PDF

Getir - Global Career Website Privacy Policy

Last Updated: 10.05.2022

Getir Perakende Lojistik A.Ş. (“Getir”) respects your right to privacy. This Privacy Policy explains who we are, how we collect, share and use personal information about you, and how you can exercise your privacy rights. This Privacy Policy only applies to personal information that we collect through our career website at https://career.getir.com (“Website”). 

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Policy.

Quick links

We recommend that you read this Privacy Policy in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Policy, then you can click on the relevant link below to jump to that section.

What does Getir do?

Getir is an on-demand delivery service that offers customers the opportunity to purchase products and have them delivered directly to their door.

If you wish to order our products, please use our App, which is available at App Store and Google Play Store.

Information about the collection of personal information

Personal information is all data that can be related to you personally, e.g., name, address, e-mail addresses, Website transaction records.

If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes.

What personal information does Getir collect and why?

The personal information that we collect about you falls into the following categories:

  • Data that you provide voluntarily

We have embedded our service provider’s  recruiting job board on our Website to collect information as part of our job application procedures. In line with this, we may ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details, such as your first name, last name, email address, phone number, and work experience details to complete your application for a position at Getir.

For personal information that we collect when you use or interact with the above-mentioned job board in our Website, please see our Candidate Privacy Policies.

  • Data that we collect automatically

When you visit the Website, we may collect certain data automatically from your device.  Specifically, we collect your IP address and user transaction records which includes data about how your device has interacted with the Website, including the pages accessed and links clicked.  We may also collect your device type, unique device identification numbers, browser type, broad geographic location (e.g., country or city-level location) and other technical information. 

Global Processing activities & purposesEU - UK (Legal Basis)Turkey (Legal Basis)
Collecting this information enables us to better understand the visitors who come to the Website, where they come from, and what content on the Website is of interest to them.  We use this information for our internal analytics purposes and to improve the quality and relevance of the Website to our visitors.The processing of this data is based on our legitimate interest (Art. 6 (1) (f) GDPR). For further details, please refer to Legal basis for processing personal information (EU – UK visitors) heading below.Personal data processing is mandatory for our legitimate interests (Art. 5/2-f of the Law on the Protection of Personal Data numbered 6698 (“TR Law”))
Turkey specific processing activities & purposes
We are collecting this information to comply with our obligations arising from Law No. 5651 on the Law on the Regulation of Broadcasts via Internet and Prevention of Crimes Committed through Such Broadcasts and its secondary regulations.
Legal Basis
Processing of personal data to fulfill our legal obligations (Art. 5/2-ç of the TR Law)

You can visit this Website and search for jobs without providing personal data. However, our recruitment software provider collects certain information automatically from your device when you interact with our job boards, which will be processed as detailed in Greenhouse Privacy Policy

With whom does Getir share my personal information?

We may disclose your personal information to the following categories of recipients:

  • to our group companies, including but not limited to, Getir Netherlands (Getir Netherlands B.V.), Getir France (Getir France SAS), Getir Germany (Getir Germany GmbH), Getir UK (Getir UK Limited), Getir Italy (Getir Italy S.r.l.), Getir Spain (Getir Spain S.L.) and Getir Portugal (GetirPT Unipessoal Lda) in the interests of the Getir group as a whole (e.g. a group-wide applicant management systems);
  • to our third party services providers and partners who provide data processing services to us (for example, to provide us with applicant tracking and application collection systems and facilitate online servers for the Website), or who otherwise process personal data for purposes that are described in this Privacy Policy or notified to you when we collect your personal data. Categories of our service providers include but not limited to: (i) online server provider: Amazon AWS; and (ii) applicant tracking system provider: Greenhouse. In each case, we have concluded appropriate data processor agreements in line with the applicable data protection laws.
  • to any competent law enforcement body, regulatory, government agency, court or other third party when disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Policy;
  • to any other person with your consent to the disclosure.

Legal basis for processing personal information (EU – UK visitors)

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.  

However, we will collect and process your personal information 

  • pursuant to Art. 6 (1) (f) GDPR where the processing is in our legitimate interests and not overridden by your rights and we do not rely on another legal basis described above, such as improving or personalizing your online experience and our communications with you;

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).  

If we collect and use your personal information in reliance on our legitimate interests, this interest will normally be to operate the Website and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, or improving the Website. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.

How does Getir keep my personal information secure?

We use appropriate technical and organisational measures to protect the personal information that we collect and process about you.  The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Specific measures we or our third-party service providers use include anti-virus software and firewalls, access controls, encryption and detection and prevention software to detect and prevent cyber-attacks. 

International data transfers

As our group companies, third party service providers and partners operate around the world, your personal information will be transferred to a location outside of the EU, United Kingdom, USA or Turkey (as appropriate).

When your personal information is transferred outside the the regions mentioned above, we are required to ensure that it is subject to an equivalent level of protection as it would within the EU, United Kingdom, or Turkey (as appropriate). Therefore, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with applicable data protection law and with this Privacy Policy.   

These include, for example, implementing the Turkish Data Protection Authority’s, Information Commissioner’s Office’s or European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from data subjects residing in the relevant jurisdictions in accordance with the applicable data protection law.

A copy of the Standard Contractual Clauses can be provided on request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.

Data retention

Your personal information will be stored and retained for us in accordance with the applicable laws on data protection, and to the extent necessary for the processing purposes set out under this Privacy Policy or resulting from such laws.

When it is no longer necessary to process your personal information for the purposes for which it is processed, we will either aggregate, delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. 

Notwithstanding the above provisions of this Privacy Policy, we may retain your personal information where such retention is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.

Your data privacy rights (EU, UK, Turkey)

Website visitors from EU & UK
  • Right to information

You have the right to receive information from us at any time, upon request, about the personal information we process that concerns you within the scope of Art. 15 GDPR. To do this, you can send a request by post or email to the addresses below.

  • Right to rectify inaccurate data

You have the right to request that we correct personal information relating to you without delay if it is incorrect. To do so, please contact us at the addresses below.

  • Right to erasure

You have the right, under the conditions described in Art. 17 GDPR, to demand that we delete the personal information relating to you. These conditions provide in particular for the right to erasure if the personal information are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of a duty to erase under Union law or the law of the Member State to which we are subject. For the period of data storage, please also see section “data retention” of this Privacy Policy. To assert your right to deletion, please contact us at the addresses given below.

  • Right to restriction of processing

You have the right to demand that we restrict processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the personal information is disputed between the user and us, for the period of time required to verify the accuracy, as well as in the event that the user requests restricted processing instead of erasure in the case of an existing right to erasure; furthermore, in the event that the data is no longer necessary for the purposes pursued by us, but the user requires it for the assertion, exercise or defence of legal claims, as well as if the successful exercise of an objection is still disputed between us and the user. To exercise your right to restrict processing, please contact us at the addresses below.

  • Right to data portability

You have the right to receive from us the personal information relating to you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR. To exercise your right to data portability, please contact us at the addresses below.

  • Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal information relating to you which is carried out, inter alia, on the basis of Art. 6(1)(e) or (f) GDPR, in accordance with Art. 21 GDPR. We will stop processing your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.

  • Right of complaint

You also have the right to contact the competent supervisory authority in case of complaints. The competent supervisory authorities are (i) Information Commissioner’s Office - ICO (for UK visitors);  and (ii) Autoriteit Persoonsgegevens (for EU visitors).

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Website visitors from Turkey

Article 11 of the TR Law regulates the rights of the data subjects (real persons whose personal data are processed). You may exercise the rights pursuant to Article 11 of the TR Law which are as follows:

  • To be informed on whether your personal data is processed or not,
  • If your personal data has been processed, to request information regarding the same,
  • To be informed on the purpose of processing your personal data and whether it is used in accordance with its purpose,
  • To be informed on the third parties to whom your personal data is transferred in the country or abroad,
  • To request the correction of your personal data if it is incomplete or incorrectly processed,
  • To request the deletion or destruction of your personal data within the scope of the conditions stipulated in Article 7 of the TR Law,
  • If your personal data is deleted or destroyed within the scope of Article 7 of the TR Law and your personal data is incomplete or incorrectly processed, to request the notification of the third parties to whom the personal data has been transferred to,
  • To object to the emergence of a result against you due to the analysis of your personal data exclusively by automated systems,
  • To request compensation of the damage in case you suffer damage due to unlawful processing of your personal data.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.  We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

You can see when this Privacy Policy was initially published by checking the “last updated” date displayed at the top of this Privacy Policy.  

How to contact us

If you have any questions or concerns about our use of your personal information, or you wish to exercise your rights under this Privacy Policy or the applicable law on data protection, please contact us using the following details: (i) privacy@getir.com (for EU, UK and US visitors); and (ii) kisiselveriler@getir.com (for TR visitors).

Who is the controller of the data processing of your personal information?

The data controller of your personal information is Getir Perakende Lojistik A.Ş whose headquarters office is located at Tanburi Ali Efendi Sk. No 13/334 Etiler, Istanbul, Turkey.