turkey logoTR

Turkish Airlines GDPR Privacy Notice for Job Applicants

1.   Introduction.

As a data controller Türk Hava Yolları Anonim Ortaklığı (hereinafter referred to as “THY”, “Turkish Airlines” or “We”) pays the utmost attention to the lawfulness of the processing of personal data relating to its job applicants.

The THY GDPR Privacy Notice for Job Applicants (“Privacy Notice”) has been prepared in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) to ensure that personal data, as applicants, are processed in a transparent manner.

Specifically, we would like to inform you with respect to processing of your personal data collected. In this respect, we provide you with information on which personal data We process, for what purposes and how long, the third parties your data are shared with, your rights and ways to contact us.

Data processing is conducted in accordance with the principles of “lawfulness, fairness and transparency”, “purpose limitation”, “data minimization”, “accuracy”, “storage limitation”, “integrity and confidentiality”, “data subject’s control over personal data” and “accountability”.

We reserve the right to update this Privacy Notice at any time and will provide you with a new Privacy Notice if any substantial updates are made thereto. From time to time We may also notify you in other ways about processing of your personal data.


2.   Which Personal Data We Process and How Do We Collect Your Personal Data?

 We Collect and process the following types of personal data:

  • Identity and Contact Information: Name, surname, birth place, birthdate, marital status, driver license, passport/ID, home address, phone number, email address, 

  • Application related informationIncluding your curriculum vitae (CV), cover letter, profession information, employment history, social media information, education history, qualifications and skills, reference contact information, references, desired salary, interests, background screening information if relevant and course and certification information. 

  • Visual Records: Photo.

  • Special Categories of personal data: Health data processed for the determination and evaluation of health criteria required for THY's working conditions and civil aviation requirements for cabin / cockpit duties, disability information, criminal record.. 

  • Process Security Information:  IP address which is collected by using cookies (For more information about how the Turkish Airlines use cookies please click here) and if applicable, log records, user account information.

  • Other Information: Personal data processed to obtain information that will be the basis for the formation of personal rights of our employees or real persons who have a working relationship with our Company. Information required to assess the eligibility of foreign duties (e.g. visa information, residence permit, work permit, citizenship/dual citizenship information, Green Card (Lawful Permanent Resident Card, Form I-551, etc.) information, immigration status).

As well as collecting information from you directly, THY receives information relating to you from recruiters and persons whom you have named as referees.

From the start of your application process, your personal data can be collected via printed documents (e.g. CV information that you may provide or social security records), forms (e.g. recruitment form / periodic examination application form) and in some instances through digital channels (e.g. information obtained directly from public institutions) to fulfil certain legal obligations and ensure the continuation of the application process. If applicable, your documents can be sent to us by the recruitment agency you provided. In any case, your personal data may only be collected and processed in accordance with the provisions of national/international legislation, in particular Art. 5 GDPR, only if one or more conditions that are stipulated the GDPR are present.


3.   For Which Purposes Do We Process Your Personal Data? What is Our Legal Basis for Processing Your Personal Data?

Personal data can only be processed if at least one of the conditions set forth under Art. 6 GDPR is present. Your personal data collected during the recruitment processes may continue to be processed after the employment contract is signed unless there is a change in the processing purpose.

THY will process your personal data for the following purposes and under the following lawful basis:

  • If it is necessary to establish a contractual relationship and/or to perform our obligations under a contract as provided by Art. 6(1)(b) GDPR, for instance, to take steps necessary for THY to enter into an employment contract with you, to make informed decisions on recruitment and assess your suitability for the role, to reimburse you for any agreed expenses incurred in the application process etc;

  • As provided by law or for purposes which are required by law, such as compliance with legal obligations provided by Art. 6(1)(c) GDPR, for instance, to comply with applicable laws and protect our legal rights including, but not limited to, in connection with legal claims (including disclosure of information in connection with legal process or litigation). If you are successful, this will include verifying whether you have the right to work in the country in which you are applying for a job with THY and checking whether the information you have provided in the application is correct and carrying out other background checks as required by law. We will provide more information about these checks before they are carried out, execution of Occupational Health and Safety Activities, informing authorized persons, institutions and organizations;

  • As required to conduct our business and pursue our legitimate interests if such interests do not have a negative impact on our customers’ fundamental rights and freedoms as provided by Art. 6(1)(f) GDPR; 

If Art. 6(1)(f) GDPR is the legal basis for processing, our legitimate interests are, in addition to the purposes identified above:

  • To make informed decisions on recruitment, assess your suitability for the role and verify the details you have supplied (including background checks, about which We will provide more information before they are carried out), planning of human Resources Processes, execution and supervision of business activities, receiving and evaluating suggestions for the improvement of business processes, conducting business continuity activities;

  • To communicate with you about the recruitment process and answer your queries;

  • To keep you in mind for future job positions and roles; 

  • To improve our recruitment processes and activities;

  • If permitted, to contact you about future career opportunities at THY; 

  • To protect our legitimate business interests and legal rights, including, those in connection with legal claims, compliance, regulatory, auditing, investigative and disciplinary purposes (including disclosure of such information in connection with legal process or litigation) and other ethics and compliance reporting requirements; 

  • If Art. 9(2) GDPR is the legal basis for processing, in addition to the purposes identified above:

  • Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law;

  • Processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;

  • Processing relates to personal data which are manifestly made public by the data subject;

  • Processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity;

  • Processing is necessary for reasons of substantial public interest which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;

  • Processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of law or pursuant to contract with a health professional;

  • Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, save for the exemptions to this rule i.e. if automated decision making is required or authorized by law or is necessary for entering into or performing the contract or is based on your individual explicit written consent.


4.   Is Provision of Personal Data a Statuary or Contractual Requirement or Necessary to Enter into a Contract? What are the Consequences of Failure to Provide Personal Data?

We will tell you if We require you to provide personal data to comply with legal or contractual obligations, in which case the provision of such data is mandatory: if such data is not provided, then We will not be able to manage the employment relationship, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional. Where you do not provide the relevant data for in these circumstances, the consequences will be explained to you at the time.


5.   How Do We Keep Personal Data Secure and How Long Do We Store Them?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties on a need-to-know basis. They will only process your personal data on our specific instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach if We are legally required to do so.

The duration the THY stores your personal data varies depending on the fact whether you are successful or not as a job applicant.

If you are successful: we will retain your personal data for the purposes of the recruitment process and, once this process is finished, for an appropriate period so as to be able to deal with any legal claims linked to the application process and for any periods We are required to keep your personal data under applicable law. After this period, we will take steps to delete your personal data or hold them in a form that no longer identifies you. If you become a THY employee, your personal data will become a part of your employee file and will be used later in the course of the employment relationship.

If you are not successful: we will retain your personal data for up to 6 months to review our recruitment decision and to keep you in mind for future recruitment processes. If you do not want us to keep your personal data for the purposes of potentially considering you for future positions, please notify us.


6.   To Whom We Transfer Your Personal Data and Why?

Under certain circumstances for the above listed purposes We may transfer your personal data that We process to third parties, residing within borders of Turkey or abroad, in accordance with the provisions of national and international law, particularly Art. 8 and 9 of the Law as well as Art. 44 seq. GDPR. Types of third parties We may transfer your personal data to are as follows:

  • Third party service providers: Your personal data may transfer to various suppliers, financial advisors, financial audit firms, occupational health and safety experts /workplace doctors, SHGM authorized hospitals, or miscellaneous consultancy providers that we are in business relations with. Additionally, under certain conditions, information such as identification information or CV information of our employees may be shared with recruitment firms within the scope of activities that We carried out. 

  • Group companies: Certain services offered by THY are carried out by our affiliates, within this context, your personal data may be shared with our relevant affiliates. You may find more detailed information regarding our group companies by opening the following link: https://www.turkishairlines.com/en-tr/press-room/about-us/index.html

  • Administrative and Legal Institutions Authorized by Applicable Law  Your personal data can be shared if required by law or  for the protection of our legitimate interests in compliance with applicable laws with private and public Institutions authorized by national or international legislations (e.g. government authorities and/or law enforcement officials, The Office of Foreign Assets Control (“OFAC”), Bureau of Industry and Security, Transportation Security Administration etc. and national and international aviation authorities such as Directorate General of Civil Aviation (“SHGM”), International Air Transport Association (“IATA”) that may take decisions that affect THY and/or THY's operations. 

We will only transfer your personal data outside the EEA in exceptional circumstances if suitable safeguards ensure that an appropriate level of protection is in place. Typically, we rely on the following safeguards:

  1. Adequacy Decision of the EU Commission is available under https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en);

  2. Standard Contractual Clauses: Other recipients (further information is available under https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) except for situations to which Art. 49 GDPR applies:

    1. You have explicitly consented to the proposed transfer, after being informed of the possible risks of such transfer due to the absence of an adequacy decision and appropriate safeguards;

    2. The transfer is necessary for the performance of a contract between the data subject and THY;

    3. The transfer is necessary for the conclusion or performance of a contract concluded in your interests;

    4. The transfer is necessary for important reasons of public interest and/or other conditions mentioned in art. 49 GDPR.

Further information on such transfers or copies of these measures can be obtained via the contact details in the Privacy Notice below.


7.   What are Your Rights as Data Subject?

As data subject, you are entitled to a number of rights under Art. 15 seq. GDPR in relation to your personal data. We would like to inform you about the rights you are entitled to and the ways you may exercise them.

Under the GDPR you are entitled to the following rights:

  • Right of access (Art. 15 GDPR);

  • Right to rectification (Art. 16 GDPR);

  • Right to erasure (Art. 17 GDPR);

  • Right to restriction of processing (Art. 18 GDPR);

  • Right to data portability (Art. 20 GDPR);

  • Right to object (Art. 21 GDPR).

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions. We shall no longer process the personal data unless We demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

If personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

  • Right to withdraw consent (Art. 7 GDPR);

Under the GDPR or national laws these rights may be limited, for example, if fulfilling your request would reveal personal data about another person, if it would infringe on the rights of a third party (including our rights) or if you ask us to delete information which We are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in the GDPR or in applicable national laws. We will inform you of relevant exemptions We rely upon when responding to any request you make.

If you believe that We have failed to comply with data protection regulations when processing your personal data, you can lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR. The competent supervisory authority can be identified according to the list provided under: https://edpb.europa.eu/about-edpb/board/members_en.

Further information on your rights are available under: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights_en.


8.   Data Controller and Contact Information:

If you want to exercise your rights as a data subject, have any concerns about how We process your data, would like to communicate requests you can reach out to:

THY Head Quarter Entity: 

 00 90 212 463 63 63

 Türk Hava Yolları A.O. Genel Yönetim Binası, Yeşilköy Mah. Havaalanı Cad. No:3/1 34149 Istanbul, Türkiye

 isealimmd@thy.com

 

If you contact us by e-mail, communication may be unencrypted.

 

 

https://careers.turkishairlines.com'da kullanıcı deneyimini geliştirmek ve internet sitesinin verimli çalışmasını sağlamak amacıyla çerezler kullanılmaktadır. Çerez Bildirimi, Gizlilik Bildiriminin bir parçasıdır. Şirketimiz ve ziyaretçi bilgilerinin korunmasıyla ilgili daha detaylı bilgi için Çerez Politikamıza bakınız.

TAMAM