Corporate

Privacy Policy

As ASİS UK, we publish this document to explain how we process the personal data of our customers, candidates, website visitors and business partners in compliance with the Turkish Personal Data Protection Law No. 6698 (KVKK).

Last Updated: 22 May 2026

Data Controller

Within the meaning of Article 3 of the KVKK, the party processing your personal data in the capacity of 'data controller' is ASİS UK, whose contact details are listed below. You may reach us directly through these channels for any questions or requests about this Policy.

Trade Name: ASİS UK CORPORATE INSPECTION AND SURVEILLANCE LIMITED COMPANY
MERSIS Number: [to be filled]
Tax Office / Tax ID No: [to be filled]
Registered Office: Alaaddinbey Mah. 614. Sokak Unlu Plaza 2 No:12AB Nilüfer/Bursa
VERBIS Registry No: [to be filled]
Registered Email (KEP): [to be filled]
Information & Requests Email: info@asisuk.com.tr
Phone: +90 537 954 44 52

Categories of Personal Data We Process

Depending on the nature of the service and the type of relationship we have with you, we may process personal data in different categories. Each category is limited to the minimum information necessary for its purpose.

Identity Data: name, surname and, where legally required, Turkish ID / passport number
Contact Data: email address, phone, postal address and corporate contact information
Customer Transaction Data: quotation, contract, order and invoice history
Financial Data: bank account / IBAN and payment data — solely within the customer or supplier relationship
Professional Experience: CV, education, certificates and reference information — for personnel and candidate processes
Physical Premises Security: CCTV recordings for visitors to ASİS UK offices
Transaction Security: IP address, session logs and cookie data — for website visitors
Visual and Audio Recording: photos or video captured during field inspections — subject to contractual consent
Marketing Data: newsletter subscription and event participation records — only where you have provided explicit consent

Purposes of Processing

We process your personal data only for clear and legitimate purposes. Once the purpose is achieved or the legal retention period expires, we fulfil our obligation to delete, destroy or anonymise the data.

Provision of certification, inspection, testing and audit services
Establishment, performance and termination of contracts
Operation of quotation, order and invoicing processes
Fulfilment of legal obligations (tax, KVKK, accreditation)
Personnel and candidate selection and evaluation
Operation of the customer portal and digital certification ecosystem
Improvement of website performance and provision of technical support
Business development and limited marketing communication — only where you have given explicit consent

Legal Bases for Processing

We process your data on the following legal bases set out in Articles 5 and 6 of the KVKK. The applicable basis for each data category is determined according to the relevant processing activity.

Your explicit consent (KVKK Art. 5/1 and Art. 6/2)
Explicitly provided for by law (KVKK Art. 5/2-a)
Necessary for the establishment or performance of a contract (KVKK Art. 5/2-c)
Necessary to comply with a legal obligation (KVKK Art. 5/2-ç)
Necessary for the establishment, exercise or protection of a right (KVKK Art. 5/2-e)
Necessary for our legitimate interest, provided your fundamental rights and freedoms are not harmed (KVKK Art. 5/2-f)

Transfer of Personal Data

Your personal data may be transferred to the parties listed below, in accordance with Articles 8 and 9 of the KVKK and only to the extent required by the purposes set out in this Policy.

Accreditation and audit bodies — under our legal obligations
Authorised public institutions and agencies — upon request and within legal limits
External auditors, accountants and legal advisors we engage
IT infrastructure providers (cloud, email, customer portal services)
Business partners and third parties required by the contractual relationship

Transfers abroad are carried out only on the basis of your explicit consent or the exceptions set out in Article 9 of the KVKK. Additional technical and contractual safeguards are applied for servers located abroad operated by our cloud service providers.

Retention Periods

We retain your personal data only for the period required by the processing purpose, and in any case not exceeding the statute of limitations and retention periods set out in applicable legislation. At the end of the retention period, your data is deleted, destroyed or anonymised in accordance with Article 7 of the KVKK.

For data tied to customer contracts, the retention period is, as a rule, the 10-year general statute of limitations following termination of the contract. For audit and test records under accreditation scope, the retention periods determined by the relevant accreditation body apply.

Data Security Measures

We apply the following technical and administrative measures to protect your data against unauthorised access, loss, alteration or disclosure.

Role-based access control and least-privilege principle
TLS encryption in transit; encryption at rest for sensitive data
Multi-factor authentication on critical systems
Regular backup and disaster recovery procedures
Employee security awareness training and confidentiality agreements
Periodic independent audits and penetration tests
Incident response plan and data breach notification procedure

Your Rights as a Data Subject

Under Article 11 of the KVKK, you have the following rights as a data subject.

To learn whether your personal data is processed
To request information if your data has been processed
To learn the purpose of processing and whether the data is used in accordance with the stated purpose
To know the third parties — domestic or international — to whom the data is transferred
To request correction of incomplete or inaccurately processed data
To request deletion or destruction within the conditions set out in Article 7 of the KVKK
To request that correction, deletion or destruction requests be communicated to third parties to whom the data has been transferred
To object to outcomes that result against you from analysis carried out exclusively by automated systems
To claim compensation for damage suffered due to unlawful processing

How to Exercise Your Rights

You may exercise these rights by applying to our Company through the channels below. Your requests will be concluded within at most 30 days, in line with the Communiqué on the Procedures and Principles of Application to the Data Controller.

Written application with wet signature to our registered office address listed above
Application with secure electronic signature to our KEP (registered email) address
Application via an email address you have previously notified to us and that is registered in our system

Your application must include sufficient information to verify your identity, a description of your request, and any supporting documents. Our application form is available in the Forms section of our website.

Children's Data

ASİS UK does not knowingly collect personal data from individuals under the age of 18. If we determine that data belonging to a person under 18 has been inadvertently collected, we delete it immediately. If you believe data belonging to your child is held in our system, please notify us through any of the contact channels below.

Use of Cookies

We use cookies and similar tracking technologies on our website. For detailed information, please refer to our separately published Cookie Policy.

Policy Updates

This Privacy Policy may be updated in case of legislative changes, updates to our business processes, or changes in our service structure. The current version is always available on this page of our website. You may verify which version you are viewing by checking the 'Last Updated' date at the top of the page. In the event of significant changes, you will be notified separately.