This document outlines the principles governing the processing of your personal data by SEV AMERİKAN OKULLARI EĞİTİM ANONİM ŞİRKETİ (hereinafter referred to as “Employer ” and “ Data Controller”), the headquarters of which is located at the address “Burhaniye Mah. Resmi Efendi Sokak A Apt. No:4/1/1 Üsküdar, İstanbul”, the data controller, pursuant to Law 6698 on Personal Data Processing and Protection (“Law”).
The detailed information about the processing of your personal data by the Corporation are also included in the Policy for Personal Data Processing and Protection for Employees.
1. Purpose of Personal Data Processing
Your personal data is collected and stored for business purposes in your personnel file and used within the obligations required from the Employer for the duration of the business relationship.
For this purpose, your personal data such as your identity, contact information, medical data, academic information, financial information, personnel information, passport information required for visa procedures in case of business trips abroad, and e-mail correspondence from your business e-mail are included in this processing.
The data processing operations required by the Employer are performed for the following purposes:
2. The Parties with Which Processed Personal Data Will Be Shared and the Purpose of Sharing
Pursuant to the Law, your personal data may be shared with our business partners, suppliers, tax consultants, shareholders, companies in the group, subcontractors, relevant official departments, suppliers from which we receive support or service including cloud computing service providers which may have servers in various countries, third parties in the country or abroad with which the Corporation has a contractual relationship, and with legally authorized public institutions (e.g., the Social Security Institution). Your personal data may be transferred locally and, with your explicit consent, to foreign countries declared to have sufficient protection by the Personal Data Protection Board; in the lack thereof, this will be limited to foreign countries where data controllers in Turkey and the foreign country in question undertake a sufficient level of protection in writing, and those that are granted permission by the Personal Data Protection Board adhere to the provisions under Article 9 of the Law, ensuring alignment between the purposes of processing personal data and of transferring personal data.
3. Method and Legal Grounds for Personal Data Collection
We may collect your personal data on physical, verbal, and/or electronic platforms (via e-mail, phone or other methods such as electronic surveys), via technical devices such as security cameras or by fully or partially automatic and non-automatic methods based on your statements.
Your collected personal data may be processed for the following legal reasons:
Any personal data of a private nature are processed for the legal grounds above with your explicit consent, pursuant to the provision 6/2 of the Law.
4. Application to the Data Controller and Your Rights
Within the scope of Article 11 of the Law, you have the following rights for which you can apply to the Corporation regarding your personal data; a) to learn whether they have processed any or not, b) to request any information that has been processed, c) to learn about the purpose of processing said data and whether it has been used in accordance with the stated purpose, d) to learn the parties with which they were shared in Turkey, e) to request any corrections if any data has been processed incompletely or inaccurately, f) to request the deletion / destruction of personal data pursuant to Article 7 of the Law, g) to request that the details of transactions performed be shared with third parties with which the data are shared as per sub-clauses (e) and (f) above, h) to object to any result against your person due to analysis by exclusively automated systems, and, i) in the event that you experience grievances due to your data being processed contrary to the Law, the right to demand compensation for the damage/grievance.
To use any of the rights listed above, you may submit your applications via a completed Application Form to be sent by mail to the address of the Corporation given above or by e-mail email@example.com as per the Official Notification on Procedures and Principles of Application to the Data Controller.
The Corporation will finalize your requests free of charge and as soon as possible, within thirty days maximum, depending on the nature of the request. In the case that the transaction requires an additional cost, a fee may be charged to you. The Corporation may accept and process requests or deny requests in writing, including the reason for denial.
In cases where an application which followed the above-mentioned procedure is denied and the response is found to be insufficient or the application is not responded to by the deadline, you have the right to file a complaint with the Personal Data Protection Board ("Board") within thirty days of the notification of the response or within sixty days from the application date. However, a complaint cannot be filed before exhausting the application method.
When the Board, upon complaint or ex officio, is informed of an alleged violation, it carries out the necessary investigation in matters which fall within its field of service. Upon the complaint, the Board investigates the request and provides a response to those concerned. If no response is provided within sixty days from the date of the complaint, the request is deemed to be rejected. In cases where the investigation, launched upon complaint or ex officio, brings to light a violation, the Board decides on the compensation for the violations by the Data Controller and notifies the relevant parties of this decision. This decision is executed without delay, within thirty days maximum. The Board may decide to stop the processing of data or its transfer abroad in the event of damages that are difficult or impossible to compensate and in case of express unlawful action.