Privacy Policy
The protection of personal data is an important matter for Fikir Yazılım Teknoloji Anonim Şirketi. As a data controller, Fikir Yazılım adopts the principles set forth by the Personal Data Protection Law No. 6698 (“KVK Law”) to ensure compliance. This includes processing, deleting, destroying, anonymizing, transferring personal data, informing the relevant person, and fulfilling obligations related to data security. The Privacy and Protection of Personal Data Policy organized within this scope is made accessible to individuals whose personal data is processed ("Relevant Person").
1. Scope and Purpose of the Privacy and Protection of Personal Data Policy
This Privacy and Protection of Personal Data Policy:
- Methods and legal reasons for collecting personal data,
- Categories of individuals whose personal data is processed (Data Subject Group Categorization),
- Categories of personal data processed concerning these individual groups and examples of data types,
- Which business processes and for what purposes this personal data is used,
- Technical and administrative measures taken to ensure the security of personal data,
- To whom and for what purposes personal data can be transferred,
- Retention periods of personal data,
- Profiling and segmentation,
- Rights of the Relevant Persons regarding their personal data and how they can exercise these rights,
- How Relevant Persons can change their preferences for receiving electronic commercial communications,
- Sharing of personal data with official authorities,
- Use and management of cookies.
a. Methods and Legal Reasons for Collecting Personal Data
Fikir Yazılım collects personal data based on the legal reasons stated in Article 5 of the Personal Data Protection Law No. 6698:
- Explicitly stipulated in the laws,
- Necessary for the performance of a contract to which the data subject is a party,
- The relevant person has made it public themselves,
- Processing is necessary for the establishment, exercise, or protection of a right,
- Processing is necessary for the legitimate interests of the data controller, provided that the fundamental rights and freedoms of the relevant person are not harmed,
- Processing is necessary for the establishment, exercise, or protection of a right.
These legal reasons allow the collection of personal data through websites, mobile applications of websites, social media accounts, cookies, call centers, administrative and judicial authorities’ notifications, and other communication channels, either verbally, in writing, or electronically.
b. Data Subject Group Categorization
In personal data processing processes and related activities, Fikir Yazılım categorizes the groups of individuals whose personal data is processed as follows. Additionally, personal data of other groups (consultants, trainers, bloggers) can also be processed in compliance with the personal data processing conditions specified in Articles 5 and 6 of the KVK Law and based on the legal reasons specified in this Privacy/Personal Data Protection Policy.
c. Data Categories and Sample Data Types
1. Member Customer
- **Contact Information**: mobile phone, email address, address, postal code, landline phone
- **Financial Information**: tax office, billing information
- **Customer/Member Information**: membership information, membership ID number
- **Customer/Member Transaction Information**: purchased products, shopping amount, shopping date, call center records, commercial communication permission, utilized campaigns/competitions, used coupons, order information
- **Risk Management Information**: IP address
- **Transaction Security Information**: password, passcode information
- **Marketing Information**: cookie records, targeting information, assessments showing habits and preferences
- **Audio Data**: call center records
- **Legal Process and Compliance Information**: start and end time of the provided service, type of utilized service, amount of transferred data, commercial electronic communication permission given by the Relevant Person in electronic environment, approved membership agreement, corporate membership agreement, other legal documents and agreements ensuring the benefit from services provided by Fikir Yazılım
- **Direct Marketing Information**: marketing SMS, email messages, or calls made by the call center based on the commercial electronic communication permission given by the relevant person
- **Request/Complaint Management/Reputation Management Information**: complaints and/or requests conveyed by the relevant person regarding the purchased product or service via website, mobile application, social media accounts, or call center and records of actions taken during the evaluation or management process of these requests
2. Guest Customer (non-member users)
- **Contact Information**: mobile phone, email address, address, postal code, landline phone
- **Financial Information**: tax office, billing information
- **Guest Customer Transaction Information**: purchased products, shopping amount, shopping date, call center records, commercial communication permission, utilized campaigns, order information
- **Risk Management Information**: IP address
- **Transaction Security Information**: password, passcode information
- **Marketing Information**: cookie records, targeting information, assessments showing habits and preferences
- **Audio Data**: call center records
- **Legal Process and Compliance Information**: start and end time of the provided service, type of utilized service, amount of transferred data, commercial electronic communication permission given by the Relevant Person in electronic environment, legal documents and agreements ensuring the benefit from services provided by Fikir Yazılım
- **Direct Marketing Information**: marketing SMS, email messages, or calls made by the call center based on the commercial electronic communication permission given by the relevant person
- **Request/Complaint Management/Reputation Management Information**: complaints and/or requests conveyed by the relevant person regarding the purchased product or service via website, mobile application, social media accounts, or call center and records of actions taken during the evaluation or management process of these requests
d. Business Processes and Purposes for Which Personal Data is Used
1. Member Customer Personal Data
- Performing membership transactions,
- Fulfilling the Membership Agreement established with the Member Customer, and for Member Customers with commercial electronic communication permission, analyzing their preferences, likes, and needs to provide personalized promotions, opportunities, and benefits,
- Conducting marketing, targeting, profiling, and analysis with the explicit consent of the Member Customer for promoting and marketing applications, goods/products, and services according to their preferences and likes,
- Resolving Member Customer problems and complaints,
- Improving the Member Customer experience on the platform and mobile application,
- Tracking accounting and purchasing transactions,
- Legal processes and compliance with legislation,
- Responding to information requests from administrative and judicial authorities,
- Ensuring information and transaction security and preventing malicious use,
- Making necessary arrangements to ensure that the processed data is accurate and up-to-date.
2. Guest Customer (users shopping without membership) Personal Data
- Allowing shopping on platforms as a “guest”,
- Improving services offered through platforms, developing new services, and providing related information,
- Analyzing preferences, likes, and needs of Guest Customers with commercial electronic communication permission and providing personalized promotions, opportunities, and benefits,
- Conducting marketing, targeting, profiling, and analysis with the explicit consent of the Guest Customer for promoting and marketing applications, goods/products, and services according to their preferences and likes,
- Resolving Guest Customer problems and complaints,
- Improving the Guest Customer experience on the platform and mobile application,
- Tracking accounting and purchasing transactions,
- Legal processes and compliance with legislation,
- Responding to information requests from administrative and judicial authorities,
- Ensuring information and transaction security and preventing malicious use,
- Making necessary arrangements to ensure that the processed data is accurate and up-to-date,
- Fulfilling legal obligations.
3. Online Visitor Personal Data
- Processing online visitor data in accordance with Law No. 5651,
- Legal processes and compliance with legislation,
- Responding to information requests from administrative and judicial authorities,
- Ensuring information and transaction security and preventing malicious use,
- Fulfilling legal obligations.
4. Personal Data of the Person to Whom the Purchased Product is Delivered
- Managing product delivery processes,
- Tracking accounting and purchasing transactions,
- Legal processes and compliance with legislation,
- Responding to information requests from administrative and judicial authorities,
- Ensuring information and transaction security and preventing malicious use,
- Making necessary arrangements to ensure that the processed data is accurate and up-to-date,
- Fulfilling legal obligations.
5. Personal Data of Seller/Supplier/Seller Candidate/Seller or Supplier Employee or Authorized Person
- Managing contract processes,
- Tracking accounting and purchasing transactions,
- Legal processes and compliance with legislation,
- Responding to information requests from administrative and judicial authorities,
- Ensuring information and transaction security and preventing malicious use,
- Making necessary arrangements to ensure that the processed data is accurate and up-to-date,
- Fulfilling legal obligations.
By ensuring compliance with these guidelines, Fikir Yazılım takes the necessary steps to protect personal data and uphold the privacy rights of individuals in accordance with the relevant legal frameworks.
e. Measures Taken to Ensure the Security of Personal Data
Fikir Software is committed to taking all necessary technical and administrative measures to ensure the confidentiality, integrity, and security of your personal data and to exercise due care in this regard.
Fikir Software takes the necessary precautions to prevent unauthorized access, misuse, unlawful processing, disclosure, alteration, or destruction of personal data. Fikir Software uses generally accepted security technology standards such as firewalls and Secure Socket Layer (SSL) encryption when processing personal data. Additionally, personal data sent to Fikir Software through the website, mobile application, and mobile site are transferred using SSL.
To prevent unlawful access to the personal data it processes, to prevent unlawful processing of these data, and to ensure the safeguarding of personal data, Fikir Software:
- Protects all areas where personal data are obtained on the website or mobile application with SSL.
- Creates and implements access authorization and control matrices for its employees to prevent the unlawful processing of personal data collected from the website or mobile application.
- Conducts regular penetration tests to test the system's resistance to unauthorized access and ensure that personal data are not unlawfully accessed.
- Uses pseudonymization (alias data) methods for all secondary data processing purposes outside the primary processing purpose and applies encryption methods in systems where pseudonymous data are located to ensure that this data cannot identify the relevant person. It also applies stricter access authorization and control policies to these data.
- Ensures that personal data on paper are stored in locked cabinets and are only accessible by authorized persons.
- Deletes personal data processed via cookies from third parties' systems when membership ends.
Despite Fikir Software's necessary information security measures, if personal data are damaged or obtained by unauthorized third parties as a result of attacks on the platforms operated by Fikir Software or the Fikir Software system, Fikir Software will immediately notify you and the Personal Data Protection Board and take the necessary measures.
f. To Whom and For What Purpose Personal Data May Be Transferred
Fikir Software only transfers personal data to third parties for the purposes specified in this Privacy and Personal Data Protection Policy and in accordance with Articles 8 and 9 of the Data Protection Law. In this context, Member Customer/Guest Customer data and information of the person to whom the purchased product will be delivered are shared with the seller and courier companies and can also be accessed by the call center when necessary. The information of the person to whom the invoice will be issued is shared with the courier company for the purpose of sending the invoice to the relevant person.
The Member Customer/Guest Customer's phone number and/or email address are shared with the commercial electronic communication intermediary service provider to promote, advertise, and provide benefits and opportunities based on the commercial electronic communication consent.
Website or mobile application usage preferences and browsing history are shared with our domestic/foreign business partners providing cookie (cookie) services for segmentation purposes and to communicate with the Member Customer/Guest Customer based on their preferences and likes.
In this context, personal data transfers are carried out through secure environments and channels provided by the relevant third party. Depending on the content and scope of the service received from the third party, pseudonymous data (alias data) is used for transfers where the transfer of the Member Customer/Guest Customer's personal data is not necessary.
For the purpose of increasing Member Customer/Guest Customer satisfaction and loyalty, data of the Member Customer/Guest Customer is shared with companies conducting market research.
Your personal data will also be shared with our foreign business partners for providing business development services, obtaining statistical and technical services, and managing customer relationships.
When Member Customer/Guest Customer/Online Visitor contacts Fikir Software via the corporate WhatsApp line, they will be sending their personal data abroad since the WhatsApp platform is a service provided from abroad. If Member Customer/Guest Customer/Online Visitor does not want to send their personal data abroad using WhatsApp, they can use other communication means provided by Fikir Software.
The personal data subject to domestic and international transfers mentioned above are legally protected by contractual provisions in accordance with the Data Protection Law, as well as technical measures to ensure their security.
When sharing information as stated above, personal data will be transferred to countries outside Turkey in accordance with this policy and the applicable data protection laws.
g. Retention Periods of Personal Data
Fikir Software retains the personal data it processes for the periods required by the relevant legislation or for the duration necessary for the purpose of processing, in compliance with the Data Protection Law. In addition, these personal data may be retained limited to the purpose of making the necessary defenses in the event of a dispute that may arise between you and Fikir Software.
You can review our Cookie (Cookie) Policy for information on the retention periods of personal data obtained through cookies.
h. Profiling and Segmentation
Fikir Software uses personal data processed regarding Member Customers/Guest Customers to:
a. For Member Customers/Guest Customers who have given consent to receive commercial electronic messages,
profiling and segmentation are carried out to prepare content more suitable for their preferences and tastes, and to conduct advertising, promotion, and discount activities.
b. For Member Customers/Guest Customers who have not given consent to receive commercial electronic messages, profiling and segmentation are carried out to:
- Improve products (determine the most sold or unsold product categories),
- Conduct modelings by analyzing shopping preferences and organize campaigns for customer groups with the potential to purchase a specific product, and
- Take actions to increase sales potential.
In profiling and segmentation activities, personal data of Member Customers/Guest Customers, especially their names, surnames, phone numbers, emails, or address information, are not used directly; instead, operations are carried out using Member Customer/Guest Customer IDs assigned to them. The use of pseudonymous data ensures the protection of Member Customer/Guest Customer's personal data. Member Customer/Guest Customer IDs are only accessible to the relevant person or department within Fikir Software and are stored encrypted in the system, with access limited to specific persons.
i. What Rights Do Data Subjects Have Regarding Their Personal Data and How Can They Exercise These Rights?
The rights of data subjects regarding their personal data processed by Fikir Software, according to Article 11 of the Data Protection Law, are as follows:
- To learn whether personal data is processed or not,
- To request information if personal data has been processed,
- To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
- To know the third parties to whom personal data is transferred within the country or abroad,
- To request the correction of personal data if it is incomplete or incorrectly processed,
- To request the deletion or destruction of personal data under the conditions stipulated in Article 7 of the Data Protection Law,
- To request notification of the operations carried out under paragraphs (d) and (e) to third parties to whom personal data has been transferred,
- To object to the processing of personal data exclusively by automated systems that lead to a result detrimental to the data subject,
- To request compensation for damages arising from the unlawful processing of personal data.
To exercise your rights over your personal data, you can access your account through the "My Account" section within the Fikir Software website, mobile application, and mobile site, and make the necessary changes, updates, and/or deletions. You can also use the "Application Form" provided on the Fikir Software website or mobile application under the Data Protection Law Article 13 to submit your application and exercise your rights.
j. How Data Subjects Can Change Their Preferences Regarding Receiving Commercial Electronic Messages
You can change or update your positive or negative preferences regarding receiving commercial electronic messages given during membership or at a later time by accessing the "My Account" section on the website or mobile application of the electronic commerce platforms operated by Fikir Software.
The termination of membership does not mean the withdrawal of your consent to receive commercial electronic messages. Therefore, make sure to complete all the procedures related to withdrawing your consent separately.
For cookie management, you can follow the steps specified in our Cookie (Cookie) Policy.
k. Sharing Personal Data with Official Authorities
Fikir Software may share your personal data and traffic information, such as your browsing information, related to your visit or membership on the electronic commerce platforms and mobile applications operated by Fikir Software with public institutions and organizations that are legally authorized to request this information for the purpose of fulfilling Fikir Software's legal obligations (such as combating crime, threats to state and public security, and other situations where Fikir Software has a legal or administrative notification or information obligation).
l. Use and Management of Cookies
For detailed information on the cookies used by Fikir Software, types of cookies, purposes, retention periods, and cookie management, you can review our Cookie (Cookie) Policy.
2. Conditions for Deleting, Destroying, and Anonymizing Personal Data
Fikir Software retains personal data processed through the website, mobile application, or mobile site for the periods specified by the Data Protection Law Article 7, 17, and the Turkish Penal Code Article 138, or for the durations required by the purpose of processing. When these periods expire, personal data will be deleted, destroyed, or anonymized in accordance with the Regulation on Deletion, Destruction, or Anonymization of Personal Data.
The deletion of personal data by Fikir Software refers to making the data inaccessible and unusable for any user. Fikir Software creates and implements a user-level access authorization and control matrix for this purpose and takes necessary measures to delete data in the database.
The destruction of personal data by Fikir Software means that personal data are made inaccessible, irretrievable, and unusable by anyone.
The anonymization of personal data by Fikir Software means making personal data unidentifiable or non-attributable to any individual, even if matched with other data.
Fikir Software explains the methods and technical and administrative measures taken for deleting, destroying, and anonymizing personal data in detail within the scope of its Personal Data Retention and Destruction Policy prepared in accordance with the Regulation on Deletion, Destruction, or An