Back to Home
PDPA Privacy Notice
This notice is prepared to inform you about the processing of your personal data in accordance with the Personal Data Protection Law No. 6698 ('PDPA'). We attach great importance to the protection of your personal data.
1. Data Controller
Your personal data may be processed by ufkas as the data controller within the scope described below. As data controller, ufkas is responsible for determining the purposes and means of processing personal data, and for establishing and managing the data registry system.
2. Purposes of Processing Personal Data
Your personal data is processed for the following purposes:
• Providing services through the website and platform
• Customizing and improving products and services according to requests
• Conducting contractual processes and managing customer relationships
• Processing invoices, payments, and collections
• Announcing new or existing products, services, and campaigns
• Resolving technical issues and providing support services
• Fulfilling legal obligations in accordance with legal regulations
• Managing information security processes and ensuring website security
• Creating statistics and analyzing usage
• Providing services through the website and platform
• Customizing and improving products and services according to requests
• Conducting contractual processes and managing customer relationships
• Processing invoices, payments, and collections
• Announcing new or existing products, services, and campaigns
• Resolving technical issues and providing support services
• Fulfilling legal obligations in accordance with legal regulations
• Managing information security processes and ensuring website security
• Creating statistics and analyzing usage
3. Legal Basis
Your personal data is processed based on the following legal grounds as specified in Articles 5 and 6 of the PDPA:
• Being directly related to the establishment or performance of a contract
• Being necessary for the data controller to fulfill its legal obligations
• Data processing being mandatory for the establishment, exercise, or protection of a right
• Being mandatory for our legitimate interests, provided they do not harm your fundamental rights and freedoms
• Your explicit consent
• Being directly related to the establishment or performance of a contract
• Being necessary for the data controller to fulfill its legal obligations
• Data processing being mandatory for the establishment, exercise, or protection of a right
• Being mandatory for our legitimate interests, provided they do not harm your fundamental rights and freedoms
• Your explicit consent
4. Categories of Personal Data Processed
The following categories of your personal data are processed:
• Identity Information: Name, surname, company name
• Contact Information: Email address, phone number, address
• Financial Information: Invoice details, payment records
• Transaction Security: IP address, login date/time, browser type, operating system, log records
• Usage Data: Platform usage statistics, page visits
• Identity Information: Name, surname, company name
• Contact Information: Email address, phone number, address
• Financial Information: Invoice details, payment records
• Transaction Security: IP address, login date/time, browser type, operating system, log records
• Usage Data: Platform usage statistics, page visits
5. Transfer of Personal Data
Your personal data may be transferred to:
• Our business partners and contracted organizations
• Our service providers (cloud service providers abroad, primarily in the United States and European countries: Amazon Web Services (AWS), etc.)
• Payment processors (Iyzico, etc.)
• Authorized public institutions and organizations
• Judicial authorities in case of legal obligation
for the realization of the purposes stated above.
• Our business partners and contracted organizations
• Our service providers (cloud service providers abroad, primarily in the United States and European countries: Amazon Web Services (AWS), etc.)
• Payment processors (Iyzico, etc.)
• Authorized public institutions and organizations
• Judicial authorities in case of legal obligation
for the realization of the purposes stated above.
6. Retention Period
Your personal data is stored for the period required by the processing purpose and within the statute of limitations periods stipulated in the relevant legislation. Daily backups of your data are made against possible technical problems.
7. Your Rights
Under Article 11 of the PDPA, you have the following rights:
• Learning whether your personal data is processed
• Requesting information about processing if your personal data has been processed
• Learning the purpose of processing and whether they are used appropriately
• Knowing the third parties to whom your personal data is transferred domestically or abroad
• Requesting correction of personal data if processed incompletely or incorrectly
• Requesting deletion or destruction of personal data under conditions in Article 7 of PDPA
• Objecting to the emergence of a result against you through analysis of processed data exclusively by automated systems
• Requesting compensation for damages in case of unlawful processing of personal data
• Learning whether your personal data is processed
• Requesting information about processing if your personal data has been processed
• Learning the purpose of processing and whether they are used appropriately
• Knowing the third parties to whom your personal data is transferred domestically or abroad
• Requesting correction of personal data if processed incompletely or incorrectly
• Requesting deletion or destruction of personal data under conditions in Article 7 of PDPA
• Objecting to the emergence of a result against you through analysis of processed data exclusively by automated systems
• Requesting compensation for damages in case of unlawful processing of personal data
8. Your Responsibilities
Keeping your data secure is also your responsibility. In this context:
• You should use sufficiently complex passwords for your account and store them securely.
• You should ensure that the devices (computer, tablet, phone) you use to access our platform have adequate security.
• You should not share your account information with third parties.
• You should contact us immediately if you notice any suspicious activity.
• You should use sufficiently complex passwords for your account and store them securely.
• You should ensure that the devices (computer, tablet, phone) you use to access our platform have adequate security.
• You should not share your account information with third parties.
• You should contact us immediately if you notice any suspicious activity.
9. Security Incident Management
We implement technical and administrative measures to ensure the security of your personal data. Nevertheless, in the event of a data breach:
• The Personal Data Protection Authority will be notified as soon as possible in accordance with Article 12 of the PDPA.
• Users who may be affected by the breach will be informed via email or through the platform.
• Public announcements will be made on our website when necessary.
• Immediate measures will be taken to minimize the impact of the breach.
• The Personal Data Protection Authority will be notified as soon as possible in accordance with Article 12 of the PDPA.
• Users who may be affected by the breach will be informed via email or through the platform.
• Public announcements will be made on our website when necessary.
• Immediate measures will be taken to minimize the impact of the breach.
10. Application Method
To exercise your above-mentioned rights, you can apply to us via our Contact Page or by sending an email to [email protected].