INFORMATION NOTICE REGARDING THE PROTECTION AND PROCESSING OF PERSONAL DATA
Definitions
In this information notice:
Personal Data: Any information relating to an identified or identifiable natural
person,
Personal Data Protection Law (“KVKK”): The Law on the Protection of Personal Data
No. 6698, which was published in the Official Gazette on April 7, 2016, and entered into force,
Data Processor: A natural or legal person who processes Personal Data on behalf of
the Data Controller based on the authority granted by the Data Controller,
Data Controller: A natural or legal person who determines the purposes and means of
processing Personal Data and is responsible for the establishment and management of the data recording
system,
Data Subject: The natural person whose personal data is processed.
As Micromarin Yazılım A.Ş. (“Micromarin” or “Our Company”), protecting fundamental rights and freedoms, safeguarding privacy regarding private life, ensuring and maintaining information security, and respecting ethical values are among our primary principles. The purpose of this Information Notice Regarding the Protection and Processing of Personal Data (“Information Notice”) is to inform you about how we process personal data obtained from individual users during the use of Micromarin’s websites and/or mobile applications (collectively referred to as the “Platform”) as a Data Controller.
Accordingly, in order to fulfill our obligation to inform under Article 10 of the Personal Data Protection Law (“KVKK”), our explanations are presented below for your information.
Data Responsible
Micromarin Yazılım A.Ş., registered with Istanbul Trade Registry under registration number 825365 and MERSIS number 0621093225300001, with its headquarters located at “İçerenköy Mah. Çayır Cad. Bay Plaza No: 5 İç Kapı No: 7 Ataşehir/İstanbul.”
Collected and Processed Personal Data
Within the scope of Articles 5 and 6 of the Personal Data Protection Law, our company collects and processes the following data:
| Basic Identity Information | Name, surname, date of birth, place of birth, gender, marital status, father’s name, national identity number, profile photo |
| Contact and Address Information | Residential address, email address, mobile phone number, workplace name, workplace address, workplace contact details |
| Identity and Travel Documents | Passport information, visa information |
| Physical Characteristics and Appearance | Height, weight, uniform/clothing size, shoe size, hair color, eye color |
| Appearance and Habits | Smoking habits, alcohol consumption, tattoos, scars |
| Professional Information and Qualifications | Education status, vocational training certificate; professional licenses, certificates and competency documents, foreign language proficiency, past work experience |
| Health and Special Category Personal Data | Health information, health visa dates, blood type, blood test results, disability information, drug/substance (narcotic) test, psychometric test |
| Legal and Military Status | Criminal records, military status |
| Transaction Security Information | IP address, device information, cookie data, platform access history |
| Membership Information | Username, password, user number used for account access |
| Customer Transaction Information | User notifications, notification preferences, notification history, applied and saved job postings, documents uploaded to the portal, user feedback and suggestions, platform usage information, platform access history, platform usage preferences |
| Audio Recording Information | Voice recordings obtained from call center conversations |
Method and Purposes of Collecting Personal Data
Micromarin collects your personal data online through the platform, either directly from you (the data subject) or from your authorized representatives and/or persons acting on your behalf.
Within the scope of Articles 5 and 6 of the Personal Data Protection Law, we collect and process data in order to achieve the company objectives listed below, limited to the relevant purposes:
| Personal Data Category | Purpose of Collecting and Processing Personal Data | Legal Basis |
|---|---|---|
| Basic Identity Information | Creating user accounts and identity verification, requiring member identity information for job applications, maintaining personnel records in ERP modules | Processing personal data of the parties to the contract is necessary for the establishment and performance of the contract directly related to the provision of the service. |
| Contact and Address Information | Enabling communication between the listing owner and the member, maintaining records in ERP modules for payroll, contracts, and official correspondence, sharing as profile information on the social platform | Processing personal data of the parties to the contract is necessary for the establishment and performance of the contract directly related to the provision of the service. |
| Identity and Travel Documents | Verifying seafarers' eligibility for international voyages, finding suitable candidates on the job posting platform, crew travel planning in ERP modules | Processing personal data of the parties to the contract is necessary for the establishment and performance of the contract directly related to the provision of the service. |
| Physical Characteristics and Appearance | Providing uniforms/protective equipment for ship crew, ensuring health and safety requirements are met, conducting suitability assessments for certain positions on the job posting platform | Processing personal data of the parties to the contract is necessary for the establishment and performance of the contract directly related to the provision of the service. |
| Habits | Health and safety risk assessment, selecting suitable candidates for ship operations by the employer | Processing personal data of the parties to the contract is necessary for the establishment and performance of the contract directly related to the provision of the service. |
| Professional Information and Qualifications | Verification of STCW and international maritime certificates, maintaining personnel training records in ERP modules | Processing personal data of the parties to the contract is necessary for the establishment and performance of the contract directly related to the provision of the service. |
| Health and Special Category Data | Health clearance before boarding, tracking health visa and vaccination requirements for international voyages, maintaining occupational health and safety records in ERP modules | Processing personal data of the parties to the contract is necessary for the establishment and performance of the contract directly related to the provision of the service. |
| Tests and Assessments | Mandatory health and psychological fitness checks in the maritime sector, storing personnel suitability reports in ERP modules | Processing personal data of the parties to the contract is necessary for the establishment and performance of the contract directly related to the provision of the service. |
| Legal and Military Information | Ensuring completeness of personnel files in ERP modules; meeting security and compliance requirements in international companies | Processing personal data of the parties to the contract is necessary for the establishment and performance of the contract directly related to the provision of the service. |
| Transaction Security Information, Membership Information, Customer Transaction Information | Managing user sessions and ensuring security; keeping access logs in compliance with legal obligations; optimizing user experience; ensuring traceability of operational processes in ERP modules; improving support processes | Processing personal data of the parties to the contract is necessary for the establishment and performance of the contract directly related to the provision of the service. |
| Audio Recording Information | Fulfilling obligations arising from applicable laws; managing after-sales support processes; protecting our rights in case of a potential dispute | Processing personal data of the parties to the contract is necessary for the establishment and performance of the contract directly related to the provision of the service. |
Transfer of Data Collected and Processed by Our Company for Its Purposes
Within the framework of the personal data processing conditions and purposes specified in Articles 8 and, if necessary, 9 of the Personal Data Protection Law, the personal data collected by our company may be shared with our affiliates, shareholders, business partners (only in anonymized form), legally authorized public institutions and private individuals, as well as other parties, for the purposes detailed above.
Retention Period of Data Collected by Our Company
Your personal data is retained for the periods specified in the relevant legal regulations. If no period is specified in the relevant regulations, your data is stored in accordance with our company’s practices and commercial customs or for as long as required by the processing purposes mentioned above. After this period, your data is deleted, destroyed, or anonymized in compliance with Article 7 of the Personal Data Protection Law.
Security of Your Data Collected and Processed by Our Company
Personal data shared with our company is processed under our supervision and control. As the data controller, we take the necessary technical and administrative measures to ensure the confidentiality, integrity, and availability of personal data in accordance with Law No. 6698 on the Protection of Personal Data and related legislation.
Within this scope;
- Regular penetration tests are conducted in compliance with national and international standards for personal data security, and system vulnerabilities are monitored.
- Personal data transmitted via the website, mobile application, and other digital platforms is encrypted and protected using SSL (Secure Sockets Layer) technology.
- Risk analyses related to data processing activities are periodically carried out, and preventive and corrective actions are taken to mitigate identified risks.
- Access control systems and authorization mechanisms are implemented to prevent unauthorized access to personal data.
- Data processing policies are regularly reviewed and updated in line with technological developments and legal regulations.
Our company is fully aware of its obligations regarding the protection of personal data and demonstrates the utmost diligence in ensuring data security.
Rights of the Data Subject Whose Data is Collected and Processed
Pursuant to Article 11 of the Personal Data Protection Law, everyone has the right to apply to the data controller and request the following regarding themselves;
- a) To learn whether personal data is being processed,
- b) If personal data has been processed, to request information regarding such processing,
- c) To learn the purpose of processing personal data and whether it is used in accordance with its purpose,
- d) To know the third parties to whom personal data is transferred domestically or abroad,
- e) To request the correction of personal data if it is incomplete or incorrectly processed,
- f)To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7,
- g) To request that the transactions carried out pursuant to subparagraphs (d) and (e) be notified to third parties to whom personal data has been transferred, li>
- h) To object to the emergence of a result against the person by analyzing the processed data exclusively through automated systems,
- i) To claim compensation for damages in case of suffering damage due to unlawful processing of personal data.
Application Methods Within the Scope of Data Subject Rights
Pursuant to Article 13, paragraph 1 of the Personal Data Protection Law, you can exercise your rights mentioned above by submitting your request in accordance with the “Communiqué on the Principles and Procedures for Application to the Data Controller” published on March 10, 2018, in Official Gazette No. 30356, using the following methods and information.
Required information in the application content:
- Full name of the applicant,
- If the applicant is a citizen of the Republic of Turkey, Turkish ID Number; if not, nationality and passport number or identity number if available,
- The applicant’s residential or workplace address for notification purposes,
- The applicant’s email address, telephone number, or fax number for communication,
- The subject of the request,
- Information and documents related to the subject of the request.
Application Methods;
- The applicant may personally deliver the completed Application Form to the Micromarin Yazılım A.Ş. address by hand, in a sealed envelope with the note “Information Request Pursuant to the Personal Data Protection Law” written on it, and submit it to the consultation office with a delivery record.
- The applicant may send the completed Application Form to the Micromarin Yazılım A.Ş. address by registered mail with return receipt, in a sealed envelope with the note “Information Request Pursuant to the Personal Data Protection Law” written on it, along with a photocopy of their identity card.
- The applicant may send a notification to Micromarin Yazılım A.Ş. via a notary; however, the envelope must include the note “Information Request Pursuant to the Personal Data Protection Law.”
- Using a Secure Electronic Signature as defined in Law No. 5070 on Electronic Signatures, the applicant may personally send the application to our company’s Registered Electronic Mail address micromarin@hs01.kep.tr, with the subject line stating “Information Request Pursuant to the Personal Data Protection Law.”
*Address: İçerenköy Neighborhood, Çayır Street, Bay Plaza No: 5, Inner Door No: 7, Ataşehir/Istanbul
You can access our application form here regarding the rights mentioned above.