Vimesoft Preloader

Confidentiality Policy

This confidentiality policy is hereby drawn up by Vimesoft A.Ş. acting as the data controller pursuant to the Communiqué on Terms and Procedures for Compliance with Privacy Notice Obligation as well as pursuant to the Personal Data Protection Law no. 6698 (the “Law”). Vimesoft A.Ş. makes technological and infrastructural facilities and accordingly adopts necessary technical and administrative measures to ensure that personal data are securely stored and lawfully processed in order to fulfil those obligations regarding data security as required under Article 12 of the Personal Data Protection Law no. 6698 (the “Law”). Personal data are processed by Vimesoft A.Ş. in line with the Law and applicable legislation. Individuals whose data are processed under the Law may inquire and be informed about their personal data to be processed by Vimesoft A.Ş. in its capacity as data controller, and the purposes of such processing, recipient groups to whom these data may be transferred, methods and legal grounds for collecting such data, as well as their rights regarding these personal data.

PERSONAL DATA THAT ARE OR MAY BE PROCESSED

While personal data processed in products and services offered by Vimesoft A.Ş. may vary from one individual to another, all categories of personal data that can be processed by Vimesoft A.Ş. in general are given below: Identity Data: An individual’s name and surname are processed in this data category. Contact Data: This data category includes the individual’s mobile-phone number, email address, address, province/district name, postal code, tax office and tax ID number. Personnel Data: This personal data are processed by the individual’s employer. Process Security Data: The individual’s user ID data, passwords and verification codes are processed in this category. Audio-Visual Records: The individual’s photos, camera images and voice data are processed in this category. Financial Data: The individual’s name and surname that appear on his

credit cards, his credit card number, the expiry date of the card, as well as its security code are processed in this data category.

PURPOSE OF PROCESSING PERSONAL DATA

Your personal data listed below are processed for the following purposes in connection with products and services offered by Vimesoft A.Ş. Identity Data: In this category, a data subject’s name and surname are processed to proceed with service purchase and sales procedures, as well as to provide services. Contact Data: In this category, a data subject’s mobile-phone number is processed to proceed with service purchase and sales procedures and to execute access authorizations, while his email address is processed to execute purchasing procedures and access authorization and to provide services, whereas his address, province-district data, postal code, tax office and tax ID number are processed with the purpose of carrying out financial and accounting procedures and to execute service sales. Personnel Data: In this data category, the data of the data subject’s employer are processed to execute service purchase and sales procedures, and to proceed with marketing operations of products/services. Process Security Data: In this data category, the data subject’s employer details are processed to execute service purchases and to proceed with the marketing of products/services. Audio-visual Records: In this data category, the data subject’s photos, camera images and voice data are processed to provide services. Financial Data: In this data category, the data subject’s name and surname that appears on his credit cards, his credit card number, the expiry date of the card, as well as its security code are processed to proceed with service sales, and to execute financial and accounting procedures.

PERSONAL DATA TRANSFER

Personal data collected by Vimesoft A.Ş. may be transferred to its business partners, i.e. contractual suppliers and services providers, or individuals and private legal persons in Turkey or abroad, or statutorily authorized public agencies and bodies for the purposes listed below, and are subject to personal data transfer terms and conditions set out in Articles 8 and 9 of the Law, and are in line with the fundamental principles therein.

Identity Data: In this data category, the data subject’s name and surname are transferred to vendors that provide the infrastructure for running the membership process and other users within the context of service provision. Contact Data: In this data category, the data subject’s mobile phone number and email address may be transferred to vendors of the infrastructure where the system is maintained for completing the registration process and log-in procedures, to SMS service providers for sending membership activation notices to members, and to email service providers whose infrastructure is used for sending invoices to the data subject that contain the data subject’s address, province-district data, postal code, tax office and tax ID number, which is issued following charging. Personnel Data: In this data category, the data subject’s employer data may be transferred to vendors that maintain the infrastructure by which the system is maintained in order to complete the membership process and application log-ins. Process Security Data: In this data category, the data subject’s user ID data and verification code are transferred to the SMS service provider for the use of the SMS service to activate the user’s membership, and to vendors that provide the infrastructure on which the system is hosted to log in the application with a user password. Audio-Visual Records: In this data category, the data subject’s photo may be transferred to vendors that provide the infrastructure on which the system is run for profile customization, and his camera images and voice data may be transferred to other participants within the context of provision of the system. Financial Data: In this data category, the data subject’s name and surname that appear on his credit cards, his credit card number, the expiry date of the card, as well as its security code may be transferred for the use of payment services within the context of the membership process.

METHOD AND LEGAL GROUNDS FOR COLLECTING PERSONAL DATA

Personal data may be collected by means of fully-automated, partly-automated and non-automated methods through the application

membership page, requests for proposal forms, the payment details page, profile page, conferencing and call page, conference screen and similar electronic media, as well as voice communication methods, and may be processed and transferred for purposes defined in this Policy. Pursuant to Article 5 of the Law, Vimesoft A.Ş. may process personal data that it collects in line with the law without seeking explicit consent:

· If expressly required under the applicable law;

· If the processing of personal data is mandatory to protect the life or physical wellbeing of a person or someone else in case such person is not in a position to express his consent due to actual impossibility, or his consent is legally invalid;

· Provided that it is directly related to the execution or performance of a contract between Vimesoft A.Ş. and the Data Subject, and if it is necessary to process the personal data of the contract parties;

· If processing is necessary for Vimesoft A.Ş.to fulfil its statutory obligations;

· Where personal data are made public by the data subject;

· If processing is necessary to establish, exercise or protect a right;

· Provided that it does not prejudice fundamental rights and freedoms, if it is necessary for Vimesoft A.Ş. to process data for its legitimate purposes.

Moreover, pursuant to Article 6 of the Law, Vimesoft A.Ş. may process special category of personal data collected by it in line with the law without the need to seek explicit consent:

· Special category of personal data are such data about an individual’s race, ethnic origins, political thoughts, philosophical belief, religion, sect or faith, clothing and attire, membership in associations or unions, health, sexual life, criminal convictions and security data, as well as biometric and genetic data.

· If required under the applicable law, special category of personal data of the data subject other than data about his health or sexual life may be processed.

· Special category of personal data pertaining to his health or sexual life may be processed by persons subject to confidentiality obligations or by competent public bodies and authorities for the sole purposes of public health protection, preventive medicine, medical diagnosis, supply of treatment and care services, and planning and management of healthcare services and the financing thereof.

RIGHTS OF THE DATA SUBJECT

Pursuant to Article 11 of the Law, the data subject may at all times apply for the controlled data in order to exercise his rights listed below:

· the right to be informed about whether his personal data are processed;

· if his personal data are processed, to request information about this;

· the right to be informed about the purposes of processing his personal data, and whether such data are being used in line with those purposes;

· to know about the third parties to whom his personal data are transferred in Turkey and/or abroad;

· if personal data are processed incompletely or misprocessed, then the right to request rectification;

· to request that his personal data be erased or destroyed if the reasons for processing his personal data are no longer applicable in terms of purpose, timeframe or legitimacy;

· to request that his personal data be erased or destroyed if the reasons for processing his personal data are no longer extant, even if they have been processed in line with the Personal Data Protection Law no. 6698 and other applicable law;

· to request that operations carried out for the rectification, erasure or destruction of personal data must be conveyed to third parties to whom his personal data are transferred;

· to object to any results unfavorable to him that may arise from the analysis of his processed data by means of fully-automated systems;

· to request indemnification against any losses that may arise due to the unlawful processing of his personal data.

HOW TO EXERCISE RIGHTS OF THE DATA SUBJECT

Pursuant to Article 11 of the Law, the Data Subject shall fully complete and deliver the application form to Vimesoft A.Ş. via the channels described in the form in order to exercise his rights listed above. Vimesoft A.Ş. will finalize the request free of charge as soon as possible, and at the latest within thirty (30) days, depending on its nature. However, if this requires any additional cost, Vimesoft A.Ş. reserves its right to charge the

fee laid out in the tariff published by the Personal Data Protection Committee.

TIME PERIODS FOR PROCESSING PERSONAL DATA

Personal data processed for the purposes defined in this confidentiality policy and in line with the Law shall be erased, destroyed, or remain in use following their anonymization by Vimesoft A.Ş. when the purposes for processing them under Article 7 of the Law are no longer applicable or when the time periods during which Vimesoft A.Ş. is obliged to process them under the applicable law expire.