JENGAL SOFTWARE INC. DISCLOSURE TEXT UNDER LAW NO. 6698 ON THE PROTECTION OF PERSONAL DATA
As Jengal Software Inc. (“Company”), with the importance we attach to fundamental human rights and the value we place on personal data, we present this Disclosure Text to your attention as the data controller to fulfill the obligation stipulated by the Law on the Protection of Personal Data No. 6698 (KVKK) and to inform you.
As the data controller, our Company informs employees, employee candidates, suppliers, visitors, and third parties whose personal data will be processed as follows and enlightens them within the scope specified in Article 10 of KVKK.
1- DEFINITIONS
Explicit Consent : Refers to the consent that is based on information and expressed with free will concerning a specific issue.
Cookie : Small files stored on users' computers or mobile devices that help store preferences and other information on the web pages they visit.
Personal Data : Any information relating to an identified or identifiable natural person. For example; name-surname, TCKN, email, address, date of birth, credit card number.
Processing of Personal Data: Any operation performed on personal data such as collecting, recording, storing, retaining, modifying, rearranging, disclosing, transferring, taking over, making available, classifying, or preventing the use of such data, whether wholly or partially by automatic means or otherwise than by automatic means, provided that they form part of a data recording system.
Board : Personal Data Protection Board
Law : Law No. 6698 on the Protection of Personal Data
Data Subject : The natural person whose personal data is processed. For example; customers, employees, employee candidates, officials of business partners.
Special Categories of Personal Data: Data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, attire, membership of associations, foundations, or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are special categories of personal data.
Company : Refers to Jengal Software Inc..
Data Controller: The natural or legal person who determines the purposes and means of processing personal data, and who is responsible for the establishment and management of the data recording system.
2- INFORMATION ABOUT THE DATA CONTROLLER AND CONTACT PERSON
Data Controller
4841945744 Tax ID number, Company address at Örnek Mh. Semerkant Cd. Zemzeme Sk. No: 24/A Ataşehir, Istanbul, and titled Jengal Software Inc. is the data controller.
Email : [email protected]
Phone : 0 216 341 05 70
Website :www.jengal.com
KEP Address : [email protected]
Contact Person
Name and Surname : Ayşegül Köşe
Email : [email protected]
Phone : 0 216 341 05 70
3- YOUR PERSONAL DATA THAT WE PROCESS
Identity Data
Name, surname, date of birth, country of birth, city of birth, gender, marital status, nationality, Turkish ID card details (Turkish ID number, serial number, wallet number, father’s name, mother’s name, place of birth, province, district, neighborhood, volume number, family order number, order number, household number, page number, record number, place of issue, reason for issue, date of issue, previous surname), full population register copy, population card copy, tax number, professional identity information.
Contact Data
Phone number, full address details, email address, internal communication details within the company (internal phone number, corporate email address).
Financial Data
Bank account number, IBAN number, bank name and branch details, financial status report and salary details, payrolls, premium entitlements, premium amounts, and monthly premium service declaration, file and debt details regarding enforcement files, bank passbook, minimum living allowance information, private health insurance amount, temporary benefits paid by SGK and İŞKUR.
Special Categories of Personal Data
Blood type, chronic disease information, vaccination history, medical history, past diseases and surgeries, disability information, alcohol, substance, smoking use, X-ray images, medications used, health complaints, all preventive healthcare, diagnosis, and treatment procedures related to health, blood and urine tests, physiological analysis results, SFT, height, weight, physical examination result, private health insurance policy details, job entry and periodic examination forms, pregnancy information, criminal conviction and/or security measure information, criminal record.
Educational Data
Educational background, certificate and diploma information, foreign language skills, education and skills, experience information, CV, courses taken, transcript information, national or international exam results.
Physical Space Security Data
Personal data related to records and documents obtained during physical entry to the premises and within the premises; records obtained by swiping the employee entrance card at the workplace, camera recordings, vehicle information records, and records obtained at the security checkpoint.
Visual and Audio Data
Stills or moving images and/or sounds of participants and the venue for the purpose of promoting, announcing, and ensuring the widespread dissemination of the events organized by our Company such as conferences, seminars, exhibitions, debates, fair events, and the visual/audio information provided by the cameras installed for security purposes at the Company’s headquarters, branches, and representative offices.
Visual and audio data including promotional, meeting, training, information, and interviews conducted via digital platforms.
Passport-sized photograph if included in the resume.
Transaction Security Data
IP address information, website entry-exit information, log records, password, and password information for access to electronic systems and devices.
Family and Relatives Data
Marriage certificate; name/surname/ID number/gender/date of birth/position/phone number of the spouse and children, name/surname/phone number of relatives, reference information.
Work Data
Information about your job status, personnel file, job application form, application form filled out for job or internship application, documents provided during the recruitment process, work history, position, department and unit, title, internship place, internship duration, last entry date to the job, entry-exit dates, insurance entry/retirement, assignment number, social security number, tax office number, flexible working hours, travel status, retirement fund, entry date to the retirement fund, assignment number, entry date to Bağkur, Bağkur assignment number, accounting code, working days, projects worked on, monthly total overtime information, severance pay base date, severance pay additional day, days spent on strike.
Leave Data:
Leave base date, additional leave days, leave group, exit/return date, day, reason for leave, address/phone during leave, and signatures.
Cookie Data
Small files stored on users' computers or mobile devices that help store preferences and other information on the web pages they visit.
Other Processed Data
Military deferment, military service status certificate, license copy, traffic fine inquiry result, shoe size, clothing size, height, weight, martyrdom status, service taken, stop used data.
4- PURPOSES AND LEGAL REASONS FOR PROCESSING YOUR PERSONAL DATA
We process your personal data categorized above and specified under the headings, for the limited purposes explained in the table below and based on the legal reasons stated.
PROCESSED PERSONAL DATA | PURPOSE OF PROCESSING | LEGAL BASIS FOR PROCESSING |
Identity Data | Establishment of the employment contract, Creation of the personnel file, Execution of entry-exit and SGK (Social Security Institution) procedures, Recording of documents collected during the job application and interview process of employees, Execution of SGK notifications, İŞKUR (Turkish Employment Agency) notifications, work accident and occupational disease notifications, Execution of incentive procedures provided by public institutions, Legal notifications to public institutions and judicial units, Provision of business card printing, Fulfillment of court orders and follow-up and execution of legal affairs, Execution of goods/services procurement, sales, and production processes Compliance with information storage, reporting, and notification obligations required by legislation and relevant regulatory institutions, Execution of storage and archiving activities, Recording and evaluating requests and complaints made to the company, Execution of customer relationship management processes, Management and execution of supplier communication activities and supply chain process, establishment of commercial contracts with suppliers and business partners, Contact for advertising purposes related to campaigns conducted by the company | |
Contact Data | Creation of the personnel file, Execution of entry-exit and SGK procedures, Recording of documents collected during the job application and interview process of employees, Execution of SGK notifications, İŞKUR notifications, work accident and occupational disease notifications, Execution of incentive procedures provided by public institutions, Legal notifications to public institutions and judicial units, Provision of business card printing, Fulfillment of court orders, Follow-up and execution of legal affairs, Compliance with information storage, reporting, and notification obligations required by legislation and relevant regulatory institutions, Execution of storage and archiving activities, Recording and evaluating requests and complaints made to the company, Contact for advertising purposes related to campaigns conducted by the company, Execution of customer relationship management processes, Management and execution of supplier communication activities and supply chain process, Establishment of commercial contracts with suppliers and business partners | The explicit stipulation of personal data processing in the laws (m.5/2-a), |
Permission Data | Execution of employee leave approval procedures and management of remaining leaves | The explicit stipulation of personal data processing in the laws (m.5/2-a), |
Data Related to Family and Close Relatives | Recording of documents collected during the job application and interview process, information about the person to be contacted when the individual cannot be reached, and reference information | The necessity of processing data for the establishment or execution of a contract with you, provided that it is directly related to the performance of the contract (m.5/2-c), The necessity of processing data for the data controller to fulfill its legal obligations (m.5/2-ç) |
Work-Related Data | Execution of recruitment processes, Ensuring the selection of the most suitable candidate for the position, Determining whether the applicant meets the requirements for the applied job position, Verification of the information provided in the job application form, Recording of documents collected during the job application process, Execution of incentive procedures provided by public institutions, Establishment of the employment contract, Creation of the personnel file, Execution of entry-exit and SGK procedures, Fulfillment of obligations under the Labor Law No. 4857, Occupational Health and Safety Law No. 6331, Social Insurances and General Health Insurance Law No. 5510, Personal Data Protection Law No. 6698 and related legislation, | The explicit stipulation of personal data processing in the laws (m.5/2-a), |
| Evaluation of whether the employee has the health qualifications required for the job, Fulfillment of obligations required by the legislation regarding employees, Protection of public health, Conduct of preventive medicine, medical diagnosis, treatment, pharmacy, and care services, Planning and management of health services and their financing | Explicit consent (m.6/3/a) The necessity of fulfilling legal obligations in the fields of employment, occupational health and safety, social security, social services, and social assistance (m.6/3/f) The explicit stipulation of personal data processing in the laws (m.6/3/b), The necessity of processing data for the establishment, use, or protection of a right (m.6/3/d) |
Physical Space Security Information Data | Ensuring the security of the company building, personnel, customers, and visitors, ensuring security within the company, Ensuring the security of the production building, Fulfillment of court and prosecution requests | The necessity of processing data for the data controller's legitimate interests, provided that it does not harm your fundamental rights and freedoms (m.5/2-f) |
Transaction Security Data | Ensuring the security of electronic accounts and servers belonging to the company, Monitoring of work-related activities if a laptop is assigned to the employee, Assigning usernames and passwords to authorized personnel for access to programs and email applications used on company computers | |
| Verification that the employee who is allocated or uses a vehicle is qualified to drive and has not lost their license for any reason, Provision of necessary clothing to employees, Organization of service and travel arrangements | |
Location Data | Limited tracking of the company's vehicle location if necessary for the safety and execution of the work | The necessity of processing data for the data controller's legitimate interests, provided that it does not harm your fundamental rights and freedoms (m.5/2-f) |
Visual and Audio Data | For promoting, announcing, and disseminating events organized by the company such as conferences, seminars, shows, exhibitions, debates, and fairs | Explicit Consent (m.5/1) |
Website Cookie Data | Ensuring the efficient use of the company's website by visitors | |
Training Data | Planning of training, reporting of training, preparation of training certificates, tracking of employees participating in completed training, tracking of employee development processes as a result of training received, Execution of recruitment processes, Ensuring the selection of the most suitable candidate for the position, Verification of the information provided in the job application form, Recording of documents collected during the job application process, Execution of incentive procedures provided by public institutions, Establishment of the employment contract, Creation of the personnel file, | The necessity of processing data for the data controller's legitimate interests, provided that it does not harm your fundamental rights and freedoms (m.5/2-f) |
Financial/Fiscal Data | Execution of financial and accounting activities, Execution of payroll and withholding tax return processes, Payment of wage garnishments to enforcement files | The explicit stipulation of personal data processing in the laws (m.5/2-a), The necessity of processing data for the data controller to fulfill its legal obligations (m.5/2-ç), The necessity of processing data for the data controller's legitimate interests, provided that it does not harm your fundamental rights and freedoms (m.5/2-f) |
Explicit stipulation in the laws,
Direct relevance to the establishment or performance of a contract,
Necessity of processing personal data of the parties to the contract,
Necessity of processing data for the data controller to fulfill its legal obligations,
Publicizing of data by the concerned person,
Necessity of processing data for the establishment, use, or protection of a right,
Necessity of processing data for the data controller's legitimate interests.
If the purposes of personal data processing by a data controller can be evaluated within the scope of these personal data processing conditions listed in Article 5 of KVKK, the data controller can process personal data legally without obtaining explicit consent. Accordingly, in cases where the purposes of personal data processing pursued by our Company can be evaluated within the scope of the personal data processing conditions regulated in KVKK, our Company conducts personal data processing activities based on legal grounds without seeking explicit consent.
Special Categories of Personal Data
The conditions for processing special categories of personal data under Article 6 of KVKK are as follows;If the concerned person gives explicit consent, special categories of personal data can be processed based on explicit consent.
If the concerned person does not give explicit consent;
-Explicit stipulation in the laws,
-Necessity of processing data for the protection of life or physical integrity of the person who is unable to express their consent due to actual impossibility or whose consent is not legally valid,
-Relevance to personal data that the concerned person has publicized in a manner suitable for the purpose of publicization,
-Necessity of processing data for the establishment, use, or protection of a right,
-Necessity of processing data for the protection of public health, preventive medicine, medical diagnosis, treatment, and care services, conducted by persons or authorized institutions and organizations under the obligation of confidentiality,
-Necessity of processing data for fulfilling legal obligations in the fields of employment, occupational health and safety, social security, social services, and social assistance,
-Necessity of processing data for the political, philosophical, religious, or trade union purposes of foundations, associations, and other non-profit organizations or formations, provided that they comply with the legislation they are subject to, are limited to their activities, and are not disclosed to third parties; aimed at their current or former members and affiliates, or individuals who have regular contact with these organizations and formations.
5- METHODS OF COLLECTING YOUR PERSONAL DATA
Your personal data is collected verbally, in writing, or electronically by persons authorized by the Human Resources Department and the Company's Board of Directors through email, phone, website, various contracts, forms, and records kept in physical or electronic media, with partial or complete automation, and as part of a data recording system, manually. Your personal data is also collected through cookies used on www.jengal.com and its extensions. These cookies are used solely to ensure that visitors can use the site effectively, remember their preferences, and do not collect any other personal data. You can access our cookie policy at www.jengal.com.6- TRANSFER OF YOUR PERSONAL DATA
Your personal data may be shared with public institutions and organizations and other authorized entities to the extent allowed and required by law, to ensure your safety and to fulfill our Company's legal obligations. For example, employees' personal data may be shared with the Social Security Institution for the payment of employee and employer premiums.Additionally, your personal data may be shared with;
Accounting and human resources software programs used by the Company to carry out payroll processes and update payroll data. This data is stored in the software's own data recording environment. Some data may be transferred to the Kolay İK human resources program and the Paraşüt accounting program.
Consultancy firms and private employment agencies to fulfill legal requirements under the Labor Law, Occupational Health and Safety Law, Social Security Law, and other relevant legislation and to determine and calculate the incentives we may benefit from.
Company auditors and accredited external auditors to carry out audit activities.
Building management for monitoring entries and exits to ensure security within the company premises.
Legal advisors (lawyers) to fulfill legal obligations, use our right to defense, and comply with court orders or evidence discovery requests.
Financial advisors and accounting services to fulfill financial obligations and share identity information, financial/fiscal data.
Subsidiaries, affiliates, and business partners for the management and execution of the company's policies, ensuring the company's internal processes. Data may be shared with archive firms to store data for the duration of the storage period for the purpose of protecting the company's data storage capacity. Data may also be shared with firms related to vehicle provision, business card printing, and parking registration for necessary reasons.
Banks for the execution of payment transactions, and identity and contact information may be shared with event organization companies if the company organizes fairs, congresses, etc.
We do not share/transfer any data unrelated to the purposes of our company.
7- TRANSFER OF YOUR PERSONAL DATA ABROAD
According to Article 9 of Law No. 6698 (KVKK), personal data can only be transferred abroad by data controllers and data processors under the following conditions:Personal data may be transferred abroad if one of the conditions specified in Articles 5 and 6 of Law No. 6698 is met and there is an adequacy decision regarding the country, sectors within the country, or international organizations to which the transfer will be made.
The adequacy decision is made by the Board and published in the Official Gazette. The Board may take the opinions of relevant institutions and organizations if necessary. The adequacy decision is evaluated at least every four years. The Board may change, suspend, or revoke the adequacy decision with prospective effect based on the evaluation result or other necessary circumstances.
If there is no adequacy decision, personal data may be transferred abroad by data controllers and data processors under one of the conditions specified in Articles 5 and 6 of the Law, provided that the concerned person has the right to exercise their rights and access effective legal remedies in the country to which the transfer will be made:
The existence of an agreement that is not an international agreement between public institutions and organizations or international organizations in the foreign country and public institutions and organizations or professional organizations with public institution status in Turkey, and permission for transfer by the Board.
The existence of binding corporate rules that include provisions on personal data protection that companies within the group of enterprises engaged in joint economic activity are obliged to comply with and are approved by the Board.
The existence of a standard contract announced by the Board, which includes matters such as data categories, purposes of data transfer, recipients and recipient groups, technical and administrative measures to be taken by the data recipient, and additional measures for special categories of personal data.
The existence of a written commitment that ensures adequate protection and permission for transfer by the Board.
The standard contract must be notified to the Authority within five business days of its signing by the data controller or data processor.
If there is no adequacy decision and any of the appropriate safeguards specified in paragraph 4 of Article 9 of the law are not provided, data controllers and data processors may only transfer personal data abroad if one of the following conditions is met:
The explicit consent of the concerned person after being informed about the possible risks.
The necessity of the transfer for the performance of a contract between the concerned person and the data controller or for the implementation of pre-contractual measures taken at the request of the concerned person.
The necessity of the transfer for the establishment or performance of a contract made in the interest of the concerned person between the data controller and another natural or legal person.
The necessity of the transfer for overriding public interest.
The necessity of the transfer for the establishment, use, or protection of a right.
The necessity of the transfer for the protection of the life or physical integrity of the person who is unable to express their consent due to actual impossibility or whose consent is not legally valid, or another person's life or physical integrity.
The transfer from a registry open to the public or a registry that can be accessed by persons with legitimate interests, provided that the conditions required to access the registry in the relevant legislation are met.
Personal data may be transferred abroad with the permission of the Board, taking into account the views of the relevant public institution or organization if the interests of Turkey or the concerned person would be seriously harmed.
8- YOUR RIGHTS UNDER ARTICLE 11 OF KVKK
You may apply to our Company through the communication channels specified below at any time and;Learn whether your personal data is processed, the purpose of processing, and whether it is used in accordance with its purpose, and if processed, request information about this,
Learn the third parties to whom your data is transferred within the country and abroad,
If you believe your data is processed incompletely or incorrectly, request correction,
Request deletion or destruction of your data within the framework of the conditions stipulated in Article 7 of the law,
Request notification of the actions taken regarding your correction, deletion, or destruction requests to third parties to whom your data has been transferred under paragraphs (d) and (e) of Article 11 of the law,
Object to the emergence of a result against you due to the analysis of your data exclusively through automated systems or,
If you suffer damage due to unlawful recording or use of your data, request compensation for the damage. If your request requires additional costs, you will be required to pay the fee determined by the Personal Data Protection Board under Article 7 of the Regulation on the Application Procedures and Principles to the Data Controller. No fee will be charged for the first 10 (ten) pages of the written response to your application, and 1 TL transaction fee will be charged for each page exceeding 10 (ten) pages. If the response to your application is provided on a CD, flash memory, or other recording medium, the cost of the recording medium will be reflected to you. Your requests in your application will be finalized as soon as possible and within 30 (thirty) days at the latest, depending on the nature of the request. To exercise your rights under the law, you can submit your applications in writing in Turkish to our Company, and for detailed information, you can visit the Personal Data Protection Authority's website.
9- HOW CAN YOU EXERCISE YOUR RIGHTS?
You can submit your applications;
By filling out the application form available at www.jengal.com, signing a wet-ink copy, and delivering it in person, via mail, or through a notary to Örnek Mh. Semerkant Cd. Zemzeme Sk. No: 24/A Ataşehir, Istanbul address,By filling out the form available at www.jengal.com and signing it with your secure electronic signature or mobile signature under Law No. 5070 on Electronic Signatures, and sending the secure electronic signed form to our Company's KEP address [email protected] using the email address previously notified to and registered with our Company,
You can use one of these methods.
In your application, you must provide explanations regarding the right you wish to exercise and include your name-surname, signature, Turkish ID number, residential or workplace address, email address, telephone, and fax number (if any), and the subject of your request. If you are acting on behalf of someone else, you must submit a notarized power of attorney. Applications that do not meet these requirements will not be considered by our Company.
10- DURATION OF PROCESSING YOUR PERSONAL DATA
In accordance with KVKK, your personal data processed for the purposes specified in this Personal Data Processing Information Notice will be deleted, destroyed, or anonymized when the purpose for processing your personal data no longer exists and/or when the statutory retention periods expire under KVKK Article 7/f.1.
For detailed information about the destruction process of your personal data, you can refer to the "Data Retention and Destruction Policy" available at www.jengal.com.
Our Company reserves the right to make changes to this information notice at any time due to reasons arising from the law, secondary regulations, and Board decisions. The updated version of the information notice will become effective immediately upon publication on the company website or notification to you. 01.06.2024