1.Introduction

The protection of personal data is among the top priorities of PGPARA Ödeme Hizmetleri  (“Our Company“). Our Company conducts all necessary actions to process your personal data in compliance with the legislation which processed within the scope of business activities of our Company. Hereby, the principles adopted during the personal data processing activities carried out by the Company and the main principles adopted in terms of compliance of the Company’s data processing activities with the provisions of Personal Data Protection Law numbered 6698 (“Law”) are explained and thus our Company provides the necessary transparency by informing data subjects.

2.Scope

This informative document regards all personal data of persons, processed by our Company. However, information regarding personal data of the Company employees are not included in this document. Aforementioned data subjects are enlisted in the below table:

 

CATEGORIES OF DATA SUBJECTS

EXPLANATION

Employee/Trainee Candidate

Natural persons who have made a job application to our Company by any means or who have submitted their CV’s and related information for the review of our Company.

Employees, Shareholders and Authorized Persons of the Institutions We Cooperate With

Natural persons including employees, shareholders, and officials of the institutions which our Company cooperates with during conduct of our Company’s commercial activities for purposes such as selling, advertising, and marketing our Company’s products and services; providing after sale services, conducting mutual customer loyalty programmes

Customer

Natural persons or legal persons’ employee, executive or shareholder who use, have used, applied our Company to use or whose application is in the assessment process regarding use of the products and services offered by our Company

Employees, Shareholders and Authorized Persons of the Vendors

Natural persons including employees, shareholders, and officials of the institutions which provides products or services to our Company within the scope of contractual relationship that is already effective or will be effective

Visitors

Natural persons who have been at the premises owned by our Company for various purposes, connected to the guest internet network of our Company or visited our websites

3.Conditions For Processing Personal Data

According to the Law processing of personal data shall be deemed lawful under certain conditions. First one of those conditions is obtaining data subject’s explicit consent and in case where one of the below listed conditions exists personal data may be processed by our Company without explicit consent of data subjects.

The basis of the personal data processing activity may be just one of the following conditions or multiple conditions may be the basis of the same personal data processing activity.

 

3.1. Expressly Provided by the Laws

If the personal data of the data subject is expressly provided in the law, in other words, if there is an explicit provision in the law regarding the processing of personal data, this data processing condition shall be applicable.

 

3.2. Failure to Obtain the Explicit Consent of the Data Subject Due to Physical integrity

Personal data of the data subject shall be processed if it is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to present his/her consent due to the physical disability or whose consent cannot be deemed legally valid.

 

3.3. Being Directly Related to the Establishment or Performance of Contract

This condition shall be deemed fulfilled if it is necessary to process personal data provided that it is directly related to the establishment or performance of a contract to which data subject is a party.

 

3.4. Fulfilment of Legal Obligations by the Company

Personal data of the data subject shall be processed if the processing is necessary for the Company to fulfil its legal obligations.

 

3.5. Publicization of Personal Data by Data Subject

If personal data have been made public by the data subject himself/herself, such personal data shall be processed limited to the purpose of publicization.

 

3.6. Being Necessary for the Establishment or Protection of a Right

Personal data of the data subject shall be processed if data processing is necessary for the establishment, exercise, or protection of a right.

 

3.7. When Data Processing is Necessary for the Legitimate Interests of the Company

Personal data of the data subject shall be processed if the processing of data is necessary for the legitimate interests of the Company, provided that the fundamental rights and freedoms of the data subject are not violated.

4. Processing Of Special Categories Of Personal Data

More sensitive personal data are subject to separate protection regime. Personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, data concerning health, sexual life, criminal convictions and security measures, and the biometric and genetic data is defined as special categories of personal data within the scope of the Law.

 

  • Special categories of personal data other than health and sexual life shall be processed without the explicit consent of the data subject if it is expressly provided in the law, in other words, if there is an explicit provision regarding the processing of personal data. Otherwise, in order to process such special categories of personal data, the explicit consent of the data subject shall be obtained.

 

  • Special Categories of personal data concerning health and sexual life shall only be processed, without seeking explicit consent of the data subject, by authorized public institutions and organizations or persons subject to secrecy obligation, for the purposes of protection of public health, operation of preventive medicine, medical diagnosis, treatment and nursing services, planning and management of health-care services as well as their financing.

5. Processing Of Personal Data In Compliance With The Principles Provided Within The Legislation

 

  • Processing in accordance with the Lawfulness and Fairness Rule

 

Personal data are processed in accordance with the general good faith and fairness rule without damaging the fundamental rights and freedoms of individuals. Within this framework, personal data are solely processed to the extent required by the business activities of our Company.

 

  • Ensuring that Personal Data is Accurate and Up to Date Where Necessary

 

Our Company takes the necessary measures to keep the personal data accurate and up to date during the processing of personal data and establishes necessary mechanisms for ensuring the accuracy and currency of the personal data for certain periods.

 

  • Processing for Specific, Explicit and Legitimate Purposes

 

Company explicitly reveals the purposes of processing personal data and processes the personal data in line with the business activities within the scope of the objectives associated with these activities.

 

  • Being Relevant, Limited and Proportionate to the Purposes for Which They are Processed

 

Company only collects personal data to the extent required by business activities and processes them solely for the specified purposes.

 

  • Storing for the Period Foreseen by the Relevant Legislation or Required for the Processing Purpose

Our Company retains personal data during the period required for the purpose of processing, and the minimum time stipulated in the relevant legal legislation. Within this scope, our Company firstly determines whether a period is provided for the retention of personal data in the relevant legislation and acts according to this period if determined. If there is no legal period, personal data are stored for the period required for the purpose of processing. Personal data are destroyed at the end of the specified retention periods in accordance with the periodic destruction periods or upon data subject’s requests with the specified destruction methods (deletion and / or destruction and / or anonymization).

6. Personal Data Categories That Are Being Processed And Purposes Of Processing 

Purposes of processing personal data and special categories of personal data that are being processed in compliance with the Law and relevant legislation within the scope of Our Company’s business conduct are listed below:

 

  1. Assuring business continuity,
  2. Assuring security of Our Company’s premises,
  3. Conducting processes relating to Our Company’s information security,
  4. Conducting processes relating to risk measurement,
  5. Conducting processes relating to product and service procurement,
  6. Provision of Our Company’s services and products to the relevant parties and conducting marketing processes,
  7. Executing the human resources policies regarding personnel recruitment processes,
  8. Assuring commercial, legal and technical security of the parties which have business relationship with Our Client,
  9. Establishing and managing relations with business partners and/or vendors,
  10. Carrying out finance and/or accounting operations,
  11. Conducting activities relating to Our Company’s legal relationships and performing our Company’s legal requirements

 

7.Transfer Of Personal Data 

Our Company may transfer your personal data and special categories of personal data to third parties in compliance with the article 8 and 9 of the Law and principles, procedures envisaged under secondary legislation by taking necessary security measures.

 

Even without the explicit consent of the data subject, personal data may be transferred to third parties by the Company in compliance with principles, procedures envisaged under the Law and secondary legislation, if one of the or several following conditions are present:

 

  1. If relevant activities related to the transfer of personal data are expressly provided by the laws,
  2. If the transfer of personal data by the Company is directly related with and necessary for the establishment or performance of a contract.
  3. If the transfer of personal data is necessary for our Company to fulfil its legal obligations,
  4. If personal data are transferred by our Company limited to the purpose of publicization provided that personal data have been made public by the data subject himself/herself,
  5. If the data transfer by the Company is necessary for the establishment, exercise or protection of the rights of the Company or the data subject or third parties,
  6. If the transfer of personal data is necessary for the legitimate interests of the Company, provided that the fundamental rights and freedoms of the data subject are not harmed,
  7. If it is necessary for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to present his/her consent due to the physical disability or whose consent cannot be deemed legally valid

 

In addition to the above, personal data may be transferred to foreign countries declared by the Personal Data Protection Board (“Board“) as having adequate protection in the presence of any of the conditions set forth in above-mentioned subparagraphs. In the absence of adequate protection, personal data shall be transferred in accordance with the conditions of data transfer stipulated in the legislation to foreign countries where the data controllers in Turkey and abroad undertake an adequate level of protection in writing and the permission of the Board exists.

 

Table containing third parties to whom your personal data is transferred and purpose of transfer is located below.

 

The Persons to whom Data May be Transferred

Purpose of Data Transfer

Vendors

Personal data shall be transferred limited to the purposes of ensuring provision of the services outsourced by our Company and the services required for conducting our Company’s activities.

Institutions We Cooperate With

Our company may share personal data to institutions we cooperate with, including our agencies, limited to the purposes of selling, advertising, and marketing our Company’s products and services, providing after sale services, conducting mutual customer loyalty programmes.

Legally Authorized Public Institutions and Organizations

Personal data may be transferred with public institutions and organizations which are authorized to obtain information and documents in accordance with the relevant legislation.

 

Personal data may be transferred to independent auditors which are providing its services to audit our company to fulfil our Company’s legal requirements.

8.Informing The Data Subject

 Our Company informs the data subject in accordance with Article 10 of the Law and secondary legislation. Within this scope, our Company informs data subjects regarding who processes personal data as the data controller and for what purposes their personal data are being processed, with whom and for which purposes they are shared, the method and legal basis of their collection and the rights of data subjects within the scope of processing their personal data.

9.Personal Data Storage And Disposal

Our Company stores personal data until the time period required for the purpose of processing, and the minimum time period set forth in the relevant legislation. Within this context, our Company primarily determines whether a period is foreseen for the storage of personal data in the relevant legislation, and if so, Company acts according to this period. If a legal period is not available, personal data shall be stored for the time required for the purpose of processing. Personal data shall be disposed upon the request of data subject or at the end of the specified storage term in accordance with the periodic disposal terms and with the defined disposal methods (deletion and / or destruction and / or anonymization).

10.Ensuring The Security Of Personal Data 

In accordance with Article 12 of the Law, our Company takes necessary measures according to the nature of the data to be protected in order to prevent the unlawful disclosure, access, transfer of personal data or other security deficiencies that may occur in other ways. Within this scope, our Company takes administrative and technical measures, conducts audit or have third parties conduct audits in order to provide appropriate level of security in accordance with the guidelines published by the Board.

 

                                                           COOKIE POLICY

 

As PGPARA Ödeme Hizmetleri (“Our Company”) by protecting privacy and protection of personal data rights of the visitors, we are processing data subjects’ personal data who visited the website managed by Our Company and using website cookies (“Cookies”) to provide a better user experience. We are using these technologies in compliance with Turkish Data Protection Law with no. 6698 (“the Law”) among other legislation that is applicable. Hereby, in this Policy, we gave place to information regarding processing of this your personal data as users/visitors of our website. Besides, hereby in this Policy, we explained the types of cookies that we use in our website, purpose of using those cookies and how to control them.

 

What is Cookie and What are Cookies Used For?

Cookies are small text files stored on your computers, mobile phones and tablets or other mobile devices device sent from the websites you visit. Within these files, information regarding the website that you visit is stored. By this way, the mobile devices that you used to access the websites shall remember these data when you access the website again. In this sense, cookies are significant tools for effective and easier use of the websites.

 

The main reasons that we use cookies are set forth below:

 

  • To enhance your experience by improving functionality and performance of our Website,
  • To improve our Website, to develop features and customize our Website per your choices,
  • To obtain your personal data such as IP address in order to fulfill legal requirements arising from contracts and legislation especially from Law No. 5651 on the Regulation of Broadcasts via Internet and Prevention of Crimes Committed through Such Broadcasts and the Regulation on Principles and Procedures Regarding Regulation of Broadcasts via Internet
  • To provide your safety, the security of the Website and our Company’s legal and commercial security.

 

Categories of Cookies Used on our Website

 

Mandatory Cookies: The use of certain cookies is mandatory for proper functioning of our website. These cookies are necessary to administrate the system, to prevent fake transactions and blocking these cookies will cause malfunctioning of the website.

 

Efficiency and Preference Cookies: These cookies are used to provide you more enhanced and easier usage experience. For example, remembering your preferences and choices on the website and providing you easier access to particular content shared on the website is some of their functions. As explained in detail below you may block these cookies.

 

Performance and Analysis Cookies: Because of these cookies, we can analyze your use and performance of our Site and enhance services we provide to you.

 

Analytical Cookies: We are using cookies to count the number of visitors on our website. Analytical cookies are used to see how you use our website, to see whether the features are working properly or not, to optimize and enhance our website and to ensure that our website is still attracts you and fits for your purposes. Web pages that you visited, directed/closing pages, the type of platform that you use, date/time stamp information and clicks performed on the page, your mouse movements, scrolling down actions, terms that you used for searching and texts that are typed during usage of our website are the details that are obtained during your experience.

 

How Can I Control Cookies?

 

By changing settings of your browser, you may change your preferences regarding cookies.

Information regarding the cookies that are used is enlisted below:

 

Adobe Analytics

http://www.adobe.com/uk/privacy/opt-out.html

 

AOL

https://help.aol.com/articles/restore-security-settings-and-enable-cookie-settings-on-browser

Google Adwords

https://support.google.com/ads/answer/2662922?hl=en

Google Analytics

https://tools.google.com/dlpage/gaoptout

Google Chrome

http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647

 

Internet Explorer

https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

MozillaFirefox

http://support.mozilla.com/en-US/kb/Cookies

 

Opera

http://www.opera.com/browser/tutorials/security/privacy/

 

Safari:

https://support.apple.com/kb/ph19214?locale=tr_TR