Personal Data Protection Policy
FNSS Savunma Sistemleri A.Ş. (“FNSS” / the “Company”); occasionally stores and lawfully processes your data considered as “personal data” within the scope of the Law on Protection of Personal Data No: 6698 (the “LPPD”) when you visit our website, or through any and all verbal, written and electronic means. As a result, we would like to inform you, in accordance with the LPPD and relevant regulations, regarding how and for what purposes personal data is processed by our Company -bearing the title “data controller”- and the technical and administrative measures taken in order to protect your personal data.
Principles Relating to Processing of Personal Data
Personal data is processed in light of the principles below:
- Lawful, fair and transparent.
- Accurate and processed where necessary, keep up to date.
- Processed for specified, explicit and legitimate purposes.
- Adequate, relevant and limited to what is necessary in relation to the processing purposes.
- Storing only as long as provisioned by relevant regulations or necessary for the processing purposes.
Obligation to Inform
Article 10 of the LPPD imposes an obligation on the data controllers to inform those whose personal data is processed whilst obtaining their consent in this regard and requires the data subjects to be informed. The Company- bearing the title ‘data controller’ in accordance with the relevant provision- must inform the data subjects regarding:
a) the identity of the data controller and if applicable, their representative,
b) the purposes for which the personal data is processed,
c) to whom and for what purposes the processed personal data may be transferred,
d) the methods and the legal grounds for the collection of personal data,
e) the rights which the data subject may exercise against the data controller in accordance with Article 11 of the LPPD.
As Company, we are informing all our visitors regarding the processing and protection of personal data in accordance with Article 10 of the LPPD with this Information Notice.
Identity of the Data Controller
Article 3/1(ı) of the LPPD defines data controller as “Real or legal persons who determine the purposes and means of processing personal data, who are responsible for the establishment and management of the data registry system” and within this framework, the Company bears the title of data controller.
FNSS Savunma Sistemleri A.Ş.
Oğulbey Mahallesi, Kumludere Caddesi, No:11 06830 Gölbaşı, Ankara
Telephone: 0 312 497 43 00
Processing of Personal Data and its Purposes
As Company, your personal data is only processed in the presence of your explicit consent or one or more of the conditions of lawfulness for processing stated below.
a) Explicitly required by law.
b) Processing is necessary in order to protect the vital interests of the data subject or of another natural person, who cannot give consent because of material impossibilities or whose consent is not legally valid.
c) Processing the personal data of the parties to a contract is necessary, as long as it is directly relevant to the establishment or performance of the contract.
d) Processing is necessary for compliance with a legal obligation to which the data controller is subjected.
e) Personal data made public by the data subject him/herself.
f) Processing is necessary for the establishment, execution or protection of a right.
g) Processing is necessary for the purposes of the legitimate interests pursued by the data controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
In accordance with the abovementioned principles; your personal data is processed with the purposes of hiring, performance evaluation, termination of the employment contract as per the Human Resources processes and fulfilling the legal obligations such as the creation and preservation of employee files as per the Law on Work Health and Safety no.6331 and the relevant legislation, ensuring the data security as per the LPPD and other legislation, taking the necessary security measures and establishing the public safety as per the regulations in relation to Ministry of National Defense, carrying out of our Company’s all other operational activities, determining our Company’s commercial and business strategies and resolving the requests and complaints of data subjects; to the extent appropriate and for a limited period of time necessary for such purposes.
The personal data such as ethnicity, race, political view, religion, sect, other beliefs, clothing, association or union memberships or information on health, sexual life, penalty, conviction, safety measures, biometric and genetic data are deemed sensitive under Article 6 of LPPD and shall only be processed with express consent of the data subject. Yet the data other than health and sexual life may be processed, in the absence of express consent, if it is provided by law.
To Whom and For What Purposes the Personal Data may be Transferred
Your personal data processed by the Company in accordance with the LPPD principles and provisions; may only be transferred for the above mentioned purposes and along with the necessary confidentiality agreements; to our business partners, suppliers, company’s authorized persons, our shareholders, legally authorized public institutions and real persons, within the scope of the conditions stated under Articles 8 and 9 of the LPPD.
As per Article 8 of the LPPD, the personal data may be transferred based on the express consent of the data subject or another condition stipulated in the above section with the heading ‘Processing of Personal Data and its Purposes’ in the absence of express consent.
As per Article 9 of the LPPD, for the personal data to be transferred abroad, adequate protection is required in the country to which the data will be transferred, in addition to the conditions stated above. The countries, where there is adequate protection, shall be determined by the Personal Data Protection Board.
Rights of the Data Subject
Article 11 of the LPPD issues some rights for each real person whose personal data is processed and requires the data controllers to inform the data subjects on such rights under the obligation to inform. These rights are comprised of;
- the right to obtain confirmation from the data controller as to whether or not personal data concerning him or her is being processed, and, where that is the case, access to the personal data and the following information;
- the purposes of the processing and whether the personal data is used in line with such purposes,
- the recipients to whom the personal data has been or will be disclosed both domestically and in abroad,
- the right to request the data controller to rectify the personal data if the personal data has been processed in an incomplete or wrong manner,
- the right to request the deletion or destruction of personal data if the grounds permitting the processing of personal data cease to exist within the scope of Article 7 of the LPPD,
- the right to request the notification of the rectification in personal data, if the personal data has been processed in an incomplete or wrong manner; or the deletion or destruction of personal data in accordance with Article 7 of the LPPD from third parties to whom the personal data is transferred,
- the right to object to any adverse result that occurs exclusively from analyzing of the processed personal data via automatic systems and right to claim compensation if any damage is incurred due to unlawful processing of personal data.
How Do We Protect?
The protection of your personal data collected and processed by the Company is provided through preventing unauthorized persons to access the data and by taking all necessary technical and administrative measures in order to make sure all real and legal persons which we collaborate with do not suffer from any violation, by ensuring the use of software by our Company in our operations are up to standards, by taking due care in choosing the third parties with whom we work, by training our employees in this regard and by ensuring the compliance with the data protection policy within the company.
Application and Right to Obtain Information
In case you wish to exercise one of the rights explained above granted under Article 11 of the LPPD, you may apply to the Company, the Company Data Protection Officer whose contact information has been provided in our web-site. This application should be made in writing or through other methods determined by the Personal Data Protection Board. We have prepared an application form for your convenience which you may find by clicking the link below.
Please hand in the application form which you have filled by;
- Visiting the Company at the address Oğulbey Mahallesi, Kumludere Caddesi, No:11 06830 Gölbaşı, Ankara in person (applicant should fill the application form personally and present his/her identity card),
- Sending to the Company’s address Oğulbey Mahallesi, Kumludere Caddesi, No:11 06830 Gölbaşı, Ankara via public notary or certified mail,
- Sending an e-mail to the Company’s registered e-mail address email@example.com Ankara with secure electronic signature, mobile signature or by using the registered e-mail address which has already been notified by the data subject and recorded in the Company system, or
- Submitting the application form electronically through our website as indicated below.
Your applications delivered to our Company through the abovementioned methods in accordance with Article 13 sub-section 2 of the LPPD, shall be answered within 30 (thirty) days upon receipt by our Company. Our reply shall be sent either in writing or through electronic means. We would like to state that, in case our reply comprises of more than ten pages, a transaction fee of 1 (one) Turkish Lira may be requested per page over ten pages under LPPD.