Privacy Policy
In this Privacy Notice, the principles regarding the processing of your personal data by Sabancı Digital Technology Services Inc. ("Booxpace" and/or "Company"), located at "Küçük Çamlıca Mahallesi, Kısıklı Caddesi, No. 56, Üsküdar/Istanbul/Turkey" in accordance with the Law No. 6698 on the Protection of Personal Data ("Law") and related legislation are stated below.
1. Purpose of Processing Personal Data
Your personal data, such as name, surname, email address, and company information, obtained as a result of registering/becoming a member of our company's application, are processed for the purposes of benefiting from our services within the scope of membership and business activities, tracking and analyzing business development projects in this field, carrying out the necessary work by our relevant business units for the execution of commercial activities conducted by the Company, managing contractual processes, benefiting from the application and improving the application, and conducting communication activities.
2. Method of Personal Data Collection and and Legal Basis
Personal data collected for application membership are collected as part of the contractual relationship between your company and our Company, shared with our Company, and collected verbally/in writing in electronic and/or physical environments, using non-automatic or partially automatic methods as part of the data recording system.
The Company processes personal data based on the legal reasons of necessity for the establishment or performance of a contract, necessity for the data controller to fulfill its legal obligation, necessity for the establishment, use, or protection of a right, and necessity for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject, in accordance with Articles 5/2 (c), 5/2 (ç), 5/2 (e), and 5/2 (f) of the Law.
The Company processes personal data based on the legal reasons of necessity for the establishment or performance of a contract, necessity for the data controller to fulfill its legal obligation, necessity for the establishment, use, or protection of a right, and necessity for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject, in accordance with Articles 5/2 (c), 5/2 (ç), 5/2 (e), and 5/2 (f) of the Law.
3. Places Where Processed Personal Data is Transferred and Purpose of Transfer
The purpose of processing personal data aligns with the purpose of transfer data. Our Company may transfer the collected personal data to its business partners, and affiliates with whom it collaborates to carry out its operations, to business partners providing support for the infrastructure of the website and/or application, to legal advisors, and, upon request, to official authorities, public institutions and organizations. This transfer is carried out in accordance with the conditions and purposes of personal data processing outlined in Articles 8 and 9 of the Law.
4. Duration of Processing Personal Data
Your personal data obtained during our company activities are stored and destroyed in accordance with the general principles and regulations specified in our Company's retention and destruction policies and procedures prepared in accordance with the By-Law on Erasure, Destruction or Anonymization of Personal Data, and other relevant legislation.
In this context, your personal data will be destroyed if all of the personal data processing conditions listed above cease to exist. Your personal data will continue to be processed during the statutory limitation periods following the termination of your relationship with our Company. For your requests regarding the destruction of your personal data, please review the 5th section of this Privacy Notice.
In this context, your personal data will be destroyed if all of the personal data processing conditions listed above cease to exist. Your personal data will continue to be processed during the statutory limitation periods following the termination of your relationship with our Company. For your requests regarding the destruction of your personal data, please review the 5th section of this Privacy Notice.
5. Application Methods to the Data Controller and Your Rights
Pursuant to Article 11 of the Law, you have the right to apply to our Company and request the following regarding your personal data: a) To learn whether your personal data is processed, b) To request information if your personal data has been processed, c) To learn the purpose of processing your personal data and whether they are used in accordance with the purpose, d) To know the third parties to whom your personal data is transferred domestically or abroad, e) To request the correction of incomplete or incorrect processing of your personal data, f) To request the deletion or destruction of your personal data within the framework of the conditions stipulated in Article 7 of the Law, g) To request the notification of the transactions made pursuant to subparagraphs (e) and (f) to third parties to whom your personal data has been transferred, h) To object to the occurrence of a result against you due to the analysis of your personal data exclusively by automated systems, i) To request compensation for the damage if you suffer damage due to the unlawful processing of your personal data.
You can submit your information and application requests regarding your rights mentioned above to our Company in accordance with the principles and procesures specified in the Regulation on Application Procedures and Principles to the Data Controller. You can send your information and application requests to the address “Küçük Çamlıca Mahallesi, Kısıklı Caddesi, No. 56, Üsküdar / Istanbul / Turkey” or via email to sabancidijital.kvk@sabancidijital.hs03.kep.tr.
Our Company will conclude your requests as soon as possible and within thirty days at the latest, free of charge for the first request. However, a fee may be charged for subsequent requests on the same subject or if the first request requires an additional cost. Our Company may accept and process the request or reject the request in writing by explaining the reason.
In cases where the application is rejected, the response is found insufficient, or the application is not responded to within the time limit, you have the right to file a complaint with the Personal Data Protection Board (“Board”) within thirty days from the notification of the response and in any case within sixty days from the date of application. However, the complaint cannot be filed without exhausting the application remedy.
The Board conducts the necessary examination on matters within its jurisdiction upon complaint or ex officio when it learns of the alleged violation. The Board responds to the request by examining it upon complaint. If the request is not responded to within sixty days from the date of the complaint, the request is deemed to be rejected. If the violation is determined as a result of the examination conducted upon complaint or ex officio, the Board decides to eliminate the unlawfulness detected by the data controller and notifies the relevant parties. This decision is implemented without delay and within thirty days at the latest from the notification. The Board may decide to stop the processing of data or the transfer of data abroad in case of irreparable or impossible damages and clear unlawfulness.
We would like to state that your data is protected with care by our Company; thank you for your trust in us.
You can submit your information and application requests regarding your rights mentioned above to our Company in accordance with the principles and procesures specified in the Regulation on Application Procedures and Principles to the Data Controller. You can send your information and application requests to the address “Küçük Çamlıca Mahallesi, Kısıklı Caddesi, No. 56, Üsküdar / Istanbul / Turkey” or via email to sabancidijital.kvk@sabancidijital.hs03.kep.tr.
Our Company will conclude your requests as soon as possible and within thirty days at the latest, free of charge for the first request. However, a fee may be charged for subsequent requests on the same subject or if the first request requires an additional cost. Our Company may accept and process the request or reject the request in writing by explaining the reason.
In cases where the application is rejected, the response is found insufficient, or the application is not responded to within the time limit, you have the right to file a complaint with the Personal Data Protection Board (“Board”) within thirty days from the notification of the response and in any case within sixty days from the date of application. However, the complaint cannot be filed without exhausting the application remedy.
The Board conducts the necessary examination on matters within its jurisdiction upon complaint or ex officio when it learns of the alleged violation. The Board responds to the request by examining it upon complaint. If the request is not responded to within sixty days from the date of the complaint, the request is deemed to be rejected. If the violation is determined as a result of the examination conducted upon complaint or ex officio, the Board decides to eliminate the unlawfulness detected by the data controller and notifies the relevant parties. This decision is implemented without delay and within thirty days at the latest from the notification. The Board may decide to stop the processing of data or the transfer of data abroad in case of irreparable or impossible damages and clear unlawfulness.
We would like to state that your data is protected with care by our Company; thank you for your trust in us.
