CLARIFICATION TEXT
ON THE PROTECTION AND PROCESSING OF PERSONEL DATA RELATING TO
GURIS TEKNOLOJI A.Ş.
As Güriş Teknoloji A.Ş. (“Data Controller“); the confidentiality and security of your personal data is given importance and the principles of securing the fundamental rights and freedoms guaranteed by the Constitution, especially the right to privacy, are observed with utmost sensitivity.
In accordance with the provisions of the Protection of Personal Data Law No. 6698, Güriş Teknoloji A. Ş. may process the following categories of personal data: name, surname, ID number, address, place of birth, date of birth, and other similar information. Additionally, Güriş Teknoloji A. Ş. may process any information or documents containing special data, including health information, biometric and genetic information, disguise, association, foundation, trade union membership, criminal conviction, data on security measures, religious, ethnic, and other similar data. Güriş Teknoloji A. Ş. may process the data as a Data Controller in accordance with the relevant regulations. This may include processing, recording, storing, updating and maintaining the data in order to continue providing services, transferring the data to third parties, sharing the data and anonymising it.
Güriş Teknoloji A.Ş. implements all necessary administrative and technical measures to ensure the protection of personal data in accordance with relevant laws and regulations. In accordance with the Protection of Personal Data Law No. 6698 (“Law”), personal data is processed in accordance with the law and the principle of honesty. The accuracy of the data is ensured and updated when necessary. It is ensured that data are processed for specific, explicit and legitimate purposes, that they are relevant, limited and proportionate to the purpose for which they are processed, and that they are retained for the period stipulated in the relevant legislation or required for the purpose for which they are processed.
If the processed data is sensitive personal data as defined in the Law, personal data other than health and sexual life may be processed without the explicit consent of the data subject in cases stipulated by laws. Personal data relating to health and sexual life may only be processed without the explicit consent of the data subject by persons under the obligation of confidentiality or authorised institutions and organisations for the purposes of protecting public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
- Purposes and Legal Reasons for Processing Personal Data
In order to use your personal data in the necessary processes, all information and documents, fulfilment, maintenance, execution, development, protection and supervision of commercial data, invitation, promotion, campaign and similar activities for services and activities, notification of new applications in accordance with all relevant laws and regulations, Fulfilling the requirements of the contracts that have been or will be issued, planning, statistics, conducting satisfaction surveys, ensuring security, e-mails in electronic media, e-bulletin subscriptions, social media posts, printed forms filled in at the events organised, during face-to-face interviews with employee candidates or written application form, sending digital application form in electronic media or e-mail, personal data collected in the recruitment processes due to the sending of CVs by cargo and similar methods or through consultancy firms and due to the controls and researches that ensure the confirmation of the information provided by the candidate and the personal data of special nature collected according to the nature of the job, the maintenance of the legal and commercial security of the persons with whom the business relationship is in business relations, legal and financial affairs and the determination of similar trade and business strategies, implementation, human resources, execution of accounting policies, ensuring physical security and supervision, compliance with domestic and international legislation, compliance with information transfer, storage and reporting obligations required by public institutions or other authorities, to provide you with better and more reliable service and to be maintained uninterruptedly. It is processed within the conditions and purposes specified in Articles 5 and 6 of the Law.
- Storage Period of Personal Data
Güriş Teknoloji A.Ş. retains personal data only for the period specified in the relevant legislation or for the period required for the purpose for which they are processed. In this context, it first determines whether a period of time is stipulated for the storage of personal data in the relevant legislation, if a period is determined, it acts in accordance with this period, and if a period is not determined, it keeps personal data for the period required for the purpose for which they are processed.
In the event that the period expires or the reasons requiring the processing of personal data disappear, personal data are deleted, destroyed or anonymised.
- Method of Collecting Personal Data
Your personal data may be collected verbally, in writing or electronically by automatic or non-automatic methods, through our website, social media channels, parties with whom we have a business relationship and / or receive services that are complementary to our activities, contracted organisations and other similar channels.
- Transfer of Personal Data
Your personal data may be transferred to company officers, shareholders, employees, business partners, service providers or third parties, legal, financial and tax consultants and other consultants, auditors, organisations or individuals, authorities such as SGK, ministries, judicial authorities, all public institutions and organisations authorised by law and/or abroad within the framework of the conditions and purposes listed in Articles 8 and 9 of the Law in order to fulfil the objectives within the framework of Güriş Teknoloji A.Ş. activities, to determine and implement strategies, to ensure the execution of human resources policies. If it is necessary to transfer personal data abroad, it is necessary to have adequate protection in the foreign country to which the personal data will be transferred, and in the absence of adequate protection, the data controllers in Türkiye and in the relevant foreign country must undertake adequate protection in writing and the Personal Data Protection Authority’s permission will be complied with.
- Rights of the Data Subject Pursuant to Article 11 of the Law
As a data subject, you have the right to request the following from Güriş Teknoloji A.Ş.
a) To learn whether personal data is processed or not,
b) Requesting information if personal data has been processed,
c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
d) To know the third parties to whom personal data are transferred domestically or abroad,
e) To request correction of personal data in case of incomplete or incorrect processing,
f) To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
g) Although it has been processed in accordance with the provisions of the Law and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring its processing disappear and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
h) To object to the emergence of a result to the detriment of the person himself/herself by analysing the processed data exclusively through automated systems,
i) In case of damage due to unlawful processing of personal data, to demand the compensation of the damage.
It is important that the information/data you share is accurate and transferred accurately, and this is necessary for you to exercise your rights on the data within the scope of the Law, and the responsibility arising from providing incorrect or inaccurate information belongs to you. We reserve the right to charge you the costs we will incur for the fulfilment of your requests according to the tariff regulated in Article 13 of the Law titled Application to the Data Controller.
- Situations where Personal Data may be Processed without the Explicit Consent of the Data Subject Pursuant to the Law
a) Explicitly stipulated in the laws,
b) It is necessary for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
c) Processing of personal data is directly related to the conclusion or performance of a contract, it is necessary to comply with the relevant data protection legislation,
d) It is mandatory for the data controller to fulfil its legal obligation,
e) It has been publicised by the person concerned,
f)Data processing is mandatory for the establishment, exercise or protection of a right,
g) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
- Principles Determined on the Protection and Processing of Personal Data and in the Law
Güriş Teknoloji A.Ş. acts in accordance with the Constitution, the general principles in the Law and other relevant legislation regarding the protection and processing of personal data, and also complies with the following principles with great importance and diligence:
a) Personal data processing activities are in compliance with the law and good faith,
b) Ensuring that personal data is accurate and up-to-date when necessary,
c) Processing of personal data for specific, explicit and legitimate purposes,
d) Being relevant, limited and proportionate to the purpose for which they are processed,
e) To be kept for the period stipulated in the relevant legislation or required for the purpose for which they are processed.
- Methods of Exercising the Rights of Data Subjects / Application Procedure
Should you require further information on the matters outlined in Article E, please direct your written request to the following address: Ankara Cad. No. 222, Gaziosmanpaşa Mah. Please send your written request to Gölbaşı/ANKARA with a wet signature or to info@guristeknoloji.com.tr signed with a secure electronic signature. We will respond to your application within 30 days of receipt, provided that it is submitted in writing. Should the transaction incur additional costs, we reserve the right to request the fees in accordance with the Personal Data Protection Authority’s tariff.
