This document is prepared to inform the data subject whose personal data will be processed in a various ways including collection, recording and transfer of personal data within the country and abroad and within the framework of the relevant legislation, in particular the Law on the Protection of Personal Data numbered 6698 (the ”KVKK”) and EU General Data Protection Regulation (the “GDPR“); thus, to comply with the GDPR, the Law and the Communiqué on Principles and Procedures to be Followed in Fulfillment of the Obligation to Inform, to fulfill the obligation to inform.
Data Controller and its Identity
Joint data controllers are Brandefense Inc. (https://brandefense.io/), an American incorporation having its headquarters at “300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801/USA” and Brandefense Bilişim Danışmanlık Sanayi ve Ticaret Anonim Şirketi, a Turkish joint stock company having its headquarters at “Üniversiteler Mahallesi, 1605.Cadde, Kapı No:3/1, Cyberpark E Blok, 2.Kat No: 204 06800 Bilkent Çankaya/Ankara” (collectively the “Data Controllers“).
Method and Legal Basis of Personal Data Collection
The Data Controllers may collect fully or partially by automated means or by non-automated methods provided that it is part of the data recording system based on the reasons for compliance with laws stated in the GDPR and in the Articles 5 and 6 of the KVKK, in accordance with the laws and within the scope of fulfilling its legal obligations and/or the purposes of creating a common repository in relation to the business process that it carries out; in case (i) it is necessary to process personal data of the parties to an agreement provided that it is directly related to setting up of an agreement or its performance, (ii) it is necessary to process personal data to establish, use or protect a right, (iii) it is necessary to process personal data for the legitimate interests of the data controller, provided that not to damage fundamental rights and freedoms of data subject.
Processed Personal Data and Processing Purposes
Different categories of data and personal data of the customers/users may be processed in order to carry out the procedures of the departments contained within the Data Controllers, especially Cyber Threat Intelligence; Research & Development; VP of Engineering; and Product Growth. These are:
- In line with the purposes of the online sales process through the internet and Managing the Sales Processes of Goods/Services; name-surname, date and place of birth, Turkish identity number and passport no. information in the identity information category; phone number, user name and e-mail address information in the contact information category; bank account information in the financial information category of users/customers,
- In line with the purpose of recording transactions within the scope of increasing the quality of products and services offered to customers; name-surname, Turkish identity number and place and date of birth information in the identity information category; phone number and e-mail address information in the contact information category of users/customers,
- In line with the purpose of planning and conducting market research activities for the sales and marketing of products and services; name-surname in the identity information category; telephone number and e-mail address information in the contact information category of users/customers,
- In line with the purpose of analyzing purchasing preferences and developing services in relation to customer satisfaction; name-surname in the identity information category; phone number and e-mail address information in the contact information category of users/customers,
- In line with the purposes of increasing the user experience within the scope of the execution of business activities; name-surname and Turkish identity number in the identity information category; e-mail, username and password information in the contact information category of user/customers, and
- In line with the purposes of execution of business activities and ensuring the security of operations; name-surname and Turkish identity number in the identity information category; address, e-mail, username, IP address and customer transaction information in the contact information category of user/customers,
The Data Controllers can store by keeping in the physical environment and/or recording in the database; update; and process your personal data collected as stated above through various activities including but not limited to the disclosure and transmission to third parties and to the extent permitted by the GDPR, the KVKK and any other legislation.
Your personal data shall be processed in accordance with the procedures and principles set forth in the GDPR, the KVKK and other legislation, in good faith, in a manner that is accurate and up-to-date, for specific, explicit and legitimate reasons; in a limited and measured manner, relevant to the purpose of processing and only to be retained for a period necessary for the purpose.
To Whom and For What Purpose Personal Data Can Be Transferred
Your personal data may be transferred within the country or abroad to the other units within the Data Controllers, banks, insurance companies, authorized public institutions and organizations such as the Treasury and law enforcement officers and abroad-servers of the applications including Amazon Web Services, Microsoft Azure, Microsoft Clarity, Hetzner.com, Digitalocean.com, Ovhcloud.com, Hubspot, Google Analytics, Gleap.io through online system, within the framework of the objectives and principles mentioned above, in particular for the purposes of conducting business activities and tracking the in-product behavior of users/customers and the internal rules of the Data Controllers and at the level required by the Data Controllers’ operations and in accordance with methods and conditions indicated in the GDPR and the KVKK.
For the other cases required by law other than those listed above, your personal data may be shared with the competent authorities by the Data Controllers in order to fulfill the legal requirements.
Rights of the Data Subject Concerned in the Relevant Articles of the GDPR and the KVKK
As the personal data subject, you have the following rights within the scope of Articles 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22 and 23 of the GDPR and Article 11 of the KVKK upon your application to the Data Controllers:
- to learn whether your personal data is processed or not;
- if your personal data has been processed, to demand information with regards to the said processing;
- to learn the purpose of processing your personal data and whether your personal data is being used for the intended purposes;
- to know the third parties to whom their personal data is transferred within the country or abroad;
- to request the rectification of incomplete or inaccurate data, if any;
- to request the erasure or destruction of our personal data in accordance with the conditions of the KVKK and its regulations;
- to request notification on operations conducted as per the above sub-paragraphs v. and vi.;
- to object to the processing, exclusively by automatic means, of your data which leads to an unfavorable consequence for yourself;
- to request compensation for the damage arising from the unlawful processing of your personal data.
In order to use your above-listed rights, your requests should be transmitted to the Data Controllers in written to the address “300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801/USA” or “Üniversiteler Mahallesi, 1605.Cadde, Kapı No:3/1, Cyberpark E Blok, 2.Kat No: 204 06800 Bilkent Çankaya/Ankara” or via other means that may be determined by the Personal Data Protection Authority in accordance with the GDPR and the KVKK. These requests shall be concluded within the periods indicated in the GDPR and the KVKK.
As per this document, you accept and declare that you have been explicitly informed on the data controller and its identity, method and legal basis of personal data collection, processed personal data and processing purposes, to whom and for what purpose personal data can be transferred and rights of the data subject concerned in the GDPR and the KVKK by the Data Controllers for all transactions related to processing of your personal data. In this regard, you also explicitly accept and declare that the Data Controllers have fulfilled its obligation to inform.
This document may be amended or changed in accordance with the GDPR and the KVKK and other related legislation when deemed necessary by the Data Controllers.
EXPLICIT CONSENT DOCUMENT ON COLLECTION, PROCESSING AND TRANSFER OF YOUR PERSONAL DATA
Joint data controllers are Brandefense Inc. (https://brandefense.io/), an American incorporation having its headquarters at “300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801/USA” and Brandefense Bilişim Danışmanlık Sanayi ve Ticaret Anonim Şirketi, a Turkish joint stock company having its headquarters at “Üniversiteler Mahallesi, 1605.Cadde, Kapı No:3/1, Cyberpark E Blok, 2.Kat No: 204 06800 Bilkent Çankaya/Ankara” (collectively the “Data Controllers“).
You, as our user/customer, hereby confirm that you have been duly informed by the Data Controllers on the matters indicated in the “Information Letter on Collection, Processing and Transfer of Your Personal Data” as required by the EU General Data Protection Regulation (the “GDPR“) and the Turkish Law on the Protection of Personal Data No. 6698 (the “Law“) and other relevant legislation. In this way, you also accept that the Data Controllers have fulfilled its informing obligations.
The various procedures of the departments within the Data Controllers and different categories of data and personal data of the customers, to be processed in this regard, are:
- In line with the purposes of the online sales process through the internet and Managing the Sales Processes of Goods/Services; name-surname, date and place of birth, Turkish identity number and passport no. information in the identity information category; phone number, user name and e-mail address information in the contact information category; bank account information in the financial information category of users/customers,
- In line with the purpose of recording transactions within the scope of increasing the quality of products and services offered to customers; name-surname, Turkish identity number and place and date of birth information in the identity information category; phone number and e-mail address information in the contact information category of users/customers,
- In line with the purpose of planning and conducting market research activities for the sales and marketing of products and services; name-surname in the identity information category; telephone number and e-mail address information in the contact information category of users/customers,
- In line with the purpose of analyzing purchasing preferences and developing services in relation to customer satisfaction; name-surname in the identity information category; phone number and e-mail address information in the contact information category of users/customers,
- In line with the purposes of increasing the user experience within the scope of the execution of business activities; name-surname and Turkish identity number in the identity information category; e-mail, username and password information in the contact information category of user/customers, and
- In line with the purposes of execution of business activities and ensuring the security of operations; name-surname and Turkish identity number in the identity information category; address, e-mail, username, IP address and customer transaction information in the contact information category of user/customers,
Your personal data may be transferred within the country or abroad to the other units within the Data Controllers, banks, insurance companies, authorized public institutions and organizations such as the Treasury and law enforcement officers and abroad-servers of the applications including Amazon Web Services, Microsoft Azure, Microsoft Clarity, Hetzner.com, Digitalocean.com, Ovhcloud.com, Hubspot, Google Analytics, Gleap.io through online system, within the framework of the objectives and principles mentioned above, in particular for the purposes of conducting business activities and tracking the in-product behavior of users/customers and the internal rules of the Data Controllers and at the level required by the Data Controllers’ operations and in accordance with methods and conditions indicated in the GDPR and the KVKK.
In addition to those listed above, your personal data may be shared with the competent authorities by the Data Officer in order to fulfill the legal obligations required by law.
You, as our user/customer, hereby give your explicit consent with your free will on the collection, processing and use, and transfer within the country and abroad of your personal data within the above-mentioned scope.