1
CONTENTS
TABLE OF CONTENTS 1
PERSONAL DATA PROTECTION POLICY 3
I. DEFINITIONS 3
II. PURPOSE OF THE POLICY 4
III. ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA 4
1. Ensuring the Security of Personal Data __________________________________________________ 4
2. Protection of Sensitive Personal Data ____________________________________________________ 4
3. Increasing the Awareness and Supervision of Business Units on the Protection and Processing of
Personal Data ____________________________________________________________________________ 4
IV. BASIC PRINCIPLES IN THE PROCESSING OF PERSONAL DATA 5
V. CONDITIONS FOR PROCESSING PERSONAL DATA 6
VI. IDENTIFICATION OF PERSONAL DATA OWNERS 7
VII. CATEGORİZATİON OF PERSONAL DATA 7
VIII. ACQUISITION AND PROCESSING OF PERSONAL DATA 8
1. Purposes and Legal Reason for Processing Personal Data of Employees _______________________ 8
2. Purposes and Legal Reason for Processing Personal Data of Shareholders/Partners _____________ 9
3. Purposes and Legal Reason for Processing Personal Data of Employee Candidates _____________ 10
4. Purposes and Legal Reason for Processing Personal Data of Potential Real Person Customer/
Costumer’s Employee and Authorized Person ___________________________________________ 11
5. Purposes and Legal Reason for Processing Personal Data of Real Person Customer/ Costumer’s
Employee and Authorized Person _ 11
6. Purposes and Legal Reason for Processing Personal Data of Potential Business Partners
Shareholder/Employee and Authorized Person ___________________________________________ 12
7. Purposes and Legal Reason for Processing Personal Data of Business Partners Shareholder/Employee
and Authorized Person 13
8. Purposes and Legal Reason for Processing Personal Data of Third Party Visitors 13
IX. ACQUISITION AND PROCESSING OF SENSITIVE PERSONAL DATA 13
2
X. TRANSFER OF PERSONAL DATA 13
XI. SECURITY OF PERSONAL DATA 14
1. Technical Measures _________________________________________________________________ 14
2. Administrative Measures _____________________________________________________________ 15
XII. RIGHTS OF PERSONAL DATA OWNERS ON THEIR PERSONAL DATA AND
EXERCISE OF RIGHTS 15
XIII. ACCURATE AND UP-TO-DATE RETENTION OF PERSONAL DATA _ 16
XIV. PERSONAL DATA RETENTION PERIOD 16
XV. DELETION, DESTRUCTION OR ANONYMIZATION OF PERSONAL DATA 17
XVI. CHANGES AND UPDATES TO THE POLICY 17
3
PERSONAL DATA PROTECTION POLICY
This policy explains the principles of USERSDOT TECHNOLOGY AND CONSULTANCY
INC. (hereinafter referred to as the “Usersdot” or "Company") regarding the processing of
personal data that are required to be known by Personal Data Owners.
I. DEFINITIONS
Data Controller
Data Controller refers to the natural or legal person who
determines the purposes and means of processing personal data,
and who is responsible for establishing and managing the data
recording system.
The Company
The data controller refers to Usersdot Technology and
Consultancy Inc.
Data Subject/Concerned
Individual
The data subject is the individual whose personal data is being
processed.
Data Processor
The natural or legal person who processes personal data on behalf
of the data controller, based on the authority granted by the data
controller.
Personal Data
It refers to any kind of information relating to an identified or
identifiable natural person.
Sensitive Personal Data
It refers to data regarding individuals' race, ethnic origin, political
opinions, philosophical beliefs, religion, sect or other beliefs,
attire, association, foundation or union membership, health,
sexual life, criminal record, and security measures, as well as
biometric and genetic data.
Processing of Personal
Data
It encompasses all kinds of processes carried out on data, whether
fully or partially, by automatic or non-automatic means, including
obtaining, recording, storing, preserving, altering, rearranging,
disclosing, transferring, taking over, making data accessible,
classifying, or preventing the use of data.
KVKK
It refers to the Law on the Protection of Personal Data No. 6698.
Board
It refers to the Personal Data Protection Board.
Authority
It refers to the Personal Data Protection Authority.
Data Registry System
It refers to the record system where personal data is processed in
a structured manner according to specific criteria.
Record System
Any environment containing personal data that is processed either
wholly or partly by automatic means or by non-automatic means
as part of a data recording system.
Electronic Environment
The environments in which personal data can be created, read,
modified, and written using electronic devices.
Non-electronic
environment
It refers to all written, printed, visual, and other formats that exist
outside of electronic environments.
4
Explicit Consent
It expresses consent based on information provided on a specific
subject and declared with free will.
Anonymization of
Personal Data
Anonymization of personal data refers to rendering it in a way that
it can no longer be associated with an identified or identifiable
individual, even when combined with other data.
II. PURPOSE OF THE POLICY
The main purpose of this Policy is to make explanations about the systems for the processing and
protection of personal data in accordance with the Personal Data Protection Law and the relevant
legislation, and in this context, to inform the Personal Data Owners (Relevant Person) whose
personal data are processed by the company, especially but not limited to those categorized in
detail below.
In this way, it is aimed that Personal Data Owners are aware of the company policy, protect all
their rights arising from the legislation regarding Personal Data and use them effectively.
III. ISSUES RELATED TO THE PROTECTION OF PERSONAL DATA
1. Ensuring the Security of Personal Data
In accordance with Article 12 of the Law, our company takes the necessary measures according
to the nature of the data to be protected in order to prevent the unlawful disclosure, access, transfer
of personal data or security deficiencies that may occur in other ways. In this context, our
Company takes administrative measures to ensure the necessary level of security in accordance
with the guidelines published by the Personal Data Protection Board ("Board"), conducts or has
audits carried out.
2. Protection of Sensitive Personal Data
With the law, special importance has been attached to some personal data due to the risk of
causing victimization or discrimination when processed unlawfully. These data; race, ethnicity,
political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress,
association, foundation or union membership, health, sexual life, criminal conviction and security
measures, and biometric and genetic data. Special measures are taken and sensitive are taken by
the Company in the protection of sensitive personal data processed in accordance with the law,
which is determined as "special quality" by the Law and is considered sensitive without being
limited to this. In this context, the technical and administrative measures taken by the Company
for the protection of personal data are carefully implemented in terms of sensitive personal data
and necessary audits are provided.
3. Work Units of Personal Data Protection and Processing Raising Awareness and
Supervision
The data controller ensures that the necessary trainings are organized for the business units in order to raise
5
awareness to prevent the unlawful processing of personal data, unlawful access to personal data and to ensure
the protection of personal data. Necessary systems are established to raise awareness of company employees
on the protection of personal data, and work with consultants if needed. Accordingly, our Company evaluates
the participation in relevant trainings, seminars and information sessions and updates and renews its trainings
in parallel with the update of the relevant legislation.
IV. BASIC PRINCIPLES IN THE PROCESSING OF PERSONAL DATA
The following basic principles are adopted by the Company within the scope of ensuring and
maintaining compliance with the legislation on the protection of personal data:
(1) Processing personal data in accordance with the law and good faith
The Company carries out personal data processing activities in accordance with the law and the
rule of good faith, in accordance with the legislation on the protection of personal data, especially
the Constitution of the Republic of Turkey.
(2) Ensuring the accuracy and up-to-dateness of the processed personal data
While the processing of personal data is carried out by the Company, all necessary administrative
and technical measures are taken to ensure the accuracy and up-to-dateness of personal data within
the scope of technical possibilities.
In this context, our company has established mechanisms to correct and verify the accuracy of
personal data owners in case their personal data is incorrect.
(3) Processing of personal data for specific, explicit and legitimate purposes
The processing of personal data by the Company is carried out within the scope of clear and lawful
purposes determined before the personal data processing activity begins.
(4) Processing personal data in a purpose-related, limited and measured manner
Personal data is processed by the Company in connection with the data processing conditions and
to the extent necessary for the performance of these services. In this context, the purpose of
personal data processing is determined before the personal data processing activity is started, and
data processing activities are not carried out with the assumption that it can be used in the future.
(5) To keep personal data for the period stipulated in the relevant legislation or required
for the purpose for which they are processed
The Company retains personal data for the period stipulated in the relevant legislation or required by the
purpose of data processing. Accordingly, personal data is deleted, destroyed or anonymized by the company
in the event of the expiry of the period stipulated in the legislation, the request of the personal data owner or
the disappearance of the reasons requiring the processing of personal data.
6
V. CONDITIONS FOR PROCESSING PERSONAL DATA
Except for the explicit consent of the personal data owner, the basis of the personal data processing
activity may be only one of the conditions stated below, or more than one condition may be the
basis of the same personal data processing activity.
(1) Obtaining the Explicit Consent of the Personal Data Owner
One of the conditions for processing personal data is the explicit consent of the data owner. The
explicit consent of the personal data owner should be disclosed on a specific subject, based on
information and with free will.
In the presence of the following personal data processing conditions, personal data may be
processed without the need for the explicit consent of the data owner.
(2) Clearly Stipulated in the Laws
If the personal data of the data owner is clearly stipulated in the law, in other words, if there is a
clear provision regarding the processing of personal data in the relevant law, the existence of this
data processing condition may be mentioned.
(3) Failure to Obtain the Explicit Consent of the Person Concerned Due to Actual
Impossibility
The personal data of the data owner may be processed if it is necessary to process the personal
data of the person who is unable to disclose his consent due to actual impossibility or whose
consent cannot be validated in order to protect the life or physical integrity of himself or another
person.
(4) Being Directly Related to the Establishment or Performance of the Contract
Provided that it is directly related to the establishment or performance of a contract to which the
data owner is a party, this condition may be deemed to be fulfilled if it is necessary to process
personal data.
(5) Fulfillment of the Company's Legal Obligation
If the processing is mandatory for our company to fulfill its legal obligations, the personal data of
the data owner may be processed.
(6) Publicization of Personal Data by the Personal Data Owner
If the data owner has made his/her personal data public, the relevant personal data may be
processed limited to the purpose of making it public
(7) Data Processing is Mandatory for the Establishment or Protection of a Right
If data processing is mandatory for the establishment, exercise or protection of a right, the personal
7
data of the data owner may be processed.
(8) Data Processing is Mandatory for the Legitimate Interest of the Data Controller,
Provided That It Does Not Harm the Fundamental Rights and Freedoms of the Data
Subject
Provided that it does not harm the fundamental rights and freedoms of the personal data owner,
the personal data of the data owner may be processed if it is necessary to process data for the
legitimate interests of our Company.
VI. IDENTIFICATION OF DATA SUBJECTS
Group of Data
Subjects
Identification
Shareholders and Partners
Real persons who are shareholders/partners of the company
Employees
Individuals employed by the company as insured persons
Employee Candidates
Individuals who apply to work for the company electronically and/or
physically
Potential Real Person
Customer/ Potential
Costumer’s Employees
and Authorized Persons
Real persons, legal persons or employees and/or officials of real persons who
have requested to use the Company's products and/or services electronically
or physically, or who have been determined to make a request in accordance
with commercial practices and honesty rules,
Real Person Customer/
Costumer’s Employees
and Authorized Persons
Real persons, employees and/or authorized persons of real or legal persons
who use or have used the products and/or services offered by the Company
Potential Business Partners
Shareholder/ Employee/
Authorized Person
All real persons, including shareholders, authorized persons, and employees
of real and/or legal persons with whom the company plans to establish any
kind of business or service relationship (bank, partnership, supplier,
contractor, etc.)
Business Partners
Shareholder/ Employee/
Authorized Person
All real persons involved in any kind of business or service
relationship in which the company is engaged (bank, partnership,
supplier, contractor, etc.), including shareholders, authorized persons,
and employees of legal entities.
Third Party Visitors
Real persons who access the www.usersdot.com website or mobile
applications for various purposes that are not included in other categories in
which the company processes their data (Website Visitor)
8
VII. CATEGORIZATION OF PERSONAL DATA
Group of Data
Subjects
Categorization of Personal Data
Shareholders and
Partners
Identity Data, Communication Data, Financial Data, Legal
Transaction Data, Visual and Auditory Data
Employees
Identity Data, Communication Data, Personal Data, Financial Data,
Visual and Auditory Data, Health Data, Appearance Data, Criminal
and Security Measures Data
Employee Candidates
Identity Data, Communication Data, Professional Experience Data,
Visual and Auditory Data
Potential Real Person
Customer/ Potential
Costumer’s Employees
and Authorized Persons
Identity Data, Communication Data, Other (Request/Complaint
Data)
Real Person
Customer/ Costumer’s
Employees and
Authorized Persons
Identity Data, Communication Data, Financial Data, Customer
Transaction Data, Transaction Security Data, Other
(Request/Complaint Data)
Potential Business
Partners Shareholder/
Employee/ Authorized
Person
Identity Data, Communication Data
Business Partners
Shareholder/ Employee/
Authorized Person
Identity Data, Communication Data, Other (Request/Complaint
Data)
Third Party Visitors
Transaction Security Data
VIII. ACQUISITION AND PROCESSING OF PERSONAL DATA
1. Processing Purposes and Legal Basis for the Processing of Employee Personal Data
Processed Personal Data
Processing Purposes of Personal Data
Identity Data
Contact Data
Employment Data
Financial Data
Visual and Auditory Data
Health Data
Appearance Data
Detailed information about the personal data of employees
is published within the Company in a manner accessible
only to our employees, and they have been duly informed
about this matter.
You can submit your requests regarding the processed
personal data and exercise your rights by using one of the
9
Criminal and Security Measures
Data
application methods specified in this Policy and also
detailed in the Information Texts.
You can access and download the Relevant Person Request
Form from the Personal Data Protection section on
www.usersdot.com.
2. Processing Purposes and Legal Basis for the Processing of Shareholders and Partners
Personal Data
Processed Personal Data
Processing Purposes of Personal Data
Identity Data
Name, Surname, Turkish Republic
Identification Number, Date of
Birth, Place of Birth, Gender, Serial
Number, Mother's Name, Father's
Name, Signature, Marital Status,
Nationality, Title
Contact Data
Registered Address Information,
Email Address, Phone Number
Financial Data
Share Ratio, Share Group, Bank
Name, Branch Name, Account
Number, IBAN Number
Visual and Auditory Data
Photographs/Videos/Writings
Legal Transaction Data
Contract Date, Transfer Date
Conducting Financial and Accounting Affairs
Conducting/Supervising Business Activities
Conducting Contract Processes
Conducting Communication Activities
Executing Investment Processes
Conducting Management Activities
Conducting Activities in Compliance with Legislation
Monitoring and Conducting Legal Affairs
Conducting Company Advertising/Promotional
Processes
Executing Information Security Processes
Tracking Requests/Complaints
Legal Basis of Compliance
Fulfillment of the Company's Legal Obligation
Being Directly Related to the Establishment or
Performa Performance of the Contract
Being Mandatory for the Legitimate Interests of the
Data Controller Provided That It Does Not Harm the
Fundamental Rights and Freedoms of the Data
Subject
10
3. Processing Purposes and Legal Basis for the Processing of Employee Candidates
Personal Data
Processed Personal Data
Processing Purposes of Personal Data
Identity Data:
Name, Surname, Date of Birth,
Place of Birth, Gender, Marital
Status, Title, Driver's License
Information
Contact Data
Address Information, Email
Address, Phone Number
Professional Experience Data
Educational Information (Degree
Details / University Name), Past
Employment Experience, Reference
Information from Previous
Employers, Role Assessed during
Hiring Process, Resume Details,
Certificate/Course Information, Last
Employer/Current Company,
Foreign Language Proficiency,
Knowledge of Software and
Computer Programs.
Visual and Audio Data
Photographs
Conducting Applicant Recruitment Processes
Determining Human Resources Processes
Execution of Communication Activities
Execution of Information Security Processes
Monitoring and Execution of Legal Affairs
Tracking Requests/Complaints
Legal Basis of Compliance
Being Mandatory for the Legitimate Interests of the
Data Controller Provided That It Does Not Harm the
Fundamental Rights and Freedoms of the Data
Subject
4. The Purposes and Legal Basis for Processing Personal Data of Potential Real
Person Customer/ Costumer’s Employee and Authorized Person
Processed Personal Data
Processing Purposes of Personal Data
Identity Data
Name, Signature, Signature Circles,
Surname, Turkish Republic ID
Number/ Tax ID, Tax Office,
Workplace Name, Title
Contact Data
Execution of Goods/Service Sales Processes
Execution of Product/Service Marketing Processes
Execution of Communication Activities
Execution of Information Security Processes
Monitoring and Execution of Legal Affairs
Tracking of Requests/Complaints
11
Address, Email Address, Phone
Number, Fax Number
Other Data
Request/Complaint Information
Legal Basis of Compliance
Being Directly Related to the Establishment or
Performance of the Contract
Being Mandatory for the Legitimate Interests of the
Data Controller Provided That It Does Not Harm the
Fundamental Rights and Freedoms of the Data Subject
Publicization of Personal Data by the Personal Data
Owner
5. The Purposes and Legal Basis for Processing Personal Data of Real Person
Customer/ Costumer’s Employee and Authorized Person
Processed Personal Data
Processing Purposes of Personal Data
Identity Data
Name, Signature, Signature Circles,
Surname, Workplace Name, Title
Communication Data
Address Information, Email
Address, Phone Number
Transaction Security Data
Username, Password, IP Address,
Website Login-Logout Information
Other Data
Request/Complaint Information
Execution of Goods/Service Sales Processes
Execution of Product/Service Marketing Processes
Execution of After-Sales Support Services for
Goods/Services
Execution of Communication Activities
Conducting Financial and Accounting Processes
Conducting Contract Processes
Monitoring and Handling Legal Affairs
Conducting/Supervising Business Activities
Ensuring Compliance of Activities with Regulations
Managing Customer Relationship Processes
Tracking Requests/Complaints
Executing Information Security Processes
Legal Basis of Compliance
Being Directly Related to the Establishment or
Performance of the Contract
Being Mandatory for the Legitimate Interests of the
Data Controller Provided That It Does Not Harm the
Fundamental Rights and Freedoms of the Data Subject
12
6. Processing Purposes and Legal Basis for Potential Business Partners
Shareholder/Employee and Authorized Person
Processed Personal Data
Processing Purposes of Personal Data
Identity Data
Name, Surname, Position, Title
Communication Data
Email Address, Phone Number
Execution of Communication Activities
Execution of Purchase Processes for Goods/Services
Executing Information Security Processes
Follow-up and Execution of Legal Affairs
Follow-up of Requests/Complaints
Legal Basis of Compliance
Being Directly Related to the Establishment or
Performance of the Contract
Data Processing is Mandatory for the Legitimate
Interest of the Data Controller, Provided That It Does
Not Harm the Fundamental Rights and Freedoms of the
Data Subject
7. Purposes and Legal Basis for Processing Personal Data of Business Partners'
Shareholders/Employees/Representatives
Processed Personal Data
Processing Purposes of Personal Data
Identity Data
Name, Signature, Signature
Circulations, Surname, TCKN
(Turkish ID Number), Position, Title
Contact Data
Address, Company Address Details,
Email Address, Phone Number
Transaction Security Data
Username, Password, IP Address,
Website Entry-Exit Records
Follow-up and Execution of Legal Affairs
Follow-up of Requests/Complaints
Execution of Purchase of Goods/Services
Execution of Information Security Processes
Execution of Contract Processes
Execution of Product/Service Marketing Processes
Execution/Supervision of Business Activities
Compliance of Activities with Legislation
Execution of Financial and Accounting Processes
Monitoring and Execution of Legal Affairs
Execution of Communication Activities
Legal Basis of Compliance
13
Being Directly Related to the Establishment or
Performance of the Contract
Data Processing is Mandatory for the Legitimate
Interest of the Data Controller, Provided That It Does
Not Harm the Fundamental Rights and Freedoms of the
Data Subject
Fulfillment of the Company's Legal Obligation
8. Processing Purposes and Legal Basis for Personal Data of Third-Party Visitors
Processed Personal Data
Transaction Security Data
Username, Password, IP Address,
Website Entry-Exit Records
IX. ACQUİSİTİON AND PROCESSİNG OF SENSİTİVE PERSONAL DATA
The data controller company processes special categories of personal data belonging to
company shareholders, officials, and employees. Detailed information about these personal data
is published within the company in a manner accessible only to the relevant individuals, who
have been duly informed about this matter.
Individuals whose special categories of personal data are processed may, if they wish, submit
their requests regarding the processed personal data and exercise their rights using one of the
application methods specified in Article XII of this Policy.
X. TRANSFER OF PERSONAL DATA
All your personal data that you have shared with us are kept confidential in the database of the
company and in physical documents in accordance with Article 12 of the Law on the Protection
of Personal Data No. 6698.
14
Personal data processed for existing purposes, in accordance with Articles 8 and 9 of the Law,
by specifying the purposes of transfer in detail in the Clarification Texts (real persons and
private law legal entities within the scope of the relevant legislation (3. Person Private
Institutions) and authorized public institutions and organizations (SGK, İŞ-KUR, Banks within
the Banks Association of Turkey, Court of Accounts, Ministry of Finance, Central Bank, etc.).
Some data related to shareholders/partners and employees are directly related to the
establishment or performance of a contract within the scope of the purposes of conducting
investment processes, conducting management activities, conducting company
advertising/promotion processes, provided that data processing is mandatory for the legitimate
interests of the data controller, provided that it does not harm the fundamental rights and
freedoms of the person concerned, and stipulated in the fourth paragraph of Article 9 of the
Law on the Protection of Personal Data. provided that appropriate assurances are provided and
transferred to Investors or Potential Investors abroad.
Some data regarding employees are transferred to Social Network Providers abroad for the
purposes of conducting employee satisfaction and loyalty processes, conducting performance
evaluation processes, and conducting company advertising/promotion processes, provided that
the appropriate safeguards stipulated in the fourth paragraph of Article 9 of the Personal Data
Protection Law are provided.
Some of the general data regarding the data subjects are categorized in detail in the Clarification
Texts and transferred to Cloud Service Providers abroad for the purposes specified, provided
that the appropriate safeguards stipulated in the fourth paragraph of Article 9 of the Personal
Data Protection Law, which were adopted after the amendment, are provided.
XI. SECURITY OF PERSONAL DATA
The Company takes the following measures as a minimum in order to ensure the security of the
personal data it processes, to prevent unlawful access and to prevent unlawful data processing.
Technical Measures:
Network security and application security are ensured.
Closed system networks are used for transferring personal data over the network
Key management is implemented.
Security measures are taken in the procurement, development, and maintenance of
information technology systems.
Security of personal data stored in the cloud is ensured.
An authorization matrix is created for employees.
Access logs are regularly maintained.
Corporate policies on access, information security, usage, storage, and disposal have been
developed and implemented.
Data masking measures are implemented when necessary.
Current anti-virus systems are utilized.
Firewalls are employed.
15
Signed contracts include data security provisions.
Personal data is backed up, and the security of backed-up personal data is ensured.
Log records are maintained in a manner that prevents user intervention.
Secure encryption/cryptographic keys are used for sensitive personal data and managed by
different units.
Intrusion detection and prevention systems are used.
Penetration testing is conducted.
Cybersecurity measures are implemented and continuously monitored for compliance.
Encryption is applied.
Data loss prevention software is used.
Administrative Measures:
Discipline regulations containing data security provisions are in place for employees.
Regular training and awareness programs on data security are conducted for employees.
Privacy commitments are made.
The permissions of employees undergoing role changes or leaving the company in this field
are revoked.
Policies and procedures for personal data security are established.
Personal data security issues are promptly reported.
Monitoring of personal data security is conducted.
Necessary security measures are taken for access to physical environments containing
personal data.
Security against external risks (fire, flood, etc.) is ensured for physical environments
containing personal data.
Security of environments containing personal data is maintained.
Personal data is minimized whenever possible.
Internal periodic and/or random audits are conducted.
Existing risks and threats are identified.
Protocols and procedures for the security of special category personal data are established
and implemented.
Data processing service providers undergo regular audits regarding data security.
Data processing service providers are made aware of data security practices.
XII. RIGHTS AND EXERCISE OF PERSONAL DATA OWNERS ON THEIR
PERSONAL DATA
Pursuant to Article 11 of Law No. 6698, your rights over your personal data that you have
shared with us within the scope of the purposes specified in this Personal Data Protection Policy
and the methods of processing personal data are as follows: Pursuant to Article 11 of the Law,
data owners have the following rights:
To learn whether personal data is being processed,
To request information if personal data has been processed,
16
To learn the purpose of processing personal data and whether they are used for their
intended purpose,
To know the third parties to whom personal data is transferred domestically or abroad,
To request correction of personal data if it is incomplete or inaccurate and to request
notification of the correction to third parties to whom the personal data has been
transferred,
To request the deletion or destruction of personal data in accordance with the Law No.
6698 and other relevant legislation, despite being processed in compliance with the law, if
the reasons requiring processing have ceased, and to request notification of this process to
third parties to whom the personal data has been transferred,
To object to a decision made against them based solely on automated processing of data,
To demand compensation for damages suffered due to unlawful processing of personal
data.
Your requests regarding these rights will be evaluated and concluded within 30 (thirty) days if
delivered in writing to USERSDOT TECHNOLOGY AND CONSULTING INC.'s address "
Ayazağa Mah. Kemerburgaz Cad. Vadi İstanbul Park Sitesi 7A Blok No:7B Kat:2 İç Kapı No:4
Sarıyer/İstanbul " by hand delivery, post, or cargo, or through a notary, or via secure electronic
signature and mobile signature to our electronic mail (KEP) address
[email protected] or to the company's email address [email protected]. Requests
submitted by the data subject must include the following information: name, surname, signature
if the application is in writing, TR identity number, nationality if the data subject is a foreigner,
passport number or, if any, identity number, and the address of residence or workplace, email
address for notification, telephone and fax numbers, and the subject of the request.
You can access and download the request form from the "Personal Data Protection" section on
www.usersdot.com.
XIII. KEEPING PERSONAL DATA ACCURATE AND UP-TO-DATE
The relevant groups of persons whose personal data we process have accepted and declared that
they know that the accuracy and up-to-date of the personal data received due to the contractual
relationship is important for them to exercise their rights on their personal data in terms of
KVKK and other relevant legislation, and that the responsibility arising from providing false
information will be entirely their own.
XIV. PERSONAL DATA RETENTION PERIOD
Personal data regarding employees, shareholders/partners, employee candidates, real person
customers, customer employees or officials, employees/officials of business partners, third party
visitors are stored during the legal relationship and for 10 years from the termination of the
relationship; Personal data regarding the potential real person customer/employee/official with
whom no legal relationship is established, the potential legal person customer's employee/official,
the employee or official of potential business partners, employee candidates, employee candidates
are stored for a reasonable period of 2 years from the processing of the transaction security data
for a maximum of 2 years in terms of the Internet Law No. 5651.
17
XV. DELETION, DESTRUCTION OR ANONYMIZATION OF PERSONAL DATA
Your personal data processed for the purposes specified in this Personal Data Protection Policy;
According to Article 7/f.1 of the Law No. 6698, when the purpose requiring processing
disappears and according to Article 17 and Article 138 of the Turkish Penal Code, when the
periods determined by the Laws have passed, it will be anonymized and continued to be used
by us.
When the storage periods stipulated in the relevant legislation or required by the purpose of
processing expire, within the 6-month period stipulated for periodic destruction; anonymizes
the personal data it processes by using one or more techniques that are most suitable for business
processes and activities, among the anonymization methods specified in the Guide on the
Deletion, Destruction or Anonymization of Personal Data published by the Personal Data
Protection Board, and continues to use the data in this way.
In this regard, a Storage and Disposal Policy has been established and is being implemented.
Details of the main company procedure in this regard can be viewed from the Storage and
Disposal Policy on the site.
XVI. POLICY TO BE DONE CHANGES AND UPDATES
The Company may make changes or updates to this Policy in accordance with legal regulations
and Company Policy. Necessary information is provided to the relevant persons on the website
about the new Policy text reflecting all these changes and updates.
This Policy has been updated as Version 2 and the necessary regulations have been complied
with within the scope of the Law on the Amendment of the Criminal Procedure Law and Certain
Laws published in the Official Gazette dated 12/3/2024 and numbered 32487, which also
includes provisions regarding the Law on the Protection of Personal Data No. 6698.
USERSDOT TECHNOLOGY AND CONSULTING INC.