GDPR General Clarification Text

APIFORT SOFTWARE AND SECURITY SYSTEMS INC WEBSITE PRIVACY NOTICE
ON THE PROCESSING OF PERSONAL DATA

DEFINITON

Within the scope of this Policy:

Personal Data: Any information relating to an identified or identifiable natural person.

Law on the Protection of Personal Data (“PDPL”): The Law on the Protection of Personal Data No. 6698, which was published in the Official Gazette and entered into force on April 7, 2016.

Apifort Software: APİFORT YAZILIM VE GÜVENLİK SİSTEMLERİ A.Ş., residing at the address Çifte Havuzlar Mah. Eski Londra Asfaltı Cad. Kulukça Mrk. A1 blok No: 151/1C İç Kapı No: B34 Esenler/İSTANBUL.

Data Processor: The natural or legal person who processes Personal Data on behalf of the Data Controller based on the authority granted by the Data Controller.

Data Controller: The natural or legal person who determines the purposes and means of processing Personal Data and is responsible for the establishment and management of the data filing system.

DATA CONTROLLER

As Apifort Yazılım ve Güvenlik Sistemleri A.Ş. (“Apifort Software”), we attach utmost importance to the security and privacy of your personal data. This information text has been prepared to clarify that, acting in our capacity as a “Data Controller” under the PDPL, our responsibilities—such as the collection, preservation, transfer in accordance with the legislation, and retention period of personal data, as well as the rights of data subjects—are implemented within the framework of legislative provisions.

PERSONAL DATA AND PURPOSES OF PROCESSING

Apifort Software may process your personal data (visitor name and surname, phone number, e-mail address, delivery address, website access-egress information, IP address information, data obtained through our cookies, your requests, and suggestions) in order to continue its operations and in accordance with the principles and procedures stipulated by the PDPL and other relevant laws and regulations.Personal data related to our stakeholders may be collected through direct or indirect methods, via Apifort units, the website, social media, and similar channels in written, oral, or electronic form. Personal data obtained within the scope of the PDPL may be processed for the purposes listed below:

  • To sustain activities in line with the founding purposes stated in Apifort’s articles of association.
  • To fully and duly fulfill contractual and legal obligations.
  • To track finance and/or accounting affairs.
  • To execute legal transactions and follow up on legal processes.
  • To plan and carry out human resources processes and activities.
  • To plan, audit, and execute information technology and information security processes.
  • To perform quality and standard audits and improvements.
  • To ensure company and personnel security.
  • To ensure coordination in processes related to visitors, customers, and other participants.
  • To develop and diversify the support and services provided.
  • To evaluate and respond to suggestions, wishes, complaints, and requests submitted by corporate stakeholders and visitors through any channel, and to undertake improvement efforts based on such feedback.
  • To negotiate, conclude, and perform contracts.
  • To provide products and services.
  • To provide remote support services and monitor content.
  • To manage commercial relationships with collaborating firms, suppliers, resellers, and service providers.
  • To manage judicial/administrative processes, respond to requests from public institutions, fulfill legal obligations arising from legal regulations, and resolve legal disputes.
  • To manage investor relations.
  • To feature employees of Apifort Software companies, Natural Person Resellers/Customers, and Reseller/Customer Representatives in social media posts.
  • To conduct job interviews and evaluate job applications.
  • To establish, execute, and terminate employment relationships/contracts.
  • To evaluate the partnership application process for resellers.
  • To develop the Company’s commercial strategies and create plans.
  • To analyze the use of the Website.
  • To evaluate and respond to all questions, requests, suggestions, complaints, and applications submitted in writing, orally, or electronically, including those related to personal data.

METHOD OF COLLECTION OF PERSONAL DATA AND LEGAL REASON

Your personal data is processed based on the following legal grounds as stated in Articles 5 and 6 of the Law:

  • Your explicit consent, where it is mandatory to obtain the explicit consent of the data subject.
  • Explicitly stipulated in the law.
  • It is necessary to process the personal data of the parties to a contract, provided that it is directly related to the establishment or performance of that contract.
  • It is necessary for the data controller to fulfill its legal obligations,
  • It is necessary for the establishment, exercise, or protection of a right.
  • It is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

We can collect and process your personal data within the framework stipulated in Articles 5, 6, and 8 of the Law. This collection may occur during communication with and/or the establishment of a legal relationship with Apifort Software and throughout the continuation of said relationship. Data can be collected from the data subjects themselves, third parties including solution partners with whom Apifort Software collaborates or has a contractual relationship, and legal authorities. Data is gathered through channels such as call centers, camera and voice recordings, application forms, website membership and contact forms, the internet, mobile applications, websites, e-newsletter subscription forms, cookies, social media and other public channels, or organized training sessions, meetings, organizations, and similar events. Collection methods can be written, oral, electronic, via audio/video recording, or by physically meeting with you. Personal data collected through these methods may be processed and transferred for the purposes specified in this text, within the framework of the conditions for processing personal and special categories of personal data set forth in the Law.

TRANSFER OF PERSONAL DATA

When transferring personal data domestically and abroad, Apifort acts in accordance with the provisions defined in Articles 8 and 9 of the Law. In cases where it is necessary for Apifort to carry out its services more effectively and to fulfill legal requirements, this data may be shared with authorized domestic public institutions and organizations, law enforcement agencies, courts and enforcement offices, legally authorized private legal entities, related third-party natural and legal persons, audit firms, customers, shareholders, judicial authorities and public authorities, service provider companies and their officials, project partners, suppliers and support service providers in accordance with the relevant laws, regulations, and protocols.

YOUR RIGHTS AS A DATA SUBJECT UNDER THE PDPL

Data subjects who apply to Apifort under Article 11 of the Law have the right to:

  • Learn whether their personal data is being processed.
  • Request information if their personal data has been processed.
  • Learn the purpose of the processing of their personal data and whether it is being used in line with that purpose.
  • Know the third parties to whom their personal data has been transferred domestically.
  • Request the correction of their personal data if it is incomplete or has been processed incorrectly and request that the action taken in this context be notified to the third parties to whom the personal data has been transferred.
  • Request the deletion, destruction, or anonymization of their personal data in the event that the reasons requiring its processing cease to exist to be evaluated within the principles of purpose, duration, and legitimacy, and request that the action taken in this context be notified to the third parties to whom the personal data has been transferred.
  • In the event that their processed personal data is analyzed through automated systems, to object to this result in the event that a result arises against them.
  • In the event that their personal data is processed unlawfully and they suffer damage due to this, they have the right to demand the compensation of the damage.

However, pursuant to the provision of Article 28/2 of the Law on the Protection of Personal Data, you may not exercise the rights listed above, except for the right to demand compensation for damages, in the following cases:

  • The processing of personal data is necessary for the prevention of a crime or for a criminal investigation.
  • The processing of personal data that has been made public by the data subject themselves.
  • The processing of personal data is necessary for the execution of supervisory or regulatory duties and disciplinary investigation or prosecution by the authorized and authorized public institutions and organizations and professional organizations in the nature of public institutions based on the authority granted by law
  • The processing of personal data is necessary for the protection of the economic and financial interests of the State with regard to budgetary, tax, and financial matters.

OUR CONTACT ADDRESS FOR YOUR REQUESTS

In accordance with Article 13, paragraph 1 of the PDPL, you may submit your request to exercise your rights mentioned above by sending an e-mail to the address …….. as specified in the “Application and Information Request Form” available on our website, or by applying in writing with a wet-ink signature on a petition to the Human Resources Department. If you wish to exercise this right through a proxy, a copy of the power of attorney containing specific authorization must be attached to the form.

In accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller,” the Data Subject’s application must contain their name, surname, signature if the application is in writing, T.R. identity number (passport number if the applicant is a foreigner), primary residential or business address for notifications, e-mail address for notifications telephone number, and fax number, as well as information regarding the subject of the request.

In cases such as the submission of incomplete or incorrect information, the request not being expressed clearly and comprehensibly, failure to provide supporting documents for the request and your identity, or failure to attach a copy of the power of attorney for applications made by proxy, we may have difficulty in meeting your requests, may evaluate your request negatively, or there may be delays in the investigation process. Therefore, it is important that you adhere to these points when exercising your rights. Our company will not be responsible for any delays that may occur otherwise. Our company reserves its legal rights against erroneous, unlawful, or malicious applications.