info@ubfsoft.com
+90 (850) 302-5560
Sakarya Ofisada Plaza
TR | EN
GET OFFER
TR | EN

OUR PERSONAL DATA PROTECTION POLICY

+90 (850) 302-5560
CORPORATE SUPPORT

OUR PERSONAL DATA PROTECTION POLICY

ARTICLE 1. SUBJECT OF THE POLICY

Protecting personal data is a top priority for UBF Soft Yazılım Danışmanlık Sanayi ve Ticaret Anonim Şirketi (hereinafter referred to as UBF Soft). A key aspect of this policy is the protection and processing of personal data of UBF Soft website visitors and other third parties.

According to the Turkish Constitution, everyone has the right to request the protection of their personal data. Regarding the protection of personal data, a right guaranteed by the Constitution, the company demonstrates due diligence in protecting the personal data of UBF Soft website visitors and third parties, as governed by this Policy, and has made this a company policy.

In this context, the company takes the necessary administrative and technical measures to protect personal data processed within the framework of legal legislation.

The basic principles adopted by the company in the processing of personal data in this Policy are as follows;

  • Processing personal data in accordance with the law and rules of integrity,
  • Keeping personal data accurate and up-to-date when necessary,
  • Processing personal data for specific, clear and legitimate purposes,
  • Processing personal data in a way that is relevant, limited and proportionate to the purpose for which they are processed,
  • Keeping personal data for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed,
  • Enlightening and informing personal data owners,
  • Establishing the necessary system for personal data owners to exercise their rights,
  • Taking necessary measures to protect personal data,
  • Acting in accordance with the relevant legislation and the regulations of the Personal Data Protection Board when transferring personal data to third parties in line with the requirements of the processing purpose,
  • To show due sensitivity to the processing and protection of special personal data.

ARTICLE 2. PURPOSE OF THE POLICY

The main purpose of the policy is to ensure transparency and trust by informing individuals whose personal data are processed by UBF Soft, particularly UBF Soft website visitors and third parties, about the personal data processing activities carried out by UBF Soft in accordance with the law.

UBF Soft, acting as the data controller, has established the UBF Soft Personal Data Protection Commission (KVK Commission) within the company to regulate all internal operations and processes in accordance with this policy, which it has implemented to protect personal data, and to ensure that it fulfills its obligations arising from both the special importance it places on individuals and the legislation. UBF Soft fulfills its responsibilities regarding the protection of personal data through this commission.

UBF Soft carries out all necessary activities such as creating and updating personal data protection policies, organizing and monitoring processes, determining and implementing administrative and technical measures for the protection of personal data, training of employees and auditing activities through this commission.

ARTICLE 3. CONTENT AND DEFINITIONS

This Policy concerns all personal data of UBF Soft website visitors and third parties processed by automatic or non-automatic means provided that it is part of any data recording system.

The scope of application of this Policy to the groups of personal data owners in the categories specified above may be the entire Policy or only a part of it.

The definitions of the concepts included in this policy text are as follows:

Recipient group: Category of natural or legal persons to whom personal data are transferred by the data controller.

Explicit consent: Consent based on information and expressed with free will on a specific subject.

Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person, even when matched with other data.

Staff: UBF Soft staff

Electronic environment: Environments where personal data can be created, read, changed and written using electronic devices.

Non-electronic media: All written, printed, visual, etc. media other than electronic media.

Service provider: A natural or legal person who provides services within the framework of a specific contract with the institution.

Relevant person: The natural person whose personal data is processed.

Relevant user: Persons who process personal data within the data controller organization or in accordance with the authority and instructions received from the data controller, excluding the person or unit responsible for the technical storage, protection and backup of data.

Destruction: Deletion, destruction or anonymization of personal data

Law: Personal Data Protection Law No. 6698

Recording medium: Any medium containing personal data processed by fully or partially automatic means or non-automatic means provided that it is part of any data recording system.

Personal data: Any information relating to an identified or identifiable natural person.

Personal data processing inventory: The inventory in which data controllers detail the personal data processing activities they carry out in connection with their business processes, the purposes and legal basis of processing personal data, the data category, the recipient group to which the data is transferred, and the data subject group, and the maximum retention period required for the purposes for which personal data is processed, the personal data intended to be transferred to foreign countries, and the measures taken regarding data security.

Processing of personal data: Any operation performed on data such as obtaining, recording, storing, changing, reorganizing, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data, either fully or partially by automatic means or non-automatic means provided that it is part of any data recording system.

Board: Personal Data Protection Board

Special personal data: Data regarding race, ethnic origin, political opinion, philosophical belief, religion, sect or other belief, appearance and dress, membership in associations, foundations or unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data.

Periodic destruction: The process of deleting, destroying or anonymizing personal data, which will be carried out ex officio at recurring intervals and specified in the personal data storage and destruction policy, in case all the processing conditions of personal data specified in the law are eliminated.

Policy: Personal Data Storage and Destruction Policy

UBF Soft: UBF Soft Software Consulting Industry and Trade Inc. (Chairman of the Board)

Data processor: Natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.

Data recording system: A recording system in which personal data is structured and processed according to certain criteria.

Data controller: The natural or legal person responsible for establishing and managing the data recording system, who determines the purposes and means of processing personal data.

Data controllers registry information system: The information system created and managed by the Presidency, accessible via the internet, to be used by data controllers in applying to the Registry and other relevant transactions related to the Registry.

VERBIS: Data Controllers Registry Information System

Regulation: Regulation on the Deletion, Destruction or Anonymization of Personal Data published in the Official Gazette dated 28 October 2017

ARTICLE 4. IMPLEMENTATION OF THE POLICY AND RELATED LEGISLATION

Relevant applicable legal regulations regarding the processing and protection of personal data will be the primary application. In the event of any inconsistency between the applicable legislation and the Policy, UBF Soft acknowledges that applicable legislation will prevail.

The policy was created by concretizing and organizing the rules set forth by the relevant legislation within the scope of UBF Soft applications.

ARTICLE 5. ENFORCEMENT OF THE POLICY

This Policy, prepared by UBF Soft, shall enter into force on the date it is published on the UBF Soft Portal (https://www.ubfsoft.com). Any updates or changes to the Policy shall be updated to its effective date as of the date it is published on the UBF Soft Portal.

The policy is published on the UBF Soft Portal and made available to the relevant persons upon request of personal data owners.

ARTICLE 6. ISSUES RELATING TO THE PROTECTION OF PERSONAL DATA

In accordance with Article 12 of the KVKK, UBF Soft takes all necessary administrative, technical and legal measures to prevent the unlawful processing of personal data it processes, to prevent unlawful access to data and to ensure appropriate security to ensure the preservation of data, and provides all necessary controls within this scope.

ARTICLE 7. ENSURING THE SECURITY OF PERSONAL DATA

7.1 Technical and Administrative Measures Taken to Ensure Lawful Processing of Personal Data

UBF Soft takes technical and administrative measures according to technological possibilities and implementation costs to ensure the legal processing of personal data.

7.1.1 Technical Measures Taken to Ensure Lawful Processing of Personal Data

The main technical measures taken by our company to ensure the lawful processing of personal data are listed below:

a. UBF Soft takes technical measures regarding the work areas of its employees who will carry out personal data processing activities in line with the requirements of processing non-electronic data, and in case of data processing through electronic systems, technical solutions for user authorization definitions for employees in line with the requirements are implemented and supervised.

b. UBF Soft supervises the personal data processing activities carried out within its structure through established technical systems.

c. The technical measures taken are periodically reported to the relevant party as required by the internal audit mechanism.

d. Personnel knowledgeable in technical matters are employed.

7.1.2 Administrative Measures Taken to Ensure Lawful Processing of Personal Data

The main administrative measures taken by UBF Soft to ensure the lawful processing of personal data are listed below:

a. Employees are informed and trained on personal data protection law and the legal processing of personal data.

b. All activities carried out by UBF Soft are analyzed in detail across all business units, and as a result of this analysis, personal data processing activities specific to the commercial activities carried out by the relevant business units are revealed.

c. Personal data processing activities carried out by UBF Soft's business units; the requirements to be fulfilled to ensure compliance with the personal data processing conditions sought by Law No. 6698 are determined for each business unit and the detailed activities it carries out.

d. In order to ensure legal compliance requirements determined by UBF Soft business units, awareness is raised and application rules are determined for the relevant business units; necessary administrative measures to ensure the control of these issues and the continuity of the application are implemented through UBF Soft internal policies and training.

e. The contracts and documents governing the legal relationship between UBF Soft and its employees include clauses that impose obligations not to process, disclose, or use personal data, except for UBF Soft's instructions and exceptions stipulated by law. Confidentiality agreements are signed with relevant employees when necessary, and awareness is raised among employees on this issue, and audits are conducted.

7.2 Technical and Administrative Measures Taken to Prevent Unlawful Access to Personal Data

UBF Soft takes technical and administrative measures according to the nature of the data to be protected, technological possibilities and implementation costs to prevent reckless or unauthorized disclosure, access, transfer or any other unlawful access of personal data.

7.2.1 Technical Measures Taken to Prevent Unlawful Access to Personal Data

The main technical measures taken by UBF Soft to prevent unlawful access to personal data are listed below:

a. Technical security is provided in storage units in line with the requirements for access to non-electronic data by employees who will carry out personal data processing activities within UBF Soft. When accessing electronic systems, technical solutions are provided, implemented and monitored for user identification, access location (IP) and access time limitations for employees working in the electronic system in line with the requirements.

b. Necessary system authorization and access restriction technical solutions are provided, implemented and supervised for the access of employees who will carry out personal data processing activities within the scope of their duties and responsibilities determined by administrative decisions to electronic and non-electronic data.

c. VPN method is applied for external and direct access to electronic system data resources.

d. Software and hardware including virus protection systems and firewalls (Firewall-DDoS) are installed.

e. Accesses are logged and monitored, and necessary administrative and legal processes are initiated and monitored immediately against unauthorized access.

f. Other technical measures are taken in accordance with the developments in technology, and the measures taken are periodically updated and renewed.

g. The technical measures taken are periodically reported to the relevant parties as required by the internal audit mechanism, and the issues that pose a risk are re-evaluated and the necessary technological solutions are produced.

h. Personnel knowledgeable in technical matters are employed.

7.2.2 Administrative Measures Taken to Prevent Unlawful Access to Personal Data

The main administrative measures taken by UBF Soft to prevent unlawful access to personal data are listed below:

a. Employees are trained on technical measures taken to prevent unlawful access to personal data.

b. Personal data access and authorization processes are designed and implemented within UBF Soft in accordance with business unit-based legal compliance requirements.

c. Employees are informed that they cannot disclose the personal data they have learned to anyone else in violation of the provisions of the Personal Data Protection Law and cannot use it for purposes other than those for which it was processed, and that this obligation will continue after they leave their job, and the necessary commitments are obtained from them in this regard.

d. Provisions are added to the contracts concluded by UBF Soft with the persons to whom personal data is lawfully transferred, stating that the persons to whom personal data is transferred will take the necessary security measures to protect personal data and ensure that these measures are complied with in their own organizations.

7.3 Storing Personal Data in Secure Environments

UBF Soft takes the necessary technical and administrative measures, in accordance with technological possibilities and implementation costs, to ensure that personal data is stored in secure environments and to prevent its destruction, loss or alteration for unlawful purposes.

7.3.1 Technical Measures Taken to Store Personal Data in Secure Environments

The main technical measures taken by UBF Soft to store personal data in secure environments are listed below:

a. Systems compatible with technological advancements are used to store personal data in secure environments.

b. Technical security systems are established for storage areas, technical measures taken are periodically reported to the relevant parties as required by the internal audit mechanism, and risky issues are re-evaluated and the necessary technological solutions are produced.

c. Backup programs are used in accordance with the law to ensure the safe storage of personal data.

d. Personnel specialized in technical matters are employed.

7.3.2 Administrative Measures Taken to Store Personal Data in Secure Environments

The main administrative measures taken by our company to store personal data in secure environments are listed below:

a. Employees are trained to ensure the secure storage of personal data.

b. In the event that UBF Soft receives external hosting (colocation-cloud) etc. services due to technical requirements for the storage of personal data, the contracts concluded with the relevant companies that provide hosting services for the system units where personal data is stored and/or to which personal data is legally transferred shall include provisions stipulating that the hosted system units and/or the companies to which personal data is transferred shall take the necessary security measures to protect personal data and ensure that these measures are complied with within their own organizations.

7.4 Audit of Measures Taken for the Protection of Personal Data

UBF Soft conducts or commissions the necessary internal audits in accordance with Article 12 of the Personal Data Protection Law. The results of these audits are reported to the relevant unit within the scope of UBF Soft's internal operations, and necessary actions are taken to improve the measures taken.

7.5 Measures to be Taken in Case of Unauthorized Disclosure of Personal Data

In case personal data processed in accordance with Article 12 of the KVKK is obtained by others through illegal means, UBF Soft will ensure that this situation is notified to the relevant personal data owner and the KVK Board as soon as possible.

If deemed necessary by the KVK Board, this situation may be announced on the KVK Board's website or by another method.

ARTICLE 8. PROTECTION OF SPECIAL NATURE PERSONAL DATA

The Personal Data Protection Law places special emphasis on certain personal data due to the risk of unlawful processing that could lead to victimization or discrimination. UBF Soft does not collect or process personal data designated as "special" by the Personal Data Protection Law.

ARTICLE 9. PROCESSING OF PERSONAL DATA BASED ON ONE OR MORE OF THE PERSONAL DATA PROCESSING CONDITIONS SPECIFIED IN ARTICLE 5 OF THE KVKK AND LIMITED TO THESE CONDITIONS

The protection of personal data is a constitutional right. Fundamental rights and freedoms may be restricted only by law, without prejudice to their essence, and solely for the reasons specified in the relevant articles of the Constitution. Pursuant to the third paragraph of Article 20 of the Constitution, personal data may only be processed in cases prescribed by law or with the individual's explicit consent. Accordingly, and in accordance with the Constitution, UBF Soft processes personal data only in cases prescribed by law or with the individual's explicit consent. Detailed information on this subject is provided in this Policy.

ARTICLE 10. INFORMATION AND ENLIGHTMENT OF THE PERSONAL DATA OWNER

In accordance with Article 10 of the Personal Data Protection Law, UBF Soft informs data subjects when collecting personal data. In this context, it provides information on the identity of UBF Soft and its representative, if any, the purposes for which personal data will be processed, to whom and for what purposes the processed personal data may be transferred, the method and legal basis for collecting personal data, and the rights of personal data subjects. Detailed information on this subject is provided in this Policy. Article 20 of the Constitution stipulates that everyone has the right to be informed about personal data relating to them. Accordingly, Article 11 of the Personal Data Protection Law lists "requesting information" among the rights of personal data subjects. In this context, UBF Soft provides the necessary information when a personal data subject requests information, in accordance with Article 20 of the Constitution and Article 11 of the Personal Data Protection Law. Detailed information on this subject is provided in this Policy.

ARTICLE 11. TRANSFER OF PERSONAL DATA

UBF Soft may transfer personal data and special personal data of a data subject to third parties (third-party legal entities, business partners, and third-party natural persons) by taking the necessary security measures in accordance with the lawful purposes for processing personal data. In this regard, UBF Soft complies with the regulations stipulated in Article 8 of the Personal Data Protection Law. Detailed information on this matter is provided in this Policy.

11.1 Transfer of Personal Data

UBF Soft may transfer personal data to third parties in line with legitimate and lawful personal data processing purposes, based on and limited to one or more of the personal data processing conditions specified in Article 5 of the Law listed below:

a. If the personal data owner has explicit consent;

b. If there is a clear regulation in the law regarding the transfer of personal data,

c. If it is necessary to protect the life or physical integrity of the personal data owner or someone else and the personal data owner is unable to give his consent due to actual impossibility or his consent is not legally valid;

d. If it is necessary to transfer personal data of the parties to the contract, provided that it is directly related to the establishment or execution of a contract,

e. If personal data transfer is mandatory for UBF Soft to fulfill its legal obligations,

f. If personal data has been made public by the personal data owner,

g. If personal data transfer is mandatory for the establishment, exercise or protection of a right,

h. If personal data transfer is mandatory for the legitimate interests of UBF Soft, provided that it does not harm the fundamental rights and freedoms of the personal data owner.

ARTICLE 12. TRANSFER OF PERSONAL DATA ABROAD

UBF Soft may transfer personal data and special categories of personal data to third parties by taking the necessary security measures in accordance with its lawful personal data processing purposes. UBF Soft transfers personal data to foreign countries declared by the Personal Data Protection Board to have adequate protection ("Foreign Countries with Adequate Protection") or, if inadequate protection is not provided, to foreign countries where the data controllers in Türkiye and the relevant foreign country have undertaken, in writing, to provide adequate protection and where the Personal Data Protection Board has granted its consent ("Foreign Countries with a Data Controller Committing to Adequate Protection"). To this end, UBF Soft complies with the regulations stipulated in Article 9 of the Personal Data Protection Law.

ARTICLE 13. CATEGORIZATION OF PERSONAL DATA PROCESSED BY OUR COMPANY, PROCESSING PURPOSES AND STORAGE PERIOD

In accordance with Article 10 of the Personal Data Protection Law, UBF Soft informs the personal data owner of which personal data owner groups it processes personal data of, the purposes of processing the personal data of the personal data owner and the retention periods within the scope of the obligation to inform.

ARTICLE 14. CATEGORIZATION OF PERSONAL DATA AND PROCESSING PURPOSES

a- Name and Contact Information: UBF Soft in-house evaluation, communication, user registration, obtaining potential subscriber information, developing after-sales processes, business development, collection, promotion, analysis, complaint management, managing subscriber satisfaction processes, marketing, advertising, research, billing, event notification, execution of operational activities, measurement and development of service quality, audit, control, optimization, customer verification, marketing, sales, advertising, after-sales services, detection and prevention of fraud;

b- Identity Verification Information: User registration, problem/error reporting, control, development and execution of operational activities, development of post-subscription processes, business development, collection, internal evaluation, customer portfolio management, measurement of service quality, communication, optimization, audit, risk management, inspection, customer verification, detection and prevention of fraud;

c- Demographic Data: Promotion, internal evaluation, analysis, communication, development of after-sales processes, business development, collection, usage data and interests, favorites, marketing, sales, advertising, audit and control, risk management, development of after-sales processes, business development, collection, internal evaluation, after-sales services, measurement and development of service quality, communication, carrying out complaint management processes, carrying out and developing operational activities, registration, problem/error reporting;

d- Usage Data and Favorites: User registration, problem/error reporting, control, execution and development of operational activities, after-sales services and development of after-sales processes, business development, collection, in-company evaluation, online behavioral advertising and marketing, subscriber portfolio management, measurement and development of service quality, communication, optimization, audit, risk management and control, promotion, analysis, determination of interests, scoring, profiling, marketing, sales, advertising, communication, execution of complaint management processes, registration, problem/error reporting;

e- Location data: Enabling the use of location-dependent or location-related Portal functions, audit and control, risk management;

f- Payment Data: Managing the billing process, accounting, development of after-sales processes, business development, collection, internal evaluation, scoring, profiling, customer relations management, after-sales services, communication, marketing, auditing, control, processes carried out with payment service providers;

g- Content: Business development, optimization, customer relations management, audit, control, development of operational activities, business development, promotion, internal evaluation, subscriber management, analysis, scoring, profiling, development of after-sales processes, collection, after-sales services, communication, measurement and development of service quality, execution of complaint management processes;

h- Survey Responses: Information requested from users who respond to periodic surveys organized by UBF Soft within the UBF Soft Portal, real and/or legal persons with whom UBF Soft cooperates to enable the use of UBF Soft Portal functions and to fulfill these functions by UBF Soft, and third real and legal persons with whom UBF Soft Portal cooperates within the scope of all processing activities specified above in accordance with the purposes of use, in order to directly market to these users, perform statistical analysis, improve their processes and create a database;

Personal data will be processed in accordance with the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698, for the purposes of fulfilling the obligations arising from the contracts made with business partners/customers/suppliers by UBF Soft, establishing rights, protecting rights, carrying out commercial and legal evaluation processes, performing legal and commercial risk analyses, carrying out legal compliance processes, carrying out financial affairs, fulfilling legal requirements, fulfilling the decisions of authorized institutions, organizations and authorities, and responding to their requests, in order to fulfill legal and commercial obligations within the framework of the contracts made or activities carried out with third real or legal persons who have a business relationship with UBF Soft and the obligations arising from legal regulations.

ARTICLE 15. STORAGE PERIOD OF PERSONAL DATA

UBF Soft retains personal data for the period specified in relevant laws and regulations, provided that it is not stipulated in relevant legislation. If legislation does not specify the retention period for personal data, personal data is processed for the period required by UBF Soft's practices and business practices, based on the services UBF Soft offers while processing the data, and is then deleted, destroyed, or anonymized. Detailed information on this matter is provided in this policy. If the purpose of processing personal data has expired, and the retention periods specified by relevant legislation and the company have expired, personal data may be retained only as evidence in potential legal disputes or to assert or defend relevant rights related to personal data. Retention periods are determined based on the statute of limitations for asserting the aforementioned right and examples from previous requests submitted to UBF Soft regarding the same matters despite the expiration of the statute of limitations. In this case, stored personal data is not accessed for any other purpose and is only accessed when it is necessary to resolve a legal dispute. Once the aforementioned period has expired, personal data is deleted, destroyed, or anonymized.

ARTICLE 16. CATEGORIZATION OF OWNERS OF PERSONAL DATA PROCESSED BY OUR COMPANY

While UBF Soft processes the personal data of various categories of personal data subjects, the scope of application of this Policy is limited to employees, customers, potential customers, job candidates, UBF Soft shareholders, UBF Soft officials, visitors, employees, shareholders, and officials of institutions with which we collaborate, and third parties. While the categories of individuals whose personal data is processed by UBF Soft fall within the scope specified above, individuals outside these categories may also submit requests to UBF Soft under the Personal Data Protection Law, and their requests will also be evaluated within the scope of this Policy. This Policy clarifies the concepts of employees, customers, potential customers, visitors, job candidates, shareholders, board members, natural persons in institutions with which we collaborate, and third parties related to these individuals.

ARTICLE 17. THIRD PARTIES TO WHICH PERSONAL DATA IS TRANSFERRED BY UBF SOFT AND THE PURPOSES OF TRANSFER

UBF Soft notifies data owners of the groups of individuals to whom personal data is transferred in accordance with Article 10 of the Personal Data Protection Law. In accordance with Articles 8 and 9 of the Personal Data Protection Law, UBF Soft may transfer the personal data of service recipients to the following categories of individuals:

a. To the company's business partners,

b. To the company's suppliers,

d. To Company Shareholders,

e. Legally Authorized public institutions and organizations,

f. To legally authorized private law persons.

The scope of the above-mentioned persons to whom the data is transferred and the purposes of data transfer are as follows;

1. Limited to ensure the fulfillment of the purposes for which the business partnership was established,

2. Limited to the purpose of providing our company with the services that our company outsources from suppliers and that are necessary to carry out our company's commercial activities,

3. Limited to ensuring the execution of our company's commercial activities that require the participation of affiliates,

4. Designing the strategies and auditing activities related to our company's commercial activities in accordance with the provisions of the legal legislation and limited to auditing purposes,

5. In case legally authorized public institutions and organizations request information and documents from our company within the framework of legal legislation, limited to the purpose requested within our legal authority,

6. In case legally authorized private law persons request information and documents from our company within the framework of legal legislation, limited to the purpose requested within our legal authority,

UBF Soft acts in accordance with the provisions of this policy in all transfers made. UBF Soft, on the UBF Soft Portal, owned by UBF Soft, records the internet activity of visitors to the UBF Soft Portal using technical means to ensure that their visits are consistent with the purposes for which they visit and to display personalized content. Detailed explanations regarding the protection and processing of personal data related to these activities of our company are included in the "Company Website Privacy Policy" texts of the relevant websites. Although UBF Soft has processed personal data in accordance with the relevant legal provisions, as regulated in Article 138 of the Turkish Penal Code and Article 7 of the Personal Data Protection Law, personal data will be deleted, destroyed, or anonymized at UBF Soft's own discretion or upon the request of the data subject, if the reasons requiring processing no longer exist. UBF Soft fulfills this legal obligation through legal means.

ARTICLE 18. TECHNIQUES FOR DELETION, DESTRUCTION AND ANONYMIZATION OF PERSONAL DATA

18.1 Deletion and Destruction of Personal Data

UBF Soft may delete or destroy personal data based on its own decision or upon the request of the personal data owner, if the reasons requiring processing are eliminated, even though the data has been processed in accordance with the provisions of the relevant law.

18.2 Techniques for Anonymizing Personal Data

Anonymizing personal data refers to rendering personal data incapable of being linked to an identified or identifiable natural person, even when paired with other data. UBF Soft may anonymize personal data when the reasons requiring processing of legally processed personal data are no longer necessary.

In accordance with Article 28 of the Personal Data Protection Law, anonymized personal data may be processed for purposes such as research, planning, and statistics. Such processing falls outside the scope of the Personal Data Protection Law, and the explicit consent of the data owner will not be required. Since anonymized and processed personal data falls outside the scope of the Personal Data Protection Law, the rights stipulated in the Policy will not apply to this data. In accordance with Article 10 of the Personal Data Protection Law, UBF Soft informs personal data owners of their rights and provides guidance to personal data owners on how to exercise these rights. UBF Soft implements the necessary channels, internal operations, administrative, and technical regulations in accordance with Article 13 of the Personal Data Protection Law to assess the rights of personal data owners and provide the necessary information to personal data owners.

ARTICLE 19. RIGHTS OF THE DATA OWNER AND EXERCISE OF THESE RIGHTS

19.1 Rights of the Personal Data Owner

Personal data owners have the following rights:

a. Learning whether personal data is being processed

b. Requesting information regarding personal data processed

c. Learning the purpose of processing personal data and whether they are used in accordance with their purpose

d. Knowing the third parties to whom personal data is transferred, either domestically or abroad

e. To request correction of personal data if it is processed incompletely or incorrectly and to request notification of the action taken to third parties to whom personal data has been transferred.

f. Requesting the deletion or destruction of personal data in case the reasons requiring processing are eliminated, even though the data has been processed in accordance with the provisions of the Personal Data Protection Law and other relevant laws, and requesting that the action taken in this context be notified to third parties to whom the personal data has been transferred.

g. Objection to the emergence of a result to the detriment of the person himself/herself, by means of analysis of the processed data exclusively through automated systems.

h. To request compensation in case of damages due to unlawful processing of personal data.

19.2 Exercise of Personal Data Owner's Rights

Personal data owners may submit their requests regarding the rights listed above in this section to our Company free of charge using the method specified below:

a. After filling out the form at www.ubfsoft.com and signing it with a wet signature, apply in person to the address "Ofisada Plaza Orta Neighbourhood Kavaklar Street No:15 Door No: 103 Adapazarı / SAKARYA / TURKEY" along with the required attachments.

b. After filling out the form at www.ubfsoft.com and signing it with a wet signature, send it to the address "Ofisada Plaza Orta Neighbourhood Kavaklar Street No:15 Door No: 103 Adapazarı / SAKARYA / TURKEY" via cargo or mail, along with the required attachments.

c. After filling out the form at www.ubfsoft.com and signing it with your “secure electronic signature” within the scope of Electronic Signature Law No. 5070, you can send the secure electronically signed form and the requested attachments via an e-mail to kvk@ubfsoft.com.

To exercise their rights, personal data owners must complete the "Application Form for Applications to be Made by the Relevant Person (Personal Data Owner) to the Data Controller Pursuant to Law No. 6698 on the Protection of Personal Data," linked above. This form also explains in detail the application method.

ARTICLE 20. COMPANY'S RESPONSES TO APPLICATIONS

20.1 UBF Soft's Procedure and Timeframe for Responding to Applications

If the personal data subject submits their request to UBF Soft in accordance with the procedure outlined above in this section, UBF Soft will process the request free of charge as soon as possible and within thirty days at the latest, depending on the nature of the request. However, if the process requires additional costs, UBF Soft will charge the applicant the fee set by the Personal Data Protection Board.

20.2 Information That UBF Soft May Request from the Applicant Personal Data Owner

UBF Soft may request information from the data subject to determine whether the applicant is the subject of personal data. UBF Soft may ask questions regarding the personal data subject's application to clarify the matters included in the personal data subject's application.

Contact Us
We use cookies to provide you with a better service Please review our Cookie Policy and Data Protection Policy Please note that if you change the cookie settings, some features of the website may lose their functionality.