MindBehind logo

Privacy Policy

MINDBEHIND
POLICY ON PROCESSING, PROTECTION AND DESTRUCTION OF PERSONAL DATA

1. Objective

The Law no. 6698 on Protection of Personal Data (“KVKK”) entered into force upon publication in the Official Gazette no. 29677 dated 7 April 2016. KVKK has been enacted to specify obligations of the real and legal persons that process the personal data, and to protect fundamental rights and freedoms of the real persons of whom personal data is processed, including right to privacy that is regulated under the Constitution.

Mindbehind Bilgi Teknolojileri A.Ş. (MINDBEHIND) attaches great importance to the privacy and security of the personal data of the customers, potential customers, employees, employee candidates, collaborated organizations and employees thereof, stakeholders, business partners, shareholders, authorized representatives and the third persons.

MINDBEHIND aims to create a data processing, protection and destruction policy in the international standards and to fulfil the requirements duly and with care.  The main purpose of this Policy on Processing, Protection and Destruction of Personal Data (Policy) is to ensure transparency by informing the real persons of whom personal data is processed by MINDBEHIND, in particular the aforementioned persons.

2. Scope

This Procedure has been prepared in accordance with the KVKK  and other legislation and the international standards applicable to the personal/ special categories of personal data for the purpose of carrying out activities related with the collection, storage, data security, transfer, anonymization, destruction and processing of the personal data and special categories of personal data in MINDBEHIND.

3. Definitions and Abbreviations

MİNDBEHİND: Mindbehind Bilgi Teknolojileri Anonim Şirketi,
Explicit Consent: refers to the consent provides solely for the relevant process with clarity without leaving room to any doubt, based on the information provided and free will,  
Anonymization: refers to the processing of personal data in such a way that the data subject can no longer be associated with an identified or identifiable natural person, or its source cannot be ascertained,
KVKK: refers to the Personal Data Protection Law No. 6698
Data Subject (Relevant Person): refers to a real person of whom personal data is processed, for example: customers, suppliers, visitors, employees and employee candidates.  
Personal Data: refers to any information pertaining to a real person who is identified or identifiable.  The reasoning is defined as the identified or identifiable nature of a person and rendering that person identifiable through association of the data available with a real person in any way whatsoever.
Processing of Personal Data: means all kinds of processes performed about personal data obtaining, storing, archiving, recording, modifying, editing, disclosing, transferring, taking over personal data, making them accessible, classifying or preventing the use of personal health data through fully automatic or partially automatic or non-automatic ways provided that they are a part of a data storage system,
Data Processor: means a real or legal person processing personal data based on the authorization given by and in the name of MINDBEHIND,
Personal Data: refers to any information pertaining to a real person who is identified or identifiable.  The reasoning is defined as the identified or identifiable nature of a person, and rendering that person identifiable through association of the data available with a real person in any way whatsoever,

Name, Surname,
T.R. Identification Number,
Passport Number,
Address,
Telephone,
Log-in and Log-out Times,
Domains/ products visited, and activities performed,
Digital data kept in the relevant databases or files in connection with the relevant position,
Documents such as job applications/ curriculum vitae, purchase order records kept by HR/ marketing/ sales departments or other departments for storing the personal information.
Place/ Date of Birth,  
License Plate,
E-Mail Address/ IP Address,  
Fingerprint,
Video and Audio Records,
Any similar data that renders a person identifiable,

Special Categories of Personal Data:  refers to  

Race,
Ethnic origin,
Political view,
Philosophical view,
Religion, sect and other beliefs,
Clothing style,
Association, foundation or union membership
Health,
Sexual preferences,
Criminal conviction/ title data
Data About Security Measures,
Biometric and genetic information


4. Implementation

4.1 Collection of Personal Data
Processed personal data and special categories of personal data may vary based on the type and nature of MINDBEHIND services.   Personal data may be collected through automatic or non-automatic methods, verbally, in writing or electronically by means of Mindbehind services, offices, consultation, internal correspondences, business partners, stakeholders and similar other means.
Personal data will be processed as long as MINDBEHIND services are used, and updates will be made to ensure accuracy and up-to-datedness of the data.  Further, personal data may be collected and processed when the office, business place or internet pages and other social and digital platforms of MINDBEHIND are visited or events, workshops, organizations, trainings, etc. organized by MINDBEHIND are attended.

4.2 Processing of Personal Data
MINDBEHIND may process the personal data in accordance with the conditions of processing described in Article 5 and Article 6 of KVKK for the purpose of determining, implementing commercial and business strategies, implementing human resources processes and for other objectives that may be notified during collection of the personal data.
Purposes of processing include but not limited to:

- Performing corporate activities,
- Ensuring compliance with the legal obligations in accordance with the applicable legal regulations,
- Performing sales, market research and statistical activities,  
- Processing job applications,
- Communicating with the persons that are in business relationship with the Company,
- Submitting legal reports,
- Issuing invoices,
- Establishing communication with all organizations and institutions within MINDBEHIND,
- Establishing the corporate communication,
- Making personal job advertisements and providing information on employment,
- Sending bulletins and making notifications via e-mail.

4.2.1 Processing in compliance with the law and good faith principle
MINDBEHIND processes personal data in compliance with the law and good faith principle in accordance with Article 4 of the KVKK and adopts the principle of "transparency” and makes notifications to data subjects in connection with the use of information thereof.  Transparency and integrity are taken as basis in notifications, clear information is provided about the purpose of processing and using the personal data collected, and the data is processed accordingly.

4.2.2 Ensuring the accuracy, and up-to-datedness of personal data
MINDBEHIND ensures the accuracy and up-to-datedness of the personal data processed.  Therefore, the relevant departments make amendments for keeping the personal data accurate and up to date.  

4.2.3 Processing for definite, explicit and legitimate purposes
MINDBEHIND collects and processes the personal data for legitimate purposes in compliance with the law.  MINDBEHIND processes the personal data in connection with the activities/ processes performed and implemented, to a reasonable extent and as required.

4.2.4 The relevance, limitation and proportionality of the personal data with the purpose of processing
MINDBEHIND refrains from processing the personal data that is not relevant with or required for the purpose of processing. Accordingly, it is essential to minimize the data processing activity.

4.2.5 Storage of the personal data described in the legal regulations for the duration of the legitimate commercial purposes
MINDBEHIND stores the personal data processes for the duration specified in the applicable legislation or as required in connection with the purpose of personal data processing if a duration is not specified in the applicable legislation.  

The personal data may be stored upon expiry of the purpose of processing and the duration specified in the applicable laws until expiry of the general prescription period (ten years) specified in the Code of Obligations provided that fundamental rights and freedoms of the data subjects are not damaged in case the data controller has a legitimate interest to do so.  The personal data shall be deleted, destroyed or anonymized upon expiry of the specified prescription period.

4.2.6 Processing of the special categories of personal data
Special categories of personal data are processed in the presence of explicit consent or when required under the applicable legislation upon taking the administrative and technical measures described in the laws and required by MINDBEHIND.
Special categories of personal data on health may be processed by the persons or authorized organizations and institutions bound with confidentiality obligation without obtaining explicit consent of the relevant person and for the purpose of protecting public health, performance of preventive medicine, medical diagnosis, treatment and maintenance services, and managing health service, and MINDBEND does not process unless the data is related with employees.  The data of employees may be processed by the persons described in the laws.

4.3 Transfer of Personal Data

4.3.1 Transfer of personal data in the country
Personal data may be transferred to the suppliers, service providers of MINDBEHIND or other third persons and/or abroad in accordance with the data processing conditions and objectives described in Article 8 and Article 9 of the KVKK Law upon taking the required security measures, for the purpose of providing services required to outsourcing activities and commercial activities of MINDBEHIND, and to business partners and shareholders of MINDBEHIND, legally authorized organizations and institutions, persons subject to the private law in order to ensure the achievement of the incorporation purposes for the purposes of this Procedure.

4.3.2  Transfer of personal data abroad
MINDBEHIND may transfer personal data to foreign countries that are announced by the KVK Authority as countries with adequate level of protection ("Foreign Country with Adequate Level of Protection") or in the absence of the adequate level of protection, to foreign countries for which the data controllers in Turkey and the relevant foreign country provide written undertaking about the adequate level of protection and the KVK Board gives permission ("Foreign Country with Data Controller Guaranteeing Adequate Level of Protection"). In this regard, MINDBEHIND will act in accordance with the regulations stipulated in Article 9 of the KVK Law.


Measures on transfer of personal data in accordance with the law

4.3.2.1 Technical measures
- Making internal technical organizations for the processing and storage of the personal data in accordance with the legislation,
- Creating the technical infrastructure for ensuring the security of databases where personal data will be stored,
- Monitoring and inspecting the technical infrastructures,
- Upgrading and renewing the technical measures periodically,
- Using protection systems, security wall and similar software or hardware products against risks and installing security systems in parallel with the technological advancements,            
- Employing technical professionals.

4.3.2.2 Administrative measures
- Informing employees and providing them training in connection with the protection and processing of the personal data in accordance with the law,
- Documenting the measures that will be taken in case Employees process the personal data in breach of the law, under the agreements made with employees and/or Company's procedures,
- Inspecting the personal data processing activities of data processors or partners of data processors.

4.4 Storage of Personal Data

4.4.1 Storage of the personal data for the duration specified in the applicable legislation or as required for the purpose of processing

MINDBEHIND stores the personal data for the duration required for the purpose of processing the personal data provided that storage durations specified in the applicable legislation are reserved.

In case the personal data is processed for multiple purposes, MINDBEHIND stores deletes, destroys the personal data or stores the data upon anonymization in case the purpose of data processing is no longer valid or upon request of the Data Subject when there is no impediment under the legislation for the deletion upon request.  
If the purpose of processing personal data has expired and the retention periods determined by the relevant legislation and the company have come to an end; Personal data can only be stored to provide evidence in possible legal disputes or to protect the rights of the person concerned or to establish a defence depending on the personal data. In determining the retention periods, the retention periods are determined based on the examples in the requests made to the company on the same issues before, although the time limits for the said right to be claimed and time limits elapse. In this case, the stored personal data are not accessed for any other purpose, and access to the relevant personal data is provided only when it is required to be used in the relevant legal dispute. Personal data is deleted, destroyed or anonymized after the aforementioned period expires.

4.4.2 Measures taken about the storage of personal data

4.4.2.1 Technical measures

- Creating the technical infrastructure and the relevant inspection mechanisms for the deletion, destruction and anonymization of the personal data,  
- Taking measures for the secure storage of the personal data,
- Employing technical professionals.
- Adopting business continuity and contingency plans against risks and developing systems for implementing them,  
- Establishing security systems in parallel with the technological advancements about the media used to store the personal data.

4.4.2.2 Administrative measures
- Informing the employees and creating awareness on technical and administrative risks about the storage of personal data,  
- Including provisions on taking security measures required from the persons who are transferred personal data for protection and secure storage of the personal data transferred, in the agreements made with the companies to which the personal data is transferred in case third persons are collaborated for the storage of the personal data.

4.5 Security of Personal Data

4.5.1 MINDBEHIND takes the following security measures about the personal data:

- Prevention of the processing in breach of the law,
- Prevention of access in breach of the law,
- Ensuring the storage in accordance with the law,
Administrative and technical measures are taken in parallel with the technological availabilities and implementation costs.

4.5.2 Administrative measures taken to prevent processing of personal data in breach of the law
- Training and informing employees about processing of the personal data in compliance with the law,
- Evaluating activities of MINDBEHIND in detail for each business function, and processing personal data within the scope of commercial activities performed by the relevant functions as a result of the relevant evaluation,
- Include provisions on security measures expected from the data processors in the agreements made with the data processor companies in case third persons are collaborated for the processing of personal data,
- Notifying the KVK Board and conduct inspections specified in the applicable legislation in case the personal data is disclosed in breach of the law, or a data leak occurs,  

4.5.3 Technical measures taken to prevent illegal access to personal data
- Employing technical professionals.
- Upgrading and renewing the technical measures periodically,
- Developing internal authorization procedures for access.
- Developing internal data recording systems and inspecting them periodically,
- Training and informing employees about authorization for access to personal data,
- Establishing security systems in parallel with the technological advancements in order to prevent illegal access to personal data.

4.6 Deletion, Destruction and Anonymization of Personal Data
MINDBEHIND deletes, destroys or anonymizes the personal data at its own discretion or upon request of the data subject in case the reasons requiring the processing are no longer valid even though the processing is performed in accordance with the applicable legislative provisions.

Anonymized personal data may be processed for purposes such as planning and statistics in accordance with article 28 of the KVKK.  These processing activities are excluded from the scope of the KVKK, and explicit consent of the data subject shall not be sought.

4.6.1 Methods of Deleting and Destroying Personal Data
Personal data and special categories of personal data are processed for the duration of processing required in accordance with our company's practices and requirements of the commercial sphere, and for the durations required in practice as evident in legal disputes upon expiry of the aforementioned period.  Upon expiry of the relevant durations, the personal data is deleted, destroyed or anonymized as described in the applicable legislation and internal directives.

4.6.1.1 Physical Destruction
Personal data may be processed with automatic methods provided that they are a part of a data registry system. For the destruction of this type of Personal Data, physical destruction system is implemented in order to prevent subsequent use of Personal Data.

4.6.1.2 Secure Deletion from the Software
Methods for secure deletion software are used in a non-recoverable manner while deleting Personal Data processed using fully or partially automatic methods and stored in digital media.

4.6.1.3 Secure Deletion by an Expert:
MINDBEHIND may contract a specialist for deletion of Personal Data on its own behalf under certain conditions. In this case, Personal Data are deleted securely in a non-recoverable manner by a person who is specialist in this process.

4.6.2 Methods of Anonymizing Personal Data

4.6.2.1 Masking

Data masking is method of anonymization used for Personal Data by removing deterministic Personal Data from the data set.

4.6.2.2 Aggregation
Numerous data are aggregated through data aggregation, and it is made impossible to associate personal data with any person.

4.6.2.3 Derivation
General content is derived using Personal Data by implementing data derivation method and it is made impossible to associate Personal Data with any person.

4.6.2.4 Data Shuffling
Data shuffling method is used to shuffle values in the personal data set and the ties with the individuals are eliminated.

4.7 Rights of Data Subjects
Pursuant to Article 11 of the KVKK, a Data Subject has right to:
- Get information as to whether personal data are processed or not.
- Get information on the extent of processing if data are processes.
- Get information on the purpose of processing personal data and as to whether they were used in accordance with the purpose.
- Get information on local and foreign third parties who were transferred personal data.
- Request correction if personal data were processed inaccurately or incompletely.
- Request correction in case your personal data are processed in an incomplete or inaccurate manner and request notification of such corrections to the third persons who received your personal data.
- Request deletion or destruction of personal data in case reasons requiring processing thereof become invalid following the processing of the data in accordance with KVKK and provisions of other applicable legislation and require notification of the same to the third persons who received your personal data.
- File objection against unfavourable results obtained through analysis using automatic systems only.
- Claim compensation of losses and damages that may arise from illegal processing of personal data.
by submitting an application to the data supervisor.

4.7.1 Exercising rights about personal data
Data Subjects should forward their requests about the aforementioned rights under article 11 of the KVKK, and implementation of the KVKK by sending signed copy of “APPLICATION FORM FOR DATA SUBJECTS TO EXERCISE THEIR RIGHTS UNDER THE KVKK” to the communication address of MINDBEHIND by mail, electronic mail or reply-paid registered mail or through other methods specified by the KVKK Board.

4.7.2 Processing of the application

4.7.2.1 Deadline for responding to the application
Requests regarding the personal data will be met free of charge in the shortest time possible and in any case, latest within 30 (thirty) days depending on the nature of the request.  Additional information and documents may be requested during the application or processing of the application.

4.7.2.2 Right to reject the application
Applications about the personal data are rejected by MINDBEHIND in case:
- Personal data is processed for research, planning and statistics purposes provided that they are anonymized,
- Personal data is processed for artistic, historical, literature or scientific purposes and within the scope of the freedom of speech provided that privacy or personal rights are not violated, or criminal acts are not committed,
- Personal data made public by the Data Subject is processed,
- The application is based on a legitimate reason,
- The application involves an inquiry in breach of the law,
- Application procedure is not complied with,
provided that the reason is also specified.  

4.7.3 Procedure of processing the application
The processing will be initiated only when the signed requests are sent in writing via notary public or via registered electronic mail (KEP) or it is sent with other methods specified by the KVK Board together with the records documenting the applicant's identification.

The relevant request is met if the application is accepted, and notification is served in writing or electronically.  In case the relevant request is denied, data subject is notified in writing or electronically by specifying the reason.

4.7.4 Right to submit a complaint to the Personal Data Protection Board
In case the application is rejected, our response is found insufficient, or a response is not given in timely manner, the data subject has right to submit a complaint to the KVK Board within a period of 30 (thirty) days upon receipt of the response and in any case within 60 (sixty) days following the date of application.

4.8 Responsibility to Implement the Procedure on Collection, Processing, Transfer, Storage, Security and Destruction of Personal Data
This procedure is pursued by all departments in MINDBEHIND and process owners in those departments.  
In case the personal data is processed by any other real or legal person for and on behalf of MINDBEHIND, MINDBEHIND acting as data controller and data processors have joint responsibility.
MINDBEHIND acting in the capacity of data controller, periodically inspects the compliance of data processors with the applicable legislative provisions in order to ensure that the assurance provided to the data subjects is maintained by the business partners, service providers, suppliers and contractors.

4.9 Implementation and Publication of the Procedure
KVK Board that is assigned by the General Manager makes revisions based on the changes and new inquiries received from the departments; submits revisions to the General Manager and revisions are published upon approval.
In case all or some provisions of the procedure are revised, the revisions take effect on the date of publication.  The latest version of the procedure is published internally and website of Mindbehind and presented to the access of the data subjects.

In case of any conflict between the KVKK, other legislative provisions and this Procedure, provisions of the KVKK and other applicable legislation shall supersede.  
This Procedure is reviewed at least on annual basis and revised as and when required.

4.10 Effective Date of the Procedure
The Procedure took effect 15/10/2021 with the approval of the General Manager.  The Procedure is kept in printed form (controlled copy) and electronically.

MİNDBEHİND BİLGİ TEKNOLOJİLERİ A.Ş.
INFORMATION NOTICE ON PROTECTION OF PERSONAL DATA

Mindbehind Bilgi Teknolojileri A.Ş. As (Mindbehind or Company), we are extremely sensitive about and attach importance to protection of your personal data. With this awareness, we process all personal data of any individual associated with Mindbehind in accordance with Personal Data Protection Law (KVKK) and other applicable legislation.

Mindbehind acting in the capacity of “Data Controller” as defined in KVKK, processes your personal data with care for the purposes and using methods specified below, within the limits of the legislation and in accordance with the destruction requirements and durations.

1 Definitions
For the purposes of this Information Notice on Protection of Personal Data:

Personal Data:
refers to any data related with an identified or identifiable real person (name, surname, T.R. identification number, address, telephone, log-in/ log-out times, position, curriculum vitae, place of birth, date of birth, e-mail address, video records and similar other data),  

Special Categories of Personal Data: refers to any data requiring stricter protection than the other personal data as the disclosure thereof may lead to discrimination or aggravation (race, ethnic origin, political view, religious belief, sect, clothing style, union membership, health, biometric data and similar other data),  

Processing of Personal Data: refers to any activity performed on the personal data, including the collection of the personal data with non-automatic methods as a part of automatic or any data registration system, storage, modification of the personal data, disclosure to third persons and transfer abroad,

KVKK: refers to the Personal Data Protection Law No. 6698 that took effect upon promulgation in the Official Gazette of 7 April 2016,  

Communique: Communique No. 30656 on Procedures and Principles Regarding the Performance of the Obligation to Inform that took effect upon promulgation in the Official Gazette of 10 March 2018,

Authority: refers to the Personal Data Protection Authority,  

Data Processor: refers to a real or legal person processing Personal Data based on the authorization given by and in the name of the data controller.

Data Controller: refers to a real or legal person who is responsible to determine the objectives and means of processing personal data, establishes and manages the data storage system.

Data Subject: refers to a real person whose personal data are processed.

Contact Person: refers to the person who maintains communication with the Authority and Data Subjects,  

Mindbehind or Company: Mindbehind Bilgi Teknolojileri A.Ş.

.

2 Data Controller and Contact Person

Data Controller: Mindbehind Bilgi Teknolojileri A.Ş.
Address : Maslak Mahallesi AOS 55. Sokak No:4/569 Sarıyer/İstanbul
Contact Person : Oğuzhan Başeğmez


3 Collection of Personal Data, Method of Collection and Processing
Personal data of our customers, customer's stakeholders, customers’ users,
employees, prospective employees, shareholders, suppliers, business partners, employees of the collaborated companies or business partners, visitors and other 3rd persons that are in our possession may be collected verbally, in writing or electronically via relevant departments, contact forms, telephone calls, electronic applications, software, various contracts, electronic mail, social media and similar other means and processed automatically or non-automatically in accordance with the Constitution of the Republic of Turkey, International Conventions signed by our country and Personal Data Protection Law No. 6698.

Therefore, as Data Controller, we would like to inform you about the Processing of Personal Data in accordance with the KVKK.
 
Pursuant to Article 4 of the KVKK, your personal data will be stored and processed:
i. in compliance with the law and good faith principle,
ii. accurately and in accordance with the current practices,  
iii. for clear, express and legitimate purposes,
iv. in a manner that is related and proportionate with the purpose of processing,
v. for the duration as specified in the applicable legislation or for as long as required for the purposes of processing.


4 Objective of Processing Personal Data
Your personal data collected will be processed for the following purposes in accordance with personal data processing conditions specified in Articles 5 and 6 of KVKK and the Communique:

i. performance of the activities by our business functions in parallel with the purpose of incorporation and our Company's operations,  
ii. maintaining the contact and affairs with the customers, customer's stakeholders, customers’ users, suppliers, business partners, employees of the collaborated companies and business partners and other 3rd persons,
iii. establishing the communication and affairs with employees, prospective employees, shareholders and executives,  
iv. maintaining the collection and procurement activities and accounting/ financial affairs,  
v. ensuring the physical security and audit of the offices and other locations of our Company,  
vi. conducting assessment, complaint management, legal compliance, internal audit, analysis and other processes of our Company,  
vii. allowing our employees to use healthcare services,  
viii. secure performance of the logistics activities,  
ix. performance of the national and international projects and growth efforts in compliance with the law,  
x. due implementation of the financial processes in our Company,  
xi. due implementation of the human resources processes in our Company,
xii. maintaining the operations in the office as required,  
xiii. maintaining the mandatory and voluntary efforts within the scope of the Information Technologies,  


xiv. ensuring the legal and commercial security of our Company and real and legal persons that have a business relationship with our Company,

5 Transfer of Your Personal Data
Your personal data may be transferred to foreign investors, employees thereof, shareholders, executive management, business partners, suppliers, business contacts, employees,  those assisting in the performance for the objectives including but not limited to the foregoing objectives in accordance with the KVKK and other applicable legislation, and to third persons in the country and abroad as specified in the legislation applicable to the regulatory authorities and audit authorities in accordance with the business line and objectives.  

6 Storage and Deletion of Personal Data
Our Company stores personal data processed for the durations specified in the applicable Legislation, or Company policies subject to compliance with the applicable legislation.
In case it is not specified in the applicable legislation,
personal data is stored for the duration of processing required for our Company’s practices and ordinary business practices depending on services provided by our company during processing of the date, and upon expiry of that duration, data is stored solely for the durations that are required to submit evidence in case of legal disputes. Upon expiry of the durations specified above, personal data is deleted, destroyed or anonymized through methods described in the Company's policies.

7 Your Rights as Data Subject
7.1 Pursuant to Article 11 of KVKK, you have right to:

i. Get information as to whether your personal
information is processed or not.
ii. Get information if your personal information is processed.
iii. Get information on the purpose of processing personal data and as to whether they were used in accordance with the purpose.
iv. Get information on local and foreign third parties who were transferred your personal information.
v. Request correction if your personal data were processed inaccurately or incompletely.
vi. Request deletion or destruction of your personal data in accordance with the conditions stipulated in KVKK and other applicable legislation.
vii. Request notification of third persons who are transferred your personal data in case you request correction of incomplete or wrong data and deletion or destruction of your personal data.
viii. File objection against unfavourable results obtained through analysis of personal data using automatic systems only.
ix. Claim compensation of losses and damages you may suffer from due to illegal processing of personal data.

.

For the purpose of exercising the aforementioned rights, as a Data Subject, you may complete the relevant Application Form and deliver it to

“Maslak Mahallesi AOS 55. Sokak No:4/569 Sarıyer/İstanbul”

address upon signing and in person or by mail or via Notary Public together with the information and documents related with the subject of application,  



scan the form and send it to kvkk@mindbehind.com address via electronic mail, using the electronic mail address notified to Mindbehind and recorded by Mindbehind,  

Scan the form and send it to sorun@hs01.kep.tr address using your registered electronic mail address.

For the purpose of exercising your rights as a data subject, the application containing your explanations on the right intended to be exercised should:

i. be clear and comprehensible,  
ii. be relevant to a personal request,
iii. document your special power to do so if you act for and on behalf of others,  
iv. contain your identification and address details,  
v. contain documents substantiating the identity

.

7.2 Your application will be processed free of charge as soon as practicable depending on the type of your request and in any case, within a period of maximum 30 days upon receipt by the Mindbehind. However, fees specified in the tariff set by the Board may be charged in case any cost is incurred during the processing of application.

Your application will be accepted or rejected with reasoning within the aforementioned period of time, and the response will be submitted to you in writing or electronically. If the information and documents you provide are missing or incomprehensible, we will contact you to clarify your application.

7.3 As a Data Subject, you may submit an application to the Board within a period of 30 days upon receipt of the Company’s response and in any case, within a period of 60 days following the date of application in case your application is dismissed, necessary actions are not taken, response is not satisfying, or application is not processed within the specified period of time.

8 Article 5 of the KVKK specifies the "Events of Processing Your Personal Data without Your Explicit Consent” and Article 28 of the KVKK specifies "Exceptions” to implementation of the Law.

9 Data Controller agrees that the applicable legislation shall apply in case of any conflict between the applicable legislation and this Information Notice.  
Effective date shall also be revised, and it shall be announced again in case all or some articles of the Information Notice are revised for the purpose of compliance with the changing conditions and the legislation.


Mindbehind Bilgi Teknolojileri A.Ş.
This Internet Site Cookies Policy and Information Notice has been prepared to inform you, the data subject, in accordance with the Personal Data Protection Law No. 6698 ("Law") and the applicable legislation in connection with your personal data to be automatically processed over the internet site during your visit to the internet site at https://www.mindbehind.com ("internet site") owned by Mindbehind  ("Mindbehind) that acts in the capacity of data controller.  This information notice contains explanations on the use of cookies at our site and information on how to control these cookies.
Your personal data processed by Mindbehind, using cookies on the internet site are processed so you use our internet site in the most efficient way and your user experienced is improved, provided that fundamental rights and freedoms of data subject that are described in Article 5, paragraph 2, sub-paragraph f of the Law are not damaged and in case data processing is compulsory for the legitimate interests of the data controller.  Upon processing, your personal data is disclosed to the service providers of the relevant cookies in a manner limited with the achievement of the aforementioned objectives and in compliance with the applicable legislation, and they may be disclosed to the competent governmental authorities as required under the law.  Detailed information is provided below in connection with the processing and transfer.

What is a Cookie and Why is it Used?

Cookies are small text files stored in your system or network server via browsers during your visit to the internet site.

Which Cookies Are Used?

You may view the cookies used in the internet site from the left tab.

What Are the Purposes of Certain Cookies?

The relevant information is available on the left tab.

How Can I Control the Use of Cookies?

You may personalize your preferences about cookies by changing the settings of your browser.

Google Analytics:
https://tools.google.com/dlpage/gaoptout

Google Chrome:
http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95647

Internet Explorer:
https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Mozilla Firefox:
http://support.mozilla.com/en-US/kb/Cookies

Opera:
http://www.opera.com/browser/tutorials/security/privacy/

Safari:
https://support.apple.com/kb/ph19214?locale=tr_TR



What Are Your Rights as Data Subject (Relevant Person)?

Pursuant to Article 11 of the Law specifying rights of the data subject, the data subjects are entitled to:
Get information as to whether personal data are processed or not;
Get information on the extent of processing if data are processes;
Get information on the purpose of processing personal data and as to whether they were used in accordance with the purpose;
Get information on local and foreign third parties who were transferred personal data;
Request correction in case your personal data are processed in an incomplete or inaccurate manner and request notification of such corrections to the third persons who received your personal data;
Request deletion or destruction of personal data in case reasons requiring processing thereof become invalid following the processing of the data in accordance with the Law and provisions of other applicable legislation, and require notification of the same to the third persons who received your personal data;
File objection against unfavorable results obtained through analysis using automatic systems only.
Claim compensation of losses and damages that may arise from illegal processing of personal data
You may submit all request related with the matters provided in the list to Mindbehind in accordance with the Communique on the Procedures and Principles Regarding the Application to Data Controller.
This information notice has been revised on 05.11.2021 and the effective date shall be revised, and it will be submitted to the access of the data subjects over the internet site in case Mindbehind revises all or a portion of the information notice.

APPLICATION FORM PURSUANT TO ARTICLES 11 AND 13 OF THE PERSONAL DATA PROTECTION LAW NO. 6698

For the processing of your request by Mindbehind Bilgi Teknolojileri A.Ş. (Mindbehind or Company), in accordance with the Personal Data Protection Law No. 6698 (KVKK) and other applicable legislation, you may complete the following information in full and clear format, and send this form to

Maslak Mahallesi AOS 55. Sokak No:4/569 Sarıyer/İstanbul” address in signed form together with the identification documents and the other relevant documents and information, in person or via mail or Notary,  

scan the form and send it to kvkk@mindbehind.com address via electronic mail, using the electronic mail address notified to Mindbehind and recorded by Mindbehind,

scan the form and send it to sorun@hs01.kep.tr address using your registered electronic mail address.

Your application will be processed free of charge as soon as practicable depending on the type of your request and in any case, within a period of maximum 30 days upon receipt by the Mindbehind. However, fees specified in the tariff set by the Board may be charged in case any cost is incurred during the processing of application.

Your application will be accepted or rejected with reasoning within the aforementioned period of time, and the response will be submitted to you in writing or electronically, If the information and documents you provide are missing or incomprehensible, we will contact you to clarify your application.

1 IDENTIFICATION AND CONTACT INFORMATION OF THE DATA SUBJECT
Name - Surname:
T.R. Identification Number:
Telephone Number:
Address:
e-mail:
Relationship with the Company:
(Such as customer, supplier, employee, employee candidate, former employee, third party company's employee and others.)
2 INFORMATION ON SELECTION OF THE RIGHTTO BE EXERCISED BY THE DATA SUBJECT
(Please mark the box/boxes next to thephrase that is consistent with your request)

▢ I would like to know if your Company processes my personal data or not.
▢ If your Company processes my personal data, I request information on the data processing activities.  
▢ If your Company processes my personal data, I would like to know the purpose of processing and whether the data is used in compliance with the purpose of processing or not.  
▢ If my personal data is transferred to the third persons in the country or abroad, I would like to know about these third persons.
▢ I believe my personal data is processed incompletely or inaccurately and I request rectification thereof.  
▢ I would like my personal data to be deleted excluding the data subject to compulsory processing in accordance with the applicable legislation even though my personal data is processed in accordance with the law and other legislative provisions.  
▢ I would you to procure rectification before the third persons that are transferred my personal data which I believe is processed incompletely and inaccurately.  
▢ I would like to procure deletion before the third persons in connection with my personal data subject to the request of deletion.
▢ I believe that your Company analyses my personal data exclusively through automatic systems and these analyses lead to an adverse result for me.  I hereby object to that result.  

3 EXPLANATIONS ABOUT THE REQUEST
(Please provide details on your request and personal data subject to your request in accordance with the Personal Data Protection Law No. 6698)
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

4 ANNEXES
Please specify if there is any document substantiating your application.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

5 PLEASE SELECT A METHOD FOR SENDING OUR RESPONSE REGARDING YOUR APPLICATION “  
▢ Please send to my mailing address. “  
▢ Please send to my e-mail address.  “  
▢ I would like to receive in person.

6 STATEMENTS OF THE APPLICANT
This application form has been prepared to determine your relationship with Mindbehing, if any, specify full set of personal data processed by our Mindbehind and respond your application properly and within the official period of time. Our Company reserves the right to request additional documents and information for identification and authorization in order to eliminate the legal risks that may arise from illegal and/or unfair data disclosure and in particular, to ensure the security of your personal data. Our Company shall not accept any liability in connection with any inaccurate information or unauthorized application in case the information you provide in this form about your requests is not accurate and up to date or an unauthorized application is made.  You shall assume any liability that may arise from any illegal, misleading or inaccurate application.


Data Subject/ Person Applying for and on behalf of Data Subject:
Name- Surname:
Date of Application:

If you are applying for and on behalf of another person, please add the documents showing that you are authorized to submit an application (document showing that you are parent/ legal guardian of the data subject, proxy letter, etc.) The aforementioned documents shall be accepted only when they are issued and approved by the competent authorities.

I hereby declare and undertake that I expressly consent/approve saving, storage, preservation of my personal data (such as name, surname, address, phone number and e-mail address, etc.)  by Mindbehind Bilgi Teknolojileri A.Ş.(MindBehind) in accordance with the Personal Data Protection Law (KVKK) numbered 6698 and other relevant legislations, to be connected, limited and restricted to the purpose of processing, for the purpose of being informed about new products and services and to be contacted for marketing purposes, in order for Mindbehind to gain an opinion on the use of the website as described in the cookie policy, to improve and evaluate the website and Mindbehind services, to comply with laws and regulations, and to register, store, maintain, when necessary, for use within the scope of customer service that Mindbehind provides for its Customers and for transferring of the same to its employees when needed as required by their processes and/or sharing of the same with the business partners within the scope of research and procurement activity and for processing of those personal data which I share with MindBehind and/or received by MindBehind as explained above and that I read and understood MindBehind Information Notice Text.

Introduction
This Privacy Policy describes how MindBehind collects, uses, shares, and otherwise processes Your information when You use the Service and tell You about Your privacy rights and how the law protects You.MindBehind Privacy Policy contains information about collecting Customers, Visitors, and other data subjects (like Agents or End-users) Personal Data and other information, products and services offered or performed by MindBehind and the manner of its processing. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in the plural.For the purposes of this Privacy Policy:
  1. You
  2. Company
  3. Account
  4. Website
  5. Service
  6. Country
  7. Service Provider
  8. Third-Party Social Media Service
  9. Personal Data
  10. Cookies
  11. Usage Data
  1. Means the individual accessing or using the Service, or the Company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
  2. (Referred to as either “MindBehind”, "the Company", "We", "Us" or "Our" in this Agreement) Refers to SORUN Bilgi Teknolojileri AS, Istanbul, Turkey.
  3. Means a unique account created for You to access our Service or parts of our Service
  4. Refers to MindBehind, accessible from www.mindbehind.com
  5. Refers to the Website.
  6. Refers to: Turkey
  7. Means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.

  8. Refers to any website or any social network website through which a user can log in or create an account to use the Service.
  9. Personal Data is any information that relates to an identified or identifiable individual.
  10. Cookies are small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website among its many uses.

  11. Refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Collecting and Using Your Personal Data
We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. If user visit Minbehind.com or create an account on MindBehind to build a chatbot, through the registration process and/or through account settings, We may collect the following information, but is not limited toRegistration and Contact InformationFirst name, last name, email address, telephone numbers, company business name, employment details company size, company sector.
Payment Information. Financial information (credit card details, account details, payment information).
Technical, Usage and Location Information. IP address, date and time, information about the browser, operating system, and computer or device, pages viewed and items clicked, location information, including location information automatically provided by Your computer or device.
Third-Party Platform InformationMessaging platforms, social media platforms, conversation management platforms, chatbot analytics platforms and conversational AI platforms.

Tracking Technologies and Cookies
MindBehind uses cookies and other tracking technologies to ensure everyone who uses the Service has the best possible experience. We may use web beacons, tags, and scripts on our Websites or in email or other electronic communications We send to You.You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close your web browser.

Use of Your Personal Data
The Company may use Personal Data for the following purposes:To provide and maintain our Service, including to monitor the usage of our Service.To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.To provide You with newsletter, promotions, special offers and general information about other goods, services and events which we offer that are similar to those that You have already purchased or enquired about unless You have opted not to receive such information.To manage Your requests: To attend and manage Your requests to Us.To process paymentsWe may share Your personal information in the following situations:With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to show advertisements to You to help support and maintain Our Service, to contact You, to advertise on third party websites to You after You visited our Service or for payment processing.For Business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of our business to another company.With Affiliates: We may share Your information with Our affiliates, in which case We will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.With Business Partners: We may share Your information with Our business partners to offer You certain products, services or promotions.With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If You interact with other users or register through a Third-Party Social Media Service, Your contacts on the Third-Party Social Media Service may see Your name, profile, pictures and description of Your activity. Similarly, other users will be able to view descriptions of Your activity, communicate with you and view your profile.

Retention of Your Personal Data
The Company will retain Your Personal Data only for 9 months, for sales and marketing leads MindBehind will store this data until the individual opts out or where they have not engaged with MindBehind in 24 months. We will retain and use Your Personal Data to the extent necessary to comply with Our legal obligations (for example, if We are required to retain Your data to comply with applicable laws), resolve disputes, and enforce Our legal agreements and policies.The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those from Your jurisdiction.Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your personal data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Disclosure of Your Personal Data
Business TransactionsIf the Company is involved in a merger, acquisition or asset sale, your personal data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy. Law enforcementUnder certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).Other legal requirementsThe Company may disclose Your Personal Data in the good faith belief that such action is necessary to comply with a legal obligation;  protect and defend the rights or property of the Company; prevent or investigate possible wrongdoing in connection with the Service.

Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.Having said that MindBehind host's data in Microsoft Azure data centers that have been certified as ISO 27001, ISO 27018 and/or SOC 2 compliance.  All communications with MindBehind servers are encrypted using industry-standard HTTPS over public networks. Access to customer data is limited to and controlled by a user and role-based keys.

Children's Privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.We also may limit how We collect, use, and store some of the information of Users between 13 and 18 years old. In some cases, this means We will be unable to provide certain functionality of the Service to these users.If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Changes to this Privacy Policy
We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last Updated" date at the top of this Privacy Policy.You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us
If You have any questions about this Privacy Policy,
You can contact Us: By email: support@mindbehind.com