TORNET INFORMATION TEXT ON THE PROTECTION AND PROCESSING OF PERSONAL DATA
As the TORNET family (TORNET Technology Joint Stock Company), we attach great importance to the processing of personal data of our valued users, who use our Android and iOS mobile applications, in accordance with Law No. 6698 on the Protection of Personal Data (“Law”). Furthermore, we are committed to being transparent regarding the collection, processing, and sharing of this data and to ensuring the maximum security of your data.
Your personal data may be processed by our company, acting as the data controller, in accordance with the Law, provided that the data processing conditions stipulated in the law are met. In cases where the legal data processing conditions do not arise, your explicit consent will be obtained for procedures requiring explicit consent. Where permitted by legislation or if procedures requiring explicit consent exist, your explicit consent may be obtained, and your data may be shared with third parties residing in Turkey and abroad, classified, and processed in other ways specified in the Law.
Your personal data will be processed by our Company (i) in accordance with the law and the principle of fairness, (ii) in a manner limited and proportionate to the purposes of processing, (iii) accurately and up-to-date, and (iv) for specific, clear, and legitimate purposes.
With this information document, we would like to inform you, our valued users, about why your personal data is being processed within the scope of the services provided by our Company, which personal data is being processed, our purpose in processing such personal data, how we ensure the security of your personal data, and what your rights are under the law and how you can exercise these rights.
All TORNET Users, TORNET employees, shareholders, and business partners are obligated to comply with the TORNET Personal Data Protection Law and all the principles set forth in the information document.
Regarding minors: According to the TORNET User Agreement, minors cannot be TORNET Users. If you are under 15 years of age, please do not use the TORNET application. If a parent or guardian of a person under the age of 15 determines that their child’s data has been transferred to TORNET, please immediately notify TORNET. If we determine that the data of a person under the age of 15 has been collected, we will immediately take the necessary steps to delete it.
Users acknowledge and agree that their information subject to this Policy is complete, accurate, and up-to-date, and that they will immediately notify TORNET of any changes to this information. Otherwise, TORNET will not be held liable for any damages that may arise.
This text will explain in detail the answers to the questions listed below:
For what purpose and how do we collect your personal data? (Processing Purpose)
Which data do we collect? (Data Categories)
Which data do we collect? (Data Categories)
On what legal basis do we process your Personal Data? (Legal Basis)
How is Data Security Ensured?
For what purpose may we transfer your personal data to third parties?
How long do we store your personal data?
What are your rights under the Personal Data Protection Law No. 6698 (“Law”) and how can you exercise these rights?
1. For What Purposes Do We Collect Your Personal Data?
As the TORNET family, acting as the data controller, we collect, process, and transfer your data during your user application and service requests, through sources such as the cookie system, which automatically scans our website platform to recognize the user during your visit to our mobile application and website, in accordance with the Law and within the framework of these provisions, by automatic or other means, in order to record your suggestions, complaints, and problems and to ensure the proper performance of the service.
Your personal data will be processed by TORNET; Obtaining your user registration,
Providing communication with the customer for the proper performance of the service,
Support processes provided to the user through the call center,
Providing documentable user satisfaction and complaints,
Providing necessary information regarding service performance and contract and policy changes,
Providing timely and proper vehicle maintenance and support, and protecting company assets,
Conducting commercial activities, defining and implementing commercial business and strategies, carrying out internal reporting and business development activities,
Ensuring the legal and commercial security of TORNET and those in business relationships with TORNET, and providing you with the necessary information in this context,
Ensuring the fulfillment of legal obligations,
Preventing data loss
Your personal data, preferences, transactions, browsing time, and details on the platforms you log in using your username and password, are collected in order to process them together with other data obtained.
Personal Data Collection Method: As a rule, TORNET collects your personal data electronically. In addition, your personal data may be processed and stored in physical files and electronic media during your verbal and written call center complaints and their documentation process or during your applications made in accordance with Article 11 of the KVKK.
2. Which Personal Data Are Recorded?
Data Categories:
Identity Data: Name, surname, and information proving that you are over 15 years of age. Your personal data specified in the identity data category is processed by our company for the purposes of creating your user registration, determining whether you meet the age requirement for the establishment of the contract, ensuring the proper performance of the service, accounting procedures, and other processing purposes listed above.
Contact Data: Your phone number, address, and email address. Your personal data specified in the contact category is processed by our company to contact you for the proper performance of the service, to process your complaints and applications and ensure that these applications are documented, to notify you of the results of applications made under Article 11 of the Personal Data Protection Law, to ensure timely and proper maintenance and support of vehicles, to provide necessary information about contract and policy changes during the performance of the service, and to ensure that it is present on documents for accounting purposes.
Location Data: Data related to your location, such as GPS data obtained during the performance of the service; Your location data is processed by our company while you are using company vehicles to ensure the proper performance of the service, to ensure timely maintenance and maintenance of the vehicles, to protect company assets, and to serve as legal evidence in the event of legal proceedings.
Financial Data: Personal data included in invoices; Your financial data included in invoices, which must be retained for the purposes of fulfilling legal obligations in accounting processes. USER’s card information is not stored by TORNET. The payment infrastructure is provided by iyzico. USER’s identification data and payment information are transferred to iyzico, the company’s partner payment institution.
Other Data:
User Information: Data such as your user ID number, data regarding the date and time you received the service, your complaint records, suggestions, search terms used on the website and mobile app, errors that occur during use, payment information and statuses, your frequency of service use, targeting information, and cookie records. Your user information listed above is processed for purposes such as conducting commercial activities, defining and implementing commercial business and strategies, conducting internal reporting and business development activities, providing evidence for customer transactions, ensuring the legal and commercial security of TORNET and individuals in business relationships with TORNET, fulfilling legal obligations, and preventing data loss.
Transaction Security Information: Your transaction security information, including passwords and password hints used to verify identity and access your account, username, is processed by our company for purposes such as ensuring transaction security, preventing unauthorized access, and preventing data loss.
Risk Management Information: Your IP address, serial number and model of the TORNET device and smartphone used, and country information are processed by our company for purposes such as ensuring transaction security, preventing unauthorized access, and preventing data loss. Data collected through cookies: Statistical information regarding site usage, experiences, and page preferences (Please review our Cookie Policy for detailed information.)
We declare and undertake that while storing this data, we will comply with relevant laws and the rule of honesty, as stipulated in Article 4, Paragraph 2 of the Law, and that we will keep your data accurate and, if necessary, up-to-date. Please inform us of any changes without delay.
3. On what legal basis do we process your personal data?
We may process your personal data specified in the data categories listed above without seeking your explicit consent, in accordance with Article 5, Paragraph 2 of the Law, if it is expressly prescribed by law; if it is necessary to ensure the life and physical integrity of you or a third party if you are unable to express your actual consent; if it is necessary for the parties to the contract to establish and perform the contract; if it is necessary for our company to fulfill its legal obligations; if it has been made public by you; if it is necessary for the establishment, exercise, and protection of a right; and if the processing is necessary for our legitimate interests, provided that it does not harm the fundamental rights and freedoms of our users.
Except for special personal data, if the above legal grounds apply when processing your personal data, your explicit consent will not be sought separately. If your personal data does not fall within the scope of the legal grounds specified in the law, your explicit consent will also be sought for processing. However, if you do consent, our company may process these personal data.
4. How is Data Security Ensured?
TORNET is committed to taking the necessary technical and administrative security measures, ensuring audits and controls, to ensure that your personal data is not unlawfully accessed or processed, in accordance with the conditions set forth in relevant legislation or this Policy.
Furthermore, the necessary software is used to ensure the cybersecurity of the systems where your personal data is stored, and our IT consultants regularly monitor personal data security. Your personal data is backed up. The security of the media containing your personal data is ensured. Unauthorized access to your personal data is prevented. User data is protected by authentication and encryption methods using Secure Socket Layer technology.
However, TORNET assumes no responsibility for the privacy policies and content of applications linked to other applications or third parties through the Site or mobile application.
Furthermore, TORNET reminds us that no information system is absolutely secure and that it is not responsible for the consequences arising from the user’s negligence or the actions of third parties.
As part of administrative measures, corporate policies and procedures have been implemented to protect your personal data. Periodic awareness training has been implemented for employees and shareholders, and confidentiality commitments have been signed with employees.
Periodic random audits are conducted internally, risk analyses are conducted, and consulting is obtained from lawyers and IT companies specializing in personal data protection law. Locked cabinets have been implemented in physical spaces containing personal data within the workplace, and access to archives and files has been restricted.
5. For What Purposes May We Transfer Your Personal Data to Third Parties?
As a rule, TORNET will not directly share the data provided by users, or other data collected in the background via the TORNET app and device, with third parties.
In accordance with Personal Data Protection Law No. 6698 and/or in the presence of exceptions in relevant legislation, TORNET may process and share user data with third parties without obtaining their consent. These situations are listed below:
It is explicitly prescribed by law; It is necessary for the protection of the life or physical integrity of the person who is unable to give consent due to a practical impossibility or whose consent is not legally valid; It is necessary for the processing of data to protect the life or physical integrity of the person or another person; It is necessary for TORNET to fulfill its legal obligations, provided that it is directly related to the establishment or performance of a contract; It is necessary for TORNET to fulfill its legal obligations; It is made public by users; It is necessary for the establishment, exercise, or protection of a right; It is necessary for TORNET to pursue its legitimate interests, provided that it does not harm the fundamental rights and freedoms of users. However, Customer personal data may be shared with company officials, our business partners, legally authorized public institutions and organizations, and private institutions for the purposes of ensuring that relevant individuals benefit from the products and services offered by TORNET, the necessary work is carried out by relevant business units and processes are carried out to enable TORNET to carry out commercial activities, and the execution of related business processes, the planning and execution of TORNET’s commercial and/or business strategies, the legal, technical, and commercial-occupational security of TORNET and the relevant individuals (business partners) who have a business relationship with TORNET, and the personal data processing conditions and purposes determined in accordance with legislation.
Currently,
Your identity, contact, and location data may be shared with our call center employees for the legitimate interests of the company to carry out the activities carried out by TORNET.
Your identity, contact, location, and other data may be shared with company shareholders due to express authorization under the law.
Your identity and financial data may be shared with the accounting department.
Your identity and financial data may be shared with: With third-party financial advisory services from which the company receives contracted services,
Your identity, contact information, location, and other data, if necessary for the fulfillment of legal obligations, are shared with third-party legal advisory firms from which we receive contracted services for the fulfillment of legal obligations and the legitimate interests of the company, to follow the company’s legal affairs,
Your identity and financial data are shared with Iyzico, a payment institution partner of TORNET,
Your identity, contact information, location, and all personal data contained in the application are shared with our company’s contracted business partner software company for the legitimate interests of the company, to enable application updates and to ensure the proper and secure performance of the service. Your personal data collected by TORNET may be shared with our shareholders, business partners, suppliers, legally authorized public institutions, private individuals, and other persons within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the Law, for the purposes of planning and executing TORNET’s commercial and/or business strategies detailed above, carrying out the necessary work by our relevant business units for the realization of commercial activities carried out by TORNET and the execution of related business processes, ensuring the legal, technical, and commercial occupational safety of TORNET and the relevant persons who have a business relationship with TORNET, carrying out the necessary work by our business units to enable the relevant persons to benefit from the products and services offered by TORNET, and carrying out the relevant business processes.
6. How Long Do We Store Your Personal Data?
TORNET stores the data collected as part of the service for the duration of your membership, in accordance with the requirements outlined in the text, taking into account the statutes of limitations specified in the legislation.
Deletion of Personal Data: Your data stored under the law will be deleted, destroyed, or anonymized upon your request or ex officio, if the reasons for processing your data no longer exist.
7. Changes We May Make to the Policy
TORNET may unilaterally amend the Policy. The Policy provisions amended by TORNET shall become effective on the date of publication.
8. What are your rights under Personal Data Protection Law No. 6698, and how can you exercise these rights?
User; They have the right to learn whether their personal data has been processed.
To request information regarding the processing of their personal data if it has been processed.
To learn the purpose of processing their personal data and whether it is being used in accordance with its intended purpose.
To know the third parties to whom their personal data has been transferred, both domestically and internationally.
To request correction of their personal data if it has been processed incompletely or inaccurately, and to request notification of the actions taken to the third parties to whom their personal data has been transferred.
To request the deletion or destruction of their personal data if the reasons requiring processing no longer exist, despite the processing of their personal data being incomplete or inaccurate, and to request notification of the actions taken to the third parties to whom their personal data has been transferred.
To object to the analysis of processed data exclusively through automated systems, resulting in a detrimental outcome.
To request compensation for any damages suffered due to the unlawful processing of their personal data. If you have any questions, comments, or requests regarding this Information Text, please submit your application in accordance with the procedures and principles set forth in the Communiqué on the Procedures and Principles of Application to the Data Controller, dated 10.03.2018 and numbered 30356, along with documents proving your identity, to “Mustafa Kemal Mahallesi Dumlupınar Bulvarı No: 274/7 Mahall Ankara B Blok No: 172 Çankaya / Ankara” with a wet signature; or by using the registered electronic mail (KEP) address, secure electronic signature, mobile signature, or your electronic mail address previously notified to TORNET and registered in our system, to info@tornetteknoloji.com. Requests included in your application will be finalized free of charge within 30 days at the latest, depending on the nature of the request. However, if the process requires an additional cost, the fee specified below may be charged. If our Company responds to a personal data subject’s request in writing, there will be no fee for up to ten pages; however, a processing fee of 1 Turkish Lira may be charged for each page exceeding ten, as stipulated in the Law and other relevant legislation.
TORNET may make changes to the matters outlined herein at any time. Any changes will be published on our website and/or the App. Our users are responsible for maintaining current content.