PLAN-S
GDPR Policy
Information Notice on The processing of Personel Data
1) Introduction
Plan-S Uydu ve Uzay Teknolojileri A.Ş. (“Plan-S” or the “Company”) processes personal data in accordance with the Law No. 6698 on the Protection of Personal Data (“KVKK”) and takes appropriate administrative and technical measures to protect personal data.
2) Data Controller
Your personal data are processed by Plan-S Uydu ve Uzay Teknolojileri A.Ş. as the data controller.
3) Collection Methods and Legal Bases
Your personal data may be collected via verbal, written, electronic and/or physical channels (e.g., forms, contracts, correspondence, e-mail/phone, recruitment processes, the website and IT systems/log records, visitor records and CCTV where applicable, suppliers/service providers where necessary).
As a rule, data are processed based on explicit consent. However, data may be processed without explicit consent where a lawful ground under Article 5/2 of the KVKK exists (including legal obligation, contract necessity, legal claims, legitimate interest, data made public by the data subject, and other statutory grounds). Special categories of data are processed only under Article 6 of the KVKK and with adequate measures.
4) Purposes of Processing
Personal data may be processed, limited and proportionate to the purpose, for:
- HR and recruitment processes,
- Customer/potential customer communications and request/complaint management,
- Conducting commercial and operational activities (procurement, finance/accounting, reporting),
- Ensuring legal, technical, and physical security (including IT and premises security),
- Compliance, audit, risk management, and business continuity.
With explicit consent, data may also be processed for marketing/promotional communications and event/campaign communications.
5) Transfers
Your personal data may be transferred domestically and/or abroad in accordance with Articles 8 and 9 of the KVKK, limited to the above purposes and with necessary safeguards, including to suppliers/service providers, financial institutions (where applicable), legally authorized public authorities, and legally authorized private entities (e.g., auditors, law firms). Cross-border transfers are carried out based on an adequacy decision or appropriate safeguards (e.g., standard contractual clauses) or a statutory exception.
6) Retention
Data are retained for statutory periods and/or as required for the purpose of processing, then erased, destroyed, or anonymized. Where necessary, data may be retained only to establish, exercise, or defend legal claims.
7) Your Rights and Applications
You may exercise your rights under Article 11 of the KVKK (access, information, rectification, erasure/destruction, transfer recipient knowledge, objection to solely automated decisions, and compensation claims).
Application channels:
- Address: Üniversiteler, Bilkent 1596. St. No: 8/1, 06800 Çankaya / Ankara
- KEP: plans@hs03.kep.tr (Subject: “KVKK Information Request”)
- E-mail: info@plan.space (Subject: “KVKK Information Request”)
Requests are concluded within 30 days (fees may apply if additional cost arises). If unresolved, you may apply to the Personal Data Protection Board.
