Siskon Privacy Notice

SİSKON

ENDÜSTRİYEL OTOMASYON SİSTEMLERİ

SANAYİ VE TİCARET ANONİM ŞİRKETİ

PROTECTION OF PERSONAL DATA
(PRIVACY NOTICE)

This Privacy Notice describes how Siskon Endüstriyel Otomasyon Sistemleri Sanayi ve Ticaret A.Ş. ("Siskon", "we", "us", or "our") collects, stores, uses and shares ("processes") your personal information when you:

  • visit our website at www.siskon.com.tr,
  • contact us by e-mail, phone or via our online contact forms,
  • apply for a position with us, request a quote, or submit a partnership inquiry,
  • engage with us in other related ways, including any sales, marketing, or events.

Applicable law. As a controller established in the Republic of Türkiye, our processing activities are primarily governed by Law No. 6698 on the Protection of Personal Data ("KVKK") and the secondary legislation issued by the Personal Data Protection Authority. Where we process the personal data of individuals located in the European Economic Area (EEA) or the United Kingdom in the context of offering goods or services to them or monitoring their behaviour, the EU General Data Protection Regulation (GDPR) and the UK GDPR also apply. Both frameworks are reflected in this Notice.

Controller details:

  • Tax Office / No.: Konak Tax Office, 7710337656
  • MERSIS No.: 0771033765600027
  • Registered Office: Çankaya Mahallesi, 153 Sokak No:23/A, Hatay 35250 Konak/İzmir, Türkiye
  • Place of Business: Adatepe Mahallesi, Doğuş Caddesi No:207/AG, Dokuz Eylül University Tınaztepe Campus, DEPARK Beta Building, Floor 2, No:202, 35390 Buca/İzmir, Türkiye

Contact for privacy matters. For all questions and requests under KVKK, GDPR or UK GDPR, you may contact us at kvkk@siskon.com.tr or by post to the Place of Business listed above.

1. What information do we collect?

Personal information you provide to us

We collect personal information that you voluntarily provide when you express an interest in our products and Services, when you participate in activities on the Services, or otherwise when you contact us. The personal information we collect may include:

  • Identity data: name and surname,
  • Contact data: business or personal e-mail address, phone number, postal address, country,
  • Professional data (where you submit a job application or business inquiry): CV/résumé, employment history, qualifications, position, employer, references,
  • Communication content: the content of messages you send us through contact forms, e-mail or phone,
  • Visitor data (if you visit our premises): identity and visit log information collected for security purposes.

Sensitive personal information

We do not actively request and we make every reasonable effort to avoid processing special categories of personal data ("sensitive personal information") under KVKK Article 6 or GDPR Article 9 through our website. If you choose to share such information voluntarily (for example in a cover letter), we will process it only on the basis of your explicit consent or another lawful basis.

Information automatically collected

We automatically collect certain information when you visit, use, or navigate the Services. This information does not generally reveal your specific identity but may include device and usage information such as IP address, browser and device characteristics, operating system, language preferences, referring URLs, country, location, information about how and when you use our Services, and other technical information. The information we collect includes:

  • Log and Usage Data. Service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our Services and which we record in log files (date/time stamps, pages and files viewed, searches, features used, error reports).
  • Device Data. Information about your device such as IP address, device and application identification numbers, browser type, hardware model, internet service provider, operating system, and system configuration information.
  • Location Data. Approximate location information derived from your IP address. We do not collect precise GPS location through our website.
  • Cookies. We use cookies and similar tracking technologies. Strictly necessary cookies are placed on your device by default; for all other cookies (analytics, performance, marketing) we obtain your consent through our cookie banner. For details please see our separate Cookie Policy published on the website.
2. How do we process your information?

We process your personal information for a variety of reasons, including:

  • To respond to your inquiries and provide the products and services you request,
  • To establish and perform contracts to which you or your employer are a party,
  • To evaluate job applications and manage recruitment processes,
  • To improve, maintain and secure our Services and prevent fraud or abuse,
  • To send service-related and, with your consent, marketing communications,
  • To comply with legal obligations and respond to lawful requests from public authorities,
  • To establish, exercise or defend legal claims,
  • Where strictly necessary, to protect the vital interests of any individual.
3. What legal bases do we rely on?

Under KVKK (Articles 5 and 6)

  • Explicit consent of the data subject,
  • Express provision in the laws,
  • Necessity arising from a contract to which the data subject is a party,
  • Compliance with a legal obligation of the data controller,
  • The data has been made public by the data subject,
  • Necessity for the establishment, exercise or protection of a right,
  • Necessity for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the data subject are not violated.

Under GDPR / UK GDPR (Article 6)

  • Consent. Where you have given us specific consent, e.g. for marketing communications or non-essential cookies. You can withdraw consent at any time.
  • Contract. Where processing is necessary to enter into or perform a contract with you.
  • Legal obligations. Where processing is necessary for compliance with our legal obligations.
  • Legitimate interests. Where processing is necessary for our legitimate interests (such as network security, fraud prevention, internal administration) and not overridden by your fundamental rights.
  • Vital interests. Where processing is necessary to protect the vital interests of you or another person.
4. When and with whom do we share your personal information?

We may share your personal information in the following situations:

  • Service providers and processors. With IT, hosting, e-mail, cloud, cybersecurity, analytics, professional services and similar third-party providers acting under our written instructions.
  • Affiliates. With our subsidiary Siskon Software & Automation S.R.L. (Romania, Brașov) and our affiliate in Estonia for HR, customer/project management and group reporting purposes, where necessary.
  • Business partners and customers. Where required to perform a contract or pre-contractual measures requested by you.
  • Legal authorities and advisers. With courts, regulators, law enforcement, lawyers, auditors and other advisers where necessary to comply with legal obligations or protect our rights.
  • Business transfers. In connection with, or during negotiations of, any merger, sale of assets, financing or acquisition of all or part of our business.
5. International transfers of personal data

Pursuant to KVKK Article 9 as amended by Law No. 7499 dated 12 March 2024, personal data may be transferred abroad based on (i) an adequacy decision issued by the Personal Data Protection Board, (ii) appropriate safeguards such as binding corporate rules, standard contractual clauses or written undertakings approved by the Board, or (iii) one of the limited exceptional grounds set out in Article 9(6).

Under GDPR/UK GDPR, where we transfer personal data of individuals in the EEA or UK to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or, where applicable, derogations under Article 49.

In practice, transfers may occur to our affiliate Siskon Software & Automation S.R.L. in Brașov, Romania, to our affiliate in Estonia, and to cloud / SaaS providers located in EEA countries or other jurisdictions.

6. How long do we keep your information?

Specific retention periods are set out in our internal Personal Data Retention and Destruction Policy and are determined by reference to the purposes of processing and the requirements of applicable laws (including the Turkish Commercial Code, Code of Obligations, Labour Law, Tax Procedure Law, Social Security Law and Law No. 5651). When we have no ongoing legitimate business need to process your personal information, we will delete or anonymise it, or, if this is not possible (for example because the data has been stored in backup archives), we will securely store and isolate it from any further processing until deletion is possible.

7. How do we keep your information safe?

We have implemented appropriate technical and organisational measures designed to protect the security of any personal information we process, including access controls, encryption in transit, secure development practices, vendor management and incident response procedures aligned with ISO/IEC 27001 and ISO/IEC 27701. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Transmission of personal information to and from our Services is at your own risk.

8. Do we collect information from minors?

Our Services are directed to professionals and adults. If we learn that we have collected personal information from a person under 18 without verified parental consent, we will deactivate the relevant record and take reasonable measures to delete such data. If you believe we may hold information about a person under 18, please contact us at kvkk@siskon.com.tr.

9. What are your rights?

Your rights under KVKK Article 11

As a data subject, you have the right to:

  • ✓ learn whether your personal data is processed,
  • ✓ request information if it has been processed,
  • ✓ learn the purpose of processing and whether the data is used for that purpose,
  • ✓ know the third parties to whom your personal data is transferred, in Türkiye or abroad,
  • ✓ request rectification of incomplete or inaccurate data,
  • ✓ request erasure or destruction of your personal data when the conditions of Article 7 are met,
  • ✓ request that the rectification, erasure or destruction be notified to third parties to whom the data has been transferred,
  • ✓ object to the occurrence of a result against you by analysis of your data exclusively through automated systems,
  • ✓ claim compensation for damages arising from the unlawful processing of your personal data.

Your rights under GDPR / UK GDPR

If you are located in the EEA or the UK, you also have the rights of access, rectification, erasure, restriction of processing, data portability, objection (including to direct marketing), and the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Exercising your rights. You may submit a request by completing the Data Subject Application Form published on our website and sending it to us via one of the methods below.

Application Method
Address
Notes
In-Person Application
(Applicant must appear in person with identity document)
Adatepe Mahallesi, Doğuş Caddesi No:207/AG, Dokuz Eylül University Tınaztepe Campus, DEPARK Beta Building, Floor 2, No:202, 35390 Buca/İzmir, Türkiye
Please write "Request under the Law on the Protection of Personal Data" on the envelope.

Bring a valid identity document (driving licence, national ID, passport, etc.) when submitting the Data Subject Application Form in person.
Notarised / Registered Mail
(Registered mail with return receipt)
Adatepe Mahallesi, Doğuş Caddesi No:207/AG, Dokuz Eylül University Tınaztepe Campus, DEPARK Beta Building, Floor 2, No:202, 35390 Buca/İzmir, Türkiye
Please write "Request under the Law on the Protection of Personal Data" on the envelope.

The date the shipment reaches our company is considered the date of application. Please ensure your mail is sent with a return receipt.
E-Mail
kvkk@siskon.com.tr
Please write "Request under the Law on the Protection of Personal Data" in the subject line.

After receiving the Data Subject Application Form by e-mail, we may carry out identity verification checks through our systems or by direct communication.
Registered Electronic Mail (KEP)
siskon@hs02.kep.tr
Please write "Request under the Law on the Protection of Personal Data" in the subject line.

We will respond to your request within thirty (30) days. Where the request requires additional cost, we may charge the fee determined by the Personal Data Protection Board. You also have the right to lodge a complaint with the Turkish Personal Data Protection Authority (KVKK) and, if you are in the EEA or UK, with your local supervisory authority.

10. Controls for Do-Not-Track features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature you can activate to signal your privacy preference not to have your online browsing activity monitored. At this stage no uniform technology standard for recognising and implementing DNT signals has been finalised. As a result, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard is adopted in the future that we must follow, we will inform you in a revised version of this Notice.

11. Updates to this notice

We may update this Privacy Notice from time to time to remain compliant with relevant laws. The updated version will be indicated by an updated "Revised" date and will be effective as soon as it is accessible. Where the changes are material, we will notify you by prominently posting a notice on the website or by sending you a direct notification.

Company: SİSKON ENDÜSTRİYEL OTOMASYON SİSTEMLERİ SANAYİ VE TİCARET A.Ş.

Place of Business: Adatepe Mahallesi Doğuş Caddesi D.E.Ü. Tınaztepe Yerleşkesi No:207/AG K:2 No:202 DEPARK Beta Binası Tınaztepe Buca / İZMİR

E-Mail: kvkk@siskon.com.tr

KEP: siskon@hs02.kep.tr

Data Controllers Registry (VERBİS): https://verbis.kvkk.gov.tr

Effective date: …/…/……   Version: 3.0