Personal Data Protection and Privacy Policy
Website Privacy Agreement
During your visit to this website and your use of the services we provide through this site, the use and protection of the information we obtain about you and the services you request are subject to the terms specified in this "Privacy Policy". By visiting this website and requesting to benefit from the services we provide through this site, you agree to the terms set forth in this "Privacy Policy".
I. Purpose of personal data protection and processing policy
In accordance with the sensitivity of the work we have been engaged in as ELIPHE so far, the data obtained from our customers or prospective customers has been kept confidential and has never been shared with third parties. The protection of personal data is our company's fundamental policy. Even before any legal regulation, our company and its subsidiaries attached great importance to the privacy of personal data and adopted it as a working principle, providing its employees with work instructions in accordance with this principle. We, as "ELIPHE," also undertake to comply with all the responsibilities imposed by the Personal Data Protection Law. The principles of protecting personal data in our companies also include our subsidiaries.
II. Scope and amendment of the personal data protection and processing policy
This Policy prepared by our company has been prepared in accordance with the Law on the Protection of Personal Data No. 6698 ("KVKK"). The Law has entered into force with all its provisions as of today. The data obtained with your consent or obtained in accordance with other legal requirements specified in the Law will be used to improve the quality of the services we provide and to improve our services and quality policy. Some of the data we have are de-identified and anonymized. These data are used for statistical purposes and are not subject to the Law and our Policy. "ELIPHE's Personal Data Protection and Processing Policy" aims to protect the automatically obtained data of our customers, prospective customers, employees, customers of companies working in partnership with us, and employees of those companies and includes regulations regarding them. Our company has the right to change our policy and regulation in compliance with the law and for better protection of personal data.
III. Basic rules regarding the processing of personal data
a) Compliance with the law and fairness: "ELIPHE" inquires about the source of the data collected or received from other companies and attaches importance to their lawful and fair acquisition. In this regard, "ELIPHE" provides necessary warnings and notifications regarding the protection of personal data to third parties (including agents and other intermediaries) who sell the services provided by "ELIPHE".
b) Accuracy and currency when necessary: "ELIPHE" attaches importance to ensuring that all data within the organization are accurate, do not contain incorrect information, and updates them when changes occur in personal data.
c) Processing for specific, explicit, and legitimate purposes: "ELIPHE" processes data only for the purposes for which they have been collected with the consent of individuals during the services provided and does not process, use, or allow the use of data for purposes other than the intended purpose.
d) Being relevant, limited, and proportionate to the purposes for which they are processed: "ELIPHE" uses the data only to the extent necessary for the purpose for which they are processed and as required by the service.
e) Retention for the period prescribed by the relevant legislation or for the duration necessary for the purpose for which they are processed: "ELIPHE" retains data sourced from contracts for the periods required by the law for dispute resolution, trade, and tax law requirements. However, when these purposes cease to exist, the data is deleted or anonymized.
According to Article 11 of the Personal Data Protection Law, you have the following rights. In order to facilitate these rights, a separate.
Individuals whose personal data is processed by "ELIPHE." can exercise the following rights regarding their own data by applying to our website:
a) To learn whether their personal data is being processed,
b) To request information if their personal data has been processed,
c) To learn the purpose of the processing of personal data and whether they are used in accordance with their purpose,
d) To know the third parties to whom personal data is transferred domestically or abroad,
e) To request the correction of personal data if it is incomplete or incorrectly processed,
f) To request the deletion or destruction of personal data within the framework of the conditions stipulated in the law,
g) To object to the occurrence of a result against oneself by exclusively analyzing the processed data through automated systems,
h) To demand the compensation of damages in case of suffering damage due to the unlawful processing of personal data.
Principle of Minimal Data Processing/Stinginess Principle
According to our principle called the Principle of Minimal Data Processing or Stinginess Principle, the data received by "ELIPHE" is only processed in the amount necessary for the system. Therefore, the data to be collected is determined according to the purpose. Unnecessary data is not collected. Other data received by our company is also transferred to the company's IT systems in the same way. Redundant information is not recorded in the system; it is deleted or anonymized. These data can be used for statistical purposes. Health data, which are special categories of personal data, are only collected and carefully stored in the system to provide better service to customers and protect their health.
Deletion of Personal Data
When the periods required by law to store the data expire, legal processes are completed, or other requirements cease to exist, our company automatically deletes, destroys, or anonymizes personal data upon the request of the data subject.
Accuracy and Data Currency
The data within "ELIPHE." is processed as declared by the relevant individuals as a general rule. "ELIPHE" is not obliged to verify the accuracy of the data declared by customers or individuals contacting "ELIPHE" neither legally nor due to our working principles. The declared data is considered accurate. The principle of accuracy and currency of personal data is also adopted by "ELIPHE." The company updates the personal data it processes from official documents received or upon the request of the data subject. Necessary measures are taken for this purpose.
Confidentiality and Data Security
Personal data is confidential, and "ELIPHE" respects this confidentiality. Only authorized individuals within the company can access personal data. All necessary technical and administrative measures are taken to protect the personal data collected by "ELIPHE" from unauthorized access and to prevent our customers and prospective customers from being victims. In this context, software compliance with standards, careful selection of third parties, and compliance with the data protection policy within the company are ensured.
IV. Purposes of Data Processing
The collection and processing of personal data by "ELIPHE" will be carried out in accordance with the purposes specified in the information text. Data is collected and processed for the purpose of establishing a contract and providing better service to customers.
V. Customer, Potential Customer, and Business Partner Data
Collection and Processing of Data for Contractual Relationship
If a contractual relationship is established with our customers and potential customers, the collected personal data can be used without obtaining the customer's consent. However, this use is carried out within the scope of the contract's purpose. Data is used and, if necessary, updated by contacting customers in order to better execute the contract and fulfill the requirements of the service. On the other hand, the data provided by our potential customers (prospective customers) who have not yet turned into a contractual relationship is processed in order to provide them with easier
service and to ensure the legal and commercial security of our company.
VI. Consent of the Data Owner
As a rule, the personal data of our customers and potential customers is processed without obtaining their explicit consent, in cases where the processing is necessary for the performance of the contract and in cases where the legal obligation is imposed on us. However, we would like to state that, although the explicit consent of our customers and potential customers is not required in some cases, it is important to inform them about the processing of personal data.
VII. Data Sharing with Third Parties
"ELIPHE" may share personal data with legally authorized public institutions and private individuals in accordance with the conditions and purposes set forth in the law.
VIII. Transfer of Data Abroad
"ELIPHE" does not transfer personal data abroad. However, if necessary, personal data can be transferred abroad in accordance with the Personal Data Protection Law and within the framework of the conditions specified in the law.
VIII. Rights of the Data Subject
"ELIPHE" acknowledges the right of the data subject to obtain consent for the processing of personal data and to determine the fate of their data after it has been processed, as regulated by the Law.
By contacting us through our website, "ELIPHE," individuals have the following rights regarding their personal data:
a) To learn whether their personal data is being processed,
b) To request information if their personal data has been processed,
c) To know the purpose of the processing of personal data and whether it is being used accordingly,
d) To know the third parties to whom personal data is transferred, both domestically and internationally,
e) To request the correction of personal data in case of incompleteness or inaccuracies,
f) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7,
g) To object to any negative consequences arising from the analysis of processed data through automated systems,
h) To demand compensation in case of damages suffered due to the unlawful processing of personal data.
However, there is no right for individuals regarding anonymized data within the company. "ELIPHE" may share personal data with relevant institutions and organizations for the purpose of fulfilling judicial duties or exercising the legal powers of state authorities, as required by business and contractual relationships.
Personal data owners can submit their requests related to the mentioned rights by filling out the complete application form available on the official website of the Company, www.eliphe.com.tr, signing it with wet ink, and sending it via registered mail along with photocopies of their identification documents (only the front side photocopy for identity cards). Depending on the content of your application, it will be answered as soon as possible or within a maximum of 30 days after it reaches our company. It is necessary to submit your applications via registered mail. Furthermore, only the part of your application concerning yourself will be answered, and applications made on behalf of your spouse, relative, or friend will not be accepted. "ELIPHE" may request additional relevant information and documents from the applicants.
IX. Privacy Policy
The data of both employees and other individuals at "ELIPHE" is confidential. No one can use, copy, duplicate, transfer to others, or use for purposes other than business purposes without the necessary contract or legal compliance.
X. Transaction Security
All necessary technical and administrative measures are taken by "ELIPHE" to protect the personal data collected and prevent unauthorized access by individuals and ensure that our customers and potential customers do not suffer any harm. In this regard, software compliance with standards, careful selection of third parties, and adherence to data protection policies within the company are ensured. Security measures are continuously renewed and improved.
XI. Auditing
"ELIPHE" conducts internal and external audits regarding the protection of personal data.
XII. Notification of Breaches
When "ELIPHE" is notified of any breach related to personal data, immediate action is taken to remedy the breach. The damage to the data subject is minimized and compensated. In the event of unauthorized acquisition of personal data by external unauthorized individuals, the situation is immediately reported to the Personal Data Protection Board. Applications regarding the notification of breaches can also be made in accordance with the procedures specified on the website www.eliphe.com.tr.
Regarding the requests made in accordance with the Personal Data Protection Law,
All applications will be processed when the form provided on the www.eliphe.com.tr pages is filled out, a photocopy of identification is attached, and the form is sent to the address indicated on the form via registered mail, as announced on the website.
Rights regarding personal data can only be used for the data belonging to the individuals themselves. Requests regarding the data of individuals other than the person