Tesir

Privacy Notice

DCBA CONSULTING LTD. • TESIR.IO PLATFORM • PRIVACY NOTICE

DCBA CONSULTING LTD.
TESIR.IO PLATFORM
PRIVACY NOTICE FOR USERS AND SERVICE RECIPIENTS

GENERAL INFORMATION ABOUT PROCESSING AND SECURITY OF YOUR PERSONAL DATA

As the data controller DCBA Danışmanlık Limited Şirketi (the “Company” or “Tesir.io”) under the Turkish Personal Data Protection Law No. 6698 (“GDPR” or the “Law”), we process your personal data obtained when you use the Tesir.io platform, website, mobile applications and all other digital platforms owned by Tesir.io (together the “Digital Platform” or the “Platform”), create an account on the Platform, purchase or benefit from services, contact us through the Platform, or access the Platform under subscriptions or service packages purchased by third parties, in accordance with GDPR and applicable legislation, by taking the necessary technical and administrative measures.

This Privacy Notice is prepared to inform: (i) users who access the Platform by creating an account, (ii) persons who benefit from services offered via the Platform, (iii) users who access the Platform under subscriptions or other services purchased by third parties, and (iv) individuals who contact us through forms on the Platform for corporate subscriptions, grant processes, or any kind of support/suggestion/complaint request.

Your personal data is processed lawfully and fairly, accurately and, where necessary, kept up to date, for specific, explicit and legitimate purposes, in a manner that is relevant, limited and proportionate to the purposes for which it is processed. In cases where explicit consent is required (for example, marketing communications or non-essential cookies), we do not carry out personal data processing without your explicit consent. If you do not consent to marketing cookies that personalize your preferences, such data will not be processed.

Access to the Platform may require creating a user account. Passwords you create are stored in an irreversibly encrypted form; no one, including our Company, can access your password. We implement appropriate security protocols, firewalls, access control mechanisms and up-to-date cybersecurity measures to ensure the security of personal data.

Tesir.io does not process or store your credit/debit card information within the scope of your payments. Payment processes are carried out by secure payment service providers integrated with our website. To ensure transaction security, methods such as email verification may be used when necessary.

DATA CATEGORIES AND PERSONAL DATA PROCESSED

Depending on activities within the Platform, personal data may be processed in the following categories. Our Company may not process data in every category for every user; only data necessary for providing the service is processed.

  • 2.1. Identity Information: Name, surname.
  • 2.2. Contact Information: Email address.
  • 2.3. Customer Transaction Information: Platform usage information, content generation and sharing records, service purchase/subscription information, (if any) billing/corporate purchasing information, request/complaint/support records.
  • 2.4. Transaction Security Information: IP address, access log records, session information, platform access and usage data, security incident records.
  • 2.5. Marketing Information and Cookies: Cookies and (if any) survey information (non-essential cookies only with explicit consent).
  • 2.6. Legal Transaction Information: Information relating to contract/dispute processes, correspondence and case file information with judicial/administrative authorities, notice/notification content (only in concrete dispute/audit processes and where necessary).
  • 2.7. Data Processed Within the Scope of the LinkedIn API: Limited data provided via the LinkedIn API with the user’s explicit authorization and necessary for providing Platform services.

PURPOSES OF PROCESSING PERSONAL DATA

Your personal data is processed for the following purposes:

  • 3.1. Providing and operating Platform services, creating and managing user accounts, enabling users to benefit from Platform functions.
  • 3.2. Enabling content creation, content sharing and the operation of Platform functions.
  • 3.3. Improving user experience, increasing Platform performance and conducting analytics/development activities.
  • 3.4. Managing request, support and complaint processes and carrying out user satisfaction activities.
  • 3.5. Ensuring system security, preventing unauthorized access, operating information security processes and detecting misuse.
  • 3.6. Performing email verification and account security processes.
  • 3.7. (If any) Managing corporate subscription, grant and related business processes.
  • 3.8. Fulfilling financial obligations and managing invoicing processes (only where necessary).
  • 3.9. Fulfilling obligations arising from legislation and contracts and informing authorized persons/institutions/organizations.
  • 3.10. Where you have explicit consent, carrying out campaign, information, advertising/marketing and personalized product/service offering activities.
  • 3.11. Managing legal processes and risk management; establishing, exercising and protecting rights.

PROCESSING AND DELETION WITHIN THE SCOPE OF LINKEDIN API INTEGRATION

Tesir.io may integrate with the LinkedIn platform. In this scope, data obtained via the LinkedIn API:

  • 4.1. Is processed only with the user’s explicit authorization and only for providing services offered via the Platform, enabling user-requested functions such as content creation and content sharing, and ensuring Platform security.
  • 4.2. Is not used for purposes other than these; is not shared with third parties, sold, rented, or used for commercial purposes.
  • 4.3. When the user revokes LinkedIn authorization, deletes their Tesir.io account, or submits a data deletion request, personal data obtained from LinkedIn and similar third-party platforms is deleted from our systems or anonymized within a maximum of ten (10) days. No retention is made beyond technically required minimum periods and data is not used for any other purpose.

TRANSFER OF PERSONAL DATA

Your personal data may be shared with the following recipient groups, limited to the purposes stated in this Privacy Notice and in accordance with Articles 8 and 9 of GDPR, for purposes such as responding to communication requests, fulfilling contractual obligations, providing Platform services, ensuring system security, improving user experience, creating records and documents as basis for electronic processing, complying with legal retention/reporting/information obligations, verifying user identity, and improving system performance:

  • 5.1. Technical infrastructure providers, cloud service providers and hosting providers.
  • 5.2. Email/communication service providers.
  • 5.3. Analytics and performance measurement service providers (where necessary for non-essential cookies/analytics activities with explicit consent).
  • 5.4. Technical service providers such as security, software, maintenance-support.
  • 5.5. Authorized public institutions and organizations, judicial/administrative authorities and regulatory/audit bodies as required by law.

Your personal data is not transferred to third parties except where legally required; it is never sold or marketed for commercial purposes. Cross-border data transfers are not carried out without meeting the conditions set out in Article 9 of GDPR; where transfer abroad is necessary, required legal mechanisms are applied in accordance with applicable legislation and explicit consent is obtained where required.

METHOD AND LEGAL BASIS FOR COLLECTION

Your personal data is collected through automatic or non-automatic means via creating an account on the Platform, using the Platform, sharing data via electronic forms, contacting us via email and other communication channels, authorizing LinkedIn integration, and through cookies/system logs.

Your personal data is processed based on the legal grounds set forth in Article 5 of GDPR, including: necessity for the establishment or performance of a contract, compliance with the data controller’s legal obligations, necessity for the establishment/exercise/protection of a right, and the data controller’s legitimate interest; and in cases requiring explicit consent, based on your explicit consent. Processing activities regarding traffic data and access logs within the scope of Law No. 5651 are carried out under legal obligation.

RETENTION, DESTRUCTION AND SECURITY MEASURES

Your personal data is stored for the period required for the purposes of processing and limited to retention periods set out in applicable legislation; at the end of such period it is deleted, destroyed or anonymized. Tesir.io applies up-to-date technical and administrative security measures, including encryption technologies such as SSL/TLS, secure server infrastructure, access control systems, firewalls, logging and monitoring systems, and data encryption/hash methods.

YOUR RIGHTS UNDER THE LAW

Under Article 11 of GDPR, you have the rights to: learn whether your personal data is processed; request information if it is processed; learn the purpose of processing and whether it is used in accordance with its purpose; know the third parties to whom it is transferred domestically or abroad; request correction if it is incomplete/incorrect; request deletion/destruction/anonymization under GDPR conditions; request notification of correction/deletion to third parties to whom it is transferred; object to results against you arising from analysis by automated systems; and claim compensation for damages arising from unlawful processing.

APPLICATION METHOD

You may submit your requests within the scope of GDPR to our Company in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller. If you submit your application via the email address previously provided to our Company and registered in our systems to support@tesir.io, identity verification will be deemed satisfied. Applications made from a different email address may require additional verification. Our Company finalizes applications as soon as possible and at the latest within thirty (30) days in accordance with Article 13 of GDPR. If the process requires an additional cost, the tariff determined by the Personal Data Protection Authority may apply.

EFFECTIVE DATE AND UPDATES

Tesir.io reserves the right to update this Privacy Notice in line with legislative changes and/or Platform updates. The updated notice becomes effective on the date it is published on the Platform.