Origin FGL Logistics (hereinafter referred to as, “Company” or “We”), pays the utmost attention to the lawfulness of the processing of personal data of its customers. The Origin FGL Logistics Protection of Personal Data Announcement (“Announcement”) herein have been prepared in accordance with Law on Protection of Personal Data numbered 6698 (“Law”) and EU General Data Protection Regulation (“GDPR”) to ensure that the personal data of our customers are processed under their full control and in a transparent manner. 

Ensuring the security of our customers’ and suppliers’ personal data is one of our primary objectives. For this reason, we only share our customers’ and suppliers’ data with reliable business partners to the minimum extent necessary and take security measures in compliance with applicable legislation, in order to store such data securely and prevent any unauthorized access or data breaches.

Transparency is one of the most important aspects for us when it comes to the protection of personal data. This Notice has been prepared to inform you about how your personal data is processed, both in fulfilling our legal obligations and in order to provide you with a better customer experience. You can find detailed explanations under the sections “Which personal data do we process?” and “Why Do We Process Your Personal Data? ”

Data security, transparency, and individuals’ control over their own personal data form the most important foundations of our compliance with the law. In this context, we are presenting this Notice to provide you with detailed information regarding the processing of your personal data.

1. How Do We Collect Your Personal Data?

This Notice includes our statements and explanations regarding the processing of personal data of our customers, suppliers, and individuals who interact with us, in compliance with national and international legislation, primarily the Law and the GDPR.

We reserve the right to make changes to this Notice in order to provide up-to-date information about our practices and legal regulations concerning the protection of personal data. However, in the event of any material changes to the Notice, we will inform the relevant individuals through appropriate channels.

The Notice has been prepared to provide information on which personal data Origin FGL processes in the course of its commercial activities, for what purposes such data is processed, and for which purposes and to which third parties this data may be transferred.

2. Which Personal Data Do We Process? 

The personal data collected by us may vary depending on the nature of the legal relationship you have with us. Your personal data, collected through all channels, including digital platforms, is categorized as follows:

• Identity and Contact Information (Name and surname)
• Contact information: (Phone and email)
• Financial information (credit/card information, bank account details, IBAN information, balance information, receivable balance, and other financial data)
• Physical security information (entry/exit logs to company premises, visitor information, camera and audio recordings, etc.)
• Legal and compliance information (personal data included in requests or decisions from judicial and administrative authorities, etc.)
• Audit and inspection information (records and data related to legal actions and the assertion of our rights associated with the individual, etc.)
• Marketing information (reports and assessments related to the individual’s purchases for marketing purposes, targeting data, cookie records, data enrichment activities, surveys, satisfaction polls, campaign and direct marketing results, etc.)
• Request/complaint management information (information and records collected from requests and complaints related to our products and services, and reports evaluating their outcomes by relevant departments, etc.)
• Visual and auditory data (photos, camera recordings, audio recordings, etc.)

3. For What Purposes Do We Process Your Personal Data? What Is the Legal Basis for Processing Your Personal Data?

In accordance with the Law, personal data may only be processed if at least one of the conditions specified under Articles 5 and 6 of the Law and/or the relevant provisions of international legislation is met. In this context, as Origin FGL, we process the personal data of our customers/suppliers based on the following legal grounds:

1. i) When it is explicitly provided for by law,
   ii) When it is directly related to the establishment or performance of a contract,
   iii) When it is necessary for compliance with our legal obligations under applicable national and international legislation,
   iv) When it is necessary for our legitimate interests, provided that it does not adversely affect the fundamental rights and freedoms of our customers/suppliers.

In addition to these legal bases, in some cases, we may request your explicit consent to process your personal data. In such cases, your personal data will be processed only within the scope of the consent you have voluntarily provided. You have the right to withdraw your consent at any time.

Accordingly, the personal data collected may be processed by Origin FGL within the framework of national and international legislation, under the personal data processing conditions set forth in Articles 5 and 6 of the Law, and for the purposes listed below.

Establishing communication with our customers and managing customer relations
We may need to communicate with our customers in relation to our operations. In certain cases, it may be necessary to provide our customers with information related to the service they receive.
Please note that messages sent solely for the above purposes or similar service notifications, which do not involve marketing purposes, are not subject to prior consent under Article 6 of the Regulation on Commercial Communication and Commercial Electronic Messages, and may be sent to you by Origin FGL even if you have not given your consent to receive communications.

• Your requests and feedback
  Your personal data may be processed to take necessary steps regarding your questions, requests, or complaints submitted via digital platforms or through other written or verbal channels.
  Your opinions are highly valuable to us. Therefore, your personal data may also be processed in the context of surveys or evaluation activities to assess the quality of the services we provide.
• Personalizing and improving your customer experience
  To offer you a personalized customer experience, we process your personal data to customize our products or services in line with your preferences, tastes, and needs.
  In this context, information about your past purchases may be processed in order to present personalized offers.
• Providing information about our services
  Your personal data may be processed, with your consent, for marketing communication purposes, such as informing you about our services, introducing new offerings, and notifying you about campaigns.
• Fulfilling legal obligations arising from the applicable regulations and providing information to authorized institutions and organizations
  Your personal data may be processed for the preparation of records and documents required for the provision of services under the legislation, as well as to comply with national and international legal obligations including information retention, reporting, record-keeping, disclosure, taxation, international sanctions, and others.
  In this context, in line with our obligations regarding identification and verification, your personal data may be processed for purposes such as the prevention, detection, and investigation of crimes, including fraud and money laundering.
  Your personal data may also be processed, either regularly or upon request, for the purpose of providing information and documents to authorized public institutions and regulatory authorities located domestically or abroad, or granting them access to such information and documents, within the legal scope and based on valid requests, in order to comply with international and national legislation and ensure the execution of transportation operations.
• Carrying out finance and accounting operations
  Your personal data may be processed for the purposes of fulfilling notification obligations, identifying and verifying your identity, preventing fraudulent transactions, collecting payments, and processing refunds where necessary.
• Establishing IT infrastructures and managing and auditing information security processes and operations
  Your personal data may be processed to ensure compliance with internal policies and procedures related to information security, to manage IT systems and perform necessary improvements, to ensure the operational accessibility and reliability of our systems through backups and testing (including tests that may require the use of live data), to carry out statistical analyses and research for the development of transportation-related systems and programs, and to support product and service development efforts.
• Preventing fraud and forgery
  Your personal data may be processed to prevent and investigate fraudulent activities, report them in accordance with legal requirements, and take the necessary legal actions.
• Defining access authorizations for business partners and suppliers
  Personal data may be processed to enable access to necessary information and documents for business partners in the scope of corporate cooperation, and for third-party suppliers providing outsourced services in areas such as transportation operations, customer relationship management, and research and development. This ensures that authorized representatives and employees of these partners have the access required to perform their duties.

4. Transfer of Personal Data
   Your personal data may be shared with our suppliers and business partners who support us in establishing, conducting, and terminating our relationship with you, including those providing services on our behalf. Your personal data may also be shared, within the scope of their authority, with legally authorized public institutions and private individuals. In such cases, we take the necessary measures to ensure that the parties to whom the data is shared process and transfer the data in accordance with the rules specified in this Notice and applicable legislation.

Within the scope of the data processing conditions and purposes stated in Articles 8 and 9 of the Law, your personal data may be shared with our affiliates, business partners, suppliers, legally authorized public institutions and organizations, and legally authorized private institutions, and may be transferred abroad to the extent limited to these purposes and in accordance with the procedures outlined in Article 9 of the Law and the decisions of the Personal Data Protection Board. In this context, your personal data may be shared, to the extent necessary, with the relevant authorities and authorized third parties in the country where your operations are carried out to fulfill operational requirements and comply with national and international legal obligations.

Your personal data may be transferred abroad:
• If you have provided your explicit consent, or
• If explicit consent has not been obtained but one or more of the other data processing conditions specified in the Law are met:
 • If the country to which the data is transferred is deemed to have adequate protection by decision of the Personal Data Protection Board, or
 • If the country does not have adequate protection, provided that our company and the data controller in the relevant foreign country undertake adequate protection in writing and obtain permission from the Personal Data Protection Board.
• In accordance with the provisions of applicable laws.

5. Retention of Personal Data
   We determine the retention periods for personal data by taking into account the applicable legislation and the purposes for which the data is processed. In this context, statutes of limitations related to legal obligations concerning personal data processing activities are duly considered. If the purpose for processing personal data ceases to exist and there is no other legal reason or basis allowing for the retention of such data, the data is deleted, destroyed, or anonymized.

6. Principles of Personal Data Processing
   Our main principles regarding the processing of your personal data include:
   • Acting in accordance with the law and principles of integrity
   • Ensuring accuracy and keeping data up to date
   • Processing data for specific, explicit, and legitimate purposes
   • Being relevant, limited, and proportionate to the purposes of processing
   • Retaining data for the period required by relevant legislation or as necessary for the purpose of processing

7. Use of Cookies
   As Origin FGL, we use certain technologies such as cookies, pixels, and gifs (“Cookies”) during your visits to our online platforms to enhance your experience. The use of these technologies is carried out in compliance with the Law, GDPR, and applicable legislation.
   For detailed information about cookies, please refer to the ORIGIN FGL Cookie Clarification Text available at https://originfgl.com/privacy-and-cookie-policy/

8. Use of Digital Platforms
   Your personal data obtained during your use of digital platforms may be processed for purposes such as operating and managing the site, improving and enhancing user experience related to the site and application, monitoring site usage, enabling and supporting location-based tools, managing online accounts (if any), and providing information about services available in your location.
   If you wish to benefit from products or services offered through the application, your personal data will be processed only for the purpose of enabling you to use those specific products or services.

9. Use of CCTV (Closed-Circuit Television)
   Visual and audio data may be obtained via CCTV systems located on our premises and stored for a necessary period only for the purposes of preventing and monitoring antisocial or criminal behavior, ensuring the security of our premises and assets, and protecting the health and safety of visitors and employees.
   All necessary technical and administrative measures are taken to ensure the security of the data collected through CCTV systems.

10. Data Subject Rights
    According to Article 11 of the Law, data subjects have the following rights against the data controller:
    • To learn whether personal data concerning them is being processed
    • If personal data is being processed, to request information about it
    • To learn the purpose of processing and whether it is used in accordance with that purpose
    • To know the third parties to whom personal data is transferred domestically or abroad
    • To request correction if personal data is incomplete or inaccurate
    • To request deletion or destruction of personal data within the framework of the conditions set out in the legislation
    • To request that third parties to whom the data was transferred are informed of any rectification, deletion, or destruction of personal data
    • To object to a result against them arising from the analysis of processed data exclusively through automated systems
    • To demand compensation for damages in the event they suffer harm due to the unlawful processing of personal data

11. Exercising Rights by the Data Subject
    We respond to individuals who wish to exercise their rights under the Law within a maximum of thirty days, as stipulated. For third parties to submit requests on your behalf, they must have a notarized power of attorney issued by you.
    While applications are generally processed free of charge, if a fee is foreseen by the Personal Data Protection Board, the relevant fee schedule may be applied.
    We may request information to verify the identity of the applicant and ask questions to clarify the issues specified in the application.
    To exercise the above-mentioned rights, please contact us using the following contact details:

Origin FGL Lojistik A.Ş. Headquarters
• Address: Oruçreis Mah. Vadi Cad. No:108/6 Giyimkent-Esenler/İstanbul
• Phone: +90 212 987 55 55
• Email: kvkk@originfgl.com (If submitting via email, please fill out the form attached below and include it in your email or attach it to your application.)
• Click here to access the form.

12. Data Security
    To ensure the security of your personal data, we take reasonable technical and administrative measures to prevent unauthorized access, accidental data loss, intentional deletion, or damage to the data.
    • We use software and hardware containing virus protection systems, firewalls, and intrusion prevention systems.
    • Access to personal data within our organization is managed through a controlled process based on unit/role/application authorizations and the nature of the data.
    • We conduct the necessary audits to ensure compliance with the provisions of the Law as per Article 12.
    • We ensure compliance of data processing activities with the Law through internal policies and procedures.
    • We apply stricter measures for access to sensitive personal data.
    • In case of external access to personal data due to outsourcing, we obtain commitments from service providers to ensure compliance with the Law.
    • We take necessary actions to inform all employees, especially those with access to personal data, about their duties and responsibilities under the Law.

13. Definitions

• Explicit Consent: Consent based on information and given with free will by the data subject for a specific issue.
  • Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person, even by matching it with other data.
  • Data Subject: The natural person whose personal data is processed.
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Sensitive Personal Data: Data subject to stricter protection under the Law due to potential for harm or discrimination if disclosed or lost.
  • Processing of Personal Data: Any operation performed on personal data, whether fully or partially automated or manually, including collection, recording, storage, alteration, disclosure, transfer, or prevention of use.
  • Data Recording System: The system through which personal data is processed according to specific criteria.
  • Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.