1. PURPOSE and SCOPE

As Codit Teknoloji Ticaret Ltd. Şti. (“Codit Teknoloji”, “Company”), we attach importance to the protection of your personal data and private information. For this reason, our Company, in the capacity of Data Controller, shows all necessary efforts and care to process your personal data in accordance with the Personal Data Protection Law No. 6698 (“KVK Law”) by using, recording, storing, storing, updating, transferring and / or classifying your personal data within the framework described below, depending on the business purposes.

In this context, our Company takes all technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing of your personal data, to prevent unlawful access and to ensure the protection of your personal data in accordance with the Laws and Regulations regulated in order to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, and to protect personal data.

The target audience of this text is all natural persons and our employees whose personal data are processed on our websites and in our corporate processes. As Codit Teknoloji, we provide services over the internet through our web-based and cloud-based services (“Services”). This Clarification Text covers all of the software, sites and applications in question.

Our Websites : codit.com.tr

Personal information processed on our websites is processed in accordance with the legislation on the protection of personal data. Regarding our web-based services, we are in the status of “data controller” only for those who open user accounts and use our websites, and this Privacy Policy is only valid for the processing of data belonging to these persons.

Customers who process and record data using our services are data controllers independent of us. In these cases, we recommend that you consult the privacy policies, disclosure texts and similar documents of our Customers who process your personal data when necessary, as we are only in the status of “data processor” as the Company.

On the other hand, we do not guarantee the data security and data protection practices and policies of third party websites that we link to on our Sites. In this regard, we recommend that you review the data security and data protection policies of the relevant data controller separately.

3. Identity of the Data Controller

Codit Teknoloji (or “Organization*) has the status of ‘Data Controller’ against all real persons, including employees, employee candidates, customers, suppliers, supplier employees and visitors, with whom it comes into contact and processes personal data while conducting its commercial activities and is obliged to fulfill the obligations arising from the law. Codit Teknoloji fulfills these obligations with administrative measures taken through compliance and control tools and technical measures at an appropriate and measured level.

Codit Teknoloji processes your personal data in the capacity of “Data Controller” defined in Article 3 of the Law No. 6698 on the Protection of Personal Data and its contact information is below:

Codit Teknoloji has the status of “Data Controller” against the relevant real persons in terms of personal data belonging to the visitors of the websites and users of the services provided over the internet. As a data controller, Codit Teknoloji fulfills its obligations arising from the law and Board decisions by taking administrative measures and technical measures at an appropriate and measured level.

Our imprint as “Data Controller” and our contact information where you can contact us regarding personal data are as follows:

Title : Codit Teknoloji Ticaret Ltd. Şti.
Address : Gaziler Mah. Issıkgöl Cad. No: 138 / 69 Kat: 4 Gebze/Kocaeli
Web Site: codit.com.tr
Phone : +90 (262) 404 00 22
Email: kvkk_basvuru@codit.com.tr

4. BASIC CONCEPTS

Explicit consent: Consent on a specific subject, based on information and expressed with free will Anonymization: Making personal data impossible to be associated with an identified or identifiable natural person under any circumstances, even by matching with other data

Related person: Natural person whose personal data is processed

Personal data: Any information relating to an identified or identifiable natural person

Employee who touches personal data: Employees who process personal data of data subjects on behalf of the organization

Processing of personal data: All kinds of operations performed on personal data such as obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that they are part of any data recording system

Committee: An internal committee established within the organization in accordance with the “Directive on the Duties and Responsibilities of the PDP Committee”, with duties such as monitoring all personal data processes carried out by the organization, its units and employees, checking whether the policies are complied with, and carrying out personal data processes on behalf of the organization

Board: Personal Data Protection Board

Institution: Personal Data Protection Authority

KVK: Personal Data Protection Law No. 6698

Special Categories of Personal Data: Data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data

Data processor: Natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by him

Data recording system: The recording system where personal data is structured and processed according to certain criteria

Data controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system

Common data controller: The other data controller with whom the organization shares personal data within the scope of its commercial and corporate activities and carries out processing activities on personal data as a partner during this sharing.

Independent data controller: Other independent data controllers who process personal data of the same persons within the scope of their commercial and corporate purposes

5. PURPOSES OF PROCESSING PERSONAL DATA

Personal data belonging to the relevant persons in our organization are completely and directly related to the activities of the organization and the commercial, business or legal connection with the relevant person;

  • Objectives related to Management Processes:
    • Conducting commercial activities,
    • Ensuring business continuity, ensuring legal and administrative occupational safety,
    • Planning and executing business and application strategies,
    • Managing occupational health and safety processes,
    • Providing presentations, promotions and information about the organization, services and products,
    • Fulfilling obligations arising from legislation and contracts,
    • Providing physical space security in and around the organization,
    • Obtaining legal support,
    • Using electronic and other social media tools and printed, periodical and non-periodical publications,
    • Conducting dealership processes
    • Establishing and maintaining communication with members of the press and press and publications,
    • Informing the public about activities,
    • Conducting business meetings in a timely and effective manner
    • Completing the works on time and in a proper manner,
    • Planning and carrying out activities at local, national and international levels,
    • Conducting relations with business partners and group companies at home and abroad,
    • Conducting transactions related to intellectual and industrial property,
    • Promoting, marketing and informing about the organization, products and services,
    • Receiving notifications and feedback from customers and potential customers,
    • Providing technical support to customers,
    • Answering questions from customers and potential customers,
    • Providing support for electronic invoice services,
    • Participating in events such as fairs and seminars,
  • Çalışanlarla İlgili Amaçlar:
    • Creating and executing employment contracts for employees,
    • Performing and implementing services provided to employees,
    • Providing socio-economic benefits to employees,
    • Conducting processes related to domestic and international assignments, travel and accommodation,
    • Planning and executing human resources processes,
    • Recruitment, conducting business relationships, conducting performance evaluation processes,
    • Creating personnel files, storing them in physical and electronic environments,
    • Monitoring shifts,
    • Conducting leave and exit procedures and interviews,
    • Conducting performance and audit activities,
  • Objectives related to IT Processes:
    • Creating and updating the IT and communication infrastructure,
    • Managing users of IT tools and systems,
    • Managing corporate e-mail accounts,
    • Managing corporate social media accounts,
    • Managing, monitoring and closing e-mail accounts of employees who leave work,
    • Managing, monitoring and monitoring portable and/or desktop electronic devices,
    • Conducting transactions related to website members,
    • Ensuring data security and archiving data,
    • Keeping internet access logs,
    • Tracking vehicles and users belonging to the organization,
    • Personal data is processed for the purposes of protecting and managing digital assets and rights of customers.

6. RELATED PERSONS WHOSE PERSONAL DATA IS PROCESSED

Codit Technology generally and intensively processes the data of the relevant persons within the scope of this Privacy Policy and other administrative and technical measures. In the processing of personal data of real persons outside these categories, the organization's data processing policies, primarily this Privacy Policy, will be complied with. The categories of real persons whose personal data is being processed are as follows:

  • Employees,
  • Those working with indefinite-term employment contracts,
  • Interns and those working in İŞKUR on-the-job training programs,
  • Job Applicants,
  • Customer representatives and employees,
  • Supplier representatives and employees,
  • Consultants and Auditors,
  • Public officials,
  • Our visitors,
  • Visitors to the Internet Sites,
  • Potential customers and users,
  • Our dealers

7. LEGAL GROUNDS AND CATEGORIES OF PERSONAL DATA PROCESSED

7.1. Personal Data of Our Employees and Employees Serving with Indefinite-Term Employment Contracts and Interns

The personal data of the employees, job candidates and interns of the organization,

  • Employment Contract,
  • Labor Law No. 4857,
  • Turkish Code of Obligations No. 6098,
  • Social Insurance and General Health Insurance Law No. 5510,
  • Occupational Health and Safety Law No. 6331,
  • Individual Retirement Savings and Investment System Law No. 4632,
  • Execution and Bankruptcy Law No. 2004,
  • Law No. 4904 on Certain Regulations Regarding the Turkish Employment Agency,
  • Vocational Education Law No. 3308,
  • Turkish Commercial Code No. 6102,
  • Electronic Signature Law No. 5070,
  • Law No. 5651 on Regulation of Publications Made on the Internet and Combating Crimes Committed Through Such Publications,
  • Social Security Transactions Regulation,
  • Identity Notification Law No. 1774,
  • Regulation on Payment of Wages, Premiums, Bonuses and All Kinds of Entitlements of This Nature through Banks

It operates in accordance with similar laws, regulations and communiqués.

In this context, the organization processes the identity, communication, personnel, finance, professional experience, physical space security, legal transactions, transaction security, risk management, visual and audio records and other information categories of employees, as well as special data such as belief, association membership, foundation membership, health information, criminal conviction and security measures.

7.2. Personal Data of Job Applicants

We process the personal data of job applicants that they voluntarily share with us through tools such as resumes and letters of intent, or that they voluntarily share with all relevant organizations, such as identity, personnel, communication, family information, finance, education, professional experience, habits, and special data such as association and foundation memberships that they record on their resumes, which they voluntarily share with us through online employment platforms and/or talent agencies.

7.3. Personal Data of Natural Person Suppliers and Corporate Supplier Representatives

The organization processes the personal data of natural person suppliers and corporate supplier representatives with whom it establishes relations while conducting its commercial activities,

  • Service Agreement,
  • Turkish Code of Obligations No. 6098,
  • Enforcement and Bankruptcy Law No. 2004,
  • Turkish Commercial Code No. 6102,
  • Tax Procedure Law No. 213,
  • General Communiqués of Tax Procedure Law

and similar laws, regulations and communiqués. The organization processes the personal data of natural persons customers and suppliers and their representatives in the categories of identity, communication, finance, legal transactions and other information.

7.4. Personal Data of Auditors, Consultants and Public Employees

Personal data of auditors, consultants and public employees who perform control and audit duties in order to carry out the commercial and manufacturing activities of the organization and to ensure their sustainability and quality,

  • Turkish Commercial Code No. 6102,
  • Customs Law No. 4458,
  • Tax Procedure Law No. 213,
  • Labor Law No. 4857,
  • Law No. 4904 on Certain Regulations Regarding the Turkish Employment Agency,
  • Social Insurance and General Health Insurance Law No. 5510,
  • General Communiqués on Tax Procedure Law,

and similar laws, regulations and communiqués.

In this context, the organization processes personal data of auditors, consultants and public officials in the categories of identity, communication and personal data.

7.5. Personal data of Natural Person Customers and Corporate Customer Representatives

Our products and services are purchased, tested and managed through a user account created on our website. We process personal data in the categories of identity, personal, communication, customer transactions, customer transactions, finance of users who use our own product services on their own behalf or on a corporate basis.

7.6. Personal Data of Our Visitors

Personal data of visitors in order to ensure information and facility security,

  • Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed through These Publications,

within the scope and in our legitimate interest.

In this context, personal data of visitors in categories such as Identity, Transaction Security, Physical Space Security are processed.

7.7. Personal Data of Site Visitors and Members

Personal data of visitors to our websites are processed through “cookies” due to our legitimate interest. For more information about cookies, we kindly ask you to review our “Cookie Policy”.

7.8. Personal Data of Potential Customers

Except for advertisements on our sites, we may inform our users, trial users, customers and potential customers about new products or services through e-mail, social media or telephone by obtaining their consent. Our potential customers may request information from us through the forms on our website. Data subjects may object to such promotional, advertising and promotional communications at any time. In addition, those who do not wish to receive such e-mails and SMS messages may block the messages, use the cancellation option or request to be deleted from the lists by contacting us. We process the identity, contact, personal, financial and customer transaction information of our potential customers.

We also have a newsletter to inform those interested in our products and/or services. Each newsletter contains a link to unsubscribe from our newsletter. Those who wish to unsubscribe can do so through their account settings. Limited to this scope, we process the personal data of our potential customers in the categories of identity, personality and contact.

7.9. Personal Data of Our Dealers

The identity, communication, personal data of the representatives of our dealers who take part in the sales, marketing and after-sales support services of our products and services,

  • Franchise Agreement
  • Turkish Code of Obligations No. 6098,
  • Execution and Bankruptcy Law No. 2004,
  • Turkish Commercial Code No. 6102,
  • Tax Procedure Law No. 213,
  • General Communiqués on Tax Procedure Law

and similar laws, regulations and communiqués

8. RIGHTS OF THE RELEVANT PERSON

Under the Law, the Organization recognizes that the data subject has the right to obtain his or her consent before the data is processed and the right to determine the fate of his or her data after the data is processed.

In this sense, the data subjects may apply to the Contact Person by;

  • a) Learning whether personal data is being processed,
  • b) Requesting information if personal data has been processed,
  • c) Learning the purpose of processing personal data and whether they are used in accordance with their purpose,
  • ç) To know the third parties to whom personal data are transferred domestically or abroad,
  • d) To request correction of personal data in case of incomplete or incorrect processing,
  • e) To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law,
  • f) To request notification of the transactions made pursuant to subparagraphs (d) and (e) to third parties to whom personal data are transferred,
  • g) Object to the occurrence of a result against you by analyzing the processed data exclusively through automated systems,
  • ğ) In case you suffer damage due to unlawful processing of personal data, you can use your rights to demand compensation for the damage.

On the other hand, individuals do not have any rights regarding anonymized data within the Company. Personal data may be shared with the relevant institutions and organizations as required by the business and contractual relationship, in the event that a legal authority is exercised by the judicial or public authority.

Requests within the scope of the aforementioned rights are made by filling out the Application Form of the organization completely and sending it to the Contact Person with your wet signature by registered letter with return receipt and photocopies of your identity card (only the front side photocopy for the identity card). You can take a look at the Personal Data Applications Disclosure Text regarding the application process.

9. BASIC RULES TO BE COMPLIED WITH IN PROCESSING PERSONAL DATA

Codit Technology units and employees will take care to pay attention to the following basic rules, on which the Privacy Policy and other corporate policies are built, when processing the personal data of the data subjects.

  • Compliance with the law and the rules of good faith: The organization checks and inquires whether the personal data collected by itself or shared with it by other parties fulfills the conditions specified in the KVK, such as enlightening the relevant person, obtaining the explicit consent of the relevant person for the processing of data when necessary. It acts in accordance with the rules of honesty while responding to the applications of the relevant persons for enlightenment, obtaining their explicit consent or for information.
  • Accurate and up-to-date when necessary: The organization tries to ensure that the personal data it processes and keeps in its databases contain accurate information as much as the control mechanisms allow. It takes care to keep the data up-to-date as much as possible. It encourages data sources to share accurate information and update it in case of changes. It pays attention to check that the data is accurate and up-to-date during the collection phase.
  • Processing for specific, explicit and legitimate purposes: The organization processes personal data only for the specific, explicit and legitimate purposes set out in this Privacy Policy.
  • Connected, limited and proportionate to the purpose for which they are processed: The organization takes care not to process personal data for any purpose other than the purpose for which they are processed, and when such a need arises, to inform the person concerned and to obtain their explicit consent when necessary. It uses the data only for the purpose for which they are processed and to the extent required by the service. It does not process, use or make data used for purposes other than business purposes. When it is necessary to process personal data for another purpose, it is ensured that corrections are made in the relevant compliance tools and control tools under the supervision and approval of the Committee.
  • Term Commitment : The organization takes care to keep personal data for the period stipulated in the relevant legislation or required for the purpose for which they are processed. It retains contractual personal data for the duration of the dispute periods in the relevant Laws and the requirements of commercial and tax law. However, when these purposes disappear, the organization deletes or anonymizes the personal data. The duration of the retention of which category of data is determined in the Personal Data Inventory.
  • Data Reduction: The organization, its units and employees collect data in the categories related to the purpose, in the amount required by the purpose of processing, except for the scope and periods required by the laws and relevant legislation, and take care to process them in their systems as long as necessary.
  • Deletion and Destruction: The organization keeps the personal data it processes limited to the periods stipulated in the relevant field legislation such as laws, social security, debts, tax and commercial law and/or for the periods required by the purpose of processing. In the event that these periods expire, it deletes, destroys or anonymizes the expired personal data in accordance with the Personal Data Retention, Deletion, Destruction and Transfer Policy and with the permission and supervision of the Committee.
  • Privacy and Data Security: Care is taken to ensure general confidentiality rules and data security in all processes of processing, transferring and storing personal data in the organization, and transactions are carried out in accordance with the policy documents and rules established for this purpose. Care is taken to take necessary administrative and technical measures.

10. TRANSFER OF PERSONAL DATA

Codit Teknoloji benefits from domestic and foreign service and product suppliers in order to carry out its production-oriented and commercial activities, to ensure the execution of activities that require expertise that it needs as an institution, and may transfer personal data to these suppliers, business partners or authorized institutions and organizations that are considered “data processor”, “data controller” or “joint data controller” according to their job descriptions, activities and the nature of the service they provide.

10.1. Considerations to be Observed in Personal Data Transfer

  • It is ensured that the data transfer is secured by signing a data transfer agreement, letter of undertaking or similar documents with all parties to whom data is transferred during personal data sharing.
  • Each unit and employee must take into account the risks that the addressee to whom personal data is transferred may pose regarding personal data in advance and take care to prevent situations that may create risks.
  • Care is taken to comply with the relevant legislation such as KVK and GDPR in the use of applications and services originating abroad.
  • During data transfers to parties and suppliers, it is mandatory to ensure that data security is carried out with appropriate and secure tools and channels, to monitor whether the real persons to whom personal data are transferred are authorized by the addressee, and if there are copies and copies of personal data created for the purpose of transfer, it is mandatory to pay attention to delete them from all media as soon as their functions are terminated.
  • The units and employees of the organization are obliged to observe the sensitivities and practices of the parties and suppliers to whom they transfer data on personal data, and to inform their superiors in a timely manner about situations that may pose a risk. Employees of the organization should request the necessary support from their superiors in a timely manner for situations and problems that they cannot resolve regarding personal data.

10.2. Circumstances and Parties to whom Personal Data is Transferred

Personal data are shared with the following parties for the following purposes:

  • Private institutions and organizations such as domestic and foreign group companies, business partners, subsidiaries, affiliates, consulting firms, other service suppliers, and public institutions and organizations, where necessary for the planning and fulfillment of the commercial activities carried out by the organization,
  • To real and legal persons and third parties working with them in order to ensure business continuity, legal, technical and commercial occupational safety, planning and execution of human resources, occupational health and safety and emergency processes and strategies;
  • Persons with whom the organization has signed contracts within the framework of the services supplied by the organization and third parties with whom they work together,
  • Suppliers and third parties working with them for the services provided by the organization or outsourcing services that provide socio-economic benefits to the employee,
  • Departments within the organization, our community companies, previous or subsequent employers during the recruitment and exit process,
  • When necessary for the organization to fulfill its legal obligations, to our business partners, consultant companies, suppliers, private institutions and organizations, courts, public institutions and organizations and competent authorities,
  • To the relevant banks for the fulfillment of the necessary payment and collection transactions and performances within the scope of the establishment and performance of the contracts made by the Organization,
  • Insurance agencies and insurance companies for employees to benefit from insurance and similar rights
  • To law, accounting/SMM offices, lawyers and other consultants in order to receive legal and financial support within the scope of the establishment, use and protection of the rights of our organization,
  • To domestic and foreign service providers that provide infrastructure and services required for corporate electronic communication channels and cloud services to ensure data security;
  • to platforms and applications of foreign origin from which we supply services in order to use online communication channels and tools such as instant messaging, file sharing, video conferencing, electronic mail, etc.
  • To the supplier we provide services for the supply and authorization of services such as electronic signature, corporate telephone line,
  • With supplier organizations that provide services in these areas in order to increase the motivation of employees, to send support messages on their special days in order to strengthen team spirit, to organize events, to reward successful employees,
  • Auditors and domestic or foreign auditing organizations for the conduct of audits on quality, social and other issues commissioned by the organization or carried out at the request of customers,
  • Personal data is transferred to private and public institutions/organizations in order to carry out legal and technical processes related to business and transactions subject to intellectual and industrial property.

10.3. Kişisel Verilerin Yurt Dışına Aktarılması

Codit Teknoloji, internet sitemizin yürütülmesi, hizmetlerin geliştirilmesi, ofis iş ve işlemlerinin yürütülmesi ve kullanıcı ve ziyaretçilere hizmet verilmesi, memnuniyetlerinin temini, beklentilerinin karşılanması, iletişim kurulması amaçlarıyla yurt dışında yerleşik hizmet sağlayıcılarla kişisel veri paylaşmaktadır. Bu kapsamda,

  • US Whatsapp (Facebook) for instant messaging and,
  • With US-based Zoom and Google for video conferencing,
  • With US-based Tawk.to for customer support and inquiries,
  • With US-based Google and Wetransfer for file sharing,
  • With Anydesk and Teamviewer from Germany for remote access,
  • with US-based Apple and Google for mobile operating systems and bundled services,
  • Social Media services are shared with US-based Facebook, Twitter, Instagram, YouTube and Google.
  • Shared with France's SendinBlue for mailing services.
  • Shared with US-based RapidSSL for SSL certificate services.
  • Shared with TheSSLStore from the USA for SSL certificate services.
  • Shared with Realtime Register from the Netherlands for domain registrations.
  • Shared with P.D.R Solutions of India for domain registrations.

The privacy policies of each service provider can be found at the following links:

  • Microsoft (https://privacy.microsoft.com/en-us/privacystatement)
  • Whatsapp (https://www.whatsapp.com/legal/client)
  • Google (https://policies.google.com/privacy?hl=en-US)
  • Wetransfer (https://wetransfer.com/legal/privacy)
  • Anydesk (https://anydesk.com/en/privacy)
  • Teamviewer (https://www.teamviewer.com/en/privacy-policy/)
  • Facebook (https://www.facebook.com/policy.php)
  • Twitter (https://twitter.com/en/privacy)
  • Instagram (https://help.instagram.com/519522125107875)
  • Linkedin (https://www.linkedin.com/legal/privacy-policy)
  • Cloudflare (https://www.cloudflare.com/privacypolicy/)
  • Tawk.to (https://www.tawk.to/privacy-policy/)
  • Realtime Register (https://realtimeregister.com/other-products/privacy-protect/)
  • P.D.R Solutions (https://www.endurance.com/privacy/privacy)
  • Rapid Web Services (https://www.digicert.com/digicert-privacy-policy)
  • SendinBlue (https://www.sendinblue.com/legal/privacypolicy/)

11. AUDIT, APPLICATIONS AND DATA BREACH NOTIFICATIONS

The organization can have the necessary internal and external audits on the protection of personal data.

Applications made by the relevant persons are answered by the Committee within 30 days at the latest, by taking the opinion of the relevant unit.

When the Organization is notified of any violation of personal data, it notifies the PDP Board without delay and within 72 hours at the latest from the date of learning of this situation. It also informs the relevant parties and persons in the same way.

12. UPDATE

This policy document is updated when the organization's personal data processing conditions, tools, purposes and scope change and when the parties with whom personal data are shared change. Updates made in each article are kept in a separate table.

Çerezler Hakkında BilgilendirmeDeneyiminizi geliştirmek ve hizmetlerimizden en iyi şekilde faydalanabilmeniz için yasal mevzuata uygun çerezler kullanılır. codit.com.tr'yi kullanarak bu çerezleri kabul etmiş olursunuz.
Help
Communication

Contact our sales team or business consultants to assist your business.

Support Center

If you're looking for further assistance, create a support ticket. Our support request is available 24x7.

77x24 Phone Support
  • Turkey - Kocaeli+90 (262) 404 00 22
  • Turkey - İstanbul+90 (216) 888 08 18
  • Turkey - Bursa+90 (224) 334 16 41
  • Turkey - Ankara+90 (262) 404 00 22
  • Turkey - Kırklareli+90 (262) 404 00 22
  • Germany+49 234 545 725 85
  • England+49 234 545 725 85
  • Bulgaria+49 234 545 725 85
  • United States+49 234 545 725 85