Codeway Dijital Hizmetler Anonim Sirketi
Update Date: [19.11.2021]
Codeway Dijital Hizmetler Anonim Sirketi ("Codeway" or "Company"), aims to process the personal data of users in accordance with general principles of privacy and the provisions of the applicable data protection legislation to the relevant person, particularly Law on Personal Data Protection No. 6698, ("PDP Law") and other applicable legislation
Your personal data, which you provided/will provide to our Company and/or obtained by our Company by any external means, may be processed by our Company as "Data Controller";
2. Collection of Personal Data and Method
The personal data of users collected and used by Codeway in particular, are as follows:your name and surname, e-mail address, phone number which we will receive once you contact Codeway, facial feature data you have uploaded to Codeway applications (Codeway Apps) and identifier for advertisers designated in your mobile device used in accessing our services (The Identifier for Advertisers-IDFA), identifier for vendors/developers designated your mobile device (The Identifier for Vendors-IDVF) and Internet Protocol Address-IP Address).
Data Categories and Data Types
We may collect your abovementioned data directly from you through electronic or physical mediums, your mobile device, third party applications or third party sources which you can access our application through these mediums such as Apple App Store, Google Play App Store, Amazon App Store (similar platforms together with "App Stores"), for the purposes of compliance with legal obligations, enhancing our services, administering your use of our services, as well as enabling you to enjoy and easily navigate our services.
We may collect your Log Data generated while you are using our services/applications (through our products or third party products). This Log Data may include information such as your device's Internet Protocol ("IP") address, device name, operating system version, the configuration of the app when utilizing our service/application, the time/date of your use of the service/application, and other statistics.
General Principles Regarding Personal Data Processing
3. Purposes of Processing Personal Data and Legal Reasons
Your personal data will be processed via automatic or non-automatic means for the purposes stated below, in accordance with the applicable legislation and articles 5 and 6 of the PDP Law where it is expressly permitted by the laws, the establishment of a contract or direct relation to the execution or performance of the contract and for the legitimate interests of Codeway provided that your fundamental rights and freedoms are protected.
a) Purposes of Processing Personal Data
In accordance with this text, your personal data is processed for the following purposes in accordance with the above general conditions:
Besides, the purposes of processing personal data may be updated in line with our obligations arising from our company policies and legislation; in particular,
Third Party Websites and Applications
Codeway Apps; may contain links to other websites that are unknown to Codeway and whose content is not controlled. These linked websites may contain terms and conditions other than Codeway texts. Codeway cannot be held responsible for the use or disclosure of information that these websites may process. Likewise, Codeway shall not have any responsibility for any links from other sites provided to the Codeway Apps owned by Codeway.
We collect information by fair and lawful means, with your knowledge and consent. We also let you know why we're collecting it and how it will be used. You are free to refuse our request for this information, with the understanding that we may be unable to provide you with some of your desired services without it.
Internet browsers are predefined to automatically accept the cookies as default. As the management of cookies varies from browser to browser, you may look at the help menu of the browser or application to get detailed information.
Codeway may occasionally send you push notifications via its mobile applications regarding application upgrades or notifications about our services. You can always edit such communication and notifications through the settings on your device and stop receiving such communications and notifications.
Your data will be stored for the duration specified in the applicable legislation or for a reasonable time until the purpose of processing cease to exist, or during legal periods of limitation.
Codeway may continue to store your personal data, even after the expiry of the purpose of its use provided that it is required by other laws or a separate granted by you in this regard.
In cases that you allow Codeway to store your personal data for additional time by giving your consent, such data shall be immediately deleted, destructed or anonymized upon the expiry of such additional time or once the purpose of processing no longer exists.
Technical and Administrative Measures
Codeway stores the personal data it processes in accordance with relevant legislation for periods stipulated in relevant legislation or required for the purpose of processing. Codeway undertakes to take all necessary technical and administrative measures and to take the due care to ensure the confidentiality, integrity and security of personal data. In this context, it takes the necessary measures to prevent unlawful processing of personal data, unauthorized access to data, unlawful disclosure, modification or destruction of data. Accordingly, Codeway takes the following technical and administrative measures regarding the personal data it processes:
Anti-virus application. On all computers and servers in Codeway's information technology infrastructure, a periodically updated anti-virus application is installed.
Firewall. The data center and disaster recovery centers hosting Codeway servers are protected by periodically updated software-loaded firewalls; the relevant next generation firewalls control the internet connections of all staff and provide protection against viruses and similar threats during this control.
VPN. Suppliers can access Codeway servers or systems through SSL-VPN defined on Firewalls. A separate SSL-VPN identification has been made for each supplier; with the identification made, the supplier only provides access to the systems that it should use or is authorized to use.
User identifications. Codeway employees' authorization to Codeway systems is limited only to the extent necessary by job descriptions; in case of any change of authority or duty, systemic authorizations are also updated.
Information security threat and event management. Events that occur on Codeway servers and firewalls, are transferred to the "Information Security Threat and Event Management" system. This system alerts the responsible staff when a security threat occurs and allows them to respond immediately to the threat.
Encryption. Sensitive data is stored with cryptographic methods and if required, transferred through environments encrypted with cryptographic methods and cryptographic keys are stored in secure and various environments.
Logging. All transaction records regarding sensitive data are securely logged.
Two-factor authentication. Remote access to sensitive data is allowed through at least two-factor authentication.
Training. In order to increase the awareness of Codeway employees against various information security violations and to minimize the impact of the human factor in information violation incidents, trainings are provided to employees at regular intervals.
Physical data security. It ensures that personal data on papers is necessarily stored in lockers and accessed only by authorized persons. Adequate security measures (for situations such as electric leakage, fire, deluge, thievery etc.) are taken based on the nature of the environment where sensitive data is stored.
Backup. Codeway periodically backs up the data it stores. As a backup mechanism, it uses the backup facilities provided by the cloud infrastructure providers, as well as the backup solutions it develops when deemed necessary, provided that it is in compliance with relevant legislation and provisions of this Policy.
Non-disclosure agreement. Non-disclosure agreements are concluded with employees taking part in sensitive personal data processing.
Transfer of sensitive personal data. If transfer of sensitive personal data is required through email; such transfer is done through (i) encrypted corporate email or (ii) Registered E-mail.
In the event that the personal data is damaged as a result of attacks on Codeway Apps or on the Codeway system, despite Codeway taking the necessary information security measures, or the personal data is obtained by unauthorized third parties, Codeway notifies this situation to Users immediately and, if necessary, to relevant data protection authority and takes necessary measures.
4. Transferring Personal Data to Third Parties
The procedures and principles to be applied for transferring of personal data are regulated in articles 8 and 9 of the PDP Law, and the personal and special categories of data of the supplier may be transferred to third parties within the country or abroad since we may use servers and cloud systems located abroad.
Your personal data may be transferred abroad for the following reasons:
Codeway may also transfer your personal data to services providers of our Company, third parties such as Facebook SDK, Adjust and Firebase Analytics which are embedded into our servicefor the following purposes:
5. Your Rights as the Data Subject
Pursuant to Article 11 of the PDP Law, you may request the following regarding your personal data by applying to Codeway:
Where General Data Protection Regulation (GDPR) is applicable, data subjects have the following rights:
In the application that includes your explanations about the right you have as the data subject and exercise your rights stated above and that you request to exercise; your request must be explicit and understandable, if the subject of your request is related to you or if you are acting on behalf of someone else, you must be specially authorized in this regard and your authority must be documented, the application must contain identity and address information and documents proving your identity must be attached to the application.Our Company will enable you to file such requests through the "Data Subject Application Form" at email@example.com. In accordance with Article 13 of the PDP Law, our Company will finalize your requests, free of charge, within 30 (thirty) days at the latest depending on the nature of the request. In case the request is rejected, the reason or reasons for the rejection will be notified in writing or electronically along with its justification.
If you believe that we or someone with whom we have transferred your data is violating your rights, you can file a complaint to the data protection authority in your country and to other competent supervisory authorities.
Company Title: Codeway Dijital Hizmetler Anonim Sirketi
Address: Esentepe Mahallesi Buyukdere Cad. Ferkoo Apt. No: 175/141 Sisli/Istanbul