Protection of Personal Data
Explanation About The Protection of Personal Data and Privacy Policy
1. Purpose and Scope of the PolicyPersonal Data within the scope of KVK Law; means any information relating to an identified or identifiable natural person.According to the provisions of the KVKK, the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system is defined as the data controller. Our company's position in terms of KVKK is Data Controller.
This document ('Policy') has been written in order to enlighten the real persons whose personal data our Company processes as a data controller within the scope of Article 10 of the KVKK. Chekici reserves the right to update the text of this Statement on the Protection of Personal Data at any time within the framework of changes that can be made in the current legislation.
2. Methods of Collecting Personal Data and Legal Bases
Chekici collects personal data from the website, mobile applications of the website, social media accounts, cookies, call center, notifications from administrative and judicial authorities and other communication channels, in audio, electronic or written form, to establish a commercial relationship with our company, to make a job application, to make an offer. Personal data specified in the KVK Law, received from persons who share their personal data through business cards, CVs, bids and other means, for purposes such as giving, in a physical or virtual environment, face to face or at a distance, verbally or in writing or electronically. in accordance with the processing conditions and in line with the legal reasons specified in this Personal Data Protection Policy.
About the using of personal data, there are regulations in various laws. In the first place, the principles of protection of personal data were determined with KVKK. In addition, the Law No. 6563 on the Regulation of Electronic Commerce includes a provision on the protection of personal data. Penal sanctions are envisaged in some cases for the protection of personal data through the provisions of the Turkish Criminal Law No. 5237.
On the other hand, it is necessary to collect and use data in order to fulfill our obligations arising from the Law No. 6502 on the Protection of the Consumer and the Regulation on Distance Contracts.
3. Purposes of Processing Personal Data
In accordance with the law, as a rule, personal data cannot be processed without the explicit consent of the data owner. Chekici will be able to record, store, update, disclose, transfer, classify and process your personal information to third parties in cases and to the extent permitted by the legislation.
Your personal data is used for the following purposes:
- Confirming the identity information of the person who purchases the towing service via the website/mobile applications,
- To save the address and other necessary information for communication,
- To communicate with our customers about the conditions, current status and updates of the contracts we have concluded under the relevant articles of the Law on Distance Sales Contract and Consumer Protection, to provide necessary information,
- To arrange all records and documents that will be the basis of the transaction in electronic (internet / mobile etc.) or paper media,
- To fulfill the obligations undertaken in accordance with the contracts we have concluded under the relevant articles of the Law on Distance Sales Contract and Consumer Protection,
- To be able to provide information to public officials, upon request and in accordance with the legislation, on matters related to public safety,
- To provide a better service to our customers, to provide information to our customers about our products that may be of interest to our customers, 'taking into account the interests of our customers', to convey campaigns,
- To increase customer satisfaction, to get to know our customers who purchase airplane and bus towing services from the website and/or mobile applications, and to use them in customer environment analysis, to use them in various marketing and advertising activities, and to organize surveys in electronic and/or physical environment through contracted institutions,
- To be able to offer suggestions to our customers by our contracted institutions and solution partners, to inform our customers about our services,
- To be able to evaluate customer complaints and suggestions about our services,
- To fulfill our legal obligations and to use our rights arising from the current legislation.
- Personal data of our employees may be processed without consent as far as necessary in terms of business relations. However, Chekici ensures the confidentiality and protection of the data of its employees. According to the Law, data related to race, ethnic origin, political thought, belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data are special categories of personal data. Chekici also takes adequate measures determined by the Board, in addition to the consent of the person concerned, in the processing of sensitive personal data. Special categories of personal data can be processed without the consent of the person, but only in relation to the cases permitted by the Law and in a limited manner.
Personal data by our company, in accordance with Article 20 of the Constitution and Article 4 of the Personal Data Protection Law (KVKK),
- In accordance with the law and honesty rules,
- Accurately and up-to-date when necessary,
- Pursuing specific, clear and legitimate purposes,
- Related with the Purpose,
- In Limited and measured way,
- By keeping it for as long as required by the laws or for the purpose of processing personal data,
- It is processed based on one or more of the conditions specified in Article 5 of the KVKK.
Personal data that shared with Chekici, is under control and supervision of Chekici. In accordance with the provisions of the applicable legislation, Chekici undertakes the responsibility as the data controller to establish the necessary organization and to take and adapt the technical measures in order to protect the confidentiality and integrity of the information. Being aware of our obligation in this regard, we would like to state that we have taken the following administrative and technical security measures. In this context, we inform you that we always update our data processing policies.
- All data received via our web or mobile applications are transferred from your computer or mobile device to our application servers with a 256-bit RSA SSL certificate compatible with TLS 1.2 standard. Your critical payment information is not kept on the servers of our application, it is encrypted in the standards required by the relevant payment system and transmitted to the relevant bank-payment system infrastructure.
- Penetration tests are carried out periodically and the system's resistance to unauthorized access is tested.
- Access authorization and control matrices have been established for employees so that personal data collected from the website or mobile application is not processed unlawfully.
- Personal data in the paper environment are strictly kept in locked cabinets and only authorized persons have access.
The rights you have in accordance with the KVKK are the obligations of Chekici. We would like to inform you that we process your personal data with this awareness and to the extent required by the legislation, in case of legal changes, we will update this information on our page in accordance with the new legislation, and you can easily follow the updates on this page at any time.
In accordance with Article 4 of the KVKK, Chekici has an obligation to keep your personal data accurate and up-to-date. In this context, in order for Chekici to fulfill its obligations arising from the current legislation, our customers are required to share accurate and up-to-date data with Chekici. If your data is changed in any way, we ask you to update your data by contacting us through the communication channels listed below.
Our company stores the personal data it processes for the periods determined by the legislation, and in the absence of a separate period specified in the legislation; Personal data is stored for the period required to be processed in accordance with the practices of our Company and the practices of commercial life, depending on the services our company provides while processing that data, and after this period, only for the periods that are necessary in practice in order to constitute evidence in possible legal disputes. After the expiry of the specified periods, the personal data in question are deleted, destroyed or anonymized. (Anonymization of personal data means that personal data cannot be associated with an identified or identifiable natural person under any circumstances, even by matching them with other data.)
5. Rights of Data Owners Arising from Law
According to Article 11 of the Law, personal data owners;
- Find out if personal data about him has been processed,
- If personal data about him/her has been processed, requesting information about it,
- Learning the purpose of processing personal data and whether they are used in accordance with the purpose,
- Knowing the third parties to whom personal data is transferred domestically or to abroad,
- Requesting correction of personal data in case of incomplete or incorrect processing,
- Requesting the deletion or destruction of personal data in the event that the reasons requiring its processing disappear, although it has been processed in accordance with the provisions of the law and other relevant laws,
- Requesting notification of the transactions made as a result of rectification, deletion and destruction requests to third parties to whom personal data has been transferred,
- Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
- It has the right to demand the compensation of the damage in case of loss due to the unlawful processing of personal data.
Paragraph 2 of Article 28 of the Law regulates that, in certain circumstances, the data owner cannot make a claim from the data controller other than the compensation of the damages. According to this,
- Personal data processing is necessary for the prevention of crime or for criminal investigation,
- Processing of personal data made public by the person concerned,
- Personal data processing is necessary for the execution of supervisory or regulation duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations in the nature of public institution, based on the authority given by the law,
- Personal data processing is necessary for the protection of the economic and financial interests of the State regarding budget, tax and financial matters,
6.Transfer of Personal Data
The sharing of personal data of our customers with third parties takes place within the framework of the consent of the customers and as a rule, personal data is not transferred to third parties without the consent of our customers.
However, due to and limited to our legal obligations, personal data is shared with courts and other public institutions. In addition, personal data is transferred to contracted third parties in order to provide the services we undertake and to control the quality of the services provided.
Necessary technical and legal measures are taken to prevent violations of rights during data transfer to third parties. However, Chekici is not responsible for any breaches that occur in the risk area of the third party's responsibility, due to the data protection policies of the third party receiving personal data.
Your personal data can be shared with program partner institutions and organizations that we cooperate with in order for Chekici to carry out our activities, domestic/foreign persons and institutions from which we receive data storage services in the cloud environment, domestic/foreign institutions that we have contracted with for sending commercial electronic messages to our customers, Interbank Card Center, banks with which we have a contract and In order to provide you with a better service and to ensure customer satisfaction, it can be shared with various domestic and foreign agencies, advertising companies and survey companies, other domestic/foreign third parties and related business partners within the scope of various marketing activities.
Personal data by our company; After the declaration of foreign principles with adequate protection by the Personal Data Protection Board, they will only be transferred to these countries. For countries that are declared not to have sufficient protection; In cases where data controllers in Turkey and the relevant foreign country undertake in writing to provide adequate protection and the Board has permission, personal data will be transferred.
7. Personal Data Categories