Company Employee Membership Privacy Notice

One Human Yazılım ve Bilişim Danışmanlığı San. Tic. A.Ş.

Clarification Text on the Processing of Personal Data

Company Employee Membership Form

As One Human Yazılım ve Bilişim Danışmanlığı San. Tic. A.Ş. (“OneNewOne” or the “Company”), the protection of your personal data that we obtain while carrying out our processes is one of our primary priorities. We attach great importance to ensuring the security of your personal data and to its use/processing in accordance with the legislation.

This clarification text contains information on how we process your personal data in our capacity as the data controller in the membership activity we carry out through our website https://company.onenewone.com/register (the “Website”).

Which of your personal data do we process, for what purposes, and based on which legal grounds?

Article 5 of the Personal Data Protection Law (the “Law”) regulates the legal grounds for the processing of personal data. Below we have provided the purposes for which we process your personal data and the legal grounds we rely on within the scope of these purposes:

Processed Data	Data Processing Purposes	Legal Ground for Data Processing
Identity (name – surname) Contact (phone number, e-mail address) Corporate Information (Company name, Brand name) Transaction Security (password, IP address, log records regarding user transactions)	Executing membership, registration, activation, and user verification processes for our website, Executing the service purchase request directed to the Company and contract processes, Executing transactions related to your request and making fee payments when you make a purchase request, Executing transactions regarding refund requests and making fee refunds, Executing the processes of goods and/or services supplied to the Company.	Law art. 5/2-(c) It is necessary to process personal data of the parties to a contract, provided that it is directly related to the establishment or performance of the contract.
Identity (name – surname) Contact (phone number, e-mail address) Corporate Information (Company name, Brand name) Transaction Security (password, IP address, log records regarding user transactions) Legal Action (information in correspondence with judicial authorities, information in the case file)	Fulfilling our legal obligations in cases where authorized institutions or organizations make a request from our Company or we are required to make a notification to these institutions (e.g., sharing your information in case a public institution requests it regarding a transaction with suspicion of illegality).	Law art. 5/2-(ç) It is mandatory for the data controller to fulfill its legal obligation.
	Executing legal processes and establishing, exercising, or protecting our rights in case of a possible legal dispute.	Law art. 5/2-(e) Data processing is mandatory for the establishment, exercise, or protection of any right.
Identity (name – surname) Contact (phone number, e-mail address) Corporate Information (Company name, Brand name) Transaction Security (password, IP address, log records regarding user transactions)	Performing login processes if you log in to the website, Integrating open positions into the site and providing routing to suitable positions by evaluating the relevant persons within the framework of their characteristics and qualifications, In the event of being a reference for employee candidates, keeping the information of the person who is a reference and sharing it with employer parties and authorized persons when necessary, Receiving and finalizing your suggestions, requests, and complaints, Carrying out activities aimed at customer satisfaction, Carrying out activities for the development and improvement of our products, services, and processes, Carrying out communication activities with our suppliers, business partners, and customers, Reporting, auditing, and inspecting our business processes.	Law art. 5/2-(f) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

With whom and for what purposes do we share your personal data?

Your personal data is shared with third parties in compliance with the rules regarding the transfer of personal data in the Law and relevant legislation. The parties with whom we share and the purposes of sharing within this scope are as follows:

Authorized Institutions and Organizations: Fulfilling our legal obligations in cases where they request information or documents from our Company or we are required to make a notification to these institutions.

Suppliers and Business Partners: Receiving support from suppliers providing information technology infrastructures, products, and services in order to fulfill the purposes stated under the heading “Which of your personal data do we process, for what purposes, and based on which legal grounds?” above (e.g., receiving cloud computing services for storing data in a cloud environment).

Your personal data is transferred by OneNewOne limited to the purposes and parties mentioned above, in accordance with the rules stipulated in Articles 8 and 9 of the Law. In the event that your personal data is to be transferred abroad, OneNewOne acts in accordance with the rules stipulated in Article 9 of the Law and takes the necessary administrative and technical measures to ensure that your personal data is processed securely by third parties and in accordance with this Text.

Through which channels do we collect your personal data?

When you visit our website and perform transactions on the site, we collect your personal data through our sites by automatic and partially automatic methods.

How can you exercise your rights regarding your personal data?

Article 11 of the Personal Data Protection Law regulates the rights of data subjects. Pursuant to this article, you have the following rights:

To learn whether your personal data is being processed,
To request information regarding this if your personal data has been processed,
To learn the purpose of processing your personal data and whether they are being used in accordance with their purpose,
To know the third parties to whom your personal data is transferred domestically or abroad,
To request the correction of your personal data in case of incomplete or incorrect processing and to request the notification of the transaction made within this scope to the third parties to whom your personal data has been transferred,
To request the deletion or destruction of your personal data in the event that the reasons requiring its processing disappear, despite being processed in accordance with the provisions of the Law and other relevant laws, and to request the notification of the transactions made within this scope and in case of incomplete or incorrect processing of your personal data to the third parties to whom your personal data has been transferred,
To object to the emergence of a result against you by analyzing your processed data exclusively through automated systems,
To demand compensation for the damage in case you suffer damage due to the unlawful processing of your personal data.

You may choose the following methods to convey your requests regarding your aforementioned rights to the Company:

You can send an e-mail to info@onenewone.com from your e-mail address registered in our systems,
You may also choose other methods specified in the Communiqué on the Procedures and Principles of Application to the Data Controller.