SOCAR TÜRKİYE CONTRACTOR PRE-APPROVAL PROCESSES PRIVACY NOTICE
Pursuant to Article 10 titled “Data Controller’s Obligation to Inform” of the Personal Data Protection Law No. 6698 (“PDPL” or “Law”) published in the Official Gazette dated April 7, 2016 and numbered 29677, which aims to protect the fundamental rights and freedoms of individuals, especially the right to privacy in the processing of personal data, and the Communiqué on the Procedures and Principles in Fulfilling the Obligation to Inform published in the Official Gazette dated March 10, 2018 and numbered 30356,
As STAR RAFİNERİ ANONİM ŞİRKETİ, PETKİM PETROKİMYA HOLDİNG ANONİM ŞİRKETİ, SOCAR TURKEY AKARYAKIT DEPOLAMA ANONİM ŞİRKETİ, SOCAR TURKEY PETROL TİCARET ANONİM ŞİRKETİ, AZOİL PETROLCÜLÜK ANONİM ŞİRKETİ, SOCAR TURKEY YATIRIM ANONİM ŞİRKETİ, PETLİM LİMANCILIK TİCARET ANONİM ŞİRKETİ, SOCAR ALİAĞA LİMAN İŞLETMECİLİĞİ ANONİM ŞİRKETİ, SOCAR TURKEY ENERJİ ANONİM ŞİRKETİ (collectively referred to as “SOCAR Türkiye” and/or “Company”), as the data controller, we aim to inform you about your personal data processed within the scope of the processes you carry out as a contractor with this SOCAR Türkiye Contractor Pre-Approval Processes PDPL Privacy Notice (“Privacy Notice”).
As SOCAR Türkiye, we would like to indicate that we take utmost care to carry out our personal data processing, collection and storage activities in accordance with the basic principles of the PDPL, that we take the necessary administrative and technical measures, that we closely follow the decisions and guidelines published by the Personal Data Protection Board (“Board”), and that we especially aim to carry out measured and purposeful personal data collection and processing activities. SOCAR Türkiye is based on the PDPL, regulations, communiqués, Board decisions and guidelines regarding the processing of your personal data, but also adopts national and/or international best practices in order to ensure your privacy.
In this context, SOCAR Türkiye embraces the following principles regarding the processing of your personal data:
Being accurate and up to date when necessary,
Processing for specific, explicit and legitimate purposes,
Being relevant, limited and proportionate to the purpose for which personal data are processed,
Retention for the period stipulated in the relevant legislation or required for the purpose for which they are processed,
Data minimization,
Privacy by design,
Privacy by default
1. PROCESSED PERSONAL DATA
|
DATA CATEGORY |
PERSONAL DATA |
|
Identity Information |
Name-Surname |
|
Contact Information |
Address, E-Mail, Cell Phone Number |
|
Transaction Security Information |
Username, Password Information |
|
Professional Experience Information |
Last Workplace Information, Title Information |
2. PURPOSE OF PROCESSING YOUR PERSONAL DATA, METHOD OF COLLECTION AND LEGAL GROUNDS
We process your personal data to fulfill the following purposes and based on the following legal grounds:
|
PROCESS |
PROCESSING PURPOSES |
LEGAL GROUND |
|
Platform Registration Processes |
Execution of registration processes through the platform for the execution of service and/or business processes by contractors |
It is necessary to process personal data of the parties of a contract, provided that such processing is directly related to the establishment or performance of the contract. |
|
Legal Processes |
Fulfillment of our burden of proof in the event of any dispute, |
It is mandatory to process data for the establishment, exercise or protection of a right |
3. TRANSFER OF YOUR PERSONAL DATA
As SOCAR Türkiye, if it is necessary to domestically transfer your personal data processed within the scope of the Privacy Notice, we transfer your personal data in accordance with Article 8 of the Law, and if it is necessary to transfer your personal data abroad, we transfer your personal data by acting in accordance with the regulations set out in Article 9 of the Law and by complying with the general principles of the Law.
As SOCAR Türkiye, we comply with all international data transfer obligations within the scope of the Law, and in accordance with the Law and the relevant secondary legislation, we take steps to ensure that there is adequate protection in case of a transfer abroad. In particularly, these steps include the signing of standard contractual clauses regarding the transfer of personal data abroad determined by the Personal Data Protection Authority (“Authority”), the execution of transfers based on binding company rules approved by the Authority and/or a written undertaking containing provisions to ensure adequate protection, or in case of incidental transfer, the transfer is carried out based on legal grounds within the scope of Article 9(6) of the Law.
For transfers based on standard contractual agreements, you may obtain a copy of such standard contract by contacting SOCAR Türkiye Compliance Department at compliance@socar.com.tr.
We transfer your personal data to the recipient groups based on the following legal grounds to achieve the following purposes:
|
PURPOSES OF TRANSFER |
LEGAL GROUND |
DATA CATEGORY |
RECIPIENT GROUPS |
|
Transfers are made to various information technology companies in order to fulfill the following purposes: |
Standard Contractual Clauses |
Identity Information |
Business Partners |
|
Sharing the information requested from SOCAR Türkiye with authorized public institutions and organizations, courts, prosecutor's offices, law enforcement agencies and other judicial/administrative authorities for the purpose of exercising our legal rights such as the execution of legal disputes and rights of lawsuit and reply |
Establishment, Exercise or Protection of a Right |
Identity Information |
Natural Person or Private Legal Persons |
|
Sharing information and documents requested from public institutions and Organizations |
Fulfillment of legal obligations |
Identity Information |
Public Institutions and Organizations |
4. HOW DO WE COLLECT YOUR PERSONAL DATA?
We collect your personal data that we require to achieve the above-mentioned personal data processing purposes physically or electronically by automatic and/or non-automatic methods.
5. WHAT MEASURES DOES SOCAR TÜRKİYE TAKE TO ENSURE THE SECURITY OF YOUR PERSONAL DATA?
As SOCAR Türkiye, we take all necessary administrative and technical measures to ensure that your personal data is not processed OR accessed unlawfully and that your personal data is stored securely.
6. RIGHTS OF THE DATA SUBJECT WHOSE PERSONAL DATA IS PROCESSED
You may exercise the following rights in accordance with Article 11 of the PDPL to ensure the legal protection of your personal data:
To learn whether your personal data is being processed,
To request information on how your personal data is processed in case your personal data has been processed,
To learn the purpose of processing your personal data and whether it is used in accordance with this purpose,
To obtain information about the persons to whom your personal data is transferred/shared domestically or abroad,
To request correction of your personal data in case of incomplete or incorrect processing,
To request its deletion or disposal if the conditions stipulated by the PDPL are met,
In case of correction, deletion and disposal of your personal data, to request notification of this situation to third parties previously shared/transferred,
To object to the occurrence of a result to your detriment by analyzing your personal data exclusively through automated systems,
If you suffer damage due to processing in violation of the PDPL, you have the right to demand compensation for the damage.
You may submit your requests within the scope of Article 11 titled “Rights of the Data Subject” of the PDPL in writing to “Ayazağa Mahallesi Azerbaycan Cad. Vadistanbul - SOCAR Plaza 1D Blok Apt No: 3 E/1, 34485, Sarıyer / İstanbul” in accordance with the procedures and principles in the “Communiqué on the Procedures and Principles of Application to the Data Controller”, and you may also send all your questions and information requests to SOCAR Türkiye Compliance Department via the e-mail address compliance@socar.com.tr.
In the application you may make to exercise your rights mentioned above, the requested matter must be specified clearly and comprehensibly. Information and documents related to the application must be attached to the application.
Your rights and requests regarding your personal data are evaluated and answered within 30 days at the latest from the date of receipt. In the event that your application is evaluated unfavorably, the reasons for the justified rejection shall be sent to the address you provided in the application, primarily by e-mail or postal mail and, if possible, through the method in which the request was made. If the transaction requires an additional cost, the tariff determined by the Board may be applied.