D ET VE ET ÜRÜNLERİ GIDA PAZARLAMA TİCARET ANONİM ŞİRKETİ

İNTERNET SİTESİ AYDINLATMA METNİ

1. KİŞİSEL VERİLERİN KORUNMASINA İLİŞKİN BİLGİLENDİRME

D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. (“Şirket” veya “Nusr-Et”) tarafından toplanan ve işlenen kişisel veriler, veri sorumlusu sıfatını haiz Şirket’in koruması altındadır. Kişisel veriler, Şirket tarafından işbu Aydınlatma Metni kapsamında 6698 sayılı Kişisel Verilerin Korunması Kanunu (“KVKK”), ikincil düzenlemeler ve kişisel verilerin korunmasına ilişkin sair mevzuata uygun olarak işlenmektedir. Veri sorumlusu olarak, kişisel verilerinizin gizliliğini ve güvenliğini sağlamayı taahhüt etmekteyiz.

KVKK uyarınca kişisel veriler, kimliğinizi belirli ya da belirlenebilir kılan her türlü bilgi anlamına gelmektedir. Şirket tarafından işlenen kişisel verileriniz, bunların işlenme amaçları, aktarılabileceği alıcı grupları, toplanma yöntemi, hukuki sebebi ve söz konusu kişisel verilere ilişkin haklarınız aşağıda açıklanmaktadır.

İşbu Aydınlatma Metni, www.nusr-et.com.tr adresinden ulaşabileceğiniz internet sitemizi, çevrimiçi ziyaretçi, müşteri, potansiyel müşteri ve çalışan adayı olarak ziyaret ettiğinizde, gerçekleştirdiğiniz işlemle bağlantılı olarak topladığımız, kullandığımız ve işlediğimiz kişisel verileriniz için geçerlidir.

2. KİŞİSEL VERİLERİNİZİN TOPLANMA YÖNTEMLERİ

Nusr-Et olarak kişisel verilerinizi farklı kaynaklardan elde etmekteyiz. Kişisel verilerinizin toplanma yöntemleri aşağıdaki tabloda açıklanmaktadır.

Kişisel Verilerin Toplanma Yöntemleri

Doğrudan İlgili Kişi Aracılığıyla

Elektronik Cihaz veya Tarayıcı Aracılığıyla

Kişisel verileriniz doğrudan sizlerden elde edilebilmektedir. (Örneğin, e-posta posta adresinizi iletişim kurmak amacıyla bizlerle paylaşmak isteminiz veya internet sitemizde sunulan herhangi bir hizmete abone olmak istemeniz halinde kişisel verilerinizi işlemekteyiz.

İnternet sitemizi ziyaret etmeniz halinde, bağlandığınız elektronik cihaz veya tarayıcı aracılığıyla kişisel verilerinizi elde edebilmekteyiz.

3. NUSR-ET TARAFINDAN İŞLENMEKTE OLAN KİŞİSEL VERİLERİNİZ, HUKUKİ SEBEPLER VE İŞLENME AMAÇLARI

Kişisel verilerinizi farklı şekillerde işleyebiliriz. Her durumda, kişisel verilerinizi KVKK, ikincil düzenlemeler ve kişisel verilerin korunmasına ilişkin sair mevzuata uygun şekilde korumayı taahhüt etmekteyiz. Aşağıda listelenen ilgili kişi gruplarının her birinde, kişisel verilerinizi nasıl elde ettiğimizi ve bunları nasıl ele aldığımızı açıklamaktayız.

3.1 Çevrimiçi Ziyaretçiler

3.2 Çalışan Adayları

3.3 Potansiyel Müşteri

3.4 Müşteri

3.1. ÇEVRİMİÇİ ZİYARETÇİLER

İnternet sitemizi ziyaret etmeniz halinde işlediğimiz kişisel verileriniz, kişisel verilerinizin işlenme amaçları ve hukuki sebepler aşağıda açıklanmıştır.

Kişisel Veriler

Kişisel Veri Kategorisi

Kişisel Veri İşlenme Amaçları

Hukuki Sebep

• IP adresi bilgileri,

• İnternet sitesi giriş-çıkış bilgileri,

• Log kayıtları.

• İşlem Güvenliği Bilgileri

• 5651 Sayılı Kanun’dan doğan yükümlülüklerin yerine getirilmesi

• Kanunlarda açıkça öngörülmesi

• Ad, soyadı,

• Adres,

• E-posta adresi.

• Kimlik Bilgileri

• İletişim Bilgileri

• Sizlerden gelen talep ve şikâyetlerin değerlendirilerek çözüme kavuşturulması

• Meşru menfaat

• Çerez verileri (daha fazla bilgi için lütfen Çerez Politikamızı inceleyin.)

• Teknik Veriler

• Web sitesi kullanıcılarının tercihlerini hatırlamak

• Pazarlama ve Reklamcılık

• Açık rıza

• Ad, soyadı,

• Cep telefonu numarası

• Ses kaydı.

• Kimlik Bilgileri

• İletişim Bilgileri

• Ses Kaydı Bilgileri

• Çağrı merkezi hizmetinin sağlanarak ilgili kişilerin bilgilendirilmesi, aramanın teyidi, müşteri memnuniyetinin sağlanması, taleplerin yanıtlanması amaçlarıyla kişisel veriler işlenmekte olup, ileride doğabilecek olan uyuşmazlıklarda delil olarak kullanılabilmesi için saklanmaktadır.

• Meşru menfaat

• Bir hakkın tesisi, kullanılması veya korunması için veri işlemenin zorunlu olması

• Bir sözleşmenin kurulması veya ifasıyla doğrudan doğruya ilgili olması kaydıyla sözleşmenin taraflarına ait kişisel verilerin işlenmesinin gerekli olması

3.2. ÇALIŞAN ADAYLARI

İnternet sitemizde ilan edilen pozisyonlar için iş başvurusunda bulunmanız halinde, başvurunuzun değerlendirilmesi amacıyla ilgili kişisel veriler işlenmektedir.

Kişisel Veriler

Kişisel Veri Kategorisi

Kişisel Veri İşlenme Amaçları

Hukuki Sebep

• Ad, soyad,

• Doğum tarihi,

• Doğum yeri,

• Uyruk,

• Medeni durumu,

• Adres,

• Email adresi,

• Cep telefonu numarası

• Fotoğraf

• CV,

• Eğitim geçmişi,

• Performans ve kariyer gelişimi bilgileri.

• Kimlik Bilgileri

• İletişim Bilgileri

• Görsel Kayıtlar

• Performans ve Eğitimle İlgili Bilgiler

• Talep edilen pozisyona uygunluğun değerlendirilmesi.

• İş başvurusunun sonuçlandırılarak tarafınıza gerekli bilgilendirmenin yapılması.

• Bir sözleşmenin kurulması veya ifasıyla doğrudan doğruya ilgili olması kaydıyla sözleşmenin taraflarına ait kişisel verilerin işlenmesinin gerekli olması

• Ad, soyad,

• Doğum tarihi,

• Doğum yeri,

• Uyruk,

• Medeni durumu,

• Adres,

• Email adresi,

• Cep telefonu numarası

• Fotoğraf

• CV,

• Eğitim geçmişi,

• Performans ve kariyer gelişimi bilgileri

• Kimlik Bilgileri

• İletişim Bilgileri

• Görsel Kayıtlar

• Performans ve Eğitimle İlgili Bilgiler

• Oluşabilecek uygun pozisyonlar için çalışan adaylarının kişisel verilerinin saklanması

• Açık rıza

3.3. POTANSİYEL MÜŞTERİ

Potansiyel müşterilerimize ait işleyebileceğimiz kişisel verilerin neler olduğu, işlenme amaçları ve hukuki sebepler aşağıdaki tabloda açıklanmaktadır.

Kişisel Veriler

Kişisel Veri Kategorisi

Kişisel Veri İşlenme Amaçları

Hukuki Sebep

• Ad, soyad,

• E-posta adresi

• Cep telefonu numarası

• Kimlik Bilgileri

• İletişim Bilgileri

• Kişisel verileriniz, rezervasyonunuzun tamamlanması ve yönetilmesi amacıyla işlenmektedir.

• Bir sözleşmenin kurulması veya ifasıyla doğrudan doğruya ilgili olması kaydıyla sözleşmenin taraflarına ait kişisel verilerin işlenmesinin gerekli olması

• Ad, soyad,

• E-posta adresi

• Cep telefonu numarası

• Anket verileri

• Satın alma geçmişi,

• Çerez verileri

• Kimlik Bilgileri

• İletişim Bilgileri

• Pazarlama Verileri

• Teknik Veri

• Müşterilerimizin en iyi deneyimi yaşamaları ve müşterilerimizin en iyi şekilde ürün ve hizmetlerimizden faydalanabilmesi için analiz ve pazarlama çalışmalarının gerçekleştirilmesi

• Açık rıza

3.4. MÜŞTERİ

Şirketimiz tarafından sunulan ürün veya hizmetlerden sizleri faydalandırmak için çalışmaların yapılması ve ticari faaliyetlerin gerçekleştirilmesi kapsamında, kişisel verileriniz aşağıda belirtilen amaçlar ve hukuki sebepler ile işlenebilecektir.

Kişisel Veriler

Kişisel Veri Kategorisi

Kişisel Veri İşlenme Amaçları

Hukuki Sebep

• Ad, soyad,

• E-posta adresi

• Cep telefonu numarası

• Kimlik Bilgileri

• İletişim Bilgileri

• Kişisel verileriniz, rezervasyonunuzun tamamlanması ve yönetilmesi amacıyla işlenmektedir.

• Bir sözleşmenin kurulması veya ifasıyla doğrudan doğruya ilgili olması kaydıyla sözleşmenin taraflarına ait kişisel verilerin işlenmesinin gerekli olması

• Anket verileri

• Satın alma geçmişi,

• Çerez verileri

• Pazarlama Verileri

• Teknik Veri

• Müşterilerimizin en iyi deneyimi yaşamaları ve müşterilerimizin en iyi şekilde ürün ve hizmetlerimizden faydalanabilmesi için analiz ve pazarlama çalışmalarının gerçekleştirilmesi

• Açık rıza

• Beslenme/diyet tercihleri

• Sağlık Verisi

• İlgili kişiye uygun ürünlerin sunulması için beslenme/diyet tercihlerine ilişkin sağlık verileri işlenmektedir.

• Açık rıza

4. KİŞİSEL VERİLERİNİZİN ÜÇÜNCÜ KİŞİLERE AKTARILMASI

Kişisel verileriniz, KVKK’nın kişisel verilerin aktarılmasına ilişkin hükümleri kapsamında işbu Aydınlatma Metni’nin 3. bölümünde yer alan amaçların gerektirdiği ölçüde; ilgili mevzuat gereği talep edilmesi halinde yurt içindeki adli makamlar veya kolluk kuvvetleri ile paylaşılabilecektir.

Özgür iradenizle açık rıza verdiğiniz takdirde, kişisel verileriniz pazarlama faaliyetlerinin yürütülmesi kapsamında veri zenginleştirme, kişiselleştirilmiş reklam amacıyla grup şirketlerimiz, iş ortaklarımız ve tedarikçilerimiz ile paylaşılabilecektir. Nusr-Et iştiraklerinin yurt dışında yerleşik olması halinde, bu tür aktarımlar için KVKK’nın 9. maddesi kapsamında açık rızanızın varlığına ihtiyaç duyulmaktadır. Açık rızanızın mevcut olmaması veya başkaca bir yasal aktarım mekanizmasına başvurulmaması halinde, kişisel verileriniz yurt dışına aktarılmayacaktır.

5. DİĞER İNTERNET SİTELERİNE BAĞLANTILAR

İnternet sitemiz, ilgilendiğiniz diğer internet sitelerini kolayca ziyaret etmenizi sağlayacak bağlantılar içerebilir. Ancak, internet sitemizden ayrılmak için bu bağlantıları kullandıktan sonra, diğer internet sitesi üzerinde herhangi bir kontrolümüz olmadığını belirtmek isteriz. Bu nedenle, diğer internet sitelerini ziyaret ederken sağladığınız bilgilerin korunmasından ve gizliliğinden sorumlu olmayız ve bu tür internet siteleri aracılığıyla kişisel verilerinizin işlenmesi işbu Aydınlatma Metnine tabi değildir.

6. KİŞİSEL VERİLERİNİZİN KORUNMASINA YÖNELİK HAKLARINIZ

Bu Aydınlatma Metni’nin “İletişim” bölümünde yer alan yöntemlerle Şirket e başvurarak,

Ø Kişisel verilerinizin işlenip işlenmediğini öğrenme,

Ø İşlenmişse buna ilişkin bilgi talep etme,

Ø Kişisel verilerinizin işlenme amacını ve bunların amacına uygun kullanılıp kullanılmadığını öğrenme,

Ø Yurt içinde veya yurt dışında aktarıldığı üçüncü kişileri bilme,

Ø Kişisel verilerin eksik veya yanlış işlenmiş olması halinde bunların düzeltilmesini isteme,

Ø KVKK’da öngörülen şartlar çerçevesinde kişisel verilerinizin silinmesini veya yok edilmesini isteme,

Ø Yukarıda belirtilen düzeltme, silinme ve yok edilme şeklindeki haklarınız uyarınca yapılan işlemlerin, kişisel verilerin aktarıldığı üçüncü kişilere bildirilmesini isteme,

Ø İşlenen kişisel verilerinizin münhasıran otomatik sistemler ile analiz edilmesi sureti ile aleyhinize bir sonucun ortaya çıkmasına itiraz etme,

Ø Kişisel verilerinizin ilgili mevzuata aykırı olarak işlenmesi sebebiyle zarara uğramanız hâlinde zararınızın giderilmesini talep etme haklarına sahipsiniz.

7. HAK VE TALEPLERİNİZ İÇİN İLETİŞİM

Kişisel verilerinizle ilgili sorularınızı ve taleplerinizi, Veri Sorumlusuna Başvuru Usul ve Esasları hakkında Tebliğ’de belirtilen şartlara uygun düzenlenmiş dilekçeyle Dikilitaş Mahallesi Üzengi Sokak No:8/1 Beşiktaş İstanbul adresine kimlik tespiti yapılmak suretiyle bizzat elden iletebilir ya da noter kanalıyla ulaştırabilirsiniz. Bunun yanında detveeturunleri@hs03.kep.tr kayıtlı elektronik posta (KEP) adresine, güvenli elektronik imza ve mobil imza ya da tarafınızca Şirket’e daha önce bildirilen ve tarafımızca teyit edilmiş olan Şirket sistemindeki elektronik posta adresini kullanmak suretiyle kisiselverilerim@nusr-et.com.tr elektronik posta adresine iletebilirsiniz.

8. AYDINLATMA METNİ HAKKINDA

Bu Aydınlatma Metni Şirket tarafından yayımlandığı tarih itibariyle geçerli olacaktır. Şirket, bu Aydınlatma Metni’nde, gerekli olduğu takdirde, her zaman değişiklik yapabilir. Şirket tarafından yapılacak değişiklikler, Aydınlatma Metni’ninwww.nusr-et.com.tr adresinde yayımlanmasıyla birlikte geçerlilik kazanır.

ΔΗΛΩΣΗ ΠΡΟΣΤΑΣΙΑΣ ΔΕΔΟΜΕΝΩΝ

1. ΠΟΙΟΣ ΕΙΝΑΙ Ο ΥΠΕΥΘΥΝΟΣ ΕΠΕΞΕΡΓΑΣΙΑΣ ΔΕΔΟΜΕΝΩΝ;

Η παρούσα είναι μια κοινή δήλωση προστασίας δεδομένων που παρέχεται από την D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. ("D Et") [Κρέας D και Προϊόντα Κρέατος Εμπόριο Τροφίμων A.E] και την Nusret Mykonos Restaurant Bar SA ("Nusr-Et Mykonos") [Nusret Μύκονος Εστιατόριο Μπαρ Α.Ε.] σύμφωνα με τον Γενικό Κανονισμό για την Προστασία Δεδομένων (ΕΕ) 2016/679 και τον ελληνικό νόμο 4624/2019 (εφεξής "Νομοθεσία για την Προστασία Δεδομένων"), και όταν αναφερόμαστε σε "Nusr-et" ή "εμείς" ή "μας" εννοούμε και τους δύο μας. Επιβεβαιώνεται ότι η D Et και η Nusr-Et Mykonos καθορίζουν από κοινού τους σκοπούς και τα μέσα επεξεργασίας των προσωπικών σας δεδομένων ως από κοινού υπεύθυνοι επεξεργασίας. Αυτό σημαίνει ότι και οι δύο επιχειρήσεις εργάζονται από κοινού για να αποφασίσουν το γιατί και το πώς τα προσωπικά σας δεδομένα υποβάλλονται σε επεξεργασία μέσω του ιστότοπου για τους σκοπούς που αναφέρονται στην παρούσα Δήλωση Προστασίας Δεδομένων.

Δεσμευόμαστε να προστατεύουμε το απόρρητο και την ασφάλεια των προσωπικών σας δεδομένων ως υπεύθυνοι επεξεργασίας. Ως εκ τούτου, δεσμευόμαστε να διασφαλίσουμε ότι η διαχείριση των προσωπικών σας δεδομένων γίνεται σύμφωνα με τις αρχές που ορίζονται στη νομοθεσία περί προστασίας δεδομένων. Η παρούσα Δήλωση Προστασίας Δεδομένων εξηγεί πώς συλλέγουμε, χρησιμοποιούμε, γνωστοποιούμε, διατηρούμε και προστατεύουμε τα προσωπικά σας δεδομένα.

2. ΠΟΤΕ ΙΣΧΥΕΙ Η ΠΑΡΟΥΣΑ ΑΝΑΚΟΙΝΩΣΗ ΠΡΟΣΤΑΣΙΑΣ ΔΕΔΟΜΕΝΩΝ;

Η παρούσα Δήλωση Προστασίας Δεδομένων ισχύει για τα προσωπικά σας δεδομένα που συλλέγουμε, χρησιμοποιούμε και επεξεργαζόμαστε σε σχέση με τη συναλλαγή που πραγματοποιείτε όταν επισκέπτεστε την ιστοσελίδα μας www.nusr-et.com.tr ως επισκέπτης της ιστοσελίδας, υποψήφιος για εργασία, πελάτης ή δυνητικός πελάτης.

3. ΠΩΣ ΣΥΛΛΕΓΟΥΜΕ ΤΑ ΠΡΟΣΩΠΙΚΑ ΔΕΔΟΜΕΝΑ;

Ενδέχεται να λάβουμε τα προσωπικά σας δεδομένα από τις ακόλουθες πηγές:

α) απευθείας από εσάς (για παράδειγμα, κατά τη στιγμή της εγγραφής σε οποιαδήποτε υπηρεσία που προσφέρεται στον ιστότοπό μας ή της αίτησης αγαθών ή υπηρεσιών),

ή/και


β) από τη συσκευή ή το πρόγραμμα περιήγησής σας.

Εάν επικοινωνήσετε μαζί μας, ενδέχεται να διατηρήσουμε αρχείο αυτής της αλληλογραφίας.

4. ΚΑΤΗΓΟΡΙΕΣ ΔΕΔΟΜΕΝΩΝ ΠΡΟΣΩΠΙΚΟΥ ΧΑΡΑΚΤΗΡΑ ΚΑΙ ΣΚΟΠΟΙ ΚΑΙ ΝΟΜΙΜΗ ΒΑΣΗ ΓΙΑ ΤΗΝ ΕΠΕΞΕΡΓΑΣΙΑ

Ενδέχεται να επεξεργαστούμε τα προσωπικά σας δεδομένα με διάφορους τρόπους. Σε όλες τις περιπτώσεις δεσμευόμαστε να προστατεύουμε τα προσωπικά σας δεδομένα. Σε καθένα από τα υποκεφάλαια που παρατίθενται παρακάτω, περιγράφουμε τον τρόπο με τον οποίο λαμβάνουμε τα προσωπικά σας δεδομένα και τον τρόπο με τον οποίο τα επεξεργαζόμαστε.

4.1. ΕΠΙΣΚΕΠΤΕΣ ΤΗΣ ΙΣΤΟΣΕΛΙΔΑΣ

Ενδέχεται να συλλέγουμε προσωπικά δεδομένα σχετικά με τους επισκέπτες της ιστοσελίδας.

4.1.1. Προσωπικά δεδομένα που συλλέγουμε και επεξεργαζόμαστε

Κατηγορία προσωπικών δεδομένων

Προσωπικά δεδομένα

Προσωπικά δεδομένα αναγνώρισης

Όνομα, επώνυμο, ημερομηνία γέννησης (βάσει της συγκατάθεσής σας)

Δεδομένα στοιχείων επικοινωνίας

Διεύθυνση ηλεκτρονικού ταχυδρομείου (βάσει της συγκατάθεσής σας)

Τεχνικά δεδομένα

Διεύθυνση IP, δεδομένα cookie (για περισσότερες πληροφορίες ανατρέξτε στην Πολιτική Cookie)

4.1.2. Γιατί συλλέγουμε τα προσωπικά σας δεδομένα και ποιες είναι οι νόμιμες βάσεις μας γι' αυτά;

Σκοπός της επεξεργασίας δεδομένων

Νόμιμη βάση

Παροχή των υπηρεσιών του ιστοτόπου μας στους χρήστες του ιστοτόπου

Νόμιμο συμφέρον

Απομνημόνευση των προτιμήσεων των χρηστών του ιστότοπου

Η εκ των προτέρων συγκατάθεσή σας

Μάρκετινγκ και διαφήμιση

Η εκ των προτέρων συγκατάθεσή σας

Για να πραγματοποιήσουμε διαδικασίες ενίσχυσης δεδομένων για αποτελεσματικότερες δραστηριότητες μάρκετινγκ και να αποθηκεύσουμε τα δεδομένα σας στο cloud

Η εκ των προτέρων συγκατάθεσή σας

Για την παροχή υπηρεσιών εξατομικευμένης διαφήμισης και την αποθήκευση των δεδομένων σας στο cloud.

Η εκ των προτέρων συγκατάθεσή σας

4.1.3. Πόσο καιρό διατηρούμε τα προσωπικά σας δεδομένα;

Διατηρούμε τα προσωπικά σας δεδομένα μόνο για όσο χρονικό διάστημα είναι απαραίτητο για τους σκοπούς για τους οποίους συλλέχθηκαν σε σχέση με τα αιτήματά σας μέσω του ιστότοπού μας ή τη χρήση του ιστότοπού μας από εσάς.


4.2. ΥΠΟΨΗΦΙΟΙ ΓΙΑ ΕΡΓΑΣΙΑ

Ενδέχεται να συλλέγουμε δεδομένα προσωπικού χαρακτήρα που σχετίζονται με αιτούντες για θέσεις εργασίας που προκηρύσσονται στην ιστοσελίδα μας.

4.2.1. Προσωπικά δεδομένα που συλλέγουμε και επεξεργαζόμαστε

Κατηγορία προσωπικών δεδομένων

Προσωπικά δεδομένα

Προσωπικά δεδομένα ταυτοποίησης

Όνομα, επώνυμο, ημερομηνία γέννησης, τόπος γέννησης, εθνικότητα, οικογενειακή κατάσταση,

Δεδομένα στοιχείων επικοινωνίας

Διεύθυνση, διεύθυνση ηλεκτρονικού ταχυδρομείου, αριθμός κινητού τηλεφώνου

Στοιχεία σχετικά με την επαγγελματική εμπειρία

Βιογραφικό σημείωμα, εκπαίδευση, πληροφορίες σχετικά με τις επιδόσεις και την εξέλιξη της σταδιοδρομίας

Οπτικά και ηχητικά αρχεία

Φωνητικά αρχεία, βίντεο, φωτογραφία

4.2.2. Γιατί συλλέγουμε τα προσωπικά σας δεδομένα και ποιες είναι οι νόμιμες βάσεις μας γι' αυτά;

Σκοπός της επεξεργασίας δεδομένων

Νόμιμη βάση

Αξιολόγηση της καταλληλότητάς σας για μια θέση για την οποία έχετε υποβάλει αίτηση και για να μας βοηθήσετε να αναπτύξουμε και να βελτιώσουμε τη διαδικασία πρόσληψής

Εκτέλεση σύμβασης μαζί σας ή να λάβουμε μέτρα κατόπιν αιτήματός σας, πριν από τη σύναψη σύμβασης

Αποθήκευση δεδομένων υποψηφίων

Η εκ των προτέρων συγκατάθεσή σας

4.2.3. Πόσον καιρό διατηρούμε τα προσωπικά σας δεδομένα;

Διατηρούμε και επεξεργαζόμαστε τα Προσωπικά σας Δεδομένα μόνο για όσο χρονικό διάστημα είναι απαραίτητο για τους σκοπούς για τους οποίους συλλέχθηκαν. Εάν επιτύχετε και σας προσλάβουμε, θα διατηρήσουμε το βιογραφικό σας σημείωμα ως μέρος του φακέλου των εργοδοτών σας για τη διάρκεια της απασχόλησής σας σε εμάς. Θα διατηρήσουμε τα βιογραφικά σημειώματα και τα έγγραφα που υποβάλλουν οι ανεπιτυχείς υποψήφιοι για διάστημα όχι μεγαλύτερο των 2 ετών, εκτός εάν έχουμε λάβει τη συγκατάθεσή τους να τα διατηρήσουμε για μεγαλύτερο χρονικό διάστημα.

4.3. ΠΕΛΑΤΗΣ

Ενδέχεται να συλλέγουμε προσωπικά δεδομένα που σχετίζονται με τους υφιστάμενους πελάτες μας.

4.3.1. Προσωπικά δεδομένα που συλλέγουμε και επεξεργαζόμαστε

Κατηγορία προσωπικών δεδομένων

Προσωπικά δεδομένα

Προσωπικά δεδομένα αναγνώρισης

Όνομα, επώνυμο, ημερομηνία γέννησης

Δεδομένα στοιχείων επικοινωνίας

Διεύθυνση, διεύθυνση ηλεκτρονικού ταχυδρομείου, αριθμός κινητού τηλεφώνου

Στοιχεία πελάτη

Στοιχεία παραγγελίας, στοιχεία αιτήματος/υποδείξεων/οδηγιών

Δεδομένα μάρκετινγκ

Δεδομένα έρευνας (έρευνα αγοράς κ.λπ.), δεδομένα συμπεριφοράς (για σκοπούς μάρκετινγκ), ιστορικό αγορών, δεδομένα cookie (για περισσότερες πληροφορίες ανατρέξτε στην Πολιτική μας για τα Cookie), δεδομένα που σχετίζονται με εκστρατείες μάρκετινγκ

Σε περίπτωση που τα δεδομένα υγείας, τα οποία θεωρούνται ευαίσθητα δεδομένα προσωπικού χαρακτήρα, κοινοποιούνται από εσάς κατά τη διάρκεια των δραστηριοτήτων επεξεργασίας μας, η επεξεργασία τους θα γίνεται βάσει της νομικής βάσης της ρητής συγκατάθεσής σας, προκειμένου να αξιολογηθούν τα αιτήματά σας. Εκτός από τα προαναφερθέντα δεδομένα, δεν επεξεργάζεται κανένα προσωπικό δεδομένο εκτός από αυτά που μας παρέχετε οικειοθελώς κατά τη διάρκεια των υπηρεσιών μας.

4.3.2. Γιατί συλλέγουμε τα προσωπικά σας δεδομένα και ποιες είναι οι νόμιμες βάσεις μας γι' αυτά;

Σκοπός της επεξεργασίας δεδομένων

Νόμιμη βάση

Παροχή των προϊόντων ή των υπηρεσιών μας σε εσάς (για παράδειγμα, για να κλείσετε τραπέζι στα εστιατόριά μας)

Εκτέλεση σύμβασης

Σκοποί μάρκετινγκ

Η εκ των προτέρων συγκατάθεσή σας

Για τη διενέργεια διαδικασιών εμπλουτισμού δεδομένων για αποτελεσματικότερες δραστηριότητες μάρκετινγκ και την αποθήκευση των δεδομένων σας στο cloud

Η εκ των προτέρων συγκατάθεσή σας

Για την παροχή υπηρεσιών εξατομικευμένης διαφήμισης και την αποθήκευση των δεδομένων σας στο cloud.

Η εκ των προτέρων συγκατάθεσή σας

4.3.3. Πόσο καιρό διατηρούμε τα προσωπικά σας δεδομένα;

Επεξεργαζόμαστε τα προσωπικά σας δεδομένα μόνο για όσο χρονικό διάστημα είναι απαραίτητο για τους σκοπούς για τους οποίους συλλέχθηκαν σε σχέση με την παροχή υπηρεσιών προς εσάς, εκτός εάν έχουμε νομικό δικαίωμα ή υποχρέωση να διατηρήσουμε τα δεδομένα για μεγαλύτερο χρονικό διάστημα ή τα δεδομένα είναι απαραίτητα για τη θεμελίωση, άσκηση ή υπεράσπιση νομικών αξιώσεων.

4.4. ΔΥΝΗΤΙΚΟΣ ΚΑΤΑΝΑΛΩΤΗΣ

Ενδέχεται να συλλέγουμε δεδομένα προσωπικού χαρακτήρα που αφορούν δυνητικούς πελάτες.

4.4.1. Προσωπικά δεδομένα που συλλέγουμε και επεξεργαζόμαστε

Κατηγορία προσωπικών δεδομένων

Προσωπικά δεδομένα

Προσωπικά δεδομένα αναγνώρισης

Όνομα, επώνυμο

Δεδομένα στοιχείων επικοινωνίας

Αριθμός κινητού τηλεφώνου, διεύθυνση ηλεκτρονικού ταχυδρομείου

4.4.2. Γιατί συλλέγουμε τα προσωπικά σας δεδομένα και ποιες είναι οι νόμιμες βάσεις μας γι' αυτά;

Σκοπός της επεξεργασίας δεδομένων

Νόμιμη βάση

Πραγματοποίηση κράτησης

Εκτέλεση σύμβασης μαζί σας ή λήψη μέτρων κατόπιν αιτήματός σας, πριν από τη σύναψη σύμβασης

Για να πραγματοποιήσουμε διαδικασίες εμπλουτισμού δεδομένων για αποτελεσματικότερες δραστηριότητες μάρκετινγκ και να αποθηκεύσουμε τα δεδομένα σας στο cloud

Η εκ των προτέρων συγκατάθεσή σας

Για την παροχή υπηρεσιών εξατομικευμένης διαφήμισης και την αποθήκευση των δεδομένων σας στο cloud.

Η εκ των προτέρων συγκατάθεσή σας

4.4.3. Πόσον καιρό διατηρούμε τα προσωπικά σας δεδομένα;

Επεξεργαζόμαστε τα προσωπικά σας δεδομένα μόνο για όσο χρονικό διάστημα είναι απαραίτητο για τους σκοπούς για τους οποίους συλλέχθηκαν σε σχέση με την παροχή υπηρεσιών προς εσάς, εκτός εάν έχουμε νομικό δικαίωμα ή υποχρέωση να διατηρήσουμε τα δεδομένα για μεγαλύτερο χρονικό διάστημα ή τα δεδομένα είναι απαραίτητα για τη θεμελίωση, άσκηση ή υπεράσπιση νομικών αξιώσεων.

5. ΜΕ ΠΟΙΟΥΣ ΜΟΙΡΑΖΟΜΑΣΤΕ ΤΑ ΠΡΟΣΩΠΙΚΑ ΣΑΣ ΔΕΔΟΜΕΝΑ;

Συνεργάτες

Ενδέχεται να μοιραστούμε τα προσωπικά σας δεδομένα με- τις θυγατρικές εταιρείες D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. (Κρέας D και Προϊόντα Κρέατος Εμπόριο Τροφίμων A.E) και Meng Unlu Mamüller Gıda Sanayi ve Ticaret A.Ş. (Προϊόντα αρτοποιΐας Meng Βιομηχανία και Εμπόριο Τροφίμων Α.Ε.):

Για τη χρήση της ίδιας διαχείρισης επισκεπτών, των συστημάτων πληροφορικής και την ανταλλαγή δραστηριοτήτων ανθρώπινου δυναμικού, για την παροχή εξατομικευμένης διαφήμισης και υπηρεσιών εμπλουτισμού δεδομένων. Οι εν λόγω διαβιβάσεις διέπονται από συμφωνίες μεταξύ των θυγατρικών εταιρειών για την προστασία, την ακεραιότητα και την εμπιστευτικότητα των προσωπικών δεδομένων που συνάδουν με τη νομοθεσία περί προστασίας δεδομένων.

Πάροχοι υπηρεσιών

Ενδέχεται να γνωστοποιήσουμε πληροφορίες σχετικά με εσάς σε οργανισμούς που μας παρέχουν υπηρεσίες, διασφαλίζοντας ότι δεσμεύονται συμβατικά να τηρούν εμπιστευτικά τα προσωπικά σας δεδομένα και ότι θα συμμορφώνονται με τη Νομοθεσία Περί Προστασίας Δεδομένων και άλλους σχετικούς νόμους περί προστασίας δεδομένων.

Ενδέχεται να μοιραστούμε τις πληροφορίες σας με τους ακόλουθους τύπους παρόχων υπηρεσιών:

α) παρόχους τεχνικής υποστήριξης που μας βοηθούν για τον ιστότοπό μας και την υποδομή πληροφορικής,

β) τρίτους παρόχους λογισμικού, όπου ο πάροχος φιλοξενεί τα σχετικά προσωπικά δεδομένα για λογαριασμό μας,

γ) επαγγελματίες συμβούλους, όπως δικηγόρους, λογιστές, φορολογικούς συμβούλους, ελεγκτές και μεσίτες ασφαλίσεων,

δ) παρόχους που μας βοηθούν να παράγουμε και να συγκεντρώνουμε κριτικές σε σχέση με τα αγαθά και τις υπηρεσίες μας,

ε) τις διαφημιστικές και προωθητικές εταιρείες και τους συμβούλους μας και τους οργανισμούς ή τις διαδικτυακές πλατφόρμες που επιλέγουμε για να διεξάγουν εκστρατείες μάρκετινγκ για λογαριασμό μας (για παράδειγμα, Facebook, Google, Instagram) ή/και

στ) τους παρόχους υπηρεσιών που μας βοηθούν στην παροχή των υπηρεσιών μας.

Φορείς επιβολής του νόμου ή κυβερνητικοί φορείς

Ενδέχεται να αποκαλύψουμε τα προσωπικά σας δεδομένα όπως επιτρέπεται από το νόμο, προκειμένου να διερευνήσουμε, να αποτρέψουμε ή να αναλάβουμε δράση σχετικά με παράνομες δραστηριότητες, υποψίες απάτης, παραβίαση των δικαιωμάτων πνευματικής ιδιοκτησίας μας, καταστάσεις που ενέχουν πιθανές απειλές για τη σωματική ασφάλεια οποιουδήποτε προσώπου, παραβίαση των Όρων και Προϋποθέσεων ή άλλων συμφωνιών μας ή όπως απαιτείται από τον νόμο.

6.ΔΙΑΒΙΒΑΣΕΙΣ ΔΕΔΟΜΕΝΩΝ ΠΡΟΣΩΠΙΚΟΥ ΧΑΡΑΚΤΗΡΑ ΕΚΤΟΣ ΤΗΣ ΕΕ/ΤΟΥ ΕΥΡΩΠΑΪΚΟΥ ΟΙΚΟΝΟΜΙΚΟΥ ΧΩΡΟΥ

Μοιραζόμαστε δεδομένα προσωπικού χαρακτήρα με εξωτερικούς πωλητές ή παρόχους υπηρεσιών ή προμηθευτές τους οποίους προσλαμβάνουμε για την εκτέλεση υπηρεσιών ή λειτουργιών για λογαριασμό μας και υπό τις οδηγίες μας. Όταν οι εν λόγω προμηθευτές βρίσκονται εντός της ΕΕ, διασφαλίζουμε ότι δεσμεύονται με συμβόλαιο να συμμορφώνονται με τους κανόνες προστασίας δεδομένων της ΕΕ.  Εξασφαλίζουμε, επίσης, στις συμβάσεις μας με τους εν λόγω οργανισμούς ότι επεξεργάζονται προσωπικά δεδομένα μόνο σύμφωνα με τις οδηγίες μας και προκειμένου να παρέχουν τις συμφωνημένες υπηρεσίες και να προστατεύουν την ακεραιότητα και την εμπιστευτικότητα των προσωπικών σας δεδομένων που τους έχουν εμπιστευτεί.

Ορισμένοι από τους πωλητές/πάροχους υπηρεσιών που αναθέτουμε και τις θυγατρικές της Nusr-et βρίσκονται εκτός του Ευρωπαϊκού Οικονομικού Χώρου. Σε περίπτωση που η Επιτροπή της ΕΕ δεν τους αναγνωρίζει ως τοποθεσίες που παρέχουν επαρκή προστασία των προσωπικών δεδομένων, υπογράφουμε την εγκεκριμένη από την Επιτροπή της ΕΕ σύμβαση (τις λεγόμενες Τυποποιημένες Συμβατικές Ρήτρες) για την προστασία των δεδομένων σας ή, όπου είναι απαραίτητο, λαμβάνουμε τη συγκατάθεσή σας, όπως απαιτείται από τη νομοθεσία περί προστασίας δεδομένων, ώστε να μπορούμε να κάνουμε νόμιμα διαβιβάσεις.

7. ΣΥΝΔΕΣΜΟΙ  ΜΕ ΑΛΛΕΣ ΙΣΤΟΣΕΛΙΔΕΣ

Ο ιστότοπός μας μπορεί να περιέχει συνδέσμους για να μπορείτε να επισκέπτεστε εύκολα άλλους ιστότοπους που σας ενδιαφέρουν. Ωστόσο, μόλις χρησιμοποιήσετε αυτούς τους συνδέσμους για να εγκαταλείψετε τον ιστότοπό μας, θα πρέπει να έχετε υπόψη ότι δεν έχουμε κανέναν έλεγχο στους εν λόγω ιστότοπους. Ως εκ τούτου, δεν μπορούμε να είμαστε υπεύθυνοι για την προστασία και το απόρρητο των πληροφοριών που παρέχετε κατά την επίσκεψή σας σε τέτοιους ιστότοπους και οι ιστότοποι αυτοί δεν διέπονται από την παρούσα Δήλωση Προστασίας Δεδομένων. Η Nusr-et έχει παρουσία στα μέσα κοινωνικής δικτύωσης (Facebook, Twitter, YouTube κ.λπ.) και μπορείτε να αλληλεπιδράσετε μαζί μας μέσω των υφιστάμενων λογαριασμών σας στα μέσα κοινωνικής δικτύωσης και των σχετικών πολιτικών απορρήτου τους.

8. ΤΑ ΔΙΚΑΙΩΜΑΤΑ ΠΡΟΣΤΑΣΙΑΣ ΤΩΝ ΔΕΔΟΜΕΝΩΝ ΣΑΣ

Έχετε τα ακόλουθα δικαιώματα σε σχέση με τα προσωπικά σας δεδομένα σύμφωνα με τις διατάξεις της νομοθεσίας περί προστασίας δεδομένων:

Ø  Δικαίωμα ενημέρωσης: οι οργανισμοί πρέπει να ενημερώνουν τα άτομα για το ποια δεδομένα τους συλλέγονται, πώς χρησιμοποιούνται, για πόσο καιρό θα διατηρηθούν και αν θα κοινοποιηθούν σε τρίτους.

Ø  Δικαίωμα πρόσβασης: τα άτομα έχουν το δικαίωμα να ζητήσουν αντίγραφο των πληροφοριών που κατέχει ένας οργανισμός για αυτά.

Ø  Δικαίωμα διόρθωσης: τα άτομα έχουν το δικαίωμα να διορθώνουν ανακριβή ή ελλιπή δεδομένα.

Ø  Δικαίωμα διαγραφής και δικαίωμα στη λήθη: σε ορισμένες περιπτώσεις, τα άτομα μπορούν να ζητήσουν από τους οργανισμούς να διαγράψουν τα προσωπικά δεδομένα που έχουν αποθηκευτεί για αυτά, συμπεριλαμβανομένου του Διαδικτύου.

Ø  Δικαίωμα φορητότητας: τα άτομα μπορούν να ζητήσουν από τον οργανισμό να μεταφέρει τα δεδομένα που κατέχει γι' αυτά σε άλλη εταιρεία.

Ø  Δικαίωμα περιορισμού της επεξεργασίας: τα άτομα μπορούν να ζητήσουν από έναν οργανισμό να περιορίσει τον τρόπο με τον οποίο χρησιμοποιεί τα δεδομένα προσωπικού χαρακτήρα.

Ø  Δικαίωμα αντίρρησης: τα άτομα έχουν το δικαίωμα να αμφισβητήσουν ορισμένους τύπους επεξεργασίας, όπως η άμεση εμπορική προώθηση.

Ø  Δικαιώματα που σχετίζονται με την αυτοματοποιημένη λήψη αποφάσεων, συμπεριλαμβανομένης της κατάρτισης προφίλ: τα άτομα μπορούν να ζητήσουν από τους οργανισμούς να τους παρέχουν αντίγραφο των αυτοματοποιημένων δραστηριοτήτων τους, εάν πιστεύουν ότι τα δεδομένα υποβάλλονται σε παράνομη επεξεργασία. Θα πρέπει επίσης να υπενθυμίζετε στα άτομα ότι είναι ελεύθερα να ασκούν τα δικαιώματά τους και να τους εξηγείτε πώς μπορούν να το κάνουν αυτό.

9. ΠΩΣ ΜΠΟΡΕΙΤΕ ΝΑ ΑΝΑΚΑΛΕΣΕΤΕ ΤΗ ΣΥΓΚΑΤΑΘΕΣΗ ΣΑΣ;

Εάν συναινείτε στην επεξεργασία των προσωπικών σας δεδομένων, λάβετε υπόψη ότι μπορείτε να ανακαλέσετε τη συγκατάθεσή σας αυτή ανά πάσα στιγμή. Για να ανακαλέσετε τη συγκατάθεση, παρακαλούμε επικοινωνήστε με τη διεύθυνση privacy@nusr-et.com.tr.  Λάβετε υπόψη ότι η συγκατάθεσή σας μπορεί να ανακληθεί μόνο για μελλοντικές δραστηριότητες επεξεργασίας και μια τέτοια ανάκληση δεν επηρεάζει τη νομιμότητα παρελθουσών δραστηριοτήτων επεξεργασίας. Σε ορισμένες περιπτώσεις, ενδέχεται να έχουμε το δικαίωμα, παρά την ανάκλησή σας, να συνεχίσουμε να επεξεργαζόμαστε τα προσωπικά σας δεδομένα βάσει διαφορετικής νομικής βάσης.

10.       ΕΠΙΚΑΙΡΟΠΟΙΗΣΗ ΤΗΣ ΠΑΡΟΥΣΑΣ ΔΗΛΩΣΗΣ ΠΡΟΣΤΑΣΙΑΣ ΔΕΔΟΜΕΝΩΝ

Διατηρούμε το δικαίωμα να ενημερώσουμε την παρούσα Δήλωση Προστασίας Δεδομένων ανά πάσα στιγμή. Θα σας ενημερώνουμε για τις αλλαγές δημοσιεύοντας την ενημερωμένη έκδοση της Δήλωσης Προστασίας Δεδομένων στη διεύθυνση www.nusr-et.com.tr. Δεσμευόμαστε να προστατεύουμε και να σεβόμαστε τα προσωπικά σας δεδομένα και θα συνεχίσουμε να το πράττουμε σε κάθε μελλοντική αλλαγή που θα κάνουμε στην παρούσα Δήλωση Προστασίας Δεδομένων.

11.       ΠΩΣ ΜΠΟΡΕΙΤΕ ΝΑ ΕΡΘΕΤΕ ΣΕ ΕΠΑΦΗ ΜΑΖΙ ΜΑΣ ΚΑΙ ΠΩΣ ΜΠΟΡΕΙΤΕ ΝΑ ΑΣΚΗΣΕΤΕ ΤΑ ΝΟΜΙΜΑ ΔΙΚΑΙΩΜΑΤΑ ΣΑΣ;

Εάν έχετε οποιαδήποτε ερώτηση σχετικά με τη Δήλωση Προστασίας Δεδομένων μας , ή εάν θέλετε να υποβάλλετε καταγγελία σχετικά με πιθανή παραβίαση προσωπικών δεδομένων ή να ασκήσετε ένα από τα δικαιώματα προστασίας δεδομένων σας, παρακαλούμε επικοινωνήστε μαζί μας όπως περιγράφεται παρακάτω.

Επικοινωνήστε μαζί μας,

Διεύθυνση ηλεκτρονικού ταχυδρομείου της εταιρείας: privacy@nusr-et.com.tr.

Εάν έχετε οποιαδήποτε ανησυχία σχετικά με τον τρόπο με τον οποίο επεξεργαζόμαστε τα προσωπικά σας δεδομένα, μπορείτε να επικοινωνήσετε με τον υπεύθυνο προστασίας δεδομένων μας, ο οποίος θα διερευνήσει το θέμα και θα επικοινωνήσει με εσάς, στέλνοντας ένα μήνυμα ηλεκτρονικού ταχυδρομείου στη διεύθυνση privacy@nusr-et.com.tr.

Εάν εξακολουθείτε να μην είστε ικανοποιημένοι μετά την απάντησή μας ή πιστεύετε ότι δεν χρησιμοποιούμε τα προσωπικά σας δεδομένα σύμφωνα με τον νόμο, έχετε επίσης το δικαίωμα να κάνετε καταγγελία στη ρυθμιστική αρχή προστασίας δεδομένων της χώρας όπου ζείτε ή εργάζεστε.

DATA PROTECTION NOTICE

1. WHO IS THE DATA CONTROLLER?

This is a joint Data Protection Notice provided by D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. (“D Et”) and Nusret Mykonos Restaurant Bar SA (“Nusr-Et Mykonos”) pursuant to the General Data Protection Regulation (EU) 2016/679 and the Greek Law 4624/2019 (hereinafter referred to as “Data Protection Legislation”), and when we refer to “Nusr-et” or “we” or “us” we mean the two of us. It confirms that D Et and the Nusr-Et Mykonos jointly determine the purposes and means of processing of your personal data as joint controllers. This means that both businesses work together to decide why and how your personal data is processed via website for the purposes stated in this Data Protection Notice.

We are committed to protecting the privacy and security of your personal data as data controllers. Therefore, we are committed to ensuring that your personal data is handled in accordance with the principles set out in the Data Protection Legislation. This Data Protection Notice explains how we collect, use, disclose, retain and protect your personal data.

2. WHEN DOES THIS DATA PROTECTION NOTICE APPLY?

This Data Protection Notice applies to your personal data that we collect, use and process in connection with the transaction you take when you visit our website www.nusr-et.com.tr as a website visitor, job applicants, customer or potential customer.

3. HOW DO WE COLLECT PERSONAL DATA?

We may obtain your personal data from the following sources:

a) from you directly (for example, at the time of subscribing to any services offered on our website or requesting goods or services);

and/or

b) from your device or browser.

If you contact us, we may keep a record of that correspondence.

4. CATEGORIES OF PERSONAL DATA AND PURPOSES AND LAWFUL BASIS FOR PROCESSING

We may process your personal data in different ways. In all cases we are committed to protecting your personal data. In each of the subheadings listed below, we describe how we obtain your personal data and how we treat it.

4.1. WEB SITE VISITORS

We may collect personal data related to web site visitors.

4.1.1. Personal data that we collect and process

Category of Personal Data

Personal Data

Personal identification data

First name, last name, date of birth (based on your consent)

Contact information data

E-mail address (based on your consent)

Technical data

IP address, cookie data (for more information please see our Cookie Polic[EY1] y)

4.1.2. Why do we collect your personal data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Provide our website services to website users

Legitimate Interest

Remembering website users’ preferences

Your prior consent

Marketing and advertising

Your prior consent

To carry data enrichment processes for more effective marketing activities and store your data in cloud

Your prior consent

To provide Personalized Advertising Services and store your data in cloud.

Your prior consent

4.1.3. How long do we keep your personal data?

We will keep your personal data only for as long as is necessary for the purposes for which it was collected in connection with your requests via our website or your use of our website.

4.2. JOB APPLICANTS

We may collect personal data related to job applicants for positions advertised on our website.

4.2.1. Personal data that we collect and process

Category of Personal Data

Personal Data

Personal identification data

First name, last name, date of birth, place of birth, nationality, marital status,

Contact information data

Address, email address, cell phone number

Information relating to professional backround

Curriculum Vitae, educational background, performance and career development information

Visual and Audio Records

Voice records, video records, photograph

4.2.2. Why do we collect your personal data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Assess your suitability for a role you have applied for and to help us develop and improve our recruitment process

Performance of a contract with you or to take steps at your request, before entering a contract

Storage of candidates’ data

Your prior consent

4.2.3. How long do we keep your personal data?

We will keep and process your Personal Data only for as long as is necessary for the purposes for which it was collected. If you are successful and we hire you, we will keep your CV as part of your employee record for the duration of your employment with us. We will keep CVs and documents submitted by unsuccessful candidates for no longer than 2 years, unless we obtained their consent to keep it for longer.

4.3. CUSTOMER

We may collect personal data related to our existing customers.

4.3.1. Personal data that we collect and process

Category of Personal Data

Personal Data

Personal identification data

First name, last name, date of birth

Contact information data

Address, email address, cell phone number

Customer information

Order information, request/compliant/instructions information

Marketing data

Survey data (market research etc.), behavioral data (for marketing purposes), purchase history, cookie data (for more information please see our Cookie Policy[EY2][GD3] ), data related to marketing campaigns

In case the health data, which is considered sensitive personal data, is shared by you during our processing activities, it shall be processed on the legal basis of your explicit consent, in order to evaluate your requests. Apart from the aforementioned data, no personal data is processed except for the ones you voluntarily provide us during our services.

4.3.2. Why do we collect your personal data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Provide you with our products or services (for example, to book a table at our restaurants)

Performance of a contract

Marketing purposes

Your prior consent

To carry data enrichment processes for more effective marketing activities and store your data in cloud

Your prior consent

To provide Personalized Advertising Services and store your data in cloud.

Your prior consent

4.3.3. How long do we keep your personal data?

We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

4.4. POTENTIAL COSTUMER

We may collect personal data related to potential customers.

4.4.1. Personal data that we collect and process

Category of Personal Data

Personal Data

Personal identification data

First name, last name

Contact information data

Cell phone number, email address

4.4.2. Why do we collect your personal data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Make a booking

Performance of a contract with you or to take steps at your request, before entering a contract

To carry data enrichment processes for more effective marketing activities and store your data in cloud

Your prior consent

To provide Personalized Advertising Services and store your data in cloud.

Your prior consent

4.4.3. How long do we keep your personal data?

We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

5. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

Affiliates

We may share your personal data with; affiliates D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. and Meng Unlu Mamüller Gıda Sanayi ve Ticaret A.Ş.;

To use the same guest management, IT systems and share human resources activities; to provide personalized advertising and data enrichment services. Such transfers are governed by Data Protection Legislation compliant agreements between the affiliates for the protection, integrity and confidentiality of personal data.

Service Providers

We may disclose information about you to organisations that provide a service to us, ensuring that they are contractually obligated to keep your personal data confidential and will comply with the Data Protection Legislation and other relevant data protection laws.

We may share your information with the following types of service providers:

a) technical support providers who assist with our website and IT infrastructure,

b) third party software providers, where the provider hosts the relevant personal data on our behalf;

c) professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;

d) providers that help us generate and collate reviews in relation to our goods and services;

e) our advertising and promotional agencies and consultants and those organisations or online platforms selected by us to carry out marketing campaigns on our behalf (for example, Facebook, Google, Instagram); and/or

f) service providers that assist us in providing our services.

Law Enforcement or Government Bodies

We may disclose your personal data as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.

6. TRANSFERS OF PERSONAL DATA OUTSIDE THE EU/EUROPEAN ECONOMIC AREA

We share personal data with external vendors or service providers or suppliers that we engage to perform services or functions on our behalf and under our instructions. Where these vendors are located within the EU, we ensure that they are contractually obligated to comply with the EU data protection rules. We also ensure in our contracts with these organisations that they only Process Personal Data in accordance with our instructions and in order to provide the agreed services and protect the integrity and confidentiality of your personal data entrusted to them.

Some of the vendors/service provider that we engage to and Nusr-et affiliates are located outside the European Economic Area. Where the EU Commission did not recognise them as locations providing adequate protection for personal data, we sign the EU Commission-approved contract (so called Standard Contractual Clauses) to protect your data or where necessary obtain your consent as required by Data Protection Legislation to be able to transfer lawfully

7. LINKS TO OTHER WEBSITES

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Data Protection Notice. Nusr-et has a presence on social media (Facebook, Twitter, YouTube etc.) and you can interact with us through your existing social media accounts and their relevant privacy policies.

8. YOUR DATA PROTECTION RIGHTS

You have the following rights in relation to your personal data in accordance with the provisions of Data Protection Legislation;

Ø Right to be informed: organisations must tell individuals what data of theirs is being collected, how it is being used, how long it will be kept and whether it will be shared with any third parties.

Ø Right of access: individuals have the right to request a copy of the information that an organisation holds on them.

Ø Right of rectification: individuals have the right to correct data that is inaccurate or incomplete.

Ø Right to erasure and right to be forgotten: in certain circumstances, individuals can ask organisations to erase any personal data that is stored on them, including the Internet.

Ø Right of portability: individuals can request that organisation transfer any data that it holds on them to another company.

Ø Right to restrict processing: individuals can request that an organisation limits the way it uses personal data.

Ø Right to object: individuals have the right to challenge certain types of processing, such as direct marketing.

Ø Rights related to automated decision-making including profiling: individuals can ask organisations to provide a copy of its automated processing activities if they believe the data is being processed unlawfully. You should also remind individuals that they are free to exercise their rights and explain how they can do this.

9. HOW CAN YOU WITHDRAW YOUR CONSENT?

If you consent to us processing your personal data, please note that you may withdraw this consent at any time. In order to withdraw the consent, please contact privacy@nusr-et.com.tr.  Please note that your consent can only be withdrawn for future processing activities and such a withdrawal does not have any influence on the lawfulness of past processing activities. In some cases, we may be entitled in spite of your withdrawal to continue to process your personal data on a different legal basis.

10. UPDATING THIS DATA PROTECTION NOTICE

We reserve the right to update this Data Protection Notice at any time. We will let you know about the changes by publishing the updated version of the Data Protection Notice on www.nusr-et.com.tr. We are committed to protecting and respecting your privacy and will continue to do so in any future changes we make to this Data Protection Notice.

11. HOW TO GET IN TOUCH WITH US AND HOW CAN YOU EXERCISE YOUR LEGAL RIGHTS?

If you have any questions about our Data Protection Notice , or if you would like to make a complaint about a possible breach of personal data or to exercise one of your data protection rights, please contact us as described below.

Contact us;

Company E-mail address: privacy@nusr-et.com.tr.

If you have any concerns about how we process your personal data, please feel free to contact our data protection officer, who will investigate the matter and make a comeback to you, by sending an email to privacy@nusr-et.com.tr

If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work.

DATA PROTECTION NOTICE

1. WHO IS THE DATA CONTROLLER?

This is a joint Data Protection Notice provided by D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. (“D Et”) and Nusret UK LTD. (“Nusret UK”) pursuant to the UK General Data Protection Regulation and Data Protection Act 2018 (“Data Protection Law”) and when we refer to “Nusr-et” or “we” or “us” we mean the two of us. It confirms that D Et and the Nusret UK jointly determine the purposes and means of processing of your personal data as joint controllers. This means that both businesses work together to decide why and how your personal data is processed via website for the purposes stated in this Data Protection Notice.

We are committed to protect the privacy and security of your personal data as a data controller. Therefore, we are committed to ensuring that your personal data is handled in accordance with the principles set out in the Data Protection Law. This Data Protection Notice explains how we collect, use, disclose, retain and protect your personal data.

2. WHEN DOES THIS DATA PROTECTION NOTICE APPLY?

This Data Protection Notice applies to your personal data that we collect, use and process in connection with the transaction you take when you visit our website www.nusr-et.com.tr as a website visitor, job applicants, customer or potential customer.

3. HOW DO WE COLLECT PERSONAL DATA?

We may obtain your personal data from the following sources:

a) from you directly: (for example, at the time of subscribing to any services offered on our website, including but not limited to email mailing lists, interactive services or requesting further goods or services);

and/or

b) from your device or browser: data that is automatically collected (which will vary depending

on your browser settings) by your browser or device, for example, the IP address of your internet

service provider, the operating system you use, the name and version of your internet browser.

The information provided by your browser does not identify you personally;

c) from correspondence with us (for example, by e-mail or any other digital or electronic form,

including social media).

If you contact us, we may keep a record of that correspondence.

4. CATEGORIES OF PERSONAL DATA AND PURPOSES AND LAWFUL BASIS FOR PROCESSING

We may process your personal data in different ways. In all cases we are committed to protecting your personal data. In each of the subheadings listed below, we describe how we obtain your personal data and how we treat it.

4.1. WEB SITE VISITORS

We may collect personal data related to web site visitors.

4.1.1. Personal data that we collect and process

Category of Personal Data

Personal Data

Personal Identification Data

First name, last name, date of birth

Contact Information Data

E-mail address

Technical Data

This is data about your computer hardware

and software that is automatically collected

by us such as; device type (eg mobile, computer, laptop, tablet), browser information (e.g. browser type, language and history), IP address, operating system, access times, settings and referring website addresses.

Marketing Data

Cookie data (for more information please see our Cookie Policy)

4.1.2. Why do we collect your personal data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Provide our website services to website users

Legitimate Interest

To comply with all applicable law and fulfil our obligations arising thereunder, including but not limited to keeping records/filing notifications as required under the law and to fulfil our obligations regarding keeping internet access data logs, and to communicate with relevant governmental authorities

To comply with legal obligations.

Monitor any external security threats to

our systems (such as hacks)

Legitimate Interest

Remembering website users’ preferences

Your prior consent

Marketing and advertising

Your prior consent

To carry data enrichment processes for more effective marketing activities

Your prior consent

To provide Personalized Advertising Services

Your prior consent

4.1.3. How long do we keep your personal data?

We will keep your personal data only for as long as is necessary for the purposes for which it was collected in connection with your requests via our website or your use of our website.

4.2. JOB APPLICANTS

We may collect personal data related to job applicants for positions advertised on our website.

4.2.1. Personal data that we collect and process

Category of Personal Data

Personal Data

Personal Identification Data:

Name, surname, date of birth, place of birth, ID number, marital status, nationality.

Contact Information Data:

Cell phone number, home phone number, personnel e-mail, address information.

Information relating to performance and training:

Curriculum Vitae, education information, certificate of employment records, work and performance details, professional and personal skills, interview and employment reviews.

Your Professional Experience:

Profession details, diploma information.

Visual and Audio Records

Photograph, visual records (video records), voice records.

Information Obtained from your Reference:

Reference complaint, feedback and appreciation.

Your Special Categories of Personal Data:

Personal health records and criminal record.

4.2.2. Why do we collect your personal data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Evaluation of your application

Performance of a contract with you or to take steps at your request, before entering a contract

Storage of candidates’ data for future openings

Your prior consent

Your prior consent for special categories of personal data

Execution of reference check

Company’s legitimate interest.

4.2.3. How long do we keep your personal data?

We will keep and process your Personal Data only for as long as is necessary for the purposes for which it was collected. If you are successful and we hire you, we will keep your CV as part of your employee record for the duration of your employment with us. We will keep CVs and documents submitted by unsuccessful candidates for no longer than 2 years, unless we obtained their consent to keep it for longer.

4.3. CUSTOMER

We may collect personal data related to our existing customers.

4.3.1. Personal data that we collect and process

Category of Personal Data

Personal Data

Personal Identification Data:

Name, surname, date of birth.

Contact Information Data:

Phone number, e-mail.

Customer Operation Details:

Customer complaint, request and appreciation, invoice details, order details, request details.

Marketing Information

Surveys, information that is obtained from campaign study.

Your Financial Information:

Card details

In case the health data, which is considered sensitive personal data, is shared by you during our processing activities, it shall be processed on the legal basis of your explicit consent, in order to evaluate your requests. Apart from the aforementioned data, no personal data is processed except for the ones you voluntarily provide us during our services.

4.3.2. Why do we collect your personal data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Conducting reservation process

Performance of a contract with you or to take steps at your request, before entering a contract.

Execution of request, complaint and satisfaction management processes

Company’s legitimate interest.

Execution of communication activities

Performance of a contract with you or to take steps at your request, before entering a contract.

Informing the law enforcement in case of crime or illegality

To comply with legal obligations.

To send updates about the Nusr-Et products and services by e-mail or SMS

Your prior consent.

To carry data enrichment processes for more effective marketing activities

Your prior consent

To provide Personalized Advertising Services

Your prior consent

4.3.3. How long do we keep your personal data?

We will Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment,

exercise or defence of legal claims.

4.4. POTENTIAL COSTUMER

We may collect personal data related to potential customers.

4.4.1. Personal data that we collect and process

Category of Personal Data

Personal Data

Personal identification data

First name, last name

Contact information data

Cell phone number, email address

4.4.2. Why do we collect your personal data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

To make a reservation

Performance of a contract with you or to take steps at your request, before entering a contract

To send updates about the Nusr-Et products and services by e-mail or SMS

Your prior consent.

To carry data enrichment processes for more effective marketing activities

Your prior consent

To provide Personalized Advertising Services

Your prior consent

4.4.3. How long do we keep your personal data?

We will process your personal data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

5. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

Affiliates

We may share your personal data with D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş to use the same guest management and IT systems; to provide personalized advertising and data enrichment services. Such transfers are governed by Data Protection Law compliant agreements between the affiliates for the protection, integrity and confidentiality of personal data.

Service Providers

We may disclose information about you to organisations that provide services for us, ensuring that they are contractually obligated to keep your personal data confidential and will comply with the Data Protection Law and other relevant data protection laws.

Ø We may share your information with the following types of service providers:

Ø technical support providers who assist with our servers and IT infrastructure,

Ø third party software providers, where the provider hosts the relevant personal data on our behalf;

Ø professional advisers including but not limited to solicitors, accountants, tax advisors, auditors and insurance brokers;

Ø service providers that assist us in providing our services.

Law Enforcement or Government Bodies

We may disclose your personal data as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of employment agreements, or as required by law.

6. TRANSFERS OF PERSONAL DATA OUTSIDE THE UK

We share personal data with external vendors or service providers or suppliers that we engage to perform services or functions on our behalf and under our instructions. Where these vendors are located within the UK, we ensure that they are contractually obligated to comply with the UK data protection rules. We also ensure in our contracts with these organisations that they only Process Personal Data in accordance with our instructions and in order to provide the agreed services and protect the integrity and confidentiality of your personal data entrusted to them.

We share personal data with the Nusr-Et busines partners and affiliates located outside the UK. Where these countries are not recognised as locations providing adequate protection for personal data, we sign the UK adjusted EU Commission-approved contract (so called Standard Contractual Clauses) to protect your data or where necessary obtain your consent as required by UK GDPR to be able to transfer lawfully.

7. LINKS TO OTHER WEBSITES

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Data Protection Notice. Nusr-et has a presence on social media (Facebook, Twitter, YouTube etc.) and you can interact with us through your existing social media accounts and their relevant privacy policies.

8. YOUR DATA PROTECTION RIGHTS

You have the following rights in relation to your personal data in accordance with the provisions of Section 3 of UK GDPR;

Ø Right to be informed: organisations must tell individuals what data of theirs is being collected, how it is being used, how long it will be kept and whether it will be shared with any third parties.

Ø Right of access: individuals have the right to request a copy of the information that an organisation holds on them.

Ø Right of rectification: individuals have the right to correct data that is inaccurate or incomplete.

Ø Right to erasure and right to be forgotten: in certain circumstances, individuals can ask organisations to erase any personal data that is stored on them, including the Internet.

Ø Right of portability: individuals can request that organisation transfer any data that it holds on them to another company.

Ø Right to restrict processing: individuals can request that an organisation limits the way it uses personal data.

Ø Right to object: individuals have the right to challenge certain types of processing, such as direct marketing.

Ø Rights related to automated decision-making including profiling: individuals can ask organisations to provide a copy of its automated processing activities if they believe the data is being processed unlawfully. You should also remind individuals that they are free to exercise their rights and explain how they can do this.

9. HOW CAN YOU WITHDRAW YOUR CONSENT?

If you consent to us processing your personal data, please note that you may withdraw this consent at any time. In order to withdraw the consent, please contact privacy@nusr-et.com.tr.Please note that your consent can only be withdrawn for future processing activities and such a withdrawal does not have any influence on the lawfulness of past processing activities. In some cases, we may be entitled in spite of your withdrawal to continue to process your personal data on a different legal basis.

10. UPDATING THIS DATA PROTECTION NOTICE

We reserve the right to update this Data Protection Notice at any time. We will let you know about the changes by publishing the updated version of the Data Protection Notice on www.nusr-et.com.tr We are committed to protecting and respecting your privacy and will continue to do so in any future changes we make to this Data Protection Notice.

11. HOW TO GET IN TOUCH WITH US AND HOW CAN YOU EXERCISE YOUR LEGAL RIGHTS?

If you have any questions about our Data Protection Notice , or if you would like to make a complaint about a possible breach of personal data or to exercise one of your data protection rights, please contact us as described below.

Contact us;

Company E-mail address: privacy@nusr-et.com.tr .

If you have any concerns about how we process your personal data, please feel free to contact our data protection officer, who will investigate the matter and make a comeback to you, by sending an email to privacy@nusr-et.com.tr.

If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work.

UAE DATA PROTECTION NOTICE

1. WHO IS THE DATA CONTROLLER?

Nusret Restaurant LLC and D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. (hereinafter also “Nusr-et”, “we”, “us”) wish to inform you below of how your personal data are Processed within the context of our website. We jointly determine themethod and criteria for Processing (as defined below) your Personal Data, for the purposes of certain activities that we undertake in the course of our business, which we have described below. This makes us “Controllers” under the UAE Federal Decree Law No. (45) of 2021 concerning the protection of personal data (the “DP Law”). We are, therefore, required to comply with the DP Law in how we perform this role. Since we perform this role together, we are joint Controllers. Reference in this notice to “Data Controller” refers to us as joint Controllers.

Any personal data (such as your name, voice, image, electronic identifier, identification number, location data, or one or more factors specific to your physical, physiological, economic, cultural or social identity and includes Sensitive Personal Data and Biometric data as those terms are defined in the DP Law) (“Personal Data”) Processed (as defined below) in connection with the activities described below in this Data Protection Notice must be Processed in accordance with the DP Law.

Where the DP Law is silent or a matter is deferred to the Executive Regulations of the DP Law (which are yet to be published), the UAE Federal Law No. (31) of 2021 Promulgating the Penal Code, and the UAE Federal Telecommunications Regulatory Authority’s Regulatory Policy on the Internet of Things issued on 22 March 2018, apply.

We are committed to protecting the privacy and security of your Personal Data as a Data Controller. Therefore, we are committed to ensuring that your Personal Data is handled lawfully, fairly and in a transparent manner in accordance with the principles set out in the UAE DP Laws. This Data Protection Notice explains how we will collect, use, disclose, retain and protect your Personal Data.

2. WHEN DOES THIS DATA PROTECTION NOTICE APPLY?

This Data Protection Notice applies to your Personal Data that we collect, use and Process in connection with the transaction you take when you visit our website www.nusr-et.com.tr as a website visitor, job applicant, customer or potential customer.

“Process” in the context of this Data Protection Notice means any operation or set of operations performed on Personal Data using any electronic means, including processing and other means. This processing includes collecting, storing, recording, organizing, adapting, modifying, circulating, altering, retrieving, exchanging, sharing, using, characterizing, disclosing Personal Data by broadcasting, transmitting, distributing, making available, coordinating, merging, restricting, blocking, erasing or destroying it or creating forms thereof.

3. HOW DO WE COLLECT PERSONAL DATA?

We may obtain your Personal Data from the following sources:

a) from you directly: for example, at the time of subscribing to, or registering for any services offered on our website, including but not limited to email mailing lists, using interactive services, downloading content, or requesting further goods or services);

b) from your device or browser: data that is automatically collected (which will vary depending on your browser settings) by your browser or device, for example, the IP address of your internet service provider, the operating system you use, the name and version of your internet browser. The information provided by your browser does not identify you personally.

c) from correspondence with us (for example, by e-mail or any other digital or electronic form, including social media).

4. CATEGORIES OF PERSONAL DATA AND PURPOSES AND LAWFUL BASIS FOR PROCESSING

We may Process your Personal Data in different ways. In all cases we are committed to protecting your Personal Data. In each of the subheadings listed below, we describe how we obtain your Personal Data and how we treat it.

4.1 Job Applicants

4.2 Customer

4.3 Potential Customer

4.1. JOB APPLICANTS

We may collect Personal Data related to job applicants for positions advertised on our website.

4.1.1. Personal Data that we collect and Process

Category of Personal Data

Personal Data

Identity Details:

Name, surname, date of birth, place of birth, ID number/tax number, nationality, driving license, marital status.

Contact Details:

Telephone number, e-mail address, address information.

Personnel information:

CV, work/performance details, payroll details, certificate of employment records, professional/personal skills, registration number.

Professional Experience:

Taken course details, vocational education details, certificates, profession details.

Visual and Audio Records:

Photograph, voice records, visual records (such as video records, etc.).

4.1.2. Why do we collect your Personal Data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Creating an Employee Candidate CV archive

Your prior consent.

Execution the Employee Candidate online application process

Your prior consent.

Performing Reference Check

Your prior consent.

Verification of training certificate records

Your prior consent.

4.1.3. How long do we keep your Personal Data?

We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected. If you are successful and we hire you, we will keep your CV as part of your employee record for the duration of your employment with us. We will keep CVs and documents submitted by unsuccessful candidates only if they consent to us doing so and only for a specified period of no longer than 6 months, unless we obtained their consent to keep it for longer.

4.2. CUSTOMER

We may collect Personal Data related to our existing customers.

4.2.1. Personal Data that we collect and Process

Category of Personal Data

Personal Data

Identity Details:

Name, surname, date of birth, ID number/ tax number, driving license, signature.

Contact Details:

Telephone number, e-mail address.

Personnel information:

Registration number, Education information, certificate of employment records, professional/personal skills.

Your Professional Experience:

Vocational education details, certificates, profession details.

Visual and Audio Records:

Photograph.

Vehicle Details:

License plate information.

Your Special Categories of Personal Data:

Personal health details, disability details.

4.2.2. Why do we collect your Personal Data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Opentable reservation process

Your prior consent.

Supplier, subcontractor, visitor OHS Basic Requirements Control

Mandatory requirements under Emirate decrees or laws and/ or Municipality regulations mandating the use of surveillance cameras in restaurants in the relevant Emirate.

Some of the information we collect (such as health information) under the heading of Special Categories of Personal Data may be deemed to fall within the definition of Sensitive Personal Data under the DP Law. These are Personal Data which are afforded additional legal protection due to the sensitive nature of such data. We shall not be prohibited from Processing such data for the specific purpose we have explained to you provided you explicitly consent to the same and we Process such data for a legitimate purpose and in a lawful manner.

4.2.3. How long do we keep your Personal Data?

We will Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

4.3. POTENTIAL CUSTOMER

We may collect Personal Data related to potential customers.

4.3.1. Personal Data that we collect and Process

Category of Personal Data

Personal Data

Identity Details:

Name, surname.

Contact Details:

Telephone number, e-mail address.

Your Special Categories of Personal Data:

Personal health details.

4.3.2. Why do we collect your Personal Data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Opentable Reservation Process

Your prior consent.

Some of the information we collect (such as health information) under the heading of Special Categories of Personal Data may be deemed to fall within the definition of Sensitive Personal Data under the DP Law. These are Personal Data which are afforded additional legal protection due to the sensitive nature of such data. We shall not be prohibited from Processing such data for the specific purpose we have explained to you provided you explicitly consent to the same and we Process such data for a legitimate purpose and in a lawful manner.

4.3.3. How long do we keep your Personal Data?

We will Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

5. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

In Sections 5 and 6 of this Website Data Protection Notice, the following words shall have the following meanings:-

Affiliate” means in relation to Nusret Restaurant LLC or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş, any other Person directly or indirectly controlling or controlled by or under direct or indirect common control with Nusret Restaurant LLC or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. For the purposes of this definition, “control” when used with respect to either Nusret Restaurant LLC or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş means the power to direct the management and policies of such Person, directly or indirectly, whether through the ownership of voting securities, by contract or otherwise; and the terms “controlling” and “controlled” have meanings correlative to the foregoing.

UAE MainlandAffiliate” means an Affiliate registered in the UAE mainland;

"Non-UAE Mainland Affiliate” means an Affiliate registered outside the UAE mainland; and

Person” means any natural person, corporation, limited liability company, trust, joint venture, association, company, partnership, governmental authority or other entity.

We do not sell your Personal Data to third parties.

We may share your Personal Data with Nusr-et’s UAE Mainland Affiliates and Non-UAE Mainland Affiliates because we share the same guest management and IT systems. Such transfers are governed by jurisdiction-compliant agreements between the Affiliates for the integrity and confidentiality of Personal Data.

Service Providers

We may disclose information about you to organisations that provide a service to us, ensuring that they are contractually obligated to keep your Personal Data confidential and will comply with the DP Law, GDPR, and any other relevant data protection laws.

We may share your information with the following types of service providers:

a) technical support providers who assist with our website and IT infrastructure,

b) third party software providers, where the provider hosts the relevant Personal Data on our behalf;

c) professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;

d) providers that help us generate and collate reviews in relation to our goods and services;

e) our advertising and promotional agencies and consultants and those organisations or online platforms selected by us to carry out marketing campaigns on our behalf (for example, Facebook, Google, Instagram);

f) service providers that assist us in providing our services; and/or

g) our business associates in the UAE mainland and outside the UAE mainland.

Law Enforcement or Government Bodies

We may disclose your Personal Data to the required authorities, as permitted by law, in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.

6. TRANSFERS OF PERSONAL DATA OUTSIDE THE UAE MAINLAND

We share Personal Data with external vendors or service providers or suppliers that we engage to perform services or functions on our behalf and under our instructions. Where these vendors are located within the UAE mainland (i.e. not within a free trade zone such as DIFC or ADGM), we ensure that they are contractually obligated to comply with the DP Law. Where they are located outside the UAE, we shall ensure that your Personal Data shall only be transferred to a jurisdiction outside the UAE mainland if that jurisdiction has proper levels of protection for that type of Personal Data, meaning it has personal data protection legislation which includes the most significant provisions, measures, controls, stipulations and rules relating to the protection of the privacy and confidentiality of a data subject’s Personal Data, and his/her ability to exercise their legal rights. We also ensure in our contracts with these organisations that they only Process your Personal Data fairly, lawfully and transparently, in accordance with our instructions, and in order to provide the agreed services and protect the integrity and confidentiality of your Personal Data entrusted to them.

7. LINKS TO OTHER WEBSITES

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Data Protection Notice. Nusr-et has a presence on social media (Facebook, Twitter, YouTube etc.) and you can interact with us through your existing social media accounts in accordance with their relevant privacy policies.

8. YOUR DATA PROTECTION RIGHTS

You have the following rights in relation to your Personal Data:-

Ø Right to receive information: Individuals have the right to request the information that an organisation holds on them, which includes what Personal Data of theirs is being collected, how it is being used, decisions made based on automated processing, the targeted sectors or establishments inside and outside the UAE with whom their Personal Data will be shared with, the controls and standards for the period of storage and preservation of their Personal Data, protection measures for cross-border Processing, actions to be taken in the event of a breach or misuse of their Personal Data, and how to submit complaints to the UAE Data Office (once it is established).

Ø Right to correction or erasure: Individuals have the right to correct data that is inaccurate or incomplete. In certain circumstances, individuals can ask organisations to erase any Personal Data that is stored with them

Ø Right to request transfer: Individuals have the right to receive their data provided to us in an orderly and machine-readable manner, whenever the Processing is based on their consent or necessary for the implementation of a contractual obligation and it is carried out by automated means. Individuals can also request that organisation transfer any data that it holds on them to another company, provided such transfer does not infringe the rights of any other individuals.

Ø Right to restrict Processing: Individuals can request that an organisation limits the use of and stops the Processing of their Personal Data.

Ø Right to stop Processing: Individuals have the right to object to certain types of Processing, such as direct marketing.

Ø Rights Processing and automated Processing including profiling: Individuals have the right to object to any decision based solely on automated Processing, including profiling, which produces legal consequences concerning him or other seriously impactful consequences and to require such decision to be reviewed manually.

Right to withdraw consent: Individuals may withdraw consent to the Processing of their Personal Data at any time by notifying us

9. HOW CAN YOU WITHDRAW YOUR CONSENT?

If you consent to us Processing your Personal Data, please note that you may withdraw this consent at any time. In order to withdraw the consent, please contact privacy@nusr-et.com.tr Please note that your consent can only be withdrawn for future Processing activities and such a withdrawal does not have any influence on the lawfulness of past Processing activities. In some cases, we may be entitled in spite of your withdrawal to continue to Process your Personal Data on a different legal basis.

10. UPDATING THIS DATA PROTECTION NOTICE

We reserve the right to update this Data Protection Notice at any time. We will let you know about the changes by publishing the updated version of the Data Protection Notice. We are committed to protecting and respecting your privacy and will continue to do so in any future changes we make to this Data Protection Notice.

11. HOW TO GET IN TOUCH WITH US AND HOW CAN YOU EXERCISE YOUR LEGAL RIGHTS?

If you have any questions about our Data Protection Notice , or if you would like to make a complaint about a possible breach of Personal Data or to exercise one of your data protection rights, please contact us as described below.

Contact us;

Company E-mail address: privacy@nusr-et.com.tr

If you have any concerns about how we Process your Personal Data, please feel free to contact our data protection officer, who will investigate the matter and come back to you, by sending an email to privacy@nusr-et.com.tr

If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work.

ADGM Data Protection Notice

1. WHO IS THE DATA CONTROLLER?

Nusret Galeria Restaurant Ltdand D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. (hereinafter also “Nusr-et”, “we”, “us”) wish to inform you below of how your personal data are Processed within the context of our website. We would be considered “Joint Controllers” per the definition in the ADGM Data Protection Regulations 2021. Reference in this notice to “Data Controller” refers to us collectively as “Joint Controllers”.

Any personal data such as your name, identification number, location data, an online identifier, or one or more factors specific to your biological, biometric, physiological, mental, genetic, economic, cultural or social identity (“Personal Data”) Processed in connection with this Data Protection Notice is controlled by Nusr-et, which is considered the “Data Controller” of your Personal Data under the ADGM Data Protection Regulations 2021 (“ADGM DPR”).

We are committed to protecting the privacy and security of your Personal Data as a Data Controller. Therefore, we are committed to ensuring that your Personal Data is handled lawfully, fairly and in a transparent manner in accordance with the principles set out in the ADGM DPR. This Data Protection Notice explains how we will collect, use, disclose, retain and protect your Personal Data.

2. WHEN DOES THIS DATA PROTECTION NOTICE APPLY?

This Data Protection Notice applies to your Personal Data that we collect, use and Process in connection with the transaction you take when you visit our website www.nusr-et.com.tr. as a website visitor, job applicant, customer or potential customer.

“Process” in the context of this Data Protection Notice means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration,

retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. HOW DO WE COLLECT PERSONAL DATA?

We may obtain your Personal Data from the following sources:

a) from you directly: for example, at the time of subscribing to, or registering for any services offered on our website, including but not limited to email mailing lists, using interactive services, downloading content, or requesting further goods or services;

b) from your device or browser: data that is automatically collected (which will vary depending on your browser settings) by your browser or device, for example, the IP address of your internet service provider, the operating system you use, the name and version of your internet browser. The information provided by your browser does not identify you personally;

c) from correspondence with us (for example, by e-mail or any other digital or electronic form, including social media).

4. CATEGORIES OF PERSONAL DATA AND PURPOSES AND LAWFUL BASIS FOR PROCESSING

We may Process your Personal Data in different ways. In all cases we are committed to protecting your Personal Data. In each of the subheadings listed below, we describe how we obtain your Personal Data and how we treat it.

4.1 Web Site Visitors

4.2 Job Applicants

4.3 Customer

4.4 Potential Customer

4.1. WEB SITE VISITORS

We may collect Personal Data related to web site visitors.

4.1.1. Personal Data that we collect and Process

Category of Personal Data

Personal Data

Personal identification data

First name, last name

Contact information data

Address, email address

Technical data

This is data about your computer hardware and software that is automatically collected by us and includes cookie data (for more information please see our Cookie Polic[EY1] y) device type (e.g. mobile, computer, laptop, tablet),  browser information (e.g. browser type, language and history), IP address, operating system, access times, settings and referring website addresses.

4.1.2. Why do we collect your Personal Data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Provide our website services to website users

Your prior consent (in accordance with Article 5(1)(a) of the ADGM DPR)

Remembering website users’ preferences

Your prior consent (in accordance with Article 5(1)(a) of the ADGM DPR)

Marketing and advertising

Your prior consent (in accordance with Article 5(1)(a) of the ADGM DPR)

Monitor any external security threats to

our systems (such as hacks)

Legitimate Interest (in accordance with Article 5(1)(f) of the ADGM DPR).

4.1.3. How long do we keep your Personal Data?

We will keep your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with your requests via our website or your use of our website.

4.2. JOB APPLICANTS

We may collect Personal Data related to job applicants for positions advertised on our website.

4.2.1. Personal Data that we collect and Process

Category of Personal Data

Personal Data

Identity Details:

Name, surname, date of birth, place of birth, ID number/tax number, nationality, driving license, marital status.

Contact Details:

Telephone number, e-mail address, address information.

Personnel information:

CV, work/performance details, professional/personal skills, registration number.

Professional Experience:

Taken course details, vocational education details, certificates, profession details.

Visual and Audio Records:

Photograph, voice records, visual records (such as video records, etc.).

4.2.2. Why do we collect your Personal Data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Creating an Employee Candidate CV archive

Your prior consent (in accordance with section 5(1)(a) of the ADGM DPR)

Some of the information we collect may be deemed to fall within the Special Categories of Personal Data (see above definition).

Execution of the Employee Candidate application process through the website

Performance of a contract with you or to take steps at your request, before entering a contract/ To comply with its legal obligations as employer (in accordance with sections 5(1)(b) and 5(1)(c) respectively of the ADGM DPR)

Performing Reference Check

Company’s legitimate interest. (in accordance with section 5(1)(f) of the ADGM DPR)

Verification of training certificate records

Company’s legitimate interest. (in accordance with section 5(1)(f) of the ADGM DPR)

4.2.3. How long do we keep your Personal Data?

We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected. If you are successful and we hire you, we will keep your CV as part of your employee record for the duration of your employment with us. We will keep CVs and documents submitted by unsuccessful candidates only if they consent to us doing so and only for a specified period of no longer than 6 months, unless we obtained their consent to keep it for longer.

4.3. CUSTOMER

We may collect Personal Data related to our existing customers.

4.3.1. Personal Data that we collect and Process

Category of Personal Data

Personal Data

Identity Details:

Name, surname, date of birth, ID number/ tax number, driving license, signature.

Contact Details:

Telephone number, e-mail address.

Personnel information:

Registration number, Education information, certificate of employment records, professional/personal skills.

Your Professional Experience:

Vocational education details, certificates.

Visual and Audio Records:

Photograph.

Vehicle Details:

License plate information.

Your Special Categories of Personal Data:

Health data (personal health details, disability details).

4.3.2. Why do we collect your Personal Data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Opentable reservation process

Performance of a contract with you or to take steps at your request, before entering a contract (in accordance with section 5(1)(b) of the ADGM DPR).

Supplier, subcontractor, visitor OHS Basic Requirements Control

Processing is necessary for compliance with a legal obligation to which the Data Controller is subject to under the applicable law (in accordance with section 5(1)(c) of the ADGM DPR).

Some of the information we collect (such as personal health details, disability details) may be deemed to fall within the Special Categories of Personal Data under the ADGM DPR (in the above example, health information). We are not prohibited from Processing such data if you explicitly consent to the same under Article 7(2)(a) of the ADGM DPR.

4.3.3. How long do we keep your Personal Data?

We will Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

4.4. POTENTIAL CUSTOMER

We may collect Personal Data related to potential customers.

4.4.1. Personal Data that we collect and Process

Category of Personal Data

Personal Data

Identity Details:

Name, surname.

Contact Details:

Telephone number, e-mail address.

Your Special Categories of Personal Data:

Health data (personal health details).

4.4.2. Why do we collect your Personal Data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Opentable Reservation Process

Performance of a contract with you or to take steps at your request, before entering a contract (in accordance with section 5(1)(b) of the ADGM DPR).

4.4.3. How long do we keep your Personal Data?

We will Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

5. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

In Sections 5 and 6 of this Website Data Protection Notice, the following words shall have the following meanings:-

Affiliate” means in relation to Nusret Galeria Restaurant Ltd or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş, any other Person directly or indirectly controlling or controlled by or under direct or indirect common control with Nusret Galeria Restaurant Ltd or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. For the purposes of this definition, “control” when used with respect to either Nusret Galeria Restaurant Ltd or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş means the power to direct the management and policies of such Person, directly or indirectly, whether through the ownership of voting securities, by contract or otherwise; and the terms “controlling” and “controlled” have meanings correlative to the foregoing.

ADGM Affiliate” means an Affiliate registered in the ADGM;

"Non-ADGM Affiliate” means an Affiliate registered outside the ADGM; and

Person” means any natural person, corporation, limited liability company, trust, joint venture, association, company, partnership, governmental authority or other entity.

We do not sell your Personal Data to third parties.

We may share your Personal Data with Nusr-et’s ADGM Affiliates and Non-ADGM Affiliates because we share the same guest management and IT systems. Such transfers are governed by jurisdiction-compliant agreements between the Affiliates for the integrity and confidentiality of Personal Data.

Service Providers

We may disclose information about you to organisations that provide a service to us, ensuring that they are contractually obligated to keep your Personal Data confidential and will comply with the ADGM DPR, GDPR, and any other relevant data protection laws.

We may share your information with the following types of service providers:

a) technical support providers who assist with our website and IT infrastructure,

b) third party software providers, where the provider hosts the relevant Personal Data on our behalf;

c) professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;

d) providers that help us generate and collate reviews in relation to our goods and services;

e) our advertising and promotional agencies and consultants and those organisations or online platforms selected by us to carry out marketing campaigns on our behalf (for example, Facebook, Google, Instagram);

f) service providers that assist us in providing our services; and/or

g) our business associates based in the ADGM and outside the ADGM.

Law Enforcement or Government Bodies

We may disclose your Personal Data to the required authorities, as permitted by law, in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.

6. TRANSFERS OF PERSONAL DATA OUTSIDE THE ADGM

We share Personal Data with external vendors or service providers or suppliers that we engage to perform services or functions on our behalf and under our instructions. Where these vendors are located within the ADGM, we ensure that they are contractually obligated to comply with the ADGM DPR. Where they are located outside the ADGM, in accordance with Part V of the ADGM DPR, we shall ensure that your Personal Data shall only be transferred to a jurisdiction outside the ADGM if that jurisdiction has adequate levels of protection for that type of Personal Data and that the conditions of Part V of the ADGM DPR are complied with, including where the data may be subject to further onward transfer. We also ensure in our contracts with these organisations that they only Process Personal Data lawfully, fairly, and in a transparent manner (as required by ADGM DPR), in accordance with our instructions, and in order to provide the agreed services and protect the integrity and confidentiality of your Personal Data entrusted to them.

Some of the vendors/service providers that Nusr-et and Nusr-et Affiliates engage with, are located in jurisdictions where ADGM DPR does not recognise the jurisdictions as locations providing adequate protection for Personal Data. In such cases, we sign the ADGM approved  standard contractual clause with the vendor/ service provider to protect your data.

7. LINKS TO OTHER WEBSITES

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Data Protection Notice. Nusr-et has a presence on social media (Facebook, Twitter, YouTube etc.) and you can interact with us through your existing social media accounts in accordance with their relevant privacy policies.

8. YOUR DATA PROTECTION RIGHTS

You have the following rights in relation to your Personal Data in accordance with the provisions of Part 3 of the ADGM DPR;

Ø Right to be informed: upon request organisations must tell individuals what data of theirs is being collected, how it is being used, how long it will be kept and whether it will be shared with any third parties. Individuals also have the right to  be informed before Personal Data is disclosed by us for the first time to third parties or used on their behalf for the purposes of direct marketing and be explicitly offered the right to object to such disclosures or uses.

Ø Right of access: individuals have the right to request a copy of the information that an organisation holds on them.

Ø Right of rectification: individuals have the right to correct data that is inaccurate or incomplete.

Ø Right to erasure and right to be forgotten: in certain circumstances, individuals can ask organisations to erase any Personal Data that is stored with them, including on the Internet.

Ø Right of portability: individuals can request that organisation transfer any data that it holds on them to another company, provided such transfer does not infringe the rights of any other individuals.

Ø Right to restrict Processing: individuals can require an organisation to limit the way it uses Personal Data in certain circumstances (Article 16 of the ADGM DPR)

Ø Right to object: individuals have the right to challenge certain types of Processing, such as direct marketing

Ø Rights related to automated decision making, including profiling: Individuals have the right to object to any decision based solely on automated Processing, including profiling, which produces legal consequences concerning him or other seriously impactful consequences and to require such decision to be reviewed manually. Individuals can ask organisations to provide a copy of its automated Processing activities if they believe the data is being Processed unlawfully.

Ø Right to withdraw consent: Individuals may withdraw consent at any time by notifying us.

9. HOW CAN YOU WITHDRAW YOUR CONSENT?

If you consent to us Processing your Personal Data, please note that you may withdraw this consent at any time. In order to withdraw the consent, please contact privacy@nusr-et.com.tr Please note that your consent can only be withdrawn for future Processing activities and such a withdrawal does not have any influence on the lawfulness of past Processing activities. In some cases, we may be entitled in spite of your withdrawal to continue to Process your Personal Data on a different legal basis.

10. UPDATING THIS DATA PROTECTION NOTICE

We reserve the right to update this Data Protection Notice at any time. We will let you know about the changes by publishing the updated version of the Data Protection Notice.We are committed to protecting and respecting your privacy and will continue to do so in any future changes we make to this Data Protection Notice.

11. HOW TO GET IN TOUCH WITH US AND HOW CAN YOU EXERCISE YOUR LEGAL RIGHTS?

If you have any questions about our Data Protection Notice , or if you would like to make a complaint about a possible breach of Personal Data or to exercise one of your data protection rights, please contact us as described below.

Contact us;

Company E-mail address: privacy@nusr-et.com.tr

If you have any concerns about how we Process your Personal Data, please feel free to contact our data protection officer, who will investigate the matter and come back to you, by sending an email to privacy@nusr-et.com.tr

If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work.

DIFC Saltbae Restaurant Limited DATA PROTECTION NOTICE

1. Who is the data controller?

2. When does this data protection notice apply?

3. How do we collect Personal Data?

4. Categories of Personal Data and purposes and lawful basis for Processing

5. Who do we share your Personal Data with

6. Transfers of Personal Data outside the EU/European Economic Area

7. Links to other websites

8. Your data protection rights

9. How can you withdraw your consent?

10. Updating this data protection notice

11. How to get in touch with us and how can you exercise your legal rights?

1. WHO IS THE DATA CONTROLLER?

Saltbae Restaurant Limited and D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. (hereinafter also “Nusr-et”, “we”, “us”) wish to inform you below of how your personal data are Processed within the context of our website. We would be considered “Joint Controllers” per the definition in the DIFC Data Protection Law (DIFC Law No. 5 of 2020). Reference in this notice to “Data Controller” refers to us collectively.

Any personal data such as your name, identification number, location data, an online identifier, or one or more factors specific to your biological, biometric, physiological, mental, genetic, economic, cultural or social identity (“Personal Data”) Processed in connection with this Data Protection Notice is controlled by Nusr-et, which is considered the “Data Controller” of your Personal Data under the  DIFC Data Protection Law (DIFC Law No. 5 of 2020) (“DIFC DPL”).

We are committed to protecting the privacy and security of your Personal Data as a Data Controller. Therefore, we are committed to ensuring that your Personal Data is handled lawfully, fairly and in a transparent manner in accordance with the principles set out in the DIFC DPL. This Data Protection Notice explains how we will collect, use, disclose, retain and protect your Personal Data.

2. WHEN DOES THIS DATA PROTECTION NOTICE APPLY?

This Data Protection Notice applies to your Personal Data that we collect, use and Process in connection with the transaction you take when you visit our website www.nusr-et.com.tr as a website visitor, job applicant, customer or potential customer.

“Process” in the context of this Data Protection Notice means any operation or set of operations performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage and archiving, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, transfer or otherwise making available, alignment or combination, restricting (meaning the marking of stored Personal Data with the aim of limiting Processing of it in the future), erasure or destruction, but excluding operations or sets of operations performed on Personal Data by:

(a) a natural person in the course of a purely personal or household activity that has no connection to a commercial purpose; or

(b) law enforcement authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and preventing threats to public security.

3. HOW DO WE COLLECT PERSONAL DATA?

We may obtain your Personal Data from the following sources:

a) from you directly: for example, at the time of subscribing to, or registering for any services offered on our website, including but not limited to email mailing lists, using interactive services, downloading content, or requesting further goods or services);

b) from your device or browser: data that is automatically collected (which will vary depending on your browser settings) by your browser or device, for example, the IP address of your internet service provider, the operating system you use, the name and version of your internet browser. The information provided by your browser does not identify you personally.

c) from correspondence with us (for example, by e-mail or any other digital or electronic form, including social media).

4. CATEGORIES OF PERSONAL DATA AND PURPOSES AND LAWFUL BASIS FOR PROCESSING

We may Process your Personal Data in different ways. In all cases we are committed to protecting your Personal Data. In each of the subheadings listed below, we describe how we obtain your Personal Data and how we treat it.

4.1 Web Site Visitors

4.2 Job Applicants

4.3 Customer

4.4 Potential Customer

4.1. WEB SITE VISITORS

We may collect Personal Data related to web site visitors.

4.1.1. Personal Data that we collect and Process

Category of Personal Data

Personal Data

Personal identification data

First name, last name

Contact information data

Address, email address

Technical data

This is data about your computer hardware and software that is automatically collected by us and includes cookie data (for more information please see our Cookie Polic[EY1] y) device type (eg mobile, computer, laptop, tablet), browser information (e.g. browser type, language and history), IP address, operating system, access times, settings and referring website addresses.

4.1.2. Why do we collect your Personal Data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Provide our website services to website users

Your prior consent (in accordance with Article 12 DIFC DPL)

Remembering website users’ preferences

Your prior consent (in accordance with Article 12 DIFC DPL)

Marketing and advertising

Your prior consent (in accordance with Article 12 DIFC DPL)

Monitor any external security threats to

our systems (such as hacks)

Legitimate Interest (in accordance with Article 13 of the DIFC DPL).

4.1.3. How long do we keep your Personal Data?

We will keep your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with your requests via our website or your use of our website.

4.2. JOB APPLICANTS

We may collect Personal Data related to job applicants for positions advertised on our website.

4.2.1. Personal Data that we collect and Process

Category of Personal Data

Personal Data

Identity Details:

Name, surname, date of birth, place of birth, ID number/tax number, nationality, driving license, marital status.

Contact Details:

Telephone number, e-mail address, address information.

Personnel information:

CV, work/performance details, professional/personal skills, registration number.

Professional Experience:

Taken course details, vocational education details, certificates, profession details.

Visual and Audio Records:

Photograph, voice records, visual records (such as video records, etc.).

4.2.2. Why do we collect your Personal Data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Creating an Employee Candidate CV archive

Your prior consent (in accordance with Articles 10(a) and 12 of the DIFC DPL)

Some of the information we collect may be deemed to fall within the Special Categories of Personal Data (see above definition).

Execution of the Employee Candidate application process through the website

Performance of a contract with you or to take steps at your request, before entering a contract/ To comply with its legal obligations as employer (in accordance with Articles 10(b) and 10(c) of the DIFC DPL)

Performing Reference Check

Company’s legitimate interest. (in accordance with Article 10(f) of the DIFC DPL)

Verification of training certificate records

Company’s legitimate interest. (in accordance with Article 10(f) of the DIFC DPL)

4.2.3. How long do we keep your Personal Data?

We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected. If you are successful and we hire you, we will keep your CV as part of your employee record for the duration of your employment with us. We will keep CVs and documents submitted by unsuccessful candidates only if they consent to us doing so and only for a specified period of no longer than 6 months, unless we obtained their consent to keep it for longer.

4.3. CUSTOMER

We may collect Personal Data related to our existing customers.

4.3.1. Personal Data that we collect and Process

Category of Personal Data

Personal Data

Identity Details:

Name, surname, date of birth, place of birth, ID number/ tax number, driving license, marital status, signature.

Contact Details:

Telephone number, e-mail address.

Personnel information:

Registration number, Education information, certificate of employment records, professional/personal skills.

Your Professional Experience:

Vocational education details, certificates.

Visual and Audio Records:

Photograph.

Vehicle Details:

License plate information.

Your Special Categories of Personal Data:

Health data (personal health details, disability details).

4.3.2. Why do we collect your Personal Data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Opentable reservation process

Performance of a contract with you or to take steps at your request, before entering a contract (in accordance with Article 10(b) DIFC DPL).

Supplier, subcontractor, visitor OHS Basic Requirements Control

Processing is necessary for compliance with a legal obligation to which the Data Controller is subject to under the applicable law (in accordance with Article 10(1)(c) DIFC DPL).

Some of the information we collect (such as personal health details, disability details) may be deemed to fall within the Special Categories of Personal Data under the DIFC DPL (in the above example, health information). We are not prohibited from Processing such data if you explicitly consent to the same under Article 11(a) DIFC DPL.

4.3.3. How long do we keep your Personal Data?

We will Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

4.4. POTENTIAL CUSTOMER

We may collect Personal Data related to potential customers.

4.4.1. Personal Data that we collect and Process

Category of Personal Data

Personal Data

Identity Details:

Name, surname.

Contact Details:

Telephone number, e-mail address.

Your Special Categories of Personal Data:

Health data (personal health details).

4.4.2. Why do we collect your Personal Data and what are our lawful bases for it?

Purpose of Data Processing

Lawful Basis

Opentable Reservation Process

Performance of a contract with you or to take steps at your request, before entering a contract (in accordance with Article 10(1)(b) of the DIFC DPL).

4.4.3. How long do we keep your Personal Data?

We will Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with the provision of service to you, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

5. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

In Sections 5 and 6 of this Website Data Protection Notice, the following words shall have the following meanings:-

Affiliate” means in relation to Saltbae Restaurant Limited or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş, any other Person directly or indirectly controlling or controlled by or under direct or indirect common control with Saltbae Restaurant Limited or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş. For the purposes of this definition, “control” when used with respect to either Saltbae Restaurant Limited or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş means the power to direct the management and policies of such Person, directly or indirectly, whether through the ownership of voting securities, by contract or otherwise; and the terms “controlling” and “controlled” have meanings correlative to the foregoing.

DIFC Affiliate” means an Affiliate registered in the DIFC;

"Non-DIFC Affiliate” means an Affiliate registered outside the DIFC; and

Person” means any natural person, corporation, limited liability company, trust, joint venture, association, company, partnership, governmental authority or other entity.

We do not sell your Personal Data to third parties.

We may share your Personal Data with Nusr-et’s DIFC Affiliates and Non-DIFC Affiliates because we share the same guest management and IT systems. Such transfers are governed by jurisdiction-compliant agreements between the Affiliates for the integrity and confidentiality of Personal Data.

Service Providers

We may disclose information about you to organisations that provide a service to us, ensuring that they are contractually obligated to keep your Personal Data confidential and will comply with the DIFC DPL, GDPR, and any other relevant data protection laws.

We may share your information with the following types of service providers:

a) technical support providers who assist with our website and IT infrastructure,

b) third party software providers, where the provider hosts the relevant Personal Data on our behalf;

c) professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;

d) providers that help us generate and collate reviews in relation to our goods and services;

e) our advertising and promotional agencies and consultants and those organisations or online platforms selected by us to carry out marketing campaigns on our behalf (for example, Facebook, Google, Instagram);

f) service providers that assist us in providing our services; and/or

g) our business associates based in the DIFC and outside the DIFC.

Law Enforcement or Government Bodies

We may disclose your Personal Data to the required authorities, as permitted by law, in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law.

6. TRANSFERS OF PERSONAL DATA OUTSIDE THE DIFC

We share Personal Data with external vendors or service providers or suppliers that we engage to perform services or functions on our behalf and under our instructions. Where these vendors are located within the DIFC, we ensure that they are contractually obligated to comply with the DIFC DPL. Where they are located outside the DIFC, in accordance with Part 4 of the DIFC DPL, we shall ensure that your Personal Data shall only be transferred to a jurisdiction outside the DIFC if that jurisdiction has adequate levels of protection for that type of Personal Data unless that jurisdiction falls into one of the approved jurisdictions in the DIFC DPL or is otherwise listed by DIFC on its website from time to time. We also ensure in our contracts with these organisations that they only Process Personal Data fairly, lawfully and transparently (as required by DIFC DPL), in accordance with our instructions, and in order to provide the agreed services and protect the integrity and confidentiality of your Personal Data entrusted to them.

Some of the vendors/service providers that Nusr-et and Nusr-et Affiliates engage with, are located in jurisdictions where DIFC DPL does not recognise the jurisdictions as locations providing adequate protection for Personal Data. In such cases, we sign the DIFC approved  standard contractual clause with the vendor/ service provider to protect your data.

7. LINKS TO OTHER WEBSITES

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Data Protection Notice. Nusr-et has a presence on social media (Facebook, Twitter, YouTube etc.) and you can interact with us through your existing social media accounts in accordance with their relevant privacy policies.

8. YOUR DATA PROTECTION RIGHTS

You have the following rights in relation to your Personal Data in accordance with the provisions of Part 6 of the DIFC DPL;

Ø Right to be informed: upon request organisations must tell individuals what data of theirs is being collected, how it is being used, how long it will be kept and whether it will be shared with any third parties. Individuals also have the right to  be informed before Personal Data is disclosed by us for the first time to third parties or used on their behalf for the purposes of direct marketing and be explicitly offered the right to object to such disclosures or uses.

Ø Right of access: individuals have the right to request a copy of the information that an organisation holds on them.

Ø Right of rectification: individuals have the right to correct data that is inaccurate or incomplete.

Ø Right to erasure and right to be forgotten: in certain circumstances, individuals can ask organisations to erase any Personal Data that is stored with them, including on the Internet.

Ø Right of portability: individuals can request that organisation transfer any data that it holds on them to another company, provided such transfer does not infringe the rights of any other individuals.

Ø Right to restrict Processing: individuals can require an organisation to limit the way it uses Personal Data in certain circumstances (Article 35 DIFC DPL)

Ø Right to object: individuals have the right to challenge certain types of Processing, such as direct marketing

Ø Rights related to automated decision making, including profiling: Individuals have the right to object to any decision based solely on automated Processing, including profiling, which produces legal consequences concerning him or other seriously impactful consequences and to require such decision to be reviewed manually. Individuals can ask organisations to provide a copy of its automated Processing activities if they believe the data is being Processed unlawfully.

Ø Right to withdraw consent: Individuals may withdraw consent at any time by notifying us.

Ø Non-discrimination: Individuals exercising their rights above may not be discriminated against by us (for example by denying services to the individual or charging different prices for goods or services)

9. HOW CAN YOU WITHDRAW YOUR CONSENT?

If you consent to us Processing your Personal Data, please note that you may withdraw this consent at any time. In order to withdraw the consent, please contact privacy@nusr-et.com.tr. Please note that your consent can only be withdrawn for future Processing activities and such a withdrawal does not have any influence on the lawfulness of past Processing activities. In some cases, we may be entitled in spite of your withdrawal to continue to Process your Personal Data on a different legal basis.

10. UPDATING THIS DATA PROTECTION NOTICE

We reserve the right to update this Data Protection Notice at any time. We will let you know about the changes by publishing the updated version of the Data Protection Notice on www.nusr-et.com.tr . We are committed to protecting and respecting your privacy and will continue to do so in any future changes we make to this Data Protection Notice.

11. HOW TO GET IN TOUCH WITH US AND HOW CAN YOU EXERCISE YOUR LEGAL RIGHTS?

If you have any questions about our Data Protection Notice , or if you would like to make a complaint about a possible breach of Personal Data or to exercise one of your data protection rights, please contact us as described below.

Contact us;

Company E-mail address: privacy@nusr-et.com.tr

If you have any concerns about how we Process your Personal Data, please feel free to contact our data protection officer, who will investigate the matter and come back to you, by sending an email to privacy@nusr-et.com.tr.

If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work.

إشعار حماية البيانات

(1) من هو مراقب البيانات ؟

شركة مطعم نصرت المحدودة، وشركة D المساهمة لتجارة وتسويق اللحوم ومنتجاتها

Nusret Restaurant LLC and D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş.

(يشار إليها فيما يلي أيضًا باسم "Nusr-et" و "نحن" و"لنا") نود إعلامك أدناه بكيفية معالجة بياناتك الشخصية في سياق موقعنا على الويب. نحن نحدد بشكل مشترك طريقة ومعايير معالجة بياناتك الشخصية (كما هو محدد أدناه)، لأغراض بعض الأنشطة التي نقوم بها في سياق أعمالنا الموصوفة أدناه. وهذا يجعلنا " مراقبين" بموجب قانون المرسوم الاتحادي لدولة الإمارات العربية المتحدة رقم (45) لسنة 2021 بشأن حماية البيانات الشخصية (" قانون حماية البيانات"). لذلك، نحن مطالبون بالامتثال لقانون حماية البيانات في كيفية قيامنا بهذا الدور. ونظراً لأننا نؤدي هذا الدور معاً، فنحن مراقبون مشتركون. يشير " مراقب البيانات" في هذا الإشعار إلينا كمراقبين مشتركين.

أيٌّ من بياناتك الشخصية (مثل اسمك أو صوتك أو صورتك أو معرفك الإلكتروني أو رقم التعريف أو بيانات الموقع أو واحد أو أكثر من العوامل الخاصة بهويتك المادية أو الفسيولوجية أو الاقتصادية أو الثقافية أو الاجتماعية، وتشمل البيانات الشخصية الحساسة والبيانات البيومترية، وفق تعريف هذه المصطلحات في قانون حماية البيانات) أي (" البيانات الشخصية")؛ يجب معالجتها (كما هو محدد أدناه) فيما يتعلق بالأنشطة الموضحة أدناه في إشعار حماية البيانات هذا وفقا لقانون حماية البيانات.

في المسألة التي لم يرد لها ذكر في قانون حماية البيانات، أو تم تأجيلها إلى اللائحة التنفيذية لقانون حماية البيانات (التي لم يتم نشرها بعد)، يتم تطبيق القانون الاتحادي لدولة الإمارات العربية المتحدة رقم (31) لعام 2021 الذي يصدر قانون العقوبات، والسياسات التنظيمية للهيئة الاتحادية لتنظيم الاتصالات في دولة الإمارات العربية المتحدة بشأن إنترنت الأشياء الصادرة في 22 مارس 2018.

نحن ملتزمون بحماية خصوصية وأمن بياناتك الشخصية كمراقب للبيانات. لذلك، نحن ملتزمون بضمان التعامل مع بياناتك الشخصية بشكل قانوني وعادل وشفاف وفقًا للمبادئ المنصوص عليها في قانون الإمارات العربية المتحدة لحماية البيانات. يشرح إشعار حماية البيانات هذا؛ كيفية جمع بياناتك الشخصية، واستخدامها والإفصاح عنها، والاحتفاظ بها، وحمايتها.

(2) متى يتم تطبيق إشعار حماية البيانات هذا؟

ينطبق إشعار حماية البيانات هذا على بياناتك الشخصية التي نجمعها ونستخدمها ونعالجها في سياق المعاملة التي تقوم بها عند زيارة موقعنا الإلكتروني www.nusr-et.com.tr كزائر لموقع الويب أو طالب عمل أو عميل أو عميل محتمل.

" العملية" في سياق إشعار حماية البيانات هذا تعني أي عملية أو مجموعة من العمليات التي يتم إجراؤها على البيانات الشخصية باستخدام أي وسيلة إلكترونية، بما في ذلك المعالجة وغيرها من الوسائل. تتضمن هذه المعالجة جمع البيانات الشخصية أو تخزينها أو تسجيلها أو تنظيمها أو تكييفها أو تعديلها أو تعميمها أو تغييرها أو استرجاعها أو تبادلها أو مشاركتها أو استخدامها أو توصيفها أو الكشف عنها عن طريق بثها أو نقلها أو توزيعها أو إتاحتها أو تنسيقها أو دمجها أو تقييدها أو حظرها أو محوها أو تدميرها أو إنشاء أشكال منها.

(3) كيف نجمع البيانات الشخصية؟

يمكننا أن نحصل على معلوماتك الشخصية من المصادر التالية:

‌أ) منك مباشرة: على سبيل المثال، في وقت الاشتراك، أو التسجيل في أي خدمة من الخدمات المقدمة على موقعنا الإلكتروني، بما في ذلك على سبيل المثال لا الحصر؛ قوائم البريد الإلكتروني، أو استخدام الخدمات التفاعلية، أو تنزيل المحتوى، أو طلب المزيد من السلع أو الخدمات.

‌ب) من جهازك أو متصفحك: البيانات التي يتم جمعها تلقائيًا (والتي ستختلف اعتمادًا على إعدادات متصفحك) بواسطة متصفحك أو جهازك، على سبيل المثال؛ عنوان IP لمزود خدمة الإنترنت الخاص بك، ونظام التشغيل الذي تستخدمه، واسم متصفحك للإنترنت وإصداره. المعلومات التي يقدمها المتصفح الخاص بك لا تحدد هويتك شخصيًا.

‌ج) من المراسلات معنا: على سبيل المثال، عن طريق البريد الإلكتروني، أو أي شكل رقمي أو إلكتروني آخر، بما في ذلك وسائل التواصل الاجتماعي.

(4) فئات البيانات والأغراض الشخصية والأساس القانوني للمعالجة:

يمكننا أن نقوم بمعالجة بياناتك الشخصية بطرق مختلفة. ونحن في جميع الحالات ملتزمون بحماية بياناتك الشخصية وخصوصياتك، في كل من العناوين الفرعية المدرجة أدناه، نصف كيفية حصولنا على بياناتك الشخصية وكيفية تعاملنا معها.

(4-1) المتقدمين للوظائف

(4-2) العميل

(4-3) العميل المحتمل

(4-1) المتقدمين للوظائف:

يجوز لنا جمع البيانات الشخصية المتعلقة بالمتقدمين للوظائف المعلن عنها على موقعنا الإلكتروني.

(4-1-1) البيانات الشخصية التي نجمعها ونعالجها:

فئة البيانات الشخصية

البيانات الشخصية

تفاصيل التعريف:

الاسم واللقب وتاريخ الميلاد ومكان الميلاد ورقم الهوية / الرقم الضريبي والجنسية ورخصة القيادة والحالة الاجتماعية.

بيانات المتصل:

رقم الهاتف وعنوان البريد الإلكتروني ومعلومات العنوان.

المعلومات الشخصية:

السيرة الذاتية، تفاصيل العمل / الأداء، تفاصيل كشوف المرتبات، سجلات شهادة التوظيف، المهارات المهنية / الشخصية، رقم التسجيل.

الخبرة المهنية:

تفاصيل الدورة المأخوذة وتفاصيل التعليم المهني والشهادات وتفاصيل المهنة.

التسجيلات المرئية والصوتية:

الصور الفوتوغرافية والتسجيلات الصوتية والسجلات المرئية (مثل تسجيلات الفيديو وما إلى ذلك).

(4-1-2) لماذا نجمع بياناتك الشخصية وما هي أسسنا القانونية في ذلك؟

الغرض من معالجة البيانات

الأساس القانوني

إنشاء أرشيف السيرة الذاتية للمرشح للتوظيف

موافقتك المسبقة.

تنفيذ عملية تقديم طلب الموظف المرشح عبر الإنترنت

موافقتك المسبقة.

التحقق من أداء المرجع

موافقتك المسبقة.

التحقق من سجلات شهادات التدريب

موافقتك المسبقة.

(4-1-3) ما هي المدة التي نحتفظ فيها ببياناتك الشخصية؟

سنحتفظ ببياناتك الشخصية ونعالجها فقط طالما كان ذلك ضروريًا للأغراض التي تم جمعها من أجلها. إذا كنت ناجحًا وقمنا بتوظيفك، فسنحتفظ بسيرتك الذاتية كجزء من سجل الموظف الخاص بك طوال فترة عملك معنا. لن نحتفظ بالسير الذاتية والمستندات المقدمة من قبل المرشحين غير الناجحين، إلا إذا وافقوا على ذلك، ولمدة محددة لا تزيد عن ستة أشهر، والاحتفاظ بها لمدة أطول مرهون بموافقتهم.

(4-2) العميل:

يمكننا أن نقوم بجمع البيانات الشخصية المتعلقة بعملائنا الحاليين.

(4-2-1) البيانات الشخصية التي نجمعها ونعالجها:

فئة البيانات الشخصية

البيانات الشخصية

تفاصيل التعريف

الاسم واللقب وتاريخ الميلاد ورقم الهوية / رقم الضريبة ورخصة القيادة والتوقيع.

بيانات المتصل

رقم الهاتف وعنوان البريد الإلكتروني.

المعلومات الشخصية

رقم التسجيل ومعلومات التعليم وشهادة سجلات التوظيف، والمهارات المهنية / الشخصية.

خبرتك المهنية

تفاصيل التعليم المهني والشهادات وتفاصيل المهنة.

التسجيلات المرئية والصوتية

صورة فوتوغرافية.

تفاصيل المركبة

معلومات لوحة المركبة

فئات بياناتك الشخصية

البيانات الصحية (التفاصيل الصحية الشخصية، تفاصيل الإعاقة.

(4-2-2) لماذا نجمع بياناتك الشخصية وما هي أسسنا القانونية في ذلك؟

الغرض من معالجة البيانات

الأساس القانوني

عملية الحجز المفتوح

موافقتك المسبقة.

مراقبة المتطلبات الأساسية للصحة والسلامة المهنية للمورِّد والمقاول من الباطن والزائر

المتطلبات الإلزامية بموجب مراسيم أو قوانين الإمارات و / أو لوائح البلدية التي تفرض استخدام كاميرات المراقبة في المطاعم في الإمارات المعنية.

قد تعتبر بعض المعلومات التي نجمعها (مثل المعلومات الصحية) تحت عنوان الفئات الخاصة من البيانات الشخصية ضمن تعريف البيانات الشخصية الحساسة بموجب قانون حماية البيانات. هناك بيانات شخصية يتم منحها حماية قانونية إضافية بسبب الطبيعة الحساسة لهذه البيانات. لن يتم منعنا من معالجة هذه البيانات للغرض المحدد الذي أوضحناه لك شريطة أن توافق صراحة على ذلك، ونقوم بمعالجة هذه البيانات لغرض مشروع وبطريقة قانونية.

(4-2-3) ما هي المدة التي نحتفظ فيها ببياناتك الشخصية؟

سنقوم بمعالجة بياناتك الشخصية فقط طالما كان ذلك ضروريا للأغراض التي تم جمعها من أجلها فيما يتعلق بتوفير الخدمة لك، ما لم يكن لدينا حق قانوني أو التزام بالاحتفاظ بالبيانات لفترة أطول، أو كانت البيانات ضرورية لإنشاء أو ممارسة أو دفاع عن المطالبات القانونية.

(4-3) العميل المحتمل:

يمكننا أن نقوم بجمع البيانات الشخصية المتعلقة بعملائنا المحتملين.

(4-3-1) البيانات الشخصية التي نجمعها ونعالجها:

فئة البيانات الشخصية

البيانات الشخصية

تفاصيل التعريف

الاسم واللقب

بيانات المتصل

رقم الهاتف وعنوان البريد الإلكتروني.

فئات بياناتك الشخصية

التفاصيل الصحية الشخصية.

(4-3-2) لماذا نجمع بياناتك الشخصية وما هي أسسنا القانونية في ذلك؟

الغرض من معالجة البيانات

الأساس القانوني

عملية الحجز المفتوح

موافقتك المسبقة.

قد تعتبر بعض المعلومات التي نجمعها (مثل المعلومات الصحية) تحت عنوان الفئات الخاصة من البيانات الشخصية ضمن تعريف البيانات الشخصية الحساسة بموجب قانون حماية البيانات. هناك بيانات شخصية يتم منحها حماية قانونية إضافية بسبب الطبيعة الحساسة لهذه البيانات. لن يتم منعنا من معالجة هذه البيانات للغرض المحدد الذي أوضحناه لك شريطة أن توافق صراحة على ذلك، ونقوم بمعالجة هذه البيانات لغرض مشروع وبطريقة قانونية.

(4-3-3) ما هي المدة التي نحتفظ فيها ببياناتك الشخصية؟

سنقوم بمعالجة بياناتك الشخصية فقط طالما كان ذلك ضروريا للأغراض التي تم جمعها من أجلها فيما يتعلق بتوفير الخدمة لك، ما لم يكن لدينا حق قانوني أو التزام بالاحتفاظ بالبيانات لفترة أطول، أو كانت البيانات ضرورية لإنشاء أو ممارسة أو دفاع عن المطالبات القانونية.

(5) مع من تتم مشاركة البيانات الخاصة بك؟

في البندين (5) و(6) من إشعار حماية بيانات موقع الويب هذا، يكون للكلمات التالية المعاني التالية: -

" المنتسب" تعني فيما يتعلق شركة مطعم نصرت المحدودة وشركة D المساهمة لتجارة وتسويق اللحوم ومنتجاتها، (Nusret Restaurant LLC or D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş) أي شخص يتحكم أو يتم التحكم به بشكل مباشر أو غير مباشر، أو يسيطر أو يخضع لسيطرة الرقابة عليه بشكل مباشر أو غير مباشر، مع أي من الشركتين بشكل مشترك أو غير مشترك. " التحكم" الذي يتعلق بأي من الشركتين (Nusret Restaurant LLC أو D Et ve Et Ürünleri Gıda Pazarlama Tic. A.Ş) في هذا التعريف تعني سلطة توجيه إدارة وسياسات هذا الشخص، بشكل مباشر أو غير مباشر، سواء من خلال ملكية السندات المالية التي لها حق التصويت، أو بموجب عقد أو غير ذلك. ومصطلحات " السيطرة" و " الخضوع للرقابة" لهما معاني مرتبطة بما سبق. " الشركة التابعة لسوق البر الرئيسي لدولة الإمارات العربية المتحدة" تعني شركة تابعة مسجلة في سوق البر الرئيسي لدولة الإمارات العربية المتحدة. " الشركة غير التابعة لسوق البر الرئيسي لدولة الإمارات العربية المتحدة" تعني شركة تابعة مسجلة خارج سوق البر الرئيسي لدولة الإمارات العربية المتحدة. " الشخص" يعني أي شخص طبيعي أو مؤسسة أو شركة ذات مسؤولية محدودة أو صندوق استئماني أو مشروع مشترك أو جمعية أو شركة أو شراكة أو سلطة حكومية أو كيان آخر.

نحن لا نبيع بياناتك الشخصية إلى أطراف ثالثة.

قد نشارك بياناتك الشخصية مع الشركات التابعة لسوق البر الرئيسي لدولة الإمارات العربية المتحدة، وغير التابعة لسوق البر الرئيسي لدولة الإمارات العربية المتحدة؛ لأننا نتشارك نفس أنظمة إدارة الضيوف وتكنولوجيا المعلومات. عمليات النقل والمشاركة هذه تخضع لاتفاقيات متوافقة مع الاختصاص القضائي بين الشركات التابعة لسلامة وسرية البيانات الشخصية.

مزودي الخدمة:

يجوز لنا الكشف عن معلوماتك للمؤسسات التي تقدم خدمة لنا، مما يضمن أنها ملزمة تعاقديا بالحفاظ على سرية بياناتك الشخصية وسوف تمتثل لقانون حماية البيانات الشخصية، والنظام الأوروبي العام لحماية البيانات GDPR، وأي قوانين أخرى ذات صلة بحماية البيانات.

قد نشارك معلوماتك مع الأنواع التالية من مقدمي الخدمات:

‌أ) مقدمو الدعم الفني الذين يساعدون في موقعنا الإلكتروني وبنيتنا التحتية لتكنولوجيا المعلومات.

‌ب) مقدمو البرامج الخارجيون، حيث يستضيف المزود البيانات الشخصية ذات الصلة نيابة عنا.

‌ج) المستشارون المحترفون مثل المحامين والمحاسبين والمستشارين الضريبيين ومدققي الحسابات ووسطاء التأمين.

‌د) مقدمو الخدمات الذين يساعدوننا في إنشاء وتجميع المراجعات فيما يتعلق بسلعنا وخدماتنا.

‌ه) وكالاتنا الإعلانية والترويجية ومستشارونا والمنظمات أو المنصات عبر الإنترنت التي اخترناها لتنفيذ حملات تسويقية نيابة عنا (على سبيل المثال، فيسبوك وغوغل وإنستغرام).

‌و)  مقدمو الخدمات الذين يساعدوننا في تقديم خدماتنا.

‌ز) شركاؤنا التجاريون في البر الرئيسي لدولة الإمارات العربية المتحدة وخارج البر الرئيسي لدولة الإمارات العربية المتحدة.

هيئات إنفاذ القانون أو الهيئات الحكومية

يجوز لنا الكشف عن بياناتك الشخصية للسلطات المعنية، على النحو الذي يسمح به القانون، من أجل التحقيق في الأنشطة غير القانونية أو الاحتيال المشتبه به أو انتهاك حقوق الملكية الفكرية الخاصة بنا أو المواقف التي تنطوي على تهديدات محتملة للسلامة الجسدية لأي شخص أو انتهاك الشروط والأحكام أو الاتفاقيات الأخرى أو منعها أو اتخاذ إجراء بشأنها، وفقا لما يقتضيه القانون.

(6) نقل البيانات الشخصية خارج سوق البر الرئيسي لدولة الإمارات العربية المتحدة

نحن نشارك البيانات الشخصية مع البائعين الخارجيين أو مقدمي الخدمات أو الموردين الذين نتعامل معهم لأداء الخدمات أو الوظائف نيابة عنا وبموجب تعليماتنا. عندما يكون هؤلاء البائعون موجودين داخل البر الرئيسي لدولة الإمارات العربية المتحدة (أي ليس داخل منطقة تجارة حرة مثل مركز دبي المالي العالمي DIFC أو سوق أبو ظبي العالمي)، فإننا نضمن أنهم ملزمون تعاقديا بالامتثال لقانون حماية البيانات. عندما تكون موجودة خارج دولة الإمارات العربية المتحدة، سنضمن نقل بياناتك الشخصية فقط إلى ولاية قضائية خارج البر الرئيسي لدولة الإمارات العربية المتحدة إذا كانت تلك الولاية القضائية لديها مستويات مناسبة من الحماية لهذا النوع من البيانات الشخصية، مما يعني أن لديها تشريعات لحماية البيانات الشخصية تتضمن أهم الأحكام والتدابير والضوابط والأحكام والقواعد المتعلقة بحماية خصوصية وسرية البيانات الشخصية لموضوع البيانات، وقدرته على ممارسة حقوقه القانونية. كما نضمن في عقودنا مع هذه المنظمات أنها تعالج البيانات الشخصية فقط بشكل قانوني وعادل وبطريقة شفافة، وفقا لتعليماتنا، ومن أجل توفير الخدمات المتفق عليها وحماية سلامة وسرية بياناتك الشخصية الموكلة إليها.

(7) روابط لمواقع إلكترونية أخرى

قد يحتوي موقعنا على روابط لتمكينك من زيارة مواقع أخرى ذات أهمية بسهولة. ومع ذلك، بمجرد استخدامك لهذه الروابط ومغادرة موقعنا، يجب أن تلاحظ أنه ليس لدينا أي سيطرة على هذا الموقع الآخر. لذلك، لا يمكننا أن نكون مسؤولين عن حماية وخصوصية أي معلومات تقدمها أثناء زيارة هذه المواقع، ولا تخضع هذه المواقع لإشعار حماية البيانات هذا. لدى Nusr-et وجود على وسائل التواصل الاجتماعي (فيسبوك وتويتر ويوتيوب وغيرها) ويمكنك التفاعل معنا من خلال حساباتك الحالية على وسائل التواصل الاجتماعي وفقا لسياسات الخصوصية ذات الصلة.

(8) الحقوق المترتبة على حماية بياناتك الخاصة:

لديك الحقوق التالية فيما يتعلق ببياناتك الشخصية:

×   الحق في الحصول على المعلومات: يحق للأفراد طلب المعلومات التي تحتفظ بها المؤسسة عنهم، والتي تشمل البيانات الشخصية الخاصة بهم التي يتم جمعها، وكيفية استخدامها، والقرارات المتخذة بناء على المعالجة الآلية، والقطاعات أو المؤسسات المستهدفة داخل وخارج دولة الإمارات العربية المتحدة التي سيتم مشاركة بياناتهم الشخصية معها، والضوابط والمعايير الخاصة بفترة تخزين بياناتهم الشخصية والحفاظ عليها، تدابير الحماية للمعالجة عبر الحدود، والإجراءات التي يتعين اتخاذها في حالة حدوث خرق أو إساءة استخدام لبياناتهم الشخصية، وكيفية تقديم الشكاوى إلى مكتب البيانات في دولة الإمارات العربية المتحدة (بمجرد إنشائه).

×   الحق في التصحيح أو المحو: يملك الأفراد الحق في تصحيح البيانات غير الدقيقة أو غير المكتملة. في ظروف معينة، يمكن للأفراد أن يطلبوا من المؤسسات محو أي بيانات شخصية مخزنة تتعلق بهم.

× الحق في طلب النقل: يحق للأفراد تلقي بياناتهم المقدمة إلينا بطريقة منظمة وقابلة للقراءة آلياً، طالما أن المعالجة تستند إلى موافقتهم، أو كانت ضرورية لتنفيذ التزام تعاقدي، ويتم تنفيذها بوسائل آلية. يمكن للأفراد أيضاً أن يطلبوا من المؤسسة نقل أي بيانات تحتفظ بها عنهم إلى شركة أخرى، شريطة ألا ينتهك هذا النقل حقوق أي أفراد آخرين.

× الحق في تقييد المعالجة: يمكن للأفراد أن يطلبوا من المؤسسة الحد من استخدام بياناتهم الشخصية وإيقافها.

× الحق في إيقاف المعالجة: يحق للأفراد الاعتراض على أنواع معينة من المعالجات، مثل التسويق المباشر.

× معالجة الحقوق والمعالجة الآلية بما في ذلك التنميط: يحق للأفراد الاعتراض على أي قرار يعتمد فقط على المعالجة الآلية، بما في ذلك التنميط، والذي ينتج عنه عواقب قانونية تتعلق به، أو عواقب أخرى ذات تأثير خطير، والمطالبة بمراجعة هذا القرار يدوياً.

× الحق في سحب الموافقة: يجوز للأفراد سحب الموافقة على معالجة بياناتهم الشخصية في أي وقت عن طريق إخطارنا.

(9) كيف يمكن سحب موافقتك؟

إن كنت توافق على معالجتنا لبياناتك الشخصية، يرجى ملاحظة أنه يمكنك سحب هذه الموافقة في أي وقت. من أجل سحب الموافقة، يرجى الاتصال عبر privacy@nusr-et.com.tr ويرجى ملاحظة أنه لا يمكن سحب موافقتك إلا لأنشطة المعالجة المستقبلية، وليس لهذا السحب أي تأثير على قانونية أنشطة المعالجة السابقة. في بعض الحالات، قد يحق لنا على الرغم من انسحابك الاستمرار في معالجة بياناتك الشخصية على أساس قانوني مختلف.

(10) تحديث إشعار حماية البيانات

نحن نحتفظ بالحق في تحديث إشعار حماية البيانات هذا في أي وقت. سنخبرك بالتغييرات من خلال نشر الإصدار المحدث من إشعار حماية البيانات. نحن ملتزمون بحماية خصوصيتك واحترامها، وسنواصل القيام بذلك في أي تغييرات مستقبلية نجريها على إشعار حماية البيانات هذا.

(11) كيف تتواصل معنا وكيف يمكنك ممارسة حقوقك القانونية؟

إن كانت لديك أسئلة حول إشعار حماية البيانات الخاص بنا، أو إن كنت ترغب في تقديم شكوى حول خرق محتمل لبياناتك الشخصية، أو ممارسة أحد حقوق حماية البيانات الخاصة بك، يرجى الاتصال بنا كما هو موضح أدناه.

تواصل معنا:

عنوان البريد الإلكتروني للشركة: privacy@nusr-et.com.tr

إن كانت لديك أي مخاوف بشأن كيفية معالجتنا لبياناتك الشخصية، فلا تتردد في الاتصال بمسؤول حماية البيانات لدينا، وهو بدوره سيحقق في الأمر ويعود إليك عن طريق إرسال بريد إلكتروني إلى privacy@nusr-et.com.tr

إن كنت لا تزال غير راض بعد ردنا، أو تعتقد أننا لا نستخدم معلوماتك الشخصية بما يتماشى مع القانون، يحق لك أيضا تقديم شكوى إلى منظم حماية البيانات في البلد الذي تعيش أو تعمل فيه.