In accordance with Law No. 6698 on Personal Data Protection (the “Law”), your personal data can be processed by the ILO Office for Turkey (“ILO” or the “Organization”), as the data responsibler, in the context explained below.
You can find further information regarding the purposes of processing your data by our organization, in the policies on the protection and processing of personal data, available at https://iloakademi.org/local/pages/?id=1.
Which Personal Data Are Processed?
Account Data: In order to use certain features (like accessing content), you need to create a user account. When you create or update your account, we collect and store the data you provide, such as your e-mail address, password, phone number, occupation, skill interests, gender, race, ethnicity, government ID information, verification photo, age, date of birth and account settings and assign you a unique identifying number (“Account Data”).
Profile Data: Where necessary, your profile data will be publicly viewable by others.
Shared Content: Some of the Services let you interact with other users or share content publicly, including by posting reviews about content, asking or answering questions, sending messages to trainees or trainers, or posting photos or other work you upload. Such shared content may be publicly viewable by others depending on where it is posted.
Educational Content Data: When you access content, we collect certain data including which courses, assignments, labs, workspaces, and quizzes you’ve started and completed; your exchanges with trainers, teaching assistants, and other traineess; and essays, answers to questions, and other items submitted to satisfy course and related content requirements. If you are a trainer, we store your educational content which may contain data about you.
Purpose of Processing Your Personal Data
Your personal data can be processed within the conditions for the processing of personal data specified in Articles 5 and 6 of the Law with the purpose of (“Purposes”) offering a chance to social partners to enhance vocational and personal skills and knowledge in order to provide you with video training content through our online training platform, the ILO Academy (the “Platform”), and achieve the goal of providing decent and productive jobs in freedom, equality, safety and dignity for all women and men.
Conditions for Processing Personal Data of Groups of Persons
The express consent of relevant groups of persons is only one of the reasons for legal compliance that allows for the processing of personal data in accordance with the law. Apart from express consent, personal data can also be processed if one of the other reasons for legal compliance, specified below, exists. The basis for personal data processing can only be one of the reasons for legal compliance indicated below, while multiple conditions can serve as the basis for processing the same personal data. In the event that the personal data that is processed is of a private nature, the conditions under the heading “Processing of Private Personal Data” below shall apply. Groups of persons shall be informed on which personal data is processed pursuant to this Policy, the purposes and reasons for which the personal data is processed, the sources from which the personal data is collected, with whom the personal data will be shared and how it will be used.
Clearly Provided for by the Laws: In cases where the laws clearly provide a base for processing of personal data, ILO Turkey shall process the personal data of the groups of persons, without additionally receiving their express consent.
Failure to Receive the Express Consent of the Data Subject Due to Bodily Incapability: The data of a group of persons can be processed without their express consent in the event that it is mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his/her consent or whose consent is not deemed legally valid.
Direct Relation to the Conclusion or Fulfilment of a Contract: Provided that it is directly related to the conclusion or fulfilment of that contract, personal data belonging to the parties of a contract.can be processed, in the event that the processing of is necessary,
Personal Data Made Available to the Public by Groups of Persons: The data can be processed without requiring express consent in the event that a group of persons have made their personal data available to the public. For example, the personal data publicly shared by the Member on the internet or social media accounts can be processed, as long as and to the extent that the post is in line with his or her intent.
Data Processing is Mandatory for the Establishment or Protection of Any Right: The data belonging to a group of persons can be processed without requiring express consent in the event that data processing is mandatory for the establishment, exercise or protection of any right. For example, including these information in the complaint record, based on a member’s complaint to the Court.
Processing of Data Based on Legitimate Interests: The data belonging to a group of persons can be processed without requiring express consent in the event that data processing is mandatory for the legitimate interests of ILO Turkey, provided that this processing shall not violate the fundamental rights and freedoms of the group of persons. For example, executing satisfaction survey by ILO in order to provide trainee satisfaction.
Processing of Data Belonging to A Group of Persons Based on Express Consent: The personal data belonging to a group of persons shall be processed on the basis of express consent.
Processing of Private Personal Data
Some personal data is arranged separately as “Private Personal Data” and subject to special protection. Private personal data can be processed, in the case of the express consent of a group of persons, in line with the principles in this Policy and by taking the administrative and technical measures required. If a group of persons does not have express consent, private personal data can be processed in the following cases, provided that adequate measures to be determined by the Personal Data Protection Board (the “Board”) are taken:
- Personal data, other than the health and sexual life of the group of persons, in cases stipulated by law,
- Personal data related to the health and sexual life of the group of persons, but only for the purposes of protection of public health, preventive medicine, medical diagnosis, treatment and care services, planning and management of health services and financing, can only be processed by individuals or authorized institutions under a confidentiality obligation.
Transfer of Personal Data to Third Parties and Purposes of Transfer
Under your use of the ILO Academy platform and for the Purposes listed above, your personal data can be transferred by our organization to business partners, authorized public institutions and authorized private persons within the framework of the conditions and purposes for processing personal data specified in Articles 8 and 9 of the Law.
Methods and Legal Reason for Collection of Personal Data
Your personal data is collected by ILO Turkey electronically through Cookies in order to achieve the goals detailed above. The data processing conditions based on which we process your personal data through cookies are as follows:
Processing of personal data belonging to the parties of a contract is necessary, provided that it is directly related to the conclusion or fulfilment of that contract,
Data processing is mandatory for the legitimate interests of the data responsible, provided that this processing shall not violate the fundamental rights and freedoms of the data subject,
You have given express consent.
In the processing of personal data, ILO acts in line with the principles introduced pursuant to the legislation and the principle of good faith (bona fides). In this framework, the processing of personal data is exercised and limited to the extent required by the activities of our organization.
Reason for Using Personal Data
We use your data to provide our Services, communicate with you, troubleshoot issues, provide security against fraud and abuse, improve and update our Services, analyse how people use our Services, and as required by law or necessary for safety and integrity.
We use the data we collect through your use of the Services to:
Provide and administer the Services, including facilitating participation in educational content, issuing completion certificates, displaying customized content, and facilitating communication with other users;
Process payments to trainers and other third parties;
Process your requests for educational content, products, specific services, information or features;
Communicate with you about your account by:
Responding to your questions and concerns;
Sending you administrative messages and information, including messages from trainers, trainees and teaching assistants; notifications about the changes to our Service; and updates to our agreements;
Sending you information, such as by e-mail or text messages, about your progress in courses and related content, reward programmes, new services, new features, promotions, newsletters, and other available content created by instructors (which you can opt out of any time);
Sending push notifications to your wireless device to provide updates and other relevant messages (which you can manage from the “options” or “settings” page of the mobile app);
Manage your account and account preferences;
Facilitate the Services’ technical functioning, including troubleshooting and resolving issues, securing the Services, and preventing fraud and abuse;
Solicit feedback from users;
Marketing products, services, surveys and promotions;
Marketing Subscription Plans to potential customers;
Learn more about you by linking your data with additional data through third-party data providers and/or analysing the data with the help of analytics service providers;
Identify unique users across devices;
Tailor advertisements across devices;
Improve our Services and develop new products, services and features;
Analyse trends and traffic, track purchases and usage data;
Advertise the Services on third-party websites and applications;
As required or permitted by law; or
As we, in our sole discretion, otherwise determine to be necessary to ensure the safety and integrity of our users, employees, third parties, the public, or our Services.
Retention of Personal Data
Without prejudice to the retention periods stipulated by the legislation, we retain personal data for the period required by the purpose of processing personal data.
In cases where we process personal data for multiple purposes, if the purposes of processing data have been eliminated or the deletion of the data upon the request of the Data Subject is not hindered by the legislation, the data is deleted, destroyed, or retained by anonymization. Legislative provisions and PDP Board decisions are complied with in the destruction, deletion or anonymization of data.
Measures we take regarding the retention of personal data
As ILO Turkey, we build technical infrastructures and related control mechanisms for deleting, destroying and anonymising personal data; take the necessary measures to retain personal data safely; employ employees with technical expertise; develop systems for business continuity and emergency plans against possible risks and their implementation; establish security systems in accordance with the technological developments regarding the storage areas of personal data.
We raise awareness by informing our employees about the technical and administrative risks associated with the retention of personal data; in the case of cooperation with third parties for the retention of personal data, we include the provisions regarding the necessary security measures to be taken in the contracts made with the companies to which personal data is transferred, in order to protect and safely retain the personal data transferred.
Security of Personal Data
Our obligations regarding the security of personal data
We take administrative and technical measures according to technological facilities and implementation costs to:
Prevent the illegal processing of personal data,
Prevent illegal access to personal data,
Ensure that personal data is stored in accordance with the law.
Measures we take to prevent illegal processing of personal data
We carry out and cause the necessary inspections to be carried out within our organization; we train and inform our employees on the processing of personal data in accordance with the law; our activities are evaluated in detail in all units, as a result of which the personal data is processed,
In cases of unlawful disclosure of personal data or data leakage, we inform the PDP Board of the situation and conduct the investigations and take the measures required by the legislation. Additionally, as ILO, we employ employees with technical expertise; update and renew technical measures periodically; create access authorization procedures within our company; determine the procedures for reporting the technical measures and audit procedures; build the data recording systems used in our organization in accordance with the legislation and inspect them periodically; train and inform our employees on access to personal data and authorization, and build security systems within technological advancements in order to prevent illegal access to personal data.
Destruction of Personal Data
ILO Turkey retains personal data for the period required for the purpose for which it is processed and for the minimum period stipulated in the legislation to which the relevant activity is subject. In this context, our company first determines whether a period is stipulated for the storage of personal data in the relevant legislation and, if so, acts in accordance with this period. If there is no legal period, personal data is retained for the period required for the purpose for which it is processed.
Destruction of personal data is the process of making personal data inaccessible and unrecoverable and reusable by anyone.
Anonymisation of personal data is to make it impossible for such data to be associated with any identified or identifiable person in any way, even if the personal data is matched with other data.
By the end of their designated retention period, personal data is destroyed in line with periodical destruction periods or the data subject’s application and through the designated data destruction methods (deletion and/or destruction and/or anonymisation).
Informing Personal Data Subjects
ILO Turkey informs data subjects prior to processing Personal Data, in accordance with Article 10 of the Law. In this context, ILO Turkey fulfils its Disclosure obligation in obtaining personal data. The disclosure to Data Subjects under the Disclosure obligation includes the following:
Identity of the data responsible or, if any, representative
The purpose for which the personal data will be processed
To whom and for what purpose the processed personal data can be transferred
The method and legal reason for collecting personal data
Other rights listed in Article 11 of the PDP Law.
ILO Turkey shall provide the required information if the data subject requests information in line with Article 20 of the Constitution and Article 11 of the PDP Law.
Your Rights as Personal Data Subjects As Listed in Article 11 of the Law
We would like to inform you that as a personal data subject, you have the following rights pursuant to Article 11 of the Law:
- To learn whether your personal data has been processed,
- To request the relevant information if your personal data has been processed,
- To learn the purpose for processing your personal data and whether the data is used appropriately,
- To know the domestic or foreign third parties to whom your personal data is transferred,
- To request the correction of errors in the case of any missing or incorrectly processed personal data, and that the transaction carried out in this scope be notified to the third parties to whom the personal data is transferred,
- To request the deletion or destruction of personal data in the case of elimination of the reasons requiring its processing, even though the data has been processed in accordance with the provisions of the PDP Law and other relevant legislation, and that the transaction carried out in this scope be notified to the third parties to whom the personal data is transferred,
- To contest the results of automated processing in cases in which the analysis of the processed data by means of exclusively automated systems has produced unfavourable results,
- To claim compensation for damages resulting from the unlawful processing of your personal data.
You can send us your applications concerning your rights listed above by filling in the ILO Office for Turkey Data Subject Application Form available on https://iloakademi.org/local/pages/?id=1. Depending on the nature of your request, your applications will be concluded, free of charge, as earliest as possible and within 30 days at the latest; however, if the operation necessitates additional costs, a fee may be charged according to the tariff determined by the Board of Personal Data Protection
Letter of Consent
Through the “ILO (International Labour Organization) Office for Turkey Academy Learning Portal (ILO ACADEMY) Clarification and Consent Letter on the Protection of Personal Data”, the User and/or Visitor is deemed to have accepted and declared that he/she has been informed of his/her personal data that is processed, understood the matters subject to the information, and learned about his/her legal rights regarding the said records pursuant to Article 10 “Obligation of Controller to Inform” of Law No. 6698 on Protection of Personal Data.
We may update this text without any notice to you; for this reason, we recommend that you review this text regularly.
Last Update: 21.04.2021