PRIVACY AND PERSONAL DATA PROTECTION POLICY
A. INTRODUCTION
Data privacy is extremely important to 7İMMO, and we place particular emphasis on the openness and transparency of our processing of your personal data. Therefore, we explain how your personal data will be processed and protected in this Privacy and Personal Data Protection Policy (hereinafter referred to as the “Policy”). This content is important, so please read it carefully and be sure to control your privacy. Before we begin, we would like to explain our privacy policy:
- We take your privacy seriously. We are committed to protecting the security of your personal data. We comply with data privacy laws when using your personal data.
- We only use your personal data in the ways described in this document.
- We will not collect your personal data if it is not required.
- We will stop collecting your personal data when it is no longer necessary for our purposes.
- We will explain your rights to control your personal data.
A.1. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
The data controller in the processing of data is SEVEN GÜVENLİK SİSTEMLERİ TİC. LTD. ŞTİ, whose Mersis Number is 0764032813300018 (“7IMMO” or “COMPANY”). 7IMMO contact information is as follows:
- Postal address: TURKIYE
- Phone: 0212 255 47 35
- Email: info@7immo.com
A.2. POLICY PURPOSE
This Policy regulates the principles adopted by 7IMMO, operating in the field of auto key and lock systems, in the processing and protection of personal data regulated and protected under the Law on the Protection of Personal Data No.6698, to ensure compliance with the legislation. The protection of personal data is of great sensitivity for 7IMMO and is among the priorities of our company. The text of the personal data processing policy is an integral part of the membership agreement and the commercial distance sales agreement between 7IMMO and the natural person user and the representative authority of the legal person user who is a member of the www.7immo.com website or mobile applications announced by 7IMMO.
A.3. POLICY SCOPE
This Policy applies to our Company, its customers, potential customers, their employees, our Company interns and employees, trainee and employee candidates, shareholders, officials, officials, shareholders and employees of the institutions with which they have commercial relations, physical and virtual visitors, members, and third parties. It includes all personal data processed by non-automatic means provided that it is part of any data recording system. In addition, the principles adopted by this Policy apply to all employees who process personal data processed by our Company, have access to personal data, provide personal data to the Company or receive data from the Company, employee candidates, subcontractor employees, current and potential business partners, and the Company’s employees of affiliated companies and their officers.
A.4. DEFINITIONS
- Explicit Consent: Consent that is based on information and declared with free will regarding a specific issue.
- Processing of Personal Data: Obtaining, recording, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, through fully or partially automatic means of personal data or non-automatic means provided that it is part of any data recording system, all kinds of operations performed on data such as classification or prevention of use.
- Personal Data Owner: Real person whose personal data is processed (including legal person officials).
- Personal Data: All kinds of information regarding an identified or identifiable natural person.
- Special Categories of Personal Data: Data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress code, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data of special nature.
- Data Controller: The person who determines the purposes and means of processing personal data and manages the place where the data is systematically kept (data recording system).
- Data Processor: Real and legal person who processes personal data on behalf of the data controller based on the authority given by him.
- Data Recording System: The recording system in which personal data are structured and processed according to certain criteria.
- Law: Law No. 6698 on Protection of Personal Data.
- Anonymization: Making the data previously associated with a person unrelated to an identified or identifiable real person in any way, even by matching other data.
B. PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA
Our company acts in accordance with the following principles, which are determined and adopted in accordance with all legislation, especially the Constitution and the Law, in the processing of personal data.
B.1. What are the types of personal data collected by 7IMMO?
We use the personal data we collect from you in several different ways, depending on the relevant data. The table below explains this in detail, showing the types of personal data we collect and our collection purposes.
Personal Data Category | Personal Data Sample |
---|---|
Credentials & Contact Information | Name, date of birth, place of birth, identity number, identity information, mother’s name, father’s name, identity serial number, validity date, signature, identity photo, gender, e-mail address, postal address, residential address, telephone number, and other personal data. |
Customer Transaction Information | Payment card information, call document records, account holder name, invoice information, bank account number, IBAN number, receipt information, account information, customer account activities, contact history, etc. |
Financial Information | Bank/payment institution information, customer number, payment account information, call document records, account holder name, invoice information, bank account number, IBAN number, receipt information, account information, financial performance information, business information, etc. |
Marketing Knowledge | Conversations and correspondence between 7IMMO and the customer over phone and e-mail, communication history, shopping history information, surveys, cookie records, information obtained through campaign work, etc. |
Location Information | Location information of where the transaction took place and where it is located. |
Risk Management Information | Information processed to manage commercial, technical, administrative risks, etc. |
Transaction Security Information & Complaint Management Information | Customer’s IP address, website login and logout information, password and password information, snapshot, business photo, transaction receipts, residence address, identity register certificate, tax plate, internet provider, operating system and browser, device type (e.g., laptop or smartphone), mobile application or website, device cookie settings and other details about the device, geographic area reported by the client device, etc. |
B.2. For what purposes does 7IMMO process your personal data?
7IMMO processes your personal information for several purposes, depending on the relevant legal bases:
- To fulfill your requests or applications through Corporate Communication and Customer Communication channels, update identity and contact information.
- To perform necessary work by business units to make use of the products and services offered by our shopping site, and carry out the relevant business processes.
- To prepare the product to be delivered in accordance with the customer’s order and ensure it reaches the customer within the promised delivery time.
- To transfer the product costs regarding the cancellation or refund to the customer’s account as soon as possible.
- To bring the product out of stock to the customer.
Legal Bases of Data Processing:
- Execution of a Contract and Its Fulfillment: Checking up-to-date information about our products and services, evaluating applications and requests for products and services with our customers/potential customers.
- Mobile Application Development Services and Website Usability: Planning and execution of commercial and/or business strategies of our shopping site, improving user experience by following customer movements, direct and indirect marketing, personalized marketing and remarketing activities, personal segmentation, targeting, analysis, and internal reporting activities.
- Financial Transactions Verification: Confirming whether membership conditions are fulfilled, preparing and regularly following up invoices, fulfilling Company obligations.
- Risk Management: Ensuring commercial, technical, administrative, and legal security, creating Access Authority and Control Matrix, determining data transfer techniques, creating data storage processes and methods, determining and executing remote access methods and processes, keeping website and application entry-exit records, and logging system movements of online visitors and users.
- Marketing Communications: Sending marketing communications related to news, information, updates, newsletters, offers, and special events regarding our services and other marketing communications that may be of interest to you, using collected data in product and service advertisements on third-party websites.
B.3. General Principles in Processing Personal Data
7IMMO acts in accordance with Article 4 of the Law, adhering to the following principles:
- Compliance with Law and Good Faith: Acting in accordance with legal regulations and general trust and honesty in processing personal data.
- Ensuring Accuracy and Updating: Ensuring that processed personal data are accurate and up-to-date.
- Processing for Specific, Clear, and Legitimate Purposes: Clearly and precisely determining the purpose of processing personal data that is legitimate and lawful.
- Being Related, Limited, and Measured for the Purpose of Processing: Processing personal data in a way that is convenient for the realization of specified purposes and avoiding unnecessary processing.
- Retaining for the Required Period: Keeping personal data only for the period specified in relevant legislation or for the period required for the purpose for which it is processed. Conducting data minimization studies and determining storage periods.
B.4. Conditions of Processing Personal Data
The Company processes personal data in accordance with Articles 5 and 6 of the Law, provided that explicit consent is obtained from the data owner or as stipulated in the Law.
B.4.1. Conditions of Processing Personal Data
The personal data of data owners may be processed by the Company in the presence of the following conditions, except in cases where explicit consent is obtained:
- When explicitly stipulated in the laws.
- When it is compulsory to protect the life or bodily integrity of the person or someone else who is unable to disclose their consent due to actual impossibility or whose consent is not legally valid.
- When it is necessary to process personal data belonging to the parties to a contract, provided that it is directly related to the establishment or performance of the contract.
- When it is compulsory for the fulfillment of the legal obligation.
- When personal data has been made public by the person concerned.
- When data processing is compulsory for the establishment, exercise, or protection of a right.
- When data processing is compulsory for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of the data subject.
B.4.2. Conditions of Processing Special Categories of Personal Data
In the processing of special categories of personal data, the principles adopted by the Company in the processing of all personal data are also adopted for the processing of special categories of personal data. Special categories of personal data may only be processed if the data subject has explicit consent or if there are specific conditions provided in the law.
E. TRANSFER OF PERSONAL DATA
In line with the provisions within the scope of both the Constitution and the Law on the Protection of Personal Data, 7IMMO pays utmost care and attention to sharing personal data domestically and internationally, adhering to existing regulations. 7IMMO may transfer personal data of third parties in Turkey to be processed or stored outside of Turkey, including the use of external resources, in accordance with the conditions stipulated in the Law and other relevant legislation, while taking all safety precautions specified in the legislation. Unless otherwise stipulated in the electronically signed contract with the data subject or other relevant legislation, personal data can be transferred abroad.
Due to legal obligations and within the framework of legal restrictions, personal data may be transferred to administrative and official authorities, third parties providing external services, and partners with whom we cooperate in areas such as program partners, organizations, and call centers. To ensure a healthier service and to execute campaigns, your “name, surname, identity number, city of residence, address, date of birth, e-mail address, and telephone number” may be transferred to domestic and international organizations with whom we are or will be in contractual relations, service/support/consultancy providers, security service providers, SMS and e-mail service providers, social media service providers, surveyors, independent auditors, support service providers, service and infrastructure providers, and business partners to ensure the legal and commercial security of third parties and the security of electronic and physical environments.
The identity and contact information of the user may be shared with payment institutions according to the framework agreement of the payment institution that will be approved at the payment stage, and in accordance with the Regulation on Measures to Prevent Money Laundering and Terrorist Financing published in the Official Gazette dated January 9, 2008, and numbered 26751.
E.1. Transfer of Personal Data Domestically
According to the definition article of the Law, transferring personal data is also considered an activity of “processing personal data.” In this respect, the provisions of Articles 8 and 9 of the Law are followed when transferring personal data. Within the scope of the data types and purposes listed under Article E of our company, personal data is transferred to third parties (7IMMO affiliates, business partners, employees, subcontractors or suppliers, public institutions, and legally authorized private persons or organizations) in accordance with the purpose of data processing and provided that necessary security measures are taken. Personal data transfers within this scope are carried out through the secure environment and channels provided by the relevant third party.
The member’s mobile phone number and/or e-mail address may be shared with the commercial electronic message tool service provider to promote, advertise, and offer benefits and opportunities until the merchant member uses the refusal option.
E.2. Transfer of Personal Data Abroad
Our company transfers personal data abroad in accordance with the purpose of processing and provided that necessary security measures are taken. Our company also obtains approval from the data owner in the Open Consent Text for its transfer abroad. Your personal data will be shared with our business partners abroad to provide business development services, statistical and technical services, and to conduct customer relations. Personal data may be transferred to electronic media such as servers, hosting companies, software, and cloud computing providers supported by information technologies abroad for archiving and storage purposes and can be processed and stored there.
In addition to the technical measures to ensure the security of personal data subject to domestic and international transfer, as mentioned above, legal protection is also ensured thanks to the provisions compliant with the KVKK included in our contracts, considering that the counterparty of the legal relationship is a data controller or data processor. When transferring personal data to countries outside of Turkey, the data transfer is ensured as permitted by applicable law and in accordance with this policy for data protection.
F. LIGHTING OBLIGATION
7IMMO, in accordance with Article 10 of the Personal Data Protection Law, informs personal data owners during the acquisition of personal data about the identity of 7IMMO, the purpose of personal data processing, to whom and for what purpose the processed personal data can be transferred, and the method of collecting personal data. Additionally, 7IMMO informs personal data owners about their rights under Article 11 of the Law on the Protection of Personal Data.
7IMMO provides this information through a pop-up Illumination Text during the membership process, and every person who accepts the membership agreement on the site and becomes a member acknowledges that this lighting has been made to them. The aforementioned illumination text and cookie policy are also included in the transactional e-mail sent to users whose membership has been accepted.
In cases where explicit consent is required for the processing of personal data, comprehensive clarifications are made to obtain the consent of the data subjects regarding a specific subject declared with free will. 7IMMO also informs personal data owners and related persons that it conducts personal data processing activities in accordance with all matters in the Personal Data Protection Law and particularly “the law and the rule of honesty” with various public documents, especially this Policy document, and provides transparency regarding personal data processing activities.
G. ENSURING THE SECURITY OF PERSONAL DATA
Our company takes technical, administrative, and physical measures to prevent unlawful access to personal data and to protect personal data from illegal processing.
G.1. Technical Measures for Data Security
- Activities are carried out systematically, established, planned, manageable, sustainable, documented, and based on international security standards to ensure the confidentiality, integrity, and uninterrupted availability (accessibility) of information.
- Measures such as firewall and gateway measures are taken to ensure cyber security; preventing employees from accessing threatening websites or online services; removing unused software and services from computers; ensuring software and hardware are up-to-date against security vulnerabilities.
- Personal data security is monitored by checking software and services running on information networks, determining whether there is an infiltration or non-infiltration in the networks, keeping log records of all users, and preventing data acquisition by copying during maintenance and repair of devices where data is processed.
- Necessary measures are taken to anticipate risks such as theft, loss, or damage of devices or printed documents where personal data are stored, and to minimize damages if these risks occur.
- If personal data is stored in the cloud, the data security measures of the relevant cloud storage systems and providers are examined, and measures such as cryptographic encryption of personal data to be transmitted (uploaded) to data storage service providers, encryption and disposal in cloud environments, and restriction and control of access to data storage service providers are implemented.
- Within the scope of procurement, development, and maintenance of information technology systems, measures such as establishing control mechanisms within applications to ensure correct data entry and prevent errors causing data loss are taken.
G.2. Administrative Measures for Data Security
Our company provides awareness training to its employees regarding data protection, informs them about the legal and contractual obligations of confidentiality and data usage, and receives necessary commitments from them. Updates are made according to changes in the legislation, and special provisions are included in contracts made with data transferees to protect personal data subjects. Periodic audits are conducted to determine risks, efforts are made to minimize personal data retention, and other administrative measures are implemented.
G.3. Physical Measures for Data Security
Our company takes security measures in its buildings, authorizes access to environments such as archives where personal data is kept, and implements security measures for electronic devices storing personal data.
G.4. Measures to be Taken If Personal Data Is Obtained Illegally
Our company, as the data controller, notifies the relevant person and the Board as soon as possible if personal data is obtained by others through illegal means. In case of any violation, our company generally foresees to notify the Board within 72 hours after the violation is detected.
H. PROTECTING THE RIGHTS OF THE DATA OWNER
Our company has established a Personal Data Protection Unit to manage the processes regarding the protection and processing of personal data and to fulfill all other requirements of the Law. This unit also works within the scope of protecting your personal data and addressing your requests.
Personal data owners can submit their requests regarding their rights under Article 11 of the Law to 7IMMO. Requests are concluded free of charge as soon as possible and within thirty days at the latest, depending on their nature. However, if the transaction requires an additional cost, the fee determined by the KVK Board or other authorities will be collected by 7IMMO.
In this context, personal data owners can:
- Learn whether their personal data is processed,
- Request information if personal data has been processed,
- Learn the purpose of processing personal data and whether they are used appropriately,
- Know the third parties to whom personal data is transferred domestically or abroad,
- Request correction of personal data in case of incomplete or incorrect processing and notify third parties to whom personal data is transferred,
- Request deletion or destruction of personal data within the framework of Article 7 of the Law and notify third parties to whom personal data is transferred,
- Object to the emergence of an unfavorable result by analyzing the processed data exclusively through automated systems,
- Demand compensation for damages due to unlawful processing of personal data.
Exceptional circumstances stipulated in Article 28 of the Law are reserved. Data owners can submit their requests in writing to 7IMMO. It is always important for 7IMMO to hear from you, especially when we do not meet your expectations or if there are areas for improvement. If you:
- Have any questions or feedback regarding this Policy,
- Want us to stop using your personal data,
- Want to exercise your above-mentioned rights or submit a complaint,
You can send these notifications to our head office at kisiselverilerim@7immo.com, or through our registered e-mail address at 7İMMO sevens01.kep.tr. You can also submit your requests through the methods specified in the KVK Law.
TURKIYE, or you can reach us via email atFor physical submissions, you can use the Application Form [HA9] prepared in Turkish and English.
I. HOW THE DATA OWNER MAY CHANGE THE POSITIVE OR NEGATIVE PREFERENCES FOR RECEIVING ELECTRONIC COMMERCIAL MESSAGES
You can change or update your preferences for receiving commercial electronic messages after becoming a member of the website or mobile application of 7IMMO by following these steps:
- Sign in to your account.
- Uncheck the previously marked preference.
- Click on the “Update” button.
When you complete this process, we will update your profile to ensure that you will not receive commercial messages via the channel you no longer prefer. Please note that it may take a few days to update our systems, and you may continue to receive messages while processing your request. Termination of membership does not automatically withdraw your consent for receiving commercial electronic messages, so ensure that you complete all procedures to withdraw your consent.
J. APPLICATION AND ENFORCEMENT
The matters regulated in this Policy are subject to the Law and secondary legislation. In case of conflict between the policy and the provisions of the legislation, the provisions of the legislation will apply. This Policy is published on our Company’s website (https://www.7immo.com) and is effective from the date of its publication. 7IMMO may make changes or updates to this Policy in line with legal regulations and Company Policy. Necessary information about the new Policy reflecting these changes and updates will be provided via the website, mobile applications, or other communication means such as email.
K. REPORTING SECURITY VULNERABILITY
7IMMO does not accept any security risks. If you notice any technology issues, please let us know. Send an email to kisiselverilerim@7immo.com with details of the security vulnerability, explaining how we can verify it, including your contact information and company name. For physical notifications, you can use the additional Data Violation Form [HA11].
7IMMO does not accept any security risks. If you notice any technology issues, please let us know. Send an email to kisiselverilerim@7immo.com with details of the security vulnerability, explaining how we can verify it, including your contact information and company name. For physical notifications, you can use the additional Data Violation Form [HA11].