Introduction of the Data Controller and this Privacy Statement
As the data controller, Sorslab Artificial Intelligence Technologies Software and Consulting Joint Stock Company (hereinafter referred to as “Sorslab”, “the Company”, or “We”), is highly committed to the lawful processing of our customers' personal data. In this context, we wish to inform you about your personal data processed through the www.sorslab.com, customer.sorslab.com websites and/or mobile applications (collectively referred to as the “Sorslab Platform”), fulfilling our enlightenment duty arising from Article 10 of the Personal Data Protection Law No. 6698 ("PDPL").
The security of our customers' personal data is at the forefront of our operations. Therefore, to prevent unauthorized access to or leakage of personal data and to ensure the secure storage of personal data related to our customers, these data are transferred only to trusted business partners and to a minimum extent, with necessary security measures taken in accordance with the law.
Transparency is one of the most crucial aspects of our personal data protection program. In this regard, for instance, while processing personal data to provide a better customer experience, we have prepared this Privacy Notice to give our customers all the necessary information.
Another consideration is our customers' rights to control their personal data. We implement measures to allow our customers to manage their preferences regarding their personal data and to ensure high respect for our customers' choices. This Privacy Notice also explains your data protection rights, including the right to object to certain processing activities carried out by Sorslab. For more information about your rights and how to exercise them, see the section “What are Your Rights as a Data Subject?”.
In summary, data security, transparency, and the right of individuals to control their personal data are fundamental elements in ensuring our compliance with the PDPL.
This Privacy Notice contains our declarations and explanations regarding the processing of personal data of our customers and other real or legal persons who communicate with us, excluding our employees, in accordance with the provisions of the PDPL.
This Privacy Notice is prepared to provide information about what personal data Sorslab processes within the scope of its commercial activities, the purposes of processing, to whom personal data are transferred, and the purposes of such transfers.
1. Role as Data Controller
Under the PDPL, Sorslab is the data controller, responsible for determining the purposes and means of processing personal data, and for establishing and managing the data recording system. As a data controller, Sorslab has the obligation to enlighten individuals whose personal data are processed, to prevent unlawful processing of or access to these data, and to ensure their safekeeping.
1.1 Legal Basis for the Collection of Personal Data by the PDPL
As Sorslab, in our role as Data Controller, in accordance with our legal obligations stemming primarily from the Turkish Commercial Code No. 6102, Personal Data Protection Law No. 6698 (“PDPL”), Consumer Protection Law No. 6502, Turkish Penal Code No. 5237, Law No. 5651 on Regulation of Publications on the Internet and Suppression of Crimes Committed by means of Such Publications, related secondary legislation, Electronic Commerce Law No. 6563 and its related secondary legislation, and not limited to these, the personal data of our customers (including name, surname, address, profession, education, marital status, date and place of birth, email, phone number, gender, data shared via social media platforms with user consent, navigation and click data on the application, location data when the application is opened, company title, tax number, voice recordings in phone calls) can be collected, stored, maintained, updated to continue our services
Your Personal Data is Processed in Accordance with the General Principles Set Forth in Article 4 of the Personal Data Protection Law:
i. In compliance with the law and the principles of honesty,
ii. Accurately and, when necessary, up-to-date,
iii. For specified, explicit, and legitimate purposes,
iv. Relevant, limited, and proportionate to the purposes for which they are processed,
v. Retained for the period stipulated in the relevant legislation and necessary for the purposes for which they are processed.
2. How Do We Collect Your Personal Data?
This section includes the sources and channels through which personal data is collected:
• Through entirely or partially automated or non-automated means, via written or electronic forms.
• Via the Sorslab website and mobile applications.
3. What Personal Data Do We Collect and Process?
The personal data processed by our Company varies depending on the nature of the legal relationship established with our Company. In this context, the categories of personal data collected by our Company through all channels including Digital Environments are as follows:
· Identity and Contact Information: Personal or corporate data such as name, surname, and contact information (e.g., email address) that you provide while filling out forms.
· Risk Management Information (such as IP tracking records.)
· Security Information (entry/exit logs on the Company Website.)
· Legal Process and Compliance Information (information provided within the scope of requests and decisions by judicial and administrative authorities. Evidence provided in the context of the burden of proof in a possible legal dispute.)
· Marketing Information (reports and assessments containing information used for marketing purposes and showing data subject's usage preferences, targeting information, cookie records, data produced within the scope of data enrichment processes, etc.)
Additionally, we use "Google Analytics" to collect information about the usage of our Service. Google Analytics gathers data such as how often users visit the Service, which pages they visit while doing so, and what other sites they used prior to coming to our Service. Google Analytics collects only the IP address assigned to you on the date you use the Service, along with your operating system, language, and information related to your use of the Service, instead of your name or other identifying information. We do not combine the information collected through the use of Google Analytics with Personal Information. The information we receive from Google Analytics is used solely to improve our Service. Google's ability to use and share information collected by Google Analytics about your use of the Service is restricted by the Google Analytics Terms of Use and the Google Privacy Policy found here.
4. Why Do We Process Your Personal Data and What is the Legal Basis for This Usage (purpose of processing)?
We process your personal data for the following purposes:
• Based on the legal reason of explicit provision in the legislation our Company is subject to, particularly the Law No. 6563 on Regulation of Electronic Commerce, Turkish Commercial Code No. 6102, Turkish Penal Code No. 5237, and Consumer Protection Law No. 6502; for activities such as ensuring the security of operations on the company platform, conducting information security processes, and fulfilling our obligations arising from legislation to ensure the compliance of activities with the law,
• Based on the legal reason that the processing of your personal data is necessary for the establishment or execution of a contract; activities such as conducting operations for the establishment of contracts through our platform under relevant articles of the Consumer Protection Law, executing your purchasing transactions, conducting and auditing the company's business activities, monitoring delivery processes, evaluating requests, complaints, and suggestions about our products and services, conducting and auditing finance and accounting processes, carrying out communication activities,
• Based on the legal reason of necessity for our Company to fulfill its legal obligations; fulfilling legal obligations specified in secondary legislation our Company is subject to, such as the Regulation on Distance Contracts and the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce, and/or decisions, guides, and guidelines published by competent authorities, providing information to authorized persons, institutions, and organizations, ensuring that activities are carried out in compliance with legislation, following and conducting legal affairs, conducting finance and accounting tasks,
• Based on the legal reason that data processing is necessary for the establishment, exercise, or protection of a right; conducting legal and litigation affairs,
• Based on the legal reason that it is necessary to process data for the legitimate interests of our Company, provided that it does not harm the fundamental rights and freedoms; conducting activities aimed at developing and improving the products and services offered by our company,
• Based on the legal reason of your explicit consent; transferring personal data abroad.
• To fulfill a contract or to take steps linked to a contract with you. This includes:
• Establishing communication with and managing customer relations with our client
• Requests and Evaluations
• Conducting finance and accounting transactions
• Usage Information
• For legally mandated purposes:
• Ensuring compliance with national and international legislation the Company is subject to and fulfilling obligations arising from the relevant legislation. Responding to requests from government or law enforcement conducting an investigation.
• In cases where you have given us permission:
• Marketing activities: When required by law, we will send you direct marketing regarding our relevant products and services, or those provided by our affiliates and carefully selected partners, with your permission.
• Cookies: We place cookies and use similar technologies in accordance with our Cookie Policy and the information provided to you when these technologies are used.
• To address you, communicate with you, and for billing purposes, we process your name, surname, address, tax number, and TCKN information for the purpose of conducting E-invoice and E-archive transactions, carrying out communication activities, and conducting finance and accounting tasks, in line with the conditions specified in Article 5 (2) of the PDPL, including:
• a) Explicit provision in the laws,
• c) If it is necessary to process personal data of the parties to a contract, provided that it is directly related to the establishment or execution of the contract,
• ç) If it is necessary for the data controller to fulfill its legal obligations,
• e) If data processing is necessary for the establishment, exercise, or protection of a right,
• Marketing purposes: Your gender information will be processed based on the legal reason of “explicit consent” as specified in Article 5 (1) of the PDPL.
Your membership, password, and OTP operations, email address for communication, and your date of birth for identity verification will be processed based on the legal reason of “e) necessity of data processing for the establishment, use, or protection of a right” as specified in Article 5 (2) of the PDPL.
5. To Whom, Why, and Where Do We Transfer Your Personal Data?
Due to the global nature of our business, we may transfer your personal data to recipients residing in or outside of Turkey in accordance with applicable laws.
The categories of recipients to whom we may transfer your data include:
Suppliers: Your personal data will also be shared with service providers, especially those involved in website hosting, software, and maintenance services.
State authorities authorized by national or international legislation, such as customs authorities and/or law enforcement; for instance, to enforcement departments, executive or judicial bodies in connection with ongoing investigations.
In the event of the sale of the business or integration with another business, certain parts of your information may be disclosed to our advisors and any acquisition consultants and may pass to the new owners of the business.
Business Partners and Third Parties
We may occasionally share your Personal Information with our business partners. You can withdraw the consent you have given for us to share your Personal Information with our business partners and third parties at any time by following the opt-out process described below.
Third-Party Intermediaries
We have third-party intermediaries, subsidiaries, and partners who perform functions on our behalf such as hosting, billing, instant notifications, storage, bandwidth, content management tools, analytics, customer service, and fraud protection, among others. They are obligated by contract to use the necessary information to perform their functions and to maintain the confidentiality and security of the Personal Information. It is prohibited for them to use, sell, distribute, or alter these data in any way other than to provide the requested services on the Website.
Compliance with laws; legal claims, security, compliance, fraud prevention, and safety
We may use Personal Information when legally required, or to (a) comply with applicable law or legal processes served on us or the Website; (b) protect and defend our rights or property, the Website, or our users; and (c) act in urgent circumstances to protect the personal safety of us, our affiliates, agents, or users of the Website or the public. This includes exchanging information with other companies and organizations for fraud protection.
Business Transfers
In connection with a business deal such as a merger, consolidation, acquisition, reorganization, or sale of assets, or in the event of bankruptcy, we may sell, transfer, or otherwise share some or all of our business or assets, including your Personal Information.
What Measures are Taken to Keep Personal Information Secure?
We are committed to ensuring the security of your Personal Information. We take great care to ensure the secure transmission of your information from your device to our servers. Personal Information collected by our Website is stored in secure, non-public operating environments. Our security procedures may occasionally require us to request proof of identity before disclosing Personal Information to you. However, please understand that despite our best efforts to protect your Personal Information after we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure.
6. How Long Will You Keep My Data?
Sorslab is subject to legal obligations regarding data retention periods under Turkish law.
Your personal data will be deleted when it is no longer needed for the specified purposes. However, we may need to continue storing it for up to 10 years due to retention periods determined by legislative or regulatory authorities arising from the Turkish Commercial Code, Tax Law, Turkish Code of Obligations, and other relevant legislation, including European Laws and national laws of an EU Country. We may retain your data until the end of legal limitation periods (which can be up to 10 years in some cases) if necessary for the establishment, exercise, or defense of legal claims. After this period, the relevant data are routinely deleted or anonymized.
When we process personal data for marketing purposes or with your consent, we do so until you ask us to stop and for a short period thereafter (to allow us to implement your requests).
7. Principles Regarding the Confidentiality of Personal Data
Our company adheres to the following principles in all data processing activities: “legality, fairness and transparency”, “purpose limitation”, “data minimization”, “accuracy”, “storage limitation”, “integrity and confidentiality”, and “accountability”.
8. Use of Cookies
For more information about cookies, please refer to our Privacy and Cookie Policy at https://Sorslab.com/privacy-policy.
9. Use of Digital Platforms
Your personal data may be processed during your use of Digital Platforms to manage and operate the Website, engage in activities aimed at optimizing and enhancing the user experience related to the Website and Application, determine how the Website is used, support and develop the use of location-based tools to manage your online accounts and inform you about services offered nearby.
If you wish to benefit from the offered products and services, your personal data will be processed only to enable you to use these specific products and services.
10. What are Your Rights as a Data Subject?
Our company adheres to the following principles in all data processing activities: "legality, fairness and transparency", "purpose limitation", "data minimization", "accuracy", "storage limitation", "integrity and confidentiality", and "accountability".
8. Use of Cookies
For more information about cookies, please refer to our Privacy and Cookie Policy at https://Sorslab.com/privacy-policy.
9. Use of Digital Platforms
Your personal data may be processed during your use of Digital Platforms to manage and operate the Website, engage in activities aimed at optimizing and enhancing the user experience related to the Website and Application, determine how the Website is used, support and improve the use of location-based tools to manage your online accounts and inform you about services offered nearby.
If you wish to benefit from the offered products and services, your personal data will be processed only to enable you to use these specific products and services.
10. What are Your Rights as a Data Subject?
Your rights under national laws may be limited; for instance, if fulfilling your request would reveal personal data about another person and violate the rights of a third party (including our rights), or if you ask us to delete information that we are legally required to keep or have compelling legitimate interests in keeping, such information will not be deleted and will continue to be retained by us. Applicable exemptions have been incorporated into relevant national laws. We will inform you about the relevant exemptions we rely on when responding to any of your requests.
For Citizens of the Republic of Turkey;
According to Article 11 of the PDPL, you have the right to:
i. Know whether your personal data is being processed,
ii. Request information if your data has been processed,
iii. Understand the purpose of data processing and whether this is being done for appropriate purposes,
iv. Know the third parties in the country or abroad to whom your data has been transferred,
v. Request correction if your data is processed incompletely or inaccurately,
vi. Request deletion, destruction, or anonymization of your data under the conditions set forth in Article 7 of the PDPL,
vii. Request that the third parties to whom your data is transferred be notified of the actions taken under the above-mentioned points v and vi.
viii. Please be reminded that you have the right to object to any result against you arising from exclusive analysis by automated systems.
Your requests in this context must be in writing as per the Personal Data Protection Law No. 6698. To do this, along with your identity verification documents, you can personally apply to our Company's address at Hacettepe University Technopolis, Çankaya, Ankara with the application form available on our website (www.Sorslab.com), or you can send your application through a notary.
Users/Users acknowledge by accepting the following terms before engaging in any action under the Personal Data Protection Law on our Company's website: they have read the Personal Data Protection text mentioned above, agree to comply with all matters stated in these texts, and accept irrevocably that the content on the website and all electronic environment and computer records of Sorslab will be considered as definitive evidence according to Article 193 of the Civil Procedures Law.
Please remember that we will use your personal data to process your request and for identity verification purposes as per the Article.
If you believe that we are not complying with data protection regulations while processing your personal data, you may file a complaint with the competent supervisory authority as per the Article.
11. Right to Object to Processing of Personal Data
As mentioned above, you have the right to object at any time to the processing of your personal data, including profiling, for reasons related to your particular situation.
We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
In cases where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
12. Data Security
We take all appropriate technical and organizational measures to protect your personal data and to reduce the risks associated with unauthorized access, accidental data loss, intentional deletion, or damage to personal data.
In this regard, our Company:
• Ensures data security by using software and hardware including protection systems against viruses and other malicious software, firewalls, and intrusion prevention systems,
• Controls access to personal data within our company in a process tailored to the nature of the data, based strictly on a need-to-know basis,
• Ensures the legality of data processing activities through internal policies and procedures,
• Implements stricter measures regarding access to special categories of personal data.
• In cases where personal data is accessed externally due to outsourcing, our Company commits the relevant third party to comply with the provisions of the PDPL (Personal Data Protection Law),
• Takes necessary actions to inform all employees, especially those with access to personal data, about their duties and responsibilities under the PDPL.
13. Changes to This Privacy Notice
We reserve the right to make changes to this Privacy Notice in order to provide accurate and up-to-date information regarding practices and regulations related to the protection of personal data. In the event of significant changes to the Privacy Notice, data subjects will be informed through appropriate means.
13. About the Clarification Text
Sorslab reserves the right to update this clarification text on the Protection of Personal Data at any time within the scope of changes that may be made in the current legislation.
Update Date: August 23, 2023