Privacy Notice on the Protection of the Personal Data of Prospective Employee/Intern
This Privacy Notice outlines the principles of processing your personal data in accordance with the Personal Data Protection Law (the “Law”) No. 6698 and the related regulations by the data controller Sabancı Dijital Teknoloji Hizmetleri A.Ş. located at “Küçük Çamlıca Mahallesi, Kısıklı Caddesi, No. 56, Üsküdar/ISTANBUL” (the “Company”).
1. Purpose of Personal Data Processing
Your identity, communication, professional experience, personnel record and visual records data, collected as a result of your application to work in our company, are processed in accordance with the basic principles stipulated by the Law; for the purposes of receiving your job application, examining your resume and investigating your suitability for the job description, conducting the recruitment processes and contacting you in this context within the scope of the contractual relationship based on the execution of the recruitment process; additional disability/health information obtained from the disabled prospective employees is processed for the purpose of evaluating the suitability of your health condition for the relevant position. It is your responsibility to share with our Company the correct information about your reference and obtain approval from your reference so that we can contact them where requested by our company or specified on your CV.
We would also like to mention that please make sure that the resume you have submitted to us does not contain any personal data of special nature (race, ethnicity, political opinion, philosophical belief, attire and dress, membership to associations, foundations or trade unions, data on health, sexual life, criminal convictions and security measures, biometric and genetic data).
We would also like to mention that please make sure that the resume you have submitted to us does not contain any personal data of special nature (race, ethnicity, political opinion, philosophical belief, attire and dress, membership to associations, foundations or trade unions, data on health, sexual life, criminal convictions and security measures, biometric and genetic data).
2. Places and Purpose of Transfer of Processed Personal Data
Your personal data may be transferred in accordance with Articles 8 and 9 of the Law to our business partners, suppliers, sub-employers, our domestic and/or foreign group companies whose servers provide the systems used for the continuation of business activities, to our domestic and/or foreign group companies, and to the relevant official institutions. The purpose of processing personal data and the purpose of transferring the data are aligned to each other.
Our company cooperates with intermediary institutions for auxiliary works such as the creation or storage of business processes, working hours and documents in the personnel file. Your personal data may be shared with these institutions in accordance with the Law so that they can fulfill their duties. We stress that the relevant institutions do not have the right to use this data for any other activity.
Our company cooperates with intermediary institutions for auxiliary works such as the creation or storage of business processes, working hours and documents in the personnel file. Your personal data may be shared with these institutions in accordance with the Law so that they can fulfill their duties. We stress that the relevant institutions do not have the right to use this data for any other activity.
3. Method of Personal Data Collection and Legal Reason
Your personal data are collected within the scope of conducting the recruitment processes through our websites or various websites that allow you to apply for a job on the Internet, through online CV sharing media such as LinkedIn, through the Turkish Employment Agency, through e-mails sent by you, by phone or in a physical environment within the scope of evaluating and finalizing your job application and your suitability for the relevant position.
Additionally, your personal data is processed based on the following legal grounds under the Law: Article 5/1: Based on your explicit consent. Article 5/2(a): As explicitly required by laws. Article 5/2(c): When necessary for the establishment or performance of a contract directly related to the data subject. Article 5/2(ç): When required for the data controller's legal obligations. Article 5/2(d): When made public by the data subject. Article 5/2(f): When necessary for the data controller’s legitimate interests, provided that it does not harm the data subject’s fundamental rights and freedoms. Article 6: For compliance with legal obligations related to employment, occupational health and safety, social security, social services, and social aid.
Additionally, your personal data is processed based on the following legal grounds under the Law: Article 5/1: Based on your explicit consent. Article 5/2(a): As explicitly required by laws. Article 5/2(c): When necessary for the establishment or performance of a contract directly related to the data subject. Article 5/2(ç): When required for the data controller's legal obligations. Article 5/2(d): When made public by the data subject. Article 5/2(f): When necessary for the data controller’s legitimate interests, provided that it does not harm the data subject’s fundamental rights and freedoms. Article 6: For compliance with legal obligations related to employment, occupational health and safety, social security, social services, and social aid.
4. Methods of Application to the Data Controller and Your Rights
Further to Article 11 of the Law, you have the rights to apply to our Company and a) learn whether your personal data are processed, b) request information if they are processed, c) learn the purpose of processing and whether they are used in accordance with the purpose, d) learn the parties to whom they are transferred domestically / abroad, e) request their correction if they are processed incompletely / wrong, f) request their deletion / destruction in accordance with the requirements of Article 7 of the Law, g) request communication of the foregoing actions listed in items (e) and (f) to the third parties to whom the data are transferred, h) object to the occurrence of any negative outcome due to their being analyzed exclusively by automatic systems, i) claim recovery of damages if you are damaged due to their processing against the Law.
You can send your applications related to your foregoing rights by completing the Data Subject Application Form accessible on our website, by sending mail to the foregoing address of our Company, or by sending to the registered e-mail address at sabancidijital.kvk@sabancidijital.hs03.kep.tr .
Our company resolves your requests free of charge as soon as possible according to the nature of the request, and not later than thirty days. However, if the action requires any extra cost, then it may be charged. Our company may accept and process the request or decline it in writing by explaining the reason.
If your application is rejected following the procedures outlined above, if the response is found to be inadequate, or if no response is provided within the stipulated time, you have the right to file a complaint with the Personal Data Protection Authority (“Authority”) within thirty days of the notification of the response or within sixty days from the date of application. However, you cannot proceed with a complaint before exhausting the application process.
The Authority conducts the required inspection in their field of duty automatically upon complaint or when they are informed of a claim of violation. Upon complaint, the Authority examines the request and answers to the related parties. Unless the complaint is answered within sixty days, the request shall be considered as declined. If the reason for violation is determined to have resulted from the review of the complaint or automatic inspection, the Authority shall decide on the correction of the legal violations by the controller and submits the decision to the related parties. This decision shall be fulfilled immediately after has been communicated, and not later than thirty days. The board may decide to cease the processing of data or transfer of the data abroad in the event that damages deemed difficult or impossible to repair arise and which represent an explicit violation of law.
We would like to inform you that your data are carefully protected at our Company and thank you for your confidence.
You can send your applications related to your foregoing rights by completing the Data Subject Application Form accessible on our website, by sending mail to the foregoing address of our Company, or by sending to the registered e-mail address at sabancidijital.kvk@sabancidijital.hs03.kep.tr .
Our company resolves your requests free of charge as soon as possible according to the nature of the request, and not later than thirty days. However, if the action requires any extra cost, then it may be charged. Our company may accept and process the request or decline it in writing by explaining the reason.
If your application is rejected following the procedures outlined above, if the response is found to be inadequate, or if no response is provided within the stipulated time, you have the right to file a complaint with the Personal Data Protection Authority (“Authority”) within thirty days of the notification of the response or within sixty days from the date of application. However, you cannot proceed with a complaint before exhausting the application process.
The Authority conducts the required inspection in their field of duty automatically upon complaint or when they are informed of a claim of violation. Upon complaint, the Authority examines the request and answers to the related parties. Unless the complaint is answered within sixty days, the request shall be considered as declined. If the reason for violation is determined to have resulted from the review of the complaint or automatic inspection, the Authority shall decide on the correction of the legal violations by the controller and submits the decision to the related parties. This decision shall be fulfilled immediately after has been communicated, and not later than thirty days. The board may decide to cease the processing of data or transfer of the data abroad in the event that damages deemed difficult or impossible to repair arise and which represent an explicit violation of law.
We would like to inform you that your data are carefully protected at our Company and thank you for your confidence.
