Protection of Personal Data

GÜMRÜK VE TURİZM İŞLETMELERİ TİCARET ANONİM ŞİRKETİ
CLARIFICATION TEXT REGARDING DATA PROTECTION AND PROCESSING

Your security matters to us!

With hereby Clarification Text, our goal is to provide information regarding your personal data processed by our Association GÜMRÜK VE TURİZM İŞLETMELERİ TİCARET A.Ş. (“GTI” or “Company”) in accordance with Communiqué on the Procedures and Principles to be Complied with in the Fulfillment of the Obligation to Inform Data Subjects published in the Official Gazette dated March 10th 2018 Nr. 30356 and article 10 titled “Data Controller’s Obligation to Inform” of Turkish Personal Data Protection Law no. 6698 (“KVKK” or “Law”) published in the Official Gazette dated April 7th 2016  Nr. 29677 which aims to protect basic rights and freedoms of individuals with  regards to processing personal data, particularly the right to privacy. 

1. DATA CONTROLLER

GTI has been vested the title of “Data Controller” in accordance with KVKK and relevant regulation with regards to personal data gathered from our employee candidates and can be contacted using the contact information provided below.

Headquarters Address : Dumlupınar Bulvarı No: 252 (Eskişehir Yolu 9. Km) TOBB İkiz Kuleler C Blok Kat 25-26 06520 Çankaya/ANKARA
Phone : 0 (312) 218 82 00
Fax  : 0 (312) 218 82 00
Website :  http://www.gtias.com.tr
E-Mail  :  info@gtias.com.tr

2. PERSONAL DATA BEING PROCESSED

The personal data listed below are processed within the scope of your relationship with the Company;

(i) Your Personal Identifying Information: name surname, place of birth, date of birth, age, photograph, copy of identity card, and identity number; 

(ii) Your Contact Information: Address, e-mail, phone, place of residence;

(iii) Your Education, Work, and Professional Life Data: employment history, name of the employee, alma mater, professional competencies, CV information, military service;

(iv) Your Finance and Bank Account Data: your bank account number, IBAN number and similar banking data,

(v) Your data regarding visual and audio recordings: photograph;

(vi) Data Regarding Security of our Company Campus: Facility entrance and exit records and camera recordings; 

(vii) Your location data;

(viii) Your Cyber Security Data: User names, passwords, audit trails, IP address, website access logs, and data regarding cyber security which includes logs;

(ix) Your Legal Transaction Data;

(x) Criminal conviction and security measures data; criminal record information

3. REASONS FOR PERSONAL DATA PROCESSING 

Your personal data gathered according to your relationship with the company and within this scope may be processed based on the reasons listed below.

• Your personal data gathered according to your relationship with the company and within this scope may be processed based on the reasons listed below.
• Developing and diversifying our services,
​• Conducting our quality and standards audits,
​• Meeting information demands of public institutions and organizations,
​• Ensuring legal and commercial security,
​• Holding and storing case files and written warnings for the purpose of legal proceedings, managing execution proceedings,
​• Issuing and storing letters of attorney,
​• Storing contracted lawyer information and issuing letters of attorney and statements of signature in their name
​• Finance and/or accounting follow-up,
​• Preparing and submitting offers,
​• Preparing contract and managing contractual procedures, safekeeping contracts, handling judicial procedures, and monitoring judicial procedures
​• Receiving specimens of signature,
​• Preparing tenders, managing tender procedures, and managing business relationships with companies to which tenders have been awarded,
​• Storing tender audio and video recordings,
​• Creating invoices, receipts, notes of expenses, accounting records, current account deficit cards, creating accounting records of contracts and statements arising from contracts and invoices,
​• Making payments to private companies,
​• Returning letters of guarantee,
​• Invoicing foreign entities,
​• Ensuring security of physical environments, 
​• Coordinating hospitality processes,
​• Handling travel organizations, flight and hotel reservations, 
​• Handling insurance procedures arising from damages and accidents at border gates,
​• Recording commercial vehicles passing through border gates
​• Managing activities of Board of Directors,
​• Managing communication activities, organizing interviews for individuals and groups that with to contact senior management, and hosting guests,
​• Keeping electronic guide records,
​• Collecting trainees’ information within the scope of Joint Training Program,
​• Handling works and procedures of the hotels operated by our company,
​• Preparing introductory documentation,
​• Conducting routine monitoring of company mail address and submitting it to relevant departments,
​• Tracking incoming-outgoing documents; keeping, numbering, and sending records to relevant department,
​• Handling annual healthcare insurance procedures of the general manager and his family,
​• Storing subcontractor employees’ data and ensuring monitoring of their payrolls,
​• Handling works and procedures of Taşodalar Hotel which is operated by our company,

4. TRANSFER OF PROCESSED PERSONAL DATA

Your personal data may be shared with departments within the company, domestic public institutions and organizations, third party real and legal entities with which we have a relationship, contracted lawyers, business partners, agencies, insurance companies, and suppliers within the scope of provisions of the Law regarding transfer of personal data and transfer overseas and for the purposes stated in article 3 of hereby Clarification Text.

5. PERSONAL DATA GATHERING METHODS AND LEGAL REASONS

GTI collects your personal data from you, third parties, and legal authorities through the Internet, phone, e-mail and from physical, written, oral, and electronic media while you are establishing a business relationship with our Company and throughout such relationship in order to provide the purpose and services listed above within the framework stipulated in articles 5/2/a, 5/2/c, 5/2/ç, 5/2/e, 5/2/f, 6/2, and 8 of the law.

6. INDIVIDUAL RIGHTS REGARDING PROCESSED DATA

According to provision of article 11 of the Law, you have the rights listed below regarding your personal data.

​• Find out whether your information have been processed,
​• Request information regarding your processed information, if any.
​• Learn the reason why your personal data have been processed and whether it has been used,
​• Learn the domestic and foreign third persons to which your personal data have been transferred,
​• Request correction if your personal data have been processed partially or incorrectly,
​• Request deletion or destruction of your personal data,
​• Request notification of the third persons to which your personal data have been transferred if your personal data have been corrected, deleted, or destroyed.
​• Object to any result that is detrimental for the individual which has been obtained through analysis of the processed data by use of automated systems exclusively,
​• Demand indemnification due to damages incurred based on illegal processing of personal data.

7. IF YOU WISH TO CONTACT US REGARDING YOUR RIGHTS AND REQUESTS

You may submit your requests within the scope of the rights listed above through notary by writing to GTI at the address “Dumlupınar Bulvarı No: 252 (Eskişehir Yolu 9. Km) TOBB İkiz Kuleler C Blok Kat 25-26 06520 Çankaya/ANKARA” or by using safe electronic signature, mobile signature, or the electronic mail address which has been previously presented to our Company by you or is recorded in our Company’s system.

Any application in this context will be accepted following an identity authentication; your application will be concluded as soon as possible and at least within 30 days depending on its quality. In terms of written replies, no fee shall be charged up to 10 pages; however, Data Controller may charge the transaction fee stated in article 7 of Communiqué Concerning the Procedures and Principles of Application to Data Controller for each page after the 10 pages. A fee equal to the cost of the recording medium may be charged if reply to the application is sent in a recording medium such as a CD or flash drive. 

DATA CONTROLLER
GÜMRÜK VE TURİZM İŞLETMELERİ TİCARET A.Ş.