Privacy notice on supply chain compliance prosses according to turkish law

1.  Data Controller and Introduction

Data Controller

Österreichische Post AG
Rochusplatz 1 1030 Vienna / Austria

Data Controller’s Representative

Aras Kargo Yurt İçi Yurt Dışı Taşımacılık Anonim Şirketi
Rüzgarlıbahçe Mahallesi Yavuz Sultan Selim Caddesi Aras Plaza No:2, 34820
Kavacık Beykoz / İstanbul
araskargo@hs02.kep.tr

As Österreichische Post AG (“Post AG” or the “Company”), we respect your privacy and your rights regarding the protection of personal data. In this context, we implement all necessary technical and administrative measures to ensure the security of your personal data and provide a high standard of protection.

Post AG is responsible for monitoring compliance with human rights, environmental impact, and ethical principles in supply chain processes within the framework of compliance efforts conducted under the European Union’s Corporate Sustainability Due Diligence Directive (CSDD). Accordingly, this Privacy Notice on Supply Chain Compliance Processes (“Privacy Notice”) is provided to inform you, within the scope of Law No. 6698 on the Protection of Personal Data (“Law”), regarding the personal data that may be processed due to your involvement in our Company’s and/or our subsidiaries’ / group companies’ supply chain, the purposes and legal grounds for such processing, and the parties to whom your data may be disclosed.

2.  Your Personal Data and Methods of Collection

Post AG collects your limited personal data in the personal data categories listed in the table below, through fully or partially automated means, or non-automated means that are part of a data recording system, from electronic and/or physical environments via its subsidiaries and group companies in Türkiye, hard copy forms (e.g., contracts, forms), e-mail, courier/postal services, and information technology systems used and/or provided by Post AG.

3.  Purposes and Legal Grounds for Processing Your Personal Data

The personal data categories* processed within the scope of supply chain compliance processes, the purposes of processing and transfer, and the legal grounds for such processing are detailed in the tables below.

*For more information on data categories, please refer to pages 74 et seq. of the Data Controllers’ Registry Information System Guide published by the Personal Data Protection Authority. You may also apply in accordance with Section 5 of this document to obtain further details about the types of personal data processed by Post AG.

Data category: Identity (e.g., name, surname, trade name)

Legal basis:

  • Pursuant to Art. 5/2(c) of the LPPD, provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract
  • Pursuant to Art. 5/2(f) of the LPPD, provided that it does not harm the fundamental rights and freedoms of the data subject, for the legitimate interests of the data controller

Purposes of processing:

  • Conducting Audit / Ethics Activities
  • Execution / Supervision of Business Activities
  • Conduction of Procurement Processes
  • Conduction of Retention and Archiving Activities
  • Execution of Contract Processes
  • Conduction of Supply Chain Management Processes
  • Execution of Management Activities

 

Data category: Contact (e.g., address, phone number, email)

Legal basis:

  • Pursuant to Art. 5/2(c) of the LPPD, provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract
  • Pursuant to Art. 5/2(f) of the LPPD, provided that it does not harm the fundamental rights and freedoms of the data subject, for the legitimate interests of the data controller

Purposes of processing:

  • Conducting Audit / Ethics Activities
  • Execution / Supervision of Business Activities
  • Conduction of Procurement Processes
  • Conduction of Retention and Archiving Activities
  • Execution of Contract Processes
  • Conduction of Supply Chain Management Processes
  • Execution of Management Activities

 

Data category: Transaction Security (e.g., log records when accessing the supplier evaluation system)

Legal basis:

  • Pursuant to Art. 5/2(f) of the LPPD, provided that it does not harm the fundamental rights and freedoms of the data subject, for the legitimate interests of the data controller

Purposes of processing:

  • Conducting Audit / Ethics Activities
  • Execution / Supervision of Business Activities
  • Conduction of Retention and Archiving Activities
  • Conduction of Supply Chain Management Processes
 

Data category: Finance (e.g., commercial/financial data of sole proprietorships)

Legal basis:

  • Pursuant to Art. 5/2(c) of the LPPD, provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract
  • Pursuant to Art. 5/2(f) of the LPPD, provided that it does not harm the fundamental rights and freedoms of the data subject, for the legitimate interests of the data controller

Purposes of processing:

  • Conducting Audit / Ethics Activities
  • Execution / Supervision of Business Activities
  • Conduction of Procurement Processes
  • Conduction of Retention and Archiving Activities
  • Execution of Contract Processes
  • Conduction of Supply Chain Management Processes
  • Execution of Management Activities

 

Data category: Professional Experience (e.g., certifications, areas of expertise depending on the nature of the work)

Legal basis:

  • Pursuant to Art. 5/2(c) of the LPPD, provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract
  • Pursuant to Art. 5/2(f) of the LPPD, provided that it does not harm the fundamental rights and freedoms of the data subject, for the legitimate interests of the data controller
 

Purposes of processing:

  • Conducting Audit / Ethics Activities
  • Execution / Supervision of Business Activities
  • Conduction of Procurement Processes
  • Conduction of Retention and Archiving Activities
  • Execution of Contract Processes
  • Conduction of Supply Chain Management Processes
  • Execution of Management Activities

4. Transfer of Your Personal Data

Your personal data processed within the scope of supply chain compliance processes may be transferred to the following recipient groups, provided that the conditions for data transfer stipulated in Articles 8 and/or 9 of the Law are met:

Recipients: Suppliers (e.g., technology providers)

Data Categories:

  • Identity
  • Contact Details
  • Transaction Security
  • Finance
  • Professional Experience

Purpose of Transfer: For the purposes specified in each data category above, in particular to provide our services and to carry out our business activities

5. Your Rights as the Data Subject

Pursuant to Article 11 of the Law, you have the following rights as a data subject:

  • To learn whether your personal data is being processed,
  • If your personal data has been processed, to request information regarding such processing,
  • To learn the purpose of processing and whether your personal data is used in accordance with that purpose,
  • To know the third parties to whom your personal data has been transferred, within the country or abroad,
    To request the correction of incomplete or inaccurate personal data and to request notification of such correction to third parties to whom the data has been transferred,
  • Despite being processed in accordance with the Law and other relevant legal provisions, to request the deletion or destruction of personal data where the reasons requiring processing no longer exist, and to request notification of such deletion or destruction to third parties to whom the data has been transferred,
  • To object to any outcome that is to your detriment resulting from the exclusive analysis of your personal data via automated systems,
  • To request compensation for damages incurred due to the unlawful processing of your personal data.

You may submit your requests concerning your rights mentioned above to our Company to

Postkundenservice,
To the attention of the Data Protection Officer
Bahnsteggasse 17-23,
1210 Vienna
Austria

or to the e-mail-address team-datenschutz@post.at, accompanied by information and documents verifying your identity.

Important Note: We kindly remind you not to include any sensitive personal data (e.g., religious beliefs or blood type) in your applications.