Our Policies

Data Controller
OBSS TEKNOLOJİ A.Ş. (“OBSS”), registered in Türkiye, acts as the data controller for personal data submitted via the contact form available on www.obss.tech. 
Registered Address: İstanbul Sanayi Mah. Teknopark Bulvarı No:1/8A Blk.3.Kat 8301 Pendik / İstanbul / Türkiye
E-mail: kisiselveri@obss.com.tr
Phone: +90 216 688 3436

Data Minimization and Collection
Following the “Data Minimization” principle, OBSS only collects the essential information required to establish professional communication:
       Identity & Corporate Info: First Name, Last Name, Company Name, Job Title.
       Contact Info: Email Address, Phone Number.
       Inquiry Content: Information voluntarily shared within the “message” field.

Purpose and Legal Basis
Under Turkish Law (KVKK, Article 5), processing is based on:
    • Necessity for the establishment or performance of a contract,
    • Legitimate interests of OBSS, provided that your fundamental rights and freedoms are not overridden,
For individuals located in the European Economic Area or the United Kingdom, processing is based on:
    • Article 6(1)(b) GDPR / UK GDPR (pre-contractual measures),
    • Article 6(1)(f) GDPR / UK GDPR (legitimate interests)
No consent is required for responding to your inquiry. If OBSS wishes to use your data for marketing communications, separate consent will be requested.

International Data Transfers
As OBSS operates internationally, your personal data may be shared, where necessary, with OBSS group entities located in the United Kingdom strictly for the purpose of handling your inquiry or managing potential business relationships.
Such transfers are carried out in compliance with applicable data protection legislation and subject to appropriate safeguards.
Your data will not be sold or transferred to third parties for marketing purposes.

Data Retention
Personal data submitted via the contact form is retained:
    • For the duration necessary to respond to your inquiry, and
    • For a reasonable period thereafter (generally up to 2 years) in case of potential business follow-up, unless a contractual relationship is established.
Data may be retained longer where required by applicable law or for the establishment, exercise, or defense of legal claims.

Your Rights
Under Article 11 of the KVKK and, where applicable, GDPR / UK GDPR, you have the right to:
    • Request access to your personal data
    • Request correction of inaccurate data
    • Request deletion or restriction of processing
    • Object to processing based on legitimate interests
    • Request data portability (where applicable)
    • Lodge a complaint with the relevant supervisory authority
For requests concerning your personal data, you may contact: kisiselveri@obss.com.tr

Security Measures
OBSS implements appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data in accordance with its Information Security Management System (ISMS).
Access to personal data is restricted on a need-to-know basis.

Marketing Communications
If you choose to opt in, OBSS may send you electronic communications regarding its products, services, events, and industry updates.

Marketing communications are sent only based on your explicit consent, where required by applicable law. You may withdraw your consent at any time by using the unsubscribe link included in each communication or by contacting kisiselveri@obss.com.tr

In order to be a trademark that sets the standard in the field of information technologies with its solutions providing high-quality human resources, simplicity, and independence to our customers, we aim;

• To prioritize R&D studies that will create our own software architecture and standard;
• To conform to national and global standards applicable to our products and services;
•To constantly follow the trends in software technologies and to offer the right software technology to the customer via qualified employees;
• To ensure that the projects are transparent, measurable, and sustainable and bring in added value for both the employee and the customer;
• To carry out a high-quality, long-term, and efficient cooperation with the recipients of our services;
• To create international goals;
• To protect information assets against any internal or external, intentional or accidental threats in terms of privacy, integrity, and accessibility;
• To integrate measures supporting information security and service continuity into the quality management system by assessing environmental and operational risks arising from climate change,
• To ensure and enforce feasible conditions by continuously auditing the effectiveness of the ISO 9001:2015 Quality management system and by carrying out any required improvements,
• To create environments that will enhance the knowledge and skills of employees and students studying software;
• To ensure the creation of an inclusive and pluralistic management approach and to promote leadership and employee participation in all our processes to this end,
• To become an organization that aims to continuously improve itself via the process approach adopted by its employees on the basis of the principle of “a happy employee, a happy customer”.

As OBSS, we primarily serve clients in the defence, finance, and telecommunications sectors, where information technologies (IT) are intensively used. Due to the nature of our clients, we place the highest priority on Information and Cybersecurity.

Definitions
Information Security: Protecting the confidentiality, integrity, and availability of OBSS’s information assets.
Cybersecurity: Pursuant to relevant cybersecurity legislation and regulations, it refers to all activities aimed at protecting cyberspace systems from attacks, ensuring data security, detecting cyber incidents, deploying response mechanisms, and restoring systems to their pre-incident state.

Scope
This policy covers all OBSS units using our IT infrastructure, third parties accessing our information systems, and all technical service, software, or hardware providers. It encompasses all information systems and IT assets owned or managed by OBSS.

Our Objectives
OBSS management aims to ensure the security of all physical and electronic information assets to:

• Protect our corporate reliability and brand image,
• Comply with cybersecurity criteria in third-party contracts,
• Safeguard our assets and systems against cyber threats,
• Ensure full compliance with relevant cybersecurity laws and legislation,
• Guarantee that our core and supporting business operations continue with minimum interruption.^*

Risk and Incident Management
Our risk management framework covers identifying, assessing, and treating security risks through our risk assessment, statement of applicability, and risk treatment plans.

OBSS ensures that cyber incidents are detected, recorded, reported to authorized institutions when necessary, and effectively managed. The “Information Security Coordination Board”, consisting of unit security officers, is responsible for managing this plan, supporting the ISMS infrastructure, and ensuring the effectiveness of all cybersecurity processes.

Compliance and Continuous Improvement
All OBSS employees and defined external parties must comply with ISMS policies and procedures. Non-compliance may result in sanctions under the OBSS “01.PR-07 Employee Regulation” or relevant confidentiality agreements.

OBSS is committed to continuous improvement within the ISMS framework. We constantly update our technical and administrative measures and closely monitor legislative changes.

As OBSS management, we fully declare and support the effective implementation, monitoring, and enforcement of our Information and Cybersecurity Policies.