GDPR Policy
USB Certification Denetim Gözetim ve Belgelendirme Hizmetleri A.Ş. (Company, USB Certification), mainly Turkish Rebuplic, Regarding the protection of personal data regulated and secured by the Constitution and the Law on the Protection of Personal Data (KVKK) No.6698, the following methods, grounds, purposes and conditions are required to process and protect personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed. shows the utmost care and attention in all administrative and technical measures.
- Data Supervisor
USB Certification is accepted as the “Data Controller” in accordance with the KVKK, and your personal / private personal data can be processed by our Company in the capacity of “Data Supervisor”.
- Purposes of Processing Personal Data
As USB Certification, we can fulfill our obligations to our customers, their performance, proof, registration, document, evidence, report and certification, complying with information storage, reporting, information and other requirements stipulated by local and international legal regulations and standards,
- Receiving requests, following up and executing the production and operation processes of the service, providing logistics cooperation with third parties and sending products, reporting, tracking and execution of storage and archive activities, performing financial and accounting transactions,
- Measuring and increasing customer satisfaction, measuring and improving service quality, performing statistical analysis for sales and marketing activities, monitoring and executing loyalty processes, receiving opinions and suggestions, problem and error notifications about new services and products, information to the relevant party regarding complaints and requests giving,
- Monitoring and execution of control and audit, risk management processes, monitoring and execution of communication activities, monitoring and execution of social responsibility and civil society activities,
Your personal data can be processed by USB Certification with the title of “Data Supervisor”.
- Transfer of Personal Data
Your personal / special quality personal data, in accordance with the basic principles regulated in the first paragraph of Article 4 of KVKK and the conditions specified in Article 8 and limited to the purposes included in this Clarification Text, we receive services to meet other needs within the scope of USB Certification’s field of activity. within the scope of contracts, audit firms, human resources, etc. companies, operational, legal, financial, tax advisors, SSI, Ministry of Finance, Ministry of Agriculture, Provincial and District Directorates of Agriculture, Ministry of Commerce and financial advisors, standard owners (BRC, IFS) within the scope of their legal authority and within the scope of their requests. , FSSC, Global GAP, GOTS, Textile Exchange, ISO etc.), accreditation organizations (ANAB, ESYD, TÜRKAK, JAS-ANZ, NAC, ENAC, UKAS etc.), other control organizations (ASR, QMSCERT, UDEM, AKSSERT, NSF, ACERTA, Q-Check etc.) within the framework of the standard and within the framework of legal restrictions without obtaining explicit consent in the presence of the situations stipulated in the second and sixth paragraphs of Article 5 and the third paragraph of Article 6 of KVKK.
In addition, your personal / private personal data may be collected by obtaining explicit consent within the scope of the principles stipulated in the second paragraph of Article 4 of the KVKK, or in the presence of the situations stipulated in the second paragraph of Article 5 and the third paragraph of Article 6, without obtaining express consent and in accordance with Article 9 of the Law. data protection Board (the Board) after being declared a foreign country with adequate protection will be determined by, only to non-resident individuals and organizations in these countries, determined that there is sufficient protection, and for countries that have been declared adequate protection of responsible data in Türkiye and in the relevant foreign country writing and in terms of the relevant transfer, provided that the permission of the Board can be obtained.
- Collection Method of Personal Data and Legal Reason
Your personal data are collected in accordance with clauses c, ç, f of the second paragraph of the 5th clause of KVKK, due to the fulfillment of our Company’s obligations within the scope of your bid requests, application forms, contracts and annexes made with USB Certification.
To fulfill our legal obligations as a company, the personal data we request from you for the reasons stipulated by the laws and for the legitimate interests of the Company may vary depending on the service we provide or the commercial activities of USB Certification, but also on the website, social media accounts, mobile applications, training you participated in, and seminars or company visits, interviews, requests for proposals and attachments, application forms and annexes, contracts and annexes, signatory circulars, power of attorney or authorization documents, business partners, standard owners requirements, accreditation bodies requirements, other control bodies requirements, audit or non-compliance evidence / It can collect photographs in written, verbal or electronic media by automatic or non-automatic means such as business cards, suppliers.
- Rights Regarding Protection of Personal Data
In accordance with Article 11 of the KVKK, your personal / private personal data;
- Learning whether it has been processed
- Request information if processed
- Learning the purpose of processing and whether it is used appropriately
- To know the third persons to whom they are transferred at home / abroad
- Requesting correction if missing / incorrectly processed
- Requesting their deletion / destruction within the framework of the conditions stipulated in Article 7 of the KVKK
- Request notification of the transactions made in accordance with subparagraphs (d) and (e) above
- Object to the emergence of a result against you because it is analyzed exclusively by automated systems.
- In case you suffer a damage due to illegal processing,
You have the right to demand.
- Application Method to the Company
As a personal data owner, you can submit your requests regarding your rights mentioned above to USB Certification by applying in person to the address specified below, through a notary, using the registered e-mail address or by other methods determined by the Personal Data Protection Board.
Data Supervisor: USB Certification Denetim Gözetim ve Belgelendirme Hizmetleri A.Ş
Address: İsmet Kaptan Mah. Find Hurriyet. No: 4/1 D: 23 Kavala Plaza Cankaya / Konak / Izmir / Türkiye
Mersis No.:3717513961753334
REP Address: [email protected]
QMS No: UMNG-CCM-P-EN-3040
First Release Date: 09.03.2020
GDPR Policy for Canditates
USB CERTIFICATION Denetim Gözetim ve Belgelendirme Hizmetleri A. Ş. (Company, USB CERTIFICATION), mainly Turkish Rebuplic Regarding the protection of personal data regulated and secured by the Constitution and the Law on the Protection of Personal Data (KVKK) No.6698, the following methods, grounds, purposes and conditions are required to process and protect personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed. shows the utmost care and attention in all administrative and technical measures.
- Data Supervisor
USB CERTIFICATION is considered as the “Data Controller” in accordance with the KVKK, and your personal / private personal data can be processed by our Company in the capacity of “Data Supervisor”.
- Purposes of Processing Personal Data
- As USB CERTIFICATION, to fulfill our obligations to our customers, to be able to perform, prove, record, document, proof, report and certificate, to comply with information storage, reporting, information and other requirements stipulated by local and international legal regulations and standards,
- Receiving requests, tracking and executing the production and operation processes of the service, providing logistics cooperation with third parties and sending products, reporting, tracking and execution of storage and archive activities, performing financial and accounting transactions,
- Measuring and increasing customer satisfaction, measuring and improving service quality, performing statistical analysis for sales and marketing activities, monitoring and executing loyalty processes, receiving opinions and suggestions, problem and error notifications about new services and products, information to the relevant party regarding complaints and requests giving,
- Monitoring and execution of control and audit, risk management processes, monitoring and execution of communication activities, monitoring and execution of social responsibility and civil society activities,
Your personal data can be processed by USB CERTIFICATION in the capacity of “Data Supervisor”.
- Transfer of Personal Data
Your personal / special personal data, in accordance with the basic principles set out in the first paragraph of Article 4 of KVKK and the conditions specified in Article 8, and limited to the purposes included in this Clarification Text, we receive services to meet other needs within the scope of activity of USB CERTIFICATION. within the scope of contracts, audit firms, human resources, etc. companies, operational, legal, financial, tax advisors, SSI, Ministry of Finance, Ministry of Agriculture, Provincial and District Directorates of Agriculture, Ministry of Commerce and financial advisors, standard owners (BRC, IFS) within the scope of their legal authority and within the scope of their requests. , FSSC, Global GAP, GOTS, Textile Exchange, ISO etc.), accreditation organizations (ANAB, ESYD, TÜRKAK, JAS-ANZ, NAC, ENAC, UKAS etc.), other control organizations (ASR, QMSCERT, UDEM, AKSSERT, NSF, ACERTA, Q-Check etc.) within the framework of the standard and within the framework of legal restrictions without obtaining explicit consent in the presence of the situations stipulated in the second and sixth paragraphs of Article 5 and the third paragraph of Article 6 of KVKK.
In addition, your personal / private personal data may be collected by obtaining explicit consent within the scope of the principles stipulated in the second paragraph of Article 4 of the KVKK, or in the presence of the situations stipulated in the second paragraph of Article 5 and the third paragraph of Article 6, without obtaining express consent and in accordance with Article 9 of the Law. data protection Board (the Board) after being declared a foreign country with adequate protection will be determined by, only to non-resident individuals and organizations in these countries, determined that there is sufficient protection, and for countries that have been declared adequate protection of responsible data in Türkiye and in the relevant foreign country writing and in terms of the relevant transfer, provided that the permission of the Board can be obtained.
- Collection Method of Personal Data and Legal Reason
Your personal data are collected in accordance with the clauses c, ç, f of the second paragraph of Article 5 of the KVKK, due to the fulfillment of our Company’s obligations within the scope of your bid requests, application forms, contracts and annexes made with USB CERTIFICATION.
To fulfill our legal obligations as a company, the personal data we request from you for the reasons stipulated by the laws and for the legitimate interest of the Company may vary depending on the service we provide or the commercial activities of USB CERTIFICATION, the website, social media accounts, mobile applications, training you participated in, and seminars or company visits, interviews, proposal requests and attachments, application forms and annexes, contracts and their attachments, signatory circulars, power of attorney or authorization documents, business partners, standard owners requirements, accreditation bodies requirements, other control organizations requirements, audit or non-compliance evidence / It can collect photographs in written, verbal or electronic media by automatic or non-automatic means, such as business cards, suppliers.
- Rights Regarding Protection of Personal Data
In accordance with Article 11 of the KVKK, your personal / private personal data;
- Learning whether it has been processed
- Request information if processed
- Learning the purpose of processing and whether it is used appropriately
- To know the third persons to whom they are transferred at home / abroad
- Requesting correction if missing / incorrectly processed
- Requesting their deletion / destruction within the framework of the conditions stipulated in Article 7 of the KVKK
- Request notification of the transactions made in accordance with subparagraphs (d) and (e) above
- Object to the emergence of a result against you because it is analyzed exclusively by automated systems.
- In case you suffer a damage due to illegal processing,
You have the right to demand.
- Application Method to the Company
As a personal data owner, you can submit your requests regarding your rights stated above to USB CERTIFICATION by applying in person to the address specified below, through notary public, using the registered e-mail address or by other methods determined by the Personal Data Protection Board.
Data Supervisor: USB Certification Denetim Gözetim ve Belgelendirme Hizmetleri A.Ş.
Address: İsmet Kaptan Mah. Find Hurriyet. No: 4/1 D: 23 Kavala Plaza Cankaya / Konak / Izmir
Mersis No.:3717513961753334
REP Address: [email protected]
QMS No: QMS-MNG-EN-F-7040
First Release Date: 22.10.2019
GDPR Policy for Staff
USB CERTIFICATION Denetim Gözetim ve Belgelendirme Hizmetleri A.Ş. (Company, USB CERTIFICATION), mainly T.C. Regarding the protection of personal data regulated and secured by the Constitution and the Law on the Protection of Personal Data (KVKK) No.6698, the following methods, basis, purpose and conditions are processed and required for the protection of personal data for the period stipulated in the relevant legislation or for the purpose for which they are processed. shows the utmost care and attention in all administrative and technical measures.
1.Data Supervisor
As USB CERTIFICATON; As a data controller, within the scope of our business relationship with you, your personal data we obtain in the following ways depending on the situation; within the framework of the purpose that requires processing and in connection with this purpose, in a limited and measured manner, maintaining the accuracy and the most up-to-date state of personal data as you have notified or notified to us, will be recorded, stored, preserved, rearranged, shared with institutions legally authorized to request such personal data. and in the conditions stipulated by KVKK, we inform you that it can be transferred to domestic or foreign third parties, classified and processed in other ways listed in KVKK.
- Purposes of Processing Personal Data
Your personal data may be processed by the Company for similar purposes and reasons such as but not limited to the purposes and legal reasons stated below.
Fulfilling the purpose required for the performance of the employment contract, in particular;
- Employees’ leave approval, viewing remaining leaves, making vacation arrangements
- Executing the dismissal procedures of the employees
- Ensuring that payroll transactions are carried out
- Making salary payments to employees
In order to fulfill the requirements within the scope of Labor Law, Occupational Health and Safety Law, Social Security Law and related legislation and other laws and legislation, in particular;
- Creation of personnel personal file
- SSI notifications, İŞKUR notifications, police station notification, incentives and legal obligation notifications
- Ensuring the compulsory private pension insurance account to be opened
- Opening a private / supplementary health insurance account, providing notifications
- Control of employees’ entry / exit records
- Incentive calculation
- Paying the salary foreclosures of employees to enforcement files
- Legal notifications of work accident
- Occupational health and safety procedures
- To comply with other information storage, reporting and information obligations stipulated by the legislation, relevant regulatory institutions and other authorities.
- Execution of court decisions
Due to the requirement arising from the performance of customer contracts, in particular;
- Making the right / unjust distinction of the customer in customer complaints, increasing customer satisfaction, understanding customer needs and improving customer-related processes
- Evaluation of customer service quality and training of employees
For the management of the company, the execution of the business, and the implementation of company policies, in particular;
- Monitoring and reporting of company employees’ performance / development
- Proving and approving the requirements of the appointed position and ensuring the development and follow-up of qualification
- Making expense payments to employees
- Communication with employees
- Confirming that the employee who has been assigned or used a vehicle is competent to drive and does not lose his driver’s license for any reason.
- Supply vehicles to the employee
- Providing business card printing
- Ensuring that packages received by cargo and courier are delivered to the relevant employee
- Tracking company vehicle usage for employee safety and business execution
Providing travel organization, visa procedures
- Creating the employee’s work e-mail by entering employee data into Outlook
- Recording employees’ documents collected during job application and interview
- Corporate events, meetings, etc. on company social media accounts. Sharing information and / or photos within the scope of, providing celebration communication
- Training planning, reporting of trainings, preparation of training certificates, tracking of employees participating in training, tracking development processes as a result of training received by employees
- Communicating with relevant people in emergencies
- Analysis of satisfaction survey
Your personal data will be kept for the maximum period specified in the relevant legislation or for the purpose for which they are processed, and in any case for the legal statute of limitations.
- Your Processed Personal Data
As USB CERTIFICATION, personal data provided to us by the employees can be processed. Your personal data that may be subject to processing are as follows:
Identity Data; Name, surname, date of birth, country of birth, city of birth, gender, marital status, nationality, T.R. identity card information (TR ID, serial number, wallet number, father’s name, mother’s name, place of birth, province, district, neighborhood, volume number, family order number, row number, household number, page No, registration number, place of issue, issue reason, date of issue, previous surname), copy of identity card
Communication Data; Telephone number, full address information, e-mail address, internal contact information (internal phone number, corporate e-mail address)
Financial Data; Financial and salary details, payrolls, premium progress payments, premium amounts, file and debt information regarding enforcement follow-up files, bank passbook, minimum subsistence discount information, private / supplementary health insurance information / amount, Automatic Enrollment System Individual Pension System information / amount
Special Quality Personal Data; Criminal record, disability status / definition / percentage, religious, health data, blood type, private / supplementary health insurance policy, health reports, on-the-job medical report, chest radiography, hearing test, eye test, employment and periodic examination forms signed by the workplace doctor , pregnancy status, pregnancy report, health and maternity leave information, association / foundation memberships
Training and Qualification Data; Education status, certificate and diploma information, foreign language information, resume, courses taken, audits attended (Audit Log), SSI information, audit reports, reference letters
Audit Data; CV, audit report, signed audit documents
Visual and Audio Data; Photo of real person
Employee Performance and Development Data; Training and skills, information on what training date, e-mail, signed participation form, customer and audit quality evaluation form, performance evaluation and goal realization status, activity / planning information
Family and Relative Data; Marriage certificate, name, surname of spouse and children, T.C. Identity Number gender, date of birth, duty, phone number; name, surname and phone number of relatives
Working Data; Registration Number, position name, department and unit, title, last employment date, entry and exit dates, insurance entry / retirement, social security No, tax office No, flexible hours working status, travel status, BAĞ-KUR entry date, BAĞ -KUR registration number, accounting code, number of working days, projects worked, monthly total overtime information, severance pay base date, severance pay additional days
Permission Data; Vacation seniority base date, leave seniority additional days, leave group, departure / return date, day, reason for leave, address / telephone for leave
Other; Postponement of military service, license plate, copy of vehicle license, vehicle km information, vehicle location, copy of driver’s license, traffic ticket query result, intern status, employee internet access logs, entry-exit logs, entry-exit records, employee daily activity data
- Transfer of Personal Data
Your personal data in order to fulfill your security and our Company’s obligations against the law, Labor Law, Worker Health and Work Safety Law, Social Insurance and General Health Insurance Law, the Law on the Regulation of Publications on the Internet and the Fight Against Crimes Committed Through These Publications, the Turkish Commercial Code, Relevant institutions or organizations to the extent permitted and required by the Personal Data Protection Law No. 6698, the Identity Reporting Law and other legislation provisions; Personal Data Protection Authority, Ministry of Finance, Ministry of Agriculture, Ministry of Commerce, Labor and Social Security Ministry, Türkiye Business Association (İş-Kur) as public entities, BRC, IFS, FSSC, Global GAP, GOTS, Textile Exchange, such as ISO standard its owners can be shared with accreditation bodies such as ANAB, ESYD, TÜRKAK, JAS-ANZ, NAC, ENAC, UKAS and other control organizations such as ASR, QMSCERT, UDEM, AKSSERT, NSF, ACERTA, Q-Check. In addition, your personal data;
Fulfilling the purpose required for the performance of the employment contract, in particular;
- We can share it with the accounting office in order to carry out payroll transactions and to update the relevant data.
In order to fulfill the requirements within the scope of Labor Law, Occupational Health and Safety Law, Social Security Law and related legislation, other laws and legislation, in particular;
- We can share with the consultancy firms we work with regarding the determination and calculation of incentives.
- We can share your health data with the workplace doctor so that they can perform treatment and health checks.
In order to ensure security within the company, especially;
- We can transfer it to the office building management to inspect entries and exits for workplace safety.
In order to ensure qualification, in particular;
- We can share your resumes
- We can share your reference letters from the places you have worked with before.
- We can share the Audit Logs of the audits you go to before USB CERTIFICATION and while working in USB CERTIFICATION.
- When requested, we can share your entire SSI service statement retrospectively.
- We can share the certificates of the trainings you have attended before and at USB CERTIFICATION and the audit reports of the audits you have performed.
Due to fulfilling our legal obligations, in particular;
- In order for us to exercise our right to defense, we can be shared with our lawyers and relevant institutions within the framework of our obligation to fulfill legal requests such as court orders or evidence requests, provided that it is in accordance with the law and procedure.
For the management of the company, the execution of the business, and the implementation of company policies, in particular;
- We can transfer your personal data to the companies we are affiliated with or cooperate with in order to ensure our internal operation.
- Required personal data can be transferred to the companies we work with on issues such as transportation, travel, visa procedures, vehicle supply, business card printing.
In business and transactions with abroad;
- If you give your consent, your personal data can be shared with third parties abroad for communication, travel organization and mass e-mail sending.
- Collection Method of Personal Data and Legal Reason
To fulfill our legal obligations as an employer, to fulfill the employment contract between us, for reasons stipulated by the laws and for the legitimate interests of the Company, we have requested from you personally during your job application or through platforms where we publish job postings, or in your resume that you prefer to share with us during your job application. We collect your personal data in the other texts you have shared regarding your application or your application, by you transmitting it to us physically or electronically and recording information open to Company computer programs, applications and servers or the internet environment open to the use of more than one person.
By controlling the entry and exit times, in accordance with the legitimate interest of the company to follow up the business; In order to ensure workplace safety and to fulfill our legal obligations, we collect the data regarding the tracking of your use of vehicles and gasoline supplied to you through the tracking devices we install on the vehicles belonging to the Company.
In order to fulfill our legal obligation and as stipulated by the laws, we collect your personal data physically and electronically in order to ensure workplace safety.
We collect it through legal documents and notifications that are transmitted to us to fulfill our legal obligations.
6.Rights Regarding Protection of Personal Data
In accordance with Article 11 of the KVKK, your personal / private personal data;
- Learning whether it has been processed
- Request information if processed
- Learning the purpose of processing and whether it is used appropriately
- To know the third persons to whom they are transferred at home / abroad
- Requesting correction if missing / incorrectly processed
- Requesting their deletion / destruction within the framework of the conditions stipulated in Article 7 of the KVKK
- Request notification of the transactions made in accordance with subparagraphs (d) and (e) above
- Object to the emergence of a result against you because it is analyzed exclusively by automated systems.
- In case you suffer a damage due to illegal processing,
You have the right to demand.
- Application Method to the Company
As a personal data owner, you can submit your requests regarding your rights stated above to USB CERTIFICATION by applying in person to the address specified below, through notary public, using the registered e-mail address or by other methods determined by the Personal Data Protection Board.
Data Supervisor: USB Certification Denetim Gözetim ve Belgelendirme Hizmetleri A.Ş.
Address: İsmet Kaptan Mah. Find Hurriyet. No: 4/1 D: 23 Kavala Plaza Cankaya / Konak / Izmir
Mersis No.:3717513961753334
REP Address: [email protected]
QMS No: UMNG-CCM-P-EN-3060
First Release Date: 09.03.2020