Search

GDPR

PRIVACY POLICY ON PROCESSING AND PROTECTION OF PERSONAL DATA

We, as Brisa Bridgestone Sabancı Lastik Sanayi Ve Ticaret A.Ş. (“ Brisa”, “us” or “Company”), prepared this Privacy Policy on Processing and Protection of Personal Data (“the Policy”) for the purpose of informing individuals whose personal data is processed by our Company pursuant to the Law on the Protection of Personal Data numbered 6698 (“the Law”) and the related secondary legislation.

We care about protection of your personal data and we value the trust you put in us. Therefore, Brisa explains with this Policy the general principles that it follows with respect to processing of personal data while conducting its business activities and operations.

Scope of the Policy

The Policy covers all the natural persons, employees and representatives of legal entities of whom we process personal data such as our customers, business partners, suppliers, dealers and employee candidates. The issues regarding employees’ personal data processing is governed by another policy named Privacy Policy on Processing and Protection of Employees’ Personal Data and this Policy does not include Brisa employees’ personal data processing activities. In addition to this, since information with respect to legal entities are not considered as personal data under the Law, data regarding legal entities does not fall within the scope of this Policy.

Updating of the Policy

Brisa has the right to update the Policy when necessary, by publishing the new version on its website. Therefore, we advise you to check the latest version of the Policy by visiting our website from time to time or to request it from us whenever desired. The latest update date of the Policy that you are currently reviewing may be found on the first page of the Policy.

Definitions

The terms used in this Policy shall have the following meanings:

Explicit Consent: The consent related to a specific subject, which is given freely upon informing,

Data subject : The natural person, whose personal data is processed,

Personal Data: Any information relating to an identified or identifiable natural person,

Personal Data Processing: Any operation which is performed upon personal data such as collection, recording, storage, retention, alteration, re-organization, disclosure, transfer, taking over, making available, classification, or preventing the use thereof, data through fully or partially automatic means or through non-automatic means provided that the processing is a part of any data registry system,

Board: Personal Data Protection Board,

Authority: Personal Data Protection Authority,

Data Processor: Any natural or legal persons who process personal data on behalf of and under the authority given by the data controller,

Data Controller: Any natural and legal person which determines the purposes and means of processing personal data and is responsible for the establishment and management of the data register system.

The terms not defined herein shall be deemed to be used as defined by the Law and the relevant legislation.

Data Controller

In many of the processes regarding your personal data, Brisa acts as the data controller pursuant to the Law. As the data controller, we determine the purposes of your personal data processing and the means for such processing.

In certain personal data processing activities, there may be business partners which we are jointly responsible as data controllers. For instance, in cases where we carry out joint campaigns with our business partner, our business partner may process your personal data as data controller for its own purposes. This Policy informs you about the Brisa’s personal data processing purposes and means; and for you to be informed on the manners of personal data processing of other data controllers, we advise you to review the policies found on their websites.

Purposes of Processing Your Personal Data

Before collecting your personal data or at our first contact upon the receipt of your personal data by us, we will inform you about our purposes and we ask whether you give your explicit consent for such processing when your explicit consent is legally required. We process your personal data for the purposes stated in this Policy.

Your personal data may be processed generally as defined below and for the following purposes:

Your Personal Data Processed Within the Scope of Communications Services

We may process certain data with respect to you through “Communications Services” channels which we established to provide you a better service and for the purposes of enabling you to benefit from our products and services, resolving request/complaint and considering suggestions, providing information and evaluating your applications.

1- Processing of Your Personal Data Through Our Call Centers

When you call the call centers with respect to our brands such as Bridgestone, Lassa, Otopratik, Lastik.com.tr or when we contact you through these channels, your personal data that you shared with us such as name, surname, identity information such as T.R. identity number, contact information such as mobile phone number, e-mail, request/complaint information may be processed.

Your personal data may be processed for the purposes such as conducting firm/product/services loyalty processes, conducting communication activities, conducting customer relations management processes, conducting customer satisfaction activities, management of organization and events, conducting social responsibility and civil society activities, prosecution of legal requests, conducting contractual processes, prosecution of request/complaints, conducting marketing processes of product/services, ensuring information to be accurate and up-to-date and similar purposes.

Processing your personal data for the purposes indicated herein may be based on legal grounds of establishing or performance of an agreement, performing our legal obligations, establishing, exercising or protecting a right or legitimate interest of our Company. In case of lack of at least one of these legal grounds, we sought for your explicit content for processing your personal data.

2- Processing Your Personal Data Through our Websites

Your information such as name, surname, e-mail, mobile phone, address, request/complaint information may be collected and processed through communication forms on the websites of our Company and brands.

On our certain websites, it is asked whether you would like to be informed about our campaigns. If you indicate that you would like to be informed about our campaigns, we may process your identity and contact information provided by you to us for the purpose of informing you about our campaigns, discounts, new products and opportunities. You may withdraw your consent that you gave in order to be informed about the campaigns and the news about us, at any time you desire.

On our certain websites there are sections for live chat. Your personal data such as mobile phone number, request/complaint information may be collected through live chat channels.

Some of your personal data, which you provide in the emails that you send to the info/information email addresses of our Company, may be processed.

On our websites which we use cookies, some of your personal data such as your habit of use, likes, frequency of your visits to website may be collected through the cookies used. For detailed information regarding the type of cookies used and steps to be taken to remove cookies, we suggest you visit the Cookie Policy of the relevant website.

Your personal data collected through our websites for the purposes such as conducting communication activities, planning and conducting request, complaint, information request processes, conducting firm/product/services loyalty processes, conducting communication services, conducting customer relations management processes, conducting customer satisfaction activities and similar purposes and based on legal grounds of establishing or performance of an agreement, performing our legal obligations, establishing, exercising or protecting a right or legitimate interests of our Company.

3- Processing Your Personal Data Through Whatsapp Support Line

Whatsapp support lines were created to provide you support in relation to the products or services that you purchased. When you contact us through these lines, your personal data such as mobile phone number, name, surname, request/complaint information may be processed.

Your personal data collected through Whatsapp support lines may be processed for the purposes of conducting communication activities, planning and exercising request, complaint, information request processes and similar purposes and based on legal grounds of establishing or performance of an agreement, legal obligation, establishing, exercising or protecting a right or legitimate interest of our Company.

4- Processing Your Personal Data through Our Social Media Accounts

Brisa may publish content on social media platforms through “organic” or “paid” means to reach out to current and potential customers.

“Organic means” refers to the publishing social media content on the Brisa’s official account/accounts on the social platforms or the appearance of social media content on your social media feed because you follow Brisa’s social media accounts. For instance, when you follow Brisa’s Instagram account.

“Paid means” refers to the showing social media content generally to the users, who do not follow Brisa’s official account/accounts. For instance, display of ad posts in the Twitter news feed of a user who does not follow Brisa’s account.

In addition to this, when you contact us through our social media accounts such as Twitter, Facebook, Google Plus, Instagram you might share your personal data such as name, surname, username, e-mail address, phone and/or mobile phone number, request/complaint information with us. In that case, such personal data may be processed for the purposes of conducting firm/product/services loyalty processes, conducting communication processes, conducting customer relations management processes, conducting customer satisfaction activities, prosecution of legal requests, conducting contractual processes, planning and/or executing processes for establishing and/or increasing loyalty to product and/or services provided by the Company, prosecution of requests/complaints, ensuring information to be accurate and up-to-date and similar purposes and based on legal grounds of establishing or performance of an agreement, legal obligation, establishing, exercising or protecting a right or legitimate interests of our Company.

However, we would like to remind you with emphasis that Brisa does not have direct access to your personal data on your social media accounts. In addition to this, Brisa is not responsible for personal data processing, personal data protection and data security policies of the stated social media platforms. In order to obtain detailed information as to how these social media platforms use your personal data, we advise you to review the privacy policies on their websites.

Processing Personal Data of Dealer Representative and/or Employees

If you have applied to become a dealer of Brisa, certain information is requested from you in order to evaluate your application. Such application to become a dealer may be made on the websites of Brisa or our brands or directly by method of submission of documents.

Processed personal data of those who applied for dealership and of the dealer representative and employees may differ depending on the process. However generally personal data such as name, surname, address, mobile phone, title, username, log records, process security information such as IP information, instruction and records relating thereto, TRID, information indicated on specimen of signature, instructions and records, education information may be processed. Even though information with respect to legal entities is not considered as personal data, in case our dealers are partnership companies, your personal data such as IBAN number, account number, receivable and debt balance, financial activity information may be processed.

When you reach us on dealer support line, in addition to the personal data indicated under this topic your call center records may be also kept.

Your personal data may be processed based on the legal grounds of establishing or performing an agreement, legal obligation, establishing, exercising or protecting a right and legitimate interests of Brisa for the purposes indicated below:

- Conducting communication activities,

- Maintaining security of Brisa’s operations,

- Following up and/or auditing business operations of dealer employees,

- Planning and performing business operations,

- Prosecution of request/complaints,

- Ensuring information to be accurate and up-to-date,

- Planning and/or performing activities for maintaining business continuity,

- Conducting advertisement/campaign/promotion processes,

- Conducting dealer relations management,

- Conducting product/service manufacturing and operation processes,

- Conducting finance and accounting works,

- Following up and performing legal works,

- Conducting risk management processes,

- Conducting operations in accordance with the legislation,

- Planning and/or performing activities for realizing analysis of effectiveness/efficiency and/or suitability of business activities

- Planning and performing market research activities for sales and marketing processes of products and services,

- Conducting audit/ethic activities,

- Conducting product/services marketing processes,

- Conducting access authorities,

- Conducting storage and archive activities,

- Conducting internal audit/investigation/security intelligence activities,

- Conducting firm/product/services loyalty processes,

- Management of organizations and events,

- Conducting training activities,

- Conducting logistics activities,

- Conducting processes for sales and after sales services of products and services,

- Planning and performing corporate communication activities.

 Processing Personal Data of Sub-Contractor Representative and/or Employees>

In case you are a representative or an employee of a company, which serves as a sub-contractor to Brisa, we may have to process your personal data due to the business relationship and some of our obligations. We may process your personal data generally for the below purposes:

- Conducting communication activities,

- Planning and performing business operations,

- Management of organization and events,

- Informing authorized persons/corporations and institutions,

- Planning and performing manufacturing and/or operation processes,

- Planning and/or performing workplace health and/or security processes,

- Conducting finance and accounting works,

- Prosecution and conduction of legal processes,

- Conducting risk management processes,

- Conducting contractual processes,

- Management of relationship with sub-contractors,

- Planning and/or performing activities for maintaining business continuity,

- Planning human resources processes,

- Conducting internal audit/investigation/intelligence activities,

- Fulfilling obligations arising from legislation for employees of the sub-contractor,

Processing Personal Data of Supplier & Business Partner Representative and/or Employees

We have business partners and suppliers that we enter into business relationship with for the purpose of providing services, providing support to Brisa in relation to certain matters. In that respect, for us to fulfill our mutual obligations under the business relationship, we may have to process some of your personal data due to you being an employee or authorized signatory of such companies. For instance, in order to contact you within the scope of the services received by us, your personal data such as your e-mail address, phone number may be processed. Due to you being a representative or an employee of our suppliers or business partners, we may process your personal data for the purposes of conducting and auditing business activities, conducting communication activities, conducting finance and accounting works, conducting manufacturing & service operation and sales processes, conducting operations in accordance with the legislation and similar purposes and based on the legal grounds of legal obligation, establishing or performing an agreement and legitimate interests of Brisa.

 Processing Visitors’ Personal Data

In case you come as a visitor to the buildings and facilities of Brisa, before entering to the premises or at the time of entry to the premises, some of your personal data may be processed in order to keep visitor records. Processing activities of such personal data is explained below:

1- Processing Your Personal Data Through Keeping Visitor Web Access Records

When you connect to Brisa’s web to access internet as visitor, Brisa is required to record your web access records in its systems electronically and store these for two years.

Within the scope of this obligation, in your web access records, Brisa may record and store your personal data such as start and end time of web usage, IP address, MAC address, websites you visited, log records.

Brisa processes your personal data as indicated for the below purposes or similar purposes:

- Conducting activities in accordance with the legislation,

- Prosecution and conduction of legal processes,

- Informing authorized persons/corporations and institutions,

- Maintaining security of Brisa’s operations, data base and web access,

- Establishing and operating infrastructure of information technologies,

- Planning and performing information security processes.

Your personal data may be processed through keeping visitor web access records based on legal grounds of being explicitly envisaged in the law (Law numbered 5651), legal obligation (Regulation Regarding Web Collective Usage Providers – Official Gazette Date and Number: 11.04.2017, 30035), establishing, exercising or protecting a right (providing you a web access as a visitor).

2- Processing Your Personal Data Through Keeping Video Records

For the purpose of providing security by Brisa, Brisa’s building and facilities are monitored by the surveillance cameras. In that respect, your personal data may be processed through recording of the images of our visitors by the camera surveillance system at the entrance of Brisa’s building and facilities and inside of the facilities.

Your personal data collected through such processing activity may be processed for purposes such as maintaining security of the Brisa’s premises, buildings and/or facilities, keeping visitor records, informing authorized institutions pursuant to the legislation and based on the legal grounds of establishing, exercising or protection of a right, legitimate interests and processing personal data being mandatory in order to fulfill legal obligation of Brisa.

 Processing Your Personal Data in Respect of Job Applications

To join Brisa and to become a part of our team you share certain personal data with us when you apply for a job. In this respect, your personal data is transferred to us through the job application channels in our websites and via the firms which support us during the job application process or through other channels.

Your personal data collected during the job application process, may include, without limitation, your name, surname, address, phone, e-mail, birthday, birth place, educational background, knowledge of foreign language, reference information, information relating to certificate and professional competence, information present in your CV, prior job experience. Together with these, if you disclose to us, your criminal record information and health information may be processed from time to time. Such information may be used for the purpose of evaluating your suitability for the job (for example, whether your health situation suits the relevant position or your criminal record legally preventing you from working at certain jobs).

Your personal data disclosed to us may be processed for the purposes such as the conduction of the recruitment process, evaluation of your suitability for the job, conduction of reference processes, conduction of human resources processes, conduction of application processes of employee candidates and based on the legal grounds like the establishment, exercise or protection of a right, establishment or performance of your employment agreement and legitimate interests of Brisa.

 Principles Complied with in Processing of Personal Data

As Brisa, we take into consideration the below principles in all processes where we process your personal data and we process your personal data in compliance with these principles:

 Compliance with the Law and Good Faith principle

While processing your personal data, we pay attention to act in accordance with our obligations set forth in all legal regulations in effect, especially the legislation on protection of personal data.

Processing of personal data in accordance with good faith principle means the processing of your data for the purposes for which you disclosed your personal data to us, i.e. in a way foreseeable by you.

 Being Accurate and, When Necessary, Up-To-Date

In case your personal data is processed incompletely or incorrectly, you have the right to ask Brisa to correct. In accordance with this principle, our Company always keeps open the channels which procure that the information of the relevant person is correct and up-to-date. You may obtain detailed information in relation to the channels through which you can reach us in the section titled “XI. Your Rights in Respect of Protection of Your Personal Data” of our Policy.

 Processing for Clear, Explicit and Legitimate Purposes

In parallel to the principle of compliance with the Law and good faith principle, Brisa determines for what purposes your personal data will be processed and will inform you on what these purposes are. In this way, our Company aims to procure that our activities or processing of personal data in our Company is comprehensible by you. In addition to this, while determining our purposes for processing of personal data pursuant to the principle of processing for legitimate purpose, we care that such purposes relate to the business we conduct or with the services we provide.

 The Principle of Being Connected with, Limited to and Proportionate to the Purpose for Processing

In its activities of processing of personal data, Brisa observes whether the processed data is suitable to realize the purposes determined by it and pays attention to not processing your personal data which is not related to the realization of the purposes or is not needed. Pursuant to such principles also known as the data minimization principle, our Company obtains from your sufficient data aimed at the realization of the purpose for processing of personal data; so, it does not process your personal data which is not required.

 The Principle of Storage for the Period Stipulated in the Relevant Legislation and Required for the Purpose for Processing

Brisa takes technical and organizational measures to procure the appropriate security level for the purpose of preventing the illegal processing of your personal data, prevention of illegal access to your personal data and providing the storage of your personal data. In this context, Brisa stores your personal data taking into consideration the periods stipulated in the relevant legislation and required for the purpose for processing. After the purpose for processing your personal data ceases to exist, unless there is another legal ground for storing, they are destructed by Brisa.

Legal Grounds for Processing Your Personal Data

Brisa processes your personal data based on one or more reasons stipulated in the Law. In this section of our Policy we aim to inform you on what such legal grounds may be.

Your information relating to race, ethnical origin, political opinion, philosophical belief, religions, sect and other beliefs, dress and appearance, membership in foundation, association or union, health, sexual life/orientation, criminal convictions and security measures and biometric and genetic data are defined as 


 Legal Grounds for the Processing Special Categories of Personal Data

We can process your special categories of personal data based on the below legal grounds:

- All your special categories of personal data excluding health and sexual life/orientation is processed only as explicitly envisaged under the laws. According to this legal ground, if our activity of processing such special categories of data is explicitly envisaged under applicable law, in this case we may process this data based the legal ground of “being explicitly envisaged under the law” without your explicit consent. If the case of being explicitly envisaged under a law is not present, it is asked whether your explicit consent is given for the processing of such personal data.

- We can only process your special categories of personal data in relation to health and sexual life/orientation by persons under the obligation of confidentiality such as a doctor, workplace doctor, pharmacist when one of the purposes of protection of the public health, conduction of medicine, medical diagnosis, treatment and care services, the planning and management of healthcare service and financing is present. If one of these legal grounds is not present, it is asked whether your explicit consent is given for the processing of such personal data.

 Legal Grounds for Processing Your Other Personal Data

We base our process of processing all your personal data other than your special categories of personal data on one or more legal grounds given below:

- Being explicitly envisaged under the laws,

- Factual impossibility,

- Processing of your personal data being required for the established of an agreement between us or for the performance of an agreement between us,

- The activity of data processing being required to fulfill our legal obligations as Brisa,

- Data processing being required for the establishment, exercise or protection of a right,

- Data processing being required for legitimate interests of Brisa,

- Your explicit consent given to us in cases where at least one of the legal grounds mentioned above are not present.

In cases where your explicit consent is not sought for the processing of your personal data, your personal data is processed based on the other legal grounds mentioned above for the purposes specified in this Policy.

In cases where your personal data is processed based on your explicit consent, we would like to remind you that you may withdraw your consent anytime you wish. In such case, your withdrawal of your explicit consent does not affect the compliance with the Law of the data processing activities based on your consent prior to the date of withdrawal.

Storage of Personal Data

Your personal data may be stored i) for the periods stipulated in the legislation in effect (or other periods which legally require us to store longer) or ii) for the period required to provide our services and products to you or iii) for the periods required for the purposes of processing your personal data.

Brisa reviews the storage periods for your personal data at certain intervals. According to these intervals, if there is no other legal ground requiring our processing of your personal data, they are destructed.

If you do not wish us to contact you anymore, for example if you do not wish to receive commercial messages to be informed on our campaigns, we will store a minimal amount of information of yours. Such keeping of minimal information is necessary to prevent us from contacting with you in the future. If you request us to delete all your information but want to use our products or take advantage of our services at a later date, we would like you to note that your request for not communicating with you earlier may not be recognized. Therefore, together with your request to not be able to communicate, your minimum personal data should be kept in order to keep your request in our records.

 Sharing Your Personal Data

We may be required to share your personal data with third parties to provide a service or to deliver a product or to assist us to develop your experience with us or within the scope of the obligations in respect of the relevant agreements or within the scope of legal obligations. With “third parties”, social media agencies, subcontractors, sponsors, business partners, suppliers, legally authorized public institutions, manufacturers are meant. Such third parties may be in the country or abroad. In cases where we share with third parties aboard, we take the required legal actions and ensure the security of your personal data in accordance with the Law.

We regulate our relationships regarding the limited use by the parties which we share your personal data with and regarding data sharing for provision of data security. In processes in relation to sharing your personal data, we usually based on the legal grounds of legal obligation, the establishment, exercise or protection of a right and the legitimate interests of our Company to maintain our business activities. Your explicit consent is asked regarding sharing if these or one of the other legal grounds specified in the Law are not present.

We would like to present below to your attention about some example processes regarding sharing your personal data:

- When you realize a payment transaction over any of our website, for our payment to be made securely, your personal data regarding the payment transaction will be processed by the professional establishment(s) providing payment service. Such payment companies are establishments which have the required security standards and acquired a permit from the Banking Regulation and Supervision Agency. If you have questions regarding the security of your payment transactions, you may contact us at info@brisa.com.tr.

- When we test and present to use a new product or service, we may work with credible business partners and/or suppliers to support our business processes. Within such scope, we may share your personal data with such persons.

- We may share some of your personal data with authorized public institutions within the scope of auditing, investigation activities.

- From time to time we may organize campaigns with other establishments. When you wish to join such campaigns, your personal data may be shared with third parties such as business parties together with which we organize the campaign, media organizations, advertising agencies which promote the campaign within the scope of the consent given by you.

- We may receive professional services from third party service providers to conduct statistical analyses, make surveys for the purpose of supporting our advertisement and content production efforts.

In certain cases, we may work with business partners (such as agencies) to place an advertisement to group of people with specific areas of interest. We may work with third parties to determine people who are interested in our products and services or in certain cases who are interested in the products and services of persons with whom we are business partners.

The subjects in relation to the collection, use, sharing of your personal data by third parties in such manners are explained in their own policies of such third parties. The issues regulated in the policies of third parties may differ from Brisa’s Policy. For this reason, reminding that Brisa is not responsible for the policies of the third parties, we recommend that before you disclose your personal data to third parties, you should ensure that you read and understand the applicable policies of all third parties.

 The Security of Your Personal Data

We value the security of your personal data and as Brisa we implement the required policies and procedures to provide the safe storage of your personal data processed by us. In this context, we limit the persons having access to your personal data and if there are third parties with which we shared your personal data, we regulate our relationships with the necessary instruments to limit the usability and accessibility of your personal data by such parties and to provide the security of your data.

The main organizational and technical measures we have taken for the security of your personal data are as follows:

a) The authority to access the data of the employees who process personal data is limited to the role and responsibility of the employees.

b) The recording and management of the hardware, software and network resources are realized.

c) Extensive data sharing agreements are executed with the third parties who act as data processors or with parties with whom there is intense data sharing.

d) In case the personal data is obtained by others in unlawful means, such case will be notified to the data subjects and to the Board as soon as possible.

e) The employees who process personal data will be briefed for the purpose of their understanding of their duties and responsibilities in relation to the provision of confidentiality. Such briefings will be conducted during the recruitment process and the period of employment.

f) Access control to databases and information systems and authorizations are made, joint users and password applications are not permitted.

g) Anti-virus programs are used to try to prevent security gaps.

h) System updates are conducted at certain intervals for security reasons.

i) Databases and information systems traffic is protected by firewall and anti-attack programs.

j) Exercises are made for the purpose of data backup and recovery; roles and responsibilities are determined.

k) Mobile / portable devices are kept under record, in case of determination of a potential theft or abuse, measures such as remote data deletion are implemented.

l) To provide the continuity of all organizational and technical measures, internal audits are conducted, and personnel is assigned.

 Your Rights in Respect of Protection of Your Personal Data

You have the below rights in respect of your personal data processed by Brisa in the manners explained in the Policy:

1. To learn whether your personal data is processed and if we processed, to obtain information regarding these,

2. To learn the purpose for processing your personal data and whether these are processed in accordance with intended purposes,

3. To learn the third parties, if any, in the country or abroad with which we shared your personal data,

4. In case your personal data is processed incompletely or inaccurately, to request rectification of these and to request the notification of the transactions made in this respect, if any, to third parties which we shared your personal data,

5. Even though we processed your personal data in compliance with the Law and the relevant legislation, to request the deletion or destruction of your personal data in case where the grounds of processing is no longer present and to request the notification of the transactions made in this respect, if any, to third parties which we shared your personal data,

6. To object to occurrence of any unfavorable consequence for you by means of analysis of the processed personal data exclusively through automated systems,

7. If you incurred losses due to the unlawful processing of your personal data, to request the compensation of your loss.

If you wish to use one or more of the rights mentioned above, you can fill in the “Data Subject Application Form” published in our website of www.brisa.com.tr and send it to us in one of the ways provided below:

§ You can send it by post to the address of info @brisa.com.tr .

§ You can send e-mail Burak Nalcıoğlu, who is the Company Contact Person, by way of using your registered electronic mail (REM - KEP) address registered with info@brisa.com.tr, your secure electronic signature, your mobile signature or an electronic mail address previous notified to us.

Brisa will reply to your application as soon as possible and at the latest within 30 (thirty) days.

Certain additional information may be requested from you to determine whether you are authorized to make an application and to reply to your request more quickly. Detailed explanation as to this is present in the Data Subject Application Form.