The confidentiality of your life and your information is important to us. This Data Protection Policy ("Policy") aims to ensure that the personal data of the employees, customers, business partners, authorized representatives, prospective customers, candidate employees, interns, visitors and suppliers of ALD SA and ALD Automotive Turizm Ticaret A.Ş. (“ALD Automotive” or the “Company”), as well as the employees of the institutions/customers/suppliers working in collaboration with our Company (e.g. drivers of the leased cards, customers' Business-to-Business contact persons, fleet managers, etc.), and third parties and other people including but not limited to those listed above (shall hereinafter be referred to as "Data Subject" or "Data Subjects" collectively) are processed and protected under the law when you use our products and services our website. In this respect, the Policy has been prepared with the aim of providing you with information on how we collect, retain, use and disclose your personal data when we contact with the above mentioned people.
This Policy also describes the terms and conditions we comply with during the processing and protection of the information. In this context, this Policy has been prepared with a view to ensuring that the personal data to be processed by our Company while carrying out activities are processed in line with the provisions of mainly the Law No. 6698 on the Protection of Personal Data (“LPPD”) and the other applicable legislation and in a lawful manner. In addition, the Policy also aims to ensure that lawful processing of personal data becomes a company policy, the Data Subjects are informed about the personal data processed by our Company and to ensure transparency. In this respect, ALD Automotive processes personal data in the light of the following principles and rules as explained in detail in this Policy:
ALD Automotive understands the importance you attach to the confidentiality of your personal data. Below we describe how we acquire and use that information and outline your rights. Please read this carefully, so that the process is as fair, transparent and secure as possible.
The following principles are central to how we process your personal information in line with Article 4 of the LPPD
Transparency and fairness: When we collect and process your personal information, we provide you with information on who gathers and receives the data, and the reasons thereof. We always obtain your prior consent for these acts when required under the laws (e.g. before we collect sensitive information or send direct marketing materials). We never use your personal data for purposes other than those specified herein.
Lawfulness: ALD Automotive does not collect or process personal data without a legal cause or without the knowledge of the Data Subjects. We use your personal information for legitimate business purposes (i.e. providing services, managing customer relations, managing customers' vehicle fleets or ensuring that invoicing is performed accurately or carrying out marketing activities, performing customer profiling with a view to providing customers with better service, conducting customer satisfaction surveys, preparing reports on the issue and fulfilling our legal obligations). We do not use personal data in a manner to cause injustice against the Data Subject, or to exceed the intended purpose of collecting the personal data. We process personal data proportionately in accordance with the intended purpose of their collection.
Minimization: We collect personal information to the extent required for data processing activities described herein, and we do not process personal data for purposes which do not exist at the time of processing of personal data, but which are expected to arise in future. We collect sensitive information only when they are relevant. We take all measures for ensuring that your personal data entered into records are kept accurate, complete and up-to-date.
Privacy: We attach importance to your privacy when processing your personal data. In this respect, we consider making interventions to privacy to ensure that the measures we take on the issue are sufficient and that your information is protected.
For how long do we keep your personal data?
We keep your personal information as long as your business relationship with ALD Automotive continues, or to the extent allowed by local laws or required by ALD Automotive for fulfilling its legal obligations.
If there is an ongoing litigation process, we may keep your personal information until the resolution of the litigation process including any potential appeal processes. We then either delete or archive this information in accordance with the applicable law.
In all cases, your personal data shall not be kept in an identifiable manner for any period longer than required for the archiving purposes which require ALD Automotive to collect or process the same, or longer than required by the applicable law. We delete, destroy or anonymize your personal data upon the expiry of this term or if the grounds necessitate to process your data cease to exist.
How do we ensure the safety and integrity of your personal data?
In accordance with Article 12 of the LPPD, we take necessary technical and administrative measures to prevent unlawful processing of, and access to, the personal data we process, and to maintain the appropriate level of security in order to ensure that the data are protected under the law.
Thus, we either audit or have audited ourselves in accordance with Article 12 of the LPPD.
We have established and implemented a system which enables notifying the Data Subject and the Personal Data Protection Board (the “Board”) if personal data is acquired by the third parties unlawfully. If deemed necessary by the Board, this may be announced on the website of the Board or through any other means.
Teams and employees of our company are entitled to access this information on a need-to-know basis. Thus, we have established administrative rights and policies at our company, and have taken any and all precautions to ensure that the employees, consultants and service providers keep your files confidential. The principal technical and administrative measures taken to prevent unlawful processing of personal data, prevent unlawful access to these data and to ensure that personal data are kept in accordance with the law are listed below:
- The technological investments to be made for ensuring the safety of personal data have been planned with the costs thereof being determined.
- Employees experienced on technical aspects of data protection are employed.
- The technical measures taken are reported to the Data Subject as required by the internal audit mechanism, and the risky issues are reassessed and necessary technological solutions are introduced.
- Software applications and hardware containing virus protection systems and safety walls are installed.
- Appropriate back-up applications are used for ensuring safe storage of personal data.
- Employees are informed and trained on the personal data protection law and technical measures to be taken for the lawful processing of personal data and prevention of unlawful access to personal data. The training explains that employees may not disclose the personal data they acquired in violation of the provisions of the LPPD, they cannot use these data for any purpose other than the intended purpose of processing and that their obligation will continue even upon the expiry of their office.
- The Company obtained consultancy services from an international consultancy company to determine the actions to be taken by the Company, to analyze the personal data processed by the business units and to ensure compliance with the LPPD. The Company started working on the circumstances where access is deemed unnecessary.
- All activities carried out by our Company have been analyzed in detail for all business units, and the activities carried out by the business units as a result of this analysis have been reflected to a detailed and process-based personal data inventory.
- The Company started working on fulfilling our legal obligations related to such inventory, company documents have been examined with respect to the LPPD, necessary changes were made thereon and missing documents were completed.
- Internal policies were issued to ensure the supervision of the aforementioned measures and the sustainability of the implementation.
- Processes of access to personal data and authorization are designed in the company in relation to process-based inventories in line with the legal requirements.
- Our Company agreements executed with the parties with whom personal data is lawfully shared, are revised and additional contractual provisions are implemented which require the transferees of personal data to take necessary security measures for the protection of personal data and have their organization complied with such measures (e.g. agreements executed with the service provider companies).
How can you indicate your preferences about the use of your personal data?
You have the following rights related to the processing of your personal data pursuant to Article 11 of the LPPD.
Withdrawal of consent If you have given explicit consent for the processing of your information, you may withdraw this consent at any time you like.
Access You may ask to access your personal data we keep. If you make such a request, we will provide you with all existing information about all processing purposes, categories of processed data, categories of recipient parties, duration of data storage, (if applicable) your rights related to correction and deletion of or, restriction of access to, the accessible information.
Restriction You may file restriction requests in the following cases:
- If you file any objection alleging that your personal information is not correct, during the term to be sufficient for allowing ALD Automotive to confirm the accuracy of your personal information;
- If data processing is unlawful and you intend to restrict access to your personal information;
- Cases where you want ALD Automotive to keep your personal information since you will need it for your defense to be made in relation to legal claims;
- If you objected to the processing of your data, but if ALD Automotive needs to check if there is a legitimate cause related to this processing (in this case, your right of objection will be invalid).
Correction / Deletion You may request us to correct, change, delete or destroy any missing, out of date or faulty information.
You may request us to delete your personal information in the following cases:
- When your personal information is not required for the purposes of data processing;
- In case of processing on the basis of an exclusively-obtained consent, if you withdraw this consent;
- If you objected to data processing;
- Cases where deletion of personal information is necessary for ALD Automotive to fulfill a valid legal obligation. In this case, we will take reasonable measures to inform the other ALD Automotive entities which are involved in the processing of the said data subject to deletion process.
Objection When your personal information is used for sending targeted marketing materials to you or customer profiling purposes, you may object to the processing of your personal information or their sharing with third parties or internally within ALD Automotive Group.
Complaint In addition, you are also entitled to file a complaint before the Personal Data Protection Authority.
You may also give us instructions for storage, deletion or disclosure of your personal data upon your death. These may be either be general or specific instructions.
To exercise the above-listed rights, please contact ALD Automotive at firstname.lastname@example.org . You can send us your requests related to your right to acquire information to our Company free of charge using the below methods:
1) Filling in and signing the Right to Information Application Form that you can reach by clicking the link, and delivering the original signed copy of it in person to the address of ALD Automotive Turizm Ticaret A.Ş. Kavacık Ticaret Merkezi, Rüzgarlıbahçe mah., Kavak Sok. No:18 Blok, Istanbul.
2) Filling in and signing the Right to Information Application Form that you can reach by clicking the link and sending the original signed copy of it via notary public to the address of ALD Automotive Turizm Ticaret A.Ş. Kavacık Ticaret Merkezi, Rüzgarlıbahçe mah., Kavak Sok. No:18 Blok, Istanbul.
3) Filling in the Right to Information Application Form that you can reach by clicking the link, completing it with your "secure electronic signature" as per the Electronic Signature Law No. 5070, and sending the secure e-signed form to the address of email@example.com via registered e-mail.
It is not possible for the third parties to exercise the right to obtain information under Article 11 of the LPPD on behalf of the Data Subjects. In order for a Data Subject to file a request related to the personal data of someone else other than himself/herself, the Data Subject should submit the original signed and notarized copy of the special power of attorney issued to the name of the person, on whose behalf the Data Subject will file an application.
If the transaction requested by the Data Subjects require an additional cost, our Company may impose the charge specified in the tariff determined by the Board. The procedure for depositing this fee shall be set forth in the Application Form.
If the Data Subjects send their request to our Company in accordance with the procedure set forth in the Policy, our Company will resolve the request as soon as possible and within thirty days at the latest.
Our Company may request information/documents from the Data Subject in order to certify whether the applicant is the Data Subject. Our Company may ask questions to the Data Subject in relation to his/her request in order to clarify issues related to the filed application.
Pursuant to Article 14 of the LPPD, Data Subjects may file a complaint with the Board within thirty days starting from the date they learn the response of our Company and within sixty days in all cases upon the date of application, if the application is rejected or the response given is deemed insufficient or a response is failed to be given within due time.
Special conditions related to your personal data
Which activities are carried out during data collection and which parties are involved in the process?
This Policy shall be valid for all data resources collected and processed by ALD Automotive within the scope of various Group activities we carried out across the world such as the use of corporate car leasing services, private vehicle leasing services, places of sale, third-party resources, our websites and mobile applications and all registered processing activities.
We may collect and process your personal information through our company head office, website, mobile or digital applications, call center, contracted dealers, etc.
Who controls data?
ALD Automotive carries out the above-described data processing activities in Turkey. This section provides the rules to be applicable for the processing of your personal information by ALD Automotive as the data controller.
Our Company informs the Data Subjects during the acquisition of personal data in accordance with Article 10 of the LPPD and the Information Communiqué. In this regard, our Company provides information on the identity of ALD Automotive and (if any) its representative, for which purposes personal data will be processed, to whom and for which purposes the processed personal data may be transferred, the method and legal ground of collecting personal data and the rights of the Data Subjects under Article 11 of the LPPD. As a rule, we obtain the explicit consent of the Data Subjects for processing their personal data. The express consent of the Data Subjects is not considered necessary in case of the personal data processing conditions set forth in Article 5/2 or Article 6/3 of the LPPD. We provide the Data Subjects with the opportunity to declare their explicit consent on a particular subject at their free will and on an informed basis.
How do we use your personal information?
We process your personal information in order to provide you with better service.
To this end, we may use your personal information in case of following circumstances:
(a) When required for the purposes set forth in the Agreement:
(i) Managing our existing relationship with you and your company at a general level (ALD Automotive Affiliates), responding to potential requests, opening customer accounts, fulfilling your orders for our services and activities, managing events, sending you information related to your agreement, answering your questions and verification requests, providing customer services, account management, providing support service, training our employees involved in these activities and providing other services related to your account;
(ii) For partnership shareholders: reports and fleet management services supported by other applications; key accounts; assistance for the call center and providing tracking services for international key accounts' fleets;
(iii) In line with international customer relationship management purposes and within the scope of car leasing services with (ALD SA) subsidiaries, performing customer satisfaction and quality measurements in relationships with customers managed by ALD SA at a global level, bringing together quality information from around the world in order to determine the quality of the services offered by the company, presenting to the management the results of surveys held on products, services or content, and following-up the customers’ requests and after-sales services;
(iv) Using online platform related to the marketing of used cars arising from lease agreements, presenting to professional tradesmen customer satisfaction surveys about car leasing services for their remarketing (carried out by the Affiliates of ALD Automotive);
(v) Bringing together invoices and profitability targets, submitting financial reports to ALD Officers (from Sales, Procurement, Finance and Risks, Pricing and Insurance Departments) about the operating performance, procurements and ongoing lawsuits of ALD Group;
(vi) Providing drivers with car tracking applications (e.g. Ecodrive), or submitting fleet management instruments to managers;
(vii) Reporting customer satisfaction survey results.
(b) Upon your consent and within your knowledge
(i) Marketing purposes: Subject to your approval when required, we may use information about you for informing you about new offers for you and special offers which you may consider important, or marketing communications and newsletters; we may analyze your customer profile or preferences, and contact you via automated tools or SMS or e-mail, or send you leaflets and carry out multi-channel marketing campaigns;
(ii) Customer satisfaction: On the basis of targeted marketing tools and analysis, we may send you surveys through which we may carry out qualitative analyses for our products and services;
(iii) In addition, we may request your participation in marketing activities, games or tests through our mobile applications and/or websites;
(iv) Websites & Cookies and Newsletters: We may collect your information via cookies in order to mainly save time for you and remember your preferences and parameters (e.g. language preferences), ensure that you can log on to our website, fight against fraud, and analyze the performance of our services on our website, and thus support your navigation on our website and enhance our experience with you.
This kind of information is useful for the improvement of our websites and applications, and will help understanding better the products and services you may prefer.
Even though we use functional cookies in order to facilitate the use of our website or applications, you may inform us on your preferences related to cookies which are used for behavioral targeted advertisements via the confidentiality settings on your browser. This kind of preferences consists of preferences such as prevention of the storage of the information on the terminal or of the processing of information which is already stored on this terminal, and shall be valid as long as you do not activate the function allowing storage or processing.
(v) Customer profiling: We may use your personal information to have a better understanding of issues that are of interest to you or about which you are concerned, improve our website and services, customize your experience with us, and to align our marketing activities with your requirements and areas of interest. We believe that providing you with better service and, when required under the regulations, meeting your requirements will prove beneficial also to us.
(vi) Performing customer screenings, loan control and "Know-Your-Customer" data processing within the scope of white label partnerships with international customers (in other words ALD Automotive's customers and customers directly related to ALD SA), and performing customer rating activities.
(vii) We use your personal information in order to keep business records for legal, administrative and auditing purposes. We also use the information for fulfilling the legal, insurance - and data processing-related requirements.
How do we process your sensitive personal data?
Article 6 of the LPPD provides that data revealing race, ethnic origin, political opinions, philosophical beliefs, religious beliefs, sects and other beliefs, appearance, membership to any association, foundation or union, health, sexual life, any conviction and security measures, biometric and genetic data are sensitive personal data and processing such data requires stricter protection.
We inform the Data Subjects during the acquisition of sensitive personal data in accordance with Article 10 of the LPPD. In this respect, we provide information on the identity of ALD Automotive and its representative, for which purposes sensitive personal data will be processed, to whom and for which purposes the processed sensitive personal data may be transferred, the method and legal cause of sensitive personal data collection, and the rights of the Data Subjects under Article 11 of the LPPD.
As a rule, we obtain the explicit consent of the Data Subjects for processing their sensitive personal data. The express consent of the Data Subjects is not deemed necessary in case of existence of any of the conditions set forth under Article 6/3 or Article 5/2 of the LPPD. We obtain the express consent of the Data Subjects if the activities carried out by our Company or the processes do not fall in this category. We provide the Data Subjects with the opportunity to declare their explicit consent on a particular subject at their free will and on an informed basis. However these conditions do not apply to the processing of personal data related to health and sexual life. We obtain the explicit consent of the Data Subjects in line with Article 6/3 of the LPPD in case of processing personal data related to health and sexual life.
We process sensitive personal data upon taking necessary measures, auditing our Company or having ourselves audited in accordance with the LPPD.
What kind of personal data do we collect?
We collect personal data of the following types:
- Identity and contact information: e.g. your name, last name, city, home phone/mobile phone number or e-mail address;
- Occupational information: e.g. your occupation and business address;
- Financial Information/Loan Information: e.g. Loan Acceptance Date or contract information;
- Information related to private life: e.g. your sex, birth date, nationality, languages or personal preferences (habits, your favorite car, etc.);
- Your voice: Your phone call may be recorded when you call ALD Automotive Customer Services;
- Driver data: e.g. your driver license number/copy or number of driver's license bearing employee code.
We may also collect information about you indirectly from our business partners or social media platforms.
We obtain your personal information either directly from you (for example when you create an account on one of our websites or purchase a product) or through passive means (using tracking instruments such as browsing cookies) or from third parties (using our social media platforms).
Cookies and other tracking instruments
We may collect certain information automatically using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons (e.g. Google Analytics) in order to improve your experience when you visit our websites or use our mobile applications.
If you use our websites, we may collect information from you about the browser you use and your browsing behavior.
If you use our mobile application, we may collect information about your GPS location subject to your approval when needed. In addition, we may also learn how frequent you use the application and where you downloaded it from.
If your company uses our car leasing services, we may collect information about vehicles (information such as vehicle license and vehicle's latest inspection) and drivers' conduct (e.g. average speed) in order to ensure that we provide you with car leasing services in accordance with the contract and to issue invoices to your and your company's name.
With whom do we share your personal information?
We understand that you do not want us to directly disclose your personal information to third parties for marketing purposes without your consent. However, we sometimes may have to use some partners or processors for the above-mentioned purposes in order to be able to offer you the required services and enhance your experience. Thus, we are trying to restrict the disclosure of your personal data to the following cases on a need-to-know basis:
- Information is shared with internal business departments for the purposes of sales, customer care/quality department, marketing, IT services and support and maintenance services. Information is also shared with other ALD Automotive entities included in the ALD Automotive Group, which are entitled to use your personal information in accordance with this Policy.
- Information is shared with the data storage servers located in France and the European Economic Area, and with our service providers such as call centers and data managers, and these service providers are reminded of the obligation to use your personal data only in accordance with our instructions.
- Information is shared with our independent marketing partners, provided that you give consent therefore.
- When it is necessary to sell or transfer company assets, information is shared for bankruptcy procedures, enforcing our rights and protecting our property, protecting others' rights, properties or safety, or supporting external audits, compliance and corporate governance audits.
- In addition, information is shared when required under the law such as the cases where a response is given to a notice or official order, including those received from the police departments and courts located in the countries where we operate.
Finally, we may always use or disclose personal information about you, in other words collective information about you which may not be specifically related to you.
How is your personal information transferred?
Some countries receiving your data or having access to these data may not have laws as stringent as the applicable data protection laws in the country where you provide the information. Please contact us through this e-mail address to learn the list of these countries: firstname.lastname@example.org.
In addition, we may also transfer your personal data to the service providers operating in the field of provision of call center services (which are located in countries like Brazil, Mexico, Turkey and Romania), and service providers providing data storage, maintenance and support services (which are located in India and United States), as well as the providers of other instruments used for the processing of the information of our customers or prospective customers.
Your information may be transferred to geographical partners located in Argentina, Australia, El Salvador, Honduras, Guatemala, New Zealand, Nicaragua, South Africa and United States with the aim of providing you with insurance service at global level.
When we transfer your information, we enter into data transfer agreements with these data recipients prepared on the basis of the standard clauses of the European Commission, and aim to safeguard the transfer of your personal data to the recipients in these countries.
Who are data recipients and what are the purposes of transfer?
We notify the Data Subject of the groups of people to which personal data are transferred in accordance with Article 10 of the LPPD. Transferees, the scope of the categories of these people and data transfer purposes are set forth below.
For how long do we keep personal data?
In line with the aforementioned purposes and conditions, our Company aims to retain personal data and sensitive personal data for durations limited to the terms required in the LPPD and the other applicable legislation.
If no term is specified in the legislation as to how long personal data should be retained, we process your personal data for durations required by the legislation for the practices, legal rights and obligations of our Company in relation to the services it provides while it processes such data, as well as the customary practices of commerce.
If the purpose of processing personal data has ceased to exist or if the retention period determined by the applicable legislation and the company has expired, we may retain personal data provided that it constitutes evidence for potential legal disputes or it is required for claiming the relevant right related to personal data or making the relevant defense. Retention periods are determined on the basis of prescription periods for claiming the relevant rights and the examples related to the claims raised against our Company previously with respect to the same issues despite the expiration of prescription periods. In this case, the retained personal data may not be accessed for any other purpose, and we may access the relevant personal data only when they are required with respect to the relevant legal dispute. We delete, destroy or anonymize personal data when the terms specified herein expire.
How is this Policy related to the other company documents?
The Policy is the main regulation governing the processing of personal data of our Company. The Policy has been issued in order to be implemented in accordance with the other policies, procedures and processes established by our Company for similar purposes. In case of any inconsistency between this Policy and the other policies or procedures prepared by our Company for similar purposes, the provisions of the Policy shall prevail as regards the processing of personal data.
ALD Automotive Turizm Ticaret A.Ş.
Kavacık Ticaret Merkezi, Rüzgarlıbahçe mah., Kavak Sok. No:18 Blok, Istanbul
Telephone: 444 88 30
What happens if we amend this Data Protection Policy?
Our Data Protection Policy may be amended from time to time depending on the changes in our methods used for the processing of personal data. However, these amendments shall be made in full compliance with the law. We recommend visiting this page regularly to reach the most current information about our confidentiality practices. We will keep you informed of any concrete changes made on the issue in the manner required by the law.