Our Policies

Data Controller
OBSS TEKNOLOJİ A.Ş. (“OBSS”), registered in Türkiye, acts as the data controller for personal data submitted via the contact form available on www.obss.tech. 
Registered Address: İstanbul Sanayi Mah. Teknopark Bulvarı No:1/8A Blk.3.Kat 8301 Pendik / İstanbul / Türkiye
E-mail: kisiselveri@obss.com.tr
Phone: +90 216 688 3436

Data Minimization and Collection
Following the “Data Minimization” principle, OBSS only collects the essential information required to establish professional communication:
       Identity & Corporate Info: First Name, Last Name, Company Name, Job Title.
       Contact Info: Email Address, Phone Number.
       Inquiry Content: Information voluntarily shared within the “message” field.

Purpose and Legal Basis
Under Turkish Law (KVKK, Article 5), processing is based on:
    • Necessity for the establishment or performance of a contract,
    • Legitimate interests of OBSS, provided that your fundamental rights and freedoms are not overridden,
For individuals located in the European Economic Area or the United Kingdom, processing is based on:
    • Article 6(1)(b) GDPR / UK GDPR (pre-contractual measures),
    • Article 6(1)(f) GDPR / UK GDPR (legitimate interests)
No consent is required for responding to your inquiry. If OBSS wishes to use your data for marketing communications, separate consent will be requested.

International Data Transfers
As OBSS operates internationally, your personal data may be shared, where necessary, with OBSS group entities located in the United Kingdom strictly for the purpose of handling your inquiry or managing potential business relationships.
Such transfers are carried out in compliance with applicable data protection legislation and subject to appropriate safeguards.
Your data will not be sold or transferred to third parties for marketing purposes.

Data Retention
Personal data submitted via the contact form is retained:
    • For the duration necessary to respond to your inquiry, and
    • For a reasonable period thereafter (generally up to 2 years) in case of potential business follow-up, unless a contractual relationship is established.
Data may be retained longer where required by applicable law or for the establishment, exercise, or defense of legal claims.

Your Rights
Under Article 11 of the KVKK and, where applicable, GDPR / UK GDPR, you have the right to:
    • Request access to your personal data
    • Request correction of inaccurate data
    • Request deletion or restriction of processing
    • Object to processing based on legitimate interests
    • Request data portability (where applicable)
    • Lodge a complaint with the relevant supervisory authority
For requests concerning your personal data, you may contact: kisiselveri@obss.com.tr

Security Measures
OBSS implements appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data in accordance with its Information Security Management System (ISMS).
Access to personal data is restricted on a need-to-know basis.

Marketing Communications
If you choose to opt in, OBSS may send you electronic communications regarding its products, services, events, and industry updates.

Marketing communications are sent only based on your explicit consent, where required by applicable law. You may withdraw your consent at any time by using the unsubscribe link included in each communication or by contacting kisiselveri@obss.com.tr

In order to be a trademark that sets the standard in the field of information technologies with its solutions providing high-quality human resources, simplicity, and independence to our customers, we aim; 

• To prioritize R&D studies that will create our own software architecture and standard; 
• To conform to national and global standards applicable to our products and services; 
• To constantly follow the trends in software technologies and to offer the right software technology to the customer via qualified employees; 
• To ensure that the projects are transparent, measurable, and sustainable and bring in added value for both the employee and the customer; 
• To carry out a high-quality, long-term, and efficient cooperation with the recipients of our services; 
• To create international goals; 
• To protect information assets against any internal or external, intentional or accidental threats in terms of privacy, integrity, and accessibility; 
• To ensure and enforce feasible conditions by continuously auditing the effectiveness of the ISO 9001:2015 Quality management system and by carrying out any required improvements, 
• To create environments that will enhance the knowledge and skills of employees and students studying software; 
• To ensure the creation of an inclusive and pluralistic management approach and to promote leadership and employee participation in all our processes to this end, 
• To become an organization that aims to continuously improve itself via the process approach adopted by its employees on the basis of the principle of “a happy employee, a happy customer. 

As OBSS, we offer services to our customers in the defense, finance, and telecommunications sectors in which information technologies (IT) are used extensively for the most part. Due to the nature of our customers, “Information Security” is paramount for us. For the purposes of this policy, “Information Security” refers to the protection of the privacy, integrity, and availability aspects of OBSS’s information assets. 

This policy covers all units that utilize OBSS’s computing infrastructure; users who access information systems as third parties; and service, software, or hardware providers that provide technical support to information systems. 

In order to maintain its reputation and image, to ensure compliance with the information security criteria contained in contracts with third parties and guarantee the protection of its information assets, and to ensure that basic and supportive business activities are carried out with minimal interruption, OBSS’ management aims to ensure information security for all physical and electronic information assets used in the performance of information services. 

OBSS’ risk management framework covers the identification, evaluation, and processing of information security risks. The risk assessment, feasibility declaration, and risk-processing plan define how information security risks are controlled. The “Information Security Coordination Board” composed of the security officers of the units is responsible for the management and implementation of this plan. The “Security Coordination Board” is also responsible for supporting and maintaining the BGYS infrastructure. 

All employees of OBSS and external parties defined in BGYS are expected to comply with the appropriate ones among these policies and other associated BGYS policies, procedures, processes, and instructions.  
OBSS’ management supports the implementation and control of OBSS Information Security Policies and the enforcement of necessary sanctions for security breaches.