Employee Candidate Information Letter
Information letter on collection, processing and transfer of your personal data for employee candidates/applicants
This document is prepared to inform the relevant person whose personal data will be processed in a various ways including collection, recording and transfer of personal data within the framework of the relevant legislation, in particular the Law on the Protection of Personal Data numbered 6698 (the ''Law'') and including transfer of personal data within the country or abroad; and thus to fulfill the disclosure obligation set out within the framework of the Communiqué on Procedures and Principles for Fulfillment Information Obligation by the Societe Generale S.A Paris Merkezi Fransa İstanbul Türkiye Merkez Şubesi, which is deemed as the Data Controller.
1. Data Controller
The Data Controller is Societe Generale S.A Paris Merkezi Fransa İstanbul Türkiye Merkez Şubesi (the "Data Controller"), registered before Istanbul Trade Registry under the number 259493, and having its registered offices at "Nispetiye Caddesi Akmerkez AVM E-3 Blok Kat:10 Etiler/Beşiktaş 34337 Istanbul, Turkey".
2. Legal Reason and Method of Data Collection
The Data Controller shall be able to collect your personal data completely or partially by automatic ways or non-automatic ways only if they are the part of the data recording system; on the basis of legal reasons indicated on Article 5 and 6 of the Law. This processing shall be performed within the framework described in the Law and within the aim of the business process depends on and/or fulfillment of the obligations of Societe Generale SA ("Societe Generale"), having its registered offices at "Société Générale 17, Cours Valmy 92987 Parıs La Défense 7 Cedex France" to create a common data storage.
3. The Processed Personal Data and Purposes of Processing
Within the scope of the various processes of the departments within the Data Controller, different categories of data belonging to employee candidates and accordingly their personal data shall be processed in order to fulfill these processes. These include:
- Within the framework of the process of evaluation and for this purpose,the name and surname, parent name, date of birth, place of birth, marital status, identity card serial-sequence no. and Turkish Identification numberinformation from the identity information category; and the address, e-mail address, telephone number from the contact information category; and the diploma(s), courses attended, vocational training and certificate information from the professional experience category.
The Data Controller can store by keeping in the physical environment and/or recording in the database; update; and process your personal data collected as stated above through various activities including but not limited to the disclosure and transmission to third parties and to the extent permitted by Law and any other legislation.
Your personal data shall be processed in accordance with the procedures and principles set forth in the Law and other legislation, in good faith, in a manner that is accurate and up-to-date, for specific, explicit and legitimate reasons; in a limited and measured manner, relevant to the purpose of processing and only to be retained for a period necessary for the purpose.
4. To Whom and for What Purpose Personal Data May Be Transferred
Your personal data may be transferred through internal secure communication channels within the country or abroad to Societe Generale SA and other related branches , in accordance with methods and conditions indicated in the Law, within the scope of above-mentioned purposes and principles as well as internal rules of Data Controller as required by Data Controller's operations.
For the other cases required by law other than those listed above, your personal data may be shared with the competent authorities by the Data Controller in order to fulfill the legal requirements.
5. The Rights Provided for the Relevant Person in Article 11 of the Law
Save the circumstances stipulated under Article 28 of the Law entitled "Exceptions", as the personal data subject you have the following rights within the scope of Article 11 of the Law upon your application to the Data Controller:
- to learn whether your personal data is processed or not;
- if your personal data has been processed, to demand information with regards to the said processing;
- to learn the purpose of processing your personal data and whether your personal data is being used for the intended purposes;
- to know the third parties to whom your personal data is transferred within the country or abroad;
- to request the rectification of incomplete or inaccurate data, if any;
- to request the erasure or destruction of our personal data in accordance with the conditions stipulated in Article 7 of the Law;
- to request notification on operations conducted with third parties as per the above sub-paragraphs v. and vi.;
- to object to the processing, exclusively by automatic means, of your data which leads to an unfavorable consequence for yourself;
- to request compensation for the damage arising from the unlawful processing of your personal data.
In order to use your above-listed rights, your requests should be transmitted to the Data Controller in written to the address "Nispetiye Caddesi Akmerkez AVM E-3 Blok Kat:10 Etiler/Beşiktaş 34337 Istanbul, Turkey" or to the registered e-mail address with being signed electronically or via other means that may be determined by the Personal Data Protection Authority in accordance with the Law. These requests shall be concluded within the periods indicated in the Law.
As per this document, you accept and declare that you have been explicitly informed on the Data Controller and its identity, the methods for personal data collection and its legal grounds, the processed personal data and the purposes of processing, to whom and for what purpose personal data may be transferred and rights granted to relevant person within Article 11 of the Law by the Data Controller for all transactions related to processing of your personal data. In this regard, you also explicitly accept and declare that the Data Controller has fulfilled its information obligation.
This document may be amended or changed in accordance with the Law and other related legislation when deemed necessary by the Data Controller.