Personal Data Protection

Privacy Notice

As Sabancı Dijital Teknoloji Hizmetleri A.Ş. (“Company”), we take the utmost care to keep your personal data safe. As the data controller, our Company is obligated under Article 10 of Personal Data Protection Law No. 6698 (“Law”) to clarify how we collect your personal data and the legal basis for this, for what purposes we process your personal data, to whom we transfer your data and why, as well as explain your rights as a data subject. Thus, the information regarding Company's data collection method and legal reason, its purposes in processing your personal data, the parties it transfers your personal data to and its reasons, and the rights that you may exercise as the data subject are given below.

1. Personal Data Collection Method and Legal Basis

Personal Data Collection Method: Our company obtains your personal data by direct disclosure by you when you fill out the "Contact Form" and "Demo Account User Form" on our website.

Legal Basis: Your personal data that you have transferred to us by filling out the Contact Form and Demo Account User Form on our website at your own initiative is processed towards responding to your offers, suggestions, complaints and information requests that you have forwarded to our company, contacting you again in these matters, managing customer satisfaction processes based on the fact that data processing is mandatory for the establishment and performance of the contract (c) specified in the 2nd paragraph of Article 5 of the Law No. 6698, and within the legal reason of legitimate interests of our company (f).
The contact form in question asks you not to share sensitive personal data in any way. But should you share sensitive personal data at your own request, these data will be processed accordingly based on the legal grounds of explicit consent as specified in Article 6 of the Law.

2. Purpose of Processing Personal Data:

Within the legal reasons we have mentioned above, your personal data could be processed for responding to your offers, suggestions, complaints and information requests that you have forwarded to our company, contacting you in relation to these matters, informing you about our products and services regularly in line with your requests, managing customer satisfaction processes, responding your business partnership demands regarding our services and communicating with you in this regard, providing services to you about other Edoksis service groups such as E-Invoice, e-Waybill, e-Archive and e-Ledger services and other Edoksis service groups such as e-Analysis, e-Reconciliation, e-Process, e-mail, SMS and KEP services and communicating with you for marketing, advertising, research purposes and for fulfilling our legal obligations stipulated in the legislation to which our Company is subject.
Besides, your personal data will be processed to inform you regularly about the products and services we offer, and if you exercise your right to refuse these messages, the notification will be ended by our Company.

3. Places and Purpose of Transfer of Personal Data:

Per the basic principles in the Law and Article 8 and 9 of the Law, our Company can share your personal data with the suppliers and business partners that offer their services or cooperation to the company to answer and conclude the requests you submitted to our Company, to contact you, to inform you about our goods and services per your requests; we can share anonymized personal data with Hacı Ömer Sabancı Holding A.Ş., with which we are affiliated, the group companies and our business partners for necessary auditing and reporting; with third parties such as regulatory supervisory bodies and legally authorized official authorities and real persons, and they may be transferred domestically as stipulated in the Law and abroad to benefit from cloud computing technology, dependent on your explicit consent per the conditions in Article 9 of the Law. Our Company acts in accordance with Articles 8 and 9 of the Law when transferring your personal data and takes all necessary technical and administrative measures to protect your data as required.

4. Methods of Application to the Data Controller and Your Rights:

Pursuant to Article 11 of the Law, you have the right to petition our Company a) to learn whether your personal data have been processed or not; b) if they have been processed, to request information about this processing; c) to learn the purpose for processing and whether your personal data are being use in line with this purpose; d) to learn the parties to whom your data were transferred abroad; to request rectification of data processed incompletely or inaccurately; f) to request deletion/destruction within the conditions stipulated in Article 7 of the Law; g) to ask that the persons to whom the data were transferred be informed of the processes carried out under points e) and f) above; h) to object to any unfavorable outcome due your processed personal data being analyzed solely by automatic systems; i) to claim compensation for losses arising from the unlawful processing of your personal data.

You can submit your applications to exercise your rights listed above by filling out the Data Subject Application Form, which you can find on our website, and posting it to Küçük Çamlıca Mahallesi, Kısıklı Caddesi, No. 56, Üsküdar/İSTANBUL or sending it to the registered electronic mail address.

Our Company will resolve your requests as soon as possible and within 30 days at the latest depending on the nature of the request. A fee may be charged if the procedure requires an additional cost. Our Company may accept and process the request or it may reject it, explaining why in writing.

If the application made by following the above-mentioned procedure is rejected, you find the response insufficient or the application is not responded to in time, you have the right to lodge a complaint with the Personal Data Protection Board (“Board”) within 30 days of receiving the response and in any case within 60 days of the date of application. No complaint can be filed until all avenues of appeal are exhausted.

Upon receiving a complaint or learning of the violation claim ex officio, the Board shall make the necessary examination of the matters within its purview. Upon receiving a complaint, the Board shall examine the request and send a response to the relevant parties. If no response is provided within 60 days of the date of the complaint, the request shall be deemed to have been rejected. If a violation is found as a result of the examination made upon the complaint or ex officio, the Board shall decide that the illegalities it detected will be eliminated by the data controller and shall notify the issue to the relevant parties This decision shall be exercised without delay following notification and within 30 days at the latest. The Board may decide to suspend the processing of data or the transfer of data abroad in the event of irreparable damage and if there is an explicit violation of the law.

We assure you that our Company protects your data diligently, and we thank you for trusting us.

Contact Us