GATEWAY MANAGEMENT LOGISTIC INC

DISCLOSURE TEXT ON PROTECTION OF PERSONAL DATA

Gateway Management Logistic INC (“Gateway”) diligently processes and stores any and all types pf personal data of all people related to Gateway, including those who make use of our products and services and those who visit our website and social media accounts, in line with the Personal Data Protection Law no. 6698 (“the Law”) and the secondary legislation and regulations enacted or to be enacted thereunder, and the decisions of the Personal Data Protection Board.

We process your personal data subject to the limits set out in the legislation as described below, in our capacity as a “Data Controller” as defined in the Law. Pursuant to the Law, GATEWAY MANAGEMENT LOGISTIC INC with its principal place of business at Hacıahmet Mah. Kurtuluş Deresi Cad. No:29/B Beyoğlu Istanbul and registered with Istanbul Trade Registry under the registration no. 1000647 (MERSIS no: 0103026915800016), is the Data Controller.

What are personal data?

The term “Personal Data” means, as used in the Law, any and all data that may be used to identify you, including name, second name, surname, birth date, nationality, passport no., passport expiry date, Turkish ID no., travel commencement and completion dates, landline phone, mobile phone, e-mail address, and home or office address. Gateway reserves its right to request also other data and information for reasons attributable to the practices and requests by the Ministries, Embassies and Consulates of countries where Gateway provides services. Gateway may also collect, if necessary, personal data of a visa applicant’s spouse and children, including their names, secondary names, surnames and nationalities. It will be the visa applicant who shall be entirely liable in connection with the collection of such personal data of his/her spouse, children and family upon consent.

Purpose of Processing Personal Data

Your personal data may be collected verbally, in writing or electronically by means of automatic or non-automatic methods, through Gateway units and offices, visa application centres, its website, social media platforms, mobile applications and similar means, and may be created, updated and processed as long as you make use of products and services provided by Gateway or you visit our website and social media accounts.

When you call our call centre or use our website or our social media accounts or visit Gateway offices, visa application centres or our website for the purpose of using Gateway services, your personal data may be processed.

Your personal data collected by us may be processed for such purposes and subject to such terms and conditions for personal data processing as defined in Articles 5 and 6 of the Law, in order that our relevant departments can proceed with such works necessary to enable you to make use of the services and products offered by Gateway, and in order to define and implement business and commercial strategies of Gateway and to apply Gateway’s quality standard policies.

Processing and Collecting your Personal Data

In case you apply to Gateway personally or by proxy for the purpose of obtaining a visa for the Republic of Türkiye, Schengen countries and other non-Schengen countries for which we offer services, your personal data shall be processed for the purposes defined in this Disclosure Text.

During the period from the time of your visa application to the delivery of your passport to you or your proxy, your personal data shall be processed by our Visa Application Centres’ employees for the first and foremost purpose of fulfilling our services for you. Thereafter, your personal data shared with the relevant country’s Consulate or Ministries shall be kept by such consulate or relevant Ministry until the finalization of your visa application. As Embassies/ Consulates General of Schengen Countries are representatives of states that are party to EU General Data Protection Regulation (no. 95/46/EC), all your personal data, including your private data, are under the protection of these authorities. Furthermore, your applications to the Republic of Türkiye and non-Schengen countries are also under the protection of the Law.

Gateway shall store your personal data within its internal software in line with the applicable laws and only to the extent and for the term required by legitimate purposes, without exceeding the term defined in the Law, and as described in the paragraph herein titled ‘Duration for Storing Personal Data’.

In case you do not have a travel health insurance and you take out your travel health insurance from Sompo Sigorta INC, our contracted insurer, all of your personal data that may be deemed necessary during the issuance of your travel health insurance policy shall be transferred to the relevant insurer. In case you take photographs for your visa application by using cameras available in Gateway visa application centres, they will be printed out without saving any record thereof. You acknowledge that you give your consent to the processing of your said sensitive data.

If your spouse or next of kin is the holder of an EU passport, passport data of such person shall also be used in and transferred to competent authorities for your visa application. Personal data of the relevant people shall be protected by showing the same care and diligence applied for your data and shall be entitled to all protections and rights afforded by the Law.

Where it is necessary, your fingerprints are taken in Gateway offices and they are considered to be private personal data. Your fingerprints that are required for visa applications to Schengen countries are taken on the basis of international statutory regulations, in order to be stored in the Visa Information System which was launched pursuant to the Visa Information System (VIS) Regulation (EC) no. 767/2008 of 09 July 2008. While your fingerprints are collected at Gateway offices, your private personal data are in no way stored in Gateway systems and are transferred to the information systems of the Consular Office of the relevant country. For the purposes of fingerprint procedures, it is possible that your camera recordings may be obtained while getting your fingerprints as per the varying policies of the countries and this is also performed based on the said regulation above.

After completion of your visa transactions, your passports shall be dispatched to your address by the contracted cargo company in line with your instructions that you may place via our web site or at Gateway offices. Cargo instructions are entirely optional, and in order to ensure the proper performance of cargo services, such data shall be shared with the relevant company pursuant to the Postal Services Act.

https://www.gateway.com.tr/  shall collect, process and safely store your Internet browsing and surfing data in line with its statutory obligation and with the intention of providing you better services and allowing our applicants to make use of all supplementary services that we offer them during the visa process, without using such data for purposes and scope other than the one described in this Disclosure Text on Confidentiality/ Protection of Personal Data.

Your data pertaining to your navigation on the website https://www.gateway.com.tr/ and/or your membership log-in history on the website are traced with the intention of improving and customizing the contents of the website https://www.gateway.com.tr/ or the mobile application for you and/ or for identifying your preferences. You may remove persistent cookies and deny both session cookies and persistent cookies by visiting www.allaboutcookies.org or www.youronlinechoices.eu or following the instructions in the “help” file of your Internet browser. If you reject persistent cookies or session cookies, you may still continue to use the website but you may not have access to all the functions of the website or your access may be restricted. Data provided by our customers who use https://www.gateway.com.tr/ are processed by Gateway Management pursuant to the consent of our customers and in line with the legislation.  Gateway Management Logistic INC shall collect, process, and safely store your navigation data and share them with third parties in order to provide better services to our visitors and to comply with its statutory obligations, without using such data beyond such purpose and scope defined in this Disclosure Text on Protection of Personal Data.

Gateway Management Logistic INC may match such data collected from you over the website at different times or by different methods, such as data collected off-line or on-line, and may use them in combination with data received from other sources such as third parties.

To whom and for what purposes do we transfer the processed personal data?

Your personal data collected by us may be transferred to the relevant countries’ Ministries, Consulates, and their national and foreign departments, our business partners, suppliers, agents, our contracted insurance companies for taking out travel insurance, and to servers of our contracted IT companies providing data security and server hosting services as well as to Gateway’s officers, company shareholders and such legally authorized public agencies and institutions, in line with the personal data processing terms and objectives defined in Articles 8 and 9 of the Law and in order to allow our relevant departments to proceed with the necessary measures to ensure that you make use of the services and products offered by Gateway, and to ensure legal and commercial security of real persons and legal entities which are in business relations with Gateway; to fulfil our financial obligations, to define and implement Gateway’s commercial and business strategies, and to carry out Gateway’s quality standard policies.

Method and Legal Grounds for Collecting Personal Data

Your personal data shall be collected in any verbal, written or electronic environment, in order to offer Gateway’s services and products within the scope of the prescribed legal framework and in line with the purposes referred to above, and accordingly, to ensure that Gateway performs its obligations under the Law and contracts, fully and correctly. Your personal data collected on the basis of such legal grounds may be processed and transferred in line with the personal data processing conditions and purposes set out in Articles 5, 6, 8 and 9 of the Law.

Duration for Storing Personal Data

Gateway’s departments and offices shall store personal data collected via visa application centres, the website, social media platforms, mobile applications and similar methods, either verbally, in writing or electronically, for only such period of time set out in the applicable legislation, or where no time period is set out therein, for as long as required by the purpose of processing such personal data. Such stored data shall be deleted, destroyed or anonymized within minimum 5 days and maximum 30 days, depending on the practice of the relevant Ministry or Consulate, after the purpose for processing them is no longer applicable.

Measures to protect personal data

Gateway is obliged to take all technical and administrative measures that may be necessary to prevent unauthorized access to and loss of personal data, and misuse, disclosure, modification or unauthorized destruction of personal data collected from applicants and all real persons whose personal data are processed by Gateway. Gateway may not be held liable for any losses that data subjects may incur due to force major events, including cyber-attacks, crashing the data recording system, earthquake, flood, fire and similar events or due to significant destruction of its servers, which it cannot foresee or avoid even though it has taken all measures prescribed by the Law for the protection of personal data.

Correct and Up-To-Date Storage of Personal Data

Pursuant to Article 4 of the Law, Gateway is obliged to keep personal data in a correct and current form. You shall be fully liable in case your personal data you will be providing to Gateway via its departments and offices, visa application centres, website, social media platforms, mobile applications and similar tools, either verbally, in writing or electronically, are not correct or current. You may make the necessary modifications and/or updates to your personal data processed by Gateway by submitting an electronic or physical application to Gateway.

Rights of Data Subject under the Law

When you, as the data subject, submit to Gateway your requests in respect of your rights, by using one of the following methods, Gateway shall finalise your request free of charge at the latest within 30 (thirty) days. In case a fee is to be charged as per the Law and the instructions of the Personal Data Protection Board, Gateway shall collect from you such fee set out in the prescribed tariff. Application Form is posted on our website.

As per Article 11 of the Law, the rights of data subjects are as follows:

• To inquire into whether or not their personal data are processed
• If their personal data are processed, to ask information about it;
• To inquire into the purpose of processing of their personal data and whether or not they are used in line with that purpose;
• To inquire into the identity of third parties in Türkiye or abroad to whom their personal data are transferred;
• In case any of their personal data are processed incompletely or erroneously, to demand their correction;
• To demand that personal data be deleted or destroyed in the event that reasons for processing such data are no longer applicable even if such personal data are processed in line with the Law and other applicable legislation, and to ask for information about third parties to whom personal data are transferred for such deletion or destruction process;
• To object to any consequence against the data subject that may be attributable to the analysis of personal data solely by means of automatic systems;
• In case data subject sustains a loss on account of processing of personal data in breach of the Law, to demand that such loss be compensated.

Pursuant to the first paragraph of Article 13 of the Law, you can send your requests regarding your rights above to Gateway in Turkish only, and in writing or by using any other method prescribed or to be prescribed by the Personal Data Protection Board.

Your request supported by your reasons for the right you wish to exercise under article 11 of the Law along with such documents evidencing your identity and a signed copy of the form may be personally delivered by you to Gateway’s address at Hacı Ahmet Mah. Kurtuluş Deresi Cad. No:29 B Beyoğlu Istanbul or may be sent to it via notary public or other methods described in the Law, or you may e-mail the copy of the relevant form bearing secure electronic signature to our KEP (Registered Mail Address) gateway@hs01.kep.tr.

In case a written reply is given to your request, no fee shall be charged for the first 10 (ten) pages, and 1 (one) TL transaction fee may be charged to you per page above 10 (ten) pages, according to the “Communique on the Application Principles and Procedures for Data Controllers”. If your application is replied to by means of CDs, flash discs, etc., a fee equal to the cost of the storage medium may be charged to you.

Amendments to the Disclosure Text on Protection of Personal Data

Gateway reserves its right to amend this disclosure text due to reasons attributable to the Law, other applicable legislation and Board decisions. Amendments to the disclosure text and the current version of the disclosure text shall enter into force immediately upon its publication on Gateway’s website and everyone whose personal data are processed by Gateway, including in particular applicants, is encouraged to periodically review this Disclosure Text.

Gateway Management Logistic INC