İlkbahar Mh. 616. Sk. No:5 Çankaya/Ankara
Mutlukent Mh. 2041. Sk. No:16 Çankaya/Ankara
+90 501 105 1099
Menu
İlkbahar Mh. 616. Sk. No:5 Çankaya/Ankara
Mutlukent Mh. 2041. Sk. No:16 Çankaya/Ankara
+90 501 105 1099
This Personal Data Protection and Processing Policy has been prepared by CY Education Construction Industry and Trade Limited Company – Private Oran Nursery and Daycare (“Institution”) within the scope of the Personal Data Protection Law No. 6698 and aims to provide information about the Institution’s principles and procedures regarding the processing and transfer of personal data shared or generated by users, visitors, and other persons (“User or Data Owner”) while using the content on the Institution’s official website at https://www.oranmontessori.com (“Website”). In accordance with these principles and procedures, the Institution takes all necessary administrative and technical measures to protect and process personal data.
Purpose of the Personal Data Protection and Processing Policy
The purpose of the Personal Data Protection and Processing Policy (“Policy”) is to regulate the principles and procedures concerning the processing, protection, and, when necessary, deletion of personal data within the scope of the Personal Data Protection Law No. 6698. In this regard, it aims to protect the fundamental rights and freedoms of individuals, particularly the right to privacy as regulated under Article 20 of the Constitution, to the maximum extent possible, and to inform Data Owners about the Institution’s obligations and the procedures it applies under the Personal Data Protection Law No. 6698. The primary and most significant goal of this Policy is to protect the privacy rights and data security of Data Owners.
Scope of the Personal Data Protection and Processing Policy
This Policy has been prepared for:
In addition, it applies to all real persons other than those specified above.
The Institution provides information about the Personal Data Protection Law No. 6698 by publishing this Policy on its website at https://www.oranmontessori.com.
This Policy applies to the processing of the personal data of the aforementioned individuals, either fully or partially through automated means or through non-automated means that form part of any data recording system, by the Institution under the scope of the Personal Data Protection Law No. 6698. If the data does not fall within the definition of “Personal Data” as specified below, or if the personal data processing activities conducted by the Institution are not carried out through the methods specified above, this Policy shall not apply.
While implementing this Policy, the following definitions under the Law will be used by our Company:
| Explicit Consent | Consent explicitly provided, grounded in information and freely expressed with regard to a specific matter. |
| Anonymization | It is the process of rendering personal data, even when matched with other data, in such a way that it can no longer be associated with an identified or identifiable real person. |
| Company | Refers to CY Education Construction Industry and Trade Limited Company – Private Oran Nursery and Daycare. |
| Company/Institution Official | Members of the board of directors and other authorized individuals of CY Education Construction Industry and Trade Limited Company. |
| Company/Institution Shareholder | Real persons who are shareholders of CY Education Construction Industry and Trade Limited Company. |
| Company Business Partner, Business Partner’s Shareholder, Official, or Employee | All real persons who are in any business relationship with the Institution or who are shareholders, officials, or employees of legal entities engaged in business relationships with the Institution (e.g., business partners, suppliers). |
| Job Candidate | Real persons who have applied for a job with our Institution through any means or who have opened their resumes and related information for review by our Company. |
| Company Customer | Real persons who use or have used the services provided by our Institution, regardless of whether they have a contractual relationship with the Institution. |
| Potential Customer | Real persons who have requested or shown interest in using our services, or who are assessed to have such interest based on commercial practices and the principles of good faith. |
| Third Party | Persons who are not covered by the CY Education Construction Industry and Trade Limited Company Personal Data Protection, Processing, and Deletion Policy and do not fall into any Personal Data Owner category specified in this Policy. |
| Visitor | All real persons who enter the physical premises of our Institution for various purposes or visit our websites for any reason. |
| Law | Refers to the Personal Data Protection Law No. 6698. |
| Secondary Legislation | Refers to any regulation, circular, communiqué, principle decision, or similar administrative decision or general opinion issued or adopted by the Personal Data Protection Authority under the Law. |
| Relevant Users | It refers to individuals who process personal data within the data controller organization or in accordance with the authorization and instructions received from the data controller, excluding those responsible for the technical storage, protection, and backup of the data. |
| Personal Data | It refers to any information related to an identified or identifiable real person. |
| Processing of Personal Data | It refers to any operation performed on personal data, such as obtaining, recording, storing, preserving, altering, reorganizing, disclosing, transferring, acquiring, making retrievable, classifying, or preventing its use, either fully or partially through automated means or by non-automated means as part of any data recording system. |
| Board | Refers to the Personal Data Protection Board. |
| Authority | Refers to the Personal Data Protection Authority. |
| Sensitive Personal Data – Special Categories of Personal Data | Personal data concerning a person’s race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance, association or trade union memberships, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data. |
| Data Processor | A real or legal person who processes personal data on behalf of the data controller under the authority given by the data controller. |
| Data Recording System | A system in which personal data is processed by being structured according to specific criteria. |
| Data Owner | Refers to the real person whose personal data is processed and who is defined as the “Relevant Person” under the Law. Data Owners include customers, internet users, individuals in communication, email, and marketing database lists, employees, contract parties, and suppliers. |
| Data Controller | Refers to the real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. |
| Erasure | Refers to rendering personal data inaccessible and unusable for Relevant Users in any way. |
| Deletion | Refers to rendering personal data inaccessible, unrecoverable, and unusable by anyone in any way. |
| Personal Data Protection, Processing, and Deletion Policy | Refers to the policy prepared by the Institution within the framework of the Personal Data Protection Law and related regulations, regulating the procedures and principles regarding the protection, processing, erasure, and deletion of personal data. |
Enactment of the Personal Data Protection and Processing Policy
The Personal Data Protection and Processing Policy, prepared by CY Education Construction Industry and Trade Limited Company – Private Oran Nursery and Daycare, is made available to relevant individuals upon request, following its publication on the Company’s website (https://www.oranmontessori.com), starting from the date of its release.
Protection of Personal Data within the Scope of the Company/Institutional Policy
Security of Personal Data
Our institution takes all necessary technical and administrative measures to ensure the protection of personal data in accordance with the Law on the Protection of Personal Data No. 6698, preventing the unlawful processing and access to personal data, and ensuring its proper storage with an appropriate level of security.
Audit
Our institution conducts and facilitates the necessary audits to establish the data security mentioned above and to ensure the regularity and continuity of the measures taken.
Confidentiality
Our institution takes all necessary technical and administrative measures, according to technological capabilities and operational costs, to prevent relevant data controllers and data processors from disclosing personal data to third parties or using it for purposes other than the intended processing purpose, in violation of the Law and Policy provisions. In this context, informational and training activities regarding the Law and Policy are conducted with our institution’s employees, and confidentiality agreements are signed.
Unauthorized Disclosure of Personal Data
In the event that Personal Data processed by our institution is obtained by others through unlawful means, our institution shall take the necessary actions to promptly notify the relevant Personal Data Owner and the Personal Data Protection Authority (Authority). If deemed necessary by the Authority, this situation may be publicly disclosed on the Authority’s website or through another method deemed appropriate by the Authority.
Protection of the Legal Rights of Personal Data Owners
Our institution ensures the protection of the legal rights of Personal Data Owners in accordance with the Policy and the Law, and takes all necessary measures to safeguard these rights.
Protection of Sensitive Personal Data
As specified in the Definitions section, sensitive personal data includes information regarding individuals’ race, ethnicity, political views, philosophical beliefs, religion, sect, or other beliefs, attire, membership in associations, foundations or trade unions, health, sexual life, criminal convictions, security measures, as well as biometric and genetic data. Our institution acknowledges that the disclosure of such sensitive personal data may lead to harm or discrimination against the individual concerned. Therefore, all necessary precautions are meticulously taken to protect such personal data, which is processed in compliance with the law.
General Principles for the Processing of Personal Data under Our Institutional Policy
Personal Data processed by our institution is handled in compliance with the Personal Data Protection Law No. 6698 and the procedures and principles set forth in this Policy. Our institution processes Personal Data in accordance with the following principles:
Compliance with Legal Rules and the Principle of Integrity
Our institution processes Personal Data in full compliance with the Personal Data Protection Law No. 6698, its related regulations, and applicable private law and customary law, ensuring the utmost integrity. Personal Data is handled in accordance with legal boundaries and used in a manner that adheres to proper procedure.
Accuracy and Currency
Our institution ensures that the Personal Data it processes is accurate and up-to-date, taking into account the fundamental rights and legitimate interests of the Personal Data Owners. This includes paying careful attention to the identification of data sources, verifying the accuracy of the data, and assessing the necessity of updating the data.
Processing for Identifiable, Legitimate, and Specific Purposes
Our institution clearly defines the purpose for processing Personal Data and ensures that this purpose is legitimate. The legitimacy of the purpose means that the processed Personal Data must be relevant and necessary for the work or service provided by our institution.
Relevance, Limitation, and Proportionality
Our institution ensures that the Personal Data processed is suitable for achieving the specified purposes and refrains from processing Personal Data that is unrelated or unnecessary for the accomplishment of these purposes. To meet potential future needs, the processing of data must comply with one of the conditions prescribed by the Law, as if starting the processing for the first time. Additionally, the data processed is strictly limited to what is necessary to achieve the specified purpose.
Retention for the Period Required by the Relevant Law or the Purpose for Which It Was Processed
Our institution complies with the retention periods stipulated by the relevant regulations, where applicable. Otherwise, Personal Data is retained only for the duration necessary to fulfill the purpose for which it was processed. If there is no valid reason to retain a specific Personal Data further, the data is deleted, destroyed, or anonymized.
Conditions for the Processing of Personal Data under Our Institutional Policy
Our institution does not process Personal Data without the explicit consent of the data owner. However, our institution may process Personal Data without the explicit consent of the data owner in the presence of one of the following conditions:
Where Clearly Stipulated by Relevant Laws
Our institution may process the Personal Data of Data Owners even without explicit consent in cases explicitly provided for by law.
In Case the Data Owner is Incapable of Expressing Consent Due to Physical Impossibility or Where Legal Validity is Not Recognized for Consent, and It Is Necessary for the Protection of the Life or Physical Integrity of the Individual or Another Person
In cases where consent cannot be expressed or is not legally valid, Personal Data may be processed without explicit consent if necessary for the protection of the life or physical integrity of the individual. In cases where medical intervention is required, Personal Data of the Data Owner may be processed, such as blood type, past illnesses, surgeries, and medications, through the relevant health system.
When Necessary for the Conclusion or Performance of a Contract, Provided It Is Directly Related to the Contracting Parties’ Personal Data
Personal Data may be processed by our institution in relation to the conclusion or performance of a contract.
Where Necessary for the Data Controller to Fulfill a Legal Obligation
If it is necessary for our institution to request and disclose personal data from official institutions or organizations to resolve or clarify a situation, the data controller may share the required personal data to fulfill its legal obligations.
When the Data Owner Has Made It Public
Personal Data that has been made public by the Data Owner, or in other words, any Personal Data disclosed to the public, may be processed by our institution. Since such data, once made public by the Data Owner, becomes accessible to everyone, it is accepted that the legal benefit requiring protection no longer exists, and therefore, such data may be processed.
When Processing is Necessary for the Establishment, Exercise, or Protection of a Legal Claim
Personal Data may be processed without explicit consent if necessary for the establishment, exercise, or protection of a legal claim, or where the processing is necessary for the legitimate use or protection of a legally recognized right.
When Processing is Necessary for the Legitimate Interests of the Data Controller, Provided It Does Not Violate the Fundamental Rights and Freedoms of the Data Owner
Our institution may process Personal Data for its legitimate interests without violating the fundamental rights and freedoms of the Data Owner, in compliance with the Law and Policy. Our institution ensures that the basic principles of personal data protection are followed, and a balance is maintained between the interests of the institution and the Data Owners.
Conditions for the Processing of Sensitive Personal Data under Our Institutional Policy
Our institution does not process Sensitive Personal Data (“Special Categories of Personal Data”) Special Categories of Personal Data without the explicit consent of the data owner. However, Personal Data other than health and sexual life may be processed without the explicit consent of the data owner in cases stipulated by law. Health and sexual life-related Personal Data may only be processed by our institution without the explicit consent of the data owner in cases where it is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment, and care services, the planning and management of health services and their financing, and where we are under an obligation of confidentiality. In all other cases, explicit consent is required from the Data Owner for processing. Our institution ensures that necessary measures, as determined by the Board, are taken for the processing of Special Categories of Personal Data, and the necessary follow-up and compliance with precautionary measures are strictly adhered to.
Deletion, Erasure, or Anonymization of Personal Data under Our Institutional Policy
Although Personal Data may have been processed in compliance with the Law and other relevant regulations, if the reasons for processing no longer exist, the Data Controller shall delete, destroy, or anonymize the Personal Data either ex officio or upon the request of the Data Owner. Provisions in other laws regarding the deletion, destruction, or anonymization of Personal Data remain applicable.
Transfer of Personal Data under Our Institutional Policy
Personal Data may be transferred in the following cases:
Institutional Policy Regarding the Transfer of Personal Data Abroad
Our institution may transfer Personal Data and Sensitive Personal Data to third parties abroad in accordance with the purposes of data processing, while ensuring necessary security measures are in place. In this regard, as outlined in the relevant laws, the institution may transfer personal data to foreign countries where the Personal Data Protection Authority (Authority) has declared that sufficient protection exists, or, in cases where no such protection is available, to foreign countries where the data controllers in both Türkiye and the foreign country have committed, in writing, to provide adequate protection, and the transfer is authorized by the Authority. These countries will be announced by the Authority.
Institutional Policy Regarding the Classification of Personal Data
Under the Personal Data Protection Law No. 6698, our institution classifies Personal Data into various categories, which are outlined below:
Identity Information of the Data Owner
Includes personal data such as:
Contact Information of the Data Owner
Includes personal data such as:
Transaction Security Information of the Data Owner
Includes data related to the technical, administrative, legal, and commercial security of the institution and the data owner during the internal and external operations of the institution.
Financial Information of the Data Owner
Includes financial data such as:
Visual and Auditory Information of the Data Owner
Includes data such as photographs, video recordings, and audio recordings.
Personal Employment Information of the Data Owner
Includes data processed to protect the personal rights of individuals within a working relationship with the institution.
Family and Close Relatives Information of the Data Owner
In the context of the activities and operations of the institution or companies and organizations in cooperation with it, or to protect the legal and other interests of the institution and the Personal Data Owner, personal data regarding the family members (e.g., spouse, mother, father, children), relatives, and other individuals who can be contacted in case of emergency, including identity and contact information as defined above.
Physical Space Security Information of the Data Owner
Personal data related to records and documents taken during entry into the physical space and while staying within the physical space:
Legal Transaction Information of the Data Owner
Includes data related to legal rights and obligations, such as the identification and tracking of debts and rights.
Sensitive Personal Information of the Data Owner
Includes sensitive data as defined under Article 6 of the Personal Data Protection Law No. 6698, such as:
Request/Complaint Management Information of the Data Owner
Includes data related to the reception and evaluation of any requests or complaints directed to the institution.
Purposes of Personal Data Processing under Our Instution Policy
In order to fulfill the obligation to inform under Article 10 of the Personal Data Protection Law No. 6698, our organization provides data owners with information regarding the purposes for which Personal Data will be processed, and to whom and for what purposes the processed data may be transferred.
Your personal data is processed within the scope of the conditions specified in Articles 5 and 6 of the Law, limited to the following purposes: to plan and implement our human resources policies in the best possible way, to accurately plan and execute our commercial partnerships and strategies, to ensure the legal, commercial, and physical security of our organization and business partners, to ensure the corporate functioning of our organization, to carry out activities to allow you to benefit from the products and services offered by our organization in the best possible way; to customize the products and services offered by our organization according to your requests, needs, and desires, and to recommend them to you, to ensure the highest level of data security, to create databases, to develop the services offered on our organization’s website, to communicate with those who submit requests and complaints to our organization, and to fix any issues occurring on our organization’s website.
Purposes of Transferring Personal Data within the Framework of Our Policy
The personal data of the data owner may be transferred for the following purposes: to plan and implement our human resources policies in the best possible way, to plan and implement our commercial partnerships and strategies accurately, to ensure the legal, commercial, and physical security of our institution and business partners, to ensure the institutional functioning of our organization, to provide services and products that best serve your needs, to offer personalized products and services based on your requests, needs, and preferences, to ensure the highest level of data security, to create databases, to develop the services offered on our institution’s website, to communicate with those who submit requests and complaints to our institution, and to fix any errors on our website. The personal data will be transferred within the scope of the conditions specified in Articles 8 and 9 of the Law, and only to the extent necessary for the above purposes.
Persons to Whom Personal Data May Be Transferred within the Framework of Our Policy
The personal data of the data owner may be transferred to:
Method of Personal Data Collection and Legal Basis within the Framework of Our Policy
In accordance with Article 1, which regulates the purpose of the Law on the Protection of Personal Data No. 6698, and Article 2, which defines the scope of the law, Personal Data is collected for the purpose of ensuring compliance with the nature of supervision. Personal data is collected through:
The data is collected within the framework of legal reasons based on legislation, contracts, requests, and wishes to fulfill the responsibilities arising from the law, and to achieve the purposes stated in the policy.
After these collection methods, the data is processed by our institution or by data processors assigned by our institution.
Deletion, Erasure, or Anonymization of Personal Data within the Framework of Our Policy
With the exception of provisions in other laws regarding the deletion, destruction, or anonymization of personal data, our institution, in compliance with the Law on the Protection of Personal Data No. 6698 and other legal provisions, will delete, destroy, or anonymize personal data ex officio or upon the request of the data owner when the reasons necessitating its processing no longer exist, even though the data has been processed in accordance with the law.
The deletion of personal data means that the data will be destroyed in such a way that it can no longer be used or retrieved in any way. Accordingly, personal data is deleted in a way that it cannot be recovered from documents, files, CDs, diskettes, hard disks, or similar devices where it was stored.
The destruction of personal data refers to the disposal of materials suitable for storing data, such as documents, files, CDs, diskettes, and hard disks, in such a way that the information can no longer be retrieved or used.
Anonymizing data means that even if personal data is matched with other data, it can no longer be associated with an identified or identifiable real person.
Retention Period of Personal Data within the Framework of Our Policy
Our institution retains personal data in accordance with the periods stipulated by the Law on the Protection of Personal Data No. 6698 and other relevant regulations. If there is no specific retention period specified in the Law on the Protection of Personal Data No. 6698 and other relevant regulations, personal data will be processed for as long as necessary to fulfill the purpose for which it was collected and will be deleted, destroyed, or anonymized after that.
Informing the Data Owner within the Framework of Our Policy
Our institution informs data owners during the collection of personal data in accordance with Article 10 of the Law on the Protection of Personal Data No. 6698. In this context, the identity of the representative of the institution (if any), the purpose for which personal data will be processed, the parties to whom the data will be transferred and the purposes of such transfer, the method and legal basis of data collection, and the rights of the data owner are provided.
Rights of the Data Owner under the Personal Data Protection Law (KVKK) within the Framework of Our Policy
Our institution, in accordance with Article 10 of the Law on the Protection of Personal Data No. 6698, informs everyone about their rights, provides guidance on how these rights can be exercised, and ensures all necessary internal processes, administrative, and technical arrangements. In accordance with Article 11 of the Law, our institution informs data owners whose personal data has been collected of their rights, including:
We clarify that these rights are provided to data owners.
To exercise these rights under the Law on the Protection of Personal Data No. 6698, you can submit your requests to our institution in writing, using the Personal Data Protection Law Data Owner Application Form, with a secure electronic signature or through other methods determined by the Personal Data Protection Authority (“Authority”), to the address specified in the application form. Our institution will respond to your requests free of charge, in accordance with the nature of the request, within the shortest time possible and no later than thirty days. However, if the process requires additional costs, the fee determined by the Authority may be charged.
Our institution may either accept the request or reject it with a justified explanation and notify the person concerned in writing or electronically. If the request is accepted, our institution will fulfill the necessary actions. If the request is rejected due to an error of our institution, any fee collected will be refunded to the data owner.
In the event that the request is rejected, the response is deemed insufficient, or no response is provided within the specified period, the data owner has the right to file a complaint with the Authority within thirty days from the date they learn of the response, and in any case, within sixty days from the application date.
Situations Where the Policy and Law Will Not Be Fully or Partially Applied Within the Scope of Our Institution’s Policy
According to Article 28 of the Personal Data Protection Law No. 6698, Employee Personal Data Owners will not be able to assert their rights in the following cases.
Personal data being processed by real persons in connection with activities solely related to themselves or family members living in the same household, provided that the data is not shared with third parties and the obligations regarding data security are complied with.
Personal data being processed for research, planning, and statistical purposes by anonymizing it through official statistics.
Personal data being processed for artistic, historical, literary, or scientific purposes, or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life, or personality rights, or does not constitute a crime.
Personal data being processed within the scope of preventive, protective, and intelligence activities carried out by public institutions and organizations authorized by law for the purpose of ensuring national defense, national security, public security, public order, or economic security.
Personal data being processed by judicial authorities or enforcement agencies in relation to investigation, prosecution, trial, or execution procedures.
In accordance with Article 28/2 of the Personal Data Protection Law No. 6698, the provisions of Articles 10 (regarding the obligation of clarification) and 11 (regarding the right to request the removal of damages) of the Law, which regulate the rights of the relevant person, will not apply in the following situations, provided that it is in line with the purpose and basic principles of this Law and is proportional:
Personal data processing being necessary for the prevention of a crime or criminal investigation.
Processing of personal data made public by the data owner.
Personal data processing being necessary for the execution of supervisory or regulatory duties by public institutions and organizations or professional organizations with the status of public institutions, in accordance with the powers granted by law, or for disciplinary investigation or prosecution.
Personal data processing being necessary for the protection of the State’s economic and financial interests in relation to budget, tax, and financial matters.
Classification of Personal Data Owners Within the Scope of Our Institution’s Policy
Only real persons can benefit from the protection under this Policy and Law; the Personal Data Owners within this scope are grouped as follows:
| Job Candidate | Real persons who have applied for a job with our Institution through any means or who have opened their resumes and related information for review by our Company. |
| Business Partner, Shareholder, Authorized Person, Employee of the Business Partner | All real persons who are in any business relationship with the Institution or who are shareholders, officials, or employees of legal entities engaged in business relationships with the Institution (e.g., business partners, suppliers). |
| Company Customer | Real persons who use or have used the services provided by our Institution, regardless of whether they have a contractual relationship with the Institution. |
| Potential Customer | Real persons who have requested or shown interest in using our services, or who are assessed to have such interest based on commercial practices and the principles of good faith. |
| Company/Institution Shareholder | Real persons who are shareholders of CY Education Construction Industry and Trade Limited Company. |
| Company/Institution Authorized Person | Members of the board of directors and other authorized individuals of CY Education Construction Industry and Trade Limited Company. |
| Third Party | Persons who are not covered by the CY Education Construction Industry and Trade Limited Company Personal Data Protection, Processing, and Deletion Policy and do not fall into any Personal Data Owner category specified in this Policy. |
| Visitor | All real persons who enter the physical premises of our Institution for various purposes or visit our websites for any reason. |
Matching of Personal Data with Personal Data Owners Within the Scope of Our Institution’s Policy
The matching of the classified Personal Data, as defined and scoped above, with the classified Personal Data Owners is presented below.
| Identity Information | Company Shareholder; Company Authorized Person; Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Authorized Person, Employee of the Business Partner; Candidate Employee; Visitor; Third Parties |
| Contact Information | Company Business Partner, Shareholder, Authorized Person, Employee of the Business Partner; Candidate Employee; Third Parties |
| Transaction Security Information | Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Authorized Person, Employee of the Business Partner; Candidate Employee; Visitor; Third Parties |
| Financial Information | Company Shareholder; Company Authorized Person; Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Authorized Person, Employee of the Business Partner; Candidate Employee; Visitor; Third Parties |
| Visual and Auditory Information | Company Shareholder; Company Authorized Person; Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Authorized Person, Employee of the Business Partner; Candidate Employee; Visitor; Third Parties |
| Personnel Information | Company Business Partner, Shareholder, Authorized Person, Employee of the Business Partner; Candidate Employee; Third Parties |
| Family Members and Close Relations Information | Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Authorized Person, Employee of the Business Partner; Candidate Employee; Visitor; Third Parties |
| Physical Security Information | Company Shareholder; Company Authorized Person; Company Business Partner, Shareholder, Authorized Person, Employee of the Business Partner; Candidate Employee; Visitor; Third Parties |
| Legal Transaction Information | Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Authorized Person, Employee of the Business Partner; Third Parties |
| Sensitive Personal Information | Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Authorized Person, Employee of the Business Partner; Candidate Employee; Visitor; Third Parties |
| Request/Complaint Management Information | Company Customer; Group Company Customer; Potential Customer; Company Business Partner, Shareholder, Authorized Person, Employee of the Business Partner; Candidate Employee; Visitor; Third Parties |
