This Privacy Notice was drafted by Business and Human Rights Association (“BHRTR”) which resident in Halaskargazi Caddesi No:38/66E, Pangaltı, Şişli, İstanbul as data controller in accordance with Article 10 of Law No. 6698 on the Protection of Personal Data (“Law”) and the Communiqué on the Procedures and Principles of Fulfilling the Obligation to Inform.
Your personal data shall be processed via automatic and/or non-automatic means for the purposes given below and based on the legal grounds that “the processing activity is necessary for establishment, use or protection of a right”, the processing is mandatory for the data controller to be able to perform legal obligations” and “the processing is mandatory for the data controller to perform its legal obligations” as provided for by Art 5 Sec 2 of the Law.
Additionally, these personal data will be transferred within the framework of the personal data processing conditions provided by Art 8 and 9 of the Law for the same purposes to our vendors, authorized public institutions and organizations, and real person or legal entities.
Processed Personal Data
Your following personal data as processed by BHRTR through automated means such as our servers and electronic devices or non-automated means such as our document archives that are part of a data recording system:
1.Beneficiaries
- Identity information
- Contact information
- Location information
- Visual and audio records
- Race and ethnicity information
- Health information
2. Employee Candidates
- Identity information
- Contact information
- Location information
- Visual and audio records
- Professional experience information
3. Employees
- Identity information
- Contact information
- Location information
- Personnel information
- Legal transaction information
- Physical space security information
- Process security information
- Financial information
- Professional experience information
- Visual and audio records
- Health information
- Criminal convictions and security measures information
- Other information
4. Suppliers
- Identity information
- Contact information
- Financial information
5. Visitors
- Identity information
- Contact information
6. Website Visitors
- Identity information
- Contact information
- Process security information
Proposes of Process and Transfer Personal Data
1. Beneficiaries
- Conducting of information security process
- Conducting of training activities
- Conducting of operations in compliance with the legislation
- Conducting of communication operations
- Organization and event management
- Conducting of social responsibility and civil society activities
- Conducting of storage and archive activities
- Providing security of data controller operations
- Providing information to authorized persons, institutions and organizations
2. Employee Candidates
- Conducting of information security processes
- Conducting of employee candidate / trainee / student selection and placement processes
- Conducting of employee candidate application processes
- Planning of human resources processes
3. Employees
- Conducting of employees’ satisfaction and loyalty processes
- Fulfillment of contractual and legislative obligations for employees
- Conducting of benefits and interests processes for employees
- Conducting of audit / ethic operations
- Conducting of training operations
- Conducting of operations in compliance with the legislation
- Conducting of Finance and Accounting
- Provision of Physical Space Security
- Conducting of Assignment Processes
- Conducting of Contact Operations
- Planning of Human Resources Processes
- Audit / Conducting of Business Operations
- Conducting of Occupational Health and Safety Operations
- Conducting of Performance Assessment Processes
- Conducting of storage and archive activies
- Conducting Social Responsibility and Civil Society Activities
- Conducting of Contract Processes
- Providing security of data controller operations
- Providing information to authorized persons, institutions and organizations
4. Suppliers
- Conducting of operations in compliance with the legislation
- Conducting of Finance and Accounting
- Provision of Physical Space Security
- Conducting of Assignment Processes
- Conducting of Contact Operations
- Audit / Conducting of business operations
- Conducting of Goods / Services Purchasing Processes
- Conducting of Goods / Services Sales Processes
- Conduction of Performance Assessment Processes
- Conducting Social Responsibility and Civil Society Activities
- Conducting of Contract Processes
- Providing security of data controller operations
- Providing information to authorized persons, institutions and organizations
5. Visitors
- Provision of Physical Space Security
- Providing security of data controller operations
- Creating and follow-up visitor records
6. Website Visitors
- Conducting of information security process
- Providing security of data controller operations
- Creating and follow-up visitor records
Transfer and Storage Limitations
1. Beneficiaries
The personal data of beneficiaries are deleted 5 years after the completion of the relevant project process.
2. Employee Candidates
Personal data of employee candidates are deleted 1 year after the relevant job application is received.
3. Employees
Personal data of employees are deleted 5 years after the end of the relevant employee’s working period.
4. Suppliers
The personal data of suppliers are deleted 1 year after the relevant data is received.
5. Visitors
Personal data of visitors are destroyed 1 year after the relevant data is received.
6. Website Visitors
Personal data of website visitors are destroyed 1 year after the relevant data is received.
Data Subject Rights
You may submit your written requests to BHRTR official address by post or via contact@bhrtr.org electronically regarding the rights of the data subject in accordance with the Article 11 of the Law and Communiqué on the Procedures and Principles of Application to a Data Controller, which are;
- To learn whether your personal data have been processed or not,
- To request information as to processing if your data have been processed or not,
- To learn the purpose of processing of the personal data and whether data are used in accordance with their purpose or not,
- To know the third parties in the country or abroad to whom personal data have been transferred,
- To request rectification in case personal data are processed incompletely or inaccurately,
- To request deletion or destruction of personal data,
- To request notification with regards to the processes of correction, deletion, and destruction to third parties to whom personal data have been transferred,
- To object to occurrence of any result that is to your detriment by means of analysis of personal data exclusively through automated systems,
- To request compensation for the damages in case the person incurs damages due to unlawful processing of personal data.
Proposes of Process and Transfer Personal Data
- Beneficiaries
- Conducting of information security process
- Conducting of training activities
- Conducting of operations in compliance with the legislation
- Conducting of communication operations
- Organization and event management
- Conducting of social responsibility and civil society activities
- Conducting of storage and archive activities
- Providing security of data controller operations
- Providing information to authorized persons, institutions and organizations
- Employee Candidates
- Conducting of information security processes
- Conducting of employee candidate / trainee / student selection and placement processes
- Conducting of employee candidate application processes
- Planning of human resources processes
- Employees
- Conducting of employees’ satisfaction and loyalty processes
- Fulfillment of contractual and legislative obligations for employees
- Conducting of benefits and interests processes for employees
- Conducting of audit / ethic operations
- Conducting of training operations
- Conducting of operations in compliance with the legislation
- Conducting of Finance and Accounting
- Provision of Physical Space Security
- Conducting of Assignment Processes
- Conducting of Contact Operations
- Planning of Human Resources Processes
- Audit / Conducting of Business Operations
- Conducting of Occupational Health and Safety Operations
- Conducting of Performance Assessment Processes
- Conducting of storage and archive activities
- Conducting Social Responsibility and Civil Society Activities
- Conducting of Contract Processes
- Providing security of data controller operations
- Providing information to authorized persons, institutions and organizations
- Supplier
- Conducting of operations in compliance with the legislation
- Conducting of Finance and Accounting
- Provision of Physical Space Security
- Conducting of Assignment Processes
- Conducting of Contact Operations
- Audit / Conducting of business operations
- Conducting of Goods / Services Purchasing Processes
- Conducting of Goods / Services Sales Processes
- Conduction of Performance Assessment Processes
- Conducting Social Responsibility and Civil Society Activities
- Conducting of Contract Processes
- Providing security of data controller operations
- Providing information to authorized persons, institutions and organizations
- Visitors
- Provision of Physical Space Security
- Providing security of data controller operations
- Creating and follow-up visitor records
- Website Visitors
- Conducting of information security process
- Providing security of data controller operations
- Creating and follow-up visitor records
Data Subject Rights
You may submit your written requests to Minerva BHR official address by post or via team@bhrtr.org electronically regarding the rights of the data subject in accordance with the Article 11 of the Law and Communiqué on the Procedures and Principles of Application to a Data Controller, which are;
- To learn whether your personal data have been processed or not,
- To request information as to processing if your data have been processed or not,
- To learn the purpose of processing of the personal data and whether data are used in accordance with their purpose or not,
- To know the third parties in the country or abroad to whom personal data have been transferred,
- To request rectification in case personal data are processed incompletely or inaccurately,
- To request deletion or destruction of personal data,
- To request notification with regards to the processes of correction, deletion, and destruction to third parties to whom personal data have been transferred,
- To object to occurrence of any result that is to your detriment by means of analysis of personal data exclusively through automated systems,
- To request compensation for the damages in case the person incurs damages due to unlawful processing of personal data.