Privacy Policy

CLARIFICATION TEXT

ON PROCESSING AND PROTECTION OF PERSONAL DATA

 

We would like to inform you about the Personal Data Protection Law No. 6698 (“KVKK”), which was enacted to protect the fundamental rights and freedoms of individuals, especially the privacy of personal life, and to determine the liabilities of natural and legal persons processing personal data.

 

 Within the scope of the law, personal data is defined as “any information regarding an identified or identifiable natural person"; and processing as “any and all transactions including the acquisition, recording, storage, preservation, modification, reorganization, disclosure, transfer, taking over, making available, classifying personal data fully or partially and automatically or non-automatic , or any transaction performed on the data, such as preventing its use provided that it is part of any data recording system”.

 

We take utmost care and apply the highest security standards to protect your personal data against unauthorized access.

 

1. Purpose of the Clarification Text

In order to fulfill the disclosure obligation defined in Article 10 of the Personal Data Protection Law No. 6698 in terms of personal data of the customers, our company provides the following explanations to customers and third parties who use our website and/or mobile applications. Our company reserves the right to update this Clarification Text on the Protection of Personal Data at any time in line with the changes which may be in effect in the applicable legislation.

2. Data we collectWhen you use our sites, products and services, we collect data from you or about you.

• Data you provide: These are the data you enter while using our websites, products and services. For example your name, surname, delivery /billing address, email address, telephone number, etc. can be counted.

• Data collected through sensors: Many of our products are equipped with one or more sensors e.g., GPS receivers. These sensors automatically collect data when they are activated. Such data may include real-time location, speed and movement information from the devices.

• Automatically collected data: This is the data collected when you use our website, products or services or information via your browser automatically. Such data includes the usage of the interface and other devices, the IP addresses of the accessing computer, the browser type/version, the operating system used, the referrer URL (the previous page visited), the time of the server query. However, this data is not stored specifically linked to the person. Also, this data is not combined with other data sources. Your IP address is deleted immediately after your visit.

 

3. Purpose and Transfer of Processing Personal Data of Customers:

Your personal data is used to:

•         Process customer login registration for using the Mobile Application

•         Confirm the identity information of the shopper/shopper through the website/mobile applications,

•         Record the address and other necessary information for communication,

•         Conduct contract transactions, to communicate with our customers about the conditions, current status and updates of the contracts we have concluded, to provide necessary information,

•         Arrange all records and documents that will be the basis for processing in electronic (internet/mobile, etc.) or paper environment,

•         Be able to provide information to public officials on public security issues upon request and in accordance with the legislation,

•         Be able to provide information to our customers about our products that our customers may be interested in taking into account the interests of our customers, to convey campaigns,

•         Increase customer satisfaction, to be able to get to know our customers who shop from the website and/or mobile applications and to use them in customer environment analysis, to use them in various marketing and advertising activities and to organize surveys in electronic and/or physical environment through contracted organizations,

•         Be able to offer suggestions to our customers by our contracted institutions and solution partners, to inform our customers about our services,

•         Be able to evaluate customer complaints and suggestions about our services,

•         Be able to fulfill our legal obligations and to use our rights arising from the current legislation, and

•         Prevent fraud and other illegal activities.

 

We share personal data of our customers with third parties based on the consent given by the customers, and as a rule, personal data is not transferred to third parties without the consent of our customers.

 

However, personal data is shared with courts and other public institutions when required due to our legal obligations and to the extent required to fulfill our legal obligations.

 

We take necessary technical and legal measures prevent violations of rights during data transfer to third parties.

 

Your personal data may be transferred to/ shared with our direct/indirect affiliates, the institutions and organizations we cooperate with to carry out our activities, business partners and various agencies, advertising companies and survey companies and legally authorized public institutions and organizations as well as the legal private persons authorized in the applicable laws as part of various marketing activities in order to provide better services to you and to ensure customer satisfaction.

 

4. Method and Legal Grounds for Personal Data Collection:

Personal data, provided by our customers on the www.arvento.com website and mobile applications, is processed by Arvento in accordance with the consent given by our customers and the provisions of the applicable legislations. Personal data collected for the legal grounds stated above can be processed and transferred for the purposes specified in Articles 5 and 6 of the Law and this Document.

 

5. Personal Data Processed in Compliance with the Principles Prescribed in the Legislation

5.1. Processing Data in Compliance with Law and in Good Faith

Our company respects the principles and requirements imposed by regulations in processing personal data and those defined in the general trust and integrity rule. Accordingly, personal data is processed to the extent required for and limited to the business operations of our Company.

 

5.2. Ensuring Accuracy of Personal Data and Keeping the Data Up-to-Date as Required

Our company takes the necessary measures to ensure that personal data is accurate and up-to-date during the period of processing and establishes the necessary mechanisms to ensure the accuracy and currency of personal data for certain periods.

 

5.3. Processing for Specific, Clear and Legitimate Purposes

Our company clearly states the purposes of processing personal data and processes it according to the purposes related to these activities in line with business activities.

 

5.4. Being Relevant, Limited and Compliant for the Purpose of Processing

Our company collects personal data only in the nature and to the extent required by business operations and processes it for the specified purposes.

 

5.5. Storing Data for the Period Stipulated in Applicable Legislation or Required for Processing Purposes

Our company stores personal data for the time required for the purpose for which they are processed and for the period stipulated in the legal legislation applicable for the relevant activity. Accordingly, our company first determines whether any specific period is defined for the storage of personal data in the applicable legislation, and if such period is specified, acts in accordance with this period. If there is no legal period stipulated, personal data is stored for the time required for the purpose for which they are processed.

 

6. Our Technical Standards

All data collected is stored in a (non-shared) database server owned by us, hosted by us in a Tier 3 data center (i.e., data center with quality/continuity industry standard classification) within the borders of the Republic of Turkey.

 

Our company holds ISO 27001 Information Security Management System certification. The system/database is closed to external access. In our system, accessibility/penetration tests are performed periodically at the customer sites, on the central server. The system is closed to the access of the personnel in the company and works in a sheltered environment. (DMZ). Access can be restricted by firewalls for IP, port/protocol and user.

 

7. Storing Personal Data

Our company stores and preserves personal data for the periods required for the purpose for which they are processed and stipulated in applicable legislation. Accordingly, our company first determines whether any specific period is stipulated in applicable legislation for the storage of personal data, and if such a period is specified, acts in accordance with this period. If there is no legal period, personal data is stored for the time required for the purpose for which they are processed.

 

8. Rights of Customers as Personal Data Subjects:

In accordance with Article 11 of the Law, data subjects are entitled to:

 

a)         ask whether any of their personal data is being processed,

b)         request information with regard to the processing activities,

c)         ask the purposes of the processing and whether their personal data is processed within the scope of such purposes,

d)        in the event their personal data is shared with third persons within or outside the country, request information on such third persons,

e)         request correction of the personal data if the data is processed incompletely or inaccurately and request notification of the transaction made within this scope to third parties to whom personal data is transferred,

f)         request the deletion or destruction of personal data if the reasons for the processing of the personal data no longer exist or if the Company has no legal grounds or legitimate interest to process such data and request notification of the transaction made within this scope to third parties to whom personal data has been transferred,

g)         request from the Company to ensure that the third persons who process personal data under the authorization given by the Company respect your rights described under this section,

h)         object to negative consequences that may occur as a result of the processing of personal data by automatic means and demand the compensation of the damage in case of damage due to unlawful processing of personal data.

 

Requests to exercise these rights can be communicated transmitted by personal data subjects through the methods specified in the Policy on Processing and Protection of Personal Data according to Law No. 6698. Arvento will evaluate these requests and conclude them within 30 days. Arvento reserves the right to charge a fee based on the tariff (if any) determined by the Personal Data Protection Board regarding the requests. 

 

9. Right to Get Information and Objection Right

We care about earning your trust. Therefore, you always have the right to be informed about your personal information stored in our database, its origin, recipient and purpose of storage. If you want to receive detailed information about your personal data, please contact us in writing at the following address.

 

Arvento Mobil Sistemler A.Ş.

Address: ODTÜ Teknokent Bilişim İnovasyon Merkezi, Mustafa Kemal Mahallesi, Dumlupınar Bulvarı, 280/G, Kat:5, No:514 06530 Çankaya/Ankara

Email: info@arvento.com

Phone: 00 90 312 265 05 95