Protection of personal data AldımGeldi Yazılım Sanayi Tic. A.S. (“AldimGeldi”) is an important issue. "AldimGeldi, as the data controller, adopts the principles stipulated by the KVK Law in order to comply with the Personal Data Protection Law No.6698 (" KVK Law "), processing, deleting, destroying, anonymizing, transferring, enlightening the relevant person and fulfills its obligations regarding data security.

1. Scope and Purpose of the Privacy and Personal Data Protection Policy

This Privacy and Personal Data Protection Policy;

a. Personal data collection methods and legal reasons,

b. Personal data of which groups of people are processed (Data Subject Person Group Categorization),

c. Which category of personal data is processed (Data Categories) and sample data types for these groups of people,

d. In which business processes and for what purposes this personal data is used,

e. Technical and administrative measures taken to ensure the security of personal data,

f. To whom and for what purpose personal data can be transferred,

g. Personal data retention periods,

h. It explains what the Related Persons' rights on their personal data are and how they can exercise these rights.

a. Personal Data Collection Methods and Legal Reasons

AldimGeldi collects personal data through other communication channels in audio, electronic or written form, in accordance with the personal data processing conditions specified in the KVK Law and in accordance with the legal reasons specified in this Privacy / Personal Data Protection Policy.

b. Data Subject Person Group Categorization

AldimGeldi categorizes the data subject groups whose personal data are processed in personal data processing processes and activities related to these processes as follows. However, in accordance with the personal data processing conditions specified in Articles 5 and 6 of the KVK Law and in line with the legal reasons specified in this Privacy / Personal Data Protection Policy, the personal data of the individual groups listed below can be processed.

c. Data Subject Categories and Sample Data Types

Merchant Official, Employee, Shareholders

Identity Information: Name, surname, T.C. identification number

Contact Information: mobile phone, e-mail address, address, postal code, fixed phone

Financial Information: Tax office, invoice information

Risk Management Information: IP address

Transaction Security Information: Password, password information

Legal Transaction and Compliance Information: Start and end time of the service provided, the type of service used, the amount of data transferred (traffic data), signature circulars

d. In Which Business Processes and For What Purposes Personal Data Is Used

Merchant Official, Employee, Shareholders

Mailing for announcement purposes,

Execution of educational processes,

Legal processes and compliance with legislation,

Responding to information requests from administrative and judicial authorities,

Providing information and process security and preventing malicious use,

Making the necessary arrangements to ensure that the processed data is up-to-date and accurate,

Fulfillment of legal obligations,

Finding solutions to the questions of the Merchant,

To invite you to training and events,

To inform about the changes / innovations in the platform infrastructure,

Messaging on questions and requests via the platform

e. Technical and Administrative Measures Taken to Ensure the Security of Personal Data

AldimGeldi undertakes to take all necessary technical and administrative measures and to show the necessary care to ensure the confidentiality, integrity and security of your personal data.

AldimGeldi takes the necessary measures to prevent unauthorized access to personal data, misuse, illegal processing, disclosure, alteration or destruction of personal data. AldimGeldi uses generally accepted security technology standards such as firewalls and Secure Socket Layer (SSL) encryption when processing personal data. In addition, when sending your personal data to AldimGeldi through the website, mobile application and mobile site, these data are transferred using SSL.

Regarding the prevention of unlawful access to the personal data that AldimGeldi processes, the prevention of unlawful processing of these data and the protection of personal data:

All information on the website or mobile application from which personal data is taken.domains protect with SSL,

Creates and implements access authorization and control matrices for its employees to prevent unlawful processing of personal data collected from the website or mobile application,

To ensure that personal data are not accessed illegally; periodically conducts penetration tests, tests the system's resistance to unauthorized access,

Uses the Pseudonymization (pseudonymized data) method for all secondary data manipulations other than the primary processing purpose. Pseudonymous uses encryption methods in the systems that contain this data and implements a stricter access authorization and control policy in order to prevent the identification of the data subject,

It ensures that personal data in paper environment is kept in lockers and can only be accessed by authorized persons.

Despite the fact that AldimGeldi takes the necessary information security measures, in the event that personal data is damaged as a result of attacks on the platforms operated by AldimGeldi or the AldimGeldi system, or gets in the hands of unauthorized third parties, AldimGeldi notifies you and the Personal Data Protection Board immediately and takes the necessary measures.

f. To Whom and For What Purpose Personal Data Can Be Transferred

AldimGeldi transfers personal data to third parties only for the purposes specified in this Privacy and Protection of Personal Data Policy and in accordance with Articles 8 and 9 of the KVK Law.

g. Personal Data Retention Periods

AldimGeldi preserves the personal data it processes in accordance with the KVK Law for the periods stipulated in the relevant legislation or required by the purpose of processing. These periods are approximately as follows in our Personal Data Storage and Destruction Policy:

Personal data regarding the Official of Merchant, Employee, Shareholders

10 years after the legal relationship ends

Law No. 6098

h. What Are the Rights of Relevant Persons on Their Personal Data and How They Can Use These Rights

The rights of the Relevant Person on personal data processed by AldimGeldi in accordance with Article 11 of the KVK Law are listed below:

Learning whether personal data is processed, If their personal data has been processed, to request information regarding this, Learning the purpose of processing personal data and whether they are used appropriately for their purpose, To know the third parties to whom personal data are transferred domestically or abroad, To request correction of personal data in case of incomplete or incorrect processing, To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVK Law, Request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data have been transferred, Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems, To request the compensation of the damage in case of damage due to the processing of personal data illegally. In order to exercise your rights over your personal data; You can make your application and use your rights with the methods specified in the "Application Form" regulated in accordance with Article 13 of the KVK Law on the AldimGeldi website.

2. Terms of Deletion, Destruction and Anonymization of Personal Data

AldimGeldi keeps the personal data processed through its website, mobile application or mobile site for the periods stipulated by the relevant laws and / or the periods required by the relevant laws pursuant to Article 7, 17 of the KVK Law and Article 138 of the Turkish Penal Code. In the event that these periods expire, they will delete, destroy or anonymize in accordance with the provisions of the Regulation on Deletion, Destruction or Anonymization of Personal Data.

The deletion of personal data by AldimGeldi means the process of making the personal data inaccessible and unavailable in any way for the relevant users. For this, AldimGeldi creates and implements a user-level access authorization and control matrix. It takes the necessary measures to perform the deletion in the database.

The destruction of personal data by AldimGeldi refers to the process of making personal data inaccessible, retrieved and reusable by anyone.

The anonymization of personal data by AldimGeldi means making personal data unrelated to an identified or identifiable natural person under any circumstances, even if they are matched with other data.

AldimGeldi, Deletion of Personal Datai describes in detail the methods for deletion, destruction and anonymization and the technical and administrative measures taken within the scope of the Personal Data Storage and Destruction Policy prepared in accordance with the Regulation on Destruction or Anonymization. In this Policy, the period of periodic destruction stipulated by the Regulation is also determined as 6 months.

3. Changes to the Privacy / Personal Data Protection Policy

AldimGeldi can always make changes to this Privacy / Personal Data Protection Policy. These changes become effective immediately upon the publication of the new amended Privacy / Protection of Personal Data Policy. Necessary information will be provided for you to be aware of the changes in this Privacy / Protection of Personal Data Policy.