Privacy Policy
Privacy
Privacy Policy
This Privacy Policy regulates the principles followed by PALMİYE GLOBAL HAREKETLI YAPI SISTEMLERI SAN VE TIC. A.S (“Palmiye”) while collecting and using personal data on the website (“Website”) depending on the wishes of the user(s) (“User(s)”).
Personal Data That Can Be Collected
Depending on the users’ access to the Website and the actions to be taken by the User, Palmiye, may collect the following data on the Website;
- Identity Information
- Transaction Security Information
- IP Information
- Legal Transaction and Compliance Information
- Contact Information
- Request/Complaint Management Information
- User Information
- Incident Management Information
- User Transact,on Information
Palmiye will be able to collect other information that may be required for the performance of the services subject to the Website and which is considered to be personal data in accordance with the Law on Personal Data Protection and all relevant legislation. The user expressly consents to the processing of the data that he/she can share with Palmiye of his/her own accord within the scope specified in this Privacy Policy for the purposes specified in this Privacy Policy.
Data that have been irreversibly anonymized in accordance with Articles 3 and 7 of the Law on Protection of Personal Data will not be considered as personal data in accordance with the provisions of the said law, and processing activities related to this data will be carried out regardless of the provisions of this Privacy Policy.
Using “Cookies”
Palmiye automatically collects such data as sections visited and clicked areas during the users’ navigation on the Website. The data obtained by using “Cookie” technology are statistical information. The aim of this technology is to make the content of the sections visited by Users easier to access for the Users since their first visit to the site. Most browsers are designed to accept these “cookies”, which are primarily the technical communication file, but Users can always change the browser settings to ensure that the technical communication file does not arrive or that the technical communication file is notified when it is sent.
Palmiye is entitled to associate the behaviour of the Users on the Website with a “cookie” in the browser and define remarketing lists based on metrics such as the number of pages viewed, duration of visit and goal completion number in order to conduct on-line behavioural advertising and marketing. Afterwards, targeted advertising content may be displayed to the User on the Website or other sites in the display network based on interests.
Purpose of Using the Data
Palmiye may use the collected personal data in order for the User to benefit from the Website, to ensure its membership registration to the Website as the case may be, to enhance the services provided, to introduce new services and inform the Users of the new services, to make the necessary notifications in this regard, to contact the User and to perform the obligations arising from the nature of the services provided.
The personal data in question may be processed within the scope of Palmiye’s reporting and business development activities, and may be used for making statistical evaluations, creating databases and conducting market researches without disclosing the identity of the User. If the User also gives consent, the information in question may be processed, stored, transmitted to third parties for the purpose of direct marketing by Palmiye and its collaborators, and the User may be contacted for the purpose of making notifications regarding the promotion, maintenance and support activities of various applications, products and services through such information.
Palmiye will also be able to process and share personal data with third parties in accordance with Articles 5 and 8 of the Law on Personal Data Protection and/or in case of exceptions in the relevant legislation. Listed below are major situations:
Processing clearly prescribed by law,
Processing is necessary to protect the vital interests or bodily integrity of the data subject or a third person if the data subject is not in a condition to express his/her consent due to actual impossibility; processing is necessary for execution or performance of a contract between User and Palmiye, processing of personal data is necessary, provided that it is directly related to its performance; processing is necessary for compliance with legal obligations; personal data has been made public by the User itself; processing is necessary for the establishment, exercise or protection of a right; processing is required for the purpose of the legitimate interests pursued by Palmiye, provided that such interest does not harm the fundamental rights and freedom of the User.
Sharing Data
Palmiye may transfer User’s personal data and new data generated by using such personal data to third parties providing service to Palmiye for the performance of the services provided to the User within the scope of the Website, provided that such transfer is limited to the purpose of the provision of such services. In this regard, for the purposes of improving User experience (including enhancing and customization), ensuring the security of the User, identifying fraudulent or unauthorized use, operational evaluation research, recovery of errors in relation to the Website or Palmiye services, and realizing any of the objectives set forth under this Privacy Policy or other privacy notes provided to the User, Palmiye may share the User data with third parties such as outsource service providers, hosting service providers, law firms, research companies and call centers.
User agrees in advance that aforementioned third parties may store the User’s personal data in the servers located in any part of the world, limited to the aforementioned purposes.
Right of Access of the User to the Personal Data and Correction Requests
By applying to Palmiye the User is entitled to:
- learn whether or not his/her personal data have been processed;
- request information as to processing if her/his data have been processed;
- learn the purpose of processing of the personal data and whether use of data fit the purpose;
- know the third parties in the country or abroad to whom personal data have been transferred;
- request correction in case personal data are processed incompletely or inaccurately;
- request deletion or destruction of personal data within the framework of the conditions set forth under the Law;
- request notifying the third persons to whom the personal data are transferred, about the correction, deletion or destruction processes made in accordance with the relevant legislation,
- object to occurrence of any result that is to her/his detriment by means of analysis of personal data exclusively through automated systems;
- request compensation for the damages in case the person incurs damages due to unlawful processing of personal data.
The may submit his/her requests mentioned above by the methods available at https://palmiye.eu/privacy-policy/ on our website. Palmiye may give its reasoned positive/negative response with regard to the above listed requests, in written form or digitally. It is essential that the actions undertaken to answer the requests be free of charge. However, in case the actions require a cost, a fee may be charged pursuant to the tariff specified by the Data Protection Authority pursuant to Article 13 of the Law on the Protection of Personal Data.
The User undertakes that information provided to Palmiye by himself/herself under this Privacy Policy is complete, accurate and up to date, and shall immediately update such information in case a change occurs with respect to such information. Palmiye shall not be held responsible in case the User does not update such information.
User agrees and represents that he/she may not fully benefit from the services undertaken by Palmiye in case he/she makes a request that will prevent Palmiye from using any of its personal data and that he/she shall be held liable for any matter arising in this regard.
Storage Period of Personal Data
Palmiye shall store the personal data provided by the User for the purposes of performing the obligations arising from the nature of the services, during the entire period in which the services are provided.
Additionally, Palmiye may keep the personal data, in case a conflict arises between Palmiye and the User, limited to the purpose of making the necessary defences within the scope of the conflict and for the period of time limitation specified by the applicable legislation.
Measures with respect to Data Security, Warranties and Liability
Subject to the terms set forth under the applicable legislation or this Privacy Policy, Palmiye undertakes to:
- prevent the unlawful processing of personal data,
- prevent the unlawful access to personal data,
- take necessary technical and administrative measures for ensuring the appropriate security level for the purposes of preserving personal data and carry out the required audits.
In case the website provides links to other applications, Palmiye shall not be held liable for the privacy policies and contents of such applications.
Palmiye may not be held liable for damages that may arise from any use of personal data which falls within the scope of the above mentioned terms.
Amendments to the Privacy Policy
Users benefiting from the services provided on the Website shall be deemed to have read and accepted all terms herein.
Palmiye reserves the right to amend the provisions of the Privacy Policy without prior notice. The updated Privacy Policy shall become effective on the date it is presented to the User in any manner.
Palmiye Global Hareketli Yapı Sistemleri San Ve Tic. A.Ş
PERSONAL DATA PROTECTION AND PRIVACY POLICY
Website Privacy Agreement
The manner in which we use and maintain the information we obtain about you and the services you request during your visit to and use of this website is subject to the terms set forth in this “Privacy Policy”. By visiting this website and requesting the use of the services we provide through this site, you agree to the terms of this “Privacy Policy”.
I. PURPOSE OF PROTECTION AND PROCESSING OF PERSONAL DATA POLICY
So far, data and information of our customers or potential customers have been kept confidential and have never been shared with third parties by virtue of the sensitivity of our business as Palmiye Global Hareketli Yapı Sistemleri San Ve Tic. A.Ş (hereinafter referred to as “the Company”). Protection of personal data is the essential policy of the company. Before any legal regulation, the company and the subsidiaries attached great importance to the privacy of personal data and adopted it as a working principle and instructed its employees to work in accordance with this principle. We, as “the Company”, also undertake to comply with all the responsibilities imposed by the Law on the Protection of Personal Data. The principles of the companies regarding the protection of personal data also cover the subsidiaries.
2nd SCOPE AND MODIFICATION OF PROTECTION AND PROCESSING OF PERSONAL DATA POLICY
The Policy has been prepared by the Company in accordance with the Law on Protection of Personal Data No. 6698 (“LPPD”). The Law entered into force with all its provisions as of today. The data obtained with your consent or in compliance with other laws as specified in the Law will be used to improve quality of services provided to you and our quality policy. Again, some of the data we have is de-personalized and anonymized. These data are used for statistical purposes and are not subject to Law enforcement and our Policy. The aim of the Protection and Processing of Personal Data as a Company Policy includes the protection of the automatically obtained data of customers, potential customers and employees or customers and employees of companies working in partnership with us and other persons. The company has the right to change the policy, provided that it is in compliance with the Law and that personal data are better protected.
III. BASIC RULES FOR PROCESSING PERSONAL DATA
a) Compliance with the law and good faith: “The Company” questions the source of the data collected or received from other companies and attaches importance to obtaining them in accordance with the law and good faith. Within this framework, “the Company” makes the necessary warnings and notifications to third parties (agents and other intermediary institutions) that sell the services offered by the Company for the protection of personal data.
b) Being accurate and up-to-date when necessary: “The Company” attaches importance to the accuracy of all of the data kept within the organization, to ensure that all data contained within the organization are accurate, do not contain incorrect information and, updated if they are communicated to it, in the event of a change in personal data.
c) Being processed for specified, explicit, and legitimate purposes: The “Company processes data only for the purposes it provides service and for which it receives approval from persons during service. It shall not process, use data and make them used for purposes other than its business.
d) Being relevant, limited and proportionate to the purposes for which data are processed: “The Company” shall use the data only for the purpose for which it is processed and to the extent required by the service.
e) Being stored only for the time designated by relevant legislation or necessitated by the purpose for which data are collected: The “Company shall store the contractual data within the scope of the terms of dispute of the Law, the requirements of the commercial and tax law. However, it shall delete or anonymize the data when the reasons necessitating their processing cease to exist.
It is important to note that these principles shall apply regardless of the fact that the “Company” has collected or processed the data in accordance with the consent or the law.
According to Article 11 of the Law on Personal Data Protection, you have the following rights. In order to facilitate these rights, an application form has also been prepared by the “Company.
Persons whose personal data are processed, by applying to the person who is announced by the Company on our web site in relation to their data shall have the following rights;
a) to learn whether or not her/his personal data have been processed;
b) to request information as to processing if her/his data have been processed;
c) to learn the purpose of processing of the personal data and whether data are used in accordance with their purpose;
ç) to know the third parties in the country or abroad to whom personal data have been transferred;
d) to request rectification in case personal data are processed incompletely or inaccurately;
e) to request deletion or destruction of personal data within the framework of the conditions set forth under the Law;
f) to request notification of the operations made as per indents (d) and (e) to third parties to whom personal data have been transferred;
g) to object to occurrence of any result that is to her/his detriment by means of analysis of personal data exclusively through automated systems;
ğ) to request compensation for the damages in case the person incurs damages due to unlawful processing of personal data. As “the Company” we respect these rights.
For the purposes mentioned above, in order to fulfill the legal and contractual obligations of the Company, your personal data are collected and processed in verbal, written and electronic form in accordance with the conditions and purposes stated in articles 5 and 6 of the LPPD.
Maximum Savings Principle/Stinginess Principle
According to this principle, which is called the principle of maximum savings or stinginess, the data reaching the Company shall be processed only as much as necessary. Thus, the data we collect will be determined according to the purpose. No unnecessary data shall be collected. Other data transferred to the company shall be transferred to company information systems in the same way. Redundant information shall not be saved; it shall be deleted or made anonymous. These data may be used for statistical purposes.
Deletion of personal Data
When the retention period required by the Law expires, judicial procedures are completed or other requirements no longer exist, these data shall be deleted, removed or anonymized by the Company automatically, or upon the request of the relevant person.
Accuracy and Currency of Data
As a rule, the data within the structure of “the Company” shall be processed as declared by the relevant persons. “The Company” is not obliged to check the accuracy of the data declared by the customers or the persons in touch with “The Company” and it’s also contrary to the Laws and our working principles. The declared data shall be regarded as correct. The principle of accuracy and currency of personal data has also been adopted by “the Company”. The personal data processed upon the request of the relevant person or from official documents that are submitted to our company shall be updated. Necessary precautions shall be taken for this purpose.
Privacy and data security
Personal data are confidential and “the Company” respects privacy. Only authorized persons shall access the personal data. All necessary technical and administrative measures shall be taken to protect the personal data collected by “the Company” and to prevent the damage on our customers and potential customers. In this context, it shall be ensured that the software complies with the standards, third parties are selected with caution and data protection policy is observed within the company.
IV. PURPOSE OF DATA PROCESSING
The Company shall collect and process personal data in line with the purposes stipulated in the letter of clarification. The data are collected and processed to draw up contracts and provide better services to the customers.
V. DATA OF CUSTOMER, POTENTIAL CUSTOMER AND BUSINESS AND SOLUTION PARTNERS
Collection and processing of data for contractual relationship
In case of a contractual relationship with our customers and potential customers, the collected personal data may be used without the approval of the customers. However, this use shall be for the purpose of the contract. The data shall be used for better execution of the contract and as required by the services and updated, if necessary, by contacting the customers. Nevertheless, the data provided to us by our customers (potential customers) shall be processed for easier and more quality services later. These data shall be deleted upon request in case of lack of any contractual relationship.
Data of Business and Solution Partners
“The Company” adopts as a principle to act in compliance with the laws when exchanging the data both with business and solution partners. The data shall be shared with the business and solution partners with the understanding of data confidentiality and as required by the services and it’s definitely ensured that these parties take measures regarding the data security.
Data processing for advertisement purposes
Electronic messages for advertisement purposes can only be sent to the persons with prior consent in compliance with the Law on the Regulation of E-Commerce and the Law on Commercial Communication and Commercial Electronic Messages. An explicit consent of the person is required to send advertisements. “The Company” shall obey the details of ‘’the consent’’ specified in the same legislation. The consent to be obtained should cover all commercial electronic messages that are sent to the electronic communication addresses of the recipients to promote and market the goods and services of the company, to promote the business or to increase the recognition level of the company with contents including greetings and wishes. This consent may be obtained via any electronic communication channel or in writing in physical environment. What is important is to obtain the declaration of the recipient that he/she accepts to receive commercial electronic messages and to have his/her full name and electronic communication address.
Data processing due to legal obligations of the company or for reasons stipulated explicitly in the Law
Personal data may be processed without prior consent when it’s stipulated explicitly in the relevant legislation or to fulfil a legal obligation specified in the legislation. Type and scope of the data processes must be required for data processing activity that is permitted by the Laws and they should comply with the relevant legal provisions.
Data processing by the company
Personal data may be processed pursuant to the legal purposes and the services of the company. However, the data shall not be used for services contrary to the laws under any circumstances.
Processing data of specific nature
Pursuant to the Law, data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dressing, membership of association, foundation or trade-union, health, sexual life, criminal conviction and security measures, and biometrics and genetics are special categories of personal data. It is additionally required for “the Company” to take the adequate measures designated by the Board when special categories of personal data are processed. “The Company” may process special categories of personal data with the consent of the data subject to provide better services only for the purposes they are collected.
Data processed with automatic systems
For data processed with automatic systems “the Company” shall act in compliance with the Law. The information obtained from these data without the explicit consent of the persons shall not be used against the person. However, “the Company” may take decisions regarding the data of persons that it will process by using the data within the system.
User Information and Internet
In case of the collection, processing and use of personal data on the websites and other systems or applications of the Company, the data subjects shall be informed about the privacy statement and cookies if needed. Users shall be informed about our applications on our websites. Personal data shall be processed as per the law.
VI. DATA OF OUR EMPLOYEES
Processing data for business relations
Personal data of the employees may be processed without obtaining consent to the extent of requirements of health insurance and business relations. However, “the Company” hereby undertakes the protection and confidentiality of the data of the employees.
Processing as per Legal Obligations
“The Company” may also processes the personal data of the employees without obtaining a separate consent, provided that it is explicitly specified in the legislation or to fulfil a legal obligation stipulated in the legislation. This case is limited to the obligations arising from the Law.
Processing in Favour of the Employees
“The Company” may process the personal data without obtaining the consent for the procedures such as private health insurances in favour of company employees. For the disputes arising from the business relations, “the Company” may also process the data of the employees.
Processing data of specific nature
Pursuant to the Law, data relating to race, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance and dressing, membership of association, foundation or trade-union, health, sexual life, criminal conviction and security measures, and biometrics and genetics are special categories of personal data. It is additionally required for “the Company” to take the adequate measures designated by the Board in addition to the consent of the data subject when special categories of personal data are processed. Data of special nature may be processed limited to and related to the cases permitted by the Law without the consent of the person. The special categories of personal data obtained from the employees shall only be used for the corresponding purpose to allow them to benefit from the insurance and health services.
Data processed with automatic systems
The data processed regarding the employees with automatic systems may be used for in-house promotions and performance assessments. The employees reserve the right to appeal to the results against them and they shall perform this process in compliance with the internal procedures. Appeals of the employees shall be evaluated again within the Company.
User Information and Internet
In case of the collection, processing and use of personal data on the websites and other systems or applications of Palmiye Global Hareketli Yapi Sistemleri San Ve Tic. A.S. the data subjects shall be informed about the privacy statement and cookies if needed. Users shall be informed about our applications on our websites. Personal data shall be processed as per the law.
Please be informed of the below information about the cookies that we use/will use on our pages when you visit our website.
Purpose of using Cookies
Type of Cookies
Google (analytics, doubleclick)
Measurement Advertisement In-site optimization
Functional and analytic cookies Commercial cookies
Advertisement
Commercial cookies
Insider
Measurement Advertisement In-site optimization
Functional and analytic cookies Commercial cookies
Hotjar
Measurement In-site optimization
Functional and analytic cookies Commercial cookies
3rd party companies (criteo, rtbhouse)
Advertisement
Functional and analytic cookies Commercial cookies
Functional and analytic cookies include the data about reminding your choices, using website effectively, optimizing the website so as to answer the demands of the user and how the visitors use the website. By nature, these kinds of cookies may contain personal information such as user name.
Third Party Cookies Websites/mobile applications/mobile websites of Palmiye Global Hareketli Yapi Sistemleri San Ve Tic. A.S. work with third party reliable and known advertisement providers. Third party service providers place their own cookies to offer advertisements specific to you. The cookies placed by third party collect, process the surfing information of the visitors on the websites and analyze them according to the ways of use.
Commercial cookies
Commercial cookies serve to offer the product/content with similar qualifications and enhance your usage experience by providing a developed and customized advertisement portfolio according to your fields of interest and choices. The holdup time of the session, permanent, functional and analytic and commercial cookies on the background is about 2 (two) months and the required settings can be done by browser settings. The removal operation from the settings may vary depending on the browser.
How to clear cookies?
Many browsers are adjusted automatically to accept and use the cookies as of the first instalment of your computer. You are allowed to block the cookies or to be warned about the cookies by using help or setting menus of your browser. You can take advantage of the instruction or help option screens of your browser to obtain further information about the various methods of managing cookies or regulate the settings of your browser.
Telecommunication and the Internet
The computers, telephone, e-mail and other applications allocated to the employees within the company shall only be used for business purposes. The employee cannot use any of these means allocated to himself/herself by the company for private purposes or communication. The company may control and monitor the data on these means. The employee undertakes not to keep any data or information apart from the business purposes on the computer, telephones or other means allocated to himself/herself as of his/her employment date.
VII. TRANSFERRING THE PERSONAL DATA DOMESTICALLY AND INTERNATIONALLY
Personal data may be shared by “the Company” with business and solution partners.
“The Company” will be entitled to transfer the personal data for certain purposes to the following persons and institutions;
» Business partners of “the Company” limited to the purpose of execution of the aims of the establishment of the business partnership,
» The suppliers of “the Company” to the extent of providing the necessary services by our company to fulfil its commercial activities and procured by the supplier as external sources,
» Solution partners of “the Company” limited to ensuring the execution of the commercial activities which require the participation of the affiliates of the company,
»Other official authorities and private persons authorized by law,
to third parties in accordance with the conditions and purposes specified in Articles 8 and 9 of the LPPD.
“The Company” has the authority to transfer personal data in accordance with the other conditions in the Law and in accordance with the consent of the person under the conditions determined by the Board in domestic and abroad.
VIII. RIGHTS OF DATA SUBJECT
“The Company” hereby agrees that the relevant person must provide his/her consent before processing the data within the scope of the Law and that he/she reserves the right to determine the destiny of the data after the data is processed.
By contacting the person announced by the Company on our website about personal data, persons are entitled;
a) to learn whether or not their personal data have been processed;
b) to request information as to processing if her/his data have been processed;
c) to learn the purpose of processing of the personal data and whether data are used in accordance with their purpose;
ç) to know the third parties in the country or abroad to whom personal data have been transferred;
d) to request rectification in case personal data are processed incompletely or inaccurately;
e) to request deletion or destruction of personal data within the framework of the conditions set forth under Article 7;
f) to request notification of the operations made as per indents (d) and (e) to third parties to whom personal data have been transferred;
g) to object to occurrence of any result that is to her/his detriment by means of analysis of personal data exclusively through automated systems;
ğ) to claim compensation for the damages in case the person incurs damages due to unlawful processing of personal data. However, individuals do not have a right with regards to the anonymized data within the Company. The “Company” may share personal data with relevant institutions and organizations in order to exercise the legal powers of a judicial duty or state authority in accordance with the business and contractual relationship.
Personal data holders shall fill in the application form on the official website of the Company at https://palmiye.eu/privacy-policy/ and sign with a wet signature and send to the following contact address, together with the ID photocopy (only the front face for the identity card) by registered letter of return. Your applications will be replied as soon as possible according to the content of your application or at the latest within 30 days of receiving your application. You must apply by registered letter. In addition, only the relevant part of your applications will be answered, and an application made about your spouse, relative or friend will not be accepted. The “Company” may request further relevant information and documents from the applicants.
IX. PRIVACY POLICY
Data of the employees or other persons at the Company are confidential. No one may use, copy, reproduce, transmit, transfer or otherwise use the data for any other purpose without compliance with the contract or the law.
X. PROCESS SECURITY
All necessary technical and administrative measures shall be taken to protect the personal data collected by “the Company” and to prevent the damage on our customers and potential customers. In this context, it shall be ensured that the software complies with the standards, third parties are selected with caution and data protection policy is observed within the company. Security-related measures are constantly being updated and improved.
XI. AUDIT
The “Company shall have the necessary internal and external audits regarding the protection of personal data carried out.
XII. NOTIFICATION OF VIOLATIONS
“The Company” shall immediately act to remedy the violations in case a violation of personal data is notified. It shall mitigate or indemnify the damage of the relevant person. In case the personal data are obtained by the unauthorized persons, this case should be immediately notified to the Board of Personal Data Protection.
Regarding the notification of the violations, you can also make an application as per the procedures provided at https://palmiye.eu/privacy-policy/
Regarding requests made pursuant to the Act on the Protection of Personal Data
As announced on pages at the address https://palmiye.eu/privacy-policy/, your application will be processed provided that you complete the form on the website, attach a copy of your identity card, and send it to the address on the form via registered mail.
The rights concerning personal data will only be used for one’s own data. Requests regarding the personal data of others will not be taken into consideration. Forms without the photocopy of the identity card will not be taken into consideration. Please be informed that even if data deletion requests are fulfilled, we are required to share data with the authorities if requested.
CONTACT
You may contact us regarding questions on the privacy agreement using the following contact info.
World Trade Center
IDTM A-2 Block No:77 TR-33149
Yeşilköy / ISTANBUL
Tel: +90 (212) 886 74 74
Fax: +90 (212) 886 95 29
E-post: [email protected]