The purpose of the Personal Data Protection Policy (“the Policy”) is simply to formulate the principles for protecting personal data of the existing and potential customers, business partners, visitors, shareholders, company managers, company employees, candidate employees of Siemens Mobility Ulaşım Sistemleri Anonim Şirketi (“Siemens”), employees of the corporations it is in cooperation with, and third parties other than the foregoing; to ensure compliance with article 20 of the Constitution as well as the Law and relevant legislation; and to take the necessary measures in this regard.
The personal data processed at Siemens is classified as personal data and sensitive personal data as stipulated in the law, processed in accordance with the below given principles, kept secure and transferred to third parties should the need arise.
The processing of personal data in Siemens will principally be executed with confidentiality. Within this scope, Siemens blocks any unauthorized access to the personal data, within the bounds of possibility; internally implements any possible technical and administrative measures; and periodically carries out the inspections in relation to the same.
Siemens acquires and processes the personal data in compliance with the law and the principles of good faith within the limitations stipulated in the laws.
Personal data is stored in complete and accurate fashion, and is updated when needed, by Siemens. If the personal data fails to be accurate or up-to-date, Siemens will make the necessary arrangements to confirm that the data in question is corrected, updated or deleted.
Siemens processes the personal data for certain, clear and legitimate purposes. It does not process data for purposes other than the data collection and processing purposes it transparently discloses to the subject person. Presence of a legitimate purpose means that the data processed by Siemens is connected with and is needed for the business it has done or the service it has rendered.
The personal data processed by Siemens is processed exclusively in consistency with the specified purpose and being subject to some reasonable limitation within this context. Neither will personal data be collected for potential data processing purposes which may be applicable in future, nor will such data be processed in a way that is not consistent with the purpose of acquiring personal data.
Based on the minimum data principle, the personal data is kept limited and proportional to the purpose of acquisition and no data will be retained unless it is needed for such purpose.
In case the primary purpose requiring the personal data to be processed is ruled out and the subject data is no more needed, such personal data will be deleted, destroyed or made anonymized. Should the laws stipulate time periods for retention of data, the data will be stored in accordance with the time periods stipulated in the relevant legislation; once the time period stipulated in the legislation has expired, the data will periodically be checked by Siemens as specified in the Personal Data Retention and Destruction Policy, will be deleted from the systems/devices where the data is stored or from the media where it is available physically, will be destroyed or will be anonymized.
Siemens informs the data subject fully and duly in relation to the processing of Personal Data. In necessary cases, it obtains consent of the data subject concerning such processing and offers him/her the choice of withdrawing at any time the once given consent or make demands concerning his/her data. Once the data subject concerned has withdrawn its consent, Siemens will handle the personal data of the concerned within the framework of other principles specified in this Policy.
In case of violation of this Policy, Siemens LPPD Committee must be notified immediately. Siemens reserves the right, at its own discretion, to impose disciplinary punishment on the violators of the Policy, to terminate or suspend their labor contract or to seek judicial remedy and to make claims concerning the persons who violate the Policy and fail to fulfill other requirements associated with the protection of personal data.
Law: Law no. 6698 on the Protection of Personal Data
Processing of Personal Data: Any action taken on the data such as acquisition of personal data, either in full or in part, by automatic means or by nonautomatic means being part of any data registry system, its recording, storage, retention, modification, rearrangement, disclosure, transfer, takeover, making the same available, its classification or preventing the use thereof.
Sensitive Personal Data: Individuals’ data about their race, ethnic origin, political opinion, philosophical belief, religion, sect or other faiths, clothing, membership in associations, foundations or trade unions, their health, sexual life, criminal conviction and security measures as well as their biometric and genetic data are sensitive personal data.
LPPD Committee: It refers to the committee consisting of the stakeholders concerned for managing from a single point, supervising, reporting to the senior management the activities which have already been carried out and will be carried out in future under the Law in Siemens as well as for taking the necessary actions.