Privacy Policy
ULUKOM DATA PRIVACY POLICY
1. Introduction
Ulukom Bilgisayar Yazılım, Donanım, Danışmanlık ve Ticaret A.Ş. (“ULUKOM”) recognize the importance of protecting the privacy and the rights of individuals in relation to their personal data.
This policy aims to explain the data subjects (“you”) how we collect, manage, and disclose your personal data and provide transparency.
2. Definitions
Personal Data | any information relating to an identified or identifiable natural person (‘data subject’) |
Special Categories of Personal Data | personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation |
Data Subject | Natural person whose personal data are processed |
Processing of personal data | any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
Consent | any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her |
Anonymization | Rendering personal data by no means identified or identifiable with a natural person even by linking with other data |
PDPL | Turkish Personal Data Protection Law numbered 6698, published on 7 April 2016 on the Official Gazette |
GDPR | EU General Data Protection Regulation, i.e. Regulation 2016/679 of the European Parliament and of the Council. |
Applicable Law | any and all laws, statutes, regulations, communiqué, by-laws, orders, ordinances, court decrees and resolutions that apply to processing of personal data |
Data Protection Legislation | all Applicable Laws and codes of practice applicable to the processing and protection of personal data including GDRP and/or KVKK. |
Board | Personal Data Protection Board |
Authority | Personal Data Protection Authority |
Policy | Ulukom Data Privacy Policy |
Controller | the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data |
Processor | a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller |
3. What personal data may we collect?
Identity Information | Name-surname, national identity number, passport number, photograph, copy of identity card |
Contact Information | Corporate or personal e-mail, mobile phone number, home or work address |
Personal Background Information | Cover letter, CV, job background and experience of data subject |
Camera Records | Records made by CCTV or other camera systems inside the physical place. For example, CCTV camera records taking in company’s entrances and exits. |
Product/Service Information | Information on products and/or services which the customer has purchased or has offered to purchase. For example, hardware information, the trademark, model, task and number of the device, user names and password. |
Customer Request and Compliant Information | Information collected from the requests, complaints and similar application that customers have made regarding products and services. |
Financial Information | Bank account information and credit card information. |
Web-Browsing Behavior Information | IP Addresses, number of clicks and page navigations on the Ulukom’s website. |
Legal Process and Compliance Information | Personal data processed for follow-up of legal receivables and debts, and compliance of corporate policies, bank orders and international agreements. |
Audit and Inspection Information | Personal data processed for fulfillment of the legal obligations of the company. |
4. How do we collect personal data?
We collect your personal data in a number of ways, including:
- directly from you via e-mail, telephone, SMS, fax, post, cargo or printed or electronic form
- from publicly available sources of information,
- from our own systems and equipment such as CCTV, cookies and other tracking technologies
- from our parent company WiseTech Global WiseTech Global Pty. Ltd. and other group affiliates,
- from our own records of how you use ULUKOM services
5. How do we use your personal data?
We collect, hold, use and disclose your personal data for the purposes including to:
- provide our products and services to you,
- inform you of our new products and services and ways the products and services provided to you could be improved,
- provide you with new opportunities regarding our products and services,
- provide necessary educations on our products and services and explain how you use our programs,
- maintain and develop our business systems and infrastructure, including testing and upgrading of these systems,
- identify and resolve errors, problems or bugs in our products and services,
- update our records and keep your contact details up to date,
- provide your updated personal data to our related bodies corporate, contractors, and/or suppliers,
- improve our products and services in accordance with the your business processes and upgrade them in line with your requests and our reports.
- process and respond to any complaint made by you,
- evaluate your job application and make contact with the relevant persons you list as a reference in your resume,
- comply with the Data Protection Legislation and carry out other legal obligations.
6. When we disclose your personal data
We disclose your personal data
- with our employees and company executives and representatives and suppliers for the purposes specified in Section 7,
- with our parent company WiseTech Global Pty. Ltd. for the purposes specified in Section 7 and fulfilling the obligation to provide financial report and annual activity of ULUKOM to the parent company,
- with our WiseTech group affiliates to carry out business activities which require their participation, and
- with government and regulatory authorities and other organizations, as required or authorized by law
For the compliance with GDPR, we ensure that our group affiliates whether they are located outside the EEA or not, takes appropriate technical and organizational security measures in accordance with applicable data protection laws and use it solely for the purposes specified by us.
For the compliance with PDPL, we may share your personal data with our group affiliates located in foreign countries provided that they have sufficient protection according to the Data Protection Board’s decision (“safe countries”). In case such foreign country is not recognized as a safe country by the Board, ULUKOM and the relevant group affiliate guarantee sufficient protection in writing and the Board gives permission to such transfer.
7. Our Legal Grounds for Processing Of Personal Data
We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:
- You give your consent to process your personal data for certain activities You can withdraw your consent at any time. If you withdraw your consent, it will not affect the lawfulness of any processing based on your consent before you withdrew it.
- Processing is necessary for a performance of a contract or in order to take steps prior to entering into a contract with you. For example, ULUKOM will use your address to deliver the product you bought from him.
- Processing is necessary to comply with ULUKOM’s legal obligations where other laws require the processing of your personal data. For example, Because ULUKOM is obliged to submit the documents requested by the authorized court under the relevant law, ULUKOM can transfer personal data within these documents to the relevant court.
- Processing is necessary for the ULUKOM’s or its group affiliates’ interests except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. For example, ULUKOM may process your personal data to carry out marketing activities regarding its products and services provided that such interest are not overridden by your interests or fundamental rights and freedoms.
8. How do we keep your personal data secure?
We keep your personal data secure by implementing physical and electronic security systems, limiting who can access your personal information, and training our staff to keep your information safe and secure. We also have online and network security systems in place so that the information you provide us with is protected and secure.
9. How do we retain and destroy your personal data?
ULUKOM will only retain your personal data for as long as necessary to fulfil the purposes described in this Policy and in accordance with Ulukom’s Personal Data Retention and Disposal Policy and Applicable Law. To know more about the retention and disposal of your personal data, you may request our Personal Data Retention and Disposal Policy by sending an e-mail at privacy@ulukom.com.tr
10. Collection of Children’s Personal Data
We attach great importance of protecting children’s privacy. Therefore, we do not intentionally target at any children under the age of 16 and collect their personal data. If you have any concerns about your child’s privacy with respect to our services, or if you believe that your child may have provided his/her personal data to us, please contact us using the details provided below. We ensure to delete such personal data from our records immediately.
11. Your Rights
Under the PDPL, you are entitled to:
- request information if your personal data processed,
- learn whether your personal data is used for its purpose of data processing,
- know the third parties to whom your personal data is transferred within Turkey or abroad,
- request the rectification of your incomplete or inaccurate personal data, if any,
- request the erasure or destruction of your personal data,
- request notification of the operations to whom your personal data has been transferred, in case of rectification, erasure or destruction of your personal data,
- object to the processing, exclusively by automatic means, of your personal data, which leads to an unfavourable consequence for you,
- request compensation for the damage arising from the unlawful processing of your personal data
Under the GDPR, you are (among other things) entitled to:
- receive transparent information regarding the processing of your personal data;
- access your personal data, including the right to obtain free of charge a copy of the personal data undergoing processing in a commonly available electronic format;
- rectification of incorrect personal data and completion of incomplete personal data;
- erasure of your personal data, including the “right to be forgotten”;
- restrict the processing of your personal data;
- your data being portable and accessible upon request; and
- object to the processing of your personal data.
In some cases we may not able to give you access to personal data we hold regarding you, if making such a disclosure would breach our legal obligations to our other customers or if prevented by any applicable law or regulation.
12. Contact Us
If you wish to exercise any of the above rights or if you have any questions about this privacy policy, any concerns or a complaint regarding the treatment of your privacy, or a possible breach of your privacy, please use the e-mail or postal mail below:
Email: privacy@ulukom.com.tr
Address: Rüzgarlıbahçe Mah. Kayın Sok. Yesa İş Merkezi D Blok K.2 D.6 Beykoz İstanbul/Türkiye
If you do make a complaint or allege a breach, ULUKOM will investigate your complaint and use reasonable endeavors to respond to you in writing within 30 days of receiving the written complaint. If we fail to respond to your complaint within 30 days of receiving it in writing, or if you are dissatisfied with the response that you receive from us, you have the right, depending on the jurisdiction, to make a complaint to the applicable regulator. In the case of the Personal Data Protection Law, the applicable regulator is Personal Data Protection Authority in Turkey. In the case of the GDPR, the applicable regulator will be the local regulator in your jurisdiction in Europe.
13. Changes and Updates To Policy
This Policy may be amended or updated by the relevant departments at any time in accordance with the changes made in the Data Protection Legislation or ULUKOM’s activities. If at any point we decide to use personal data in a manner materially different from that stated at the time it was collected, we will notify users by email or via a prominent notice on our website and, where necessary, we will seek the prior consent of our users. We promptly inform you of such changes and updates in our Policy.
This Policy has been last updated on 11 July 2018.