1. Introduction
Eteration Bilişim Çözümleri Ticaret A.Ş. (hereinafter "Eteration," "the Company," or "We") demonstrates the utmost sensitivity to ensure full compliance with the "Personal Data Protection Law" (KVKK or "the Law"), which was published in the Official Gazette on 07.04.2016 and came into full effect on 07.10.2016. In this context, we prioritize the lawful processing and protection of personal data. For this reason, ETERATION has prepared this "Policy on the Processing and Protection of Personal Data" (the "Policy") to transparently inform you about its personal data processing and protection activities.
2. Purpose and Scope of the Policy
This Policy has been prepared to provide explanations to the data subjects whose personal data is processed by ETERATION, as listed in APPENDIX-1. Within this scope, these data subjects are informed about which of their personal data is processed and for what purpose, to whom and for what purposes this data may be transferred, what administrative and technical measures are taken for the protection of their personal data, what their rights are regarding their personal data, and the methods for exercising these rights, among other matters. This aims to ensure full compliance with the legislation in the personal data processing and protection activities carried out by the Company and to protect all rights of the data subjects arising from the legislation concerning their personal data. Information regarding the processing and protection of the personal data of ETERATION Employees (Employees and Interns) is contained in the "Policy on the Processing and Protection of Employee Personal Data."
3. Definitions
The definitions used in this Policy are as follows:
Explicit Consent: Consent that is based on information regarding a specific subject and declared with free will.
Recipient Group: The category of natural or legal persons to whom personal data is transferred by the data controller.
Anonymization: Rendering personal data in such a way that it can no longer be associated with an identified or identifiable natural person, even by matching it with other data.
Data Subject: The natural person whose personal data is processed (within the scope of this Policy, persons listed in APPENDIX-1 whose personal data is processed by ETERATION, excluding Employees).
Personal Data: Any information relating to an identified or identifiable natural person.
Special Categories of Personal Data (SCPD): Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.
Processing of Personal Data: Any operation performed upon personal data, whether wholly or partially by automated means or, provided that it is part of a data filing system, by non-automated means, such as collection, recording, storage, retention, alteration, rearrangement, disclosure, transfer, acquisition, making available, classification, or prevention of its use.
The Board: The Personal Data Protection Board.
The Authority: The Personal Data Protection Authority.
Data Filing System: The filing system where personal data is structured and processed according to specific criteria.
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system.
For terms not defined in this Policy, the definitions in the Law and secondary regulations shall apply.
##4. General Principles for Processing Personal Data Article 4 of the KVKK sets out the general principles that must be complied with for the processing of personal data. ETERATION acts in accordance with these general principles, explained below, in its personal data processing activities.
Lawfulness and fairness: ETERATION acts in compliance with the current legislation and the rules of fairness in all personal data processing activities.
Accuracy and being up-to-date where necessary: ETERATION takes the necessary measures to ensure that your personal data is accurate and up-to-date, provides opportunities for updates, and takes necessary precautions to ensure data is correctly transferred to its databases.
Processing for specific, explicit, and legitimate purposes: ETERATION limits its personal data processing activities to specific and legitimate purposes and clearly informs you about these purposes through privacy notices.
Being relevant, limited, and proportionate to the purposes for which they are processed: Personal data is processed by ETERATION to the extent necessary for the purpose communicated to you at the time of collection, and in a way that is relevant and limited to that purpose.
Retention for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed: ETERATION retains your personal data for the period specified if such a period is defined in the current legislation. If no such period is specified, reasonable retention periods are determined based on the purpose of data use and company procedures, and the data is stored for this limited period. Following the expiration of these periods, the data is deleted, destroyed, or anonymized in accordance with the "Eteration Bilişim Çözümleri Ticaret A.Ş. Personal Data Retention and Disposal Policy."
(Sections 5 through 13 and the Appendices have been translated and summarized below for clarity and conciseness, while preserving the legal meaning.)
GENERAL CORPORATE PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA
As Eteration Bilişim Çözümleri Ticaret A.Ş. ("Eteration"), we have prepared this privacy notice to inform you, our Visitors, Online Visitors, Customers, Potential Customers, Supplier Employees, and Supplier Officials, regarding the processing, storage, and transfer of your personal data within the framework of our activities arising from Law No. 6698 on the Protection of Personal Data ("KVKK") and related legislation.
##1) What Categories of Your Personal Data Do We Process and for What Purposes? Your personal data is processed by Eteration Bilişim Çözümleri Ticaret A.Ş. in accordance with the principles set out in Article 4.2 of the KVKK. This processing occurs within the scope of our established and ongoing business relationships for the purposes detailed below.
A. Our Online Visitors
The transaction security information (e.g., your IP address), marketing information (e.g., cookie records), and, if you provide them, identity information (e.g., name, surname) and contact information (e.g., email address) of our online visitors who use our website are processed for the following purposes:
Conducting activities in accordance with the legislation.
Managing information security processes.
Following up on requests/complaints.
Conducting communication activities.
Providing information to authorized persons, institutions, and organizations.
Enabling your access to our website via the internet.
B. Our Customers
The identity information, contact information, customer transaction information (e.g., order details), financial information (e.g., bank account details), legal transaction information, and marketing information (e.g., shopping history) of our natural person customers or the officials/employees of our legal person customers are processed for the following purposes:
Conducting activities in accordance with the legislation.
Managing finance and accounting affairs.
Conducting/auditing business activities.
Managing logistics activities.
Providing after-sales support services for goods/services.
Managing goods/services sales processes.
Managing contract processes.
Providing information to authorized persons, institutions, and organizations.
Resolving legal disputes.
Managing storage and archive activities.
Managing risk management processes.
Conducting advertising/campaign/promotion processes and sending commercial electronic messages.
Managing company/product/service loyalty processes.
Conducting communication activities.
C. Our Potential Customers
The identity information, contact information, customer transaction information, and marketing information of our potential natural person customers or the officials/employees of our potential legal person customers are processed for the following purposes:
Managing goods/services sales processes.
Managing contract processes.
Conducting advertising/campaign/promotion processes and sending commercial electronic messages.
D. Our Supplier Employees
The identity and contact information of our supplier employees are processed for the following purposes:
Conducting communication activities.
Conducting/auditing business activities.
Managing supply chain management processes.
Managing logistics activities.
Conducting activities in accordance with the legislation.
E. Our Supplier Officials
The identity information, contact information, customer transaction information, financial information, and legal transaction information of our natural person suppliers or the officials of our legal person suppliers are processed for the following purposes:
Conducting/auditing business activities.
Managing goods/services procurement processes.
Managing finance and accounting affairs.
Managing contract processes.
Managing investment processes.
Following up and conducting legal affairs.
##2) What are the Collection Methods for Your Personal Data? Your personal data, categorized above, is collected through physical means such as order forms, contracts, and visitor forms, or through automated or non-automated means via information systems and electronic devices (e.g., telecommunication infrastructure, computers, and phones), third parties (e.g., KKB and Findeks), our website, and other documents declared by the data subject.
##3) What is the Legal Basis for Collecting Your Personal Data? Your personal data is processed by Eteration Bilişim Çözümleri Ticaret A.Ş. based on the legal grounds specified in Article 5 of the KVKK for the realization of the purposes described above, including:
It is explicitly provided for by law.
It is necessary for the establishment or performance of a contract.
It is necessary for the data controller to fulfill its legal obligation.
Data processing is necessary for the establishment, exercise, or protection of a right.
Data processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
The identity and contact data of our Customers and Potential Customers will be processed for advertising, campaign, promotion purposes, and for sending commercial electronic messages based on their explicit consent.
##4) Do We Transfer Your Personal Data to a Third Party? Your personal data may be shared with third parties as described below:
Online Visitors: Data may be shared with judicial authorities and authorized public institutions upon request and to resolve legal disputes.
Customers: Data is transferred to authorized public institutions as required by law, and to suppliers, cargo companies, banks, audit firms, and our financial advisor to the extent necessary to properly perform our services and manage business activities.
Potential Customers: Data may be transferred to our legal counsel and judicial authorities for use as evidence in potential legal disputes.
Supplier Employees & Officials: Data is transferred to authorized public institutions as required by law and to our business partners (suppliers, banks, etc.) as necessary to conduct business operations.
##5) Do We Transfer Your Personal Data Abroad? As Eteration Bilişim Çözümleri Ticaret A.Ş., your personal data may be transferred abroad based on your explicit consent, due to the fact that the servers of the video conferencing program used for conducting business processes, remote meetings, and training are located abroad. Specific information and requests for explicit consent regarding this will be provided separately to the relevant individuals.
##6) How Can You Exercise Your Rights Regarding Your Personal Data? You can submit your requests within the scope of Article 11 of the KVKK, which regulates the rights of data subjects, by using the "Data Controller Application Form" available on Eteration Bilişim Çözümleri Ticaret A.Ş.'s website "www.eteration.com".
Data Controller: Eteration Bilişim Çözümleri Ticaret A.Ş.
Address: Reşitpaşa Mah. Katar Caddesi İTÜ Ayazağa Kampüsü Teknokent ARI-3 B202 34469 Maslak, İstanbul
Email: kvkk@eteration.com