1. DATA CONTROLLER
As an enterprise software solution provider, we offer our commercial clients with software products to support their digital transformation processes and to meet their needs. These products can be used to collect and process personal data of ‘end-users’; the data subjects which use the Services we offer to our clients of those their personal data are processed via our Services. Owing to the nature of our usual business model, we generally are not in the position of data controller in relation to the personal data of end-users. In most cases, our clients decide the purposes and the means of personal data processing activities conducted over our products. In other words, usually we will not be in direct relationship with out
clients’ end-users. If you believe your personal data has been processed via our products and you wish to acquire further information on the data processing activities or you seek to direct your data subject rights, we recommend you to read the privacy information our relevant client.
2. PURPOSES FOR PROCESSING PERSONAL DATA
We may collect and process your personal data for various purposes.
• To advertise, market and publicise our products. We can send you marketing content about our new products, products that we believe you will be interested and benefit from, special offers or we can inform you about educational or similar events that we organise and send newsletters. You may solicit such content by subscribing to our newsletter through our website or we may send these communications based on our existing business relationship with you. You can always reject receiving marketing communication from us with the methods we will be informing you in the content of each of our messages.
• To respond to your requests or handle your complaints.
• To provide our clients and their end-users with our Services as well as, where required, to provide technical support in relation to our products.
• To carry out contractual processes with our clients. Including formation and performance of a contract. For such purposes, our business partners may share personal data of their authorised employees.
• For business and product development processes. In that regard, we may analyse the use of our apps, website or software. Also, we can analyse and process certain personal information to diagnose problems in our apps and website.
• To send business related communication messages such as regarding your payments or contract renewals.
• To carry out marketing research activities to better tailor our Services to the needs and expectations of our clients.
• To protect our and our client’s rights and interests. To this end we may carry out data processing activities to reduce and prevent fraud, piracy or other illegal conduct concerning our Services.
• To fulfil our legal requirements which we are subjected to. For example, we may process and share certain personal information to meet legal requirements arising out of tax laws or we may share certain information with public authorities where lawfully requested in the course of criminal investigations.
• For reporting and archiving purposes.
3. RECIPIENTS OF PERSONAL DATA AND PURPOSES FOR TRANSFERING SUCH DATA
Commencis may share your personal data among its global subsidiaries or with third party business partners, suppliers, legally authorized public institutions and authorized private persons within the scope of the purposes described above. In particular, some of the purposes for sharing your personal data are as follows:
• We procure information technology system support from third party service providers while we are providing our Services. For example, we may procure cloud services to store or process personal data. Thus, your personal data can be shared with such service providers during the course of supplying you with our Services.
• To comply with legal requirements, we are subjected to. For example, to respond information requests made by enforcement authorities.
• To exercise, defend or protect our rights and interests. For example, we may share personal information with courts, enforcement offices or legal offices in relation to unpaid debts or illegal use of our Services.
• If our company goes under a merger get acquired by another company or transfer our certain assets or part of our Services, your personal information may be shared or disclosed to third parties that are involved in the transaction.
In cases where personal data we process are transferred to third countries, we will be doing so in compliance with cross border data transfer procedures set out under personal data protection regulations we are subjected to. Lastly, we do not sell, rent or in any way unfairly exploit the personal data belonging to any of our clients or end-users which we possess.
4. METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA
We are only permitted to process your personal data where we can rely on one or more legal basis as provided by privacy laws. We process personal data where at least one of the following conditions are met:
• It is necessary to enable us to perform our contractual commitments to you.
• It is necessary for us to comply with a legal obligation we are subjected to.
• It is necessary for us to exercise, protect or defense of our rights.
• It is necessary in our legitimate interests (e.g. to serve our customers properly, to improve and better our services, to market our services to our clients, to effectively manage our businesses).
5. YOUR RIGHTS AS DATA SUBJECTS AS ENVISAGED UNDER ARTICLE 11 OF THE LAW
As personal data subjects, you are entitled to the following rights:
• To learn whether your personal data are being processed,
• To Request information, if your personal data have been processed,
• To Learn the purpose of the processing of your personal data and whether data are being used in compliance with such purpose;
• To learn the third parties to whom the data are transferred domestically or abroad,
• To request rectification of the processed personal data which are processed incompletely or inaccurately,
• To request erasure or destruction of your personal data under the conditions specified in the relevant legislation,
• To request the processes of correction, erasure and destruction under the relevant legislation are notified to third persons to whom personal data is transferred.
• To object to negative consequences to you that are concluded, as a result of analysis of the processed personal data through solely automatic systems,
• To demand compensation for the damages that you have suffered as a result of an unlawful processing of your personal data.
In order to exercise your rights mentioned above, you may get in contact with us by sending an e-mail at firstname.lastname@example.org or reach us from ITU Teknokent ARI 2 B Blok, 34467 Sarıyer, Istanbul and convey your request to us. In principle responses to data subject requests are concluded free of charge, in accordance with the nature of your request; however, you may be charged according to the tariff to be determined by data protection authorities if your request creates additional costs.
“I hereby agree that Commencis Teknoloji A.Ş. may use my personal data for marketing and promotional purposes and send me marketing communications to my phone and e-mail address (in particular to market new products, provide information on special offers and to conduct client satisfaction surveys and send newsletters).”