PRIVACY NOTICE ON CORPORATE CUSTOMER ACQUISITION AND MANAGEMENT PROCES

ARAS KARGO YURT İÇİ YURT DIŞI TAŞIMACILIK ANONİM ŞİRKETİ

PRIVACY NOTICE ON CORPORATE CUSTOMER ACQUISITION AND MANAGEMENT PROCES

1. Data Controller and Introduction

Aras Kargo Yurt İçi Yurt Dışı Taşımacılık Anonim Şirketi

Aras Kargo Yurt İçi Yurt Dışı Taşımacılık A.Ş. (“Aras Kargo”), we respect your rights regarding your privacy and the protection of your personal data and in this context, we maintain a high standard of protection for your personal data by taking all necessary technical and administrative measures to ensure its security.

Accordingly, pursuant to Article 10 of the Law No. 6698 on Protection of Personal Data (“LPPD”) and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform, we, as the data controller, would like to inform you, our esteemed corporate customer candidates, corporate customers, corporate customers’ employees/authorities with this Privacy Notice on Corporate Customer Acquisition and Management Processes (“ Privacy Notice ”) regarding the procurement activities of goods and services, which of your data categories are processed and the methods of collecting your personal data, the purposes of processing, legal grounds, to whom and for what purposes they can be transferred, and your rights listed under Article 11 of the LPPDD.


2. Your Personal Data and Collection Methods

Aras Kargo may collect your limited personal data in the data categories listed in the table below, either wholly or partly, by automated means or, provided that the process is part of any data filing system, through non-automated means, from electronical and/or physical media, including Aras Kargo’s websites, primarily www.araskargo.com.tr, mobile applications, printed forms (e.g. contracts, forms), e-mail, telephone, SMS, fax, parcel / mail, online interview / communication platforns, Aras Kargo’s information technology systems and integrated systems of authorised public institutions and organisations or other relevant third parties.


3. Purposes and Legal Grounds for Processing Your Personal Data

Your personal data categories* processed in corporate customer acquisition and management processes, the purposes and legal grounds of the processing and transfer of your personal data are explained in detail in the tables below.

*For detailed information on data categories, you may review pages 74 et seq. of the Data Controllers Registry Information System Guide published by the Personal Data Protection Authority. For detailed information about the types of your personal data processed by Aras Kargo, you can apply as described in section 5.

Data Categories

Legal Grounds

Processing Purposes
Identity
  • Pursuant to Art. 5/2(c) of the LPPD, provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract
  • Pursuant to Art. 5/2(f) of the LPPD, provided that it does not harm the fundamental rights and freedoms of the data subject, for the legitimate interests of the data controller
  • Conduction Audit / Ethics Activities
  • Follow-up and Execution of Legal Affairs
  • Execution of Internal Audit / Investigation / Intelligence Activities
  • Execution of Communication Activities
  • Execution / Supervision of Business Activities
  • Execution of Goods / Service Sales Processes
  • Execution of Customer Relationship Management Processes
  • Execution of Storage and Archive Activities
  • Execution of Contract Processes
  • Follow-up of Requests / Complaints
Contact
  • Pursuant to Art. 5/2(c) of the LPPD, provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract
  • Pursuant to Art. 5/2(f) of the LPPD, provided that it does not harm the fundamental rights and freedoms of the data subject, for the legitimate interests of the data controller
  • Conduction Audit / Ethics Activities
  • Follow-up and Execution of Legal Affairs
  • Execution of Internal Audit / Investigation / Intelligence Activities
  • Execution of Communication Activities
  • Execution / Supervision of Business Activities
  • Execution of Goods / Service Sales Processes
  • Execution of Goods / Services After Sales Support Services
  • Execution of Customer Relationship Management Processes
  • Execution of Storage and Archive Activities
  • Execution of Contract Processes
  • Follow-up of Requests / Complaints
Customer Transaction
  • Pursuant to Art. 5/2(c) of the LPPD, provided that it is directly related to the conclusion or performance of a contract, it is necessary to process personal data of the parties to the contract
  • Pursuant to Art. 5/2(f) of the LPPD, provided that it does not harm the fundamental rights and freedoms of the data subject, for the legitimate interests of the data controller
  • Conduction Audit / Ethics Activities
  • Follow-up and Execution of Legal Affairs
  • Execution of Internal Audit / Investigation / Intelligence Activities
  • Execution of Communication Activities
  • Execution / Supervision of Business Activities
  • Execution of Goods / Service Sales Processes
  • Execution of Goods / Services After Sales Support Services
  • Execution of Customer Relationship Management Processes
  • Execution of Storage and Archive Activities
  • Execution of Contract Processes
  • Follow-up of Requests / Complaints
Transaction Security
  • Pursuant to Art. 5/2(f) of the LPPD, provided that it does not harm the fundamental rights and freedoms of the data subject, for the legitimate interests of the data controller
  • Conduction Audit / Ethics Activities
  • Follow-up and Execution of Legal Affairs
  • Execution of Internal Audit / Investigation / Intelligence Activities
  • Execution / Supervision of Business Activities
  • Execution of Customer Relationship Management Processes
  • Execution of Storage and Archive Activities
  • Follow-up of Requests / Complaints

4. Transfer of Your Personal Data

Your personal data processed within the scope of corporate customer acquisition and management processes may be transferred to the following recipient groups if the conditions for transfer regulated under Articles 8 and/or 9 of the LPPD are met:

Transferred Parties Transferred Data Categories Transfer Purpose
Our Suppliers (e.g. parties that provide products and services to our company in areas such as information technologies, accounting, legal processes, archiving) Identity
Contact
Customer Transaction
Transaction Security 		For the purposes specified in each data category above, in particular to provide our services and to carry out our business activities
Authorised public institutions and organisations (e.g. Information and Communication Technologies Authority, courts, prosecutor's office and law enforcement agencies, consumer arbitration committees) Identity
Contact
Customer Transaction
Transaction Security 		For the purposes specified in each data category above, in particular for the fulfilment of our legal obligations and the establishment, use and protection of our rights in case of dispute

5. Your Rights as a Data Subject

As a data subject, we inform you that you have the following rights pursuant to Article 11 of the LPPD:

  • to learn whether your personal data is being processed or not,
  • request information if your personal data has been processed,
  • to learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
  • to know the third parties to whom your personal data are transferred domestically or abroad,
  • to request correction of your personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom your personal data has been transferred,
  • Although it has been processed in accordance with the provisions of LPPD and other relevant laws, to request the deletion or destruction of your personal data in the event that the reasons requiring its processing disappear and to request notification of the transactions made within this scope and in case your personal data is incomplete or incorrectly processed to third parties to whom your personal data has been transferred,
  • Object to the occurrence of a result that is detrimental to the person themself due to the exclusive analysis of your processed data through automated systems.
  • to request compensation for damages in case of damage due to illegal processing of your personal data.

You can submit your applications for your rights mentioned above to our Company in accordance with the provisions of the Communiqué on the Procedures and Principles of Application to the Data Controller (in writing or via registered electronic mail address, secure electronic signature, mobile signature or your e-mail address that you have previously notified to our Company and registered in our systems, with information / documents* that verify your identity in order to determine that you are the real right holder).

As a data subject, you can follow the instructions in the Roadmap for Application to the Data Controller to guide you when exercising your rights.

N.B.:: We would like to remind that no special categories of personal data (e.g. religion or blood type information) should be included in the scope of data subject applications.