TORNET PERSONAL DATA PROTECTION AND PROCESSING INFORMATION TEXT
As the TORNET family (TORNET Teknoloji Anonim Şirketi), we highly value the processing of the personal data of our esteemed users who use our Android and iOS mobile applications in compliance with the Law on the Protection of Personal Data No. 6698 (“Law”). Moreover, we are committed to being transparent regarding the collection, processing, and sharing of this data and ensuring its security to the highest extent.
Your personal data will be processed by our company, as the data controller, in compliance with the conditions stipulated by the Law if certain data processing conditions stated in the Law are met. In cases where lawful data processing conditions do not arise, your explicit consent will be obtained for processes requiring consent. If authorized by law or if explicit consent is required for certain procedures, your consent will be sought before any sharing, classification, or processing of data with third parties residing inside or outside the country as specified in the Law.
Your personal data will be processed by our Company: (i) lawfully and in good faith, (ii) relevant, limited, and proportionate to the purposes for which they are processed, (iii) accurately and up-to-date, and (iv) for specific, clear, and legitimate purposes.
With this information text, we aim to inform you, our valued users, about why your personal data is processed, which personal data is processed, the purpose of processing this personal data, how we ensure the security of your personal data, your rights under the law, and how you can exercise these rights within the scope of our service.
All TORNET users, employees, shareholders, and business partners are required to comply with the TORNET Personal Data Protection Policy and all principles stated in this information text.
Concerning Minors: Under the TORNET User Agreement, minors cannot be TORNET users. If you are under the age of 15, please do not use the TORNET application. If a parent of a child under the age of 15 is found to have provided the child’s data to TORNET, please inform us immediately. In case it is determined that data of a person under the age of 15 has been collected, we will promptly take necessary steps to delete it.
Users agree to ensure that the information subject to this Policy is complete, accurate, and up-to-date and undertake to notify TORNET immediately of any changes. Otherwise, TORNET will not be responsible for any damages that may occur.
This text will provide detailed answers to the following key questions:
- For what purpose and how do we collect your personal data? (Processing Purpose)
- Which of your data do we collect? (Data Categories)
- On what legal grounds do we process your personal data? (Legal Basis)
- How is Data Security Ensured?
- For what purpose may we transfer your personal data to third parties?
- For how long do we retain your personal data?
- What are your rights according to the Law on the Protection of Personal Data No. 6698 (“Law”), and how can you exercise these rights?
1. For What Purpose Do We Collect Your Personal Data?
As the TORNET family, in our capacity as the data controller, we collect, process, and transfer your data in accordance with the Law and these provisions, through automatic or other means, to record your suggestions, complaints, and issues and to ensure the proper performance of our services. Data is collected from various sources, such as our mobile application and website, which can automatically recognize users through the cookie system.
Your personal data is processed by TORNET for the following purposes:
- To register users
- To facilitate communication with customers for proper service performance
- To provide support processes via the call center
- To document user satisfaction and complaints
- To inform users regarding service delivery and changes in policies or contracts
- To ensure timely and appropriate maintenance and support for vehicles, and to protect company assets
- To conduct commercial activities, define and implement business strategies, and perform internal reporting and business development activities
- To ensure the legal and commercial security of TORNET and those in business relationships with TORNET, including providing necessary information to you
- To comply with legal obligations
- To prevent data loss
Your personal data, including your username, password, and data on browsing duration and details, is collected and processed along with other data to manage and analyze your interactions within our platforms.
Data Collection Method: Personal data is primarily collected electronically by TORNET. However, data may also be processed and stored physically and electronically when handling call center complaints, documenting these complaints, or during applications under Article 11 of the Law.
2. Which Personal Data Do We Record?
Data Categories:
- Identity Data: Name, surname, confirmation of age above 15. This data is processed to create user accounts, verify age for contract eligibility, ensure proper service delivery, and for accounting and other purposes outlined above.
- Contact Data: Phone number, address, and email address. This data is processed to communicate with you, manage complaints, notify you of service changes, and support accounting processes.
- Location Data: Data relating to your location, such as GPS, obtained during service use. This data is processed to ensure proper service delivery, timely maintenance, protection of company assets, and as legal evidence if required.
- Financial Data: Data on invoices. Personal data included on invoices is retained for accounting and legal compliance. User card information is not stored by TORNET; it is processed by our payment partner, Moka.
Other Data:
- User Information: User ID, service usage details, complaints, suggestions, search terms, usage errors, and other interaction details.
- Transaction Security Data: Passwords and hints, usernames used for identity verification and account access.
- Risk Management Data: IP address, device serial number and model, country information.
- Data Collected via Cookies: Data relating to site usage and preferences. (Please see our Cookie Policy for further information.)
3. On What Legal Grounds Do We Process Your Personal Data?
Your personal data is processed in accordance with Article 5 of the Law under conditions such as legal requirements, necessity for contract fulfillment, legal obligation of the data controller, public interest, or legitimate interests, without needing explicit consent.
4. How is Data Security Ensured?
TORNET takes necessary technical and administrative security measures to prevent unlawful access and processing. Systems containing personal data are monitored regularly, backed up, and protected by SSL technology for authentication and encryption. Administrative measures include corporate policies, staff training, and regular internal audits. However, TORNET is not responsible for security breaches due to user negligence or third-party actions.
5. For What Purpose May We Transfer Your Personal Data to Third Parties?
TORNET does not directly share data with third parties, except under legal obligations, such as:
- Legal requirements
- Necessity for contract formation or fulfillment
- Legitimate company interests
Data may be shared with shareholders, call center staff, accountants, legal advisors, Iyzico, and software partners for updates and maintenance.
6. How Long Do We Retain Your Personal Data?
TORNET retains collected data for the duration necessary to fulfill service requirements, considering statutory limitations.
Data Deletion: Data will be deleted, destroyed, or anonymized upon your request or when it is no longer necessary, in accordance with Article 7 of the Law.
7. Changes to the Policy
TORNET reserves the right to modify this Policy. The updated Policy becomes effective upon publication on our website or application. It is the user’s responsibility to follow updates.
8. What are Your Rights Under the Law on the Protection of Personal Data No. 6698?
You have the right to:
- Learn if your data is processed, request information, and understand the processing purpose
- Learn to whom your data is disclosed domestically and abroad
- Request correction of incomplete or incorrect data, and, if shared, request notification of corrections
- Request deletion of data if processing reasons are no longer valid, and, if shared, request notification of deletion
- Object to adverse results obtained from automatic data processing
- Seek compensation for damages due to unlawful data processing
If you have any questions or requests about this Information Text, please submit a signed request with identification to our address at Mustafa Kemal Mahallesi Dumlupınar Bulvarı No: 274/7 Mahall Ankara B Block No: 172 Çankaya / Ankara or via email to [email protected].