- PURPOSE AND SCOPE OF THE POLICY
The procedures and principles to be adopted and implemented by our Company in order to comply with the Law No. 6698 on the Protection of Personal Data (“KVKK” – LPPD) published in the Official Gazette dated 07.04.2016 and numbered 29677 and the relevant legal regulations are regulated by this Policy within the scope of the data controller’s obligation to inform.
Regarding your personal data processed by our Company; your personal data processed, principles of processing personal data, purposes and conditions of personal data processing, transfer of your personal data domestically and abroad, destruction of your personal data and the practices and principles regarding your rights on your personal data processed are notified to you below.
WORKİNTON OFİS KAFE HİZMETLERİ A.Ş. (hereinafter referred to as “Workinton“) will act in accordance with the procedures and processes set out in this Policy in order to comply with the KVKK and other relevant regulations and to process, use, destroy, transfer and other matters in accordance with the Law and other regulations.
- DEFINITIONS
Explicit Consent: | Consent on a specific subject, based on information and expressed with free will. |
Anonymization: | Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data. |
Personal Data: | Any information relating to an identified or identifiable natural person. |
Processing of Personal Data: | Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system. |
Personal Data Owner: | A natural person whose personal data is processed. |
Personal Data of Special Nature : | Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance, health, sexual life, criminal conviction and security measures, and biometric and genetic data are personal data of special nature. |
Data Processor: | A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller. |
Data Controller: | The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. |
- PRINCIPLES OF PROCESSING PERSONAL DATA
Our Company carries out personal data processing activities within the framework of the principles and principles listed below in accordance with Article 4 of the KVKK, which regulates the procedures and principles regarding the processing of personal data.
- Compliance with the Law and the Rule of Honesty
Our company processes your personal data in accordance with the KVKK and other laws and regulations that must be complied with due to the work performed.
- Being Accurate and Up-to-Date
Our company fulfils the necessary procedures and takes technical and administrative measures to ensure that the personal data provided by the data owner is not changed without authorization and inaccurately, and to update the personal data if requested by the data owner when there is a change in the processed data.
- Processing for Specific, Explicit and Legitimate Purposes
Your personal data processed by our Company are processed in accordance with the processing purpose notified to you and within the notified framework.
- Being Relevant, Limited and Proportionate to the Purpose of Processing
Our Company does not process personal data that do not overlap with its activities, are not required within the framework of the Company’s activities and exceed the purpose of processing.
- Retention for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed
Your data processed within the framework of KVKK and other relevant laws and regulations are retained for the periods stipulated in the relevant legislation or required to be retained due to the nature of the personal data processed.
- PERSONAL DATA PROCESSING TERMS AND EXCEPTIONS
– General quality personal data to be processed within the framework of company activities;
- a) Provided that the explicit consent of the data subject is obtained or,
- b) which is expressly stipulated in the laws,
- c) It is necessary for the protection of the life or physical integrity of the person who is unable to disclose his/her consent due to actual impossibility or whose consent is not legally valid,
- d) Provided that it is directly related to the conclusion or performance of a contract, the processing of the personal data of the parties to the contract is necessary
- e) It is mandatory for the data controller to fulfill its legal obligation
- f) That which has been made public by the person concerned,
- g) Data processing is mandatory for the establishment, exercise, or protection of a right,
- h) Provided that it does not harm the fundamental rights and freedoms of the data subject, if there is one of the cases where data processing is mandatory for the legitimate interests of the data controller, it can be processed without obtaining the explicit consent of the data subject.
– Sensitive personal data to be processed within the framework of company activities;
- a) Will not be processed unless the explicit consent of the data subject is obtained,
- b) Except for special categories of personal data relating to health and sexual life, data may be processed without obtaining the explicit consent of the data subject in cases stipulated by law,
- c) Special categories of data relating to health and sexual life: data may be processed without the explicit consent of the data subject for the protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing.
- PERSONAL DATA CLASSIFICATION
Identity Information | Information written in your identity card, including but not limited to name, surname, mother’s name, father’s name, place of birth, date of birth, marital status, religion, blood group, province, district and neighborhood where registered and information written in your identity card. |
Contact Information | Your contact data such as home phone number, mobile phone number, residence address or other address information, e-mail address, etc. requested from you or provided by you in order to contact you.
|
Personal Information | Photocopy of identity card,
Birth registration sample, Certificate of Residence, Health report, Copy of diploma, Criminal record, Passport size photo, Proof of family status, Proof of military service, Employment Contract / Service Contract, SSI employment declaration, Information and documents regarding your health status.
|
Bank Account Information | Bank account number, IBAN number, credit card and other information related to the debit card. |
Curriculum Vitae Information | Your education information written in your CV document or requested by our Company or provided by you, school information, certificate information, education status and information about your education,
Information about the place, date and duration of your work experience written in your CV document or requested by our Company or provided by you, information about your previous job and position, any information about your work experience, Your photograph written in your CV document or requested by our Company or provided by you, Your driver’s license and the information written on your driver’s license written on your resume document or requested by our Company or given by you, Your references and information about your references written in your CV document or requested by our Company or provided by you |
- ENSURING THE SECURITY OF PERSONAL DATA
As Workinton, we carry out the technical and administrative measures deemed necessary to ensure the security of your personal data that we process within the framework of the Company’s activities in accordance with the KVKK and the relevant legislation, within the framework of the necessary technological infrastructure; in this direction, we take measures against data breach, unauthorized access, data loss, unauthorized modification of data and other threats and carry out the necessary audits.
In this context, we identify existing risks and threats, conduct awareness activities by training our employees, determine policies and procedures regarding personal data security, ensure personal data minimization, and create the necessary confidentiality agreements with data processors; We use firewalls and up-to-date anti-virus programs to ensure cyber security, configure our existing software and hardware, perform software updates and audits; we ensure the security of physical and electronic media containing personal data, and take necessary measures to prevent unauthorized breaches of your data security by unauthorized persons through key management, access logs, user account management, penetration control and encryption methods.
- PERSONAL DATA PROCESSING PURPOSES
Your personal data is processed for the purposes of and limited to the fulfillment of the Company’s activities and obligations arising from the law.
In this respect,
- In terms of Security Camera Application at the Workplace
- Workinton headquarters and branches are monitored with security cameras at various points in order to protect the safety of life and property of employees, to ensure the safety of the workplace and to carry out disciplinary and legal processes in accordance with the Occupational Health and Safety Law No. 6331, Labor Law No. 4857 and secondary legislation provisions. In the areas where monitoring is carried out, the camera warning sign informs that monitoring is being carried out.
- Security cameras are positioned by observing the limit of proportionality within the framework of ensuring security in the workplace and the legitimate interest of the employer.
- Regarding Personal Data of Customers, Prospective Customers and Business and Solution Partners
- Providing more effective service to our customers together with our business partners,
- Determining the scope and need of the service to be provided with the Membership Form,
- Carrying out legal and financial processes and using the programs deemed appropriate by the Company for these purposes,
- Ensuring workplace security, commercial security and economic security, and in this context, creating cards for entry and exit or transferring identity and vehicle license plate information within the framework of the management approach of the centers where the branches are located,
- Fulfillment of our existing obligations within the framework of the legislation on occupational health and safety,
- Within the scope of audit activities, authorized private law natural and legal persons can audit the compliance of business activities carried out by authorized private law natural and legal persons,
- Identification of potential customers by creating a target group,
- Carrying out the necessary workflow processes by our relevant departments in order to improve the service offered by our company and to ensure customer satisfaction, and presenting customer satisfaction surveys,
- Including visuals on corporate social media accounts regarding the organization and other activities of our Company,
- Identity information, contact information, financial identity information and other personal data provided to us and requested by us for the purposes of fulfilling the obligations arising from the law and the contract may be processed.
- In terms of Personal Data of Prospective Employees
- Job applications and resumes are forwarded to the relevant department to check suitability for the job and to start the interview process,
- Determining, testing and analyzing whether you meet the necessary and sufficient qualifications for the job you are applying for at the time of job application, during the job application process and during all kinds of transactions to be carried out during the job application,
- Calling your references and getting references about you,
- At the end of the job application process, if the interview is positive, you can be placed in your position at the workplace,
- At the end of the job application process, if the job interview results in a negative result, then when a suitable position is opened in our Company, resume information, identity information, contact information and other personal data of employee candidates are processed for the purpose and methods of informing you about the job opportunity by making the necessary evaluations again.
- In terms of Personal Data of Employees
- Ensuring internal order, workplace peace and security,
- Processing of personal data belonging to employees for the purpose of fulfilling legal obligations such as the creation and storage of personnel files and sharing them with auditing public institutions and organizations and authorized private law real or legal persons during workplace audits,
- All operations performed by employees on the fileserver system are recorded through logging,
- Processing of employee data through the use of programs deemed appropriate by the Company within the scope of the Company’s commercial and other activities,
- Including visuals on corporate social media accounts regarding the organization and other activities of our Company,
- The use of methods of determining the entry and exit times of employees and other electronic surveillance methods in order to ensure the safety of the workplace and employees and to protect the safety of life and property,
- Sharing personal data of employees with the private insurance company with which the company is a business partner, if necessary for the establishment of private complementary health insurance and other rights of employees,
- Recording of personal data belonging to employees by the Company and transferring them to third parties in Turkey or abroad within the scope of activities such as fairs, seminars, pieces of training, conferences, trips, social events and activities such as fairs, seminars, pieces of training, conferences, trips, social events by the Company and/or third parties on behalf of the Company, making the necessary organization for the provision of accommodation and transportation services, performing visa procedures, informing them about the developments about the Company, contacting them and their relatives when necessary, motivational gifts (such as gifts, promotions), promotion and advertisement of Company activities and other purposes,
- Processing general and private personal data of employees within the scope of documents and papers that should be kept within the scope of OHS activities, and sharing them with workplace physicians and health officers,
- Keeping the GSM line or vehicles allocated to the employee under the employer’s management right,
- Sharing personal information about the companies working for car rental purposes and the employees who will use the vehicles,
- Keeping records of fuel consumption and HGS information in terms of the use of vehicles allocated by the Company to the Employee for the execution of the work according to the nature of the work performed,
- In line with the purposes and methods of keeping the correspondence carried out with the corporate e-mail account allocated to the use of the employee and the e-mail files containing these correspondences recorded in the cloud system available abroad, identity information, resume information, personal information, bank account information, contact information, contact information and other personal data can be processed.
- In terms of Personal Data of Entrepreneurs and Mentors
- Within the scope of entrepreneur competitions and incubation programs organized within Workinton Lab, the identity, contact, resume and other personal data of entrepreneurs and our mentors who take part in our projects on a voluntary basis to guide entrepreneurs are processed for the purposes of determining the qualifications of the applicants, announcing the events, promoting their ideas within the scope of the specifications offered to entrepreneurs in various media, notifying and reminding the training and organizations.
- TRANSFER OF PERSONAL DATA DOMESTICALLY AND ABROAD
Your personal data may be transferred to the following;
– Sometimes to third parties in order to ensure the efficiency of our company, the creation of the target audience and the development of employment policies and sustainability,
– Banks, third parties, occupational health and safety specialists, occupational physicians and health personnel in order to fulfill the obligations of the employer under the employment contract,
– Your personal data may be transferred to Microsoft Office applications, cloud solutions, SAP applications and backup systems whose databases are located abroad for the administration and management of the Company’s business, the execution of the Company’s business, the implementation of Company policies, and the efficient management and execution of the workflow,
– For outsourced service providers that have been checked by the Company to have taken the technical and administrative security measures required by the legislation and sector practices within the scope of the realization of the Company’s commercial and various activities, where commitments regarding this issue are arranged between the parties,
– In addition, in order to provide products and services to our business partners, suppliers, third parties, especially IT companies that provide services within the framework of the Company’s activities, and abroad
– Your personal data may be shared with execution offices or courts (at all levels and ranks), as well as relevant Ministries, directorates, Social Security Institutions and other persons upon request or when necessary in line with our legal obligations.
- DISPOSAL OF PERSONAL DATA
Personal data processed within the framework of our Company’s activities are stored within the framework of the purpose of processing and for the periods required to ensure this purpose and for the retention period stipulated within the framework of the relevant legislation.
Data that loses its function, whose retention period has expired, and which is requested to be destroyed by the data owner, if possible, within the framework of the legislation, is destroyed by using the appropriate method of deleting, destroying or anonymizing the personal data listed in Article 7 of the KVKK.
Deletion of personal data is the process of making personal data inaccessible and non-reusable in any way for the relevant users.
Destruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.
Anonymization of personal data is the process of making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even if personal data is matched with other data.
- RIGHTS OF THE PERSONAL DATA OWNER
Regarding the personal data processed within the scope of our Company’s activities, you have the following rights by applying to our Company within the framework of your rights listed in Article 11 of the KVVK;
- a) To learn whether their personal data is being processed,
- b) To request information if personal data has been processed,
- c) To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
- d) To know the third parties to whom personal data are transferred domestically or abroad,
- e) To request correction of personal data in case of incomplete or incorrect processing,
- f) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
- g) To request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data are transferred,
- h) To object to the occurrence of a result to the detriment of the person himself/herself by analyzing the processed data exclusively through automated systems,
- i) In case of damage due to unlawful processing of personal data, the right to demand compensation for the damage.
- CLOSING PROVISIONS
If you exercise your rights above and make an application to our Company on the above-mentioned issues, your requests in your application will be concluded free of charge within thirty (30) business days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost for the Company, the fee in the tariff determined by the Personal Data Protection Board may be requested.
In matters related to the processing of your personal data, you must submit your application to our Company by filling out and signing the application form on the Company’s website and proving your identity in person.
Contact Information of “Workinton Ofis Kafe Hizmetleri A.Ş.”
Headquarters Address: Levent 199 Side entrance, Büyükdere Caddesi No:199 Levent/Istanbul
Contact email address: kvkk@workinton.com.tr
The website address for contact: https://www.workinton.com/