INFORMATION NOTICE PURSUANT TO THE LAW NO. 6698 ON THE PROTECTION OF PERSONAL DATA
This “Information Notice” is presented by OSKİM OTOMOTİV SANAYİ VE TİCARET ANONİM ŞİRKETİ (the “Company”) in its capacity as “Data Controller” within the scope of the Law No. 6698 on the Protection of Personal Data (“LPPD”), in order to inform you about the purposes of processing your personal data, to whom and for what purposes they may be transferred, the methods and legal grounds for the collection of your personal data, and your rights under Article 11 of the LPPD.
This Information Notice has been prepared within the framework of the “Obligation of the data controller to inform” regulated in Article 10 of the LPPD, in the capacity of data controller. This Information Notice, prepared in accordance with the LPPD, is made available to natural persons whose personal data is processed.
Scope and Purpose of the Information Notice:
The following matters are specified in detail in the Information Notice:
- Methods and legal grounds for the collection of personal data,
- Data categories and sample data types,
- Purposes for which the relevant personal data is processed,
- To whom and for what purposes personal data may be transferred,
- Sharing of personal data with public institutions and organizations and official authorities,
- What the rights of data subjects are over their own personal data and how they can exercise these rights,
- Method of application to the data controller.
Methods and Legal Grounds for the Collection of Personal Data
The Company collects personal data through the data subject himself/herself, call center, social media applications, CCTV, website, cookies, and other communication channels, in audio, electronic, or written form, in accordance with the personal data processing conditions specified in the LPPD and in line with the legal grounds stated in this Information Notice.
Data categories and data types
No | Data Subject | Data Category | Sample Data Types |
1. | Customer | Identity Information | Name-Surname, Gender, Turkish ID Information (ID booklet serial no, family sequence no, etc.), Passport Number, Nationality |
Contact Information | Address (home/work), E-mail, Phone / Mobile Phone | ||
Financial Information | Payment Information, Invoice Information | ||
Other | Call Center Records, CCTV | ||
2. | Visitor | Identity Information | Name-Surname |
Contact Information | E-mail, Phone / Mobile Phone | ||
Other | Vehicle License Plate, CCTV | ||
3. | Online Visitor | Transaction Security Information | Law No. 5651 Logs, Traffic Information |
Transaction Information | IP Address, Member Information | ||
4. | Supplier | Identity Information | Name-Surname, Driver’s License Information |
Contact Information | Address, E-mail, Phone / Mobile Phone | ||
Financial Information | Invoice Information | ||
Legal Proceedings and Compliance Information | Signature Circulars, Activity Information | ||
Other | Vehicle Inspection Information, CCTV, Certificates |
Purposes for which the relevant personal data is processed
- Execution of Emergency Management Processes,
- Execution of Information Security Processes,
- Execution of Employee Candidate / Intern and Employee Candidate Application Processes,
- Fulfillment of Obligations Arising from Employment Contracts and Legislation for Employees,
- Execution of Fringe Benefits and Entitlements Processes for Employees,
- Execution of Audit / Ethics Activities,
- Execution of Training Activities,
- Execution of Access Authorizations,
- Execution of Activities in Compliance with Legislation,
- Execution of Finance and Accounting Operations,
- Execution of Company / Product / Service Loyalty Processes,
- Execution of Assignment Processes,
- Monitoring and Execution of Legal Affairs,
- Execution of Internal Audit / Investigation / Intelligence Activities,
- Execution of Communication Activities,
- Planning of Human Resources Processes,
- Execution / Supervision of Business Activities, Execution of Occupational Health / Safety Activities,
- Receiving and Evaluating Suggestions for the Improvement of Business Processes,
- Execution of Business Continuity Activities,
- Execution of Logistics Activities,
- Execution of Goods / Services Procurement Processes,
- Execution of Goods / Services After-Sales Support Services,
- Execution of Goods / Services Sales Processes,
- Execution of Customer Relationship Management Processes,
- Execution of Customer Satisfaction Activities,
- Execution of Performance Evaluation Processes,
- Execution of Contract Processes,
- Execution of Supply Chain Management Processes,
- Execution of Remuneration Policy,
- Execution of Product / Service Marketing Processes,
- Execution of Talent / Career Development Activities,
- Providing Information to Authorized Persons, Institutions and Organizations, Processing Pursuant to Law No. 5651,
- Resolution of Customer Problems and Complaints,
- Ensuring Corporate Communication,
- Planning and Execution of Certification Activities,
- Execution of Import / Export Processes,
- Execution of Information and Communication Technologies Processes,
- Necessary Operational Activities to Ensure Execution in Compliance with Company Procedures and/or Relevant Legislation,
- Execution of Legal Incentive Processes,
- Use as Evidence in Potential Disputes,
- Fulfillment of Obligations Arising from Law No. 5615,
- Ensuring Employees Benefit from Social Insurance and General Health Insurance Rights
To whom and for what purposes personal data may be transferred
Personal data may be transferred domestically and abroad to the following recipient groups: Certified Public Accountants, Lawyers, Banks, Public Procurement Authority, Real persons or private law legal entities, Business Partners, Affiliates and Subsidiaries, Authorized Public Institutions and Organizations, Suppliers, Customers, and Dealers, within the scope of the purposes of Execution of Activities in Compliance with Legislation, Fulfillment of Legal Responsibilities, Making Employee Salary Payments to Companies Operating in the Banking Sector, and Execution / Supervision of Business Activities.
Sharing of Personal Data with Public Institutions and Organizations and Official Authorities
No | Data Subject | With Whom and For What Purpose Are Personal Data Shared? |
1. | Customer | Traffic information arising from the internet usage provided at Company premises; sharing with public institutions and organizations authorized to request such information by law within the scope of legal obligations (including but not limited to combating crime, threats to state and public security, and other situations where the Company has a legal or administrative obligation to notify or provide information); sharing of log records with official institutions |
2. | Visitor / Online Visitor | Personal data related to membership and traffic information such as browsing data; sharing with public institutions and organizations authorized to request such information by law within the scope of legal obligations (including but not limited to combating crime, threats to state and public security, and other situations where the Company has a legal or administrative obligation to notify or provide information); sharing of log records with official institutions |
3. | Supplier | Sharing of personal data with relevant public institutions for the purpose of fulfilling mandatory legal notifications required by the accounting department; sharing of invoice information with the Ministry of Finance during tax audits; sharing of financial data with banks for the purpose of fulfilling payment obligations arising from commercial relationships |
What the Rights of Data Subjects Are Over Their Personal Data and How They Can Exercise These Rights
The rights you hold pursuant to Article 11, titled “Rights of the data subject,” of the Law are set forth below:
- Learning whether personal data is being processed,
- Requesting information if personal data has been processed,
- Learning the purpose of processing personal data and whether they are used in accordance with their purpose,
- Knowing the third parties to whom personal data is transferred domestically or abroad,
- Requesting correction of personal data if it has been processed incompletely or inaccurately,
- Requesting deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the LPPD,
- Requesting notification of the operations carried out pursuant to the above-mentioned rights of correction, deletion, and destruction to the third parties to whom personal data has been transferred,
- Objecting to a result that arises against the person himself/herself through the analysis of processed personal data exclusively by automated systems,
- Requesting compensation for damages in case of loss due to unlawful processing of personal data.
The Company may make changes to this Information Notice at any time. Such changes shall become effective immediately upon the publication of the amended new Information Notice.
Method of Application to the Data Controller
You may submit your application,
In Writing;
- To the address: Kayapa OSB, Yeşil, 530) Cd No: 9/1, 16315 Nilüfer/BURSA;
- By using your registered electronic mail address;
If available, by sending from your electronic mail address registered in our system or confirmed to belong to you, to the e-mail address ik@oskimautomotive.com.
For more detailed information on the procedures and principles to be followed when making an application, you may refer to the “Communiqué on the Procedures and Principles of Application to the Data Controller” issued by the Personal Data Protection Authority.
