services or features to our Platform. Please check this Policy on a regular Collection and Usage of Information
For visitors from European Economic Area (“E.E.A.”): In compliance with the General Data Protection Regulation (“GDPR”), weprocess personal data only when one of the following applies:
Collection and Usage of Information
For visitors from European Economic Area (“E.E.A.”): In compliance with the General Data Protection Regulation (“GDPR”), we process personal data only when one of the following applies:
a.You have given your consent to the processing of yourpersonal data for one or more specific purposes – Art. 6.1.a;
c. Processing is necessary for compliance with a legal obligation to which we are subject – Art. 6.1.c;
d. Processing is necessary in order to protect the vital interests of the data subject or of another natural person – Art. 6.1.d;
e. Processing is necessary for the performance of a task carried out in the public interest – Art. 6.1.e;
f. Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data – Art. 6.1.f.
When you visit our Website:
a. We may collect with cookies anonymous information regarding your browser and operating system that you use to access our Website or Platform in order to adapt our Website and Platform with different browsers and operating systems and to provide better customer experience by analysing such information (Your consent- Art. 6.1.a);
b.We may collect IP address of your device that you use to access our Website or Platform in order to detect potential attacks and unauthorized interferences and to ensure the information security of our Website and Platform (Our legitimate interest – Art. 6.1.f);
c. We may collect your name and e-mail address when you fill in the contact form in our Website (Your consent- Art. 6.1.a).
When you subscribe to our Platform:
Our Platform is a human resources performance management and development platform for employees (“Employees”) and you must be a corporate entity to subscribe to our Platform.
a.We collect e-mail address, username and password of the Customer Account Manager to enable you to create a Customer Account and keep it active (processing is necessary for the performance of our contract – Art. 6.1.b).
c. We collect e-mail addresses, usernames, names, last names and information on departments, positions and seniority of the Employees (processing is necessary for the performance of our contract – Art. 6.1.b).
d. We collect information on the time zone of the devices used by Customer Account Manager and Employees to enable them to select correct time and dates in the Platform (processing is necessary for the performance of our contract – Art. 6.1.b).
Our Access to Your Customer Account
As a principle, we don’t access to your Customer Account without notifying you first. If we need to access your Customer Account in order to analyse a bug in the Platform, we will notify you.
Content Uploaded by You and the Employees
Our Platform allows users to upload information and content in the Platform. Employees and Customer Account Manager can send and receive messages to and from each other, they can ask questions to each
other or make comments with respect to performances. Customer Account Manager determines the level of access granted to Employees regarding each other’s account with the privacy preferences of the Customer Account.
Employees and Customer Account Manager are responsible from their correspondences, posts and any other contents that they upload or share within the Platform and We have no liability regarding them. You and the
Customer Account Manager must advise the Employees not to disclose their own personal data or third parties’ personal data within their correspondences and posts within the Platform and inform them regarding potential consequences of disclosing their or third parties’ personal data.
Transfer of Personal Data to Third Party Organizations and Countries
Our database is stored with Amazon Web Services in its data centers in Germany in compliance with GDPR. Amazon Web Services offer strong security measures to protect our infrastructure. You can read more about AWS cloud security here: AWS Cloud Security
Your personal data may be transferred to third party organisations and international organisations that provide us services such as hosting, storage and analysis services as well as other services that allow us to improve our services. When we transfer any personal data outside of EEA, we make sure that the recipient country has an adequacy decision from the European Commission or the third party organisations provide adequate level of protection and safeguard measures. For that purpose, we execute standard contractual clauses approved by the European Commission with third parties, when available, or seek your approval prior to data transfer.
Google Analytics: We use web analytics services of Google Inc. to analyse and improve performance of our Website and Platform. In order to provide such services, Google Inc. may collect geo-location, browser, operating system and IP addresses of the visitors of our Website and
Google Calendar API: We may use Google Calendar services of Google Inc. with your authorisation to access your Google Calendar. We integrate users (Customer Account Manager and Employees) Google calendar to update events only related to the Platform and our services. Google Inc. stores the data it collects in its data center located in the U.S.
Inspectlet, Inc.: We may use services of Inspectlet for analysis of users’ behaviours on the Website and the Platform. Inspectlet may collect unanimous information such as mouse clicks, click on links and buttons. Inspectlet Inc. stores the data it collects in its data center located in the U.S.
One Signal: We use One Signal services that enable us to send instant notifications to customers. One Signal collects information regarding users’ device, browser, operating system, lP address, location (country), time zone, how many times and when a user visited the Website. One Signal stores information in its data center in the U.S.
Zendesk, Inc.: We use live chat solution of Zendesk on the Website and Platform in order to answer your questions quickly and efficiently. It’s an optional service and Zendek stores e-mail addresses, IP addresses and messages of the users who have consented to such service. Zendesk stores personal data within the EEA, the United States and in other countries and territories.
Personal Data Retention and Erasure
We do not retain personal data longer than we need for the specific purpose of the processing or are required by applicable law. We may need to keep personal data longer than it is required for the purpose of the processing to defend possible future legal claims or if we are served with a legal request for our records or are notified of the commencement of a legal process involving us, our Website or our Platform. We erase, destroy or anonymise personal data that is no longer required for the purposes for which the personal data was processed.
Your Rights Regarding Your Personal Data
a. Right of Access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not your personal data is being processed,and, where that is the case, access to your personal data and detailed information regarding its processing.
b.Right to Rectification (Art. 16 GDPR): You have the right to obtain the rectification of inaccurate personal data concerning you.
c. Right to Erasure (Art. 17 GDPR): You have the right to obtain the erasure of your personal data where one of the conditions set forth in Art. 17 applies.
d. Right to Restriction of Processing (Art. 18 GDPR): You have the right to obtain restriction of processing where one of the conditions set forth in Art. 18 applies.
e. Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
f. Right to Object to Processing (Art.21 GDPR): You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, where the conditions set forth in Art. 21 applies.
g. Right to Object to Profiling (Art. 22 GDPR): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects to you or similarly significantly affects you.
h. Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data infringes the applicable legislation.
FEEDBACK4E YAZILIM DANIŞMANLIK TİCARET LİMİTED ŞİRKETİ
Harbiye Mah. Hüsrev Gerede Cad. No.77/16 Şişli