Data Protection
HYSSA FİNANSAL TEKNOLOJİ A.Ş CUSTOMER CLARIFICATION TEXT UNDER THE PERSONAL DATA PROTECTION LAW NO. 6698
HYSSA FİNANSAL TEKNOLOJİ A.Ş. (hereinafter referred to as the “Company”) takes all kinds of technical and administrative measures in accordance with the Law on Protection of Personal Data No. 6698 ("Law") regarding the processing of your personal data.
Your personal data, by our company in the capacity of data controller, is being processed:
- In accordance with the law and the principle of fairness,
- By keeping its up-to-date and correctness as you have notified or reported to us,
- In accordance with the purpose of processing, in a limited, relevant and proportional way,
- By keeping for as long as required by the relevant legislation or for the purpose for which it is processed.
As the data subject, you can find detailed information about your processed personal data, the purposes of processing your personal data, transferring it to third parties, the legal reasons for collecting personal data and your rights in the Law, from the clarification text below.
A) Data Controller
As a company, we inform you that we process your personal data as a data controller within the scope of the Personal Data Protection Law No. 6698 and other relevant legislation.
TITLE : HYSSA FİNANSAL TEKNOLOJİ A.Ş.
ADDRESS : Merkez Mah. Hasat Sk. No:52/1 Şişli/İSTANBUL
COMMUNICATION : info@hyssa.com
B) Personal Data Processed, Its Categories and Our Reasons for Processing Data Based on Data Category
In accordance with the Law and other relevant legislation, the personal data categories and explanations to be processed within the scope of the purposes and legal reasons specified in this Customer Disclosure Text are as follows:
Identity Information: It is the data group that contains data regarding the identities of individuals.
It is stored for 10 years after the end of the relationship.
- Planning and practices in order to comply with the information storage, reporting and disclosure obligations stipulated by the relevant laws and regulations, authorized regulatory agencies and other public institutions and organizations,
- Planning and practices to provide the necessary processes and documents for possible public institution audits,
- Creation of customer registration, realization of sales invoicing, execution of after-sales support services,
- Sharing contact information with our company and its affiliates and subsidiaries and informing you about your product purchases.
Customer Transaction: This data category refers to data types such as invoice, order information, request information
It is stored for 10 years after the end of the relationship.
- Realization of sales transactions,
- Performing after-sales support operations,
- Execution of information security processes,
- When necessary, it is processed by our lawyers in order to carry out legal processes on behalf of our Company.
Transaction Security: Your personal data such as username, password, IP record, Log Record.
It is stored for 10 years after the end of the relationship.
- Recording the username and passwords you set after you register through our application/website,
- Registration in order to control the virtual identities (ID) assigned to you before the transaction you will make and to assign a new virtual identity for each purchase,
- Your personal data in this category are processed for the purpose of detecting and intervening transactions that may take place outside of your request and approval.
C) Method and Legal Reason for Personal Data Collection
The legal grounds on which our company is based during data processing are as follows:
- The explicit consent of the data subject,
- Explicitly provided by the law,
- It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not deemed legally valid,
- It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,
- It is mandatory for the data controller to fulfil its legal obligation,
- Personal data have been made public by the data subject himself,
- Data processing is mandatory for the establishment, exercise or protection of a right,
- Data processing is mandatory for the legitimate interests of the data controller, provided that it does not violate the fundamental rights and freedoms of the data subject.
In order to fulfill the purposes in paragraph (b) of this text, your personal data will be obtained verbally, in writing or electronically, with the following automatic or non-automatic methods, based on the legal reasons set forth in Article 5 (2) of the Law:
- In case of creating a user profile through the Hyssa mobile application or website,
- During the shopping or transaction processes.
Your personal data is processed and preserved in our digital and physical environments by taking the necessary data protection measures and based on the legal reasons written above. In addition, if you would like to receive information about the purposes of data processing or its legal basis, please fill in the Data Subject Application Form and send it to us.
We would also like to point out that your Finance Data (bank account information for payment, etc.) is processed by us. Hyssa, a secure payment instrument software, securely processes your financial data and transmits your information to us in a secured form.
D) To Whom and For What Purpose the Processed Personal Data Can Be Transferred
Your personal data will be transferred for the following purposes and in accordance with Articles 8 (2) (a) of the Law, without seeking the explicit consent of the customer, as necessary and in accordance with the purpose of transfer, without any unnecessary information being shared:
- In order to fulfill our obligations under the legislation or relevant laws, provided that is it required or demanded, your personal data may be shared with relevant public institutions and organizations and private institutions and organizations from which service is received.
- It may be shared with the independent audit firm within the scope of the tax audit carried out in order to fulfill the tax obligations.
- In order to follow the legal processes, it may be shared with our lawyers as much as necessary within the framework of the confidentiality obligation.
- It will be shared with the accounting programs we use in order to carry out our accounting and finance transactions, and with the sworn financial advisors or accountants from whom we have outsourced services.
- It will be shared by signing confidentiality agreements within the scope of the Law with companies or individuals that are required to fulfill by law or that contribute to the development of our company and that are suitable for our data processing purposes.
E) Your Rights under Article 11 of the Law
You have rights as the data subject laid down in Article 11 of the Law. Each person has the right to request to the data controller about him/her;
- to learn whether his/her personal data are processed or not,
- to demand for information as to if his/her personal data have been processed,
- to learn the purpose of the processing of his/her personal data and whether these personal data are used in compliance with the purpose,
- to know the third parties to whom his personal data are transferred in country or abroad,
- to request the rectification of the incomplete or inaccurate data, if any,
- to request the erasure or destruction of his/her personal data under the conditions laid down in Article 7 of the Law,
- to request reporting of the operations carried out pursuant to sub-paragraphs (d) and (e) to third parties to whom his/her personal data have been transferred,
- to object to the occurrence of a result against the person himself/herself by analyzing the data processed solely through automated systems,
- to claim compensation for the damage arising from the unlawful processing of his/her personal data
Use of Your Rights Under Article 11 of the Law
Within the scope of Article 11 of the KVKK, your rights as the data subject (the person whose personal data are processed) have been listed above. You can submit your requests regarding these rights, preferably by filling in all the information specified in the Data Subject Application Form on our website. As per the 1st paragraph of Article 13 and the Communiqué on the Procedures and Principles of Application to the Data Controller and Article 11 of the Law;
- By personally coming to our company at Merkez Mah. Hasat Sk. No:52/1 Şişli/İSTANBUL,
- In order to be able to identify your identity and not to inform the wrong people, in writing, through a notary public or by registered letter with return receipt,
- By using the e-mail address you have notified our company in advance and registered in our systems, you can send it to info@hyssa.com by sending an e-mail to the address or by other methods to be determined by the Board in the future.
Retention Period of Personal Data
In line with our company's data retention policy, your data is stored in accordance with the mandatory retention periods determined within the scope of the Laws and other relevant legislation. In case the said period expires or the purpose of processing personal data is no longer valid, personal data is deleted, destroyed, destroyed or anonymized.
Changes and Updates
This clarification text has been prepared within the scope of Law No. 6698 and other relevant legislation. Necessary changes can be made in the aforementioned disclosure text in line with the relevant legal legislation and/or changes in the Company's personal data processing purposes and policies. The company reserves the right to make changes.
In addition, you can reach our documents related to the Law and related legislation at hyssa.com and to contact us, you can send an e-mail to info@hyssa.com.