CLARIFICATION TEXT REGARDING THE COLLECTION, PROCESSING, AND DELETION OF PERSONAL DATA
The purpose of this clarification text is to outline the legal terms and conditions related to the processing and transfer of personal data received by ENSTA Enerji, Mühendislik, Proje, Danışmanlık Sanayi ve Ticaret A.Ş. (ENSTA) when applicants submit internship and employment applications, or for other reasons, and use the content hosted by the website https://enstaenergy.com, owned by ENSTA under the Personal Data Protection Law №6698, published in the Official Gazette on 07.04.2016.
ENSTA stores personal data, whether automatically or non-automatically, for a certain period of time in an electronic environment via a web page. As a personal data controller, ENSTA processes personal data in accordance with the Personal Data Protection Law, in line with the following explanations:
One can access detailed information about the data processing purposes applicable to each category of personal data processed by or on behalf of ENSTA as a data controller via the Data Controllers Registry (VERBIS) maintained by the Personal Data Protection Authority (https://verbis.kvkk.gov.tr/).
1. DATA THAT CAN BE PROCESSED
The following personal data of users may be processed depending on access to the website and actions performed on the website:
- Information resulting from browsing the website
- Name, surname, ID number, address, profession, education, marital status, date and place of birth, personal background, email, phone number, gender, license plate, location data when entering the website, IP address
- Contact details provided to get information about ENSTA’s activities
- Identity information, education data required for internship and employment application forms, and other information requested in the forms
In addition to the above, other personal data required for the operation of the website may be processed in accordance with the Law.
2. PROCESSING OF PERSONAL DATA
Personal data are collected fully or semi-automatically, or not automatically, in an electronic environment through the website to be stored for the required period.
Personal data are processed based on the explicit consent of the user. However, personal data may be processed without explicit consent on any legal grounds, provided that data processing is mandatory for the legitimate interests of ENSTA and subject to the provisions of paragraph 2 of Article 5 of the Law, including: (i) clear stipulation in the law, (ii) disclosure of personal data by the personal data owner, (iii) being obligatory for the protection of life or bodily integrity of themselves or someone else who is unable to express their consent due to actual impossibility, (iv) directly related to the establishment or performance of a contract, and it is needed to process the personal data of the parties to the contract, (v) being mandatory for ENSTA to fulfill its legal obligation, (vi) being mandatory to establish, use or protect any right, (vii) provided that it does not harm the fundamental rights and freedoms of personal data owners.
3. PURPOSE OF PERSONAL DATA PROCESSING
Under Articles 4, 5, and 6 of the Personal Data Protection Law, all personal data will be processed verbally, in writing, or electronically for the following purposes:
- To carry out Human Resources processes and activities within the determined legal framework
- To plan, audit, and execute information security processes
- To create and manage the information technology infrastructure
- To follow up on finance and/or accounting affairs
- To follow up on contract management, legal transactions establishment, and legal processes
- To ensure facility and personnel safety
- To perform efficiency and/or appropriateness analysis of commercial activities, to plan and/or execute these activities
- To determine and implement commercial and business strategies
- To fulfill ENSTA’s contractual and legal obligations fully and duly
- To evaluate and respond to suggestions, inquiries, complaints, and bug reports received via the website and to make improvements following the reports
4. TRANSFERRING OF PERSONAL DATA
Subject to appropriate measures within the principles of security and confidentiality specified in the Personal Data Protection Law, ENSTA may transfer your personal data to our direct/indirect/domestic/foreign affiliates, legal entities and individuals with whom we have entered into agreements related to our activities, suppliers, subcontractors, business partners, shareholders, legal, financial, and tax advisors, auditors, audit companies, state institutions or organizations authorized to request such data as required by law, and other relevant persons or institutions within the conditions and purposes of personal data processing specified in Articles 8 and 9 of the Personal Data Protection Law, solely based on the explicit consent of the person or on the legal grounds stipulated by law.
5. DATA SECURITY
ENSTA takes all necessary technical and administrative measures to prevent the illegal processing of personal data, prevent illegal access to personal data, and ensure the maintenance of personal data and the appropriate level of security. In the event of redirection to other sites or applications through the website, ENSTA has no information on the compliance of the redirected sites and applications with the legislation on the protection of personal data and is not responsible for their privacy policies and their contents.
By using the website, the User certifies that they have read all the written conditions, are informed about the processing of their personal data, and accept and agree to the processing of their personal data for certain purposes and to a certain extent.