General information on Personal Data Protection Law

Personal Data Protection Law no. 6698 (hereon it will be referred as PDPL) was accepted on 24.03.2016 and published in the Official Journal no. 29677 dated 07.04.2016. Some part of PDPL went in effect on the publishing date and the other part went in effect on 07.10.2016.

Information under the name of data controller

According to the PDPL no.6698,  your personal data will be recorded, saved, updated, disclosed / transferred to the 3rd parties for the conditions approved by the regulation and processed identified in PDPL within the frame presented in this page .

Methods of Processing Personal Data

According to PDPL No. 6698, personal data you share with our company may be processed by us using automatic or, provided that it is part of a data recording system, non-automatic methods, through being fully or partially obtained recorded, stored, altered, reorganized, in short, subjected to any operation that is performed on personal data. Any operation performed on data within the scope of PDPL is defined as “processing of personal data.”

Legal reason and purpose of processing your personal data

Personal data you share will be processed,
To fulfill the requirements of the services we provide to our customers, in accordance with the requirements of technology and our contracts, and to improve the products and services we offer,

To record the identity, address and other necessary information to identify the person making the transaction within the scope of Law No. 6563 on the Regulation of Electronic Commerce, Law No. 6502 on Consumer Protection, and, prepared on the basis of those regulations, the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce published in the Official Gazette dated 26.08.2015 and numbered 29457, and the Regulation on Distance Contracts published in the Official Gazette dated 27.11.2014 and numbered 29188, as well as other applicable legislation,

To prepare all records and documents that constitute the basis of payment systems, electronic contracts or paper transactions, which are mandatory in the field of Banking and Electronic Payment, and to comply with the obligations of information storage, reporting and notification stipulated by the legislation and other authorities,

To provide prosecutors, courts and relevant public officials with information on matters of public security and legal disputes, upon request and in accordance with the legislation, in accordance with LPPD No. 6698 and applicable secondary regulations.

Regarding Third Parties or Organizations to Which Personal Data May Be Transferred
For purposes stated above, the personal data that you share with our company can be transferred to; Age Soft being in the first place, the individuals and organizations related to the service provided such as suppliers, shipping companies, and/or the program partner organizations that we cooperate with to carry out our activities and/or receive services in the capacity of Data Controller, domestic/foreign organizations and other third.
Methods of Collecting Personal Data

Information such as name, surname, TR identity number, address, telephone, business or private e-mail address may be collected and processed through forms on our website and mobile applications; preferences, IP records of the transactions performed, cookie data collected by the browser, data on the duration and details of browsing, and location data may be collected on pages you log in with your username and password.
Personal data may be collected and processed in spoken, written or electronic form through our channels such as our sales and marketing department employees, our branches, suppliers, other sales channels, written forms, business cards, digital marketing and call centre.

Personal data shared by individuals with for purposes such as establishing a commercial relationship, applying for a job, and making offers, by sharing business cards, CVs and through other means; in a physical or virtual environment, face-to-face or remotely, verbally, in writing or electronically, may be collected and processed.
Additionally, data obtained indirectly from various channels, (micro) websites used for blogs, contests, surveys, games, campaigns and similar purposes, social media, e-newsletter reading habits or click activity, data from public databases, data from public profiles on social networking sites such as social media platforms may be collected and processed.
Personal Data Collected Prior to the Enactment of PDPL
Personal data collected legally through memberships, consent to receive electronic communications, purchasing products/services or through other means prior to the enactment of PDPL on 7 April 2016, are processed and stored in line with the terms and conditions set out in this document.

Transfer of Personal Data Abroad
Personal data obtained by any of the methods listed above to be processed in Turkey or processed and stored outside Turkey may be transferred to service intermediaries located abroad (countries accredited by the Personal Data Protection Authority and with sufficient measures in place for the protection of personal data) within the scope of PDPL and following the purposes of the contract.

Storage and Protection of Personal Data
As per Article 12 of the PDPL, our company is obliged to prevent the unlawful processing of personal data and to prevent unauthorized access to the systems and databases in which your personal data is stored, and to take soft and physical security measures such as hash, encryption, transaction log, access management in order to protect your personal data. If personal data is obtained by others through unlawful methods, the Personal Data Protection Authority will be notified immediately, following the legal regulations and in writing.

Keeping Personal Data Up-To-Date and Accurate
Pursuant to Article 4 of PDPL, our company is obliged keep your personal data accurate and up-to-date. In this context, for our company to be able to fulfill its obligations arising from the current legislation, our Customers must share their accurate and up-to-date data or to update their data via the website/mobile application.

Rights of Personal Data Subject Pursuant to PDPL No. 6698

Article 11 of PDPL No. 6698 entered into force on 7 October 2016, and the rights of Personal Data Subject under this article as of this date are as follows:
Personal Data Subject has the right to contact our company (Data Controller) and;

Find out whether or not personal data are processed,

Request information if their personal data have been processed,

Find out the purpose of processing personal data and whether they are used appropriately for their purpose,

Be informed of the third parties at home or abroad to whom personal data are transferred,

Request correction of personal data in case of incomplete or incorrect processing,

Request the deletion or destruction of personal data under the conditions specified in Article 7 of the PDPL,

Request that third parties to whom personal data is transferred be notified of the correction, deletion or destruction of personal data,

Object to any results obtained to the detriment of themselves following analysis of the processed data exclusively through automated systems,

Demand compensation in case of loss due to unlawful processing of personal data.