As Sabancı Dijital Teknoloji Hizmetleri A.Ş. (“Company”), we take the utmost care to keep your personal data safe. As the data controller, our Company is obligated under Article 10 of Personal Data Protection Law No. 6698 (“Law”) to clarify how we collect your personal data and the legal basis for this, for what purposes we process your personal data, to whom we transfer your data and why, as well as explain your rights as a data subject. Thus, the information regarding Company's data collection method and legal reason, its purposes in processing your personal data, the parties it transfers your personal data to and its reasons, and the rights that you may exercise as the data subject are given below.

1. Personal Data Collection Method and Legal Basis

Personal Data Collection Method: Our company obtains your personal data by direct disclosure by you when you fill out the "Contact Form" on our website.

Legal Basis: Your personal data that you have transferred to us by filling out the Contact Form on our website at your own initiative is processed towards responding to your offers, suggestions, complaints and information requests that you have forwarded to our company, contacting you again in these matters, managing customer satisfaction processes based on the fact that data processing is mandatory for the establishment and performance of the contract (c) specified in the 2nd paragraph of Article 5 of the Law No. 6698, and within the legal reason of legitimate benefits of our company (f).
The contact form in question asks you not to share sensitive personal data in any way. But should you share sensitive personal data at your own request, these data will be processed accordingly based on the legal grounds of explicit consent as specified in Article 6 of the Law.

2. Purpose of Processing Personal Data:

We process your personal data within the legal bases specified above so we can respond to the offers, suggestions, complaints, and requests for information you submitted to our Company, to get back in touch with you regarding these matters, to inform you regularly about goods and services in line with your requests, to manage customer satisfaction processes, to respond to your business partnership requests regarding our services and to contact you about this, for marketing, advertising, research, and to fulfill the legal obligations stipulated in the legislation that our Company is subject to. Moreover, your personal data will be processed so we can inform you regularly about the goods and services we offer; if you exercise your right to refuse these messages, our Company will stop sending them.

3. Places and Purpose of Transfer of Personal Data:

Per the basic principles in the Law and Article 8 and 9 of the Law, our Company can share your personal data with the suppliers and business partners that offer their services or cooperation to the company to answer and conclude the requests you submitted to our Company, to contact you, to inform you about our goods and services per your requests; we can share anonymized personal data with Hacı Ömer Sabancı Holding A.Ş., with which we are affiliated, the group companies and our business partners for necessary auditing and reporting; with third parties such as regulatory supervisory bodies and legally authorized official authorities and real persons, and they may be transferred domestically as stipulated in the Law and abroad to benefit from cloud computing technology, dependent on your explicit consent per the conditions in Article 9 of the Law. Our Company acts in accordance with Articles 8 and 9 of the Law when transferring your personal data and takes all necessary technical and administrative measures to protect your data as required.

4. Ways to Apply to the Data Controller and Your Rights:

Pursuant to Article 11 of the Law, you have the right to petition our Company a) to learn whether your personal data have been processed or not; b) if they have been processed, to request information about this processing; c) to learn the purpose for processing and whether your personal data are being use in line with this purpose; d) to learn the parties to whom your data were transferred abroad; to request rectification of data processed incompletely or inaccurately; f) to request deletion/destruction within the conditions stipulated in Article 7 of the Law; g) to ask that the persons to whom the data were transferred be informed of the processes carried out under points e) and f) above; h) to object to any unfavorable outcome due your processed personal data being analyzed solely by automatic systems; i) to claim compensation for losses arising from the unlawful processing of your personal data.

You can submit your applications to exercise your rights listed above by filling out the Data Subject Application Form, which you can find on our website, and posting it to Küçük Çamlıca Mahallesi, Kısıklı Caddesi, No. 56, Üsküdar/İSTANBUL or sending it to the registered electronic mail address.

Our Company will resolve your requests as soon as possible and within 30 days at the latest depending on the nature of the request. A fee may be charged if the procedure requires an additional cost. Our Company may accept and process the request or it may reject it, explaining why in writing.

If the application made by following the above-mentioned procedure is rejected, you find the response insufficient or the application is not responded to in time, you have the right to lodge a complaint with the Personal Data Protection Board (“Board”) within 30 days of receiving the response and in any case within 60 days of the date of application. No complaint can be filed until all avenues of appeal are exhausted.

Upon receiving a complaint or learning of the violation claim ex officio, the Board shall make the necessary examination of the matters within its purview. Upon receiving a complaint, the Board shall examine the request and send a response to the relevant parties. If no response is provided within 60 days of the date of the complaint, the request shall be deemed to have been rejected. If a violation is found as a result of the examination made upon the complaint or ex officio, the Board shall decide that the illegalities it detected will be eliminated by the data controller and shall notify the issue to the relevant parties This decision shall be exercised without delay following notification and within 30 days at the latest. The Board may decide to suspend the processing of data or the transfer of data abroad in the event of irreparable damage and if there is an explicit violation of the law.

We assure you that our Company protects your data diligently, and we thank you for trusting us.