EMACONN B.V.
EMPLOYEE DISCLOSURE TEXT ON THE PROTECTION OF PERSONAL DATA

Data Controller; EMACONN B.V. (hereinafter referred to as “the company” or “Emaconn”), this clarification text has been prepared and announced in order to inform about the procedures and principles to be followed in the protection of personal data of employees in their relations with our company in accordance with the Personal Data Protection Law No. 6698 (hereinafter referred to as “PDPL”) and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform (hereinafter referred to as “Communiqué”).

Article 10 of the LPPD: “During the acquisition of personal data, the data controller or the person authorized by the data controller is obliged to inform the relevant persons about; the identity of the data controller and its representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data may be transferred, the method and legal reason for collecting personal data, and other rights listed in Article 11.”

We will protect your personal data below under all circumstances;

  • In accordance with the law and good faith,
  • By maintaining the accuracy of the personal data you share and the most up-to-date version as you have notified us,
  • For specific, explicit and lawful purposes,
  • In connection with, limited and proportionate to the purpose for which they will be processed,
  • We will process them by keeping them for the period stipulated in the relevant legislation or required for the purpose for which they are processed,

We declare that it may be processed under the conditions and according to the general principles stipulated by the PDPL

Basic Definitions in the Law

Personal Data: Any information relating to an identified or identifiable natural person.

Processing of Personal Data: Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.

Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Explicit Consent: Consent on a specific subject, based on information and expressed with free will.

Board: refers to the Personal Data Protection Board.

Personal Data of Employees

Personal data of employees may be processed by our Company in line with the purposes and processing conditions specified in this text. Personal data subject to processing are as follows:

Identity Data: Name, surname, parents’ name, date of birth, ID number, gender, marital status, identity card serial number, nationality, passport information, job and title information, vehicle license plate, family relatives information.

Contact Data: Telephone number, e-mail address, address information, internal contact information (company telephone number, internal telephone number, corporate e-mail address, registered e-mail address).

Financial Data: Bank IBAN number, payrolls, file and debt information regarding enforcement proceedings.

Legal Action Data: Information in correspondence with judicial authorities, information in the case file, etc.

Professional Experience Data: Education level, vocational training information, certificate and diploma information, language information, courses attended, training and skills, work experience, transcript information.

Audio and Visual Data: Photographs, video recordings, camera recordings of a real person.

Transaction Information Data: IP address information, website login and logout records,

Personnel Data: Payroll information, disciplinary investigation, employment records, resume information, performance evaluation reports, insurance information, criminal record, leave of absence and return from leave, military service information, department and unit.

Location Data: Location information of the current location, etc.

Health Data: Health report, blood type, personal health information, health and maternity leave documents, information on disability status, information on devices and prostheses used.

Criminal Conviction: Information on criminal convictions, information on security measures.

Other Data: Signature, Dress and body information, Religion and blood group information written on the identity card.

Purpose of Processing Personal Data

Within the scope of Article 10 of the LPPD and Article 5 of the Communiqué, personal data of employees may be processed for the following purposes in accordance with the processing conditions specified in Article 4 of the LPPD:

  • Depending on the service contract; fulfillment of service obligations, fulfillment of employer responsibilities, ensuring occupational safety, management, supervision and performance of work,
  • Receiving and evaluating suggestions for the Improvement of Business Processes,
  • Informing about changes that may occur in our terms of service,
  • Preparation of all records and documents that will be the basis of the transaction in electronic (internet/mobile etc.) or physical environment,
  • Execution of contract processes within the scope of the Labor Law and all other legislation,
  • Providing information to public officials on matters related to public security upon request and as required by legislation,
  • Fulfillment of legal obligations and exercise of rights arising from applicable legislation,
  • Fulfillment of the legal obligation if requested by the relevant authority within the scope of judicial and administrative investigations and if it is mandatory to respond,
  • Execution of Emergency Management Processes
  • Execution of Information Security Processes
  • Fulfillment of employment contractual and regulatory obligations for employees,
  • Execution of Employee Candidate / Intern / Student Selection and Placement Processes
  • Execution of Employee Satisfaction and Loyalty Processes
  • Carrying out activities to provide training to employees,
  • Conducting Audit / Ethics Activities,
  • Conducting Training Activities
  • Conducting business activities,
  • Organization, promotion and event management,
  • Conducting occupational health and safety activities,
  • Execution of assignment processes,
  • Conducting communication activities,
  • Carrying out accounting and financial affairs,
  • Execution of Performance Evaluation Processes
  • Carrying out storage and archive activities,
  • Ensuring the Security of Movable Property and Resources,
  • Execution of Wage Policy
  • Ensuring the Security of Data Controller Operations
  • Ensuring physical space security,
  • Execution of Management Activities,
  • Informing authorized public institutions and organizations.

Method and Legal Grounds for Collecting Personal Data

Personal data may be obtained directly from the data subject, third parties and legal authorities during the establishment of a legal relationship. In this context, personal data may be collected verbally, in written or electronic media through tools such as electronic mail, application forms and through written or verbal communication channels. In order for employers to fulfill their obligations arising from the employment contract and laws in accordance with the legislation, especially the Labor and Social Security Laws, in accordance with the legal obligation and legitimate interest of the Company to ensure workplace security, we collect it through the cameras we place in the workplace building.

Pursuant to Article 5 of the LPPD, personal data cannot be processed without the explicit consent of the data subject. As an exception, the Law specifies the cases where explicit consent will not be sought. Personal data may be processed by our company without seeking explicit consent if there is an explicit provision in the law, provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract, it is mandatory for the company to fulfill its legal obligation, it has been made public by the person concerned, data processing is mandatory for the establishment, use or protection of a right, provided that it does not harm the fundamental rights and freedoms of the person concerned, if data processing is mandatory for the legitimate interests of the data controller.

In order for our Company to continue its activities, personal data may be processed within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the PDPL and in line with the principles and procedures stipulated by other relevant legislation, for the above-mentioned legal reasons in order to achieve the purposes specified in this Clarification Text and to fulfill legal obligations.

Sharing of pictures, videos, etc. on the website, social media accounts and your sensitive personal data can be processed by requesting your explicit consent within the scope of the principle of proportionality.  

To whom and for what purpose personal data can be transferred

Employees’ personal data may be transferred to suppliers, shareholders, authorized dealers, private law persons from whom services are received (in the fields of security, training, audit, event and organization, health, occupational safety, law, etc.), independent audit institutions, financial institutions, domestic business partners, domestic storage, archiving, information technology support companies (server, hosting, program, cloud computing), legally authorized business partners, domestic business partners, storage, archiving, information technology support companies (server, hosting, program, cloud computing). (security, training, audit, event and organization, health, occupational safety, law, etc.), independent audit institutions, financial institutions, domestic business partners, domestic storage, archiving, information technology support companies (server, hosting, program, cloud computing), legally authorized public institutions and private law persons.

Retention Period of Personal Data

In accordance with the provisions of the PDPL, your personal data, which have been processed for the purposes specified in this “Clarification Text on the Processing of Personal Data”, will be deleted, destroyed or anonymized and will continue to be used by us, taking into account the Personal Data Retention and Destruction Policy, when the purpose that requires processing according to Article 7 / f.1. of the PDPL disappears and / or when the statute of limitations that we are required to process your data in accordance with the legislation expires.

Rights of the Relevant Person

The relevant person, to learn whether his personal data is processed, to request information if his personal data has been processed, to learn the purpose of processing personal data and whether they are used in accordance with their purpose, to know the third parties to whom personal data is transferred domestically or abroad, to request correction of personal data in case of incomplete or incorrect processing, although it has been processed in accordance with the provisions of PDPL and other relevant laws, to request the deletion or destruction of personal data in the event that the reasons requiring the processing of personal data disappear, to request notification to third parties to whom personal data is transferred in case of deletion, destruction or correction of personal data upon request by our company, to object to the occurrence of a result against the person himself/herself by analyzing the processed data exclusively through automated systems, to demand the compensation of the damage in case of damage due to unlawful processing of personal data.

Exceptions to the Right to Apply

Pursuant to Article 28/2 of the Law, the persons concerned will not be able to benefit from the rights set forth in Article 11 of the Law, except for the right to claim compensation for damages in the following cases

Processing of personal data is necessary for the prevention of crime or criminal investigation,

Processing of personal data made public by the data subject himself/herself.

Application Method

Requests within the scope of the rights listed in Article 11 of the Personal Data Protection Law No. 6698, Article 13 of the PDPL and Article 5 of the Communiqué on the Procedures and Principles of Application to the Data Controller can be applied by one of the methods described in the application form.

The applications submitted to the Company will be answered within 30 days from the date the request is received by the Company, depending on the nature of the request, in accordance with Article 13/2 of the PDPL. However, if the transaction requires an additional cost for the Company, the fee in the tariff determined by the Personal Data Protection Board in the Communiqué on the Procedures and Principles of Application to the Data Controller may be charged. The answers regarding the application will be delivered to the applicant in writing and electronically in accordance with Article 13 of the PDPL.

DATA CONTROLLER CONTACT INFORMATION

EMACONN B.V.

Web Address: www.emaconn.nl

E-mail: info@emaconn.nl

Address: Joop Geesinkweg 901-999 1114 AB Amsterdam