Clarification Text

Data Controller and Representative

As the data controller, Kafein Yazılım Hizmetleri Tic. A.Ş. (“Our Company” or “Data Controller”) places great importance on the privacy and security of your personal data and makes every effort to protect the fundamental rights and freedoms guaranteed under our Constitution, particularly the right to privacy.

In accordance with the Law on the Protection of Personal Data No. 6698 (“PDPL”) and the regulations and other legislation enacted or to be enacted under the PDPL, your personal data may be processed by our Company, as the data controller, in the manner set forth in this General Clarification Text and in the Website Clarification Text.

Collection, Purpose of Processing, and Transfer of Personal Data

Any document or information you provide which include any kind of personal data (including but not limited to name, surname, Turkish identity number) and any kind of special categories of personal data (such as health information, biometric and genetic data, data related to sexual life, clothing style, membership to associations, foundations or unions, criminal convictions, security measures, political opinions, philosophical beliefs, religion, sect, other beliefs, race, or ethnic origin) may be processed, recorded, stored, updated and preserved to ensure the continuity of our services, transferred to third parties, shared, anonymized, deleted, or destroyed by our Company as the data controller in accordance with the PDPL and in compliance with applicable laws and regulations.

Your personal and special categories of personal data may be collected verbally, in writing, or electronically through automatic or non-automatic methods, via our Company units and offices, group companies, social media platforms, mobile applications, website, our business partners or service providers that support our operations, contracted institutions, and other similar channels.

The personal and special categories of data collected by our Company may be processed to perform the necessary work to allow you to benefit from the products and services offered by our Company; to offer customized product and service suggestions according to your preferences, usage habits, and needs; to design and offer campaigns; to fulfill contractual obligations; to carry out planning, statistics, satisfaction surveys, and ensure security; to achieve the objectives of our Company in the scope of its operations; to execute or fulfill employment contracts; to protect and audit commercial data; to transfer all collected personal data into electronic systems; to receive services from third-party suppliers for data storage, classification, archiving, and related processes; to integrate data into human resources systems; to collect, record, classify, rearrange, update, analyze, report, securely store, disclose, modify, combine personal data; to ensure the implementation of human resources and accounting policies of our Company and its group companies; to provide physical security and supervision; to ensure compliance with domestic and international laws; to meet data sharing, storage, and reporting obligations requested by public institutions or other authorities; to provide better and more reliable services continuously; to ensure the legal and commercial security of our Company and our business contacts; to back up/copy data to prevent data loss; to send commercial electronic messages with additional explicit consent when required; and to determine and implement our Company’s commercial and business strategies within the scope of the data processing conditions and purposes specified in Articles 5 and 6 of the PDPL and may be transferred in counrty or abroad, in accordance with the personal data processing conditions set forth in Articles 8 and 9 of the PDPL, and for the purposes specified in the relevant legislation or in this Clarification Text, and within the scope of these purposes, to our legal, financial, and tax advisors, other consultants, third-party service providers, business partners, suppliers, agents, service providers, shareholders, group companies, subsidiaries, affiliated companies, employees, auditors, legally authorized public institutions, and private individuals such as administrative authorities and judicial bodies.

Method and Legal Basis of Personal Data Collection

Our Company takes all necessary administrative and technical measures to protect personal data processed within the framework of the applicable laws and current or future regulations. Personal data are processed lawfully, accurately, and are kept up to date when necessary in accordance with the PDPL. Data are processed for specified, explicit, and legitimate purposes as explained below in a limited and proportionate manner which is related to the purpose of processing and are retained for as long as required by relevant legislation or for the purpose they are processed. For more detailed information, you may refer to our Personal Data Retention and Destruction Policy published on our website.

Your personal data may be processed within the legal grounds for processing personal data specified in Articles 5 and 6 of the PDPL after being collected by the methods and for the purposes stated above. Processing is carried out based on one or more legal grounds specified in Articles 5 and 6 of the PDPL or based on explicit consent. Depending on the category and type of processed data, the data subjects are being informed of the processing purposes, data recipients, collection methods, legal basis, and rights of the data subject in relevant clarification texts, and explicit consent is obtained when required.

Duration of Personal Data Processing

In accordance with the PDPL, your personal data processed for the purposes specified in this Clarification Text will be deleted, destroyed, or anonymized by our Company when the purpose requiring their processing ceases to exist pursuant to Article 7, Paragraph f.1. of the PDPL, upon your request, and/or upon the expiration of mandatory retention periods under applicable laws. For more detailed information, you may refer to our Personal Data Retention and Destruction Policy published on our website.

Cases Where Our Company May Process Your Personal Data Without Your Explicit Consent Pursuant to the Law on the Protection of Personal Data (PDPL):

Pursuant to Article 5 of the PDPL, our Company may process your personal data, which it has obtained in accordance with the law and the terms specified above, without your explicit consent in the following cases:

  • When it is explicitly provided for by law,
  • When the processing of your personal data is necessary for the protection of your or another person’s life or physical integrity in cases where you, as the data subject, are unable to express your consent due to actual impossibility, or where your consent is not legally valid,
  • When it is necessary to process personal data of the parties to a contract, provided that it is directly related to the establishment or performance of the contract you have concluded with our Company, its subsidiaries, group companies, or affiliates,
  • When it is necessary for our Company to fulfill one of its legal obligations,
  • When your personal data has been made public by you,
  • When data processing is necessary for the establishment, exercise, or protection of a right,
  • When data processing is necessary for the legitimate interests of our Company, provided that it does not harm your fundamental rights and freedoms.

In the case that the personal data qualifies as special categories of personal data as defined by Article 6 of the PDPL, it may be processed under the following conditions:

  • If the data subject has given explicit consent,
  • If it is expressly provided for by law,
  • If it is necessary for the protection of the life or physical integrity of a person or for another person who is unable to express consent due to actual impossibility, or whose consent is not legally valid,
  • If it concerns personal data made public by the data subject and is consistent with their intention to make it public,
  • If data processing is necessary for the establishment, exercise, or protection of a right,
  • If processing is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment, and care services, as well as planning, management, and financing of health services, by persons or institutions under the obligation of confidentiality or by authorized institutions and organizations,
  • If it is necessary for the fulfillment of legal obligations in areas such as employment, occupational health and safety, social security, social services, and social assistance,
  • If it is carried out by foundations, associations, or other non-profit organizations established for political, philosophical, religious, or trade union purposes, provided that it is in accordance with their regulations, statutes and purposes, limited to their areas of activity and not disclosed to third parties, and only for existing or former members or individuals regularly in contact with them. 

Transfer of Your Personal Data Abroad

Within the scope of this information text, your personal data may be shared and transferred with our suppliers, service providers, data processors, and legally authorized public institutions and organizations, in accordance with Articles 8 and 9 of the Law, and in line with the purposes and conditions set forth in this document and relevant legislation. As the data controller, we act in compliance with the law and take all necessary administrative and technical measures and security precautions when sharing personal data.

Rights of the Personal Data Subject under Article 11 of the PDPL and How to Exercise These Rights

As personal data subjects, if you submit your requests regarding your rights to our Company through the methods set out in the Kafein Yazılım Hizmetleri Ticaret Anonim Şirketi Personal Data Protection and Processing Policy, which has been made public, our Company will finalize your request as soon as possible and within no later than thirty (30) days, depending on the nature of the request, and free of charge. However, if the transaction requires an additional cost, a fee may be charged in accordance with the tariff determined by the Personal Data Protection Board. If your application is rejected, the reasons for rejection will be sent to you at the address you specified in your application, primarily via e-mail or postal mail, or, if possible, via the same method you used to submit the request.

In this context, personal data subjects have the right to:

  • learn whether your Personal Data are processed or not,
  • demand information if your Personal Data have been processed,
  • learn the purpose of your Personal Data processing and whether this Personal Data is used in compliance with the purpose,
  • know the third parties to whom your Personal Data is transferred in country or abroad,
  • request the rectification of personal data if it has been processed incompletely or incorrectly and to request notification of third parties to whom personal data is disclosed of the measures taken,
  • request the erasure or destruction of your personal data if the reasons for processing no longer exist, even though they are being processed in accordance with the law and other relevant legislation, and to inform third parties to whom the data have been transmitted of the processing carried out in this context,
  • oppose the creation of a result against the person by analysing the processed data exclusively through automated systems,
  • claim compensation if you suffer damage due to the unlawful processing of personal data.

However, pursuant to Paragraph 2 of Article 28 of the PDPL, except for the right to request compensation for damages, you may not exercise the above rights in the following cases:

  • When the processing of personal data is necessary for the prevention of crime or for criminal investigation,
  • When processing the personal data that has been made public by the data subject,
  • When processing of personal data is necessary for the performance of regulatory or supervisory duties and for disciplinary investigations or prosecution by assigned and authorized public bodies and organizations and professional associations with the status of a public body on the basis of the power conferred on them by law,
  • When processing is necessary for the protection of the economic and financial interests of the State regarding budget, tax, and financial matters.

Pursuant to Paragraph 1 of Article 13 of the PDPL, you may submit your request to exercise the above-mentioned rights via email to info@kafein.com.tr or with a signed and written petition addressed to the Human Resources Department. If you wish to exercise this right through a representative, a notarized copy of the power of attorney with special authority must be attached to the application form.

Pursuant to the Comminuque On The Principles And Procedures For The Request To Data Controller, the Data Subject’s application must include the following information: full name, surname, signature if the application is written, Turkish Identity Number (or passport number if the applicant is foreign), residential or workplace address for notification purposes, email address (if available for notification), telephone number, fax number, and details regarding the subject of the request.

In cases where the information in the application is incomplete or incorrect, the request is not clearly and comprehensibly formulated, documents in support of the request and your identity information are not submitted or are not submitted in the required form and, in the case of applications submitted by an authorised representative, no copy of the power of attorney is attached, we may have difficulties in complying with your requests, your application may be assessed negatively or there may be delays in the investigation procedure. It is therefore important that you observe these points when exercising your rights. Otherwise, Company will not be responsible for any delays. Our company reserves its legal rights against erroneous, incorrect/illegal, malicious applications.

Table of Contents