KVKK Info

PRIVACY POLICY AND PERSONAL DATA CLARIFICATION TEXT

DCP Governance and Information Technologies Inc. (DCP Trust), we care your privacy and data security. The protection of your data and privacy is not only a legal obligation for us but also a fundamental commitment for you, our customers, and business partners, to make your savings with our business model safely and with peace of mind.

The purpose of this Policy is to share with you the general understanding and spirit of our Company regarding the personal data or non-personal data that we contact under the Personal Data Protection Law numbered 6698; In this context, to inform our visitors. In this context, DCP Trust fulfills its obligations arising from the Law regarding the processing, deletion, destruction, anonymization, transfer of personal data, enlightening the data subject, and ensuring data security within the scope of the principles stipulated in the Law. In this Policy, we will inform you about processing personal data in the best way possible.

Your personal data are processed for different legal reasons depending on the nature of your legal relationship with the DCP Trust (for example, customer, customer candidate, employee, employee candidate, physical visitor, online visitor, business solution partner/supplier). Likewise, depending on the nature of the process (for example, call center or activity processes), we collect different types of personal data.

Among these personal data processing activities, we share the legal reason for personal data processing activities within the scope and boundaries that may be open to the public for the Data Subject, hich are not covered under this Policy. The data categories collected and the details of other processing activities in the relevant clarification text will be shared with you. Please refer to the relevant clarification texts regarding the matters not included in this Policy.

DEMO AND INFORMATION REQUEST CLARIFICATION TEXT
COOKIE POLICY

1. Definition

In this policy:

Anonymization: Making personal data unacceptable to an identified or identifiable real person under any circumstances, even by matching other data,

Anonim Hale Getirme: Kişisel verilerin, başka verilerle eşleştirilerek dahi hiçbir surette kimliği belirli veya belirlenebilir bir gerçek kişiye ilişkilendirilemeyecek hale getirilmesini,

Data Subject: The real person whose personal data is processed,

Web Site: The web site belonging to DCP Trust, DCP Trust’a ait olan ve alan adresinde yer alan internet sitesini,

Personal Data: All kinds of information regarding an identified or identifiable real person, Kimliği belirli veya belirlenebilir gerçek kişiye ilişkin her türlü bilgiyi,

Personal Data Processing: Obtaining, recording, storing, modifying, rearranging, disclosing, transferring, taking over, making available, classifying, or using personal data by non-automatic means, provided that they are fully or partially automatic or part of any data recording system Any operations performed on such data,

Law: Law No. 6698 on the Protection of Personal Data,

User: The person who has a user account on the Platform and uses the Platform in order to benefit from the services offered by DCP Trust,

Platform/s: Platform offered by DCP Trust, with solutions that allow legal person data controllers who process personal data to manage their data governance processes,

Policy: This Privacy Policy and Personal Data Text,

Data Controller: The real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,

Visitors: Everyone visiting the web page.

 

2. Personal Data Collecting Methods and Legal Reasons

Our company processes personal data from personal direct business partnership activities, procurement processes of goods or services, from data learned in audio, electronic or written form through internet environment, application, physical conditions, e-mail, fax, and other communication channels. It operates under the following objectives, especially the planning and management of business partnership processes and the planning and execution of goods and service procurement processes.

The information below has been specified separately in the case of the Data Subject being a User and a Visitor; It will be applied according to the data subject’s title.

a) Data Category and Data Types

User Identity Information Name, Surname, Identity Number
Contact Information Address, e-mail address and mobile phone number
Security IP adress, web site and login-logout information, password information and data gathered with cookies.
Visitor Security Information collected through IP address information, website login and logout information, code and password information, document timestamp and cookies

 

b) Legal Reasons

The personal data mentioned above, for the purposes listed below, which are the subject of the Data Subject’s disclosure of this data to DCP Trust; It can be processed within the scope of personal data processing conditions specified in Articles 5 and 6 of the Law. The legal reasons for each data category are clearly stated below:

User Identity and Contact Information
  • Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract,
  • When data processing is mandatory for the establishment, use or protection of a right.
Security
  • Clearly stipulated in laws,
  • Mandatory for DCP Trust to fulfill its legal obligation.
Visitor Security
  • Clearly stipulated in laws,
  • Mandatory for DCP Trust to fulfill its legal obligation.

 

3. For What Purpose Personal Data Will Be Processed

Within the scope of this Policy, the personal data of the Data Subject are processed for the following purposes in accordance with the general conditions specified in this Policy:

User Identity and Contact Information
  • Carrying out loyalty processes to company / products / services
  • Following and carrying out legal affairs
  • Conducting communication activities
  • Execution / supervision of business activities
  • Carrying out activities to ensure business continuity
  • Carrying out after-sales support services
  • Execution of service sales processes
  • Execution of service production and operation processes
  • Execution of customer relationship management processes
  • Carrying out activities for customer satisfaction
  • Conducting advertisement / campaign / promotion processes
  • Execution of contract processes
  • Follow up of requests / complaints
Security
  • Execution of information security processes
  • Conducting audit / ethical activities
  • Execution of access rights
  • Execution / supervision of business activities
  • Carrying out activities to ensure business continuity
  • Giving information to authorized persons, institutions and organizations
Visitor Security
  • Execution of information security processes
  • Conducting audit / ethical activities
  • Execution of access rights
  • Execution / supervision of business activities
  • Carrying out activities to ensure business continuity
  • Giving information to authorized persons, institutions and organizations

 

4. To Whom and What Purpose Personal Data Can Be Transfered

The Company takes care to process your data under the "need to know" and "need to use" principles by providing the necessary data minimization and taking the required technical and administrative security measures. However, we have to transfer the personal data we process to third parties for specific purposes. The execution or supervision of business activities, ensuring business continuity, and digital infrastructures' operation require continuous data flow with different stakeholders. Besides, your data must be accurate and up-to-date to fully and adequately fulfill their contractual and legal obligations. For this, we have to work with various business partners and service providers. Under all circumstances, personal data transfers are carried out through secure media and channels.

DCP Trust may transfer personal data related to Users and Visitors for the following purposes and to the following persons:

Data Subject Transfer Purpose and Transferred Group
User
  • To share contact information with the providers for sms and email purposes;
  • Sharing personal data with a lawyer to carry out legal processes and/or obtain consultancy services;
  • Sharing electronic member data with suppliers for storage;
  • Website usage preferences and browsing history, sharing with suppliers for segmentation;
  • Transfer of user data to DCP Trust's business partners and shareholders due to the measurement and reporting, and commercial relations of DCP Trust with business partners/shareholders.
Visitor
  • Execution of information security processes

 

5. Technical and Administrative Measures Taken to Ensure the Security of Personal Data

DCP Trust undertakes to take all necessary technical and administrative measures and show due diligence to ensure your data's confidentiality, integrity, and security. In this context, we take the necessary measures to prevent personal data misuse, illegal processing, unauthorized access to data, disclosure, modification, or data destruction.

DCP Trust takes the following technical and administrative measures to prevent unlawful access to the personal data it processes, to prevent unlawful processing of these data, and to ensure the protection of personal data:

Anti-virus applications. A periodically updated anti-virus application is installed on all computers and servers in the information technology infrastructure of DCP Trust.

Firewall. DCP Trust sunucularını barındıran veri merkezi ve felaket kurtarma merkezleri periyodik olarak güncellenen yazılım yüklü firewalllarca korunmakta olup; ilgili yeni nesil firewalllar tüm personellerin internet bağlantılarını kontrol etmekte ve bu kontrol sırasında virüs ve benzeri tehditlere karşı koruma sağlamaktadır.

VPN. Suppliers; DCP Trust can access its servers or systems via SSL-VPN defined on Firewalls. A separate SSL-VPN definition has been made for each supplier; with the description made, the supplier only provides access to the systems it needs to use or authorized.

User Definitions. DCP Trust employees' authority to DCP Trust systems is limited only to the extent required by job descriptions; In case of any change of power or duty, its systemic authorizations are also updated.

Information Security Threat and Incident Management. Incidents in DCP Trust servers and firewals are transferred to Information Security Threat and Incident Management system. This system warns the responsible personnel when a security threat occurs and provides the opportunity to respond to the threat immediately.

Penetration Test. DCP Trust periodically applies penetration tests to the servers in it’s systems. The security gaps resulting from this test are closed, and a verification test is performed to show that the relevant security gaps have been completed. Besides, the Information Security Threat and Incident Management system is automatically tested for penetration.

Information Security Management System (ISMS). The topics included in the control forum at ISMS meetings established within DCP Trust are audited monthly by the information technology director and financial affairs manager.

Training . In order to increase the awareness of DCP Trust employees against various information security violations and to minimize the impact of the human factor in information violation incidents, employees are trained at regular intervals.Pseudonymous data. It uses the Pseudonymization (pseudonymized data) method for all secondary data processing other than the primary processing purpose (Example: Ahmet Yılmaz> “A… Y…”).

Pseudonymous data. It uses the Pseudonymization (pseudonymized data) method for all secondary data processing other than the primary processing purpose (Example: Ahmet Yılmaz> “A… Y…”).

Physical Data Storage. It ensures that the personal data in the paper is kept in lockers and accessed only by authorized persons.

Deletation of Cookies. Personal data processed through cookies belonging to third parties from which the service is obtained deleted from third parties' systems if the membership is terminated.

Although DCP Trust takes the necessary information security measures, if personal data is damaged as a result of attacks on the Website, Platforms or DCP Trust system, or in the hands of unauthorized third parties, DCP Trust immediately informs the Related Persons and the Personal Data Protection Board and takes the necessary measures.

6. Conditions for Storage, Deletion, Destruction and Anonymization of Personal Data

DCP Trust keeps the personal data it processes under the Law for the periods stipulated in the relevant legislation or required by the purpose of processing.

DCP Trust collects personal data from physical, electronic, website, e-mail channels as part of its business processes and stores it for the periods stipulated by the relevant laws and/or the periods required by the processing purpose under Article 7, 17 of the Law and Article 138 of the Turkish Penal Code. If these periods expire, they will delete, destroy, or anonymize under the Regulation's provisions on the Deletion, Destruction or Anonymization of Personal Data and the Guide on Deletion, Destruction or Anonymization of Personal Data.

7. Data Subject Rights

The rights of the relevant person under the Article 11 of the Law are as follows:

  • To learn if personal data is processed or not,
  • Gather information if it is processed,
  • The purpose of processing and learn if it is used properly,
  • Learn the third parties transferred in the country or aboard,
  • To request correction of personal data in case of incomplete or incorrect processing,
  • To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
  • Request notification of the transactions made under paragraphs (d) and (e) of Article 7 of the Law to third parties to whom personal data are transferred,
  • Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
  • To request the compensation of the damage in case of damage due to the processing of personal data illegally.

 

As data subjects, in order to express your requests regarding your rights and exercise your rights on your data under the Communiqué on Application Procedures and Principles to the Data Supervisor, you may fill in the Data Subject Request Form and send it to [email protected] or İzzetpaşa Mah. Abide-i Hürriyet Cad. No: 158/4 Şişli / İstanbul, you can contact us at (0532) 266 14 10.

If you submit your requests to us using the specified methods, DCP Trust will finalize the proposal as soon as possible and free of charge within thirty days at the latest, depending on the nature of your request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board will be charged by DCP Trust.

In the application containing your explanations regarding the right you have as a data subject, you will make to exercise your rights stated above and request to use, the subject you request must be clear and understandable. Your request is also related to your party. If you are acting on behalf of someone else, you must be specially authorized and document your authorization. The application must include your identity and address information. Documents certifying your identity must be attached to the application.

DEMO AND INFORMATION REQUEST CLARIFICATION TEXT

I. Data Subject

Under the Personal Data Protection Law (Law), numbered 6698, your data is processed by DCP Governance and Information Technologies Inc. (Company), as the data controller, under the conditions described below.

II. Processed Data and Data Categories

The company may process data subject’s identity information; name-surname, communication information; mobile phone and e-mail address, company name, and other information that users wish to share via Demo Request or Information Request.

For users creating a demo account, data, and data categories below can be processed:

User Identity Information Name, Surname, Identity Number
Contact Information Address, e-mail address and mobile phone number
Security IP adress, web site and login-logout information, password information and data gathered with cookies.

 

III. Methods of Collecting Personal Data and Legal Reasons

Our company gathers personal data directly from you, our customers, in the form of data learned electronically or in writing through the "Demo Request" or "Information Request" tab. The personal data obtained under the personal data processing conditions specified in the Law and the relationship's performance will be between you and us. And to ensure compliance of the activities with the legislation, limited to the following purposes, provided that we establish a contractual relationship with you or are directly related to our performance obligation arising from this contract, it is necessary to process your data. It is also required to fulfill our legal obligation (for example, approval and registration processes for commercial electronic messages). Where necessary, your explicit consent from you is processed in line with legal reasons. Identity and contact information for our demo account users; Provided that it is directly related to the establishment or execution of a contract, the processing of personal data belonging to the contract parties is necessary, and data processing is required for the establishment, exercise, or protection of a right.

IV. For Which Purpose Personal Data Will Be Processed

Communication, in particular, to establish a contractual relationship with you and manage all phases of this contract process, to plan and execute end-to-end marketing processes, to prepare and present the most relevant offer to you, to ensure information security and legal transaction security, and to ensure that activities are carried out under the legislation. Actions, providing your data's accuracy, performing statistical evaluations and market research, conducting customer relationship management processes, conducting activities aimed at customer satisfaction, and carrying out products/services' marketing processes.

V. Transfer of Processed Personal Data

Your data is limited to the realization of the purposes mentioned above and the fulfillment of these purposes; Our service providers are providing our IT infrastructure, our solution partners in the field of communication and electronic communication, with the relevant service providers and business partners to communicate with the customer in line with their likes and preferences, profiling, segmentation, analysis, usage preferences, privatization of the services offered, marketing and advertising services in this field With our business partners and service providers, the Ministry of Commerce and its authorized company in the context of recording the message management system (MMS) for the management of messages, and with the authorized commercial message infrastructure provider for message delivery, our relevant business partners, our consultants for the management of financial processes, detection, and evaluation of risks, prevention of fraud. And our service providers, our business partners who provide services in the field of quality control, complaint management and risk analysis, and relevant lawyers, auditors and experts within the scope of fulfilling legal obligations; it may be shared with supervisory and supervisory institutions and competent authorities such as courts and enforcement offices for the purposes specified in this text.

Your data is limited to the realization of the purposes mentioned above and the fulfillment of these purposes; Our service providers are providing our IT infrastructure, our solution partners in the field of communication and electronic communication, with the relevant service providers and business partners to communicate with the customer in line with their likes and preferences, profiling, segmentation, analysis, usage preferences, privatization of the services offered, marketing and advertising services in this field With our business partners and service providers, the Ministry of Commerce and its authorized company in the context of recording the message management system (MMS) for the management of messages, and with the authorized commercial message infrastructure provider for message delivery, our relevant business partners, our consultants for the management of financial processes, detection, and evaluation of risks, prevention of fraud. And our service providers, our business partners who provide services in the field of quality control, complaint management and risk analysis, and relevant lawyers, auditors and experts within the scope of fulfilling legal obligations; it may be shared with supervisory and supervisory institutions and competent authorities such as courts and enforcement offices for the purposes specified in this text.

VI. Data Subject Rights

As the person whose personal data is processed, to use your requests under the Communiqué on Application Procedures and Principles to Data Supervisor, within the scope of Article 11 of the Law, regulating the rights of the data subject, (learning to process personal data, requesting information about the processing, learning the suitability of the processing, knowing the persons to whom the transfer is made, requesting correction of incomplete or incorrect processing, deletion or destruction, request notification of all automated transactions to third parties, objection to the analysis, demanding compensation), you can fill out the Data Subject Request Form and send it to [email protected] or İzzetpaşa Mah. Abide-i Hürriyet Cad. No: 158/4 Şişli / İstanbul, you can contact us at (0532) 266 14 10.

VII. Commerical Electronic Message

DCP Trust may contact you for various purposes, including providing information about the campaigns, benefits, promotions, promotions, advertising, surveys, surveys, and other customer satisfaction practices carried out by DCP Trust over your contact information, including your mobile phone number, e-mail address. can communicate. In this context, if you consent to contact you by checking the relevant box at the approval stage, you will have given your consent for these commercial communications.

In case you no longer wish to be contacted within this scope, you can always use the possibility of refusing to receive commercial electronic messages free of charge by contacting DCP Trust using the methods specified by DCP Trust. The fact that you have exercised the right of refusal does not prevent the notification (e.g., debt reminder, account-related information, etc.) that can be sent even if the DCP Trust is subject to the relevant legislative provisions.

COOKIE POLICY

Updated On: 07.12.2020

Operating at İzzet Paşa Mahallesi Abide-i Hürriyet Cad. Biz Cevahir İş Merkezi Apt. No:158/4 Şişli/İstanbul, DCP Governance and Information Technologies Inc. (DCP Trust) uses cookies (Cookies / Cookies) during the visits of visitors (Visitors) to the website (Site) named dcptrust.com. The use of this Cookie is carried out under the legislation that DCP Trust is subject to, especially the Law on Protection of Personal Data No.6698 (KVKK). DCP Trust cannot disclose the personal data it obtains about the data subject with the Privacy Policy and the Text of Personal Data at dcptrust.com/privacy-policy and cannot use it for purposes other than processing, contrary to the provisions of the Personal Data Protection Law.

This Cookie Policy is an annex to the Privacy Policy and Personal Data Text and constitutes an integral part of these texts.

1. What Is Cookie?

Cookies are small techinal communication text files that a website user sends to his/her device or network server via browsers. This text file is completely personalized; it can only be read by the web server that defined this code. It is definitely not a virus. Cookies are for the Site to recognize the person later.

2. What Are The Purposes of Using Cookies?

DCP Trust uses Cookies for various purposes on the Site and can process personal data through these Cookies. These purposes are mainly:

  • To perform the essential functions required for the operation of the Site,
  • To improve the services offered and to provide ease of use by increasing the functionality and performance of the Site,
  • To provide new features to the Site and to personalize the proposed features according to preferences,
  • To ensure the legal and commercial security of the Site, DCP Trust and Visitor,
  • To create the visit traffic statistics (determining the visit date and time information of the Site),
  • To make suggestions according to the services preferred by the visitors (usage analysis), and
  • To determine how you are informed about the Site.

 

3. Cookies According To Usage Types

Cookies That Should Be Used: These Cookies are essential to the proper functioning of the Site. These Cookies are needed to manage the system and prevent fraudulent transactions, and if they are blocked, the Site cannot function properly.

Analysis/Performance Cookies: These cookies provide the Site's analysis and development by engaging with the visitor. These cookie's usage shall be blocked.

Functional and Analytical Cookies: These Cookies are used to provide a more effortless and improved user experience to the Visitor. It performs functions such as remembering previous preferences, ensuring easy access to some content on the Site, using the Site effectively, optimizing the Site to meet user requests, and how visitors use the Site. Due to this type of Cookies, user names, etc., may contain personal information. The use of these cookies can be prevented.

Targeting/Advertising/Commerical Cookies: These Cookies are used to identify and present content that may be of interest, including advertising content. It serves to increase the user experience by delivering the products/content similar to the targeted product/content in line with the interests and choices of the users and by offering a more advanced and personalized advertising portfolio. The use of these cookies can be prevented. However, this blocking will not wholly block ad content; General content ads will be served instead of ads that may only interest the user.

Flash Cookies: These are the types of cookies used to enable image or audio content on the Site.

Third-Party Cookies: Site; works with the third party trusted, well-known advertising providers. Third-party service providers place their cookies to offer user-specific advertisements. Cookies set by the third-party collect the visitors' browsing information on the Site, process them, and analyze how they use it.

4. Cookie Types According To Retention Time

Persistent Cookies: These are the cookies deleted by the person on the person's computer and smart mobile device or continue to exist for a specific date. These Cookies are mostly used to measure users' preferences and Site movements.

Session Cookies: These Cookies separate the user's visit into sessions and do not collect data from the user. These Cookies are deleted when the user stays inactive for a certain period on the Site he visits or closes the Site. Targeting / Advertising / Commercial Cookies are used as described above to provide services by third parties on the Site and increase these services' effectiveness. These Cookies can remember the web pages and Sites visited and collect personal data, especially the user device's IP address. The Site uses both first-party and third-party cookies for gathering information, remembering demographic data and interests, serving targeted ads to the user, ad impressions, and determining the number of visits. When the Site is visited, and these plugins are used, the Site connects directly to the selected social network server. The content provided by the add-on is then transmitted directly from social networks to the web browser and added to the website being visited. Thus, the relevant social network can access and process the user's data and combine it with the data of the account in the applicable social network.

DCP Trust has no control over the data processed in social networks. Users have to observe social networks' data processing purposes, their ways, and timings to get further information.

5. Cookies Used in The Web Site

Cookie Name Cookie Type Purpose of Use
Google Analytics
  • Functional and Analytical Cookies
  • Targeting/Advertising/Commerical Cookies
Google Analytics uses cookies to analyze how visitors use the Site. Information about using the Site (including your IP address) can be transferred to Google LLC (Google) and stored by Google on servers in the USA. Google will use this information to evaluate the Site's use, compile Site activity for DCP Trust, and provide other services related to Site activity and internet usage. Still, the IP address will not match any other data stored by Google. For more information on the use of Google Analytics, visit: http://www.google.co.uk/intl/en/analytics/privacyoverview.html
Adobe Analytics
  • Functional and Analytical Cookies
  • Targeting/Advertising/Commerical Cookies
Adobe will use cookies to evaluate the Site's use, compile Site activity for DCP Trust, and provide other services related to Site activity and internet usage. For more information on Adobe Analytics cookie usage, visit: https://www.adobe.com/tr/privacy/policy.html

 

6. Usage Control of the Cookies

Internet Explorer: https://support.microsoft.com/tr-tr/help/17442/windows-internet-explorer-delete-manage-cookies

 

The use of certain cookies is mandatory for the Site to function correctly. Suppose the use of cookies is to be prevented. In that case, the information provided must be re-entered each time the Site is visited, and some services provided by DCP Trust over the internet may not work correctly, or some of the pages on the Site may not be seen.

We reserve the right to change this Cookie Policy.

DATA SUBJECT REQUEST

In order to make your application request, please download the data subject request form from the links below and send it to [email protected] after filling the form.

Data Subject Request Form (PDF)

Data Subject Request Form (Word)

We use cookies so that you can make the most of our services. For detailed information, you can review the DCP Trust Privacy Policy and Cookie Policy .