Information to Wholesale Customers
This information (this “Information“) applies to all data processing activities carried out by any TTI entity listed in Annex No. 1 (“TTI“) during the provision of telecommunications services to any of their customers (the “Customer”) (TTI and Customer together referred as the “Parties“, separately: ” Party“).
This Information shall be part of the legal relationship between TTI and the Customer concluded by and between the Parties (” Master Agreement“).
As of May 25th 2018 the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR“) is fully applicable to both Parties. In addition, the Parties are subject to the Directive (EU) 2002/58 of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector (hereinafter ” ePrivacy Directive“) and its national implementation laws. The terms used in this Information shall be interpreted in line with their meaning as per the GDPR and the ePrivacy Directive.
In relation to the Personal Data of contact persons or and any other natural person acting for or on behalf of the Customer and who takes part in the performance of the Master Agreement (” Contact Persons“), TTI shall be considered as data controller, hence responsible for the lawful processing of Personal Data provided by the Customer or obtained in the context of the performance of the Master Agreement.
The Customer undertakes to ensure that this Information is brought to the attention of all Contact Persons and provides them with access thereto.
a) conclusion and performance of duties and tasks stemming from the Master Agreement [Art 6 para (1) letter b) and f) of the GDPR] including:
i. monitoring the performance of the Master Agreement;
ii. related correspondence;
iii. assessment of creditworthiness;
iv. Customer support.
b) performance of legal obligations [Art 6 para (1) letter c) of the GDPR], including:
i. accounting and taxation obligations of TTI;
ii. obligations set out in the relevant telecommunication laws (in particular those laws implementing the ePrivacy Directive);
iii. documentation and retention of data for periods mandated by law (e.g. tax or corporate law).
c) to ensure network security [Art 6 para (1) letter c) of the GDPR];
d) to detect and prevent any abuses [Art 6 para (1) letter f) of the GDPR];
e) direct marketing purposes, during the term of the Master Agreement [Art 6 para (1) letter f) of the GDPR];
f) preparation of analysis, statistics [Art 6 para (1) letter f) of the GDPR];
g) enforcement of claims [Art 6 para (1) letter f) of the GDPR].
2. Processed Personal Data
TTI requires the Customer to provide certain Personal Data necessary for the performance of the Master Agreement and necessary for the purposes listed in Point 1.
In this respect TTI processes inter alia the Personal Data listed in the Master Agreement, including the Personal Data of Contact Persons, as well as other Personal Data related the Customer’s use of TTI’s services.
Apart from the Personal Data mentioned above, TTI may also process certain telecommunications data, including traffic data, of Customer’s end users in the context of providing its telecommunications services. This telecommunications data is processed exclusively for the purpose of providing TTI’s wholesale telecommunications services and strictly in line with applicable sector-specific laws and regulations, in particular with those national laws implementing the ePrivacy Directive. For the sake of completeness, the Parties agree that in relation to the Personal Data of end users the Customer who maintains the contractual relationship with the end users shall be responsible as data controller within the meaning of the GDPR.
3. Data transfer
When performing the Master Agreement and processing Personal Data for the purposes listed in this Information, TTI may transfer Personal Data among others to the following recipients:
a) group companies (as listed in Annex No. 1.);
b) subcontractors (including, but not limited to subcontractors installing equipment, etc.)
c) contracting partners maintaining IT systems, etc.;
d) other contracting parties providing TTI with advisory, consulting, auditing, etc. services.
4. Other data controllers
When performing the Master Agreement other data controllers (” ODC“) may also receive and process Personal Data. The categories of ODCs include, but are not limited to the following:
– entities providing postal or other transport services;
– entities providing payment services;
– entities providing tax, accounting services.
5. Retention of Personal Data
TTI processes Personal Data for the duration of the Master Agreement. Beyond the duration of the contractual relationship with the Customer we may retain Personal Data where required to comply with applicable statutory retention obligations (e.g. under tax, corporate or employment law) or as otherwise necessary in line with the above mentioned processing purposes and legal grounds.
6. Data obtained from third parties
For the conclusion, performance, prolongation, extension, etc. of the Master Agreement we may collect and use Personal Data collected and/ or received among others from:
– publicly available registries (e.g. company registry);
– data published by any statistical authorities;
– data collected and analyzed by professional entities on business conditions (e.g. data related to creditworthiness).
7. Data transfer outside of the EEA
In the context of the performance of the Master Agreement Personal Data may be transferred outside the EEA, in particular to one of our group entities listed in Annex 1. However, in this case TTI ensures that any transfer of Personal Data outside EEA is subject to one of the following conditions:
(i) the transfer is to a country approved by the European Commission as providing adequate protection pursuant to Article 45 GDPR;
(ii) there are appropriate safeguards in place pursuant to Article 46 GDPR;
(iii) one of the derogations for specific situations in Article 49 GDPR applies to the transfer; or
(iv) in compliance with all GDPR requirements for information to and if applicable, consent of the Data Subjects.
8. Rights of Data Subjects
Under the GDPR, and in line with the requirements stipulated therein, the Data Subject has right to:
a) access: the Data Subject has the right to obtain information relating to the processing of his/ her personal data, and to receive copy of the Personal Data processed by TTI;
b) rectification: the Data Subject has the right to demand rectification of his/her Personal Data;
c) erasure: the Data Subject has the right to request erasure of his/ her Personal Data;
d) restriction: the Data Subject may claim restriction of processing of his/ her Personal Data;
e) withdraw of consent: where data processing is based on the Data Subject’s consent, the Data Subject is allowed to withdraw his/
her consent at anytime. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;
f) data portability: to the extent specified in the GDPR, the Data Subject has the right to receive the Personal Data concerning him/her, which he/ she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided;
g) not to be subject to a decision based solely on automated processing : to the extent specified in the GDPR, the Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her;
h) object on grounds relating to the Data Subject’s particular situation, at any time to processing of Personal Data concerning him/ her which is based on Article 6 para (1) letter (e) or (f) of the GDPR, including profiling based on those provisions. Where Personal Data are processed for direct marketing purposes, the Data Subject has the right to object at any time to processing of Personal Data concerning him/ her for such marketing (including profiling to the extent that it is related to such direct marketing). In the latter case the Personal Data shall no longer be processed for direct marketing purposes.
To exercise the above rights Data Subjects may send their request to the address/ availabilities of the relevant TTI company, as listed in Annex No. 1, or to the email address listed thereunder.
When TTI has reasonable doubts concerning the identity of the natural person making the request referred above, TTI may request the provision of additional information necessary to confirm the identity of the Data Subject.
We note that the applicability of these rights depends among others on the right to be exercised, the situation when the Data Subject would like to exercise it and also the purpose of data processing. The Data Subject has also right to lodge a complaint with a supervisory authority, in particular in the Member State of his/ her habitual residence, place of work or place of the alleged infringement, if the Data Subject considers that the processing of Personal Data relating to him/ her infringes the GDPR.
TTI informs in due course, but not later than 3 working days, the Customer regarding Data Subjects’ requests related to the exercise of their rights under Articles 15 – 22 of the GDPR in relation to a processing operation exclusively performed by that Customer. If such a situation occurs, the signaled Customer shall respond directly to the Data Subject within the legal deadline.
9. Further information, contact
In case if you have any further question or request in connection with the above detailed data processing activities of TTI, please contact us through our availabilities listed in Annex No. 1.
Annex No. 1
List of TTI entities and availabilities per country including the representatives and the contact details of the data protection contact person
• Türk Telekom International AT AG (2331
Voesendorf, Ortsstrasse 24 Austria; represented by: Mr. Mehmet Candan
• Türk Telekom International HU Kft. (2040
Budaörs, Edison utca 2., Hungary; represented by: Mr. Mehmet Candan
• EUROWEB ROMANIA S.R.L (Bucharest, 3rd District,
102 Lipscani St., Nouveau Center, building A, 3rd floor, Romania;
represented by: Mr. Nazmi Çağlar Bölük)
• Turk Telekom International BG EOOD (Sofia 1303,
Vazrajdane District, 85-87 Todor Alexandrov Blvd., fl. 2, app. office 2B,
Bulgaria; represented by: Mr. Mehmet Candan Toros)
• Türk Telekom International CZ s.r.o.
(Mistrovská 597/29, Malešice, 108 00 Prague 10, Czech Republic;
represented by: Mr. Mehmet Candan Toros)
• Türk Telekom International SK, s. r. o.
(Haanova 12, 851 04 Bratislava, Slovak Republic; represented by: Mr. Mehmet
• Turk Telekom International S.R.L. (Via Giuseppe
Longhi 1, 20137 Milano, Italy; represented by: Mr. Mehmet Candan Toros)
•Türk Telekom International d.o.o. za telekomunikacije
(Radnička Cesta 80, Zagreb, Croatia; represented by: Mr. Mehmet Candan
• Türk Telekom International, telekomunikacije, d.o.o.
(Železna cesta 8A, 1000 Ljubljana, Slovenia; represented by: Mr.
Mehmet Candan Toros)
• Turk Telekom International MKD DOOEL Skopje (St.
Dimitrije Tucovikj no.22, Skopje; Macedonia; represented by: Mr. Mehmet
• Turk Telekom International RU LLC (20 Daev
Pereulok, office 419, 107045 Moscow, Russia; represented by: Mr. Damir
• Turk Telekom International UA LLC (20-А
Zabolotnogo Akademika Street, 03187 city of Kyiv, Ukraine; represented by:
Mr. Oleksandr Polishchuk)
• Turk Telekom International SRB d.o.o. Beograd
(Belgrade, at Bulevar Zorana Đinđića 64a, Serbia;
represented by: Mr. Mehmet Candan Toros)
•TT International Telekomünikasyon Sanayi ve Ticaret Limited
Şirketi (Yıldızposta Caddesi, Vefa Bayırı Sokak, No:2, Kat:16,
34349 Gayrettepe, İstanbul, Turkey; represented by: Mr. Mehmet Candan
• Turk Telekom International HK Ltd (Level 43 Aia
Tower 183, Electric Rd North Point, Hong Kong; represented by: Mr. Mehmet
Data protection contact person in respect of all above mentioned entities:
Legal and Compliance Director