Information Text for Employee Candidates
DENGE İZMİR INDEPENDENT AUDIT FEEDING FINANCIAL CONSULTANCY JOINT STOCK COMPANY
INFORMATION TEXT ON THE PROTECTION AND PROCESSING OF CANDIDATE EMPLOYEE PERSONAL DATA
(“Information Text for Employee Candidates”)
- GENERAL DESCRIPTION
Within the scope of the law, personal data includes all kinds of data regarding an identified or identifiable natural person. Special Personal Data, which is a special type of personal data; It refers to race, ethnicity, political thought, philosophical belief, religion, sect, other beliefs, appearance and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, biometric and genetic data. Processing of personal data means obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system, It refers to any operation performed on data, such as classifying or preventing its use.
- DATA CONTROLLER
Your personal data is transferred to DENGE İZMİR BAĞIMSIZ DENETİM YMM A.Ş. as the data controller.It is processed by (DENGE) in accordance with the Personal Data Protection Law No. 6698 (“Law”) within the scope explained below.
- COLLECTION OF PERSONAL DATA, LEGAL REASONS AND PURPOSES OF PROCESSING
Your personal data, in accordance with the Law, within the scope of job application and recruitment activities by DENGE and activities that may vary in relation to these activities; It is given by the employee candidate himself, through automatic or non-automatic means, verbally, in writing or electronically, Kariyer.net etc. It is obtained from employment platforms. It is created or acquired by the company.
Your collected personal data will be processed in accordance with the basic principles stipulated in the Law and within the personal data processing conditions (legal reasons) specified in Articles 5 and 6 of the Law and shown below;It may be processed by DENGE for the following purposes.
You can review the details of what your personal data is, how it is collected, what personal data may be subject to processing by us, and the purposes for which this data is processed, in the tables below.
Identity
Identity data | ||
Data Pertaining to Identity Data | Method of Obtaining Data | Purpose of Processing Personal Data |
Name surname Parents’ Name Date of birth Place of birth TR ID number etc. gender marital status Date of birth Place of birth Title Signature | Information Technologies Data Recording System Form – Document | Conducting Employee Candidate / Intern / Student Selection and Placement Processes Carrying out the application processes of employee candidates Planning Human Resources Processes Execution/Audit of Business Activities Conducting Management Activities Conducting Activities in Compliance with Legislation |
Legal reasons | ||
Explicit Consent Legitimate Interests of the Data Controller |
Personnel
Personnel data | ||
Personal Data | Method of Obtaining Data | Purpose of Processing Personal Data |
CV Information Foreign Language Knowledge Military Service Status Notification Employment and Dismissal Dates Fee Information Mission Reference Information | Information Technologies Data Recording System Form – Document | Conducting Employee Candidate / Intern / Student Selection and Placement Processes Carrying out the application processes of employee candidates Planning Human Resources Processes |
Legal reasons | ||
Obtaining Explicit Consent Legitimate Interests of the Data Controller |
Legal action
Legal action data | ||
Legal action data | Method of Obtaining Data | Purpose of Processing Personal Data |
Information in the case file, etc. | Information Technologies Data Recording System Form – Document | Conducting Employee Candidate / Intern / Student Selection and Placement Processes Carrying out the application processes of employee candidates Follow-up and Execution of Legal Affairs |
Legal reasons | ||
Obtaining Explicit Consent Legitimate Interests of the Data Controller |
Criminal Conviction and Security Measures
Criminal Conviction and Security Measures data | ||
Criminal Conviction and Security Measures data | Method of Obtaining Data | Purpose of Processing Personal Data |
Information on criminal convictions Information on security measures, etc. | Information Technologies Data Recording System Form – Document | Conducting Employee Candidate / Intern / Student Selection and Placement Processes Carrying out the application processes of employee candidates Ensuring work and workplace safety execution and supervision of business activities Follow-up and Execution of Legal Affairs |
Legal reasons | ||
Obtaining Explicit Consent |
Visual Records
Audiovisual Records Data | ||
Data on Audiovisual Records Data | Method of Obtaining Data | Purpose of Processing Personal Data |
Visual Records | Information Technologies Data Recording System Form – Document | Conducting Employee Candidate / Intern / Student Selection and Placement Processes Carrying out the application processes of employee candidates Planning Human Resources Processes |
Legal reasons | ||
Legitimate Interests of the Data Controller |
Contact
Contact Data | ||
Data Pertaining to Communication Data | Method of Obtaining Data | Purpose of Processing Personal Data |
E-mail address Contact address Phone number etc. | Information Technologies Data Recording System Form – Document | Conducting Employee Candidate / Intern / Student Selection and Placement Processes Carrying out the application processes of employee candidates Planning Human Resources Processes Conducting Emergency Management Processes Conducting Management Activities |
Legal reasons | ||
Obtaining Explicit Consent Legitimate Interests of the Data Controller |
Professional experience
Professional experience data | ||
Data on Professional Experience Data | Method of Obtaining Data | Purpose of Processing Personal Data |
Diploma information Courses attended In-service training information Graduated School and Department Information Graduation Information Certificates Transcript information etc. | Information Technologies Data Recording System Form – Document | Conducting Employee Candidate / Intern / Student Selection and Placement Processes Carrying out the application processes of employee candidates Planning Human Resources Processes |
Legal reasons | ||
Obtaining Explicit Consent Legitimate Interests of the Data Controller |
Health Information
Health Information data | ||
Health Information Data | Method of Obtaining Data | Purpose of Processing Personal Data |
Information regarding disability status Personal health information | Information Technologies Data Recording System Form – Document | Conducting Employee Candidate / Intern / Student Selection and Placement Processes Carrying out the application processes of employee candidates Planning Human Resources Processes auditing suitability for work Carrying out Occupational Health / Safety Activities |
Legal reasons | ||
Obtaining Explicit Consent |
Physical Space Security
Physical Space Security data | ||
Data on Physical Space Security | Method of Obtaining Data | Purpose of Processing Personal Data |
Camera recordings etc. | Information Technologies Data Recording System | Conducting Emergency Management Processes Ensuring Physical Space Security Conducting Risk Management Processes Creating and Tracking Visitor Records |
Legal reasons | ||
Legitimate Interests of the Data Controller |
- PARTIES TO WHICH YOUR PERSONAL DATA IS TRANSFERRED AND PURPOSES OF TRANSFER
Your personal data may be transferred by the Data Controller to the domestic and international recipient groups listed below for the purposes specified above, in accordance with the basic principles stipulated in the Law and within the personal data transfer conditions specified in Articles 8 and 9 of the Law.
Parties to whom Personal Data is Transferred and Purposes of Transfer | Transferred Parties | Purpose of Transfer of Personal Data | ||
DATA CATEGORIES | DOMESTIC | ABROAD | DOMESTIC | ABROAD |
Identity personnel Legal action Criminal Conviction and Security Measures Audiovisual Records Communication Professional experience Health Information Physical Space Security | Authorized Public Institutions and Organizations | Legal Liability | ||
Legal reasons | ||||
DOMESTIC | ABROAD | |||
Legal regulation |
5. TECHNICAL AND ADMINISTRATIVE MEASURES TAKEN
The Data Controller takes the necessary technical and administrative measures in accordance with the characteristics of all environments in which personal data are stored, the relevant data and the environment in which the data is kept.
Technical Measures |
Network security and application security are ensured |
A closed system network is used for personal data transfers via the network. |
Security measures are taken within the scope of information technology systems supply, development and maintenance. |
Security of personal data stored in the cloud is ensured |
Access logs are kept regularly |
Corporate policies on access, information security, use, storage and destruction have been prepared and implemented. |
Up-to-date anti-virus systems are used |
Firewalls are used |
Personal data is backed up and the security of the backed up personal data is ensured. |
User account management and authorization control system is implemented and these are also monitored. |
Cyber security measures have been taken and their implementation is constantly monitored. |
Encryption is done |
Log records are kept without user intervention. |
Administrative Measures
|
There are disciplinary regulations for employees that include data security provisions |
Training and awareness activities are carried out for employees at regular intervals regarding data security. |
An authority matrix has been created for employees |
Confidentiality commitments are made |
The authorities of employees who change their duties or leave their jobs in this area are removed. |
Signed contracts contain data security provisions |
Personal data security policies and procedures have been determined |
Necessary security measures are taken regarding entry and exit to physical environments containing personal data. |
The security of physical environments containing personal data is ensured against external risks (fire, flood, etc.). |
The security of environments containing personal data is ensured |
Personal data is reduced as much as possible |
Protocols and procedures for the security of special personal data have been determined and implemented. |
Personal data security is monitored |
6. DATA DESTRUCTION PERIOD
The Data Controller deletes personal data in the first periodic destruction process following the date on which the obligation to delete, destroy or anonymize the personal data for which it is responsible in accordance with the Law, relevant legislation, the Personal Data Processing and Protection Policy and this Personal Data Storage and Destruction Policy arises, destroys or anonymizes. Personal data of prospective employees are destroyed within 1 year after the purpose of processing ends.
7. YOUR RIGHTS AS A PERSONAL DATA OWNER AS MENTIONED IN ARTICLE 11 OF THE LAW
In accordance with Article 11 of the Law, we hereby inform you that, as data owners, you have the following rights:
- Learning whether your personal data is being processed or not,
- Requesting information if your personal data has been processed,
- Learning the purpose of processing your personal data and whether they are used for their intended purpose,
- Knowing the third parties to whom your personal data is transferred at home or abroad,
- Requesting correction of your personal data if it has been processed incorrectly or incompletely, and requesting that the action taken in this context be notified to third parties to whom your personal data has been transferred,
- Requesting the deletion or destruction of personal data in case the reasons requiring processing no longer exist, even though it has been processed in accordance with the Law and other relevant legal provisions, and requesting that the action taken in this context be notified to third parties to whom your personal data has been transferred,
- To object if a result arises against you by analyzing the processed data exclusively through automatic systems,
- Request compensation for the damage if you suffer damage due to unlawful processing of your personal data.
If you submit your requests regarding your rights to us through the methods specified below, your request will be concluded free of charge as soon as possible and within thirty days at the latest, depending on its nature.
To exercise your rights, you can send your application directly to the e-mail address [email protected] or [email protected] kep in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller, or you can send the relevant person/data subject application form, which you can receive upon request. After completing and signing the /request form, this application form or your original signed petition to exercise your rights;
- You can hand-deliver your identity documents to the secretariat at 1456 Sokak Punta İş Merkezi No:10/1 Floor:13 Alsancak/İZMİR (Data Controller address),
- You can send it to our address above via a notary or via registered mail.
Thank you for reading the clarification text.
Denge Izmir Independent Audit and Sworn Financial Consultancy Inc.