KVKK Disclosure
Notice
Disclosure notice regarding the processing of your personal data within the scope of the Personal Data Protection Law No. 6698.
Table of Contents
1 What is the Purpose and Scope of the Disclosure Notice?
As Ahmet Çevik ("Hostopya" or "Organization"), we care about the security and protection of the personal data you share. Hostopya is a "data controller" in the situations specified in this text. We process your personal data in accordance with the Personal Data Protection Law No. 6698 ("KVKK" or "Law") and take appropriate, proportionate and adequate administrative and technical measures to protect your personal data. For more detailed information about the scope, context and approach of personal data processing as an Organization, you can also review our Privacy Policy.
This disclosure notice has been prepared to inform hostopya.com site visitors, our customers who benefit from our services, and individuals who contact our organization through the site, which we operate as Hostopya. The responsibility for third-party websites that we reference or share information about on our website belongs to the operator and owner of the relevant site, not our organization.
2 What Are the Basic Concepts Related to Personal Data?
Explicit consent: Consent that is related to a specific subject, based on information, and expressed with free will
Anonymization: Making personal data unable to be associated with an identified or identifiable natural person under any circumstances, even when matched with other data
Data subject: The natural person whose personal data is processed
Personal data: Any information relating to an identified or identifiable natural person
Employee handling personal data: Employees who process personal data of data subjects on behalf of the organization as part of their job description
Processing of personal data: Any operation performed on data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making available, classifying, or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that they are part of any data recording system
Board: Personal Data Protection Board
Authority: Personal Data Protection Authority
KVKK: Personal Data Protection Law No. 6698
Special categories of personal data: Data relating to persons' race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or trade union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic data
Data processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller
Data recording system: The recording system in which personal data is structured and processed according to specific criteria
Data controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system
Joint data controller: Data controllers who jointly use certain personal data and carry out joint activities regarding processing methods and purposes
Independent data controller: A data controller who decides on the purposes and methods of processing personal data independently of any other data controller
3 Who Are We as the Data Controller?
Hostopya has the status of "Data Controller" against the relevant natural persons in terms of personal data belonging to website visitors and customers benefiting from the services it provides over the internet. Hostopya, as the data controller, fulfills its obligations arising from the law and Board decisions by taking administrative measures and appropriate and proportionate technical measures.
Data Controller Contact Information
4 What is the Scope of Our Disclosure Obligation?
Article 10 of Law No. 6698 has imposed an obligation on data controllers to inform persons whose personal data is processed. The disclosure obligation includes the identity of the data controller, the purposes of processing personal data, the persons to whom they are transferred, the purposes and methods of transfer, the legal reasons for collecting personal data, and information about personal data applications, along with the rights listed in Article 11 of the KVKK Law.
5 Which Personal Data Categories Are Processed?
We process the identity, contact, personal, transaction security, and financial information of our website visitors, customers, and individuals who contact us through our website.
6 For What Purposes Do We Process Personal Data?
Your personal data is processed on our websites and internet services in accordance with the principles in the KVKK Law for the following purposes:
Conducting commercial activities
Ensuring business continuity
Planning and executing business strategies
Making presentations, promotions and informing
Promoting and communicating through electronic channels
Conducting press relations
Informing the public
Conducting business relationships
Sharing event visuals
Conducting sales and marketing operations
Tracking information, support and complaint requests
Operating internet services
Executing sales of services
Conducting dealer operations
Promoting services/products
Managing services
Managing intangible assets
Managing digital assets
Receiving job applications
7 How Do We Process and Protect Personal Data?
We process your data in accordance with the principles listed in Article 4 of the Law, and by obtaining your explicit consent except in the cases of compliance specified in Article 5. We collect your personal data verbally, in writing, or electronically through domestic and international means such as offices, websites, and social media platforms, by automatic or non-automatic methods.
Personal data of visitors and users is processed on servers hosting our websites and internet services, and on corporate fixed and mobile devices we use for support, operation, and development purposes.
All necessary technical and administrative measures are taken, provided that they are appropriate and proportionate, to protect personal data collected by Hostopya, to prevent it from falling into the hands of unauthorized persons, and to prevent our customers and potential customers from being harmed. In this context, we pay attention to ensuring that our application, software and information systems comply with standards and are kept up to date, to signing data transfer agreements with the parties we share data with, and to adhering to our Privacy Policy within the Organization.
8 With Whom and Why Do We Share Personal Data?
As Hostopya, the personal data we collect and process is transferred to organizations with which we have business relationships, service providers and solution partners in domestic and international locations from which we benefit from administrative, legal and technical services, and to official institutions/organizations in cases of legal obligation, in order to ensure business continuity and conduct services, in accordance with Article 8 of the Law. Hostopya, as a data controller, performs the necessary controls as much as possible to ensure that the institutions and organizations it shares data with fulfill their obligations arising from the Law, and binds the obligations with data transfer agreements.
8.1 What is the Nature and Scope of Domestic Sharing?
Personal data is shared within the framework of the following purposes:
With group companies, business partners, subsidiaries, consulting firms and similar service suppliers both domestically and internationally for the planning and execution of commercial activities
With organizations providing services in the printed, visual media and internet platforms for promotion and marketing purposes
With organizations providing services in the areas of ensuring business continuity, human resources, occupational health and safety, and planning and implementing emergency processes and strategies
With private institutions and organizations such as business partners, consulting firms, suppliers, and authorized authorities such as public institutions and judicial bodies when necessary to fulfill obligations arising from legal and judicial decisions
With banks, insurance companies, dealers, and IT organizations providing services in the area of electronic mail, customer management, accounting and human resources management
With organizations providing services in the IT field to ensure the infrastructure, application and security of information systems
8.2 What is the Nature and Scope of International Sharing?
Hostopya shares personal data with service providers located abroad for the purposes of operating our website, developing services, conducting office business and operations, providing services to users and visitors, ensuring their satisfaction, meeting their expectations, and establishing communication. In this context:
With US-based Whatsapp (Facebook) for instant messaging
With US-based Zoom and Google for video conferencing
With US-based Tawk.to for customer support and requests
With US-based Google and Wetransfer for file sharing
With Germany-based Anydesk and Teamviewer for remote access
With US-based Apple and Google for mobile operating systems and bundled services
With US-based Facebook, Twitter, Instagram, Youtube and Google for social media services
With France-based SendinBlue for mail delivery
With US-based RapidSSL for SSL certificate services
With US-based TheSSLStore for SSL certificate services
With Netherlands-based Realtime Register for domain registrations
With India-based P.D.R Solutions for domain registrations
Service Provider Privacy Policies
9 For What Legal Reasons Do We Process Personal Data?
Your personal data is processed based on the following legal grounds specified in Article 5 of the Law:
The explicit consent of the person
Based on the legal ground of being explicitly stipulated by law; within the scope of Law No. 5651 on Regulation of Publications on the Internet and Combating Crimes Committed Through Such Publications, Regulation on Internet Public Access Providers dated 11/04/2017 and numbered 30035, Turkish Code of Obligations No. 6098, Turkish Commercial Code No. 6102 and similar laws, regulations and communiqués
Based on the legal ground of the establishment or performance of a contract; fulfillment of contractual requirements of which you are a party
Based on the legal ground of the data controller's ability to fulfill its legal obligation; fulfillment of legal obligations stipulated in the relevant legislation, such as responding to requests from courts and public institutions requesting information and documents
The data being made public by the data subject themselves
Based on the legal ground of establishing, exercising, or protecting a right; processed without seeking explicit consent based on the legal grounds of serving as evidence in potential disputes, obtaining legal consultancy and technical support
10 What Are Your Rights as a Data Subject?
As personal data subjects, you have the following rights as listed in Article 11 of the KVKK:
Learning whether personal data is being processed
Requesting information if personal data has been processed
Learning the purpose of personal data processing and whether they are used in accordance with their purpose
Knowing the third parties to whom personal data is transferred domestically or internationally
Requesting correction of personal data if it has been processed incompletely or incorrectly, and requesting that the actions taken in this context be notified to third parties to whom personal data has been transferred
Requesting deletion or destruction of personal data when the reasons requiring its processing disappear, even though it has been processed in accordance with the provisions of KVKK and other relevant laws, and requesting that the actions taken in this context be notified to third parties to whom personal data has been transferred
Objecting to the emergence of a result against the person themselves through the analysis of processed data exclusively by automatic systems
Requesting compensation for damages in case of damage due to unlawful processing of personal data
11 How Can You Apply for Information?
You can obtain information about your rights within the scope of Article 11 of the Law, which "regulates the rights of the data subject," and the application process from our Personal Data Subject Applications page, and apply to us using the "Personal Data Subject Application Form" below.