Gdpr Privacy Policy for
Job Applicants
Türk Hava Yolları Anonim Ortaklığı (hereinafter referred to as “THY”, “Company”, "Turkish Airlines" or “We”), pays the utmost attention to the lawfulness of the processing of personal data of its applicants. The Turkish Airlines Privacy Policy for Applicants (“Privacy Policy”) herein has been prepared in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) to ensure that your personal data, as applicants, is processed in a transparent manner.
In this respect, as a data controller, we provide you information on which personal data we process and for which purposes, the third parties we share your data with, your rights and the methods that you may use to contact us.
This Privacy Policy also describes your data protection rights, including a right to object to some of the processing which THY carries out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
We reserve the right to update this Privacy Policy at any time, and we will provide you with a new privacy policy when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
Data Protection Principles
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Maintained only for as long as necessary for the purposes we have told you about, i.e. in relation to the recruitment exercise.
- Kept securely and protected against unauthorised or unlawful processing and against loss or destruction using appropriate technical and organisational measures.
How Do We Collect Your Personal Data?
From the start of your application process, your personal data can be collected via printed documents (e.g. CV information that you may provide or social security records) and in some instances, through digital channels (e.g. information obtained directly from public institutions) to fulfil certain legal obligations and ensure the continuation of the application process or where applicable, your documents can be sent to us by the recruitment agency you provided with your information. In any case, your personal data may only be collected and processed in accordance with applicable laws.
Which Personal Data Do We Collect & Process?
We Collect and process the following types of personal data:
Personal identification and communication information
including your name, home address, phone number, email address, and where applicable, information required to assess the eligibility of foreign duties (e.g. passport/ID, visa information, residence permit, work permit, citizenship/dual citizenship information, Greencard (Lawful Permanent Resident Card, Form I-551, etc.) information, immigration status).
Application related information
including your curriculum vitae (CV), cover letter, employment history, social media information, education history, qualifications and skills, reference contact information, references, position preferences, willingness to relocate, desired salary, interests and aspirations and background screening information if relevant.
Sensitive personal information
for example, criminal record, information about your health and disabilities where we need to make any reasonable adjustments.
Information related to your use of our Careers Website, for example your IP address. This information may be collected by using cookies. For more information about how the THY use cookies please refer to the Cookie Policy on the relevant THY website.
As well as collecting information from you directly, THY receives information relating to you from recruiters and persons who you have named as referees.
Why Do We Process Your Personal Data and What is the Legal Basis for this Use?
THY will process your personal data for the following purposes:
As required to take steps which are necessary for THY to enter into an employment contract with you:
- To make informed decisions on recruitment and assess your suitability for the role.
- To reimburse you for any agreed expenses incurred in the application process.
Where necessary to comply with a legal obligation:
- As required to comply with applicable laws and protect our legal rights including, but not limited to, in connection with legal claims, (including disclosure of information in connection with legal process or litigation). If you are successful, this will include verifying whether you have the right to work in the country in which you are applying for a job with THY and checking whether the information you have provided in the application is correct and carrying out other background checks as required by local law. We will provide more information about these checks before they are carried out.
Where necessary for THY’s legitimate interests, as listed below, and where our interests are not overridden by your data protection rights:
- to make informed decisions on recruitment, assess your suitability for the role and verify the details you have supplied (including background checks, which we will provide more information about before they are carried out);
- to communicate with you about the recruitment process and answer your queries;
- to keep you in mind for future roles;
- to improve our recruitment processes and activities;
- where permitted, to contact you about future career opportunities at THY;
- to protect our legitimate business interests and legal rights, including, use in connection with legal claims, compliance, regulatory, auditing, investigative and disciplinary purposes (including disclosure of such information in connection with legal process or litigation) and other ethics and compliance reporting requirements.
THY has carried out a balancing test in order to determine what is in its legitimate interests and you can request information about this balancing test be contacting us using the details set out below.
Where you give us consent:
- On other occasions we may ask you for consent to use the data for the purpose which we explain at that time such as when collecting your contact details to send you our offers or offers for relevant products and services of our carefully selected partners.
Where we require you to provide personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to complete your recruitment process, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional. Where you do not provide the relevant data for in these circumstances, the consequences will be explained to you at the time.
To Whom Why and Where We Transfer Your Personal Data?
Under certain circumstances, we may transfer your personal data to third parties in accordance with applicable laws.
Third party service providers: we may share your data with recruitment services providers (e.g. recruitment agencies).
Group companies: certain services offered by THY are carried out by our affiliates, within this context, your personal data may be shared with our relevant affiliates. You may find more detailed information regarding our group companies by using the following link: https://www.turkishairlines.com/en-tr/press-room/about-us/index.html
Government authorities and/or law enforcement officials: Your personal data can be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the protection of our legitimate interests in compliance with applicable laws (e.g. national and international aviation authorities such as Directorate General of Civil Aviation (“SHGM”), International Air Transport Association (“IATA”), The Office of Foreign Assets Control (“OFAC”), Bureau of Industry and Security (“BIS”), Transportation Security Administration (“TSA”))
In the event that the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
Where information is transferred from inside the EEA to outside the EEA (e.g. Turkey), and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor's Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review by contacting us using the details set out below.
Information about EU standard contractual clauses can be found here.
How long will you retain my data?
If you are successful: We will retain your personal data for the purposes of the recruitment process and, once this process is finished, for an appropriate period so as to be able to deal with any legal claims linked to the application process and for any periods we are required to keep your personal data under applicable law. After this period which we will take steps to delete your personal data or hold it in a form that no longer identifies you. If you become a Turkish Airlines employee, your personal data will become a part of your employee file and will be used later for the management of the employment relationship.
If you are not successful: We will retain your personal data for up to 12 months to review our recruitment decision and to keep you in mind for future recruitment processes. If you do not want us to keep your personal data for the purposes of potentially considering you for future positions, please let us know.
What are Your Rights as Data Subjects?
Where permitted by law you are entitled to a number of rights:
- Learn whether data relating you is being processed.
- Request further information if personal data relating to you has been processed.
- Learn the purpose for the processing of personal data and whether data are being processed in compliance with such purpose.
- Request a copy of your personal data we hold.
- Learn to which third-party recipients your data is disclosed.
- Request rectification of the processed personal data which is incomplete or inaccurate and request such process to be notified to third persons to whom personal data is transferred.
- Request deletion or destruction of personal data in the event that the data is no longer necessary in relation to the purpose for which the personal data was collected, despite being processed in line with the Law and other applicable laws and request such process to be notified to third persons to whom personal data is transferred.
- Obtain the personal data you provided to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.
- Object to negative consequences that you experienced as a result of analysis of the processed personal data by solely automatic means.
- Object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing purposes).
- If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred.
Under the GDPR, these rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in the GDPR. We will inform you of relevant exemptions we rely upon when responding to any request you make. In most cases we will not charge a fee for your requests. However, where the request is manifestly unfounded or excessive we may charge a reasonable fee based on the administrative costs generated by your request.
How do we keep your Personal Data secure?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our specific instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Automated decision-making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, save for the exemptions to this rule i.e. if automated decision making is required or authorised by law or is necessary for entering into or performing the contract or is based on your individual explicit written consent.
Contact Information
If you have any concerns about how we process your data, or if you would like to opt-out of direct marketing, based on the laws applicable to you, you can reach out to: