Basics of our data security and privacy approach
Our company and the affiliated CottGroup® companies within the network (COTT) are committed to ensure the security of your personal data within all the IT systems and IT infrastructures. For COTT, privacy and security subjects form the basis grounds of the relationship we build with our clients. COTT corporate network consists of a series of independent members which are the providers of various sections of this website and other websites in COTT member network. You can see our present member companies from here. Companies which will be subsequently integrated in the COTT members’ network can also be accessed from the same link.
The personal data you will share when using this website can be also kept under the control of another company among the COTT member network companies. The aim of this is to ensure the control, supervision and security of the related data at the highest level. Each independent member is legally responsible for the data kept under its control and supervision.
The expression “our company” contained in the present text refers to the COTT member network company which keeps your personal data under its control and responsibility and which you desire to be in contact with by visiting this website.
Which data do we collect?
Our company can collect your personal data, by various methods, within the framework of legal rules and in compliance with the intended purpose of processing.
According to the definitions of the Personal Data Protection Authority, Personal Data refers to all kinds of information related to a real person who is identified or identifiable. In order to speak of a personal data, the data must belong to a real person and this person shall be identified or identifiable (Personal data and personal information refer to the same definition and purpose).
Detailed explanation on Personal Data;
- Being related to a real person: Personal data is related to a real person. Data related to legal persons are out of the scope of the definition of personal data. Therefore, information related to a legal person, such as the tradename or address of a company will not be considered as personal data (apart from cases where they can be associated with a real person).
- The person must be identified or identifiable: Personal data covers all the information directly showing the identity of a person or, although not directly showing the identity of a person, rendering him identifiable as a result of being associated with a record.
- All kinds of information: The expression “All kinds of information” is quite extensive and does not only cover information which merely puts forth the identity of an individual, such as the name, surname, date of birth and place of birth of a real person; all data which renders a person identifiable, directly or indirectly, such as telephone number, motor vehicle license plate, social security number, passport number, curriculum vitae, photo, video and audio records, fingerprints, IP address, e-mail address, hobbies, preferences, people interacted with, group membership, family information, health information are considered as personal data.
The personal data which we record by automatic or non-automatic means when you visit our company’s website and which you will share with us via communication forms, e-mails and other electronic transactions will be used firstly to fulfil your demand and subsequently to offer you a better service. In general, the purpose of use is as follows:
- To get in contact with you
- To provide you access to the website or self-service access, by performing operations related to your online account including but not limited to the supply of a password and user code.
- To answer to your questions
- To inform you of any change in legal regulations and to provide you with other important information
- To ensure the management of our website
- To increase the quality of our service
Data shared voluntarily
You will be deemed to have shared your data voluntarily in the below-listed cases and similar occasions.
- When you subscribe to a news and legislation bulletin managed by COTT.
- When you purchase a service and share the information we requested from you to complete the service.
- When you share content about us in the social media.
- When you share information such as identity information or business card during your visits to exhibitions, seminars and events.
- When you visit one of our locations and we require visitor information.
- When you get in contact with our company or send curriculum vitae (CV).
Can my personal data be shared with other COTT member network companies?
Data is processed only by COTT personnel authorized to implement the services in the scope of the COTT member network management office and all kinds of privacy and security procedure, and the personnel indicated in the privacy and security authority matrix. For details and conditions of transfer of data, please click on the link "Information on Privacy Policies and Processing and Transfer of Personal Data
Log data, Cookies and Web Beacons
As COTT, we are aware and understand your concerns about the use of websites open to general use.
What is a Cookie?
Cookies are widgets of programs that can be present in your laptop, pc and mobile device, which collect various data. Cookies are generally text files.
With these programs, the following data can be collected.
- Internet Protocol (IP) address
- Domain name of the computer with which you connect to the website
- The date and time of your log-in and period you spend on the website.
- The link of the page from which you connected to our company’s website or the address of another COTT member website
- Information on your computer, the brand of your browser, your operating system, your java support, flash version, screen resolution and your connection speed
- Information on pages of the computer connected to when sending a request from our company’s website
- The amount in bytes of the data transferred on our company’s website
- The content of tracer cookies
- CottGroup® websites use temporary session cookies in order to secure your online activities and increase the website performance.
- Fields such as Login time, User Name and User ID required for our software and self-service applications (APPLICATIONS)
- URL information for which the User sent their latest request in APPLICATIONS
- Language information of your browser
You can find further details in the section Cookie Notice.
Protection of children’s online activities
We assist parents willing to supervise their children’s online activities. We never request personal information from children deliberately. If we find out that the person whose personal information we collected is below 13 years of age, we can use this information only to notify the matter to the parents immediately. This rule applies for age 16, within the context of the European Union General Data Protection Regulation (GDPR).
COTT respects your rights concerning the using and sharing of your personal information. Please kindly note that you can request access to your personal data or for a correction to be made on this information and make preference among the promotion materials you receive or choose to not receive any marketing and promotion content from COTT member network. If you are in Europe, remember that you may have supplementary rights within the scope of the GDPR (General Data Protection Regulation).
Special Data Protection Rights for residents in the European Union: If you are within the boundaries of the European Union, you can object to the processing of your personal data, request restriction of the processing of your personal information or request the mobility of your personal information. To transmit your objections, please click. on this link.
Likewise, in case your personal information is collected upon your approval, you can withdraw your approval at any time. The withdrawal of your approval will not affect (1) the legitimacy of any transaction we realized before your withdrawal, or (2) the processing of your personal information within the framework of legal grounds.
Furthermore, if your personal information must be preserved according to preservation periods arising from local laws and due to the performance of an agreement, please note that we have the right to preserve the same for this period.
If you think that we use your personal information in a way which is not in compliance with this notice, or if you wish to receive more information on your rights, you can get in contact with the European Union data protection officer at the address: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
International harmonization and transfer to abroad
COTT can transfer personal data of Turkish citizens and persons living in the European Union to countries which are considered secure as per the announcement to be made by the Personal Data Protection Authority. If, in cases indicated in the Law No.6698 (conditions indicated in the 2. paragraph of article 5 and 3. paragraph of article 6 of the Law), there is no adequate protection in the country to which data will be transferred (countries considered as unsecure by the Authority), transfer can be realized in case the adequate protection is warranted in writing and the Authority provides its approval.
The provisions of the Law No: 6698 on the Protection of Personal Data will apply for data transfers.
Designing of new processes in compliance with privacy rules
When developing new systems, COTT takes the most appropriate technological and corporate measures for privacy and makes the required improvements for the processing of personal data in compliance with the intended purpose. (Privacy by design)
In compliance with legal rules, COTT can communicate with you in order to inform you of changes in the legislation and relevant information, and for the purpose of advertisement and promotion of new services and products, and for sale and marketing purposes. If you do not want to receive these messages, you can stop the notifications by using the related communication channels.
Preservation and disposal
In case you have any questions related to this Privacy Notice, please click on this link.
Personal Data Protection Policy
Data Controller: CottGroup® Companies (hereinafter referred to as “CottGroup®”, the details of the group companies will be provided herein below)
This Obligatory Informative and Consent Text is prepared in accordance with the Law No. 6698 on Protection of Personal Data (“KVKK”) and is aimed at performance by the Data Controller of its obligation to provide information prescribed by the said Law and obtaining of direct consent of the Data Subject for the processing of normal, and if shared, private data. The Data Subject agrees and declares that it has been informed about the matters here under:
For the purpose of the implementation of the Law on Protection of Personal Data (hereinafter referred to as “KVKK”), the following capitalized terms shall have the meanings assigned to them herein below:
- Explicit Consent: Freely given consent on a specific matter with being informed in regards;
- Anonymization: Rendering Personal Data not linkable with an identified or identifiable real person in any way, even by way of matching with other data;
- Data Subject: Real person whose personal data is processed;
- Personal Data: Any information relating to an identified or identifiable real person;
- Processing of Personal Data: Any such transaction performed on the data, such as obtaining, recording, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available, or classifying the personal data or blocking the usage of it, by fully or partly automatic means, or by non-automatic means provided that it is part of a data recording system;
- Board: The Board of Protection of Personal Data;
- Authority: The Authority of Protection of Personal Data;
- Data Processor: Real or legal person who processes the personal data on behalf of and based on the authority granted by the data supervisor;
- Data recording system: Any recording system in which personal data are processed by being structured according to specific criteria;
- Data Controller: Real or legal person who determines the purposes and means of the processing of personal data, and who is responsible for establishment and management of the data recording system.
- Sensitive personal data: Data in relation to race, ethnic origin, political opinion, philosophic belief, religion, sect or other beliefs, appearance, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
Article-2 Principles Regarding Processing of Personal Data
2.1 As part CottGroup®’s activities;
CottGroup®, in its capacity as the Data Controller, will process your “Personal Data” as mentioned below, including your data which identifies your identity or personal data or renders them identifiable, your salary (when necessary) and sensitive personal data, as per the Law No. 6698 on Protection of Personal Data (“KVKK”). “Processing of Your Personal Data” means any procedure which is performed on personal data, such as collection, recording, storage, preservation, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization of personal data or blocking its use.
We, as CottGroup®, place great importance on the security and protection of your personal data. We continue to serve you with the awareness that the privacy and security of your personal data is of utmost importance while our services.
2.2 Protection of your right of data privacy and fundamental rights and freedoms is our main principle while using your sensitive data for payroll, accounting, consultancy, software procurement, informing on legislation, labor force support, outsourced services and your all other provided services.
- Personal Data might be processed for the purpose of the performance of Data Controller’s obligations arising from any agreement between the Parties or the related legislation provisions.
2.3 Personal Data can be transferred by CottGroup® to various organizations and institutions, only when and to the extent necessary and limited for the performance of the obligations arising from any agreement between the Parties and the related legislative provisions, and for increasing the service quality and protecting the legitimate rights of both Parties, by taking into account the decisions of the Authority,
- and when required by the Labor Law, Obligation Law, Income Tax and all other legal and legislative means regarding your services. Such institutions and organizations may include:
- Competent authorities and/or
- Turkish or foreign employers to which the Data Subject has filed an application and/or
- Administrative authorities and institutions including Tax Offices, workplace inspectors, Turkish Employment Agency (ISKUR), Regional Directorate of Labour and Social Security Institution,
- Employees authorized by the Data Controller and/or
- Independent auditors with whom the Data Controller cooperates and/or domestic or foreign third parties carrying out activities related to the purpose of performance and service providers who provide information by way of promotion and communication or customer satisfaction monitoring services.
Article-3 Other Rights of the Data Subject
Data Subject has each of the following rights, independently from, and in addition to its right of monitoring and requesting information about the fulfilment of the fundamental principles summarized above:
- Learning whether or not her/his Personal Data has been processed,
- Requesting information as to processing, if her/his Personal Data has been processed,
- Learning the purpose of processing of his/her Personal Data and whether such data is used in accordance with its purpose,
- Knowing the third parties to whom his/her Personal Data has been transferred at home and abroad,
- Requesting rectification in case his/her Personal Data is processed incompletely or inaccurately,
- Requesting deletion or destruction of his/her Personal Data in a manner and within the restrictions and legal time periods as prescribed under the Law and the relevant legislation, in case the reasons requiring the processing of such Personal Data are no longer present,
- Requesting notification of the request for deletion or rectification of his/her Personal Data to third parties to whom such Personal Data is transferred,
- Objecting to occurrence of any result that is to her/his detriment by means of analysis of his/her processed Personal Data, exclusively through automated systems,
- Requesting compensation for his/her damages in case he/she incurs damages due to processing of his/her Personal Data in breach of the Law.
Data Controller to whom you can file an application as per the Law:
You can file your request to use any of your rights above as per the regulations of the Personal Data Protection Law (KVKK), to CottGroup® in writing or in any other method determined by the Board of Protection of Personal Data, as well as through the following means.
CottGroup®’s main website: https://www.cottgroup.com