Privacy Policy


PROTECTION AND PROCESSING OF PERSONAL DATA 

PRIVACY NOTICE



Data privacy is of utmost importance for STRABO, and we attach particular importance to ensuring that the processing of your personal data is transparent and clear. In this context, we would like to inform you about your personal data in order to fulfill our obligation of informing arising from Article 10 of the Law on the Protection of Personal Data No. 6698 ("KVKK"). Personal data refers to any kind of information that identifies you or makes you identifiable. Below are your personal data collected and processed by STRABO, along with their processing purposes, recipient groups to which they are transferred, methods of collection, legal basis, and your rights regarding such personal data.



This content is important, so please read it and make sure you control your privacy.

Before we begin, we would like to explain our privacy principles to you:



✔ We take your privacy seriously. 

✔ We commit to protecting the security of your personal data. 

✔ We act in accordance with data privacy laws when using your personal data. 

✔ We only use your personal data in the ways described in this document. 

✔ We do not collect your personal data if it is not necessary.

✔ When your personal data is no longer necessary for our collection purposes, 

     we stop collecting it.

 ✔ We disclose your rights to control your personal data.


1.    Who is the data controller of your personal data?



The data controller responsible for the processing of data is HF YARATICI PROJE GELİŞTİRME VE DANIŞMANLIK LTD. ŞTİ, with Tax Number 4620897124 and MERSIS number 0462-0897-1240-0001. ("STRABO")



The contact information for STRABO is as follows:



  • Postal address: ESENKENT NEIGHBORHOOD, ONUR GÜVENER STREET, GARDEN RUSTIC NO: 27/I INNER DOOR NO: 1 ESENYURT/ ISTANBUL TURKEY

  • Phone: +905304902593

  • Email: info@hence-forth.com



  1. Who is the Data Protection Officer?



We have appointed a Data Protection Officer to ensure that your personal data is processed continuously in a transparent, accurate, and lawful manner. You can reach our Data Protection Officer using the following contact information:




  1. What are our principles regarding the processing of personal data?



  • Processing in Compliance with the Law, Principle of Honesty, and Transparency


The processing of personal data adheres to the principles introduced by legal regulations, as well as the general principles of trust, honesty, and transparency.



  • Ensuring the Accuracy and Currency of Personal Data



Periodic checks and updates are conducted to ensure that the personal data of individuals being processed is accurate and up-to-date, and all necessary reasonable measures are taken in this regard. Systems are established within STRABO to verify the accuracy of personal data and make any necessary corrections. For members, these changes and updates can be made through the "My Account" page on the Strabo mobile application.



  • Processing for Specified, Explicit, and Legitimate Purposes



Personal data is processed based on clear, specific, and legitimate purposes of data processing. The purposes for which data will be processed are detailed in this Privacy Notice.



  • Relevance, Limited, and Proportionate Processing to the Purposes


Personal data is processed in a proportionate, relevant, and limited manner to achieve the intended purpose(s) and unnecessary or irrelevant personal data processing is avoided.



  • Retention in Compliance with Applicable Legislation or for the Period Necessary for the Purposes of Processing



STRABO retains personal data only for the period prescribed by applicable legislation or for the period necessary for the purposes of processing. Accordingly, it is first determined whether there is a period prescribed by applicable legislation for the storage of personal data, and if there is, compliance with this period is ensured. If no period is prescribed, personal data is stored for the period necessary for the purposes of processing. Upon the expiration of the period or the cessation of the reasons necessitating processing, and in the absence of a legal basis allowing for longer retention, personal data is deleted, destroyed, or anonymized in accordance with STRABO's "Personal Data Retention and Destruction Policy.



  • Processing in Compliance with Data Integrity and Confidentiality


Personal data is processed in a manner that ensures the security of personal data, including protection against unauthorized or unlawful processing, as well as against accidental loss, destruction, or damage, through the use of appropriate technical or organizational measures.

 

  1. What types of personal data are collected and processed by STRABO?

We collect and process various types of personal data from our users-members for different purposes. The specific data collected and the purposes of processing vary depending on the nature of the data. The table below provides detailed explanations and examples of the types of personal data collected from our users-members:



Personal Data CategoryExample of Personal DataIdentity InformationFor example, your name, surname, date of birth, gender, etc.Contact Information
Such as your email address, phone number, etc.Customer Transaction InformationFor example, transaction details, investment portfolio, strategies, comments, evaluations, scores, points, user account and content information, transaction history, requests, suggestions, and complaints information, information related to interactions with customer service-support team, call center conversation records and communication history, communication preferences, etc.Financial InformationFor example, investment risk and return preferences, strategies, financial performance information, preferred financial assets, order of transactions, knowledge and experience in capital markets, utilized investment services and ancillary services, markets traded in, products traded, transaction frequency and volume, etc.Transaction Security InformationFor example, cookie records, reports and evaluations indicating a person's habits and preferences, targeting information, information derived through data enrichment activities, competitions, etc.Transaction Security InformationFor example, account settings including default preferences, customer-specified preferences such as country, language, and currency, product/service type the customer is interested in or pages visited by the customer, IP address information, platform login/logout information, username and password information, traffic data (connection time/duration, etc.), computer screen recordings, device IMEI number, device MAC address, log records, internet service provider, operating system, and browser used, device type, etc.Audiovisual DataFor example, your profile picture, call center conversation records made through voice calls, and communication history.Legal Action InformationFor example, information in correspondence with authorized individuals, institutions, and organizations, information in lawsuit and execution files, legal information requests, information and documents to be submitted to court or judicial authorities, contracts, records serving as evidence, legal transactions, and compliance information.



  1. How does STRABO collect your personal data, for what purposes, and based on what legal grounds does it process it?



STRABO collects your personal data through the methods outlined below, processes it strictly for the purposes specified below, and based on the legal grounds indicated below:



  • Your identity, contact, and customer transaction information are collected directly from you within the scope of our contractual relationship, either electronically through the mobile application or website, or via email or phone, for the following purposes: establishing or performing the contract, fulfilling STRABO's legal obligations, making personal data publicly available, where processing is necessary for establishing, exercising, or protecting a right, and processing based on legitimate interests legal grounds:

  • Execution of processes related to the establishment and performance of the contract.

  • Execution of membership procedures,

  • Conducting and auditing financial and accounting processes,

  • Conducting and auditing the company's business activities,

  • Confirming the identity of individuals conducting transactions via the website/mobile applications,

  • Conducting activities to increase customer satisfaction and improve the products and services offered by our company,

  • Personalizing the application for the user, providing ease of use, and offering related services,

  • Utilization for company reporting, research, and business development/improvement activities,

  • Measurement of Strabo scores and their publication on the platform, comments, evaluations, likes, and analyses,

  • Creation of investment strategy portfolios and monitoring of other portfolios,

  • Conducting strategic analysis studies,

  • Conducting communication activities,

  • Making necessary arrangements to ensure that the processed data is accurate and up-to-date,

  • Offering products/services that may be of interest to you based on your interests,

  • Contacting regarding the terms, current status, and updates of contracts or policies concluded through our platform, and providing necessary information,

  • Evaluation, resolution, and execution of support services for your requests, issues, complaints, and suggestions regarding our products and services,

  • Providing information about products and services,

  • Execution of information security processes, ensuring information and transaction security, and prevention of malicious use,

  • Ensuring the security of operations related to the platform,

  • Ensuring compliance of activities with regulations,

  • Tracking and conducting legal affairs, responding to information requests from administrative and judicial authorities, compliance with regulations,

  •  Providing information to authorized individuals, public institutions, and organizations.

Your financial information is collected directly from you through electronic means via our mobile application or website for the following purposes: directly related to the establishment or performance of the contract, fulfilling STRABO's legal obligations, making personal data publicly available for certain groups, processing data to establish or protect a right, and processing data based on legitimate interests.:

  • Conducting processes related to the establishment and performance of contracts,

  • Carrying out and auditing financial and accounting processes,

  • Managing and auditing the company's business activities, 

  • Making necessary arrangements to ensure the accuracy and currency of processed data,

  • Conducting activities to increase customer satisfaction and improve the products and services offered by the Company,

  • Personalizing the application for the user, providing ease of use, and delivering related services,

  • Utilization within the scope of company reporting, research, and business development/improvement activities,

  • Measurement of Strabo scores and their publication on the platform, comments, evaluations, likes, and analyses,

  • Creation of investment strategy portfolios and monitoring of other portfolios,

  • Presenting products/services that may be of interest to you based on your preferences,

  • Conducting strategic analysis studies,

  • Conducting support services,

  • Ensuring compliance of activities with the legislation,

  • Tracking and conducting legal affairs, responding to information requests from administrative and judicial authorities, compliance with legislation,

  • Providing information to authorized individuals, public institutions, and organizations,

Your transaction security information is collected directly from you within the scope of our contractual relationship, through mobile applications, cookies, or websites in electronic format automatically for the following purposes: directly related to the establishment or performance of the contract, fulfilling STRABO's legal obligations, making personal data publicly available for certain groups, processing data to establish or protect a right, or fulfilling a legal obligation based on legitimate interests:

  • Conducting processes related to the establishment and performance of the contract,

  • Execution and oversight of the company's business activities,

  • Verification of transactions conducted via the website/mobile applications,

  • Conducting activities aimed at increasing customer satisfaction and improving the products and services offered by the Company,

  • Execution of information security processes, ensuring the security of information and transactions, and prevention of malicious use,

  • Ensuring the security of operations related to the platform,

  • Ensuring that activities are carried out in compliance with the law,

  • Providing information to authorized individuals, institutions, and organizations.

Your legal transaction information is collected directly from you within the scope of our contractual relationship, through mobile applications, internet websites, electronically or automatically, or via email, telephone, or physical means, for the following purposes, and processed based on STRABO's legal obligations, as explicitly prescribed by law, or as necessary for the establishment or protection of a right:

  • Carrying out the processes related to the establishment and performance of the contract.

  • Conducting and monitoring the company's business activities,

  • Evaluation and resolution of your requests, issues, complaints, and suggestions regarding our products and services,

  • Execution of information security processes, ensuring information and transaction security, and prevention of malicious use,

  • Ensuring the security of operations related to the platform,

  • Ensuring that activities are conducted in compliance with the law,

  • Tracking and conducting legal affairs, responding to information requests from administrative and judicial authorities, compliance with regulations,

  • Providing information to authorized individuals, institutions, and organizations.

Audiovisual recording information; collected directly from you within the scope of our contractual relationship, automatically through the mobile application or website in electronic format, or through telephone calls via voice communication with the call center, for the following purposes and processed based on STRABO's legal obligations, necessity to establish or fulfill a contract, legitimate interests, or for the establishment, exercise, or defense of legal claims:

  • The establishment and execution of processes related to the formation and performance of the contract,

  • Creating a membership account and personalizing the user account,

  • Conducting communication activities,

  • Measuring Strabo scores and publishing them on the platform,

  • Creating the investment strategy portfolio and monitoring other portfolios,

  • Conducting activities aimed at increasing your satisfaction,

  • Conducting activities aimed at the development and improvement of the products and services offered by our company,

  • Communicating the terms, current status, updates, and necessary information regarding contracts or policies concluded through our platform, and providing relevant updates,

  • Evaluating and resolving your requests, issues, complaints, and suggestions regarding our products and services, and conducting support services,

  • Ensuring the security of operations related to the platform, including evidence preservation,

  • Ensuring compliance of activities with the legislation,

  • Following up on and carrying out legal matters,

  • Yetkili kişi, kurum ve kuruluşlara bilgi verilmesi,

  • Providing information to authorized individuals, institutions, and organizations.

Your marketing information; within the scope of our contractual relationship, is collected directly from you via electronic means through mobile applications, cookies, and the website for the following purposes, which are directly related to the establishment or performance of the contract, compliance with STRABO's legal obligations, public disclosure of personal data of groups of individuals, necessity of data processing for the establishment or protection of a right, and processing based on legitimate interests legal grounds:

  • To conduct usability and quality analysis for the purpose of improving our services, to enhance our products and services, and to tailor them to the preferences of our customers, we process your product preferences, perform data analytics, and resolve your inquiries and complaints, 

  • Conducting activities aimed at the development and improvement of the products and services offered by our company,

  • Conducting strategic analysis studies,

  • Ensuring that activities are conducted in compliance with the legislation,

  • Tracking and conducting legal affairs, responding to information requests from administrative and judicial authorities, compliance with regulations,

  • Providing information to authorized individuals, public institutions, and organizations.



  1. Does STRABO share your personal data with third parties?



We do not and will not sell your personal data to any third party in any way. We aim to earn and maintain your trust, and we believe it is essential to act in this manner to achieve that goal.


Our company takes care to process personal data in accordance with the principles of "need to know" and "need to use", ensuring necessary data minimization and taking required technical and administrative security measures. Due to the necessity of continuous data flow with various stakeholders for the conduct and supervision of business activities, ensuring business continuity, and operating digital infrastructures, we may need to transfer processed personal data to third parties for specific purposes. Additionally, it is crucial for us to ensure that your personal data is accurate and up-to-date in order to fulfill our contractual and legal obligations properly and completely. To achieve this, we need to collaborate with various business partners and service providers.


Your personal data contained in the table under heading 4;



  • transferred to our business partners for the purposes of conducting service provider operation, managing your requests for assistance and support for your platform processes, conducting activities to increase your experience and satisfaction, conducting activities to develop and improve the products and services offered by our company, providing you with a better platform usage experience, ensuring business continuity, ensuring information security, archiving purposes and for the establishment or performance of the contract and based on legitimate interest legal reasons.


  • transferred to our infrastructure server service provider Amazon Web Services, which is located abroad and whose servers are located in Ireland, where we can ensure the service quality and service continuity we offer to you, and to service providers Twilio, SendGrid for the purpose of sending e-mail or SMS abroad within the scope of our legitimate interest.

  • transferred to our consultant lawyers for the follow-up and execution of legal affairs, responding to information requests from administrative and judicial authorities, compliance with legislation, legal disputes, fulfillment of legal obligations or exercise of rights. 

  • transferred to regulatory and supervisory bodies, judicial and administrative judicial authorities, public institutions and organizations authorized by law upon request, within the scope of fulfilling legal obligations, fulfilling legal obligations or exercising rights, based on information-document request letters.


Your account information, user name, profile photo, name and surname, strategy investment portfolio and performance (amounts are not disclosed to third parties), Strabo score and comments and likes you have made are processed electronically on the Platform in an automated environment and published openly to other users on the Platform for the following purposes: based on legitimate interest; to improve business processes, to carry out customer relationship management processes, to carry out processes for customer satisfaction, to improve user experience, to ensure active and efficient use of the Platform, to offer products/services/ Similar Investments suitable for you, to guide the user correctly, to have information about the product/service, to find your comment more easily, to prevent misrepresentation or possible manipulation, to guide users correctly and to facilitate users to evaluate other user profiles. In this context, if you achieve a ranking in the Strabo Leader Score Table published on the Platform, your username, profile photo, and Strabo score information are included in the table, and this information can be viewed by other users. If you have chosen to keep your account private, the performance of your investment strategy portfolios can only be viewed by those who follow your account. It should be noted that the amounts reported as invested can only be viewed by the relevant user themselves.


In your comments on the content on the Platform, for the purpose of improving business processes, conducting customer relationship management processes, executing processes aimed at customer satisfaction, enhancing user experience, ensuring the active and efficient use of the Platform, offering suitable products/services to you, guiding users correctly, providing information about products/services, and making your comments easier to find, your username, profile photo, and comment details are processed electronically through the Platform in an open manner based on legitimate interests, and are openly visible to Platform users.



  1. STRABO retains your personal data for how long?



We retain information about you only for as long as you continue to be our member. If you decide that you no longer wish to be a member, you can request the deletion of all your information by deleting your account from the Account Settings page.



However, if reasonable necessity arises or if it is necessary to comply with legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Platform terms of use, we may continue to retain necessary information about you even after you have closed your account with us or even if we no longer need this information to provide these services.







The table below lists the retention periods for personal data processed by STRABO:



Identity Information (Name)From the termination of the legal relationship, 10 years.Contact Information (Email Address)From the termination of the legal relationship, 10 years.Legal Transaction InformationFrom the finalization of the judgment, 10 years.Customer Transaction Information (User activities within the application)From the termination of the legal relationship, 10 years.Transaction Security Information2 years Financial Information (Types and amounts of investment assets)From the termination of the legal relationship, 10 years.Visual and Auditory Recording Information (Profile photo)From the termination of the legal relationship, 10 years.Marketing InformationThroughout the legal relationship.



  1. Deletion, destruction, or anonymization of personal data



Even though processed in compliance with the Law on the Protection of Personal Data numbered 6698 and related legislation, personal data is deleted, destroyed, or anonymized by the data controller upon request of the data subject or ex officio when the reasons requiring its processing cease to exist.



Our company has established a Data Retention and Destruction Policy for the storage and deletion of personal data. Storage and destruction processes related to your personal data are carried out within the scope of this policy. Accordingly, if a period is specified for the retention of data in the Law on the Protection of Personal Data or other relevant legislation, the data must be retained for at least this period.



Taking into account possibilities such as a potential delay in receiving a court request or a request from an administrative authority authorized by law, or the occurrence of a dispute in which we may be involved, an additional period of 6 months to 1 year is added to the periods specified in the legislation for the retention of your data. At the end of the specified period, the data is deleted, destroyed, or anonymized.



If there is no specified period for the retention of processed data in the legislation, considering possible disputes in accordance with the nature of our relationship, your data will be deleted, destroyed, or anonymized without the need for any request from you after the expiration of the statute of limitations period from the termination of our legal relationship.


If all the processing conditions of personal data have ceased to exist or if the retention period declared by us or determined within the scope of the legislation has expired, your data will be deleted, destroyed, or anonymized ex officio on the first periodic destruction date or within 6 months at the latest. However, if you request the deletion of your data for a valid reason, your data will be deleted within 30 days to the extent legally possible. If you request the deletion or destruction of your data before the predetermined retention period specified in the legislation, your request cannot be fulfilled.




  1. How is the security of your personal data ensured?



To ensure the security of personal data at STRABO, reasonable measures are taken to prevent unauthorized access risks, accidental data losses, intentional deletion of data, or damage to data.



All necessary technical and physical measures are taken to prevent access to personal data by unauthorized individuals. In this context, the authorization system is designed to ensure that no one has access to more personal data than necessary.



Authorized individuals undergo necessary security and internal control checks. Additionally, these individuals are trained on their duties and responsibilities.



Access logs for personal data are kept to the extent technically feasible, and these logs are regularly reviewed. Immediate investigation and legal proceedings are initiated in case of unauthorized access.



STRABO takes the following security measures to ensure the security of processed data:



  • Penetration tests are conducted periodically in accordance with international and national technical standards regarding data privacy.

  • Your personal data transmitted to STRABO via the website, mobile site, and mobile application is protected using SSL (Secure Sockets Layer) technology.

  • Network security and application security are ensured.

  • Closed system networks are used for personal data transfers over the network.

  • Key management is implemented.

  • Security measures are taken within the scope of information technology system procurement, development, and maintenance.

  • The security of personal data stored in the cloud is ensured.

  • There are disciplinary regulations containing data security provisions for employees.

  • Periodic training and awareness programs on data security are conducted for employees.

  • An authorization matrix has been created for employees.

  • Access logs are kept regularly.

  • Corporate policies have been developed and implemented regarding access, information security, usage, storage, and disposal.

  • Privacy commitments are made.

  • The authorities of employees undergoing job changes or leaving the company are revoked in this field.

  • Current antivirus systems are used.

  • Firewalls are utilized.

  • The signed contracts contain data security provisions.

  • Extra security measures are taken for personally identifiable information transmitted via paper, and the relevant documents are sent in a classified document format.

  • Personal data security policies and procedures have been established.

  • Personal data security issues are reported promptly.

  • Personal data security is monitored.

  • Necessary security measures are taken regarding access to physical environments containing personal data.

  • The security of physical environments containing personal data is ensured against external risks such as fire, flood, etc.

  • The security of environments containing personal data is ensured.

  • Personal data is minimized whenever possible.

  • Personal data is backed up, and the security of backed-up personal data is ensured.

  • Internal periodic and/or random audits are conducted and commissioned.

  • Log records are maintained without user intervention.

  • Current risks and threats have been identified.

  • Protocols and procedures for the security of sensitive personal data have been determined and implemented.

  • If sensitive personal data is to be sent via email, it is always sent encrypted and using a corporate email account or a Registered Electronic Mail (KEP) account.

  • Intrusion detection and prevention systems are utilized.

  • Penetration testing is conducted.

  • Personal data of special nature transferred via portable memory, CD, DVD media is encrypted during transfer.

  • Data processors' compliance with data security measures is periodically audited.

  • Data processors are provided with awareness training on data security.



  1.  What are your legal rights regarding your personal data?


Your legal rights regarding your personal data, as outlined in Article 11 of the Turkish Data Protection Law (KVKK), can be summarized as follows:



  • To learn whether personal data is being processed.

  • To request information regarding whether personal data has been processed. 

  • To learn the purpose of processing personal data and whether they are being used for their intended purpose. 

  • To know the third parties to whom personal data are transferred domestically or abroad.

  • To request the correction of personal data if it is incomplete or incorrectly processed.

  • Requesting the deletion or destruction of personal data within the framework of the conditions envisaged in Article 7 of the KVKK and requesting that the actions taken in accordance with these provisions be notified to third parties to whom the personal data has been transferred.

  • Objecting to a decision that results in a negative outcome for the individual solely based on the analysis of processed data through automated systems.

  • Requesting compensation for damages incurred due to the unlawful processing of personal data.



You can submit your questions and requests regarding your personal data to us using a duly prepared petition in accordance with the conditions specified in the Regulation on Procedures and Principles of Application to the Data Controller or via the "Personal Data Protection Application Form" through the following methods.



Please click the link for the Personal Data Protection Application Form.



The Application MethodAddress for ApplicationWritten Application in PersonESENKENT MAH. ONUR GÜVENER CAD. GARDEN RUSTIC NO: 27/I İÇ KAPI NO: 1 ESENYURT/ İSTANBUL - TÜRKİYEApplication Through a NotaryESENKENT MAH. ONUR GÜVENER CAD. GARDEN RUSTIC NO: 27/I İÇ KAPI NO: 1 ESENYURT/ İSTANBUL - TÜRKİYEApplication Through Previously Reported and Registered Email Address in STRABO System                    info@hence-forth.com



* In the "In-Person Written Application" method, it is mandatory for the relevant individuals to present identity documents (provided that they are devoid of special categories of personal data and unrelated data to the subject of the application!).

** We kindly request that "Personal Data Protection Law Related Person Request" be written on the notification envelope or in the subject line of the email.



As the data subjects, if you submit your requests regarding your rights to STRABO, STRABO will conclude your request free of charge within 30 (thirty) days at the latest. However, if the response to your application requires a cost according to the legislation, STRABO may request a fee according to the tariff determined by the Personal Data Protection Board. In cases where your application is rejected, you find the response insufficient, or if we cannot respond to the application within the specified period; you can file a complaint with the Personal Data Protection Board within 30 (thirty) days from the date you learned of our response, and in any case, within 60 (sixty) days from the application date.



  1. Entry into force and updateability



This Privacy Notice has entered into force on the publication date. The Privacy Notice is updated to comply with changing conditions and legislation. The updated Privacy Notice, in light of current DPA Board decisions and requirements, is monitored by the STRABO Data Protection Committee and published on the Platform.



In the event of significant changes, STRABO will clearly communicate these changes through the Platform, other STRABO services, or other communication channels such as email, allowing you to review the changes before continuing to use STRABO.



  1. Reporting Security Vulnerabilities



As STRABO, we do not accept any risks regarding security. If you notice any technological issue, please inform us. Send an email to info@hence-forth.com with details of the security vulnerability, including how we can reproduce or verify the vulnerability, along with your contact information and name.




You can reach out to STRABO anytime using the contact information provided below:

HF YARATICI PROJE GELİŞTİRME VE DANIŞMANLIK LTD. ŞTİ.

  • ESENKENT MAH. ONUR GÜVENER CAD. GARDEN RUSTIC NO: 27/I İÇ KAPI NO: 1 ESENYURT/ İSTANBUL - TÜRKİYE

  • Telefon: 05304902593

  • E-posta: info@hence-forth.com














APPENDIX -1: DEFINITIONS



Informed Consent Specific, informed, and freely given consent based on being made aware of a particular matter.

AnonymizationAnonymization is the process of altering personal data in a way that it loses its status as personal data and cannot be reversed. For example, using techniques such as masking, aggregation, data distortion, etc., personal data is rendered unable to be associated with an identifiable individual.
Data SubjectThe data subject is the individual whose personal data is being processed. For example, customers and employees.


Personal DataPersonal data refers to any information relating to an identified or identifiable natural person. Therefore, the processing of information related to legal entities is not covered by the Law. For example: name, surname, national identification number, email address, address, date of birth, credit card number, etc.


Special Category of Personal DataRace, ethnic origin, political opinions, philosophical beliefs, religion, sect or other beliefs, appearance, membership of association, foundation or trade union, health, sexual life, criminal conviction and security measures-related data, as well as biometric and genetic data are considered as special categories of personal data.


Processing of Personal DataAny operation performed upon personal data, whether or not by automatic means, such as collection, recording, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

Data ProcessorData processor is the natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller. For example, a technology company that stores customer data on behalf of a company.

Data ControllerThe data controller is the person who determines the purposes and means of processing personal data, and manages the place where the data is systematically stored (data recording system).