Privacy Notice For Customers and Authorized Representatives Of Legal Entities
In this Privacy Notice, the principles regarding the processing of your personal data by Sabancı Digital Technology Services Inc. ("SabancıDx" and/or "Company"), located at "Küçük Çamlıca Mahallesi, Kısıklı Caddesi, No. 56, Üsküdar/Istanbul/Turkey" in accordance with the Law No. 6698 on the Protection of Personal Data ("Law") and related legislation are stated below.
1. Purpose of the Processing of Personal Data
The personal data of our customers’ representatives, authorized persons and employees such as the identity details including name, surname, telephone number, e-mail, and title, professional experience and contact details are processed in order to establish, maintain and follow up our commercial relations, conduct management activities, inform authorized individuals, organizations and institutions, follow up complaints and requests, manage the sales processes, take and evaluate suggestions for the improvement of business processes, conduct communication activities, conduct finance and accounting works, follow up and conduct legal works, ensure business continuity, conduct aftersales support services, conduct customer relations management processes and conduct customer satisfaction activities.
Identity information such as their names, surnames, telephone numbers, e-mails and titles, professional experience and contact details of our potential customers' representatives, authorized people and employees are processed to contact before sales, for the and to ensure the communication activities and business continuity conducted for meeting organization and establishment of commercial relation.
Identity information such as their names, surnames, telephone numbers, e-mails and titles, professional experience and contact details of our potential customers' representatives, authorized people and employees are processed to contact before sales, for the and to ensure the communication activities and business continuity conducted for meeting organization and establishment of commercial relation.
2. Places Where Processed Personal Data Are Transferred and Purpose of Transfer
The purpose of processing personal data aligns with the purpose of data transfer. Our Company may transfer the collected personal data to institutions and organizations with which it collaborates, business partners, and suppliers, as well as anonymized personal data to Hacı Ömer Sabancı Holding A.Ş., group companies for necessary supervision and reporting purposes. Additionally, upon request, personal data may be transferred to official authorities and public authorities and may be transferred abroad for the purpose of utilizing cloud computing technologies. In case a commercial electronic message is sent to the authorized recipient, the contact details are transferred to İleti Yönetim Sistemi A.Ş. in accordance with legal obligations. Our Company acts in compliance with Articles 8 and 9 of the Law during the process of transferring your personal data and takes all necessary technical and administrative measures to protect your data as required.
3. Method of Collecting Personal Data and the Legal Reason
The personal data of customers, potential customers, representatives, authorities, employees our real person customers and potential customers are collected with the forms completed by them, the business cards obtained during meetings, through the platforms which enable professional communication and by physical or electronic communication means.
Your personal data are processed in accordance with Article 5/2 (c) of the Law, with the legal requirement of processing your personal data further to the establishment and performance of commercial relation through a contract. Besides, if a commercial electronic message is sent, data processing activity is also carried out with the title of service provider due to the legal liabilities arising from the Regulation on Commercial Communication and Commercial Electronic Messages.
Your personal data are processed in accordance with Article 5/2 (c) of the Law, with the legal requirement of processing your personal data further to the establishment and performance of commercial relation through a contract. Besides, if a commercial electronic message is sent, data processing activity is also carried out with the title of service provider due to the legal liabilities arising from the Regulation on Commercial Communication and Commercial Electronic Messages.
4. Methods of Application to the Data Controller and Your Rights
In accordance with Article 11 of the Law, you have the right to: a) learn whether your personal data is being processed or not, b) If your personal data is being processed, request information regarding such processing, c) learn the purpose of the processing and whether it is being used in accordance with its purpose, d) learn the recipients to whom your personal data has been transferred domestically or abroad, e) request correction of your personal data if it is incomplete or inaccurate, f) request the deletion or destruction of your personal data within the framework of the conditions stipulated in Article 7 of the Law, g) request notification of the operations carried out to third parties to whom your personal data has been transferred, pursuant to paragraphs (e) and (f) above, h) object to the occurrence of a result against you by analyzing your personal data exclusively through automated systems, i) demand compensation for damages in case you suffer any damages due to unlawful processing.
You can submit your requests for information and application regarding the rights to our Company by filling out the “Data Subject Application Form”. You can send your requests to the address "Küçük Çamlıca Mahallesi, Kısıklı Caddesi, No. 56, Üsküdar/Istanbul/Turkey" or via email to sabancidijital.kvk@sabancidijital.hs03.kep.tr . We will ensure that your requests are appropriately addressed and processed in accordance with the relevant regulations and legal requirements.
Our company will conclude your requests, depending on the nature of the request, as soon as possible and no later than thirty days, with the first request being free of charge. However, in subsequent requests related to the same subject matter or if the processing of the initial request requires additional costs, a fee may be charged. Our company reserves the right to accept or reject the request and may provide an explanation for the rejection in writing.
If the application, conducted following the aforementioned procedure, is rejected, the response is deemed insufficient, or if there is no response within the specified period after the notification of the response, you have the right to lodge a complaint with the Personal Data Protection Board ("Board") within sixty days at the latest from the date of application, following the notification of the response. However, the complaint cannot be lodged before exhausting the application process.
The Board conducts necessary examinations in cases where a complaint is lodged or upon learning of an alleged violation falling within its jurisdiction. Upon receiving a complaint, the Board examines the request and provides a response to the relevant parties. If no response is provided within sixty days from the date of the complaint, the request is considered rejected. Following an examination conducted either upon complaint or ex officio, if the existence of a violation is determined, the Board decides on the measures to be taken by the data controller to remedy the identified breaches of the law and notifies the parties concerned. This decision must be implemented without delay and at the latest within thirty days from the date of notification. In cases where it is evident that irreparable harm may occur or there is a clear violation of the law, the Board may decide to halt the processing of data or the transfer of data abroad.
We would like to express our gratitude for the trust you place in us and assure you that your data is meticulously protected within our company. Thank you for your confidence.
You can submit your requests for information and application regarding the rights to our Company by filling out the “Data Subject Application Form”. You can send your requests to the address "Küçük Çamlıca Mahallesi, Kısıklı Caddesi, No. 56, Üsküdar/Istanbul/Turkey" or via email to sabancidijital.kvk@sabancidijital.hs03.kep.tr . We will ensure that your requests are appropriately addressed and processed in accordance with the relevant regulations and legal requirements.
Our company will conclude your requests, depending on the nature of the request, as soon as possible and no later than thirty days, with the first request being free of charge. However, in subsequent requests related to the same subject matter or if the processing of the initial request requires additional costs, a fee may be charged. Our company reserves the right to accept or reject the request and may provide an explanation for the rejection in writing.
If the application, conducted following the aforementioned procedure, is rejected, the response is deemed insufficient, or if there is no response within the specified period after the notification of the response, you have the right to lodge a complaint with the Personal Data Protection Board ("Board") within sixty days at the latest from the date of application, following the notification of the response. However, the complaint cannot be lodged before exhausting the application process.
The Board conducts necessary examinations in cases where a complaint is lodged or upon learning of an alleged violation falling within its jurisdiction. Upon receiving a complaint, the Board examines the request and provides a response to the relevant parties. If no response is provided within sixty days from the date of the complaint, the request is considered rejected. Following an examination conducted either upon complaint or ex officio, if the existence of a violation is determined, the Board decides on the measures to be taken by the data controller to remedy the identified breaches of the law and notifies the parties concerned. This decision must be implemented without delay and at the latest within thirty days from the date of notification. In cases where it is evident that irreparable harm may occur or there is a clear violation of the law, the Board may decide to halt the processing of data or the transfer of data abroad.
We would like to express our gratitude for the trust you place in us and assure you that your data is meticulously protected within our company. Thank you for your confidence.
