Information in the capacity of Data Controller
Maslak Mah. Maslak Meydan Sk. Beybi Giz Plaza A Blok No:1 D:55 34485 Sarıyer / Istanbul, 0295106293700001 Mersis number Dijital İz Reklam ve Yazılım Anonim Şirketi ("DİJİTAL İZ"), we show maximum sensitivity to the security of your personal data. Your personal data are processed and stored in accordance with the Law No. 6698 on the Protection of Personal Data (hereinafter referred to as "KVKK"). KVKK was published in the Official Gazette dated 7 April 2016 and numbered 29677. The relevant law is regulated to protect the fundamental rights and freedoms of natural persons whose personal data are processed, including the privacy of private life, which is also protected by our Constitution and Turkish Criminal Laws, and to determine the obligations of natural and legal persons who process personal data.
The purpose of our policy on the protection and processing of personal data ("KVK Policy") is to establish management instructions and procedural requirements to ensure that Dijital İz processes and protects personal data in accordance with the KVKK.
In accordance with the KVKK, your personal data will be collected and processed by us as the data controller within the scope described below. As Dijital İz, in accordance with the KVKK and in the capacity of Data Controller, your personal data will be recorded, stored, updated, disclosed/transferred to third parties where permitted by the legislation, classified and processed in the ways listed in the KVKK within the framework described on this page.
Definitions
| Open Consent | It refers to the consent on a specific subject, based on information and expressed with free will. |
| Disclosure Obligation | Within the scope of Article 10 of the LPPD, during the acquisition of personal data, the data controller or the person authorised by the data controller is obliged to inform the relevant persons about; the identity of the data controller and its representative, if any, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data may be transferred, the method and legal reason for collecting personal data, their rights under Article 11 of the LPPD. |
| Contact Person | Refers to the natural person whose personal data is processed. |
| Law / KVKK | Law No. 6698 on the Protection of Personal Data. |
| Personal Data | Any information relating to an identified or identifiable natural person. |
| Processing of Personal Data | It refers to all kinds of operations performed on personal data such as obtaining, recording, storing, retaining, modifying, reorganising, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data. |
| Board | Refers to the Personal Data Protection Board. |
| Institution | Refers to the Personal Data Protection Authority. |
| Data Processor | The natural or legal person who processes personal data on behalf of the data controller based on the authorisation granted by the data controller. |
| Data Controller | The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. |
Processing of Personal Data
Pursuant to KVKK, your personal data that you share with Dijital İz can be processed by us by obtaining, recording, storing, storing, changing, rearranging, in short, by any kind of processing performed on the data, in whole or in part, automatically or by non-automatic means, provided that it is part of any data recording system. Within the scope of KVKK, all kinds of operations performed on data are accepted as "processing of personal data".
Dijital İz will be able to collect and process personal data collected through its web pages, events, trainings or portal for the following purposes in general:
- Collect personal information to enable interaction through web pages, events, trainings or portal,
- Providing personalised services to our users,
- To communicate with users and inform them about services and opportunities,
- To perform the services we provide in accordance with the contracts,
- Sending newsletters by electronic mail or making promotions or notifications,
- To make promotions or notifications via SMS,
- Answering incoming calls and responding to your support needs,
- To develop our current and R&D applications and to establish the management process,
- To finalise the complaint in line with your request or in case of complaints on social media or in case of a complaint regarding the services we provide,
- We collect and process your data for various statistical evaluations, database creation and market research without disclosing the identity of the user
4. To whom and for what purpose personal data may be transferred
By accepting the Personal Data Protection Policy, you consent to the collection, storage, processing, use, domestic or international transfer of your personal data, which you have given explicit consent to share with Dijital İz and Dijital İz's domestic and foreign business partners and users of the platform within the scope of Dijital İz applications and services, and to transfer it to third parties with whom we have a contractual relationship, who have the same legal and technical responsibilities as us in terms of data protection and security, and who comply with the provisions of the relevant legislation.
Dijital İz may share your data regarding your website visit or application and traffic information such as your navigation information with public institutions and organisations legally authorised to request this information for your security and for Dijital İz to fulfil its obligations under the law (such as, but not limited to, the fight against crime and the threat of state and public security, where Dijital İz has a legal or administrative obligation to notify or provide information).
5. Method and Legal Grounds for Collecting Personal Data
In accordance with the KVKK, your personal data that you share with Dijital İz can be processed by us by obtaining, recording, storing, storing, modifying, rearranging, in short, subject to any kind of processing performed on the data, in whole or in part, automatically or by non-automatic means provided that it is part of any data recording system. Your personal data may be collected in written/physical or electronic media when you receive services or products from Dijital İz, when you participate in trainings, events, when you use Dijital İz services, when you enter/apply for advertisements or marketing advertisements, when you become a member or register and with cookies.
DATA CATEGORIES | TYPES OF PERSONAL DATA RECEIVED WITHIN THIS SCOPE AND THEIR BASES |
| Credentials | You voluntarily share information such as "Your Name", "Your Surname", "Your Date of Birth", "Your Date of Birth", "Identity" with Dijital İz when you purchase products or services from Dijital İz, register for trainings, events, login/application to advertising or marketing advertisements, become a member or register. Identity information; We process it in order to fulfil our obligations under the legislation, to carry out the necessary operational activities and to interact. |
| Contact Details | You voluntarily share information such as your "Electronic Mail Address", "Address", "Province and District where you live" and "Mobile Phone" with Dijital İz when you purchase products or services from Dijital İz, register for trainings, events, login/application to advertisements or marketing advertisements, become a member or register. Sharing contact information is important for the realisation of communication between Dijital İz and people who receive services, people who participate in trainings or events, and users. |
| Visual and Multimedia Data | You voluntarily share your photographs, multimedia records and images related to your work with Dijital İz when you purchase products or services from Dijital İz, register for trainings, events, login/application to advertisements or marketing advertisements, become a member or register. Sharing visual and multimedia data is important for Dijital İz to communicate with the user. |
| Location and Location Information | You voluntarily share location information such as live location, address, landmarks with Dijital İz when you purchase products or services from Dijital İz, register for trainings, events, login/application to advertisements or marketing advertisements, become a member or register. Sharing this data is for the purpose of identifying users and participants across the country. |
| Information that is not your personal data and that we collect automatically | Through cookies or our other programs and software, we may collect information about your behaviour in the digital environment regarding the number of clicks, the frequency of opening tabs or the topics you are interested in, depending on your use of the site. |
| Device Information | We may collect data (e.g. location information) from the electronic devices you use (computers, laptops, tablets, smartphones, smart TVs, etc.) that may or may not be paired with you. |
| Cookies Information | Cookies are small text files stored on your device or network server by websites you visit on your computer or mobile device. In the cookies on the websites, depending on the type, data about your browsing and usage preferences on the device you visit the site are collected. This data includes many information about the pages you access, the services and products you review, your preferred language option and other preferences. We use many types of cookies to provide a better experience to our users and visitors. In this context; - cookies that are essential and important for the proper functioning of web pages, such as session, load balancing user ID and security cookies, - preference-related cookies such as password, language, location, history, flash and mobile cookies that increase the efficiency of use in line with the preferences of users and visitors, - functional and analytical cookies that collect analytical data and enable information to be obtained about the visit to the website, - targeting and marketing cookies, including advertising, market analysis, targeting, fraud detection, campaign promotion cookies, which are frequently used today, especially for advertising, - We use third-party cookies on our website, which include cookies in the advertisements or plug-ins for another web page that usually appear on sites that receive advertisements on web pages. The user is deemed to have given explicit consent to the use of cookies unless he/she changes these settings. Links to 3rd party websites or mobile applications via Dijital İz We may provide links to 3rd party websites, portals or mobile applications. However, we have no responsibility for the implementation of the privacy policies on these sites or subject to 3rd parties. The privacy policies of 3rd party websites or mobile applications may differ from this Personal Data Protection Policy. |
| Other Information | You voluntarily share the information preferred by the user or visitor, Smatch (automatic matching) information and other similar information with Dijital İz. If you share information or data that you choose to disclose to the public and in a way that other members can access and see, it is considered to be disclosed by you and may be used for statistical, advertising or promotional purposes. We do not have any responsibility in cases where your personal data you disclose is used by third parties or other sites. |
| Customer Transaction | This data category refers to data types such as call centre records, invoice, promissory note, cheque information, information in box office receipts, order information, request information. These data are processed on the grounds that it is directly related to the establishment or performance of a contract, it is mandatory for the data controller to fulfil its legal obligation, it is necessary to process the personal data of the parties to the contract, data processing is mandatory for the establishment, exercise or protection of a right and data processing is mandatory for the legitimate interests of the data controller |
| Marketing | This category of data refers to data types such as shopping history information, surveys, cookie records, information obtained through campaigns. These data are processed on the grounds that it is directly related to the establishment or performance of a contract, it is mandatory for the data controller to fulfil its legal obligation, it is necessary to process the personal data of the parties to the contract, data processing is mandatory for the establishment, exercise or protection of a right, and data processing is mandatory for the legitimate interests of the data controller. |
6. Personal Data Storage and Destruction Policy
6.1. Purpose
Dijital İz undertakes to comply with the KVKK, relevant regulations and other personal data protection, processing and destruction regulations. Dijital İz wishes to inform the relevant persons about the deletion, destruction or anonymisation of personal data within the scope of Article 7 of the KVKK and the regulation on the deletion, destruction or anonymisation of personal data dated 28 October 2017 and numbered 30224.
6.2. Definitions
Destruction: Deletion, destruction or anonymisation of personal data.
Recording Media: All kinds of media containing personal data that are fully or partially automated or processed by non-automated means, provided that they are part of any data recording system.
Anonymisation of Personal Data: Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data.
Deletion of Personal Data: Deletion of personal data; making personal data inaccessible and non-reusable in any way for the Relevant Users.
Destruction of Personal Data: The process of making personal data inaccessible, irretrievable and non-reusable by anyone in any way.
Periodic Disposal: In the event that all of the conditions for processing personal data specified in the Law disappear, the deletion, destruction or anonymisation process to be carried out ex officio at recurring intervals specified in the personal data storage and destruction policy.
6.3. Scope and Recording Media
Your personal data are stored for the retention periods specified in the relevant legal regulations, for the period required by the purposes of processing if no period is specified in the relevant legal regulations, personal data obtained during the process of registering with Dijital İz or benefiting from Dijital İz's services are stored within the scope of our personal data inventory and the obligations specified in the KVKK legislation, and then deleted, destroyed or anonymised in accordance with the KVKK.
Our recording media for personal data are as follows.
| Electronic Media | Non-Electronic Media |
Servers (Domain, backup, e-mail, database, web, file sharing, etc.)
|
|
6.4. Legal and Technical Basis for Storing Personal Data
Dijital İz retains the personal data it processes in accordance with Article 7 of the KVKK and Article 138 of the Turkish Penal Code only for the period stipulated in the relevant legislation or for the period required by the purpose of personal data processing if no period is stipulated in the legislation. If the purpose of processing personal data has expired or the retention periods have expired, personal data may be retained only to the extent deemed necessary and required by the possible law.
Personal data processed in accordance with the provisions of the KVKK and other relevant laws must be deleted, destroyed or anonymised by Dijital İz ex officio or upon the request of the person concerned, in such a way that these data cannot be used and recovered in any way, if the reasons requiring their processing disappear. The procedures and principles regarding the destruction or anonymisation of personal data in accordance with the law shall be carried out in accordance with the principles and rules specified in the regulation.
6.5. Retention and Destruction Periods of Personal Data
| Records | Duration | Basis |
| Records related to membership and sales | 10 years | Law No. 6698 |
| All records relating to accounting and financial transactions | 10 years | Law No. 6102, Law No. 213 |
| Cookies | Maximum 540 days | EU Cookie Law |
| Commercial electronic message approval records | 3 years from the date of withdrawal of approval | Law No. 6563 and related secondary legislation |
| Traffic information on online visitors | 2 years | Law No. 5651 |
| Personal data relating to the Digital Trace | 10 years after the termination of the legal relationship | Law No. 6102, Law No. 6098 and Law No. 213 |
7. Technical and Administrative Measures Regarding Personal Data
Pursuant to Article 12 of the KVKK, Dijital İz's obligations regarding data security as the data controller;
- Your personal data;
- To prevent unlawful processing,
- To prevent unlawful access,
- To take all kinds of technical and administrative measures to ensure its preservation,
- To carry out or have carried out the necessary audits within its organisation.
Dijital İz pays attention to data processing and tax security in accordance with the above obligations. Dijital İz takes necessary measures to ensure that its employees do not share personal data with third parties and notifies the relevant person and the Board in case of any contrary situation.
On Digital Trail;
- Network security and application security are provided.
- Closed system network is used for personal data transfers through the network.
- Key management is applied.
- Security measures are taken within the scope of procurement, development and maintenance of information technology systems.
- The security of personal data stored in the cloud is ensured.
- Disciplinary regulations with data security provisions are in place for employees.
- Training and awareness raising activities on data security are carried out at regular intervals for employees.
- An authorisation matrix has been created for employees.
- Access logs are kept regularly.
- Corporate policies on access, information security, use, storage and disposal have been prepared and started to be implemented.
- Data masking measures are applied when necessary.
- Confidentiality commitments are made.
- The authorisation of employees who change their duties or leave their jobs in this area is cancelled.
- Up-to-date anti-virus systems are used.
- Firewalls are used.
- The signed contracts contain data security provisions.
- Extra security measures are taken for personal data transferred via paper and the relevant document is sent in confidential document format.
- Personal data security policies and procedures have been determined.
- Personal data security issues are reported quickly.
- Personal data security is monitored.
- Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
- Physical environments containing personal data are secured against external risks (fire, flood, etc.).
- The security of environments containing personal data is ensured.
- Personal data is minimised as far as possible.
- Personal data is backed up and the security of backed up personal data is also ensured.
- User account management and authorisation control system are implemented and these are also monitored.
- In-house periodic and/or random audits are carried out and carried out.
- Log records are kept without user intervention.
- Existing risks and threats have been identified.
- Protocols and procedures for the security of special categories of personal data have been determined and implemented.
- If sensitive personal data is to be sent via electronic mail, it is sent encrypted and using KEP or corporate mail account.
- Secure encryption / cryptographic keys are used for sensitive personal data and managed by different units.
- Intrusion detection and prevention systems are used.
- Penetration test is applied.
- Cyber security measures have been taken and their implementation is constantly monitored.
- Encryption is performed.
- Sensitive personal data transferred in portable memory, CD, DVD media are transferred by encrypting the data.
- Data processing service providers are periodically audited on data security.
- Awareness of data processing service providers on data security is ensured.
- Data loss prevention software is used.
Dijital İz takes all technical and administrative measures specified in the law, board decisions and guidelines to prevent unlawful access to personal data, and all technical and administrative measures regarding cyber-attacks on personal data of third parties. Dijital İz audits the security of the data inventory created in accordance with the legislation, system and software security and reports to the person authorised in this regard or to the board if requested, and ensures that personal data is protected as stipulated in the legislation.
8. Rights of the Relevant Person
Article 11 of the KVKK No. 6698 entered into force on 07 October 2016 and in accordance with the relevant article, the rights of the Data Subject after this date are as follows:
The Relevant Person may apply to the Digital Trace;
- To learn whether personal data is being processed,
- Request information if personal data has been processed,
- To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
- To know the third parties to whom personal data are transferred domestically or abroad,
- To request correction of personal data in case of incomplete or incorrect processing,
- To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK,
- In case of correction, deletion or destruction of personal data, to request that these transactions be notified to third parties to whom personal data are transferred,
- To object to the emergence of a result to the detriment of the person himself/herself by analysing the processed data exclusively through automated systems,
- In case of damage due to unlawful processing of personal data, it has the right to demand compensation for the damage.
9. Application to the Data Controller and Application Method
Maslak Mah. which operates in compliance with the KVKK in the capacity of data controller. Maslak Meydan Sk. Beybi Giz Plaza A Blok No:1 D:55 34485 Sarıyer / Istanbul with Mersis number 0295106293700001 Dijital İz Reklam ve Yazılım Anonim Şirketi ("DİJİTAL İZ") respects the rights of you, our valuable data owners, and tries to help you fulfil your requests in your application. The right to apply to our company with this form prepared in accordance with Article 11 of the KVKK belongs directly to the personal data owner. For applications to be made on behalf of third parties, a power of attorney suitable for representing the relevant person must be present.
Pursuant to the first paragraph of Article 13 of the KVKK; applications to be made to our company, which is the data controller, regarding these rights must be submitted to us in writing or by other methods determined by the Personal Data Protection Board ("Board").
We will respond to your application within 30 (thirty) days at the latest after you fill out and sign the KVK application form ("KVK Application Form") in Dijital İz completely and clearly and send it to our address below by hand or by registered mail with return receipt requested, applications to be made regarding these rights must be submitted in writing via this Personal Data Owner Application Form or other methods determined by the Personal Data Protection Board ("Board").
In this context, applications to be made to our company "in writing" shall be made by printing out this form;
- By personal application of the applicant,
- Through a notary,
- It can be signed by the applicant with the "secure electronic signature" defined in the Electronic Signature Law No. 5070 and sent to the registered e-mail address of our Company.
Company Information
Trade Name : DIGITAL IZ ADVERTISING AND SOFTWARE JOINT STOCK COMPANY
Address : Maslak Mah. Maslak Meydan Sk. Beybi Giz Plaza A Blok No:1 D:55 34485 Sarıyer / Istanbul
Mersis No : 0295106293700001
Cap Address :
Mail Address : info@dijitaliz.com.tr
Web Page : dijitaliz.com.tr
Telephone : 0 850 346 70 53
10. Enforcement
This Policy enters into force on the date of its publication and remains in force until it is removed from the website. Our Website Personal Data Protection and Data Policy is dated 01.01.2021. In case all or certain articles of the Policy are renewed, the effective date of the Policy will be updated.