USB Certification Denetim Gözetim ve Belgelendirme Hizmetleri A.Ş. (Company, USB Certification) processes personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed within the framework of the following methods, bases, purposes and conditions within the framework of the following methods, bases, purposes and conditions for the protection of personal data regulated and secured by the Constitution of the Republic of Turkey and the Law No. 6698 on the Protection of Personal Data (KVKK), and shows the utmost care and attention in all administrative and technical measures required for its protection.

1. Data Controller
USB Certification is accepted as the “Data Controller” in accordance with the KVKK and your personal / sensitive personal data may be processed by our Company in the capacity of “Data Controller”.

2. Purposes of Processing Personal Data

a. As USB Certification, to fulfill, perform, prove our obligations to our customers, to issue records, documents, evidence, reports and certificates, to comply with the information retention, reporting, disclosure and other requirements stipulated by local and international legal regulations and standards,
b. Receiving requests, monitoring and execution of service production and operation processes, ensuring logistics cooperation with third parties and ensuring product delivery, reporting, monitoring and execution of storage and archive activities, realization of financial and accounting transactions,
c. Measuring and increasing customer satisfaction, measuring and improving service quality, conducting statistical analyses for sales and marketing activities, monitoring and conducting loyalty processes, receiving opinions and suggestions regarding new services and products, receiving problem and error notifications, informing the relevant party regarding complaints and requests,
d. Monitoring and execution of control and audit, risk management processes, monitoring and execution of communication activities, monitoring and execution of social responsibility and civil society activities,

For this purpose, your personal data may be processed by USB Certification in the capacity of “Data Controller”.

3. Transfer of Personal Data

Your personal/special quality personal data, in accordance with the basic principles set out in the first paragraph of Article 4 of the KVKK and the conditions set out in Article 8 and limited to the purposes set out in this Clarification Text, within the scope of USB Certification’s field of activity, we receive services to meet other needs, audit firms within the scope of the contracts made, human resources, etc. konularda destek hizmeti alınan şirketlere, operasyonel, hukuki, finansal, vergisel danışmanlarına, SGK, Maliye Bakanlığı, Tarım Bakanlığı, Tarım İl ve İlçe Müdürlükleri, Ticaret Bakanlığı ile hukuki yetkisi dahilinde ve talepleri kapsamında sınırlı olarak, mali müşavirlere, standart sahiplerine (BRC, IFS, FSSC, Global GAP, GOTS, Textile Exchange, ISO vb.), accreditation organizations (ANAB, ESYD, TÜRKAK, JAS-ANZ, NAC, ENAC, UKAS, etc.), other control organizations (ASR, QMSCERT, UDEM, AKSSERT, NSF, ACERTA, Q-Check, etc.) within the framework of the standard and in moderation by obtaining explicit consent or in the presence of the conditions stipulated in the second and sixth paragraphs of Article 5 and the third paragraph of Article 6 of the KVKK, it may be transferred within the framework of legal limitations without obtaining explicit consent.

In addition, your personal/special quality personal data, within the scope of the principles stipulated in the second paragraph of Article 4 of the KVKK, by obtaining explicit consent or in the presence of the situations stipulated in the second paragraph of Article 5 and the third paragraph of Article 6.In case of the existence of the situations stipulated in the second paragraph of Article 5 and the third paragraph of Article 6, without obtaining explicit consent and in accordance with the ninth article of the Law, after the foreign countries with adequate protection to be determined by the Personal Data Protection Board (Board) are announced, only to persons and organizations residing in these countries, and for the countries where it is determined and announced that there is no adequate protection, it can be transferred, provided that the data controllers in Turkey and in the relevant foreign country undertake an adequate protection in writing and the Board’s permission can be obtained for the relevant transfer.

4. Method and Legal Grounds for Collection of Personal Data

Your personal data is collected in accordance with subparagraphs c, ç, f of the second paragraph of Article 5 of the KVKK due to the fulfillment of our Company’s obligations within the scope of the offer requests, application forms, contracts and annexes you have made with USB Certification. Although it may vary depending on the service we provide or USB Certification’s commercial activities, the website, social media accounts, mobile applications, trainings and seminars you attend, or company visits, interviews, requests for proposals and their annexes, application forms and their annexes, contracts and their annexes, signature circulars, power of attorney or authorization documents, business partners, standard holders requirements, accreditation bodies requirements, other control bodies requirements, audit or non-compliance evidence/photographs, business cards, suppliers, etc. in written, verbal or electronic form, by automatic or non-automatic means.

5. Rights for the Protection of Personal Data

Pursuant to Article 11 of the KVKK, your personal/special quality personal data; a. To learn whether it is processed or not
b. Request information if processed
c. To learn the purpose of processing and whether it is used in accordance with its purpose
d. Knowing the third parties to whom it is transferred domestically/overseas
e. Request correction if incomplete/incorrectly processed
f. To request deletion/destruction within the framework of the conditions stipulated in Article 7 of the KVKK
g. To request notification of the transactions carried out in accordance with paragraphs (d) and (e) above to the third parties to whom it is transferred
h. Object to the occurrence of a result to your detriment due to analysis exclusively by automated systems
i. In case you have suffered damage due to unlawful processing, the compensation of the damage
You have the right to demand.

6. Method of Application to the Company

As a personal data owner, you can submit your requests regarding your rights mentioned above to USB Certification by applying in writing to the address of our Company specified below, through a notary public, by using the registered e-mail address or by other methods determined by the Personal Data Protection Board.

Data Controller:
USB Certification Denetim Gözetim ve Belgelendirme Hizmetleri A.Ş.
Address: Kozyatağı Mah. Sarıkanarya Sk. Yolbulan Plaza B Blok No:16 Interior Door No:4 Kadıköy / Istanbul Turkey
Mersis No.: 0894080709400001
KEP Address: [email protected]

No: UKUP-7040
First Published: 22.10.2019
Revision No: 00
Revision Date: 00.00.0000

USB CERTIFICATION DENETİM GÖZETİM VE BELGELENDİRME HİZMETLERİ ANONİM ŞİRKETİ (USB Certification) attaches great importance to the protection of personal data in accordance with the relevant legislation, especially the Constitution of the Republic of Turkey and the Personal Data Protection Law No. 6698 (KVKK). In the process of processing and protecting personal data, we act within the framework of the following methods, bases, purposes and conditions.

Data Controller

As USB Certification, in the capacity of data controller, your personal data we obtain within the scope of our business relationship; We hereby inform you that your personal data will be recorded, stored, stored, maintained in an up-to-date and accurate manner in connection with the purposes of processing, limited and measured, and transferred to third parties at home or abroad when necessary.

Purposes of Processing Personal Data

Your personal data may be processed for the purposes set out below:

• Execution of the employment contract: Performing transactions such as employee leave approval, dismissal procedures, payroll transactions and salary payments.
• Fulfillment of legal requirements: Carrying out mandatory procedures such as the creation of personnel files, SSI and İŞKUR notifications, health insurance procedures.
• Management of customer relations: Increasing customer satisfaction, evaluating complaints and improving service quality.
• Internal management and organization: Monitoring employee performance, training planning, expense payments, travel organizations and communication processes.

Processed Personal Data

The personal data processed by USB Certification are:

• Identity Data: First name, last name, Turkish ID number, date of birth and other identification information.
• Contact Data: Phone number, address, e-mail address and internal contact information.
• Financial Data: Salary details, bank account information, payroll and bonus information.
• Sensitive Personal Data: Health reports, criminal record, association/foundation memberships.
• Education and Qualification Data: Educational attainment, certificates, foreign language information and CV.
• Audiovisual Data: Photographs, video recordings.
• Employee Performance Data: Training information, performance evaluation reports.
• Family and Relative Information: Marriage certificate, identity information of spouse and children.
• Work Data: Position name, department, insurance information.
• Leave Data: Leave dates, reasons for leave.
• Other Data: Vehicle license plate, intern status, company network usage data.

Transfer of Personal Data

Your personal data may be transferred to third parties in the following circumstances and purposes:

• Legal obligations: To relevant public institutions and organizations, where required by law.
• Performance of the labor contract: To relevant companies for payroll processing and health checks.
• Internal management: To workplace building management for security purposes, to business partners for training and auditing purposes.
• International transactions: To the necessary organization companies for overseas travels and trainings.

Method and Legal Grounds for Collection of Personal Data

Your personal data is collected through methods such as the information you provide electronically or physically during job application, vehicle tracking devices to ensure workplace security.

Rights for the Protection of Personal Data

Pursuant to Article 11 of the KVKK, regarding your personal data:

• Find out if it is being processed,
• Learn the purpose of processing and whether it is used for its intended purpose,
• Request correction of incorrect or incompletely processed data,
• Request deletion or destruction of data,
• Knowing the third parties to whom it is transferred domestically or abroad,
• Object to a result that is unfavorable to you because it is analyzed by automated systems,
• If you suffer damage, you have the right to demand compensation for the damage.

Application Method to the Company

Personal data owners may submit their requests regarding the above-mentioned rights to the following address of our Company in writing, through a notary public or by using the KEP address.

Data Controller: USB CERTIFICATION AUDIT AUDIT SURVEILLANCE AND CERTIFICATION SERVICES ANONİM ŞİRKETİ

Address Ismet Kaptan Mah. Hurriyet Bul. No:4/1 D:23 Kavala Plaza Çankaya/Konak/İzmir
Mersis No.: 0894080709400001
KEP Address: [email protected]

Information Security Policy

The main purpose of our information security policy is to ensure the protection of the data of our organization, our customers and other stakeholders. Within this framework:

• Confidentiality: We ensure that all information belonging to our customers is kept confidential and accessible only by authorized persons.
• Integrity We take all necessary technical and administrative measures to ensure the accuracy and reliability of information.
• Accessibility: We ensure that authorized personnel have timely and secure access to the information they need.

Our Safety Standards

Our information security management system is based on ISO 27001 standards. This standard covers the processes of identifying, assessing and managing risks. As USB Certification, we implement the following steps in the field of information security:

• Risk Management: We protect our corporate information assets through risk assessment processes. We regularly conduct risk analyses and create action plans every year.
• Staff Training: All our employees receive continuous training on information security awareness and processes. In this way, our information security culture is maintained in a strong manner.
• Security Audits: Independent audit and internal evaluation processes ensure continuous improvement of our information security policies.

Protection of Customer Information

At USB Certification, we use advanced technologies such as encryption, secure servers and firewalls to maximize the protection of the data we collect from our customers. We also have contingency plans in place in case of information security breaches.

Continuous Improvement

We regularly review our information security processes and continuously improve our systems against the latest threats. In this way, we take proactive measures against both internal and external security threats.