Privacy Policy

INTRODUCTION

​

With this policy, Dataguess Teknoloji Sanayi ve Ticaret Anonim Şirketi (referred to as "Dataguess" in the text content) sets out the basic principles regarding the processing of personal data of natural persons, including its customers, visitors, and personnel, under the Constitution of the Republic of Turkey, international conventions on human rights to which our country is a party and the relevant legislation, especially the Law No. 6698 on the Protection of Personal Data, and ensuring the effective use and protection of the rights of the data subjects whose data are processed.

​

Accordingly, Dataguess carries out all personal data processing, storage, and transfer procedures for the natural persons whose data are processed under the KVKK, other relevant legislation, and the Dataguess Personal Data Processing and Protection Policy (Policy).

​

Dataguess takes the administrative and technical protection measures required by the nature of the data under the relevant legislation and technology to protect personal data.

​

Natural persons whose personal data are processed within the scope of the Law may review the text below to obtain information about the personal data that Dataguess may process in its capacity as the data controller and the purposes of the processing, the recipient groups to which it may be transferred, the method of collection, deletion or anonymization and the rights of individuals.

 

​

1 SCOPE

​

Protection of personal data is only related to natural persons, and data belonging to legal entities and not containing information about natural persons are not covered by this Policy. All personal data of the personnel, visitors, customers, prospective customers, suppliers, website visitors, and other natural persons whose personal data are processed, obtained, and processed during Dataguess activities are within the scope of this Policy.

 

 

2 DEFINITIONS

​

* "Explicit Consent" refers to consent regarding a specific subject based on information and expressed with free will.
* "Anonymization" refers to making personal data impossible to associate with an identified or identifiable natural person under any circumstances, even by matching with other data.
* "Data Subject" refers to the natural person whose personal data is processed.
* "Personal Data" means any information about an identified or identifiable natural person.
* "Data Processor" refers to the natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller.
* "Data Recording System" refers to the recording system where personal data is structured and processed according to specific criteria.
* "Data Controller" refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
* "KVKK" refers to the Law No. 6698 on the Protection of Personal Data.
* "Policy" refers to Dataguess' Personal Data Processing and Protection Policy.
* "Registered Electronic Mail (REM)" refers to a secure electronic mail service in which the identity of the sender and recipient is known, the time of sending and the content cannot be changed, and has legal validity in case of dispute.

​

​

3 PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA

​

Dataguess acts under the principles listed below in processing personal data and with the general principles stipulated in the legislation, the Constitution, and the KVKK.

​

a) Compliance with the law and good faith: Dataguess acts under the law and in good faith within the scope of personal data processing activities; by applying the principles of proportionality and necessity in the processing of personal data, Dataguess processes only as much personal data as necessary for data processing.

​

b) Being accurate and up-to-date when necessary: Dataguess ensures that the personal data it processes is correct and up-to-date.

​

c) Processing for specific, explicit, and legitimate purposes: Dataguess processes personal data for specific, explicit, and lawful reasons. Dataguess determines the purposes for which personal data will be processed and informs data subjects of these purposes before processing their data. Dataguess does not process personal data that is not legitimate and lawful.

​

d) Being relevant, limited, and proportionate to the purpose for which they are processed: Dataguess avoids processing personal data that is not relevant or not needed for the purpose of processing.

​

e) Being retained for the period stipulated in the relevant legislation or for the purpose for which they are processed: Dataguess retains personal data only for the periods specified by law or limited to the purpose for which they are processed.

​

​

4 PURPOSE OF PROCESSING PERSONAL DATA

​

Dataguess processes personal data within the scope of the personal data processing conditions specified in Articles 5 and 6 of the KVKK, within the scope of the legal reasons stipulated in Article 5 of the KVKK, that it is defined in the law, that the data controller must fulfill its legal obligations, that it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract and that data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm your fundamental rights and freedoms.

 

 

a) Processing of data for business relationships: Personal data of the personnel are collected and processed in line with the legal reasons that it is stipulated in the Laws in Article 5 of the KVKK that the data controller must fulfill its legal obligations, that it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract and that data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm your fundamental rights and freedoms.

​

The processing of personal data serves several crucial purposes. These include the establishment, organization, and execution of employment contracts; the planning of the human resources process; the documentation of employee entry and exit; the fulfillment of legal obligations; the organization of information and documents for paper or electronic works and transactions, the reporting and examinations required by law, and the maintenance of order and security in the workplace.

​

The information provided by the personnel, such as identity information, contact data, and signature, is collected and processed using both non-automatic and automatic methods. Non-automatic methods are used in employment contracts and personal files, while automatic methods are employed in computers. Additionally, data is collected and processed partially or fully automatically within the scope of the fingerprint reading system for security reasons in the workplace and for detecting entrances and exits.

​

The persons and organizations to which personal data may be transferred to the extent permitted by the legislation and required by business processes are public legal entities and judicial bodies. Such personal data may be transferred to judicial authorities or relevant law enforcement agencies to resolve legal disputes or upon request. In addition, personal data may be shared with public institutions and other organizations due to legal obligations, as required by legislation, due to transactions such as insurance transactions within the scope of social security.

​​

b) Processing personal data of customers, prospective customers, representatives, officials and contact persons of legal entities that are customers, suppliers and visitors, website visitors: Your personal data is clearly stipulated in the Laws specified in Article 5 of the KVKK, it is mandatory for the data controller to fulfill its legal obligations, it is necessary to process personal data belonging to the parties to the contract, provided that it is directly related to the establishment or performance of a contract, provided that it does not harm your fundamental rights and freedoms, in line with the legal reasons that data processing is mandatory for the legitimate interests of the data controller, within the scope of company activities, customers, prospective customers, Personal data are processed within the scope of establishing, organizing, executing contracts within the scope of commercial activities in terms of our suppliers, visitors, limited to the purposes of establishing, organizing, executing contracts within the scope of commercial activities, fulfilling legal obligations, issuing information and documents that will be the basis of the business and transactions to be carried out on paper or electronically, issuing invoices, preparing and presenting price offers, ensuring order and security in the workplace.

​

Within the scope of the personal data processing conditions specified in Articles 5 and 6 of the KVKK, personal data are processed by visiting the website, visiting the company headquarters, sharing in telephone and e-mail correspondence, sending personal data electronically with a request for quotation, delivering it in printed form by mail, including personal information in the text of the quotation and also by transferring information by the relevant persons; In addition, in case of entering into a commercial or legal relationship with Dataguess, personal data such as identity information (name, surname, Turkish ID number, gender, date of birth), contact data (e-mail address, address and telephone information, IP address), signature in the signature circular and other information are collected and processed by Dataguess by partially or fully automated methods within the scope of Dataguess' field of activity.

​

Personal data processed by Dataguess may be shared with natural and legal persons, business partners, suppliers, public institutions and organizations authorized to request such data, and judicial bodies to fulfill legal responsibilities and to ensure the performance of the contract, to provide the requested product and service, to provide product and price offers, as permitted by the legislation and required by business processes.

​

c) Data Processing for Workplace Security: Provided that it does not harm the fundamental rights and freedoms of the data subject in Article 5 of the KVKK, based on the legal reasons that data processing is mandatory for the legitimate interests of the data controller and that data processing is compulsory for the establishment, use or protection of a right, Dataguess uses the fingerprint reading system to ensure that the entrances and exits to the workplace are secure and to identify the entry and exit of the employees to the workplace, and this system is created by placing it on the turnstile after entering the first entrance door of the workplace. Fingerprint records are collected and processed automatically. The records kept to ensure workplace security may be shared with judicial bodies in case of a breach of workplace security or case of suspicion regarding security, if necessary, to protect the rights and legitimate interests. They may be transferred to judicial authorities or relevant law enforcement agencies.

​​

​

5 CLASSIFICATION OF PERSONAL DATA

​​

5.1. Personal data

​

Personal data is any information relating to an identified or identifiable natural person. Personal data cannot be processed without the explicit consent of the person concerned. However, in the presence of one of the following conditions, it is possible to process personal data without seeking the explicit consent of the data subject; except for these situations, it does not seem possible to process personal data without explicit permission:

​

a) Explicitly stipulated in the law,

b) It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose their consent due to actual impossibility or whose consent is not legally valid,

c) Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process the personal data of the parties to the agreement,

d) It is mandatory for the data controller to fulfill its legal obligation,

e) It has been made public by the person concerned,

f) Data processing is mandatory for the establishment, exercise, or protection of a right,

g) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

​

5.2. Sensitive personal data

​

Personal data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal 

​

​

6 DATAGUESS OBLIGATIONS

​​

6.1. Obligation to Inform the Personal Data Owner

​

During the acquisition of personal data, Dataguess is committed to informing the persons whose data will be processed about how their data will be processed. This commitment is reflected in the clarification text below.

​

a) The identity of the data controller and its representative, if any.

b) The purpose for which personal data will be processed.

c) To whom and for what purpose can the processed personal data be transferred?

d) The method and legal reason for collecting personal data should be included.

e) The person's rights in Article 11 of the Law should be included.

​

6.2. Obligation to ensure data security

​

Dataguess takes administrative and technical measures to prevent unlawful disclosure of personal data and updates its measures. If it detects unauthorized disclosure of personal data, it creates infrastructures to notify the Data Subject and the Personal Data Protection Board.

​

Dataguess implements a comprehensive approach, utilizing technological, administrative, and technical measures to prevent unlawful processing and access to data. This ensures that all data is stored strictly with the law, providing high security and peace of mind.

​

Dataguess takes the following measures to achieve this purpose.

​

- It trains and supervises its personnel in the processing of personal data by the law,

- It processes personal data limited to the commercial activities it performs,

- In case of unlawful disclosure of personal data/data leakage, it takes measures to notify the Personal Data Protection Board.

​

Dataguess, to prevent unlawful access to personal data;

​

- Establishes security systems,

- Takes technical measures, updates and renews them,

- Establishes and audits data recording systems by the legislation,

- It identifies potential risks and develops systems against them.

​

​

7 EXPLICIT CONSENT

Explicit consent is written or verbal consent related to a specific subject, is based on information, and reveals the will to process data about you with free will. It's important to remember that explicit consent can be revoked by the data subject at any time, underscoring the control individuals have over their data.

​

Explicit consent can be obtained by having the data subject sign the explicit consent form or by including these necessary elements in the contract or electronic form to be made with the data subject.

​

​

8 RIGHTS OF PERSONAL DATA SUBJECTS AND RESPONDING TO APPLICATIONS

​

Personal data owners may exercise their rights under the KVKK regarding their data by making an application in writing or using other methods to be determined by the Board. In this context, Dataguess must take administrative and technical measures to fulfill its obligations under Article 13 of the KVKK.

​

Within the scope of KVKK, personal data owners have the following rights:

​

- To learn whether personal data is processed or not,

- Request information if their data has been processed,

- To learn the purpose of processing personal data and whether they are used for their intended purpose,

- To know the third parties to whom personal data are transferred domestically or abroad,

- To request correction of personal data in case of incomplete or incorrect processing,

- Although it has been processed by the provisions of KVKK and other relevant laws, to request its deletion or destruction in case the reasons requiring its processing disappear,

- In case of correction, deletion, or destruction of personal data, to request notification of these transactions to third parties to whom personal data are transferred,

- To object to the emergence of a result to the detriment of the person by analyzing the processed data exclusively through automated systems,

- You have the right to demand compensation for damages in case of loss due to unlawful processing of personal data.

​

Only requests for personal data subjects submitted to Dataguess in writing are processed.

Depending on the nature of the request, the relevant request must be answered as soon as possible and within 30 (thirty) days at the latest. In cases where the application is rejected, the response to the application is deemed inadequate, or the response is not given in due time, the applicant has the right to file a complaint to the Personal Data Protection Board within 30 (thirty) days from the date of learning the response and in any case within 60 (sixty) days from the date of application.

 

​

9 PROCEDURE FOR THE EVALUATION OF THE APPLICATION OF PERSONAL DATA SUBJECTS

 

For the response period specified in Article 8 of the Policy to start, the requests made in writing and with a wet signature should be sent to "Zümrütevler Mah. Nazmi İlker Sokak, No:3 Maltepe, İstanbul" by hand or through a notary public or other methods determined by the Personal Data Protection Board, together with information and documents certifying the identity of the applicant. The relevant transaction is applied if the request is accepted and a written or electronic notification is made. If the request is rejected, the applicant is notified in writing or electronically by explaining the reason.

​​

​

10 STORAGE OF PERSONAL DATA

 

Dataguess, except for the periods stipulated by the legislation, does not process personal data 
for the period required by its purpose.

​

The purposes of processing personal data are explained in 4 articles and are stored for the same purposes.

 

Although it has been processed per the provisions of KVKK and other relevant laws, personal data shall be deleted, destroyed, or anonymized by the data controller ex officio or upon the data subject's request if the reasons requiring its processing disappear. The provisions of other laws regarding the deletion, destruction, or anonymization of personal data are reserved.

​

Dataguess establishes and uses technical infrastructure systems and ensures strict compliance with the provisions of the legislation and the decisions of the Personal Data Protection Board in terms of destruction, deletion, or anonymization. This commitment to compliance should reassure you of our dedication to data protection.

​​

​

11 DATA SHARING CONDITIONS

 

For personal data to be shared, one of the following conditions must be met:

​

a) The explicit consent of the data subject has been obtained,

b) It is explicitly stipulated in the law,

c) Those who are unable to disclose their consent due to actual impossibility or whose consent is legally required the life or bodily integrity of the person to whom the validity is not recognized or of another person

c) It is necessary for the protection of the life or physical integrity of the person who is unable to disclose their consent due to actual impossibility or whose consent is not legally valid,

d) Provided that it is directly related to the conclusion or performance of a contract, it is necessary to process the personal data of the parties to the agreement,

e) It is mandatory for the data controller to fulfill its legal obligation,

f) It has been made public by the person concerned,

 

Data processing is mandatory for the establishment, exercise or protection of a right, such as in legal disputes or for the defense of legal claims.

​

Data processing is mandatory for the data controller's legitimate interests, which may include business operations, marketing, or other legitimate interests, provided that it does not harm the fundamental rights and freedoms of the data subject.

​

Dataguess may transfer personal data based on the legal grounds that it is explicitly stipulated in the law, the data controller must fulfill its legal obligations, and it is necessary to process the personal data of the parties to the contract provided that it is directly related to the establishment or performance of a contract. It is mandatory for the data controller's legitimate interests, provided that it does not harm your fundamental rights and freedoms. In this direction, it may transfer personal data in a limited and proportionate manner within the scope of the purposes of acting by the law, fulfilling legal obligations, ensuring the establishment or performance of a contract, and ensuring its legitimate interests, provided that it does not harm fundamental rights and freedoms, fulfilling the requirements of employment contracts, fulfilling legal obligations, making legally required reporting and examinations, declaring invoices, providing price offers, fulfilling tax obligations, ensuring order and security in the workplace. For these purposes, personal data are shared with the following organizations:

​

- Our business partners

- Public institutions and organizations

- Legally authorized private law persons

- Our Suppliers

- Judicial authorities, law enforcement agencies, judicial bodies, if necessary/requested

​

Dataguess takes technical measures including but not limited to those listed above:

​

- It takes in-house technical measures for the processing and storage of personal data by the legislation and creates a technical infrastructure to ensure security,

- Periodically update and renew technical measures,

- Virus protection systems, firewalls, and similar security applications.

​

Dataguess takes administrative measures including but not limited to those listed above:

​

- It establishes personal data access policy and procedures within the company,

- Informs and trains its personnel on the lawful processing, storage, and protection of personal data,

- It determines the measures to be taken in the unlawful processing of personal data.

​

​

12 UPDATES

 

Dataguess reviews and updates this Policy at least once a year when necessary and if required by changes in legislation.