CLARIFICATION TEXT
Identity of the Data ControllerFinartz Bilgi Teknolojileri Anonim Şirketi, with its registered office in Çiftehavuzlar Mah. Eski Londra Asfaltı Cad. Kuluçka Mrk.C1 Bl. N:151/1c/111 Esenler/ İstanbul-Turkey and registered in Istanbul Trade Registry with MERSIS number 0388079760900018, (the "Company") shall process your personal data as a data controller in line with this Clarification Text for processing of personal data under the provisions of the Personal Data Protection Law no. 6698 (the "PDPL").
The Company, acting as a Data Controller with respect to its operations, shall process your personal data in relation to its business objectives by using, recording, updating, transferring and/or classifying the personal data as provided in detail below. In that respect, the Company takes all kinds of technical and administrative measures required to prevent your personal data from being processed in violation of the law, prevent illegal access to your personal data, and to procure the sufficient level of security which shall ensure safekeeping of your personal data under the PDPL and other applicable regulations which are intended to protect personal data as well as upholding the fundamental rights and freedoms of individuals including, specifically, the right to privacy. This Clarification Text is meant to inform you about the processing of your personal data collected by the Company.
1. Methods and Legal Grounds of Collection of Personal DataThe Company may collect the following personal data directly from you as the data subject or through our business partners and employees.
The Company shall collect personal data wholly or partially by automated means or non-automated means which form part of any data recording system on magnetic, electronic and/or physical media with the use of email, telephone, facsimile, cargo/mail, contract and other means of communication to the extent that processing is required for legitimate interests of the data controller provided that the fundamental rights and freedoms of the data subject are not impaired; deemed necessary for creation, use or protection of any right; required for performance of a contract; provided in the laws; considered to be obligatory for fulfilling legal obligations; and where applicable, in the event that explicit consent is provided for processing personal data (which shall constitute legal grounds hereunder).
2. Why We Process Your Personal DataThe Company shall process a number of different categories of personal data such as identification data (name, surname), corporate identity (company/business title), communication data (electronic mail address, country of domicile) which you may submit as you make a request for product information catalogues and/or demos on the corporate website and/or mobile site of the Company with due regard for the requirements regarding processing of personal data as provided in article 5 of the PDPL. The following chart is meant to inform you about the categories of personal data to be processed as well as the processing objectives in detail:
Personal Data Categories:Identification Data:- Storing and archiving name-surname, corporate identification (business title) data
- Providing information about aforementioned or different products and services,
- Conducting Communication Activities
- Procurement of statistical and technical services,
- Providing Information to Authorized Individuals, Competent Entities and Organizations,
- Responding to Requests or Applications Filed Through Corporate Contact and Customer Contact Channels,
- Updating Identification and Communication Details,
- Ensuring the Data are Correct and Accurate
Communication Data:- Storing and archiving electronic mail address, country information,
- Conducting Communication Activities
- Performing Strategic Planning Activities
- Procurement of statistical and technical services,
- Performing Analyses,
- Providing Information to Authorized Individuals, Competent Entities and Organizations,
- Providing information about aforementioned or different products and services,
- Conducting Communication Activities
- Responding to Requests or Applications Filed Through Corporate Contact and Customer Contact Channels,
- Updating Identification and Communication Details,
- Ensuring the Data are Correct and Accurate
Marketing Data:- Collecting cookie settings and platform details with a view to conducting processes for promoting loyalty to the company/products/services,
- Conducting Communication Activities,
- Performing Customer Relations Management Processes,
- Performing Activities for Customer Satisfaction,
- Providing Information to Authorized Individuals, Competent Entities and Organizations,
Risk Management Data:- Processing data to ensure management of commercial, technical, administrative risks in line with the applicable regulations,
- Conducting IT Security Processes,
- Performing internal audits, investigations and intelligence activities,
- Conducting and controlling internal activities
- Providing Information to Authorized Individuals, Competent Entities and Organizations,
- Promoting Account and Transaction Security,
- Creating and Implementing Processes for IT Security,
- Creating a Risk Management, Access Authorization and Control Matrix.
Transaction Security Data- Keeping IP details as well as details of visits to the website and/or mobile site and demo platform and storing log in details and passwords
- Conducting IT Security Processes,
- Performing operations in line with the applicable regulations,
- Executing sales transactions for goods/services
- Providing Information to Authorized Individuals, Competent Entities and Organizations,
The Company warrants that your personal data will be exclusively made accessible to its employees who are granted limited access solely for conducting their duties with a view to attaining the objectives provided above.
Transfer of Personal DataThe personal data which will be shared for requesting demos and product information catalogues on the corporate website and/or mobile site of the Company including but not limited to identification data (name, surname), corporate identity (company/business title), communication data (electronic mail address, country of domicile) in connection with the aforementioned objectives and in line with the principle of proportionality in order to attain the objectives provided above such as procurement of statistical and technical services, keeping customer data, and providing information about aforementioned or different products and services pursuant to the relevant provisions of the PDPL.
The personal data which shall be provided to the Company in line with the aforementioned chart (identification data, corporate identification data, communication data, marketing data, transaction security and risk management data) as well as the data to be collected via cookies (with your explicit consent, if applicable) including the marketing and functionality cookies required for improving the performance of the corporate website/ mobile website, facilitating and/or expediting the use of relevant platforms, offering new functionalities on the platforms, monitoring and understanding the use of products and services, improving and customizing user experience at the website/ mobile website, improving the functionality of the website and providing ease of use, ensuring customization and logging system activities of online visitors and users may be transferred to Google, a service provider located abroad which offers services to the Company or cooperates with the Company, based on availability of space by means of artificial intelligence under the data policies of Google. (The Company makes use of Google Analytics, a web analysis service provided by Google, Inc. ("Google"), on its website and mobile website. For more information about the use of Google Analytics (including options for rejection), please visit
https://www.google.com/intl/tr/policies/privacy/#infocollect)Also, where explicit consent is provided, the Company may transfer your identification data, corporate identification data, communication data, marketing data, transaction security and risk management data to its business partners and service providers located abroad by adopting necessary security measures in order to ensure procurement of technical services, set-up, use, development and maintenance of technical and administrative infrastructure, electronic systems and mailing infrastructure, safekeeping, archiving and storage of data in line with the objectives specified in the chart above. The transferred data may be processed and stored as necessary and transferred to servers providing located abroad IT support services, hosting and infrastructure providers, electronic media such as software and cloud computing services (G-Suite infrastructure and Google cloud services), to overseas service providers of Google, which offers services to the Company or cooperates with the Company, based on availability of space by means of artificial intelligence under the data policies of Google (the countries to be involved in those services are not known exactly since it keeps the data in different countries for IT security), its infrastructure providers and Microsoft Azure, our business partner which keeps our servers in the Netherlands, in order to conduct the services and/or operations.
Your personal data shall be retained in (i) Electronic media: at the secure servers in the Netherlands; (ii) Physical media: at lockers in the corporate head office based on the understanding that solely authorized employees in charge of the process shall have access to the lockers where the data will be kept according to distinctive categories.
4- How Long We Process and How We Destroy Your Personal DataThe Company shall store your personal data for 10 years in line with the general principles and rules specified in the corporate retention and destruction policies and procedures which conform to the applicable laws and regulations including, specifically, the Turkish Constitution, PDPL and Regulation on the Deletion, Destruction or Anonymization of Personal Data. Also, the personal data shall be destroyed upon the expiration of the retention period. The personal data which shall be disclosed through the channels specified in this Clarification Text shall be processed throughout the period required in the PDPL and other regulations on protection of personal data as well as all other applicable legislations and, in any event, so long as the legitimate reasons for processing remain applicable. In that respect, your personal data shall be destroyed in line with the Corporate Policy on Retention and Destruction of Personal Data during the first destruction period once the prerequisites for processing personal data which are indicated in article 5 of the PDPL are no longer applicable.
5- Rights of Data Subjects Under Article 11 of the Law No. 6698Data subjects may exercise their rights by completing the enclosed Application Form for Protection of Personal Data in line with the relevant rules and principles and filing an application to our KEP address at finartz@hs01.kep.tr or by e-mail to kvkk@finartz.com with your mobile signature, e-signature or through your registered and confirmed e-mail address in our systems or otherwise by submitting the form with original signature to Çiftehavuzlar Mah. Eski Londra Asfaltı Cad. Kuluçka Mrk. C1 Bl. N:151/1c/111 Esenler/ Istanbul (TURKEY) in person or via notary. The Company shall conclude the requests of data subjects free of charge as soon as possible not to be later than thirty (30) days according to the attributes of the request. Still, if any such request requires an additional cost, the Company shall charge the relevant cost to the relevant person based on the tariff specified by the Personal Data Protection Board.
In that respect, data subjects shall be entitled to:
- learn whether or not their personal data have been processed,
- request information about the processing, if applicable,
- request information about the processing purpose and whether or not the use of the data is fit for the purpose,
- receive information about the recipient domestic or foreign third parties,
- ask for correction in case of incomplete / incorrect processing and also demand notification of the relevant process to the third persons who are known to have received the personal data by way of transfer,
- request deletion or destruction of personal data once the processing purpose is fulfilled even though the processing has been performed in line with PDPL no. 6698 and other legal provisions and also demand notification of the relevant process to the third persons who are known to have received the personal data by way of transfer,
- object to any unfavourable result for the data subject arising from analysis of processed data with automated systems exclusively,
- make claims for losses, if any, incurred as a result of unlawful processing of personal data in violation of the law.
6- Contact Information- Address: Çiftehavuzlar Mah. Eski Londra Asfaltı Cad. Kuluçka Mrk. C1 Bl. N:151/1c/111 Esenler/ Istanbul (TURKEY)
- Phone:
- E-mail:
ANNEX: 1 APPLICATION FORM FOR PROTECTION OF PERSONAL DATAThe Personal Data Protection Law no. 6698 (the "PDPL") provides that data subjects may exercise their rights by filing an application to data controller ("Finartz") "in writing or through other methods to be designated by the Personal Data Protection Board".
In addition to the other methods to be designated by the Board, Finartzshall accept applications filed by data subjects through the following methods. Data subjects who intend to exercise their rights may file an application by any of the following methods pursuant to this form:
1. Sending an e-mail to kvkk@finartz.com by using the e-mail address registered and authenticated at Finartz. Applications sent through an e-mail address which is not registered at the system shall not be accepted.
2. Sending an e-mail to kvkk@finartz.com with the secure electronic signature of the data subject.
3. Sending an e-mail to finartz@hs01.kep.tr , the KEP address of the Company, through the Registered E-Mail (KEP) address of the data subject, if any.
4. Submitting the form with the original signature of the data subject Çiftehavuzlar Mah. Eski Londra Asfaltı Cad. Kuluçka Mrk. C1 Bl. N:151/1c/111 Esenler/ Istanbul in person.
5. Via a notary.
Upon receiving a request by any of the methods provided above, Finartz shall, in principle, respond to the request free of charge as soon as possible not to be later than 30 days according to the attributes of the request and inform the data subject of the response in writing or electronic media. If the request requires an additional cost, the Company may charge a fee to the data subject based on the tariff specified by the Board.
I. Contact Information of Data Subjects:
Name Surname:
Turkish ID No:
Phone or Mobile Phone Number:
E-mail address (If the response is to be sent in electronic media):
Personal KEP Address (If the response is to be sent in electronic media):
Address (If the response is to be sent by mail):
II: Information about the relationship of the data subject with Finartz (employee candidate, supplier, customer etc.)
III: Your request under article 11 of the PDPL
IV: Signature of the data subject (for applications in hardcopy)