• 0

OUR HR POLICY ON PERSONAL DATA PROTECTION


OUR HR POLICY ON THE PROTECTION OF PERSONAL DATA

(EMPLOYEES AND JOB CANDIDATES)

As the Human Resources Department of 2A MÜHENDİSLİK SAN. VE TİC. A.Ş., we attach utmost importance to the lawful protection and processing of personal data in accordance with the Personal Data Protection Law No. 6698 and act with this diligence in all our planning and activities.

We do not consider the protection and processing of personal data, which lies at the core of the right to privacy, merely as a matter of compliance with legislation; we place the value we attribute to human beings at the heart of our approach.

With this awareness, as the Human Resources Department, we take all administrative and technical measures to ensure the protection and processing of personal data. In order to ensure compliance with this Policy, activities are carried out to raise employee awareness, necessary onboarding and orientation processes are implemented for new employees, and required arrangements are made.

What Are Examples of Your Personal Data?

Full name, home address, e-mail address, citizenship/ID number (TCKN), driver’s license serial number, identity card serial number, fingerprint, date of birth, place of birth, X-ray, MR and similar medical records, blood type, telephone number, country, city, postal code or district, age, gender, criminal record, health records, bank account number, résumé, CV, academic information, marital status, information relating to children, emergency contact information, disability status, military service records, etc.

For Which Purposes and On What Legal Grounds Are Personal Data Processed?

Our Company processes personal data of both job candidates and employees for the following purposes:

  • Establishment and performance of the employment contract
  • Determining the suitability of candidates for the position during recruitment, verifying references and competencies
  • Execution of payments and benefits
  • Monitoring employees’ entitlements arising from labor law
  • Organizing trainings
  • Conducting performance evaluations
  • Assessing the qualifications required for a specific job or duty
  • Carrying out disciplinary investigations, collecting evidence in this context and, where necessary, terminating the employment contract
  • Contacting employees in emergencies
  • Fulfilling the Company’s obligations arising from labor law legislation
  • Carrying out basic human resources processes
  • Ensuring the security of data collected by the Company
  • Monitoring compliance with Company policies

                                                   

 

 

Our Company is obliged to record your personal data in order to process, store and, when required, delete such data.

Method of Collection of Personal Data

Your personal data is collected by our Company through the following means: completion of job application forms, CVs you share, job applications made via our website, job applications received through recruitment advertisements using consulting services, completion of forms defined in our procedures by our HR department, onboarding documents you submit during recruitment, forms you fill out during trainings, your AGI (minimum living allowance) forms, your daily time attendance (PDKS) records such as passwords, fingerprints and timesheets, and HR forms completed in response to requested information.

Sharing Your Personal Data with Third Parties

For your security and for the Company to fulfill its legal obligations, your personal data may be shared, to the extent permitted and required by legislation such as the Labor Law, Occupational Health and Safety Law, Social Insurance and General Health Insurance Law, Turkish Commercial Code, Personal Data Protection Law No. 6698, Identity Reporting Law and other applicable regulations, with the relevant institutions and organizations; including but not limited to public legal entities such as the Personal Data Protection Authority, the Ministry of Finance, the Ministry of Customs and Trade, the Ministry of Labor and Social Security, the Turkish Employment Agency (İş-Kur), and the Information and Communication Technologies Authority. For example, employees’ personal data is shared with the Social Security Institution to enable the payment of employer and employee social security premiums.

In addition, your personal data may be shared:

For the performance of the employment contract, in particular:

  • We may process your data in the Canias ERP accounting program in order to carry out payroll processes and update the relevant data. This data is stored within the application’s own data storage environment.

In order to fulfill requirements under the Labor Law, Occupational Health and Safety Law, Social Security Law and related legislation, as well as other applicable laws and regulations, in particular:

  • We may share data with consulting firms and private employment agencies we work with to obtain consultancy regarding the determination and calculation of incentives that can be utilized under R&D legislation.
  • We may share your health data with our workplace physician so that they can perform medical examinations and health checks.
  • We may transfer payroll information to Company auditors so that they can carry out audit activities.

 

In order to ensure security within the Company, in particular:

  • For workplace security, entrances/exits and working areas, excluding private areas (such as restrooms and cafeteria), are monitored by cameras from appropriate angles and distances. In the event of an incident, the relevant recordings may be shared with law enforcement authorities.

Due to our legal obligations, in particular:

  • In order for us to exercise our right of defense, we may share data with our lawyers and, where legally and procedurally appropriate, with the relevant authorities to comply with legal requests such as court orders or requests for evidence.

For the management of the Company, the conduct of business and the implementation of Company policies, in particular:

  • We may transfer your personal data to group companies to which we are affiliated or with which we work jointly, in order to ensure internal functioning. For example, we may share your personal data with insurance companies and agents for private health insurance, with travel agencies for hotel accommodation, flight tickets and visa processes, and with private institutions or İŞKUR for participation in trainings they organize.
  • To preserve the Company’s data storage capacity, we may transfer data to archiving companies so that it can be stored for required periods.
  • Certain of your personal data may be transferred to companies we work with for purposes such as transportation, vehicle provision, business card printing, e-mail signatures, and parking registration.

Transfer of Your Personal Data to Third Parties Abroad

With your consent, your personal data may be shared with third parties abroad for the purposes of providing communication during overseas travels and trainings, organizing travel arrangements, and sending bulk e-mails.

 

How Are Personal Data Stored and Protected?

  • Your personal data will be stored as confidential in the databases and systems of our Company in accordance with Article 12 of the PDPL (KVKK) and, except for legal obligations and the arrangements stated in this document, will not be shared with third parties in any way.
  • In accordance with Article 12 of the PDPL, our Company is obliged to prevent unlawful processing of your personal data, to prevent unauthorized access to the systems and databases in which your personal data is stored, and to take software-based measures such as access management and physical security measures.

 

For How Long Are Personal Data Stored?

  • Your personal data will be retained by us for the entire period of your employment, and for 10 years after your departure, taking into account the periods defined in the relevant legislation.

What Are Your Rights Under Article 11 of the PDPL (KVKK)?

Pursuant to the PDPL, by applying to our Company, you have the right to:

  1. a) Learn whether your personal data is being processed,
  2. b) Request information if your personal data has been processed,
  3. c) Learn the purpose of processing your personal data and whether it is used in accordance with that purpose,

ç) Know the third parties in Turkey or abroad to whom your personal data is transferred,

  1. d) Request correction of your personal data if it is incomplete or inaccurate,
  2. e) Request deletion or anonymization of your personal data within the framework of the conditions stipulated in Article 7 of the PDPL,
  3. f) Request that the transactions carried out pursuant to sub-paragraphs (d) and (e) above be notified to third parties to whom your personal data has been transferred,
  4. g) Object to the emergence of a result against you through the exclusive analysis of your data by automated systems,

ğ) Request compensation for damages if you suffer damage due to unlawful processing of your personal data.

Where Should I Apply Regarding the Status of My Personal Data?

For matters relating to your Personal Data as defined in this Policy, you should apply:

  • In person, with identity verification,
  • Through a notary public,
  • By e-mail to [email protected] together with the HR PDPL Application Form (signed and scanned),
  • Or in writing, with the PDPL Application Form, to the Human Resources Directorate.

How Long Does It Take for My Application Regarding My Personal Data to Be Concluded?

Your request submitted via petition or e-mail will be answered via the same communication channel within 30 days.