Carbon Footprint and Sustainability Webinar

As a company, we would like to inform and enlighten you regarding our personal data processing activities in accordance with Article 10 of Law No. 6698 on the Protection of Personal Data.

1. Identity of the Data Controller

Pursuant to Law No. 6698 on the Protection of Personal Data, your personal data may be processed, recorded, stored, classified, updated, and disclosed/transferred to third parties where permitted by legislation and/or within the limits of the purposes for which they are processed, in accordance with the law and the principles of honesty, by Fineo Digital Transformation Inc., located at Yenişehir Mah., Kardeşler Cad. No:7/2/124, Merkez/Sivas, as the data controller.

2. Purpose of Processing Personal Data

Our company processes personal data within the scope of the personal data processing conditions and purposes specified in Article 5, Paragraph 2, and Article 6, Paragraph 3 of Law No. 6698. These purposes and conditions include:

The explicit stipulation of personal data processing activities in the applicable laws;

The necessity of processing your personal data for the establishment or execution of a contract to which you are a party;

The necessity of processing your personal data for our company to fulfill its legal obligations;

The condition that your personal data has been made public by you, allowing our company to process them within the scope of your intended disclosure;

The necessity of processing your personal data for the establishment, exercise, or protection of the rights of our company, you, or third parties;

The necessity of processing your personal data for the legitimate interests of our company, provided that it does not infringe on your fundamental rights and freedoms;

The necessity of processing personal data to protect the life or physical integrity of another person when the data subject is unable to express consent due to actual impossibility or legal invalidity.

In cases where these conditions are not met, our company will seek the explicit consent of personal data subjects before processing their personal data.

Within the framework of the conditions mentioned above, our company may process personal data for, but not limited to, the following purposes:

For the execution of commercial activities carried out by our company and the necessary work conducted by our business units, including:

Planning and execution of business activities and business continuity efforts;

Monitoring of finance and/or accounting processes;

Providing necessary information to authorized institutions as required by legislation;

Planning corporate communication and activities;

Planning and execution of production and/or operational processes;

Planning and execution of access authorizations for business partners and/or suppliers.

For enabling individuals to benefit from the products and services provided by our company, including:

Planning and execution of customer relationship management processes;

Tracking customer requests and/or complaints;

Planning and execution of marketing processes for products and/or services;

Planning and execution of after-sales support services;

Conducting necessary studies to customize and recommend products and services according to the preferences, usage habits, and needs of personal data subjects.

For determining and implementing the commercial and business strategies of our company in accordance with the personal data processing conditions and purposes specified in Articles 5 and 6 of Law No. 6698.

To prevent unlawful processing and unauthorized access to personal data and to ensure their secure storage, all necessary technical and administrative measures are taken.

3. To Whom and for What Purpose Personal Data May Be Transferred

Within the scope of the purposes explained above, your processed personal data may be transferred, in compliance with the fundamental principles stipulated by the Personal Data Protection Law (KVKK) and within the conditions specified in Articles 8 and 9, to:

Public legal entities and authorities authorized to receive personal data,

Our subsidiaries,

Companies operating as intermediaries/agents,

Third parties providing services for our core business activities such as information systems and software services,

Domestic institutions and organizations with which we cooperate,

Our business partners,

Independent audit firms.

4. Method and Legal Basis for Collecting Personal Data

Your personal data is collected by our company through various channels such as customer representatives, relevant websites, electronic platforms, and/or call centers. Your data is processed and transferred under the scope of the Tax Procedure Law General Communiqué No. 397, the Electronic Ledger General Communiqué (No. 1 and No. 2), and the Registered Electronic Mail (KEP), E-Invoice, and E-Ledger regulations, as well as within the conditions and purposes specified in Articles 5 and 6 of Law No. 6698.

5.⁠ ⁠Rights of Data Subjects

As personal data subjects, if you submit your requests regarding your rights to our company using the methods specified below, our company will conclude the request free of charge within a maximum of 30 (thirty) days, depending on the nature of the request. However, if the process incurs an additional cost, a fee may be charged according to the tariff determined by the Personal Data Protection Board.

Within this scope, personal data subjects have the right to:

Learn whether their personal data is being processed,

Request information if their personal data has been processed,

Learn the purpose of processing personal data and whether they are used in line with this purpose,

Know the third parties to whom their personal data has been transferred domestically or abroad,

Request correction of personal data if it is incomplete or incorrect, and request that the correction be notified to third parties to whom the data has been transferred,

Request the deletion or destruction of personal data if the reasons for processing no longer exist, even if the data was processed in compliance with the law, and request that third parties to whom the data has been transferred be informed of this,

Object to any outcome that is against the data subject resulting from the analysis of processed data solely through automated systems,

Demand compensation if they suffer damage due to the unlawful processing of personal data.

6.⁠ ⁠Application Methods

You may submit your request in writing to the address below with identity verification documents:

Fineo Digital Transformation Inc. Yenişehir Mah., Kardeşler Cad. No:7/2/124, Merkez/Sivas

Alternatively, you can send your request via notary or by filling out the Data Subject Information Request Form and sending it to us via email at fineo@fineo.com.tr.

As Fineo Digital Transformation Inc., it is of great importance to ensure compliance with legal requirements, to provide services that meet the needs and expectations of our customers, suppliers, and third-party stakeholders, and to ensure access to quality, fast, and secure services. It is also critical that our employees access information assets in a timely, accurate, complete, and uninterrupted manner. Our company has decided to establish an Information Security Management System (ISMS) in accordance with the ISO/IEC 27001:2022 standard to protect the information belonging to itself, its customers, and third-party stakeholders.

The purpose of establishing the ISMS is to evaluate information in terms of confidentiality, integrity, and availability, and to protect it from any internal or external threats, whether intentional or accidental. It also ensures that the activities are carried out effectively, accurately, swiftly, and securely. Information security is a corporate responsibility and aligns with our corporate objectives. Roles and responsibilities for ensuring the proper operation of information security processes have been defined and assigned. These responsibilities cover all units using IT infrastructure, third-party users accessing information systems, and suppliers providing technical support. Through the establishment of ISMS, potential risks in all relevant areas are identified, evaluated, and brought to an acceptable level with appropriate controls, and the risk assessment procedure is implemented to keep the ISMS active within the organization.

Quality Policy

In our field of activity, our company is committed to complying with legal requirements and providing services that meet the needs and expectations of customers, suppliers, and third-party stakeholders with quality, speed, and security. Customer satisfaction is of utmost importance. The Quality Management System is a corporate responsibility and aligns with our organizational goals. Our primary objectives are to maximize customer satisfaction, enhance efficiency and effectiveness, manage resources effectively, manage customer feedback efficiently, and ensure continuous improvement. The necessary roles have been defined, responsibilities have been determined, and responsible parties have been assigned for the proper operation of quality management system processes.

Information Technology Service Management Policy

Our company is committed to ensuring that services provided in our field of activity are carried out in compliance with the ISO 20000-1 Information Technology Service Management standard. We aim to continuously improve the effectiveness of the Service Management System and services, ensure the continuity of the IT service infrastructure related to all transactions carried out through our electronic applications, ensure the satisfaction of users and stakeholders receiving IT services, prioritize and meet customer needs correctly, ensure harmony among service-providing departments, and establish a structure in line with IT service management requirements. We also commit to implementing necessary measures, fulfilling legal requirements, effectively managing risks and opportunities, and continuously improving all IT processes in line with ISO 20000.

Business Continuity Management Policy

Our company aims to ensure that all services are carried out in accordance with the ISO 22301 Business Continuity Management System standard. In the event of disasters or emergencies beyond our control, we prioritize safety of life and aim to minimize the impact on our services and activities by keeping our business continuity plans ready and continuously improving them. We conduct drills to ensure our plans work during emergencies, in consideration of legal obligations, our policies, and customer expectations. We identify and analyze possible risks that may cause service interruptions and take precautions accordingly. We manage internal and external communication regarding business continuity and meet the requirements of suppliers, customers, shareholders, employees, and legal authorities. We prepare our business continuity plans by taking into account our customers’ expectations, corporate policies, and legal obligations.

Personal Data Protection Policy

The main purpose of this policy is to provide transparency by explaining the systems adopted by the company in processing and protecting personal data in compliance with the law. This includes informing our customers, potential customers, employees, candidates, company representatives, visitors, employees and representatives of partner institutions, and other third parties whose data is processed by our company. We commit to processing personal data in compliance with the ISO 27701 Privacy Information Management System standard, fulfilling legal requirements, managing relevant risks, and ensuring continuous improvement.

Customer Satisfaction Policy

Our company adopts a customer-centric approach that prioritizes transparency in customer relations. We provide a platform where customers can easily submit their requests and complaints, which are handled objectively, fairly, attentively, and confidentially, in compliance with legal requirements and our company policy. We consider resolving every customer complaint a fundamental principle and continuously implement improvements and controls to prevent recurrence. Our customer satisfaction principles are:

We start by considering the customer to be "right" and examine the complaint from that perspective.

Every issue brought to our attention is an opportunity to improve ourselves.

We foster an understanding that aligns with our customers’ expectations for quality service.

We aim to build strong, accurate, clear, and continuous customer relationships following the provision of our products and services.

Complaint Policy

No fee is charged to customers for the evaluation of complaints, and no profit is gained from the complaint process. Company employees adhere to the principle of objectivity throughout the resolution process. The complaint procedure is open and accessible to customers. Complaints are handled impartially and fairly. Integrity is ensured in uncovering the facts related to the complaint, and all parties involved are considered. The information of the customer submitting the complaint is kept confidential and not shared with third-party institutions or individuals unless necessary for resolving the complaint.

Integrated Management System Commitment

In this context, our company commits to fulfilling the requirements of Integrated Management System standards, complying with legal obligations, enabling the implementation of all applicable controls, and ensuring the continuous improvement of the Integrated Management System with new application areas and advancing technology through regular reviews each year.