I. OBJECTIVE
The aim of this EU Privacy Policy (“the Policy”) is to provide adequate and consistent safeguards for the handling of Personal Data (as defined below) by all “Mogul Textile entities” (as defined below) Mogul Tekstil Sanayi ve Ticaret A.S. (“Mogul Textile”) in accordance with Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“the Directive”) and all the relevant transposing legislation of the Directive in the European Union/European Economic Area (“EU/EEA”), the Turkish Data Protection Law, as such laws may from time to time be amended and valid during the application of this Policy, the Privacy Shield (defined below), and any other privacy laws, regulations and principles concerning the collection, storage, use, transfer and other processing of Personal Data transferred from the European Economic Area (“EEA”) or Turkey to the United States including but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“the General Data Protection Regulation”) as of its entry into force on 24 May 2018.
II. SCOPE
This Policy applies to all Mogul Textile entities in the EU that process Personal Data.
“Consumer” “Consumer” means any natural person who is located in the EU, but excludes any individual acting in his or her capacity as an Employee.
“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data as referred to in Privacy Shield materials.
“Employee” means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of Mogul Textile or any current or prospective subsidiary or affiliate of Mogul Textile.
“European Economic Area (“EEA”)” means the following countries: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Republic of Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, The Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the UK.
“Mogul Textile entities (“Mogul Textile”)” means Mogul Tekstil Sanayi ve Ticaret A.S. and all affiliates or other entities owned or controlled by Mogul Textile in the EEA, irrespective of their different denominations that such entities may hold in different jurisdictions in the EEA.
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity and includes information, that (i) relates to an identified or identifiable Customer, Employee or Supplier’s representative; (ii) can be linked to that Customer, Employee or Supplier’s representative; (iii) is transferred to Mogul Textile in the U.S. from the EEA or Turkey, and (iv) is recorded in any form.
“Privacy Shield” means the EU-US Privacy Shield framework and agreement between the United States of America, via the US Department of Commerce and the EEA relating to the protection of Personal Data.
“Privacy Shield Policy” means the Mogul Textile Privacy Shield Policy that further details the handling of EU persons Personal Data when transferred to or obtained by Mogul Textile personnel in the USA; and such policy appears on the company global website www.mogulsb.com, more specifically at http://mogulsb.com/privacy-shield-policy as well as on the company intranet, and other applicable company websites, e.g. EU company office websites.
“Privacy Shield Principles” means the Principles and Supplemental Principles of the Privacy Shield.
“Sensitive Personal Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or concerning health or sex, and the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
“Supplier” means any supplier, vendor or other third party located in the USA and/or the EEA or Turkey that provides services or products to Mogul Textile. For the purposes of this Policy Suppliers shall be included within the definition of “Consumers” above.
“Systems Privacy Point of Contact” means individual officers designated by Mogul Textile as the initial points of contact for inquiries, complaints, or questions regarding privacy matters. Currently, such officers are identified at the end of this Policy.
“Processing” is defined as any action that is performed on Personal Data, whether in whole or in part by automated means, such as collecting, modifying, using, disclosing, or deleting such data.
This Policy does not cover data rendered anonymous or where pseudonyms are used. Data is rendered anonymous if individuals are no longer identifiable or are identifiable only with a disproportionately large expense in time, cost or labor. The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult. If data rendered anonymous become no longer anonymous (i.e. individuals are again identifiable), or if pseudonyms are used and the pseudonyms allow identification of individual persons, then this Policy shall apply again.
III. APPLICATION OF LOCAL LAWS
This Policy is designed to provide compliance with all relevant applicable laws in the EEA and in particular those transposing the Directive. Mogul Textile recognizes that certain laws might be modified to require stricter standards than those described in this Policy, in which case the stricter standards shall apply. Mogul Textile will handle Personal Data in accordance with local law at the place where the Personal Data is processed. If applicable law provides for a lower level of protection of Personal Data than that established by this Policy, then this Policy shall prevail. Any questions about applicable legislation and Mogul Textile’s compliance with it shall be addressed to Mogul Textile‘s local legal department or to the legal department in the US.
IV. PRINCIPLES FOR PROCESSING PERSONAL DATA
Mogul Textile respects Employee, Consumer (including personnel of customers, suppliers, stakeholders, and third parties) privacy and is committed to protecting Personal Data in compliance with the applicable legislation in the EEA. This compliance is consistent with Mogul Textile’s desire to keep its Employees and Consumers informed and to recognize and respect their privacy rights. Mogul Textile will observe the following principles when processing Personal Data:
- Data will be processed fairly and in accordance with applicable law.
- Data will be collected for specified, legitimate purposes and not processed further in ways incompatible with those purposes.
- Data will be relevant to and not excessive for the purposes for which they are collected and used. For example data may be rendered anonymous if deemed reasonable, feasible and appropriate, depending on the nature of the data and the risks associated with the intended uses.
- Data subjects in the EU will be asked to provide their clear and unequivocal consent for the collection, processing and transfer of their Personal Data.
- Data will be accurate and, where necessary kept up up-to-date. Reasonable steps will be taken to rectify or delete Personal Data that is inaccurate or incomplete.
- Data will be kept only as it is necessary for the purposes for which it was collected and processed. Those purposes shall be described in this Policy.
- Data will be deleted or amended following a relevant request by the concerned data subject, should such notice comply with the applicable legislation each time.
- Data will be processed in accordance with the individual’s legal rights (as described in this Policy or as provided by law).
- Appropriate technical, physical and organizational measures will be taken to prevent unauthorized access, unlawful processing and unauthorized or accidental loss, destruction or damage to data. In case of any such violation with respect to Personal Data, Mogul Textile will take appropriate steps to end the violation and determine liabilities in accordance with applicable law and will cooperate with the competent authorities.
V. TYPES OF DATA PROCESSED
As permitted by local laws, the Personal Data relating to Employees may include the following:
- name;
- contact information;
- date of birth;
- government-issued identification information, passport or visa information;
- educational history;
- employment and military history;
- legal work eligibility status;
- information about job performance and compensation;
- financial account information; and
- other information Employees may provide.
Personal Data relating to Consumers may include:
- Contact information, such as name, postal address, email address and telephone number; and
- Personal Data in content Consumers provide on Mogul Textile‘s website and other data collected automatically through the website (such as IP addresses, browser characteristics, device characteristics, operating system, language preferences, referring URLs, information on actions taken on our website, and dates and times of website visits).
- Financial account information.
Mogul Textile also may obtain and use Consumer Personal Data in other ways for which Mogul Textile provides specific notice at the time of collection (including but not limited to e.g. surveys, focus groups, market research, inbound and outbound Consumer communications and education, etc.).
VI. WAYS OF OBTAINING PERSONAL DATA
The ways by which Mogul Textile obtains Personal Data are defined hereby. Mogul Textile does not obtain any personal information about Employees or Consumers unless the Employee or Consumer has provided that information to Mogul Textile in a way providing for its clear and unequivocal consent to do so including but not limited to visiting Mogul Textile’s website, by completion of a written employment application, employee benefits application, insurance form, consent form, survey, or completion of an on-line or hard copy form. Employees and Consumers may choose to submit personal, private information by facsimile, regular mail, e-mail, or electronic transmission over our internal web site, interoffice mail, or personal delivery, as each of these methods may be deemed applicable each time.
VII. PURPOSES FOR PERSONAL DATA PROCESSING
Mogul Textile processes personal data for legitimate purposes related to human resources, business and safety /security. The limitation of purposes shall be taken into consideration before any type of processing of Personal Data and shall not be subject to any changes without prior notification. These principal purposes for Employee Personal Data include:
- Human resources purposes including but not limited to recruiting and hiring job applicants, and:
- Managing Employee communications and relations
- Providing compensation and benefits;
- Administering payroll;
- Processing corporate expenses and reimbursements;
- Managing Employee participation in human resources plans and programs;
- Carrying out obligations under employment contracts;
- Managing Employee performance;
- Conducting training and talent development;
- Facilitating Employee relocations and international assignments;
- Managing Employee headcount and office allocation;
- Managing the Employee termination process;
- Managing information technology and communications systems, such as the corporate email system and company directory;
- Conducting ethics and disciplinary investigations;
- Administering Employee grievances and claims;
- Managing audit and compliance matters;
- Complying with applicable legal obligations, including government reporting and specific local law requirements; and
- Other general human resources purposes.
Mogul Textile may also obtain and process Personal Data about Employees’ emergency contacts and other individuals (such as spouse, family members, dependents and beneficiaries) to the extent Employees provide such information to Mogul Textile. Mogul Textile processes this information to comply with its legal obligations and for benefits administration and other internal administrative purposes.
For Consumer specific Personal Data, the purposes of processing may include:
- Running day-to-day business relationship
- Marketing activities
- Management of financial accounts
- Business Development Activities
- Conduct of transactions or facilitation of offering of the Mogul Textile Services
- Conduct of surveys, focus groups, market research, inbound and outbound Consumer communications and education
For Client and Supplier specific information, the purposes of processing may include:
- Management of its relationships with its Clients and Suppliers
- Processing payments, expenses and reimbursements
- Carrying out Mogul Textile’s obligations under such contracts
If Mogul Textile introduces a new process or application that will result in the processing of Personal Data for purposes that go beyond the purposes described above, Mogul Textile will inform the concerned data subjects of such new process or application, new purpose for which the Personal Data are to be used, and the categories of recipients of the Personal Data.
VIII. SECURITY AND CONFIDENTIALITY
Mogul Textile is committed to taking appropriate technical, physical and organizational measures to protect Personal Data against unauthorized access, unlawful processing, accidental loss or damage and unauthorized destruction.
Equipment and Information Security
To safeguard against unauthorized access to Personal Data by third parties outside Mogul Textile, all electronic Personal Data held by Mogul Textile are maintained on Systems that are protected by up-to-date secure network architectures that contain firewalls and intrusion detection devices. The data saved in servers is “backed up” (i.e. the data are recorded on separate media) to avoid the consequences of any inadvertent erasure, destruction or loss otherwise. The servers are stored in facilities with high security, access protected to unauthorized personnel, fire detection and response systems. The location of these servers is known to a limited number of Mogul Textile’s Employees.
Access security
The importance of security for all personally identifiable information associated with Mogul Textile’s Employees is of highest concern. Mogul Textile is committed to safeguarding the integrity of personal information and preventing unauthorized access to information maintained in Mogul Textile’s databases. These measures are designed and intended to prevent corruption of data, block unknown and unauthorized access to our computerized system and information, and to provide reasonable protection of Personal Data in Mogul Textile’s possession. All employee files are confidentially maintained in the HR department in secured and locked file cabinets or rooms. Access to the computerized database is controlled by a log-in sequence and requires users to identify themselves and provide a password before access is granted. Users are limited to data required to perform their job function. Security features of our software and developed processes are used to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Training
Mogul Textile will be responsible for conducting adequate training sessions regarding the lawful, enumerated intended purposes of processing Personal Data, the need to protect and keep information accurate and up-to-date, the lawful purposes of collecting, handling and processing data that is transferred from the EU or Turkey to the US and the need to maintain the confidentiality of the data to which employees have access. Authorized users will comply with this Policy and Mogul Textile will take appropriate actions in accordance with applicable law, if Personal Data are accessed, processed, or used in any way that is inconsistent with the requirements of this Policy.
IX. RIGHTS OF DATA SUBJECTS
Any person has the right to be provided with information as to the nature of the Personal Data stored or processed about him or her by Mogul Textile and may request deletion or amendments.
All Employees and Consumers have access to their own personal information and may correct or amend it as needed. Employees may view their own personnel record upon request by contacting the local Talent Development contact or by accessing certain information in the company’s internet and/or extranet. Consumers may contact the Privacy POC or mogul@mogulsb.com to review, update, and revise their Personal Data.
If access is denied, the Employee and Consumer has the right to be informed about the reasons for denial. The person affected may resort to the dispute resolution described in Section XIII as well as in any competent regulatory body or authority. Mogul Textile shall handle in a transparent and timely manner any type of internal dispute resolution procedure about Personal Data is conducted.
If any information is inaccurate or incomplete, the person may request that the data be amended. It is every person’s responsibility to provide Talent Development in the case of Employees, or the Systems Privacy POC in the case of Consumers with accurate Personal Data about him or her and to inform such contacts of any changes. (e.g. new home address or change of name).
If the person demonstrates that the purpose for which the data is being processed in no longer legal or appropriate, the data will be deleted, unless the applicable law requires otherwise.
X. TRANSFERS
In connection with the activities described under Section VII, Mogul Textile may transmit Personal Data outside the EU and more specifically to: (i) Mogul Textile’s headquarters in Gaziantep, Turkey; (ii) Mogul Textile’s different offices in the Istanbul, Turkey and South Carolina, US; (iii) Mogul Textile affiliated entities in the Turkey. Moreover, Personal Data might be sent to the following third parties in or outside the EEA:
- Selected Third Parties: Mogul Textile will not disclose or share any personal information with any external entity or third party, except to an employee’s designated insurance provider, employee benefits administrator, travel professionals, clients to illustrate experience and qualifications for business purposes or promotion and not beyond that, to third party vendors and/or marketers upon Consumer’s explicit consent or as an employee or consumer may designate.
- Other Third Parties: Mogul Textile may be required to disclose certain Personal Data to other third parties: (i) As a matter of law (e.g. to tax and social security authorities); (ii) to protect Mogul Textile’s legal rights; (iii) in an emergency where the health or security of an employee is endangered (e.g. a fire); (iv) to Law Enforcement Authorities in accordance with the relevant legislation in the different EEA Member States including but not limited to legislation transposing the EU/2016/1148 concerning measures for a high common level of security of network and information systems across the Union (“the Network Information Security Directive”).
Mogul Textile complies with all the Privacy Shield Principles of the Privacy Shield and has taken the necessary actions to register within the Privacy Shield framework. In this regard Mogul Textile has adopted a Privacy Shield Policy, describing in detail the company’s compliance with Privacy Shield Principles for data transferred from the EU or Turkey to the US. This Privacy Shield Policy is available at the following link: http://mogulsb.com/privacy-shield-policy
XI. AUTOMATED DECISIONS
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
Mogul Textile does not make automated decisions for Employee or Consumer data. If automated decisions are made, affected persons will be given an opportunity to express their views on the automated decision in question and object to it.
XII. ENFORCEMENT RIGHTS AND MECHANISMS
Mogul Textile will ensure that this Policy is observed and duly implemented. All persons who have access to Personal Data must comply with this Policy. Violations of the applicable data protection legislation in the EEA may lead to penalties and/or claims for damages.
If at any time, a person believes that Personal Data relating to him or her has been processed in violation of this Policy, he or she may report the concern to the competent Mogul Textile’s official. In particular If you have any inquires or complaints about the use or limitation of use of your personal information, you may contact
Mogul Textile with e-mail or mail to informations below:
Mogul Tekstil Sanayi ve Ticaret A.S.
2. Organize Sanayi Bolgesi
83228 nolu cadde No 8
Sehitkamil Gaziantep Turkey
mogul@mogulsb.com
XIV. COMMUNICATION ABOUT THE POLICY
In addition to the training on this Policy, Mogul Textile will communicate this Policy to current and new employees and consumers by posting it on the company’s EU offices’ websites as well as on selected internal Mogul Textile websites and by providing a link to the Policy on information technology applications where Personal Data are collected and processed.
1. MODIFICATIONS OF THE POLICY
Mogul Textile reserves the right to modify this Policy as needed, for example, to comply with changes in laws, regulations or requirements introduced by DPAs. Changes must be approved by Mogul Textile’s Privacy POCs, the office of the corporate legal department, or their designees who will seek input as they reasonably deem appropriate from corporate executives such as the CEO, CFO, COO, and Chief of Staff, for the amended Policy to enter into force. If Mogul Textile makes changes to the Policy, this amended Policy will be submitted for renewed approval according to the relevant applicable provisions of the law. Mogul Textile will inform Mogul Textile Employees, Consumers and other persons (e.g. persons accessing Mogul Textile websites to enter Personal Data such as job application information) of any material changes in the Policy. Mogul Textile will post all changes to the Policy on relevant internal and external websites.
Effective with the implementation of this Policy, all existing and applicable EU company privacy guidelines relating to the collection and/or processing of Personal Data will, where in conflict, be superseded by the terms of this Policy. No other internal policy that conflicts with this Policy shall be applicable with respect to the protection of Personal Data handled by Mogul Textile in the EU. All parties to such agreements will be notified of the effective date of the implementation of the Policy.
XVI. OBLIGATIONS TOWARDS DATA PROTECTION AUTHORITIES
Mogul Textile will respond diligently and appropriately to requests from DPAs about this Policy or compliance with applicable data protection privacy laws and regulations. Mogul Textile’s employees who receive such requests should contact their human resources manager or business legal counsel. Mogul Textile will, upon request, provide DPAs with names and contact details of relevant persons. With regard to transfers of Personal Data between Mogul Textile entities, the importing and exporting Mogul Textile entities will (i) cooperate with inquiries from the DPA responsible for the entity exporting the data and (ii) respect its decisions, consistent with applicable law and due process rights. With regard to transfers of data to third entities, Mogul Textile will comply with DPAs’ decisions relating to it and cooperate with all DPAs in accordance with applicable legislation.