INFORMATION NOTE ON PROCESSING OF PERSONAL DATA

INFORMATION NOTE ON PROCESSING OF PERSONAL DATA 

  1. PREAMBLE 

 

As Papilon Savunma Teknoloji ve Ticaret A.Ş., (“Papilon” or “Our Company”), protecting fundamental rights and freedoms, as well as protecting privacy regarding private lives, ensuring and protecting information security, and respecting ethical values are among our primary principles. With this awareness, as the Company, we attach great importance to the processing and preservation of all kinds of personal data belonging to all persons related to the Company, including those who benefit from our products and services, in accordance with the Law on the Protection of Personal Data No. 6698 (“PDP  Law”). Within the scope of this responsibility, it enlightens on the collection, processing and transfer processes of your personal data as defined in the PDP Law as "Data Controller" and your rights under the Law. 

 

  1. PARTIES DATA COLLECTED BY OUR COMPANY 

 

Within the scope of the Personal Data Protection Law, we collect the data of the parties mentioned below who have a business relationship with our company. These; 

 

  • Our Employees and Employee Candidates 
  • Family members and relatives of our employees and employee candidates, 
  • our customers, 
  • of our suppliers, 
  • of our consultants, 
  • our business partners, 
  • of our shareholders, 
  • Our company officials, 
  • Our company representatives 
  • Person(s) with whom we have a contractual relationship and their employees 
  • Person(s) who are the addressee of legal proceedings, 
  • survey participants, 
  • Our visitors, 

 

  1. DATA PROCESSED BY PAPILON 

 

Papilon can process general and special personal data with the explicit consent of the data owner or without explicit consent in cases stipulated in Articles 5 and 6 of the PDP Law. 

Which data will be processed by Papilon for each data owner may vary depending on various factors such as the type and nature of the relationship between the data owner and Papilon, and the communication channels used. In this context, some of the general and special data processed by Papilon are shown below. 

  • Data such as name-surname, profession, title, institution/organization information, educational background, employment history, gender, marital status, family and social life information, citizenship status and other personal information, and information about parents, guardians and attorneys, if any. 
  • Data such as date of birth, place of birth, ID number and photograph in documents for identification purposes such as ID, passport, driver's license. 
  • Contact information such as address, telephone, e-mail and fax number of home, workplace or temporary residence. 
  • Visual and audio recordings. 
  • Customer and procurement process data. 
  • Content and communication records of e-mail correspondence with Papilon. 
  • Internet protocol (IP) address, device ID, unique identifier information, device type, advertising ID, unique device icon, statistics on web page views, inbound and outbound traffic information, redirect URL, internet log information, location information, visited sites and information on transactions and actions performed through our websites, platforms, internet network, and advertisements and e-mail contents. 
  • Customer information, customer transaction information. 
  • Information on request/complaint management, 
  • Information on legal affairs, 
  • Information on ethical values and legal compliance, 
  • Financial information, 
  • Audit information, 
  • Electronic media usage information, 
  • Information on goods and services provided and provided, 
  • Business activities information, 
  • Information on trade and other licenses and permits, 
  • Physical location security information, 
  • Visual and auditory information (photograph, camera, sound recordings), 
  • Telecommunication records, 
  • E-mail and information systems services usage records, 
  • Login records, 
  • Union membership information, 
  • Health reports and health information, 
  • Images and information about work accidents, injuries, diagnosis and treatments, 
  • Biometric data and criminal record information, 
  • HEPP Codes of our employees, 
  • Covid-19 vaccine information of our employees, 
  • PCR knowledge of our employees, 
  • HES codes, vaccination information, PCR query results and fever measurement results of our stakeholders 

 

 

  1. PURPOSE OF PROCESSING PERSONAL DATA 

 

As Papilon, we may process personal data for the following purposes and retain them for as long as these purposes require: 

  • Establishment and fulfill of contracts, 
  • Carrying out the commercial activities of our company, 
  • To be able to carry out business processes related to commercial activities, 
  • Management and execution of relations with business partners and/or suppliers, informing about the contents of products and services. 
  • Establishing and developing the company's human resources policies, providing the company's employee needs within the framework of these policies, and conducting and developing the recruitment processes. 
  • Conducting our activities in accordance with the legislation, 
  • Customizing and improving our services to our customers, providing effective customer service, 
  • Ensuring and improving coordination, cooperation and efficiency in and between units within our company, 
  • Ensuring the security of our company's website and other electronic systems and physical environments, 
  • Conducting investor relations, organizing events for investor satisfaction in this context, 
  • Celebrating special days, being included in sweepstakes or competitions, giving gifts and other similar events, promotions and campaigns in favor of the data owner. 
  • Conducting communication activities, 
  • Getting your opinion with surveys and voting, 
  • Investigation, detection, prevention of violations of the contract and the law and reporting them to the relevant administrative or judicial authorities, 
  • Execution of finance and accounting works, 
  • Follow-up and execution of legal affairs, 
  • Answering requests and questions. 
  • Conducting legal and commercial relations with our company and people who have business relations with our company and ensuring the security of these relations. 
  • Realization of corporate and partnership law transactions, planning and execution of corporate governance activities. 
  • Execution of strategic planning activities, 
  • Ensuring the security of our company's locations. 
  • Planning of logistics activities, 
  • Continuing reputation Studies, 
  • Follow-up of finance and accounting affairs, creation and tracking of visitor records, 
  • Execution of HES code, temperature, PCR test results and emergency processes of employees and visitors and protection of public health. 

 

  1. METHOD OF COLLECTING PERSONAL DATA 

 

Personal data can be collected by our Company through verbal, written and/or electronic means, by giving clear and understandable verbal, written and/or electronic information to the personal data owners, and by obtaining their explicit consent when necessary, in accordance with the law and honesty rules, in connection with the legitimate purposes clearly stated above and It is collected and used within the framework of the principle of proportionality, on a limited basis, and recorded, stored and processed in paper and digital media when necessary, and in the cloud environment when necessary. Although the type and nature of the relationship between the data subject and Papilon may vary depending on various factors, the methods used in collecting personal data are generally as follows: 

 

  • Directly from the data owner through physical and electronic media where the data owner communicates with our Company, 
  • Persons and institutions represented by/representing the data owner, 
  • Persons, institutions and organizations that are referenced in job applications or included in the applicant's work and education history. 
  • Through the company's subcontractors, business partners or other contracted persons and organizations. 
  • Via social media or other public channels. 

 

  1.  LEGAL REASONS FOR THE PROCESSING OF PERSONAL DATA 

 

As Papilon, we process your personal data based on your explicit consent or the legal reasons listed below: 

6.1. Clearly stipulated in laws: PDP Law in the absence of one of the reasons listed in articles 5/II and 6/II and III, we can only process your personal data based on your explicit consent. You can always withdraw your express consent in the ways stipulated in Article 9 of this Policy. 

6.2. Being directly related to the establishment or fulfilment of a contract: We may process the personal data of the representatives of the legal entities we serve and the suppliers or their representatives from whom we purchase products or services for the purposes of negotiating contracts, signing contracts and fulfilling our contractual debts. 

6.3. Obligatory in order to fulfill our legal obligation: For example, personal data may be shared with these institutions and courts upon the request of the courts or administrative bodies within the framework of the relevant legislation, provided that it is limited to the scope of the request. 

6.4. If the data has been made public by the person concerned: Your personal data may be processed if it has been made public by you. For example, the personal data of potential suppliers or their representatives that have been made public may be processed for the purposes of evaluating their adequacy in meeting our product or service needs and communicating with these people. Again, the data of the employee candidates that they have made public on social media can be used in the evaluation of their job applications. 

6.5. Data processing is mandatory for the establishment, exercise or protection of a right: For example, your personal data may be processed for the purposes of filing a lawsuit or defending a lawsuit. 

6.6. Data processing is mandatory for our legitimate interests, provided that it does not harm your fundamental rights and freedoms: we may also process your personal data for our legitimate interests. For example, we may store personal data of potential suppliers and employee candidates in our Company's information repository in order to meet our Company's future product or service or workforce needs. 

 

 

  1. PERSONS AND ORGANIZATIONS TO WHICH PERSONAL DATA MAY BE TRANSFERRED IN DOMESTIC AND INTERNATIONAL 

 

Papilon may transfer personal data to third parties in the country and abroad for the purposes indicated under the heading "Purposes of Processing Personal Data", provided that it complies with the conditions stipulated in the PDP Law and takes the necessary security measures, and on servers located in the country or abroad, or can be stored in other electronic media. Although the third parties to whom personal data can be transferred may vary depending on various factors such as the type and nature of the relationship between the data owner and Papilon, in general they are as follows: 

  • Group companies, 
  • Authorized institutions and organizations 
  • Work partners 
  • Suppliers 
  • Subcontractors 
  • Shareholders and to the authorities 
  • Legally Authorized public institutions and organizations 
  • Legally authorized private legal persons 

 

Papilon does not share the personal data it has obtained with others for the promotion and marketing activities of third parties in any way without the express and specific consent of the data owner. 

 

 

  1. RIGHTS OF THE DATA OWNER 

 

If you, as Personal Data Subject, submit your requests regarding your rights of the Personal Data Subject, listed in article 11 of the Law no. 6698, to our Company; we will conclude the request as soon as possible and at the latest within thirty days according to the nature of the request. In this context, personal data subjects are entitled to find out whether their personal data is processed, request pertinent information if their personal data was processed, find out why personal data was processed and whether it was used properly, know the third parties to whom personal data is transferred within the country or abroad, request correction of personal data if it is incompletely or incorrectly processed, and request notification of this procedure to third parties to whom personal data is transferred, even though personal data is processed pursuant to the Law no. 6698 and other applicable provisions of the law, request deletion or destruction of personal data in case the reasons for processing no longer exist, and request notification of this procedure to third parties to whom personal data is transferred, object to existence of a result against the person upon analysis of processed data exclusively by automated systems, request indemnification of losses if you incur any loss due to unlawful processing of personal data. Pursuant to the law, you can submit your applications regarding your personal data personally to the address Mebusevleri Mah., Ergin Sk., No: 9, Çankaya / ANKARA upon confirmation of identity, or by means of other methods specified in the Law and applicable legislation upon confirmation of identity. Our Company shall finalize applications at no charge pursuant to article 13 of the Law on Protection of Personal Data. If a cost is required for the process, the tariff determined by Personal Data Protection Board shall be applicable. If the request is rejected, reasons for rejection shall be notified on written or electronic media.