INFORMATION NOTICE REGARDING PROCESSING OF PERSONAL DATA AND COOKIE POLICY OF MGA SOFTWARE INFORMATION DISTRIBUTION AND CONSULTANCY SERVICES LIMITED COMPANY
Dear visitor, welcome to our website. Before using our website, we would like to inform you, as the data controller within the scope of the Personal Data Protection Law (“KVKK”) and relevant legislation, about MGA Software Information Distribution and Consultancy Services Limited Company (shortly referred to as MGASOFT). We kindly request you to read the Privacy Notice below and the Terms of Use carefully, before accessing our website contents or using the applications and programs directed to the digital platforms.
I. PERSONAL DATA AND PROCESSING PURPOSES
Visitors and members (hereinafter referred to as "Users"), may need to share their personal data required for better service in addition to mandatory personal information regarding the services they request. MGASOFT processes, stores and transfers this data within the framework of laws. MGASOFT takes necessary measures for the confidentiality of the personal data of the User.
A. PROCESSED PERSONAL DATA OF MEMBER USERS
1. Identity Information
- Name and surname,
- Date of birth,
- Turkish identification number
Purpose of Processing:
- Identification and completion of User's registration processes,
- Continuation and improvement of the service provided,
- Conclusion of the contract,
- Sales, marketing and commercial communication,
- Provision of after-sales service,
- Conducting membership process and related activities and ensuring their continuity,
- Promotion and advertising of applications, programs, education, publications and websites,
- Conducting statistical studies and market research,
- Conducting financial and accounting transactions.
The personal data specified above is collected through membership forms on our website, fields that can be optionally filled out on our website, your requests and applications, contracts and campaigns.
2. Contact Information
- Mobile phone number,
- Landline number,
- Email address,
- Address information
Processing Purpose:
- Identification and completion of User's registration procedures,
- Continuation and improvement of provided service,
- Contract establishment,
- Sales, marketing and commercial communication,
- Post-sales service,
- Conducting membership processes and related activities and ensuring their continuation,
- Conducting advertisements and promotions of applications, programs, education, publications and websites,
- Conducting statistical studies and market research,
The above-mentioned personal data will be processed for the purpose of the above-mentioned processing purposes.
The personal data mentioned above are collected through the membership pages on our website, the fields that can be filled out depending on your preference on our website, your requests and applications, contracts, and campaigns.
3. Financial Information
- Encrypted Credit Card Information,
- Bank Account and IBAN Number Information,
Purpose of Processing:
- Conducting activities in accordance with the legislation,
- Following up and executing legal affairs,
- Performing financial and accounting affairs,
- Fulfillment of return processes,
- Conducting and monitoring business activities,
- Execution of service sales processes,
- Performing storage and archive activities,
- Following up risk management processes,
- Fulfillment of contract processes,
- Providing information to authorized persons, institutions and organizations, will be processed for these purposes.
The personal data mentioned above are collected through printed and electronic forms, e-mails, and requests and messages within the website.
4. Location Information
- Location information of the place where it is located,
- Mobile device location data,
Purpose of Processing:
- To provide better service to the User,
- Continuation and improvement of the provided service,
- Promotion of applications, programs, education, publications and websites,
- Conducting statistical studies and market research, it is processed for these purposes.
The personal data specified above is collected through mobile devices and cookies.
5. Customer Transaction Information
- Invoice Information,
- Request Information,
- Order Information,
- Customer Reviews
Purpose of Processing:
- To provide better service to the User,
- Continuation and improvement of the provided service,
- Promotion of applications, programs, education, publications and websites,
- Conducting statistical studies and market research,
- Ensuring the security of the data controller's operations,
- Providing information to authorized persons, institutions and organizations,
- To carry out activities in accordance with the legislation,
- Follow-up and execution of legal affairs,
- Execution of goods and service sales processes,
- Follow-up of requests and complaints, it is processed for these purposes.
The personal data specified above is collected through electronic forms, phone records, emails, and SAP programs.
6. Transaction Security Information
- IP Address Information,
- Internet Site Login/Logout Information,
- Username Information,
- Password Information,
- Traffic Data (e.g. Connection Time/Duration, etc.),
Purpose of Processing:
- Conducting information security processes,
- Conducting communication activities,
- Managing customer relationship management processes,
- Conducting activities aimed at customer satisfaction,
- Organization and event management,
- Conducting marketing and analysis studies,
- Conducting advertising campaign promotion processes,
- Ensuring the security of the data controller's operations,
- Providing information to authorized persons, institutions, and organizations,
- Conducting activities in compliance with legislation,
- Tracking and conducting legal affairs,
- Conducting product and service sales processes,
- Tracking requests and complaints, in order to process them.
The personal data mentioned above is collected through information security systems and electronic devices.
7. Marketing Information
- Cookie Records,
- Demographic, Site and Application Navigation Data,
- Purchase History,
Processing Purpose:
- Conducting communication activities,
- Conducting product and service sales processes,
- Providing better service,
- Continuation and improvement of the provided service,
- Being able to conduct sales, marketing, and commercial communication,
- Managing customer relations processes,
- Conducting activities aimed at customer satisfaction,
- Conducting marketing and analysis studies,
- Conducting advertising, campaign, and promotion processes, for the purpose of processing.
The personal data specified above is collected through your past orders and cookies created on our website, as well as cookies from third parties (such as Google Analytics).
8. Visual and Audio Recordings
- Company Headquarters Voice Recordings
Purpose of Processing:
- Conducting loyalty processes related to products and services,
- Following up on customer relationship management processes,
- Conducting activities aimed at customer satisfaction,
- Conducting after-sales support services for goods and services,
- Conducting storage and archive activities,
- Following up on requests and complaints,
- Performing the marketing processes of products and services,
- Following up on customer relationship management processes,
- Conducting marketing analysis studies,
The above-mentioned personal data is processed for the purpose of being collected in electronic media during calls made to our company headquarters.
B- PROCESSING OF PERSONAL DATA OF MEMBER USERS
1. Location Information
- Location information of the user's current location,
- Mobile device location data,
Purpose of Processing:
- Continuation and improvement of the service provided on the website,
- Advertising and promotion of applications, programs, education, publications, and websites,
- Conducting statistical studies and market research, is processed for these purposes.
The personal data mentioned above are collected through mobile devices and cookies.
2. Process Security Information
- IP Address Information
- Internet Site Login-Logout Information
- Traffic Data (e.g. Connection Time / Duration etc.)
Purpose of Processing:
- Execution of information security processes,
- Providing information to authorized institutions and organizations,
- Management of customer relations processes,
- Conducting activities for customer satisfaction,
- Management of organization and event, marketing, and analysis studies,
- Conducting advertising, campaign, and promotion processes, is processed for these purposes.
The personal data mentioned above are collected through information security systems and electronic devices.
3. Marketing Information
- Cookie records,
- Demographic, site and application browsing data,
Processing Purpose:
- Providing better service on the website,
- Continuation and improvement of the service provided on the website,
- Conducting marketing and analysis studies,
- Conducting advertising, campaign and promotion processes, is processed for the purpose.
The personal data mentioned above is collected through cookies created on your past orders and our website, as well as third-party cookies (such as Google Analytics).
C- LEGAL BASIS
The personal data mentioned above are processed based on the provisions of the relevant legislation and Article 5 of the KVKK in order to achieve the purposes listed in the relevant sections by MGASOFT. These legal bases are:
- It is necessary to process personal data belonging to the parties of a contract, provided that it is directly related to the establishment or performance of the contract.
- It is mandatory for the data controller to fulfill its legal obligations.
- It is necessary to process data for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
The "Customer Transaction Data" mentioned in A/5 article above will also be processed based on your explicit consent as an User, except for the limitations set forth in Article 5 of the KVKK.
D- TRANSFER OF PROCESSED PERSONAL DATA
Personal data mentioned above may be transferred to third parties both in Turkey and abroad and may be processed and stored in servers located domestically or abroad provided that the general principles of KVKK, the conditions stipulated in articles 8 and 9, are complied with and necessary security measures are taken.
Third parties to whom personal data may be transferred may vary depending on various factors such as the type and nature of the relationship between the data subject and MGASOFT, but third parties to whom data may be transferred are generally as follows:
- MGASOFT, to regulatory bodies such as the Capital Markets Board, Borsa Istanbul, Takasbank, and other Authorized Institutions if required by law or for the purposes of pursuing and conducting its legal affairs,
- Domestic and foreign organizations worked with, platform owners, data publishing organizations, infrastructure providers, with the purpose of performing financial and accounting affairs, following up legal affairs, supervising and ensuring the continuity of business activities, conducting marketing analysis studies, providing supplies, fulfilling communication, product or service sales and after-sales support services, working with domestic and foreign Business Partners, Suppliers, and Affiliated Partners for the purpose of tracking requests and complaints.
In addition, user data may be shared with the following organizations and platforms under the relevant service contract, subject to the scope of the relevant service of the contract;
- Payment System Providers [Nestpay Payment Services Inc]: Since payment transactions are made through the relevant portal, you enter your credit card information through this portal. Credit card and payment instrument information is not stored by MGASOFT. Your credit card information can be viewed and processed by this company in order to carry out payment transactions. Your invoice information can also be accessed by the relevant company. We recommend that you review the terms of use and data policies of the relevant company for your control over the aforementioned data.
- Google Tag Manager and Google Analytics [Google Inc.]: Your visits may be shared with or viewed by this platform for statistical data provision purposes. Such data may include the traffic data of the digital platform, your preferences and actions on the relevant platform, your name-surname, date of birth and e-mail information. Cookies may also be used by this platform for the purpose of collecting this information.
- Google Recaptcha [Google Inc.]: Your visits may be shared with or viewed by this platform for user verification purposes. Such data may include the traffic data of the digital platform, your preferences and actions on the relevant platform. Cookies may also be used by this platform for the purpose of collecting this information.
- Microsoft Exchange [Microsoft Corporation]: Microsoft Exchange Services provides mail list creation and statistical data creation services for sending commercial electronic messages to you within the scope of informing you about your subscription, transmitting invoices, improving our services, and promoting and advertising activities, provided that you approve the sending of commercial electronic messages and declare your explicit consent for this purpose. In this regard, your name-surname, e-mail address and payment information can be shared with this organization. The notification content sent to the user by the relevant company and whether the mail has been opened by the user may also be viewed.
STORAGE OF PERSONAL DATA
a) Duration of storage of personal data
Personal data is stored for the period required for the processing purpose of personal data, subject to the retention periods prescribed in the legislation. In cases where personal data is processed for multiple purposes, it is deleted, destroyed or anonymized in accordance with the provisions of the legislation and decisions of the DPA, provided that there is no legal obstacle, when the purposes of the processing are eliminated or at the request of the User. The provisions of the legislation and the decisions of the DPA are followed regarding destruction, deletion or anonymization.
b) Measures taken regarding the storage of personal data
- Technical measures
- Technical infrastructure and control mechanisms are established for the deletion, destruction and anonymization of personal data,
- Necessary measures are taken to ensure the secure storage of personal data,
- Employees with technical expertise are employed,
- Business continuity and emergency plans are developed and systems are developed for their implementation against possible risks,
- Security systems are established for storage areas of personal data in accordance with technological developments.
- Administrative measures
- Our employees are informed about the technical and administrative risks related to the storage of personal data in order to create awareness,
- Contracts made with companies to which personal data is transferred in case of cooperation with third parties for the storage of personal data include provisions regarding the protection and secure storage of personal data and the taking of necessary security measures for the persons to whom personal data is transferred.
F- SECURITY OF PERSONAL DATA
To prevent the unlawful processing and access of personal data and to ensure their lawful storage in accordance with technological possibilities and application costs, we take administrative and technical measures.
a) Measures taken
- Necessary audits are carried out within the company,
- Our employees are trained and informed about the subject,
- Personal data is processed within the scope of the commercial activities carried out by our company,
- Necessary security measures are included in the contracts with companies processing personal data,
- In case of unlawful disclosure of personal data or data leakage, we report the situation to the DPA and carry out the investigations foreseen by the legislation and take the necessary measures.
b) Measures taken in case of unlawful disclosure
We take administrative and technical measures to prevent the unlawful disclosure of personal data and update them in accordance with our relevant procedures. If we detect that personal data has been disclosed unauthorizedly, we create systems and infrastructure to report this situation to the relevant user and the DPA. Despite all administrative and technical measures taken, in case of an unlawful disclosure, if deemed necessary by the DPA, this situation may be announced on the DPA's website or by another method.
G- RIGHTS OF DATA SUBJECTS
In accordance with the provisions of the KVKK, those whose personal data are processed may use the following rights by applying to MGASOFT:
- To learn whether their personal data have been processed or not,
- To request information if their personal data have been processed,
- To learn the purpose of processing their personal data and whether they are used for their intended purpose,
- To know the third parties to whom personal data are transferred, both domestically and abroad,
- To request the correction of their personal data if they are incomplete or incorrect,
- To request the deletion or destruction of their personal data,
- To request that the third parties to whom their personal data have been transferred be notified of the correction, deletion or destruction of their personal data,
- To object to a result against themselves that arises from the analysis of processed data solely through automatic systems,
- To demand compensation for damages in case of suffering damages due to the unlawful processing of their personal data.
Requests made in this context will be concluded by MGASOFT free of charge within thirty days at the latest.
H- METHOD OF SUBMITTING REQUESTS
Under the scope of KVKK, if you want to contact MGASOFT, give feedback or direct your questions, you can deliver your petition that identifies you and includes your request to the address YTU Davutpasa Campus Teknopark D2 Block Office No:1B02 Esenler, Istanbul, in person or through mail or notary. Additionally, for your suggestions, complaints, and feedback, you can apply to info@borfin.com address.
In this context, written or electronic applications related to the subject will be accepted by MGASOFT after the identity verification process and will be finalized within a maximum of 30 (thirty) days depending on the nature of the request.
Although the requests of the data owners will be concluded free of charge, if answering the request requires additional costs, a fee may be charged in the amounts determined within the relevant legislation.
II. COOKIE POLICY
Small data files that allow certain data to be stored and collected on users' computers, mobile phones, tablets or other devices used during access to websites, electronic platforms, applications or electronic e-mail messages or advertisements sent by MGASOFT may be placed. These data files placed on computers and other devices may be cookies, pixel tags, flash cookies, and web beacons, as well as other similar technologies for data storage purposes (hereinafter collectively referred to as "cookies").
Although the data collected through cookies may not always be personal data, it will be evaluated within the scope of this Policy and the Law on the Protection of Personal Data (“KVKK”) insofar as it qualifies as personal data.
1. Purposes of Using Cookies
MGASOFT may benefit from the cookies it uses for the following purposes on its sites, platforms, and applications, as well as in its advertisements and messages:
- Uses for security purposes: MGASOFT may use cookies it deems necessary for the administration and security of its internet sites, platforms, applications, and services. Examples of such cookies include technologies that allow the use of functions available on the internet sites, applications, and platforms, as well as cookies used to detect irregular behavior on these media.
- Uses for facilitating purposes: MGASOFT may use cookies to facilitate the use of its internet sites, platforms, applications, and services, as well as to customize them for users. Examples of such cookies include technologies that allow the recall of user information and preferences.
- Uses for measuring performance purposes: MGASOFT may use cookies to improve and measure the performance of its internet sites, applications, platforms, and services. Examples of such cookies include those that allow the analysis of user behavior and usage patterns on the sites, applications, platforms, and services, as well as technologies that allow interaction with messages sent by MGASOFT to determine whether users interacted with them.
- Uses for advertising purposes: Cookies associated with MGASOFT or third-party cookies may be used on internet sites, applications, and platforms belonging to MGASOFT or third parties to communicate advertising and similar content that appeals to users' interests. Examples of advertising-related uses include cookies that measure the effectiveness of advertisements and cookies that show whether a certain advertisement has been clicked or viewed a certain number of times.
2. Rejecting and Deleting Cookies
Although most browsers allow the use of cookies, users can reject or delete cookies by changing their browser settings at any time. The method of changing settings varies depending on the browser used. Information about how to disable cookies must be obtained from the service provider related to the browser used. If cookies are disabled, some features of MGASOFT's internet sites, applications, platforms, and services may not be available.
3. Authorized Service Providers
MGASOFT may use some authorized service providers to execute and promote its internet sites, platforms, and services. These service providers may also place cookies and similar technologies (third-party cookies) on users' computers/devices and collect information such as IP address, unique identifier, and device identifier to detect the user's device.
4. Third-Party Site Products and Services
Third-party internet sites, products, and services may be linked and directed from MGASOFT's internet sites, platforms, and applications. In such cases, the privacy policies of the visited site and platform apply, and the User acknowledges that MGASOFT is not responsible for the privacy practices of third parties. If the linked internet sites are visited, the privacy policies of those sites must be read.
III. AMENDMENTS
Changes can always be made to this Personal Data Protection and Cookie Policy as needed. In the event of a change, the current version of the policies can be accessed from MGASOFT's website.
MGASOFT Electronic Publishing Data Communication Ind. Tic. Ltd. Sti.
Address: YTU Davutpasa Campus Teknopark D2 Block Office No:1B02 Esenler Istanbul
Phone: +902126442020
Email: info@borfin.com