Privacy Policy and Personal Data Disclosure Statement
Updated on: 20 November 2024
This User Privacy Policy and Personal Data Disclosure Statement (“Policy”) has been prepared to inform and enlighten users about the terms and conditions regarding the use of any data obtained and/or to be obtained from users while using the website operated by İdesse Danışmanlık Yazılım Üretim Sanayi ve Ticaret Limited Şirketi (“Idesse” or the “Company”), located at Yıldız Posta Cad. Akın Sitesi B Blok No. 8/34, Şişli. The policy outlines how the data is processed and used.
Idesse, as the data controller, is obligated under the Law to inform and notify Data Subjects whose personal data will be processed at the time of collection, in accordance with Article 10 of the Law. The scope of this disclosure obligation is as follows:
• Identity of the data controller and, if applicable, its representative,
• The purpose of processing personal data,
• To whom and for what purposes the processed personal data may be transferred,
• The method and legal basis for collecting personal data,
• The rights of the data subject as specified in Article 11 of the Protection of Personal Data (KVKK).
Idesse can only be considered a data controller under applicable regulations for Personal Data explicitly stated in this Policy, along with its purposes and legal grounds. This is because Idesse processes Personal Data not specified in this Policy solely based on the User's authorization and on their behalf, within the scope of the services it provides in relation to the use of the Site.
Idesse values the privacy of personal data and strives to maintain transparency in data storage. This Policy serves as a privacy statement, outlining the types of data collected, how this data is used, with whom this data may be shared, when necessary, what rights individuals have regarding their personal data, wow these rights can be exercised, and Idesse’s principles concerning privacy. The Site may contain links to other websites that are not created by Idesse, whose full details are unknown, and whose content is not controlled by Idesse. These linked websites may have different policies from those of Idesse. Idesse cannot be held responsible for the use or disclosure of any information processed by these third-party websites. In this Policy:
Terms of Use: Refers to the Terms of Use available on the Site, which Users accept by accessing the Site.
Data Subject: Refers to the natural person whose personal data is processed.
Personal Data: Refers to any information relating to an identified or identifiable natural person.
Processing of Personal Data: Refers to any operation performed on personal data, whether fully or partially automated or non-automated, provided that it is part of a data recording system. This includes collection, recording, storage, retention, alteration, reorganization, disclosure, transfer, acquisition, making data available, classification, or prevention of use.
Law and/or KVKK: Refers to Law No. 6698 on the Protection of Personal Data (KVKK).
User(s): Refers to individuals who access the Site, browse any section of the Site, or perform any action on the Site.
Site: Refers to the website and associated web applications accessible via https://idesse.com.tr/, which Users utilize to review and benefit from service descriptions.
1. Methods of Collecting Personal Data and Legal Grounds
Information that Data Subjects send, share, and/or provide in an accessible form while accessing the Site, or that is automatically collected through the Site, may fall under the scope of personal data.
If you benefit from any of the services offered on the Site or access the Website, we may collect the following information about you:
• Request/Contact Form Records: If Users contact İdesse through the Contact Form, we may collect the User's name, surname, email address, job title, and phone number.
• Device Data: Data such as your IP address, operating system version, device type, system and performance information, and browser type is collected from the devices and applications you use to access service descriptions.
• Usage Data: Whenever you use the Site or access it without utilizing its services, usage data is collected about you. This may include information such as the pages you visit, the items you click on, and the timestamps of these actions. Additionally, it includes data related to each access, such as source IP addresses, internet service providers, files viewed on the Site (e.g., HTML pages, graphics, etc.), operating system versions, and timestamps.
a) Data Categories and Data Types
| Identity Information | Name, Surname (in case of a support request) |
| Contact Information | Email address, phone number (in case of a support request) |
| Customer Transaction | Subject of the support request |
| Transaction Security | PC/System and Application User Transaction Data (username and password), Internet Traffic Data (network activity, IP address, visit data, time and date information), Device Information, Log Records, and other User Transaction Data. |
b) Legal Grounds and Purposes of Processing
Your personal data, as specified above, may be processed in accordance with the conditions and principles set forth in Article 4 of the KVKK, as well as the personal data processing conditions outlined in Articles 5 and 6 of the KVKK. In this context, we process our visitors' transaction security data based on the following legal grounds:
• If the processing of personal data is explicitly provided by law,
• If it is necessary to fulfill our legal obligations,
• If processing is mandatory, provided that it does not harm your fundamental rights and freedoms.
Additionally, we process your personal data for the following purposes:
• Execution of information security processes,
• Conducting audit/ethics activities,
• Managing access authorizations,
• Execution and supervision of business activities,
• Ensuring business continuity,
• Providing information to authorized persons, institutions, and organizations.
Idesse will make every effort to prevent the unlawful processing and storage of your personal data and to ensure that your personal data is not accessed unlawfully. Each time you visit the Site, information such as your IP address, operating system, connection time and duration, and similar data is automatically recorded. These data, when obtained without your explicit consent, may be used in an anonymous form.
The information collected by Idesse may be used in aggregate form to optimize and improve the Site and to enhance its database, thereby improving the services offered to users accessing the Site. Idesse may utilize this data for website management, security, research, and analysis purposes.
2. Recipients and Purposes of Personal Data Transfer
Your collected personal data may be transferred, processed, and stored on servers located outside of your country for storage purposes or for the lawful purposes outlined in this document. Idesse may transfer Personal Data, including User information, to another country or jurisdiction that may not have the same or similar data protection laws as the one in which the User resides. In doing so, Idesse complies with the obligations set forth in the applicable regulations. As a result, your personal information may be subject to different privacy rules than those in your country of residence. However, your data will still be processed strictly within the scope of this document.
Idesse may share your personal data with service providers that support its operations, taking into account its legal obligations. These may include IT centers, third-party business partners providing services under agreements between you and Idesse, or customer service centers. These service providers are obligated to protect the confidentiality and security of this information.
Idesse may share your personal data with public institutions and authorities authorized to request such data in order to fulfill its legal obligations. This includes situations where there is a legal duty to provide information, such as crime prevention, anti-money laundering, counter-terrorism financing, crime enforcement, and threats to national and public security.
3. Cookies
Cookies are small data files stored on a device when Users access the Site to recognize returning visitors. Depending on the purpose of use, each cookie has a defined expiration period. Idesse uses cookies for several reasons, including:
• For Security Reasons: Cookies may be used to authenticate your identity.
• To Provide Personalized Content: Cookies can store user preferences, such as default language settings, to customize the content you view.
• To Improve Services: Cookies can be used to measure how you use the Site, track referral data, and sometimes display different content versions for testing and optimization purposes.
4. Rights of the Data Subject
The rights of the Data Subject under Article 11 of the Law are as follows:
• To learn whether their personal data has been processed,
• To request information if their personal data has been processed,
• To learn the purpose of processing their personal data and whether it is used in accordance with its purpose,
• To know the third parties to whom their personal data has been transferred, whether domestically or internationally,
• To request the correction of their personal data if it has been incompletely or incorrectly processed, and to request that this correction be notified to third parties to whom the data has been transferred,
• To request the deletion, destruction, or anonymization of their personal data if the reasons requiring its processing no longer exist, and to request that this action be notified to third parties to whom the data has been transferred,
• To object to a result that arises against them due to the exclusive analysis of processed data through automated systems,
• To demand compensation for damages suffered due to the unlawful processing of their personal data.
As Data Subjects, to submit your requests regarding your rights and exercise your rights over your personal data, you may physically submit a written request to Idesse’s address mentioned above, send an email from your registered electronic mail (KEP) address or with a secure electronic signature or mobile signature to the Company’s registered electronic mail address, or send an email to [email protected] using the email address previously provided to us and recorded in our systems. Your request must comply with the minimum application requirements set forth in the applicable regulations. Upon submission, necessary changes, updates, and/or deletion processes will be carried out accordingly.
If you submit your request in compliance with the minimum application requirements specified in the Communiqué on the Procedures and Principles of Application to the Data Controller, Idesse will process your request as soon as possible and no later than thirty (30) days, depending on the nature of the request.
