GDPR Privacy Notice

This Privacy Notice has been prepared in accordance with Articles 12, 13, and 14 of the European Union General Data Protection Regulation (GDPR). It explains how personal data is collected, processed, and protected for residents of the European Economic Area (EEA).

1. Data Controller

1.1. Data Controller Identity and Contact Details

Data Controller: IFM Teknoloji A.Ş.

Address: Bağlarbaşı Mah. Sakarya Sok. Malte Plaza No: 35/1 Maltepe - İSTANBUL

Email: info@iyifikirmedya.com

Phone: 0216 599 00 39

1.2. Data Protection Officer (DPO)

For questions regarding data protection, you can use the following contact information:

Email: info@iyifikirmedya.com

2. Legal Basis for Processing

We process your personal data under Article 6 of the GDPR based on the following legal bases:

2.1. Performance of Contract (Article 6(1)(b))

The following data is processed to fulfill our contractual obligations:

• Account creation and management
• Service delivery
• Payment processing
• Customer support

2.2. Legal Obligation (Article 6(1)(c))

We may need to process your data to comply with our legal obligations:

• Tax and accounting records
• Responding to legal requests
• Compliance with regulatory requirements

2.3. Legitimate Interest (Article 6(1)(f))

The following processing may be carried out based on our legitimate interests:

• Service security and fraud prevention
• Service improvement and analysis
• Direct marketing (for existing customers)

In all cases, a balance has been struck between your rights and freedoms and our legitimate interests.

2.4. Consent (Article 6(1)(a))

Your explicit consent is obtained for the following processing:

• Sending marketing emails
• Use of non-essential cookies
• Profiling (if applicable)

You can withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

3. Categories of Personal Data Processed

3.1. Identity Information

• First and last name
• Username

3.2. Contact Information

• Email address
• Phone number (optional)
• Address (for billing)

3.3. Account Information

• Encrypted password
• Account status
• Subscription details
• Payment history

3.4. Technical Data

• IP address
• Browser type and version
• Device information
• Operating system
• Timestamps

3.5. Usage Data

• Service usage patterns
• Feature usage
• Session duration
• Page views

4. Purposes of Processing

We process your personal data for the following purposes:

• To provide and manage our services
• To create and manage your account
• To process payments and issue invoices
• To provide customer support
• To send service updates and notifications
• To improve and develop our services
• To ensure security and prevent fraud
• To fulfill legal obligations
• To conduct marketing communications with your consent

5. Recipients of Personal Data

Your personal data may be shared with the following categories of recipients:

5.1. Service Providers

• Cloud infrastructure providers (data storage)
• Payment processors (payment transactions)
• Email service providers (communications)
• Analytics tools (anonymized usage analysis)

5.2. Legal Authorities

Data may be transferred to competent authorities in accordance with legal requirements or court orders.

5.3. Business Partners

Your data may be transferred in the event of a company merger, sale, or asset transfer.

6. International Data Transfers

Your personal data may be transferred to countries outside the European Economic Area (EEA). In such cases, the following safeguards are applied:

6.1. Adequacy Decisions

Transfers to countries determined by the European Commission to have an adequate level of data protection.

6.2. Standard Contractual Clauses

For transfers to countries without an adequacy decision, EU Commission-approved Standard Contractual Clauses (SCCs) are used.

6.3. Other Safeguards

• Binding Corporate Rules (BCRs)
• Approved codes of conduct
• Certification mechanisms

For more information about international transfers, please contact us.

7. Retention Periods

We retain your personal data only for as long as necessary for the purposes for which it was collected:

• Account information: As long as the account is active and 3 years thereafter
• Transaction records: 10 years as required by law
• Marketing data: Until consent is withdrawn
• Log records: Maximum 12 months
• Cookie data: Varies by cookie type (details in Cookie Policy)

At the end of retention periods, data is securely deleted or anonymized.

8. Your Rights Under GDPR

Under GDPR, you have the following rights:

8.1. Right of Access (Article 15)

You can request access to your personal data and obtain a copy.

8.2. Right to Rectification (Article 16)

You can request the correction of inaccurate or incomplete personal data.

8.3. Right to Erasure / Right to be Forgotten (Article 17)

Under certain conditions, you can request the deletion of your personal data.

8.4. Right to Restriction of Processing (Article 18)

In certain circumstances, you can request the restriction of processing of your personal data.

8.5. Right to Data Portability (Article 20)

You have the right to receive your data in a structured, commonly used, and machine-readable format.

8.6. Right to Object (Article 21)

You can object to processing based on legitimate interest or for direct marketing purposes.

8.7. Right to Object to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling.

8.8. Right to Withdraw Consent

For consent-based processing, you can withdraw your consent at any time.

9. Exercising Your Rights

To exercise your rights, you can contact us through the following:

Email: info@iyifikirmedya.com

Address: Bağlarbaşı Mah. Sakarya Sok. Malte Plaza No: 35/1 Maltepe - İSTANBUL

After receiving your request:

• We may need to verify your identity
• We will respond to your request within 1 month at the latest
• For complex requests, the period may be extended by 2 more months
• Exercise of rights is free of charge (except for abuse)

10. Right to Lodge a Complaint

If you have concerns about the processing of your personal data, you have the right to lodge a complaint with the competent supervisory authority.

For a list of supervisory authorities in EU/EEA countries:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

For Germany, the Federal Data Protection Supervisory Authority (BfDI):

https://www.bfdi.bund.de

11. Automated Decision-Making and Profiling

We do not use fully automated decision-making systems that significantly affect you in our services.

Types of automation we use:

• Usage statistics analysis (anonymous)
• Service recommendations (preference-based)
• Security checks (suspicious activity detection)

These automated processes do not produce legal or similarly significant effects.

12. Data Security

Appropriate technical and organizational measures are implemented to protect your personal data against unauthorized access, loss, or misuse:

• Encryption (in transit and at rest)
• Secure server infrastructure
• Access controls and authorization
• Regular security assessments
• Staff training

13. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from individuals under 16.

If you become aware that we have collected a child's personal data, please contact us immediately.

14. Updates to This Notice

We may update this GDPR Privacy Notice from time to time. For significant changes, we will notify you via email or in-service notification.

You can always find the most current version on our website. Check the last update date at the top of the policy.

15. Contact

For privacy-related questions:

IFM Teknoloji A.Ş.

Address: Bağlarbaşı Mah. Sakarya Sok. Malte Plaza No: 35/1 Maltepe - İSTANBUL

Email: info@iyifikirmedya.com

Phone: 0216 599 00 39