LPPD
Privacy and Data Policy on the Processing and Protection of Personal Data
IDENTITY OF THE DATA CONTROLLER
As Ankaref Innovation and Technology Inc. (“Company”), we attach importance to the security and privacy of your personal data. In this respect, with regards to the personal data you provide to us and the personal data we process, as “Data Controller” under Law No. 6698 on the Protection of Personal Data (“Law”), we hereby present to you the following in order to fulfill the disclosure obligation arising from Article 10 of the Law.
PURPOSES OF PROCESSING PERSONAL DATA
Your personal data is collected and processed for the following purposes: carrying out the commercial activities conducted by our Company and related business processes, managing and executing relations with business partners and/or suppliers, technical management of our Company’s websites, customer management and tracking of complaints, product surveys and follow-up of questions you submit to our Company, providing information about the content of our products and services, ensuring customer satisfaction, managing customer complaints and requests, managing customer relations, conducting administrative operations related to communication carried out by our Company, following up contract processes and/or legal claims, conducting research and development activities, planning and conducting corporate communication and corporate governance activities, carrying out information security management services, determining and implementing our Company’s commercial and business strategies, creating and monitoring visitor records, fulfilling legal obligations in accordance with the purposes notified to the data subject at the time of data collection, and as required or mandated by applicable legislation. Your personal data is processed within the conditions and purposes of personal data processing set forth in Articles 5 and 6 of KVKK and limited to the purposes described above.
TRANSFER OF PERSONAL DATA AND PURPOSES OF TRANSFER
Personal data collected may be shared, within the framework of the conditions and purposes of personal data processing set forth in Article 8 of the Law and for the purposes specified in this Policy, with: domestic official institutions and organizations, law enforcement agencies, courts, and enforcement offices, domestic third-party natural and legal persons with whom we cooperate, service provider companies and their officials, business partners, shareholders of our Company, suppliers, and support service providers, domestic persons and institutions providing cloud data storage services. Your personal data may also be transferred abroad within the scope of the conditions specified in Article 9 of the Law, limited to the purposes specified in this Policy, through third-party cookies activated upon your approval of this Policy and/or by changing cookie preferences through your browser (e.g., Google cookies), and limited to the data accessible by such cookies.
Your personal data may also be transferred abroad within the scope of the conditions specified in Article 9 of the Law, limited to the purposes set forth in this Policy, through third-party cookies activated upon your approval of this Policy and/or by changing your browser’s cookie preferences (e.g., Google cookies), and limited to the data accessible by such cookies. For detailed information regarding our cookie practices, please review our our Cookie Policy.
METHODS AND LEGAL GROUNDS FOR COLLECTING PERSONAL DATA
Your personal data is collected verbally, in writing, or electronically through: Cookies created by our website, Third-party tracking cookies, Website usage measurement systems, Log records kept in line with our obligations under Law No. 5651 on the Regulation of Publications on the Internet, Other documents submitted by the relevant individual via the communication section of our website.
The personal data obtained through these methods are processed in accordance with Articles 5 and 6 of the KVKK and the fundamental principles of personal data protection law.
HOW DO WE STORE YOUR PERSONAL DATA?
Your personal data shared with our Company is stored on secure domestic servers, in accordance with legal regulations, KVKK provisions, and Company policies.
HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
In compliance with KVKK, once the purpose requiring processing is eliminated and/or the statutory limitation periods for processing have expired, your personal data will be deleted, destroyed, or anonymized by us.
SECURITY MEASURES FOR YOUR PERSONAL DATA
Our Company takes all necessary technical and administrative measures, within the limits of available technology, to prevent unlawful processing of personal data and ensure secure storage.
RIGHTS OF DATA SUBJECTS
Pursuant to Article 11 of the KVKK, everyone has the right to apply to the data controller and request:
To learn whether their personal data is processed,
To request information if personal data has been processed,
To learn the purpose of processing and whether it is used in line with such purpose,
To know the third parties to whom personal data is transferred domestically or abroad,
To request the correction of incomplete or incorrect data,
To request deletion or destruction of data within the framework of Article 7,
To request notification of the actions taken as per (d) and (e) above to third parties to whom data has been transferred,
To object to results arising against themselves through analysis of data exclusively by automated systems,
To request compensation if they suffer damages due to unlawful processing of personal data.
HOW CAN YOU EXERCISE YOUR RIGHTS?
You may submit your applications regarding the rights listed above to the Data Controller by filling out the Application Form, which you can access here.
According to the Communiqué on the Procedures and Principles of Application to Data Controller, applications must include: name, surname, signature if the application is in writing, Turkish ID number (or passport number if foreign), residential or workplace address for notification, email address (if available), telephone and fax numbers, and details of the request.
The Data Subject must clearly and explicitly state the matter requested in the application, including explanations regarding the right they wish to exercise, and must attach the relevant information and documents to the application.
The subject of the request must concern the applicant personally; however, if acting on behalf of another person, the applicant must be specifically authorized in this regard and provide documentation of such authorization (special power of attorney). In addition, the application must include the applicant’s identity and address information, and documents verifying their identity must be attached.
Requests made by unauthorized third parties on behalf of others will not be considered.
RESPONSE TIME TO YOUR REQUESTS
Requests regarding your personal data will be evaluated and responded to within 30 days at the latest from the date of receipt. However, if the process incurs an additional cost, our Company may charge the fee determined by the Personal Data Protection Board.
If your application is evaluated negatively, the justified reasons for rejection will be sent to the address you provided in the application, primarily via electronic mail or postal service, or by one of the methods selected in the Application Form.
CONTACT INFORMATION OF THE DATA CONTROLLER
Ankaref İnovasyon ve Teknoloji A.Ş.
ODTÜ Teknokent İkizler Blok, 1.Kat, No:3 Çankaya Ankara Türkiye
Tel : +312 299 2164
E-posta : ankarefino@hs01.kep.tr