PERSONAL DATA PROTECTION POLICY
As per the Law on the Protection of Personal Data (hereinafter referred to as “'LPPD”) numbered 6698 which was published in the Official Gazette No. 29677 dated 7 April 2016 in order to protect the fundamental rights and freedoms of individuals, particularly the right to privacy, and to determine the obligations of natural and legal persons who process personal data, as “JUSTWork” in the capacity of Data Supervisor, we would like to inform you in accordance with Article 10 of the LPPD “Data Supervisor’s Disclosure Obligation”.
1. PURPOSE OF PROCESSING PERSONAL DATA
JUSTWork is at the same time Data Supervisor as defined in Article 3/1-(ı) of the LPPD. Personal data holders on the other hand are Data Subjects whose personal data is collected, processed and transferred under following purposes and in accordance with the Law on Regulating Retail Trade numbered 6585, Regulation on Shopping Centers issued by the Ministry of Customs and Trade on 26.02.2016 numbered 29636, Turkish Code of Obligations numbered 6098 along with Law No. 6698 and other related legislation JUSTWork is subject to. At JUSTWork, we give utmost importance to the protection and security of personal data. Knowing this, personal data of the Data Subjects are processed and stored in compliance with the secondary legislation attached to the Law no. 6698 namely the Regulation on the Deletion, Disposal or Anonymization of Personal Data published in the Official Gazette and entered into force on 28 October 2017 and Regulation on the Registry of Data Supervisors entered into force on 1 January 2018 and other relevant regulations.We declare that your personal data as defined below, provided to us under all circumstances and obtained by our side in the following ways shall be;
- processed for definitive, clear and legitimate purposes, in accordance with the law and good faith, to be accurate and up-to-date when necessary,
- limited to and proportional with the purpose of processing,
- stored for the period required by the LPPD and the relevant legislation or for the period necessary for the purpose of processing.
3. TYPES OF INFORMATION WE COLLECT AND USE
In this policy, “personal information” or “personal data” means any information relating to an identified or identifiable natural person subject to legal protection in your jurisdiction. In some jurisdictions, "personal information" or "personal data" does not include business contact information. Websites collect information in various ways and for different purposes as follows. If you choose to register on any of our Websites to receive updates from us, manage your account and/or use our self-service portal, you will be required to provide your contact information (name, address, phone number, email address, unique login name and password to log in). We use this information to provide our services in accordance with our legal business interests and most importantly with the LPPD and its related Regulation and other legislation, to enter into contractual relations with you in this scope and to perform this contract and/or to contact you about the services in on our site which you stated interest. We may also use your contact information to provide you with information about other group products and services, such as meeting rooms, virtual offices, workplace rescue, offices, collaborations and memberships, subject to the approval we have received from you under applicable law. If you do not wish to receive these promotional announcements, you have the option to notify us to update your preferences. You can also opt not to provide your demographic information (business type, business scale, geographical locations, etc.). We use this demographic information to better understand your needs and interests to provide you with a more personalized experience on our site. The information in question; used by the group to process your orders, participate in promotions (depending on your marketing preferences), and provide you with our services.
When purchasing membership from our Website, the necessary precautions are taken by JUSTWork and/or related Card Organizations in the system and internet infrastructure for the security of the information and billing and payment transactions entered into in our Website. All credit card and other payment systems transactions and approvals are handled between you and the relevant Bank and similar Card Institutions independently (information such as credit card password is not seen nor recorded by JUSTWork). Therefore, personal information/personal data such as credit card password is not processed by JUSTWork within the scope of LPPD.
All information entered by our Users and Members for membership, purchase and updating of information, particularly private information regarding credit card and debit cards, cannot be viewed by other users. Information about the users and our members may be disclosed to the related public authorities and institutions within the framework of our responsibilities stipulated by the legislation. Additionally, the contact information and other information provided during membership procedures may be recorded for the registration and updating of your membership, the ability to provide various services by JUSTWork and its business partners and suppliers, service fee-cost collections and various advertising, promotional, communication, sales and cards applications, these information can be stored, processed, and shared if it deems necessary and used by JUSTWork and specified institutions.
Websites automatically collect technical information about your visit (browser type, internet service provider, platform type, previous/next pages, operating system, internet protocol (IP) addresses, date/time stamp, etc.). It is also obliged to collect and record the date and time stamped internet protocol (IP) address and other information in accordance with the Law on Regulation of Publications on the Internet and Suppression of Crimes Committed by Means of Such Publications numbered 5651 (“Law no. 5651”). We collect this information and store for a period of time to analyze trends, diagnose problems with our server, and administer Websites, monitor user movement and usage, and report on Websites to gather comprehensive demographic information. For further information check out "Cookies and other digital signs" below. In accordance with relevant laws, we may be required to share information with third parties. For instance, we may be required to disclose information due to a court order, subpoena or search warrant. In addition, subject to applicable laws, we may voluntarily provide information when disclosure is required to assist in an ongoing investigation by lawmakers or when disclosure is necessary to protect our systems, operations, or the rights of others.Accordingly, we collect following information from our Users and Members:
- The type and operating system of your web browser,
- IP address and device identifiers,
- The browsing behavior when you visit our Site, for instance amount of time spent reviewing our Website online and links you click on in our Website online,
- Websites you visited before or will visit after our Website,
- Whether you have opened e-mails sent by us or whether you connected to the offers and connections we have forwarded or sent to you,
- Your public or private geographic locations, such as GPS, Bluetooth, or WiFi signals, to the extent allowed by your device settings.
4. SHARING YOUR PERSONAL DATA
Your personal data are collected with your approval in verbal, written or electronic environment through our company, affiliates and business partners and sales and employees from various channels such as filled-in-forms during your visits to our company, digital marketing and call centers, our website, our social media channels and information sent via e-mail.
This information form is an annex to and an integral part of all kinds of contracts you signed with our company and with JUSTWork International Office Management Joint Stock Company on behalf of our company as well as services you have requested. Without prejudice to other provisions of relevant legislation regarding the transfer of your personal data, in the event of legal or service-related actual necessities, your personal data may be shared with public institutions which our Company is in collaboration with and/or due to our Company’s legal obligations, third persons (natural or legal) who are resided in Turkey or abroad, service providers, suppliers, authorized public institutions, our Company or an affiliate to our Company, as well as it may be transferred abroad in case of legal and service-related necessities or it can be processed including blocking its usage.
5. DISPOSAL OF YOUR PERSONAL DATA
Our Company stores the processed personal data in the periods determined by the law. On the other hand, where there is no predetermined legal time period, it stores said data in accordance with our Company practices depending upon the services provided, commercial practices and beyond these periods, it stores these data only for the purposes of evidence in case of possible legal disputes. All personal data you have shared with our Company will be stored in our database in for 20 days complying with privacy principles in accordance with Article 12 of the LPPD. Following the expiry of the abovementioned period, the personal data are deleted, disposed or anonymized on the date of the first disposal in accordance with Article 7 of the LPPD and the Regulation on the Deletion, Disposal or Anonymization of Personal Data.
In the case that the conditions for the processing of personal data in Articles 5 and 6 of the LPPD no longer exist, the personal data shall be deleted, disposed or made anonymous by the Data Supervisor at request of the person whose personal data are processed or ex officio. As Data Supervisor, unless the Board makes decision on the contrary, we shall choose appropriate method of deleting, disposing or anonymizing personal data; upon your request, we shall provide to you the reasoning for choosing the appropriate method.
6. OBLIGATIONS OF THE DATA SUPERVISOR
Article 12 of the LPPD sets forth the data security obligations of which the data supervisor must comply with. As JUSTWork, we declare that we are committed to the protection and security of personal data. In this context;in order to
- prevent unlawful processing of personal data,
- prevent unlawful access to personal data,
- safely store personal data,
7. YOUR RIGHTS REGARDING THE PROCESSING OF YOUR PERSONAL DATA
Within the framework of Article 11 of the LPPD, you can apply to our Company and send us the following requests; a. To learn whether your personal data has been processed and to request information if it has been processed, b. To learn the purpose of processing your personal data and whether they are used appropriately, c. To learn third parties, where your personal data is transferred at home or abroad, d. To request correction of personal data in case of incomplete or incorrect processing, e. To request the deletion, disposal or anonymization of your personal data in case the reasons that require the processing of your personal data within the scope of Article 7 of LPPD no longer exist, f. to notify the actions taken pursuant to paragraphs (d) and (e) to the third parties to whom your personal data have been transferred, g. To object to the occurrence of a result against you by analyzing the processed data exclusively through automated systems, h. To request compensation in the case of damages as a result of unlawful processing of your personal data.
Personal data holders may send their requests related to their abovementioned rights to our Company by filling the form at www.just-work.com sign it with wet-ink signature and mail it to the registered mail address CITY'S Nişantaşı Mall No: 12-009 Şişli/Istanbul/Turkey in the form of registered letter with return receipt and/or via e-mail to firstname.lastname@example.org. The duly requests submitted to our Company shall be finalized within thirty days at the latest. If the finalization of such requests requires a separate cost, the applicant will be charged by our Company with the rates set by the Personal Data Protection Board.
Our company may request information from the related person in order to determine whether the applicant is the personal data holder or not, and may ask some questions about the application to clarify the issues mentioned in the application.
Our Company may reject any application in following circumstances by explaining the reasons for rejection:
- Processing of personal data for purposes such as research, planning and statistics by making it anonymous with official statistics,
- Processing of personal data for art, history, literature or scientific purposes or freedom of expression provided that it does not violate individual rights, right of privacy, national defense, national security, public security, public order, economic security and on the condition that it does not constitute a crime,
- Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public entities and institutions authorized by law to provide national defense, national security, public security, public order or economic security,
- Processing of personal data by the judicial authorities or enforcement authorities with respect to investigations, prosecutions, proceedings or executions;
- Personal data processing is necessary for crime prevention or crime investigation,
- Processing of personal data publicized by the personal data holder,
- Personal data processing is necessary for the conduct of supervisory or regulatory duties, and for disciplinary investigation or prosecution by authorized public institutions and professional organizations with public institutions status, based on the power granted by law,
- Personal data processing is necessary to protect the economic and financial interests of the State in relation to budget, tax and financial matters,
- The request of the personal data holder is likely to hinder the rights and freedoms of others;
- Requests for disproportionate efforts are made,
- The requested information is publicly available.
Personal data holder may make a complaint to the Board in case of rejection of the application in accordance with Article 14 of LPPD, inadequate response or failure to respond to the application within the time limit; within thirty days from the date of being aware of the Company's response and in any event within sixty days from the date of application. Pursuant to Article 13 of LDDP, no complaint can be filed before all remedies regarding the application is exhausted and the right of compensation of those whose personal rights have been violated according to the general provisions is reserved.
COOKIES AND OTHER DIGITAL SIGNS
Subscribe to our monthly journal, be the first to learn about our
New Generation Office Campus