Privacy Policy
Personal Data Processing and Protection Policy (“CookieSeal”)
1) Scope and Purpose of the Personal Data Protection Policy
- a)Methods and legal bases for the collection of personal data,
- b)The data subject groups whose personal data is processed (Data Subject Categorization),
- c)Categories of personal data prosessed with respect to such data subject groups (Data Categories) and examples of data types,
- d)The business processes and purposes for which the personal data is used,
- e)Technical and administrative measures taken to ensure the security of the personal data,
- f)The persons to and purposes for which the personal data may be transferred,
- g)Personal data retention periods,
- h)The rights of Data Subjects related to their personal data, and the means to exercise such rights,
- i)Sharing of personal data with official authorities.
a) What are the Methods and Legal Bases for Collecting Personal Data?
b) Data Subject Group Categorization
- Client
- Prospective Client
- Online Visitor
- Persons making claims/complaints
c) Data Categories and Examples of Data Types
- Client,· Identification: Name, surname, TR ID Number· Contact Information: mobile phone number, e-mail address, address,
- Financial Information: Tax office, invoice information
- Client/Member Information: Membership information,
- Client/Member Transaction Information: Products purchased and amount,
- Risk Management Information: IP address
- Transaction Security Information: Password information
- Marketing Information: Cookie records, targeting information, assessments showing habits and interests
- Legal Procedure and Compliance Information: Starting and ending date of the service rendered, type of the service used, commercial electronic message consent given electronically by the Data Subject, distance sales agreement and other legal instruments and agreements that enable the user to take advantage of the services that are provided by DT
- Prospective Client
- Identification: Name, surname
- Contact Information: e-mail address, address,
- Risk Management Information: IP address
- Online Visitor
- Legal Procedure Information/Risk Management Information: IP address
- Legal Procedure and Compliance Information: Starting and ending date of the service rendered, type of the service used, quantity of data transferred
- Persons making claims/complaints
- Identification: Name, surname
- Contact Information: e-mail address,
- Transaction Information: Message subject, message contents
d) Business Processes and Purposes For Which The Personal Data Is Used
- The personal data is used for CookieSeal operated by DT;· Processing online visitor data pursuant to the relevant legislation,· Carrying out client transactions,
- Improving the services provided through the platforms, developing new services and providing information on these subjects,
- Under the contractual relationship established, in terms of the client whose commercial electronic message consent was obtained; offering special promotions, opportunities and benefits,
- Under the contractual relationship established, in terms of the client whose commercial electronic message consent was obtained; direct marketing, digital marketing, remarketing, targeting, profiling, promotional and marketing activities based on analyses performed,
- Resolving client issues and complaints,
- Creating client satisfaction, loyalty and engagement,
- Carrying out statistical assessments and market research,
- Determining and implementing DT’s commercial and business strategies,
- Monitoring of accounting and purchasing transactions,
- Compliance with legal procedures and legislation,
- Responding to requests for information by administrative and judicial authorities,
- Planning internal reporting and business development operations,
- Ensuring information and transaction security, preventing malicious use,
- Planning and executing the operational activities necessary to ensure that DT’s operations are conducted as per DT procedures and the policies prepared within the scope of the PDP Law,
- Making the necessary adjustments to ensure that the processed data is up-to-date and accurate
and operations related to all the processess listed above.
e) Technical and Administrative Measures Taken to Ensure Personal Data Security
-
- DT is committed to take all the necessary technical and administrative measures and exercise due diligence in order to ensure the privacy, integrity and security of your personal data. DT takes the necessary measures to prevent unauthorized access to personal data and the misuse, unlawful processing, disclosure, alteration or destruction of personal data. In regards to preventing unlawful access to, unlawful processing of and the protection of the personal data it processes, DT:
- Protects all the domains on the website from which the personal data is obtained with SSL,
- In order to prevent the unlawful processing of the personal data collected from the website; creates and implements access authorization and control matrices for its employees,
- In order to prevent unlawful access to the personal data; carries out regular leak testing and tests the resilience of the system against unauthorized access,
In case the personal data are damaged or acquired by unauthorized third parties as a result of cyber attacks on platforms operated by DT or the DT system despite all the necessary information security measures having been taken by DT, DT immediately informs you and the Personal Data Protection Board and takes the necessary measures.
The Parties to and the Purposes for Which the Personal Data May be Transferred
The client data is also shared with the intermediary service provider of the commercial electronic message in order to carry out promotions, advertising, offer benefits and advantages in relation to the client’s preferences, interests and habits based on their commercial electronic message consent.
The personal data specified above, which are subject to domestic or foreign-based transfers, are also protected legally by provisions in accordance with the PDP Law, included in our agreements, taking into consideration that the opposite side of the legal relationship is the data controller or the data processor; in addition to other technical measures that will ensure their security.
g) Personal Data Retention Periods
Client records | 10 years | Law NR. 6098 |
All records relating to accounting and financial transactions | 10 years | Law NR. 6102 , 213 |
Commercial electronic message consent records | 1 year following the date on which the consent was withdrawn | Law NR. 6563 and 2nd appendix |
Traffic information relating to online visits | 2 years | Law NR. 5651 |
Personal data related to clients | 10 years following the termination of the legal relationship; | Law NR. 6098, 213, 6502 |
You may refer to our Cookie Policy for the retention periods of the personal data we obtain through cookies.
h) The Rights of Data Subjects Related to Their Personal Data and the Means to Exercise Such Rights
- To learn whether his personal data are processed or not,
- To request information if his personal data are processed,
- To learn the purpose of his data processing and whether this data is used for intended purposes,
- To know the third parties to whom his personal data is transferred at home or abroad,
- To request the rectification of the incomplete or inaccurate data, if any,
- To request the erasure or destruction of his personal data under the conditions laid down in article 7 to the PDP Law,
- To request notification of the operations carried out in compliance with subparagraphs (d) and (e) to third parties to whom his personal data has been transferred,
- To object to the processing, exclusively by automatic means, of his personal data, which leads to an unfavourable consequence for the data subject,
- To request compensation for the damage arising from the unlawful processing of his personal data.
Pursuant to article 13 to the PDP Law, you may exercise your rights by sending an e-mail to kisiselverilerim@d-teknoloji.com.tr.
i) Sharing Personal Data with Official Authorities
j) Cookie Use and Management
2) Conditions for the Deletion, Destruction and Anonymization of Personal Data
Deletion of personal data by DT refers to the process of rendering the personal data completely inaccessible or unusable by the relevant users. For this purpose, DT creates and implements an access authorization and control matrix at the user level and takes the necessary measures to carry out the deletion on the database.
Destruction of personal data by DT refers to the process of rendering the personal data completely inaccessible, irretrievable and unusable by any party.
Anonymization of personal data by DT refers to the process where the personal data is rendered so that it cannot be associated with any identified or identifiable natural person even in case the personal data is matched with other data.
DT explains the methods of deletion, destruction and anonymization and the technical and administrative measures it has taken for this purpose under the Personal Data Retention and Destruction Policy prepared pursuant to the Regulation on the Deletion, Destruction or Anonymization of Personal Data in detail. This Policy also defines the time period for the periodic destruction stipulated by the Regulation as 6 months.