With our founding team; We believe that manufacturers and professionals should be free to reach their dreams, thanks to the Gotradego software we have created based on decades of industry and foreign trade experience.
AMAZING TECHNOLOGY AND MARKETING INC. PRIVACY AND PERSONAL DATA PROTECTION POLICY
1.1. This Privacy
and Personal Data Protection and Processing Policy (“Policy”) , Amazing
Teknoloji ve Pazarlama A.Ş. (“Company” and/or “ Amazing ” ) in
accordance with the provisions of the relevant legislation, especially the Law
on the Protection of Personal Data No. 6698 (“KVKK”), while fulfilling its
obligations to protect personal data and processing personal data, it
determines the principles to be followed within the Company and / or by the Company
.
1.2. The Company undertakes
to act in accordance with this Policy and the procedures to be implemented in
accordance with the Policy in terms of personal data within its own body .
this Policy is to make explanations regarding
the personal data processing activities carried out by the Company in
accordance with the law and the systems adopted for the protection of personal
data, and to protect personal data, which is a constitutional right, by
informing the identified and/or identifiable natural persons whose personal
data are processed by the Company. to ensure transparency. In this context,
obtained during the use of websites and applications ( “Site( s )” ) located
at “ gotradego.com ”,
“bigfair.com” managed by the Company and various web addresses that may be
created later by the Company, and/or from third parties or from third parties.
It is aimed to determine the conditions regarding the use of personal data
received from users.
3.1. This Policy
is implemented in the activities carried out for the processing and protection
of all personal data managed by the Company.
3.2. This Policy;
To third parties, which are processed automatically within the Company or by
non-automatic means provided that they are part of any data recording system,
especially our users, customers, suppliers, employee candidates, employees,
partners, officials and/or employees of institutions and organizations we
cooperate with. regarding all personal data. Users who save/submit their
personal data to the Sites by using the Sites and users who have accepted the
Website Terms of Use and Membership Agreement will be deemed to have accepted
this Policy . This Policy will also be informative regarding the processing of
personal data of users outside of the membership relationship.
3.3. This Policy
does not apply to data that does not qualify as personal data.
3.4. This Policy
may be amended from time to time with the approval of the Company's board of
directors, if required by personal data protection legislation.
this Policy have the following meanings;
“Explicit Consent” means the consent expressed by the data owner/relevant person on the
basis of being informed about the processing of their personal data and with
free will.
“Constitution” means
the Constitution of the Republic of Turkey, dated 7 November 1982 and numbered
2709, published in the Official Gazette dated 9 November 1982 and numbered
17863.
“Employees and Officials of the
Institutions with which we are in Cooperation” means
the employees of the institutions and organizations with which the Company has
all kinds of relations and the authorities of these institutions and
organizations.
“Destruction” refers
to the deletion, destruction or anonymization of personal data.
“Recording Medium” refers to any recording medium containing personal data that is fully
or partially automated or processed by non-automatic means, provided that it is
a part of any data recording system.
“Personal Data( s )” means any information relating to an identified or identifiable natural
person (within the scope of this Policy, the term “Personal Data” will include
“Special Personal Data” defined below as appropriate ).
“Personal Data Inventory” means the personal data processing activities carried out by the Company in
connection with its business processes; It refers to the inventory, which is
created by associating personal data processing purposes, data category,
transferred recipient group and data subject group, by detailing the maximum
time required for the purposes for which personal data is processed, the
personal data envisaged to be transferred to foreign countries and the measures
taken regarding data security.
"Personal Data Processing" - Obtaining, recording, storing, preserving, changing, rearranging,
disclosing, transferring, taking over, making available the Personal Data by
fully or partially automatic or non-automatic means provided that it is a part
of any data recording system means all kinds of operations performed on data
such as classification or prevention of use.
“Anonymization of Personal Data” means that personal data cannot be associated with an identified or identifiable
natural person in any way, even if it is matched with other data.
“Deletion of Personal Data” means the process of making personal data inaccessible and unusable for
the relevant users in any way.
“Destruction of Personal Data” means the process of making personal data inaccessible, unrecoverable
and unusable by anyone in any way.
“Member/User” refers
to the person(s) who use and subscribe to gotradego.com , bigfair.com and websites and applications
that are likely to be developed by the Company in the future .
“Board” means the
Personal Data Protection Board.
“Institution” means
the Personal Data Protection Authority.
“KVK Regulations” The
Law No. 6698 on the Protection of Personal Data and other relevant legislation
on the protection of personal data, binding decisions, policy decisions,
provisions, instructions and applicable international agreements on data
protection and all other applicable laws and regulations issued by regulatory
and supervisory authorities, courts and other official authorities. means any
kind of legislation.
“Special Quality Personal Data” refers to the data about the race, ethnic origin, political opinion,
philosophical belief, religion, sect or other beliefs, costume and clothing,
membership to associations, foundations or unions, health, sexual life,
criminal convictions and security measures. refers to biometric and genetic
data.
“Periodic Destruction” means the deletion, destruction or anonymization process that will be
carried out ex officio at repetitive intervals in case all personal data
processing conditions disappear .
“Data Processor” refers
to the natural or legal person who processes personal data within the
organization of the data controller or in line with the authorization and
instruction received from the data controller.
“Data Owner/Relevant Person” means the natural person whose personal data are processed by the
Company.
“Data Controller” refers
to the natural or legal person who processes personal data by specifying the
processing purposes and ways of processing, and who is responsible for
establishing and managing the data recording system.
“Visitor” refers
to natural persons who have entered and/or visited the physical premises of the
Company or the company headquarters for various purposes.
“Customer” refers
to the real persons who have purchased or will receive services from the
Company through online sales channels such as the website and mobile
applications or the channels through which it sells through intermediary
service providers .
5. PROTECTION OF
PERSONAL DATA
has the right to demand the protection of
their Personal Data . With this Policy, the Company; In accordance with Article
12 of the KVKK , it takes the necessary administrative and technical measures
to prevent the unlawful processing of personal data, to prevent unlawful access
to personal data and to ensure the preservation of personal data, and to carry
out and have the necessary inspections done in this context.
The main measures taken by the Company
regarding “data security” in accordance with Article 12 of the KVKK are listed
below.
· By analyzing the personal data processed by
the company, the risks that may arise regarding the protection of this data are
determined.
are analyzed in detail by all business units
and departments , and as a result of this analysis, a personal data inventory
is created. Risky areas in this inventory are determined and necessary legal
and technical measures are taken.
· Personal data processing activities carried
out by the company are audited by information security systems, technical
systems and legal methods, and expert personnel are employed within the scope
of technical issues.
Company employees are informed that the
personal data they learn will not be disclosed to others in violation of the
provisions of the KVKK and relevant legislation and will not be used for
purposes other than processing, and that this obligation will continue after
they leave their duties, and necessary commitments are taken from them in this
direction.
· The service providers with whom the Company
has a relationship and, without limitation, other third party business partners
are informed about the law of personal data protection and taking necessary
measures in accordance with this law, and these issues are contractually
charged .
· Necessary audits are carried out by the
Company for the purpose of continuity in protecting personal data and taking
the necessary measures in accordance with this law.
· Necessary technical measures are taken by
the Company to ensure the protection of personal data and are regularly
reported to the relevant person (Directorate of Information Technologies).
After reviewing the report, the relevant people work to produce the necessary
technological solutions.
· The company uses software with virus
protection systems and firewalls and installs backup programs for the safe keeping
of personal data.
· The personal data stored in the Electronic
Recording Environment are limited to the access of the relevant users, and the
authorizations are reviewed regularly. Files stored in the Physical Recording
Environment are kept in archive cabinets within the Company and then destroyed
according to the determined procedures .
a data breach response plan has been prepared,
which stipulates that this situation is reported to the Data Owner and the
Board as soon as possible.
Protection of Special Quality Personal Data
Special Quality Personal Data are data that are
sensitively and meticulously protected by the Company and are given special
importance in accordance with KVKK due to the risk of causing victimization and
discrimination of individuals when processed unlawfully.
The Company carries out the necessary
activities to ensure the security of Special Quality Personal Data and takes
the necessary technical and administrative measures in order to comply with the
legal requirements and the adequate measures specified by the Board in order to
ensure that these data are processed in accordance with the KVKK Regulations .
6. PRINCIPLES OF PERSONAL DATA
PROCESSING
The company, pursuant to Article 4 of the KVKK
; Processes personal data in accordance with the law and honesty rules
regarding the processing of personal data, accurately and, when necessary, for
current, specific, clear and legitimate purposes, in connection with the
purpose, in a limited and measured manner:
6.1. Processing of Personal Data in
Compliance with the Law and the Rules of Integrity
Personal Data is processed by the Company in
accordance with the law and the rules of honesty and on the basis of
proportionality. In this context, the Company does not use personal data other
than for the purpose for which it is processed, taking into account the
proportionality requirements in the processing of personal data.
6.2. Taking Necessary Precautions to
Keep Personal Data Accurate and Up-to-Date When Necessary
the Personal Data to be complete, accurate and
up-to-date, the Company takes the necessary measures, taking into account the
fundamental rights of the personal data owners and their own legitimate
interests, and updates the relevant Personal Data in case the Data Owner requests
a change in the Personal Data .
6.3. Processing of Personal Data
for Specific, Legitimate and Clear Purposes
Before the Personal Data is processed, the
purpose for which the Personal Data will be processed is determined by the
Company. The Company processes Personal Data to the extent necessary for and in
connection with its commercial activities. In this context, the Data Owner is
informed within the scope of KVKK Regulations and Explicit Consent is obtained
when necessary.
6.4. Personal Data
Being Related to the Purpose for which they are Processed, Limited and Measured
The Company processes Personal Data only in
exceptional cases within the scope of KVKK Regulations (Articles 5.2 and 6.3 of
the KVKK ) or for the purpose within the scope of the Explicit Consent from the
Data Owner (Article 5.1 and Article 6.2 of the KVKK) and in accordance with the
principle of proportionality. The Company avoids the processing of Personal
Data that is not related to the realization of the purpose and is not needed .
6.5. Retention of
Personal Data as Necessary and Deletion Afterward
6.5.1. The Company retains Personal Data for as long as required by the relevant
legislation or for the purpose for which they are processed. If the Company
wishes to retain Personal Data for a longer period than required by the
relevant legislation or the purpose of Personal Data Processing , the Company
acts in accordance with the obligations set forth in the KVKK Regulations .
6.5.2. Personal
Data is deleted, destroyed or anonymized after the period required for the
purpose of Personal Data Processing has expired. In this case, the third
parties to whom the Company transfers Personal Data are also provided to
delete, destroy or anonymize the Personal Data .
7. PROCESSING PERSONAL DATA
Personal
Data can only be processed by the Company within the scope of the procedures
and principles set forth below in accordance with Articles 5 and 6 of the KVKK
.
7.1. Open Consent
7.1.1. Personal
Data is processed after the notification to be made within the framework of
fulfillment of the Information Obligation to the Data Owner and if the Data
Owner gives Explicit Consent.
7.1.2. Before the
Explicit Consent is obtained within the framework of the Disclosure Obligation,
the Data Owner is informed of their rights. 7.1.3. The Explicit Consent
of the Data Owner is obtained in accordance with the KVKK Regulations .
Explicit Consent is provably maintained by the Company for the required period
of time within the scope of KVKK Regulations.
7.2. Processing of Personal Data without
Explicit Consent
7.2.1. In cases
where the Processing of Personal Data is envisaged without the Explicit Consent
within the scope of the KVK Regulations (Articles 5.2 and 6.3 of the KVKK), the
Company may process the Personal Data without applying the Explicit Consent of
the Data Owner . In case the Personal Data is processed in this way, the
Company processes the Personal Data within the limits drawn by the KVKK
Regulations .
In this context:
7.2.1.1. Personal
Data may be processed by the Company without Explicit Consent in order to
protect the life or physical integrity of the Data Owner and/or a person other
than the Data Owner , who is unable to express his or her consent due to actual
impossibility or whose consent is not legally valid .
7.2.1.2. If the
conditions are directly related to the establishment, implementation,
performance or termination of a contract, the Personal Data of the parties to
the contract may be processed by the Company without the Explicit Consent of
the Data Owner .
7.2.1.3. If the
Processing of Personal Data is mandatory for the Company to fulfill its legal
obligation, Personal Data may be processed by the Company without the Explicit
Consent of the Data Owner .
7.2.1.4. Personal
Data made public by the Data Owner may be processed by the Company for the
purpose of making it public, without obtaining the Explicit Consent.
7.2.1.5. If the processing of Personal Data without express consent is the only possible way for the
establishment, exercise or protection of a right, Personal Data may be
processed by the Company within the knowledge of the Data Controller without
obtaining Explicit Consent .
7.2.1.6. Provided that it does not harm the
fundamental rights and freedoms of the Data Owner ,
Personal Data may be processed by the Company without Explicit Consent, if data
processing is necessary for the Company's legitimate interests.
8. PROCESSING OF
SPECIAL QUALITY PERSONAL DATA
8.1. Special
Quality Personal Data can only be processed if the Explicit Consent of the Data
Owner is available or if it is expressly required by law in terms of Sensitive
Personal Data other than sexual life and personal health data.
8.2. Personal Data
related to health and sexual life can only be processed without express consent
for the purposes of protecting public health, preventive medicine, medical
diagnosis, treatment and care services, planning and management of health
services and financing. Therefore , until otherwise stipulated in the KVKK
Regulations , personal health data and sexual life data can only be processed
within the scope of Explicit Consent or by the Company physician who is under
the obligation to keep secrets.
8.3. Adequate
precautions determined by the Board are taken while Processing Special Quality
Personal Data.
9. METHODS
OF COLLECTION OF PERSONAL DATA
The Company collects Personal Data in
accordance with the principles described above . In this context, Personal Data
is collected using the following methods:
· Personal Data Given Directly to the
Company: Refers to the personal data you provide on your own initiative
before or during the use of the Site or during registration in order to benefit
from the services offered by the Company or to be included in the Company's
expert network . This personal data includes all Personal Data given directly
to the Company by the Users . The Sites will not allow you to transfer Personal
Data to the Company unless this Policy approves .
· Data We Obtain When You Use the Sites:
While using the Site , we access some data of the Users that do not contain
personal information , through certain software or technological tools . This
information is collected through various technologies and does not contain any
information that identifies you. This information is collected by the Company
or by companies that provide services to the Company. This information includes
the number of people using the Site on a daily basis, the countries or cities
from which the users are accessing the Site , How long he stays on the site ,
etc. are statistical information. The Company may share this information, which
does not contain Personal Data, with its affiliates, business partners or 3rd
parties. Amazing may provide this statistical data to existing and potential
business partners or 3rd parties in order to identify its services.
The Company, as a data controller, within the
framework of its legal obligations arising from KVKK ; You can use the services
of our brands and websites, to inform you about our campaigns with your
approval, to record your suggestions and complaints, to create better service
standards for you, to determine and implement Amazing commercial and business
strategies. and similar means orally, in writing or electronically.
9. DELETING,
DESTROYING AND ANNOUNCEMENT OF PERSONAL DATA
9.1. Although the personal data has been
processed in accordance with the provisions of the relevant law in line with
the regulation of Article 138 of the Turkish Penal
Code No. 5237 and Article 7 of the KVKK , in case the reasons requiring
processing are eliminated, the Company may ex officio and/or the Data Owner in
this direction. In case of a request, the relevant Personal Data is deleted,
destroyed or anonymized.
9.2. In cases
where the Company has the right and/or obligation to preserve personal data in
accordance with the provisions of the relevant legislation, the right not to
fulfill the Data Owner's request is reserved.
9.3. The Company
does not store Personal Data considering the possibility of its use in the
future.
10. TRANSFERRING PERSONAL DATA AND
PROCESSING PERSONAL DATA BY THIRD PARTIES
10.1. Purpose of Transferring Personal Data
to Third Parties
10.1.1. The
Company may transfer the Personal Data it obtains to a third natural or legal
person in accordance with the KVKK Regulations . In this case, the Company
ensures that the third parties to which it transfers Personal Data also comply
with this Policy . In this context, necessary protective regulations are added
to the contracts concluded with the third party.
10.1.2. The
Company, the User's Personal Data and the new data obtained using this Personal
Data , the purposes specified in the Website Membership Agreement, the
performance of the Services, the transfer of the Company to another company
through merger or transfer, the Company's or its officials/shareholders partner
or cooperate with companies or merge their business with another company,
Improving the user experience (including improvement and personalization),
ensuring the security of users, detecting fraud, developing services ,
operational evaluation research outsourcing service providers, cargo companies,
law firms, research companies, call centers, software companies for complaint
management and security, agencies, consultancy companies, Framework agreement
for payment institutions operating within the scope of the permission granted
by the Turkish Banking Regulation and Supervision Agency, companies in the
printing industry, social media channels, customers we serve, suppliers, audit
companies or public institutions or organizations that are authorized to
request this data as required by a legal obligation. may share it with the
relevant payment institutions and, without limitation, the relevant authority
and third parties for identity verification purposes.
10.2. Transfer of Personal Data to Third
Parties in Turkey
10.2.1. Personal
Data, in exceptional cases specified in Article 5.2 and Article 6.3 of the
KVKK, without express consent or in other cases with the explicit consent of
the data owner (Article 5.1 and Article 6.2 of the KVKK), to the affiliates of
the Company in Turkey, cooperation It may be transferred to service providers
or related third parties.
10.2.2. The Company is responsible for
ensuring that the transfer of Personal Data to third
parties in Turkey complies with the KVK Regulations .
10.3. Transfer to Third Parties Located
Abroad
10.3.1. Personal
Data can be provided to the Company's subsidiaries abroad, without express
consent in exceptional cases specified in KVKK Article 5.2 and Article 6.3, or
with the condition of obtaining the Explicit Consent of the Data Subject in
other cases (KVKK Article 5.1 and Article 6.2). service providers and related
third parties.
10.3.2. In case the Personal Data is transferred without express consent in accordance with
the KVK Regulations , one of the following conditions must also exist in terms
of the foreign country to which it will be transferred:
·
The foreign country to which the
Personal Data is transferred is in the status of countries with adequate
protection by the Board (for the list, please follow the current list of the
Board),
·
If the foreign country where the
transfer will take place is not included in the Board's list of safe countries,
the Company and the Data Controllers in the relevant country make a written
commitment to ensure adequate protection and obtain permission from the Board.
10.3.3. Company employees and Data
Controller are jointly responsible for ensuring that
the transfer of Personal Data to third parties abroad complies with the KVKK
Regulations .
11. RIGHTS OF THE DATA SUBJECT
11.1. The Company responds
to the below-mentioned requests of the Data Owner , whose Personal Data it
holds, in accordance with the KVKK Regulations :
11.1.1. Learning
whether Personal Data is processed by the company,
11.1.2. Requesting
information regarding the processing of Personal Data,
11.1.3. Learning
the purpose of processing Personal Data and whether they are used in accordance
with its purpose,
11.1.4. Knowing
the third parties to whom Personal Data is transferred in the country or
abroad,
11.1.5. Requesting
correction of Personal Data in case of incomplete or incorrect processing by
the Company,
11.1.6. Requesting
the Deletion, Destruction or Anonymization of Personal Data by the Company in
case the reasons requiring the processing of Personal Data are eliminated, in
order to be evaluated within the principles of purpose, duration and
legitimacy,
11.1.7. 11.1.5 and
11.1.6. Requesting notification of the transactions made within the scope of
the articles to the third parties to whom the personal data has been
transferred,
11.1.8. Objecting
to this result in case a result against the Data Subject arises in case the
processed Personal Data is analyzed exclusively through automated systems,
11.1.9. Requesting
the compensation of the damage in case the Personal Data is processed
unlawfully and the Owner suffers damage due to this reason.
where the Data Owner wishes to exercise his
rights and/or thinks that the Company does not act within the scope of this
Policy while processing Personal Data, he/she may submit his/her requests with
secure electronic signature to the e-mail address given below and which may change
from time to time, or to the following and It can be delivered by hand with
documents identifying their identity and a petition with a wet signature to the
postal address, which may change from time to time, or send it through a notary
public.
Data Supervisor : Amazing Teknoloji ve Pazarlama A.Ş.
MERSIS Number : 0325048661100017
Email : info
@amazingtam.com
Post :
Zeybek Mahallesi Zeybek 3 Caddesi Külleci Apartments Sit. Apt. No: 2/2
Efeler/Aydin
11.2. In case the Data
Owner submits their requests regarding the rights listed above to the Company
in writing, the Company concludes the request free of charge within 30 (thirty)
days at the latest, depending on the nature of the request. In the event that a
separate cost arises for the conclusion of the requests by the Data Controller,
the fees in the tariff determined by the Personal Data Protection Board may be
requested by the Data Controller. The Data Controller accepts the request or
rejects it by explaining its reason and notifies the relevant person in writing
or electronically. If the request in the application is accepted, the data
controller fulfills its requirements. If the application is due to the fault of
the Data Controller , the fee will be returned to the relevant person.
12. DATA MANAGEMENT
AND SECURITY
12.1. All
employees involved in the relevant process are jointly and severally
responsible for the protection of Personal Data in accordance with this Policy
and KVKK .
12.2. Personal
Data Processing activities are audited by the Company with technical systems
according to technological possibilities and application cost.
12.3. Personnel
knowledgeable in technical matters related to Personal Data Processing
activities are employed.
12.4. Company
employees are informed and trained about the protection and legal processing of
Personal Data .
12.5. Company employees can
access Personal Data only within the authorization defined for them and in
accordance with the relevant KVKK . Any access and processing done by the
employee in excess of his/her authority is against the law and is a reason for
termination of the employment contract with just cause.
12.6. Each
person assigned a Company device is responsible for the security of the devices
allocated to his/her own use.
12.7. Each Company employee or
person working within the Company is responsible for the security of the
physical files within their area of responsibility.
12.8. In the event that there are
security measures requested or to be requested additionally for the security of
Personal Data within the scope of KVK Procedure, all employees are obliged to
comply with additional security measures and to ensure the continuity of these
security measures.
12.10. Software and hardware
including virus protection systems and firewalls are installed in accordance
with technological developments in order to keep Personal Data in secure
environments at the Company.
12.11. The Company uses backup
programs and takes adequate security measures to prevent the loss or damage of
Personal Data .
12.12. Documents containing
Personal Data at the Company are protected by encrypted (encrypted) systems. In
this context, Personal Data is not stored in common areas and on the desktop.
Files and folders containing Personal Data , etc. documents are not moved to
the desktop or public folder, without the prior written consent of the Company
, the information on the Company computers can be transferred to USB, etc. It
cannot be transferred to another device, cannot be taken out of the Company.
12.13. All of the Personal Data
processed within the Company are considered as “Confidential Information” by
the Company.
12.14. Company
employees have been informed that their obligations regarding the security and
confidentiality of Personal Data will continue after the termination of the
business relationship, and a commitment has been received from the Company
employees to comply with these rules.
13.1. The Company provides its
employees with the necessary training on the protection of Personal Data within
the scope of the Policy and the KVK Procedures in its annex and the KVKK
Regulations.
13.2. In the trainings , the
definitions and protection of Special Quality Personal Data are especially
mentioned.
13.3. If the Company employee
accesses Personal Data physically or on a computer, the Company provides
training to the relevant employee regarding these accesses (for example, the
accessed computer program).
officio audit that all employees, departments and
contractors of the Company act in compliance with this Policy and KVK
Regulations , without any prior notice , and performs the necessary routine
audits in this context. The company creates a KVK Procedure regarding these
audits, submits it to the approval of the Board of Directors and ensures the
implementation of the aforementioned procedure .
15.1. Each
employee of the Company reports to the authorities the work, transaction or
action that he or she considers to be contrary to the procedures and principles
set forth in the KVK Regulations and within the scope of this Policy. In this
context, the Company creates an "Incident Response Plan" in
accordance with this Policy and KVK Procedures for the relevant violation .
15.2. As a result
of the notifications, the Company prepares the notification to be made to the
Owner or the Institution regarding the violation, taking into account the
provisions of the applicable legislation on the subject, especially the KVK
Regulations.
Responsibilities within the company are
respectively employee, department and company officials. In this context; The
officials responsible for the implementation of the Policy are appointed by the
Company management, and changes are made in this context in the same way.
17.1. This Policy
may be changed by the Company from time to time with the approval of the
Company management.
17.2. The Company shares the updated Policy
text with its employees via e-mail so that the changes it has made on the
Policy can be reviewed, or makes it available to the
employees and the Data Owner via the web address below .
Related web address: www.gotradego.com
18. EFFECTIVE DATE
OF THE POLICY
This version of this Policy [.].[.]. It
was approved by the Company in 2021 and entered into force.
AMAZING TECHNOLOGY AND MARKETING INC.
