CRM SERVICE AGREEMENT WITHIN THE SCOPE OF LAW NO. 6698 ON THE PROTECTION OF PERSONAL DATA
As BNN YAZILIM DANIŞMANLIK DIŞ TİCARET LİMİTED ŞİRKETİ (hereinafter referred to as the “Company”), we respect and value the privacy of personal life. Therefore, we would like to inform you about the use and protection of your personal data and your rights within the scope of Law No. 6698 on the Protection of Personal Data (hereinafter referred to as “KVKK”).
1) Identity of the Data Controller
As BNN YAZILIM DANIŞMANLIK DIŞ TİCARET LİMİTED ŞİRKETİ (hereinafter referred to as the “Company”), we hereby inform you that we process your personal data as a data controller within the scope of Law No. 6698 on the Protection of Personal Data (hereinafter referred to as “KVKK”) and the relevant legislation.
2) Categories of Processed Personal Data
In accordance with KVKK and relevant legislation, your personal data within the categories specified below will be processed for the purposes and legal reasons stated in this 6698 Law on the Protection of Personal Data and this Information Text.
| Data Category | Processed Data |
|---|---|
| Identity | Name-Surname, TR ID Number, Customer ID. |
| Contact | Email Address, Phone Number, Workplace Address, Social Media Accounts. |
| Customer Transaction | Call Center Records, Order Information, Message Records. |
| Marketing | Website Usage Information (Cookies), Surveys, Forms, Commercial Communications. |
| Transaction Security | Device Operating System and Version, Device Type, Device ID, Hardware Model, IP Address, User Transaction Records, Password Information. |
| Finance | Payment Records and Card Information Depending on Payment Methods, IBAN Information, Tax Certificate, Tax Number, Signature Circular. |
| Legal Transaction | In Case of Dispute, Information in the Case File, Notices, Information in Correspondence with Judicial and Administrative Authorities, Contracts. |
| Professional Experience | Occupation Information, Work History, Professional Experience Information. |
| Visual Records | Profile Photo. |
3) Legal Grounds and Purposes for Processing Your Personal Data
Your personal data will be processed by us without your explicit consent pursuant to items (a), (b), and (c). However, personal data specified in item (d) will only be processed with your free will and explicit consent.
a) Your data under Identity, Contact, Transaction Security, Finance, Legal Transaction, and Professional Experience categories will be processed based on the legal grounds of “Being Mandated by Laws” and “Being Necessary for the Data Controller to Fulfill Its Legal Obligations” under KVKK Article 5/2(a) and 5/2(ç) for the following purposes:
- Conducting storage and archiving activities as required by relevant legislation.
- Conducting finance and accounting processes.
- Ensuring that activities comply with legal regulations.
- Providing information to public institutions and organizations.
- Managing information security processes.
- Following and conducting legal affairs.
b) Your data under Identity, Contact, Finance, Professional Experience, and Legal Transaction categories will be processed based on the legal ground of “Being Necessary for the Establishment and Execution of a Contract Between You and Us” under KVKK Article 5/2(c) for the following purposes:
- Managing service sales processes as BNN YAZILIM DANIŞMANLIK DIŞ TİCARET LİMİTED ŞİRKETİ.
- Conducting after-sales support services.
- Carrying out service operation processes.
- Managing communication activities.
- Conducting storage and archiving activities.
c) Your data under Identity, Contact, Transaction Security, Customer Transaction, Visual Records, and Professional Experience categories will be processed based on the legal ground of “Being Necessary for the Legitimate Interests of the Data Controller, Provided That It Does Not Harm the Fundamental Rights and Freedoms of the Data Subject” under KVKK Article 5/2(f) for the following purposes:
- Ensuring the security of data controller operations.
- Conducting identity verification processes.
- Managing audit activities.
- Making the website functional.
- Verifying professional competence.
- Ensuring the legal, technical, and commercial security of relevant persons in a business relationship.
d) Based on the legal ground of “Your Explicit Consent” under KVKK Article 5/2(a), your marketing data will be processed only with your explicit consent provided through the “Explicit Consent Text” presented separately for the following purposes:
| Data Category | Purpose of Processing |
|---|---|
| Marketing | If you give your free consent, your personal data may be processed for marketing activities related to our products and services, contacting you, sending commercial electronic messages, conducting surveys and satisfaction studies, and collecting advertising cookies through the website. |
4) To Whom and for What Purpose Your Processed Personal Data May Be Transferred
As the data controller, we transfer the processed data only within Turkey for the following purposes and to the specified groups.
| Recipient Group | Purpose of Transfer | Transferred Data Group |
|---|---|---|
| Accountants | Managing finance and accounting processes. | Identity Data, Finance Data, Customer Transaction, Contact Data. |
| Lawyers | Conducting and following legal affairs and transactions. | Identity Data, Legal Transaction Data, Customer Transaction Data, Contact Data. |
| Authorized Institutions and Organizations | Ensuring compliance with regulations, providing information to authorized persons, institutions, and organizations. | Identity Data, Finance Data, Contact Data, Professional Experience Data, Transaction Security Data. |
| Suppliers/Business Partners | Planning organizational processes, managing service sales processes, conducting after-sales support services, carrying out service operations, managing additional service sales processes, executing advertising/campaign processes, conducting marketing activities. | Identity Data, Finance Data, Contact Data, Customer Transaction Data, Marketing Data. |
5) Methods of Collecting Your Personal Data
Your personal data is obtained through automated and, in some cases, non-automated methods, orally, in writing, or electronically, based on the legal grounds specified in paragraph (3) of this document and for the purposes stated therein. These methods include:
- Filling out a form by the data subject, sending an email, or contacting via phone.
- Visiting the website (collecting cookies).
- Registering on the website.
- Communicating via messages or social media platforms.
- Publicly disclosing your data on other platforms.
- Taking manual notes during meetings.
6) Your Rights Under KVKK Article 11
Under KVKK Article 11 and relevant regulations, regarding your personal data, you have the right to:
(a) Learn whether personal data is being processed,
(b) Request information if personal data has been processed,
(c) Learn the purpose of processing and whether they are used in accordance with the purpose,
(d) Know the third parties to whom personal data is transferred domestically,
(e) Request correction of personal data if it is incomplete or incorrectly processed,
(f) Request deletion or destruction of personal data within the framework of legal conditions,
(g) Request notification of the operations carried out under items (e) and (f) to third parties to whom personal data has been transferred,
(h) Object to the occurrence of a result against yourself due to automated processing,
(i) Demand compensation for damages in case of unlawful processing of personal data.
You can exercise these rights by applying to our company following the procedures specified in the Communiqué on the Procedures and Principles of Application to the Data Controller.
7) Exercise of Legal Rights Regarding Personal Data
| Application Method | Application Address | Application Information |
|---|---|---|
| 1 | In person with a valid ID and a handwritten signed document or via notary | Altunizade Kısıklı Cad. Tekin Ak İş Merkezi, No:3 Daire:9, 34662 Üsküdar/Istanbul |
| 2 | Via your Registered Electronic Mail (KEP) address | [email protected] |
| 3 | Via email with a secure electronic signature or mobile signature | [email protected] |
| 4 | Via an email address registered in our system | [email protected] |
To exercise your rights regarding personal data, you may submit your requests through the channels listed below or other methods that may be determined by the Board in the future, in accordance with the “Communiqué on the Procedures and Principles of Application to the Data Controller.”
If you are applying on behalf of another person, you must include your identity information along with:
(a) A population registry record or relevant document proving your relationship and authority if you are the parent or guardian of the individual,
(b) A copy of a notarized power of attorney in cases where you have been specially authorized.
According to the “Communiqué on the Procedures and Principles of Application to the Data Controller,” applications must contain the following information:
(a) Name, surname, and signature (if the application is in writing),
(b) Turkish ID number for Turkish citizens, or nationality, passport number, or ID number for foreigners (if applicable),
(c) Residential or workplace address for notification purposes,
(d) Email address, telephone number, and fax number (if applicable),
(e) The subject of the request.
8) Changes and Updates
This disclosure text has been prepared in accordance with the Personal Data Protection Law No. 6698 and relevant legislation. Necessary changes may be made to this disclosure text in accordance with amendments to the relevant legal regulations and/or the Company’s personal data processing purposes and policies. In case of changes, new versions of the disclosure text will be provided to you through appropriate channels.
You can access the most up-to-date version of the disclosure text at https://docvivo.com.
Data Security
SSL
The SSL used on Docvivo servers ensures that data transferred between our users and the system is encrypted and secure. The encryption used complies with the same standards applied in banks.
User Access
Unless invited by you, no one can access your company account. Only in the event of a technical or system failure, and with your permission, authorized Docvivo personnel may access your data for support purposes.
User Passwords
Users are expected to create strong passwords and are responsible for maintaining their confidentiality. If multiple incorrect login attempts are made, the user account will be blocked. Sessions that remain open for an extended period are automatically closed.
Physical Security, Network Security, and Firewall
The technological infrastructure of the application and the data center where we store user data are hosted by government-approved data centers located both domestically and internationally.
Data Sharing
Data transfers are not shared with business partners without your consent and without adequate security measures in place.
Data Backup
Your data is backed up daily to prevent potential technical issues.
Your Data is Safer with Docvivo
With Docvivo, your data is not stored on your computer. This ensures that your data remains completely secure even if your computer is damaged, stolen, or lost.
When you need to share your data with individuals inside or outside your company, instead of sending it via email or on a CD, you can assign the people you want to share with as users, allowing them to access your data much more securely.
