DCP Governance and Information Technologies Inc. (DCP Trust), we care your privacy and data security. The protection of your data and privacy is not only a legal obligation for us but also a fundamental commitment for you, our customers, and business partners, to make your savings with our business model safely and with peace of mind.

The purpose of this Policy is to share with you the general understanding and spirit of our Company regarding the personal data or non-personal data that we contact under the Personal Data Protection Law numbered 6698; In this context, to inform our visitors. In this context, DCP Trust fulfills its obligations arising from the Law regarding the processing, deletion, destruction, anonymization, transfer of personal data, enlightening the data subject, and ensuring data security within the scope of the principles stipulated in the Law. In this Policy, we will inform you about processing personal data in the best way possible.

Your personal data are processed for different legal reasons depending on the nature of your legal relationship with the DCP Trust (for example, customer, customer candidate, employee, employee candidate, physical visitor, online visitor, business solution partner/supplier). Likewise, depending on the nature of the process (for example, call center or activity processes), we collect different types of personal data.

Among these personal data processing activities, we share the legal reason for personal data processing activities within the scope and boundaries that may be open to the public for the Data Subject, hich are not covered under this Policy. The data categories collected and the details of other processing activities in the relevant clarification text will be shared with you. Please refer to the relevant clarification texts regarding the matters not included in this Policy.

DEMO AND INFORMATION REQUEST CLARIFICATION TEXT
COOKIE POLICY

1. Definition

In this policy:

Anonymization: Making personal data unacceptable to an identified or identifiable real person under any circumstances, even by matching other data,

Anonim Hale Getirme: Kişisel verilerin, başka verilerle eşleştirilerek dahi hiçbir surette kimliği belirli veya belirlenebilir bir gerçek kişiye ilişkilendirilemeyecek hale getirilmesini,

Data Subject: The real person whose personal data is processed,

Web Site: The web site belonging to DCP Trust, DCP Trust’a ait olan ve alan adresinde yer alan internet sitesini,

Personal Data: All kinds of information regarding an identified or identifiable real person, Kimliği belirli veya belirlenebilir gerçek kişiye ilişkin her türlü bilgiyi,

Personal Data Processing: Obtaining, recording, storing, modifying, rearranging, disclosing, transferring, taking over, making available, classifying, or using personal data by non-automatic means, provided that they are fully or partially automatic or part of any data recording system Any operations performed on such data,

Law: Law No. 6698 on the Protection of Personal Data,

User: The person who has a user account on the Platform and uses the Platform in order to benefit from the services offered by DCP Trust,

Platform/s: Platform offered by DCP Trust, with solutions that allow legal person data controllers who process personal data to manage their data governance processes,

Policy: This Privacy Policy and Personal Data Text,

Data Controller: The real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,

Visitors: Everyone visiting the web page.

 

2. Personal Data Collecting Methods and Legal Reasons

Our company processes personal data from personal direct business partnership activities, procurement processes of goods or services, from data learned in audio, electronic or written form through internet environment, application, physical conditions, e-mail, fax, and other communication channels. It operates under the following objectives, especially the planning and management of business partnership processes and the planning and execution of goods and service procurement processes.

The information below has been specified separately in the case of the Data Subject being a User and a Visitor; It will be applied according to the data subject’s title.

a) Data Category and Data Types

User	Identity Information	Name, Surname, Identity Number
	Contact Information	Address, e-mail address and mobile phone number
	Security	IP adress, web site and login-logout information, password information and data gathered with cookies.
Visitor	Security	Information collected through IP address information, website login and logout information, code and password information, document timestamp and cookies

 

b) Legal Reasons

The personal data mentioned above, for the purposes listed below, which are the subject of the Data Subject’s disclosure of this data to DCP Trust; It can be processed within the scope of personal data processing conditions specified in Articles 5 and 6 of the Law. The legal reasons for each data category are clearly stated below:

User	Identity and Contact Information	Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract, When data processing is mandatory for the establishment, use or protection of a right.
	Security	Clearly stipulated in laws, Mandatory for DCP Trust to fulfill its legal obligation.
Visitor	Security	Clearly stipulated in laws, Mandatory for DCP Trust to fulfill its legal obligation.

 

3. For What Purpose Personal Data Will Be Processed

Within the scope of this Policy, the personal data of the Data Subject are processed for the following purposes in accordance with the general conditions specified in this Policy:

User	Identity and Contact Information	Carrying out loyalty processes to company / products / services Following and carrying out legal affairs Conducting communication activities Execution / supervision of business activities Carrying out activities to ensure business continuity Carrying out after-sales support services Execution of service sales processes Execution of service production and operation processes Execution of customer relationship management processes Carrying out activities for customer satisfaction Conducting advertisement / campaign / promotion processes Execution of contract processes Follow up of requests / complaints
	Security	Execution of information security processes Conducting audit / ethical activities Execution of access rights Execution / supervision of business activities Carrying out activities to ensure business continuity Giving information to authorized persons, institutions and organizations
Visitor	Security	Execution of information security processes Conducting audit / ethical activities Execution of access rights Execution / supervision of business activities Carrying out activities to ensure business continuity Giving information to authorized persons, institutions and organizations

 

4. To Whom and What Purpose Personal Data Can Be Transfered

The Company takes care to process your data under the "need to know" and "need to use" principles by providing the necessary data minimization and taking the required technical and administrative security measures. However, we have to transfer the personal data we process to third parties for specific purposes. The execution or supervision of business activities, ensuring business continuity, and digital infrastructures' operation require continuous data flow with different stakeholders. Besides, your data must be accurate and up-to-date to fully and adequately fulfill their contractual and legal obligations. For this, we have to work with various business partners and service providers. Under all circumstances, personal data transfers are carried out through secure media and channels.

DCP Trust may transfer personal data related to Users and Visitors for the following purposes and to the following persons:

Data Subject	Transfer Purpose and Transferred Group
User	To share contact information with the providers for sms and email purposes; Sharing personal data with a lawyer to carry out legal processes and/or obtain consultancy services; Sharing electronic member data with suppliers for storage; Website usage preferences and browsing history, sharing with suppliers for segmentation; Transfer of user data to DCP Trust's business partners and shareholders due to the measurement and reporting, and commercial relations of DCP Trust with business partners/shareholders.
Visitor	Execution of information security processes

 

5. Technical and Administrative Measures Taken to Ensure the Security of Personal Data

DCP Trust undertakes to take all necessary technical and administrative measures and show due diligence to ensure your data's confidentiality, integrity, and security. In this context, we take the necessary measures to prevent personal data misuse, illegal processing, unauthorized access to data, disclosure, modification, or data destruction.

DCP Trust takes the following technical and administrative measures to prevent unlawful access to the personal data it processes, to prevent unlawful processing of these data, and to ensure the protection of personal data:

Anti-virus applications. A periodically updated anti-virus application is installed on all computers and servers in the information technology infrastructure of DCP Trust.

Firewall. DCP Trust sunucularını barındıran veri merkezi ve felaket kurtarma merkezleri periyodik olarak güncellenen yazılım yüklü firewalllarca korunmakta olup; ilgili yeni nesil firewalllar tüm personellerin internet bağlantılarını kontrol etmekte ve bu kontrol sırasında virüs ve benzeri tehditlere karşı koruma sağlamaktadır.

VPN. Suppliers; DCP Trust can access its servers or systems via SSL-VPN defined on Firewalls. A separate SSL-VPN definition has been made for each supplier; with the description made, the supplier only provides access to the systems it needs to use or authorized.

User Definitions. DCP Trust employees' authority to DCP Trust systems is limited only to the extent required by job descriptions; In case of any change of power or duty, its systemic authorizations are also updated.

Information Security Threat and Incident Management. Incidents in DCP Trust servers and firewals are transferred to Information Security Threat and Incident Management system. This system warns the responsible personnel when a security threat occurs and provides the opportunity to respond to the threat immediately.

Penetration Test. DCP Trust periodically applies penetration tests to the servers in it’s systems. The security gaps resulting from this test are closed, and a verification test is performed to show that the relevant security gaps have been completed. Besides, the Information Security Threat and Incident Management system is automatically tested for penetration.

Information Security Management System (ISMS). The topics included in the control forum at ISMS meetings established within DCP Trust are audited monthly by the information technology director and financial affairs manager.

Training . In order to increase the awareness of DCP Trust employees against various information security violations and to minimize the impact of the human factor in information violation incidents, employees are trained at regular intervals.Pseudonymous data. It uses the Pseudonymization (pseudonymized data) method for all secondary data processing other than the primary processing purpose (Example: Ahmet Yılmaz> “A… Y…”).

Pseudonymous data. It uses the Pseudonymization (pseudonymized data) method for all secondary data processing other than the primary processing purpose (Example: Ahmet Yılmaz> “A… Y…”).

Physical Data Storage. It ensures that the personal data in the paper is kept in lockers and accessed only by authorized persons.

Deletation of Cookies. Personal data processed through cookies belonging to third parties from which the service is obtained deleted from third parties' systems if the membership is terminated.

Although DCP Trust takes the necessary information security measures, if personal data is damaged as a result of attacks on the Website, Platforms or DCP Trust system, or in the hands of unauthorized third parties, DCP Trust immediately informs the Related Persons and the Personal Data Protection Board and takes the necessary measures.

6. Conditions for Storage, Deletion, Destruction and Anonymization of Personal Data

DCP Trust keeps the personal data it processes under the Law for the periods stipulated in the relevant legislation or required by the purpose of processing.

DCP Trust collects personal data from physical, electronic, website, e-mail channels as part of its business processes and stores it for the periods stipulated by the relevant laws and/or the periods required by the processing purpose under Article 7, 17 of the Law and Article 138 of the Turkish Penal Code. If these periods expire, they will delete, destroy, or anonymize under the Regulation's provisions on the Deletion, Destruction or Anonymization of Personal Data and the Guide on Deletion, Destruction or Anonymization of Personal Data.

7. Data Subject Rights

The rights of the relevant person under the Article 11 of the Law are as follows:

• To learn if personal data is processed or not,
• Gather information if it is processed,
• The purpose of processing and learn if it is used properly,
• Learn the third parties transferred in the country or aboard,
• To request correction of personal data in case of incomplete or incorrect processing,
• To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
• Request notification of the transactions made under paragraphs (d) and (e) of Article 7 of the Law to third parties to whom personal data are transferred,
• Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
• To request the compensation of the damage in case of damage due to the processing of personal data illegally.

 

As data subjects, in order to express your requests regarding your rights and exercise your rights on your data under the Communiqué on Application Procedures and Principles to the Data Supervisor, you may fill in the Data Subject Request Form and send it to [email protected] or İzzetpaşa Mah. Abide-i Hürriyet Cad. No: 158/4 Şişli / İstanbul, you can contact us at (0532) 266 14 10.

If you submit your requests to us using the specified methods, DCP Trust will finalize the proposal as soon as possible and free of charge within thirty days at the latest, depending on the nature of your request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board will be charged by DCP Trust.

In the application containing your explanations regarding the right you have as a data subject, you will make to exercise your rights stated above and request to use, the subject you request must be clear and understandable. Your request is also related to your party. If you are acting on behalf of someone else, you must be specially authorized and document your authorization. The application must include your identity and address information. Documents certifying your identity must be attached to the application.

I. Data Subject

Under the Personal Data Protection Law (Law), numbered 6698, your data is processed by DCP Governance and Information Technologies Inc. (Company), as the data controller, under the conditions described below.

II. Processed Data and Data Categories

The company may process data subject’s identity information; name-surname, communication information; mobile phone and e-mail address, company name, and other information that users wish to share via Demo Request or Information Request.

For users creating a demo account, data, and data categories below can be processed:

User	Identity Information	Name, Surname, Identity Number
	Contact Information	Address, e-mail address and mobile phone number
	Security	IP adress, web site and login-logout information, password information and data gathered with cookies.

 

III. Methods of Collecting Personal Data and Legal Reasons

Our company gathers personal data directly from you, our customers, in the form of data learned electronically or in writing through the "Demo Request" or "Information Request" tab. The personal data obtained under the personal data processing conditions specified in the Law and the relationship's performance will be between you and us. And to ensure compliance of the activities with the legislation, limited to the following purposes, provided that we establish a contractual relationship with you or are directly related to our performance obligation arising from this contract, it is necessary to process your data. It is also required to fulfill our legal obligation (for example, approval and registration processes for commercial electronic messages). Where necessary, your explicit consent from you is processed in line with legal reasons. Identity and contact information for our demo account users; Provided that it is directly related to the establishment or execution of a contract, the processing of personal data belonging to the contract parties is necessary, and data processing is required for the establishment, exercise, or protection of a right.

IV. For Which Purpose Personal Data Will Be Processed

Communication, in particular, to establish a contractual relationship with you and manage all phases of this contract process, to plan and execute end-to-end marketing processes, to prepare and present the most relevant offer to you, to ensure information security and legal transaction security, and to ensure that activities are carried out under the legislation. Actions, providing your data's accuracy, performing statistical evaluations and market research, conducting customer relationship management processes, conducting activities aimed at customer satisfaction, and carrying out products/services' marketing processes.

V. Transfer of Processed Personal Data

Your data is limited to the realization of the purposes mentioned above and the fulfillment of these purposes; Our service providers are providing our IT infrastructure, our solution partners in the field of communication and electronic communication, with the relevant service providers and business partners to communicate with the customer in line with their likes and preferences, profiling, segmentation, analysis, usage preferences, privatization of the services offered, marketing and advertising services in this field With our business partners and service providers, the Ministry of Commerce and its authorized company in the context of recording the message management system (MMS) for the management of messages, and with the authorized commercial message infrastructure provider for message delivery, our relevant business partners, our consultants for the management of financial processes, detection, and evaluation of risks, prevention of fraud. And our service providers, our business partners who provide services in the field of quality control, complaint management and risk analysis, and relevant lawyers, auditors and experts within the scope of fulfilling legal obligations; it may be shared with supervisory and supervisory institutions and competent authorities such as courts and enforcement offices for the purposes specified in this text.

Your data is limited to the realization of the purposes mentioned above and the fulfillment of these purposes; Our service providers are providing our IT infrastructure, our solution partners in the field of communication and electronic communication, with the relevant service providers and business partners to communicate with the customer in line with their likes and preferences, profiling, segmentation, analysis, usage preferences, privatization of the services offered, marketing and advertising services in this field With our business partners and service providers, the Ministry of Commerce and its authorized company in the context of recording the message management system (MMS) for the management of messages, and with the authorized commercial message infrastructure provider for message delivery, our relevant business partners, our consultants for the management of financial processes, detection, and evaluation of risks, prevention of fraud. And our service providers, our business partners who provide services in the field of quality control, complaint management and risk analysis, and relevant lawyers, auditors and experts within the scope of fulfilling legal obligations; it may be shared with supervisory and supervisory institutions and competent authorities such as courts and enforcement offices for the purposes specified in this text.

VI. Data Subject Rights

As the person whose personal data is processed, to use your requests under the Communiqué on Application Procedures and Principles to Data Supervisor, within the scope of Article 11 of the Law, regulating the rights of the data subject, (learning to process personal data, requesting information about the processing, learning the suitability of the processing, knowing the persons to whom the transfer is made, requesting correction of incomplete or incorrect processing, deletion or destruction, request notification of all automated transactions to third parties, objection to the analysis, demanding compensation), you can fill out the Data Subject Request Form and send it to [email protected] or İzzetpaşa Mah. Abide-i Hürriyet Cad. No: 158/4 Şişli / İstanbul, you can contact us at (0532) 266 14 10.

VII. Commerical Electronic Message

DCP Trust may contact you for various purposes, including providing information about the campaigns, benefits, promotions, promotions, advertising, surveys, surveys, and other customer satisfaction practices carried out by DCP Trust over your contact information, including your mobile phone number, e-mail address. can communicate. In this context, if you consent to contact you by checking the relevant box at the approval stage, you will have given your consent for these commercial communications.

In case you no longer wish to be contacted within this scope, you can always use the possibility of refusing to receive commercial electronic messages free of charge by contacting DCP Trust using the methods specified by DCP Trust. The fact that you have exercised the right of refusal does not prevent the notification (e.g., debt reminder, account-related information, etc.) that can be sent even if the DCP Trust is subject to the relevant legislative provisions.