PRIVACY POLICY AND PERSONAL DATA CLARIFICATION TEXT

DCP Governance and Information Technologies Inc. (DCP Trust), we care your privacy and data security. The protection of your data and privacy is not only a legal obligation for us but also a fundamental commitment for you, our customers, and business partners, to make your savings with our business model safely and with peace of mind.

The purpose of this Policy is to share with you the general understanding and spirit of our Company regarding the personal data or non-personal data that we contact under the Personal Data Protection Law numbered 6698; In this context, to inform our visitors. In this context, DCP Trust fulfills its obligations arising from the Law regarding the processing, deletion, destruction, anonymization, transfer of personal data, enlightening the data subject, and ensuring data security within the scope of the principles stipulated in the Law. In this Policy, we will inform you about processing personal data in the best way possible.

Your personal data are processed for different legal reasons depending on the nature of your legal relationship with the DCP Trust (for example, customer, customer candidate, employee, employee candidate, physical visitor, online visitor, business solution partner/supplier). Likewise, depending on the nature of the process (for example, call center or activity processes), we collect different types of personal data.

Among these personal data processing activities, we share the legal reason for personal data processing activities within the scope and boundaries that may be open to the public for the Data Subject, hich are not covered under this Policy. The data categories collected and the details of other processing activities in the relevant clarification text will be shared with you. Please refer to the relevant clarification texts regarding the matters not included in this Policy.

Demo and Information Request Clarification Text
Cookie Policy

1. Definition

In this policy:

Explicit Consent: The consent given only to the specific transaction, based on informing and free will, in a clarity that does not leave any room for hesitation,

Anonymization: Making personal data unacceptable to an identified or identifiable real person under any circumstances, even by matching other data,

Data Subject: The real person whose personal data is processed,

Web Site: The web site belonging to DCP Trust,

Personal Data: All kinds of information regarding an identified or identifiable real person,

Personal Data Processing: Obtaining, recording, storing, modifying, rearranging, disclosing, transferring, taking over, making available, classifying, or using personal data by non-automatic means, provided that they are fully or partially automatic or part of any data recording system Any operations performed on such data,

Law: Law No. 6698 on the Protection of Personal Data,

User: The person who has a user account on the Platform and uses the Platform in order to benefit from the services offered by DCP Trust,

Platform/s: Platform offered by DCP Trust, with solutions that allow legal person data controllers who process personal data to manage their data governance processes,

Policy: This Privacy Policy and Personal Data Text,

Data Controller: The real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,

Visitors: Everyone visiting the web page.

2. Personal Data Collecting Methods and Legal Reasons

Our company processes personal data from personal direct business partnership activities, procurement processes of goods or services, from data learned in audio, electronic or written form through internet environment, application, physical conditions, e-mail, fax, and other communication channels. It operates under the following objectives, especially the planning and management of business partnership processes and the planning and execution of goods and service procurement processes.

The information below has been specified separately in the case of the Data Subject being a User and a Visitor; It will be applied according to the data subject’s title.

a) Data Category and Data Types

User Identity Information Name, Surname, Identity Number
Contact Information Address, e-mail address, mobile phone number
Process Security Information collected through IP address information, website login and logout information, code and password information, document timestamp and cookies
Visitor Process Security Information collected through IP address information, website login and logout information, code and password information, document timestamp and cookies

b) Legal Reasons

The personal data mentioned above, for the purposes listed below, which are the subject of the Data Subject’s disclosure of this data to DCP Trust; It can be processed within the scope of personal data processing conditions specified in Articles 5 and 6 of the Law. The legal reasons for each data category are clearly stated below:

User Identity and Contact Information
  • Provided that it is directly related to the establishment or performance of a contract, it is necessary to process the personal data of the parties to the contract,
  • When data processing is mandatory for the establishment, use or protection of a right.
Security Process
  • Clearly stipulated in laws,
  • Mandatory for DCP Trust to fulfill its legal obligation.
Visitor Security Process
  • Clearly stipulated in laws,
  • Mandatory for DCP Trust to fulfill its legal obligation.

3. For What Purpose Personal Data Will Be Processed

Within the scope of this Policy, the personal data of the Data Subject are processed for the following purposes in accordance with the general conditions specified in this Policy:

User Identity and Contact Information
  • Carrying out loyalty processes to company / products / services
  • Following and carrying out legal affairs
  • Conducting communication activities
  • Execution / supervision of business activities
  • Carrying out activities to ensure business continuity
  • Carrying out after-sales support services
  • Execution of service sales processes
  • Execution of service production and operation processes
  • Execution of customer relationship management processes
  • Carrying out activities for customer satisfaction
  • Conducting advertisement / campaign / promotion processes
  • Execution of contract processes
  • Follow up of requests / complaints
Process Security
  • Execution of information security processes
  • Conducting audit / ethical activities
  • Execution of access rights
  • Execution / supervision of business activities
  • Carrying out activities to ensure business continuity
  • Giving information to authorized persons, institutions and organizations
Visitors Process Security
  • Execution of information security processes
  • Conducting audit / ethical activities
  • Execution of access rights
  • Execution / supervision of business activities
  • Carrying out activities to ensure business continuity
  • Giving information to authorized persons, institutions and organizations

4. To Whom and What Purpose Personal Data Can Be Transfered

The Company takes care to process your data under the "need to know" and "need to use" principles by providing the necessary data minimization and taking the required technical and administrative security measures. However, we have to transfer the personal data we process to third parties for specific purposes. The execution or supervision of business activities, ensuring business continuity, and digital infrastructures' operation require continuous data flow with different stakeholders. Besides, your data must be accurate and up-to-date to fully and adequately fulfill their contractual and legal obligations. For this, we have to work with various business partners and service providers. Under all circumstances, personal data transfers are carried out through secure media and channels.

DCP Trust may transfer personal data related to Users and Visitors for the following purposes and to the following persons:

Data Subject Transfer Purpose and Transferred Group
User
  • To share contact information with the providers for sms and email purposes;
  • Sharing personal data with a lawyer to carry out legal processes and/or obtain consultancy services;
  • Sharing electronic member data with suppliers for storage;
  • Website usage preferences and browsing history, sharing with suppliers for segmentation;
  • Transfer of user data to DCP Trust's business partners and shareholders due to the measurement and reporting, and commercial relations of DCP Trust with business partners/shareholders.
Visitor
  • Execution of information security process

5. Technical and Administrative Measures Taken to Ensure the Security of Personal Data

DCP Trust undertakes to take all necessary technical and administrative measures and show due diligence to ensure your data's confidentiality, integrity, and security. In this context, we take the necessary measures to prevent personal data misuse, illegal processing, unauthorized access to data, disclosure, modification, or data destruction.

DCP Trust takes the following technical and administrative measures to prevent unlawful access to the personal data it processes, to prevent unlawful processing of these data, and to ensure the protection of personal data:

Anti-virus applications. A periodically updated anti-virus application is installed on all computers and servers in the information technology infrastructure of DCP Trust.

Firewall. The data center and disaster recovery centers hosting DCP Trust servers are protected by periodically updated software-loaded firewalls; The relevant new generation firewalls control all personnel's internet connections and provide protection against viruses and similar threats during this control.

VPN. Suppliers; DCP Trust can access its servers or systems via SSL-VPN defined on Firewalls. A separate SSL-VPN definition has been made for each supplier; with the description made, the supplier only provides access to the systems it needs to use or authorized.

User Definitions. DCP Trust employees' authority to DCP Trust systems is limited only to the extent required by job descriptions; In case of any change of power or duty, its systemic authorizations are also updated.

Information Security Threat and Incident Management. Incidents in DCP Trust servers and firewals are transferred to Information Security Threat and Incident Management system. This system warns the responsible personnel when a security threat occurs and provides the opportunity to respond to the threat immediately.

Penetration Test. DCP Trust periodically applies penetration tests to the servers in it’s systems. The security gaps resulting from this test are closed, and a verification test is performed to show that the relevant security gaps have been completed. Besides, the Information Security Threat and Incident Management system is automatically tested for penetration.

Information Security Management System (ISMS). The topics included in the control forum at ISMS meetings established within DCP Trust are audited monthly by the information technology director and financial affairs manager.

Training . In order to increase the awareness of DCP Trust employees against various information security violations and to minimize the impact of the human factor in information violation incidents, employees are trained at regular intervals.

Pseudonymous data. It uses the Pseudonymization (pseudonymized data) method for all secondary data processing other than the primary processing purpose (Example: Ahmet Yılmaz> “A… Y…”).

Physical Data Storage. It ensures that the personal data in the paper is kept in lockers and accessed only by authorized persons.

Deletation of Cookies. Personal data processed through cookies belonging to third parties from which the service is obtained deleted from third parties' systems if the membership is terminated.

Although DCP Trust takes the necessary information security measures, if personal data is damaged as a result of attacks on the Website, Platforms or DCP Trust system, or in the hands of unauthorized third parties, DCP Trust immediately informs the Related Persons and the Personal Data Protection Board and takes the necessary measures.

6. Conditions for Storage, Deletion, Destruction and Anonymization of Personal Data

DCP Trust keeps the personal data it processes under the Law for the periods stipulated in the relevant legislation or required by the purpose of processing.

DCP Trust collects personal data from physical, electronic, website, e-mail channels as part of its business processes and stores it for the periods stipulated by the relevant laws and/or the periods required by the processing purpose under Article 7, 17 of the Law and Article 138 of the Turkish Penal Code. If these periods expire, they will delete, destroy, or anonymize under the Regulation's provisions on the Deletion, Destruction or Anonymization of Personal Data and the Guide on Deletion, Destruction or Anonymization of Personal Data.

7. Data Subject Rights

The rights of the relevant person under the Article 11 of the Law are as follows:

  • To learn if personal data is processed or not,
  • Gather information if it is processed,
  • The purpose of processing and learn if it is used properly,
  • Learn the third parties transferred in the country or aboard,
  • To request correction of personal data in case of incomplete or incorrect processing,
  • To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
  • Request notification of the transactions made under paragraphs (d) and (e) of Article 7 of the Law to third parties to whom personal data are transferred,
  • Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
  • To request the compensation of the damage in case of damage due to the processing of personal data illegally.

As data subjects, in order to express your requests regarding your rights and exercise your rights on your data under the Communiqué on Application Procedures and Principles to the Data Supervisor, you may fill in the Data Subject Request Form and send it to [email protected] or İzzetpaşa Mah. Abide-i Hürriyet Cad. No: 158/4 Şişli / İstanbul, you can contact us at (0532) 266 14 10.

If you submit your requests to us using the specified methods, DCP Trust will finalize the proposal as soon as possible and free of charge within thirty days at the latest, depending on the nature of your request. However, if the transaction requires an additional cost, the fee in the tariff determined by the Personal Data Protection Board will be charged by DCP Trust.

In the application containing your explanations regarding the right you have as a data subject, you will make to exercise your rights stated above and request to use, the subject you request must be clear and understandable. Your request is also related to your party. If you are acting on behalf of someone else, you must be specially authorized and document your authorization. The application must include your identity and address information. Documents certifying your identity must be attached to the application.

CONTACT

(0532) 266 14 10
[email protected]
İzzet Paşa Mah. Abide-i Hürriyet Cad. Biz Cevahir İş Merkezi Apt. No:158/4 Şişli, İstanbul - Türkiye