Partner Portal
Clarification Text

Clarification Text

This Clarification Text was last updated on October 30, 2024

Identity of the Data Controller

This clarification text has been prepared by Cofiwo Insaat ve Teknoloji A.S., in its capacity as the data controller, in accordance with Article 10 of the Personal Data Protection Law No. 6698 (KVKK), titled “Data Controller’s Obligation to Inform,” and the Communiqué on the Principles and Procedures for Fulfilling the Obligation to Inform. Through this “Information Notice,” we aim to inform you about the purposes for which your personal data will be processed, the recipients and purposes for which your processed personal data may be transferred, the methods and legal grounds for collecting your personal data, and your other rights listed under Article 11 of the KVKK.

As the data controller, we process, record, transfer, share, and store your personal data as explained below and within the limits of the applicable legal regulations.

Our company reserves the right to update this Clarification Text on the Protection of Personal Data at any time in line with amendments that may be made to the applicable legal regulations.

Purpose of the Personal Data Protection and Processing Policy

Your personal data is collected and processed by our company, operating in the fields detailed in its Articles of Association, due to regulatory requirements or contracts we have entered into, through verbal, written, or electronic means. This data will be used to provide services related to our company’s areas of activity, improve the quality of these services, carry out our sales, marketing, and other operations, and comply with our data storage, reporting, and information obligations.

Your personal data will not be used for purposes other than those specified above without your explicit consent and will not be shared or transferred to third parties, except for legal obligations and official institutions and organizations.

Your Personal Data Processed When Necessary:

  • Identity Information
  • Contact Information
  • Customer Transaction Information
  • Transaction Security Information
  • Marketing Information
  • Legal Transaction Information
  • Call Record Information

Our company processes your personal data only based on your explicit consent or under other circumstances specified in Article 5/2 of the Personal Data Protection Law (KVKK), including but not limited to compliance with applicable legislation. This data may be shared with our domestic or international affiliates, directly or indirectly related subsidiaries, joint ventures, or, as required by legal obligations, public institutions or organizations authorized to request such data. Additionally, it may be shared with institutions, suppliers, authorized dealers/distributors/business partners with whom we have agreements domestically or internationally, provided adequate safeguards are in place, to offer you value-added services, opportunities, and privileges and to improve service quality. Including but not limited to the purposes mentioned above, your personal data may be processed proportionally to the purposes listed below, in compliance with the conditions for personal data processing specified in Articles 4, 5, and 6 of the Law:

  • Emergency Management Processes Execution
  • Vehicle Tracking System Management
  • Management of Processes Related to Dealers or Business Partners
  • Planning, Auditing, and Execution of Information Security Processes
  • Execution of Employee Candidate/Intern/Student Selection and Placement Processes
  • Fulfillment of Employment Contract and Legal Obligations for Employees
  • Execution of Employee Satisfaction and Loyalty Processes
  • Execution of Training Activities
  • Execution of Access Authorization Processes
  • Ensuring Activities Are Conducted in Compliance with Legislation
  • Execution of Finance and Accounting Processes
  • Execution of Processes Related to Loyalty to the Company/Products/Services
  • Ensuring Physical Space Monitoring and Security
  • Execution of Assignment Processes
  • Tracking and Execution of Legal Affairs
  • Execution of Internal Audit/Investigation/Intelligence Activities
  • Execution of Communication Activities
  • Planning of Human Resources Processes
  • Execution/Auditing of Business Activities
  • Taking Measures to Ensure and Improve Business Processes
  • Planning and/or Execution of Business Continuity Activities
  • Execution of Goods/Services Procurement Processes
  • Execution of Post-Sales Support Services for Goods/Services
  • Execution of Goods/Services Sales Processes
  • Management of Organization and Event Processes
  • Marketing/Analysis Activities
  • Execution of Advertisement/Campaign/Promotion Processes
  • Management of Risk Management Processes
  • Execution of Storage and Archiving Activities
  • Contract Processes/Establishment and/or Execution of Contracts
  • Execution of Strategic Planning Activities
  • Tracking of Requests/Complaints/Suggestions
  • Planning and Execution of Market Research Activities for the Sale and Marketing of Products and Services
  • Providing Information to Authorized Persons, Institutions, and Organizations
  • Execution of Management Activities

Methods and Legal Grounds for Collecting Personal Data

Cofiwo Insaat ve Teknoloji A.S. collects personal data through electronic/digital platforms such as the company website, mobile applications, social media accounts, and email addresses, directly from customers. This data is gathered to ensure the proper use of services, implement necessary improvements according to customer needs, and from potential customers. Additionally, data is obtained through solution partners and other business partners who facilitate the use of our services by our customers, as well as through faxes, notifications from administrative and judicial authorities, and other communication channels. The data is collected in auditory, electronic, or written forms in accordance with the following legal grounds outlined in Articles 5 and 6 of the Personal Data Protection Law (KVKK).

  • In necessary cases (e.g., for marketing, promotion, updates, and maintenance services related to products and/or services), contacting you with your explicit consent obtained beforehand.
  • The processing of your personal data being explicitly stipulated by law (e.g., processing information included in product and/or service invoices).
  • Processing your personal data when necessary for establishing a contractual relationship with you or fulfilling our obligations arising directly from such a contract.
  • Situations where processing your personal data is mandatory for fulfilling our legal obligations.
  • Your provision of your personal data (e.g., contacting our company regarding your requests and complaints, etc.).
  • The necessity of processing your data, provided that it does not harm your fundamental rights and freedoms (e.g., retaining your data during statute of limitations periods in case of potential legal disputes).

Processing of Sensitive Personal Data

According to the Personal Data Protection Law (KVKK), individuals' data regarding their race, ethnic origin, political opinions, philosophical beliefs, religion, sect, or other beliefs, clothing, membership in associations, foundations, or trade unions, health, sexual life, criminal convictions, and security measures, as well as biometric and genetic data, are classified as sensitive personal data. Our company ensures that the necessary measures determined by the Personal Data Protection Board are adequately implemented when processing sensitive personal data. To provide better services, our company will process sensitive personal data only with the explicit consent of the individual and solely for purposes that align with the data collection objectives

Recipients and Purposes of Transferred Personal Data

The personal data collected by Cofiwo Insaat ve Teknoloji A.S. may be transferred and processed domestically or internationally, strictly for the purposes outlined in Section II of the clarification text and limited to achieving these purposes. Such data may be shared with our business/solution partners, company officials, suppliers, legally authorized public/private institutions, private individuals or organizations, and third parties. This is carried out in compliance with the personal data processing conditions specified in Articles 8 and 9 of the Personal Data Protection Law (KVKK) and for the purposes mentioned above.

Rights of the Personal Data Owner Under Article 11 of the Personal Data Protection Law (KVKK)

Within this scope, personal data owners have the right to:

  • Learn whether their personal data is being processed,
  • Request information about the processing of their personal data,
  • Understand the purpose of the data processing and whether their data is being used in accordance with that purpose,
  • To know the third parties, whether domestic or international, to whom personal data has been transferred.
  • To request the correction of personal data if it has been processed inaccurately or incompletely.
  • To request the deletion or destruction of personal data within the framework of the conditions set forth in Article 7 of the Personal Data Protection Law (KVKK).
  • To request that the actions taken under subparagraphs (d) and (e) of Article 7 of the Personal Data Protection Law (KVKK) regarding the deletion or destruction of personal data be communicated to third parties to whom the personal data has been transferred.
  • To object to the occurrence of a result that is unfavorable to the individual due to the analysis of processed data exclusively through automated systems.
  • To request compensation for damages incurred as a result of the unlawful processing of personal data.

Duration of Personal Data Processing

In accordance with the Personal Data Protection Law (KVKK), your personal data processed for the purposes specified in this Clarification Text on the Processing of Personal Data will be deleted, destroyed, or anonymized when the purpose requiring its processing ceases to exist under Article 7/f-1 of the KVKK and/or when the statute of limitations for which we are obliged to process your data under the legislation expires. If anonymized, the data may continue to be used by us.

Circumstances Where Our Company May Process Your Personal Data Without Your Explicit Consent as Required by Law

In accordance with Article 5 of the Personal Data Protection Law (KVKK), our company may process the personal data it has lawfully obtained under the following circumstances without requiring your explicit consent:

  • The processing of your personal data is mandatory to protect your or another person’s life or physical integrity in cases where, due to actual impossibility, you are unable to express your consent as the data subject or where your consent is not legally valid.
  • The processing of personal data belonging to the parties to a contract is necessary for the establishment or performance of a contract directly related to our company, its associated companies/organizations, and other natural and/or legal persons specified in Section III of the Clarification Text.
  • It is necessary for our company to process personal data to fulfill a legal obligation.
  • Your personal data has been made public by you.
  • The processing of data is necessary for the establishment, exercise, or protection of a legal right.
  • The processing of data is necessary for our company’s legitimate interests, provided that it does not harm your fundamental rights and freedoms.

Submitting Requests Under the Personal Data Protection Law

Pursuant to Article 13, paragraph 1 of the Personal Data Protection Law (KVKK), you may submit your request to exercise the rights mentioned above in writing or through the methods determined/to be determined by the Personal Data Protection Board, to our company.

  • In the case of a personal application, the written request should be submitted to the address Soğanlık Yeni Mah. Baltacı Mehmet Paşa Sk. AC Moment No: 4A Daire: 446 Kartal, İstanbul, Türkiye. The envelope should be labeled with “Information Request Under the Personal Data Protection Law.”
  • In the case of an application submitted via a notary, the written request should be submitted to the address Soğanlık Yeni Mah. Baltacı Mehmet Paşa Sk. AC Moment No: 4A Daire: 446 Kartal, İstanbul, Türkiye. The envelope should be labeled with “Information Request Under the Personal Data Protection Law.”
  • If an application is submitted via Registered Electronic Mail (KEP) signed with an electronic signature not registered in our systems, the written request should be sent to the email address [email protected], with the subject line of the email labeled as “Information Request Under the Personal Data Protection Law.”
  • If an application is submitted via an email address registered in our systems belonging to the applicant, the written request should be sent to the email address [email protected], with the subject line of the email labeled as “Information Request Under the Personal Data Protection Law.”

Rights related to personal data can only be exercised concerning an individual's own data. Requests regarding data belonging to others or requests that do not include an official document verifying the individual's identity will not be considered.

If you submit your requests through the specified methods, our company will resolve your request based on its nature as soon as possible and within no later than thirty days, free of charge. However, if the process incurs an additional cost, a fee will be charged in accordance with the tariff set by the Personal Data Protection Board.