Website Visitor Privacy Notice

In this Privacy Notice, the principles regarding the processing of your personal data by Sabancı Digital Technology Services Inc. ("Booxpace" and/or "Company"), located at "Küçük Çamlıca Mahallesi, Kısıklı Caddesi, No. 56, Üsküdar/Istanbul/Turkey" in accordance with the Law No. 6698 on the Protection of Personal Data ("Law") and related legislation are stated below.

1. Purpose of Processing Personal Data

Your personal data obtained as a result of your visit to our website may be processed by our Company for the following purposes:
  • Upon request through the contact section and/or social media accounts,
  • Conducting necessary activities by our business units to benefit individuals from the services offered by our Company,
  • Execution of related business processes, provision of information, consideration of wishes/suggestions, and enabling complaints to be lodged,
  • Planning and execution of activities necessary for customizing the services offered by our Company according to the preferences, usage habits, and needs of the relevant individuals, and for their promotion and introduction,
  • Conducting necessary activities by our relevant business units for the realization of commercial activities carried out by the Company and the execution of related business processes, planning, and execution of the Company’s business strategies,
  • Planning and execution of the Company’s commercial and/or business strategies,
  • Sending commercial electronic messages and benefiting from our e-bulletin services if you give your explicit consent,
  • Ensuring the legal, technical, and commercial-business security of the Company and the individuals in business relationship with the Company.

2. Method of Collection and Legal Basis for Processing Personal Data

Your personal data is collected by our Company through technical communication files known as cookies when you visit our website, and it is collected in whole or in part by automated methods as part of the data recording system, in written and electronic media in accordance with the purposes stated in this Privacy Notice. For detailed information about cookies, please review the Cookie Information Notice. In addition to cookies, your personal data collected through non-automated methods by filling out forms on the website.

Your personal data is processed based on the legal grounds listed below:
  • Pursuant to Article 5/2 (a) of the Law, where it is explicitly prescribed in laws,
  • Pursuant to Article 5/2 (c) of the Law, where it is necessary for the data controller to fulfill its legal obligations,
  • Pursuant to Article 5/2 (f) of the Law, where it is necessary for the processing of data for the legitimate interests of our Company, provided that it does not harm your fundamental rights and freedoms,
  • Obligation to store traffic data within the scope of the Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed Through These Publications.

3. Places Where Processed Personal Data is Transferred and Purpose of Transfer

Your obtained personal data may be transferred to our business partners (external service providers, hosting service providers), company subsidiaries, and legally authorized public institutions and private individuals in accordance with the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law, in line with the purposes of processing your personal data.

4. Ways to Apply to the Data Controller and Your Rights

In accordance with Article 11 of the Law, you have the right to apply to our Company and: a) learn whether your personal data is being processed, b) request information if your personal data has been processed, c) learn the purpose of processing and whether it is being used in accordance with its purpose, d) learn the third parties to whom your personal data is transferred domestically, e) request correction if your personal data is incomplete or inaccurate, f) request deletion or destruction of your personal data in accordance with the conditions stipulated in Article 7 of the Law, g) request notification of the operations carried out pursuant to subparagraphs (e) and (f) to third parties to whom your personal data has been transferred, h) object to the emergence of a result against you due to the analysis of your personal data exclusively through automated systems, i) demand compensation for damages in case you incur damages due to unlawful processing in accordance with the Law.

You can send your requests for information and application regarding the rights mentioned above to our Company in accordance with the Data Controller Application Procedure and Principles Notification. You can send your information and application requests to the address "Küçük Çamlıca Mahallesi, Kısıklı Caddesi, No. 56, Üsküdar / Istanbul / Turkey" or to our email address sabancidijital.kvk@sabancidijital.hs03.kep.tr and direct them to us.

Our Company will conclude your requests free of charge within the shortest time and no later than thirty days at the latest, depending on the nature of the request. However, a fee may be charged if the transaction requires an additional cost. Our Company may accept and implement the request or reject the request in writing with an explanation of the reasons.

In cases where the application is rejected following the procedure mentioned above, the response is found insufficient, or no response is provided within the specified period, you have the right to file a complaint with the Personal Data Protection Board ("Board") within thirty days following the notification of the response and in any case within sixty days from the date of application. However, the complaint cannot be filed without exhausting the application process.

The Board conducts the necessary examination in matters falling within its jurisdiction upon a complaint or upon learning of an alleged violation. Upon receipt of a complaint, the Board examines the request and provides a response to the relevant parties. If no response is provided within sixty days from the date of the complaint, the request is deemed rejected. Following the examination conducted upon a complaint or ex officio, if the existence of a violation is determined, the Board decides on the rectification of the identified legal violations by the data controller and notifies the relevant parties. This decision is implemented without delay and no later than thirty days from the date of notification. In cases where it is difficult or impossible to remedy the damages and there is a clear violation of the law, the Board may decide to suspend the processing of data or the transfer of data abroad.

We thank you for the trust you have placed in us and assure you that your data is carefully protected within our Company.