Privacy Notice Under the General Data Protection Regulation (GDPR)
Data Controller:
Plyset
As Plyset (“Company”, “we”, “our”), we attach great importance to the protection of personal data. This Privacy Notice has been prepared in accordance with the General Data Protection Regulation (“GDPR”) to inform employee candidates, intern candidates, visitors, online visitors, customers, potential customers, supplier employees, and supplier representatives about how their personal data is collected, processed, stored, transferred, and protected.
1. Categories of Personal Data We Process and Purposes of Processing
1.1 Employee Candidates
Categories of Personal Data
- Identity information
- Contact information
- Employment and personnel information
- Professional experience information
- Health information
- Reference information
- Physical security and CCTV records
Purposes of Processing
- Managing recruitment and application processes
- Conducting communication activities
- Planning and managing human resources processes
- Ensuring physical premises security
1.2 Intern Candidates
Categories of Personal Data
- Identity information
- Contact information
- Employment and personnel information
- Professional experience information
- Health information
- Reference information
- Physical security and CCTV records
Purposes of Processing
- Managing internship application processes
- Conducting communication activities
- Planning human resources processes
- Ensuring physical premises security
1.3 Visitors
Categories of Personal Data
- Identity information
- Physical security information
Purposes of Processing
- Creating and monitoring visitor records
- Ensuring physical premises security
1.4 Online Visitors
Categories of Personal Data
- Identity information
- Contact information
- Transaction security information
- Website usage information (cookies, IP logs, browser information)
Purposes of Processing
- Compliance with legal obligations
- Information security management
- Managing requests and complaints
- Website functionality and analytics
1.5 Customers
Categories of Personal Data
- Identity information
- Contact information
- Customer transaction information
- Financial information
- Marketing information
- Physical security information
Purposes of Processing
- Compliance with legal obligations
- Finance and accounting operations
- Conducting and auditing business activities
- Logistics and operational management
- Sales and after-sales support services
- Contract management
- Marketing and market analysis activities
- Informing authorized institutions and authorities
- Ensuring physical premises security
1.6 Potential Customers
Categories of Personal Data
- Identity information
- Contact information
- Customer transaction information
- Physical security information
Purposes of Processing
- Sales and business development activities
- Contract negotiations and processes
- Ensuring physical premises security
1.7 Supplier Employees
Categories of Personal Data
- Identity information
- Contact information
- Personnel information
- Professional experience information
- Health information
- Physical security information
Purposes of Processing
- Information security management
- Communication activities
- Conducting and auditing business operations
- Occupational health and safety compliance
- Ensuring physical premises security
1.8 Supplier Representatives
Categories of Personal Data
- Identity information
- Contact information
- Customer transaction information
- Financial information
- Marketing information
- Physical security information
Purposes of Processing
- Conducting and auditing business operations
- Procurement and supply management
- Finance and accounting operations
- Contract management
- Investment and business development activities
- After-sales support services
- Ensuring physical premises security
2. Legal Basis for Processing Personal Data
We process personal data based on one or more of the following legal grounds under Article 6 of the GDPR:
- Performance of a contract or steps prior to entering into a contract
- Compliance with legal obligations
- Legitimate interests pursued by the Company, provided such interests do not override the rights and freedoms of the data subject
- Explicit consent where required
- Establishment, exercise, or defense of legal claims
- Compliance with employment and social security obligations
Special categories of personal data, including health data, are processed only where permitted under Article 9 GDPR and subject to appropriate safeguards.
3. Methods of Collecting Personal Data
Your personal data may be collected through:
- Application forms
- Employment contracts and other agreements
- Visitor registration forms
- Résumés and recruitment platforms
- CCTV and access control systems
- Corporate IT systems and electronic devices
- Email communications
- Our website and online forms
- Public authorities and recruitment agencies
- Third-party service providers
- Information directly provided by the data subject
4. Sharing and Disclosure of Personal Data
Your personal data may be shared, where necessary and proportionate, with:
- Authorized public institutions and regulatory authorities
- Courts and judicial authorities
- Legal advisors and external law firms
- Banks and financial advisors
- Suppliers, logistics providers, and courier companies
- Group companies and affiliated entities
- Occupational health and safety service providers
- IT and infrastructure service providers
All transfers are carried out in accordance with GDPR requirements and appropriate technical and organizational safeguards.
5. International Transfers of Personal Data
Plyset does not intentionally transfer personal data outside the European Economic Area (“EEA”).
If international transfers become necessary in the future, such transfers will only occur in compliance with GDPR requirements and with appropriate safeguards, including adequacy decisions, Standard Contractual Clauses (SCCs), or other lawful transfer mechanisms.
6. Data Retention Periods
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, reporting, and regulatory obligations.
Retention periods are determined based on:
- Applicable legal requirements
- Contractual obligations
- Statutory limitation periods
- Legitimate business needs
After the relevant retention period expires, personal data is securely deleted, destroyed, or anonymized.
7. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
- Right to access your personal data
- Right to rectification of inaccurate or incomplete data
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right not to be subject to automated decision-making, including profiling
- Right to withdraw consent at any time where processing is based on consent
- Right to lodge a complaint with a supervisory authority
8. How to Exercise Your Rights
You may submit your requests regarding your personal data rights by contacting us at:
Email:
Requests will be evaluated and responded to in accordance with applicable GDPR requirements.
9. Security Measures
Plyset implements appropriate technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include:
- Access control systems
- Data encryption
- Network and system security
- Regular security assessments
- Employee confidentiality obligations
- Restricted access policies
- Physical security controls
10. Updates to This Privacy Notice
Plyset reserves the right to update or amend this Privacy Notice at any time to reflect changes in legal, regulatory, or operational requirements. Updated versions will be published through appropriate communication channels.