not cover other websites. The privacy assurances and terms of use of those websites shall apply to the use of websites accessed via links from the Website. The Company shall not be liable for the information usage, ethical principles, privacy policies, quality or nature of services of such websites accessed via advertisements, banners, content or otherwise, nor for any material or moral damages and losses that may arise therein.

All copyrights relating to the information, materials and their arrangement on the Website belong to the Company. Except for third-party materials contained on the Website, all copyrights, registered trademarks, patents, intellectual and other proprietary rights regarding the information and materials belong to and are reserved by the Company.

For further information, you are kindly requested to contact the Company.

You may obtain detailed information regarding the use and protection of your personal data within the scope of the Personal Data Protection Law No. 6698 (the “Law”).

Yours sincerely,

[●]

 

PERSONAL DATA PROTECTION

As [●] and its affiliates operating in Türkiye (the “Company”), in addition to the duty of care required by our vision, and in our capacity as a data controller under the Law, we attach utmost importance to the confidentiality of information belonging to our employees, customers, suppliers and business partners, as well as to ensuring the security of confidential information.

In order to carry out its activities, improve service quality and fulfill its legal obligations, the Company processes personal data of its suppliers, employees, customers, visitors and other natural persons who establish a relationship with the Company through job applications or any other means or channels, in compliance with the law and in line with the Personal Data Protection Disclosure Statement.

Within the scope of various business relationships, confidential information and personal data may be received from our employees, customers, suppliers, business partners and other relevant persons during processes that vary depending on the nature of the relationship. All confidential information and personal data collected and processed by our Company are stored securely in physical and/or electronic environments in strict compliance with applicable legislation and are transferred to third parties only within the framework of legal regulations and the explicit consent of the data owner. The Company places great importance on retaining such data for the period stipulated by law and in a manner that prevents unauthorized access by third parties. The Company collects and processes such data in accordance with the methods specified in the Personal Data Protection Disclosure Statement and within the limits permitted by applicable legislation, and exercises due care in ensuring that such data are destroyed when required by law. In this way, the Company protects the confidentiality and integrity of the data owners’ information.

As the Company, we undertake to adhere to the principles of transparency and compliance with the law in all processes in order to ensure data security of all our stakeholders and protect the confidentiality of personal data.

You may obtain detailed information regarding the rules and methods we follow in processing your personal data in the Personal Data Protection Disclosure Statement.

Yours sincerely,

[●]

 

PERSONAL DATA PROTECTION DISCLOSURE STATEMENT

 

1.  SCOPE

 

This Disclosure Statement regarding the personal data protection covers all departments within [●] and its affiliates operating in Türkiye (the “Company”), as well as third parties who share information with the Company. This Disclosure Statement has been prepared to provide the necessary information by explaining the set of rules regarding the processing of personal data.

 

2. DEFINITIONS

 

Explicit consent means the consent given freely, based on information and relating to a specific subject.

Anonymization means rendering personal data in such a way that it can no longer be associated with an identified or identifiable natural person, even when matched with other data.

Disclosure statement means this Personal Data Protection Disclosure Statement.

Personal data means Any information relating to an identified or identifiable natural person, including any information that reflects the physical, economic, cultural, social or psychological identity of a person, or enables identification through association with any record such as identity number, tax number or insurance number.

Processing of personal data means any operation performed on personal data such as collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, making available, classification or prevention of use, whether wholly or partially by automatic means or by non-automatic means provided that it forms part of a data recording system.

Data owner means the natural person whose personal data is processed.

Board means the Personal Data Protection Board.

Authority the Personal Data Protection Authority.

Law / KVKK means the Law on the Protection of Personal Data numbered 6698 dated 24 March 2016, published in the Official Gazette dated 7 April 2016 and numbered 29677.

Special categories of personal data mean data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.

Data processor means A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.

Data recording system means a recording system in which personal data is structured and processed according to specific criteria.

Data controller means a natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

 

3. AMENDMENTS

 

Amendments to this Disclosure Statement may be followed via the Company’s corporate website upon the entry into force of additional legislation under the Law or at various times, and the current version of this Disclosure Statement can also be accessed through the same website.

 

4. PROVISIONS

 

1. PURPOSE

 

The Company processes personal data of suppliers, employees, customers, visitors and other natural persons who establish a relationship with the Company in compliance with the law in order to carry out its activities. The purpose of this Disclosure Statement is to inform the relevant persons by explaining the data processing activities carried out by the Company and the related systems, thereby ensuring transparency regarding personal data. In this context, the Company hereby provides a detailed explanation in this Disclosure Statement regarding the processing of personal data within the scope of the Law, the categories of data owners whose personal data are processed, and the rights of such persons, together with the use of cookies and similar technologies.

 

2. PERSONAL DATA

 

1. 1.  General Principles

 

The Company processes personal data in accordance with the principles set forth below, within the scope of Article 4(2) of the Law and the purposes exemplified under the section titled “Purposes of Processing Personal Data” of this Disclosure Statement:

 

• Compliance with the law and principles of good faith,
• Accuracy and, where necessary, up-to-dateness,
• Processing for specific, explicit and legitimate purposes,
• Being relevant, limited and proportionate to the purposes for which they are processed,
• Retention for the period stipulated by applicable legislation or necessary for the purpose.

 

1. 2. Personal Data Processed by the Company

 

Personal data are processed within the Company either based on the explicit consent obtained from the data owners or, where permitted, within the scope of activities that may be carried out without explicit consent pursuant to Articles 5 and 6 of the Law. Such data are processed solely within the framework of the purposes exemplified under the section titled “Purposes of Processing Personal Data” of this Disclosure Statement. The types of personal data processed, which may vary depending on the nature and type of the relationship between the Company and the data subject, the communication channels used, and the relevant purposes, and which are processed in compliance with the principles set forth in this Disclosure Statement, are as follows:

 

• Identifying information relating to the data subject, such as name, surname, profession, title, employment information, educational background, gender, marital status, spouse/children information, citizenship status, military service information, criminal record information, and tax liability status;
• Data contained in identity verification documents such as copies of identity cards, population registry extracts, passports and driver’s licenses, including date of birth, place of birth, identification number, blood type, religion and photograph;
• Contact information such as address, email, telephone and fax numbers, as well as communication records including telephone conversations and email correspondence, and other audio data;
• Personal data contained in documents relating to legal entities such as tax certificates, trade registry gazettes, authorization documents, qualification certificates, signature circulars and activity certificates;
• Detailed financial data relating to pricing, reconciliation, collection and payment activities.

 

1. 3. Purposes of Processing Personal Data and Legal Grounds

 

Personal data may be processed by the Company for the purposes set out below and may be retained for the duration required by such purposes and the applicable legal retention periods:

 

• Carrying out the necessary activities by the relevant business units to enable customers to benefit from the products and services offered by the Company;
• Planning and execution of corporate sustainability activities;
• Supporting the execution of corporate and partnership law processes of group companies;
• Ensuring the legal and commercial security of the Company and of the persons having a business relationship with the Company;
• Conducting commercial activities for the purposes of determining and implementing the Company’s commercial and business strategies.

 

In line with the purposes set out above, pursuant to Article 5 of the Law, personal data may be processed without obtaining the explicit consent of the data owner, to the extent that it is necessary for the Company to fulfil its legal obligations, for the establishment, exercise or protection of a right, or where it is directly related on the conclusion or performance of a contract, as well as within the scope of the other legal grounds set forth under the relevant provision.

 

1. 4. Method of Collection of Personal Data

 

Within the scope of the purposes and conditions set out above, and depending on the nature and type of the relationship between the Company and the data owner, personal data collected through online transactions carried out via the website, customer service processes, cookies and other data collection technologies, and similar means, are collected and processed—by automatic or non-automatic methods—in verbal, written, physical or electronic environments, and are stored in databases permitted by applicable legislation and for which the Company is responsible for ensuring their security.

 

1. 5. Transfer of Personal Data

 

The Company may transfer personal data domestically and internationally in accordance with Articles 8 and 9 of the Law and within the scope of the purposes exemplified under the section titled “Purposes of Processing Personal Data” of this Disclosure Statement. Personal data may be processed and stored on servers and electronic environments used within this framework. The nature of such transfers and the parties to whom the data are disclosed may vary depending on the type and nature of the relationship between the personal data owner and the Company, the purpose of the transfer, and the relevant legal basis. In general, such parties include:

 

• Third parties located domestically and abroad from whom services are obtained;
• Direct and indirect shareholders, affiliates and subsidiaries;
• Individuals and entities from whom services and/or consultancy are received;
• Business partners with whom agreements are executed.

 

1. 6. Collection of Personal Data

 

For the purposes exemplified under the section titled “Purposes of Processing Personal Data” of this Disclosure Statement, the Company may collect personal data in accordance with the conditions set forth under Articles 5 and 6 of the Law. In this context, personal data may be obtained directly from employees, customers, suppliers, business partners, group companies, public institutions and other physical environments, as well as through websites, mobile applications, social media and other publicly available platforms, or via trainings, organizations and similar events.

 

1. 7. Storing Period of Personal Data

 

Personal data are stored within the Company for the duration of the applicable statutory storing periods and, in any event, for the period necessary to fulfil the purposes set out in this Disclosure Statement and the activities related thereto.

Personal data for which the purpose of processing has ceased and the applicable legal storing period has expired shall, in accordance with Article 7 of the Law, be deleted, destroyed or anonymized by the Company acting in its capacity as the data controller.

 

1. 8. Rights of the Data Subject under the Law

 

Pursuant to Article 11 of the Law, the rights of natural persons whose personal data are processed are regulated. Accordingly, data owners have the following rights vis-à-vis the Company acting in its capacity as the data controller:

 

• To learn whether their personal data are processed;
• To request information regarding their personal data if such data have been processed;
• To learn the purpose of processing of personal data and whether such data are used in accordance with their purpose;
• To know the third parties to whom personal data are transferred domestically or abroad;
• To request the rectification of personal data in case they are incomplete or inaccurately processed;
• To request the deletion or destruction of personal data in the event that the reasons requiring their processing cease to exist;
• To request notification of the rectification or deletion/destruction operations to third parties to whom the personal data have been transferred;
• To object to the occurrence of a result to their detriment by means of the analysis of processed data exclusively through automated systems;
• To request compensation for damages in case they suffer damage due to unlawful processing of personal data.

 

Pursuant to Article 13 of the Law, requests submitted by data subjects for the exercise of the above rights shall be responded to by the Company within a maximum of 30 days. Such requests may be submitted by delivering them in person together with documents verifying identity to [●], by sending them via a notary public to the same address, or by transmitting them to [●] with a secure electronic signature. Where responding to such requests requires an additional cost, the Company may charge a fee in accordance with the tariffs determined under the applicable legislation. The right of the data owner to apply to the Board in respect of requests that are rejected, inadequately responded to, or not responded to in due time is reserved pursuant to Article 14 of the Law.

 

1. 9. Transfer of Personal Data Abroad

 

Personal data may be transferred abroad in compliance with applicable legislation for the purposes exemplified under the section titled “Purposes of Processing Personal Data” of this Disclosure Statement, including for processing, storage, administration or other uses specified herein. In such transfers, the necessary measures shall be taken to ensure that personal data are adequately protected.

 

1. 10. Security of Personal Data

 

The Company attaches great importance to the confidentiality and security of personal data. In this regard, the necessary technical and administrative measures are implemented to protect personal data against unauthorized access, damage, loss or disclosure.

Accordingly, appropriate system access controls, data access controls, secure transfer controls, business continuity controls and other necessary organizational safeguards are established and applied.

 

3. EFFECTIVENESS AND UPDATES

 

This Disclosure Statement shall enter into force on the date it is approved by the Company’s Board of Directors. Any amendments to this Disclosure Statement shall become effective upon the approval of the Company’s General Manager. This Disclosure Statement is reviewed and updated on a regular basis, ordinarily once per year. However, the Company reserves the right to review, update, amend or repeal this Disclosure Statement and to issue a new disclosure statement where necessary, in light of changes in applicable legislation, amendments to referenced technical standards, decisions and/or actions of the Personal Data Protection Board, and court decisions. The authority to decide on the repeal of this Disclosure Statement rests with the Company’s Board of Directors.