Introduction of the Data Controller and this Privacy Notice
As a data controller, Art Artırılmış Gerçeklik Teknolojileri Yazılım ve Danışmanlık A.Ş. (hereinafter referred to as “artlabs”, “Company” or “We”), pays the utmost attention to the lawfulness of the processing of personal data of its customers. We have prepared this Artlabs GDPR Privacy Notice (“Privacy Notice”) on the protection and the processing of personal data, in order to ensure compliance with the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).
The security of our customers’ personal data is at the forefront of our work. Therefore, in order to prevent any unlawful access to personal data or leak and to ensure the secure retention of personal data relating to our customers, such data are only transferred to trusted business partners and on a minimum level, by taking necessary security measures in accordance with the legislation in force.
Transparency is one of the most important subjects of our personal data protection program. In this respect, We have prepared this Privacy Notice in order to provide our customers with all necessary information while We are processing personal data, e.g. to ensure a better customer experience.
Another subject that We also pay close attention to is customers’ right to have control over their personal data. We implement measures to ensure that our customers manage their preferences regarding their own personal data and highly respect our customers’ preferences. This Privacy Notice also describes your data protection rights, including a right to object to specific processing activities which artlabs carries out. More information about your rights, and how to exercise them, is set out in the “What are Your Rights as Data Subjects?” section.
In summary, data security, transparency and individuals’ right to have control over their personal data are fundamentals for us in ensuring compliance with the GDPR.
This Privacy Notice contains our declarations and explanations concerning the processing of personal data relating to our customers and other natural persons establishing contact with us, excluding our employees, in compliance with the provisions of the GDPR.
This Privacy Notice is prepared in order to provide information concerning which personal data Artlabs processes within the scope of its commercial activities, the purposes for processing, the parties to whom personal data are transferred and the purposes for such transfers.
2. How Do We Collect Your Personal Data?
This section covers the source of information and the channels through which personal data are collected:
Written or electronic forms, wholly or partly by automated and non-automated means.
artlabs website and mobile applications.
3. Which Personal Data Do We Collect and Process?
Personal data processed by our Company differ in accordance with the nature of the legal relationship established with our Company. In this respect, categories of personal data collected by our Company through all channels, including Digital Environments, are as follows:
· Identity and Contact Information : Personal data such as name, surname, contact information (such as e-mail address) that you have provided to us while filling forms.
· Risk Management Information (such as IP tracking records.)
· Security Information (entry/exit logs in Company’s Website.)
· Legal Procedure and Compliance Information (information provided within information requests and decisions of judicial and administrative authorities.)
· Marketing Information (such as reports and evaluations containing information indicating preferences usage to the data subject and used for the purposes of marketing, targeting information, cookie records, data generated within data enrichment operations)
4. Why Do We Process Your Personal Data and What Is the Legal Basis for This Use (purpose of the processing)?
We process your personal data for the following purposes:
· To fulfil a contract, or take steps linked to a contract We have with you. (According to Art. 6/(1), Subparagraph 1(b) GDPR) This includes:
· Establishing communication with our customer and customer relationship management
· Requests and Evaluations
· Conducting financial and accounting operations
· Usage Information
For purposes which are required by law (According to Art. 6/(1), Subparagraph 1(c) GDPR) (legal obligations):
Ensuring compliance with the national and international legislation to which Artlabs is subjected and fulfilling the obligations arising from the relevant legislation. In response to requests by government or law enforcement authorities conducting an investigation.
Where you give us consent (According to Art. 6/(1), Subparagraph 1(a) GDPR):
Marketing activities : Where required by law, We will send you with your consent direct marketing in relation to our relevant products and services, or other products and services provided by us, our affiliates and carefully selected partners
Cookies : We place cookies and use similar technologies in accordance with our Cookies Policy and the information provided to you when those technologies are used. For more information, see “Privacy & Cookies Policy”
5. To Whom, Why and Where We Transfer Your Personal Data?
Due to the global nature of our business, We may transfer your personal data to recipients residing in Turkey or abroad, in accordance with applicable laws.
Recipients that We may transfer your data to can be listed categorically as follows:
· Suppliers : Your personal data will also be shared with service providers, in particular, providers of website hosting, software, maintenance.
· Government authorities such as custom authorities and/or law enforcement officials authorized by national or international legislations ; e.g. to enforcement agencies, executive or judicial bodies in relation to ongoing investigations.
· In the event that the business is sold or integrated with another business, certain pieces of your details may be disclosed to our advisers and any prospective purchaser’s adviser and may be passed to the new owners of the business.
6. How long will you retain my data?
Artlabs is subject to legal obligations on data retention periods under Turkish law.
Your personal data are deleted as soon as they are no longer needed for the specified purposes. However, We must sometimes continue to store your data until the retention periods and deadlines set by the legislator or supervisory authorities, up to 10 years which may arise from the Turkish Commercial Code, Tax Code, Turkish Code of Obligations, and depending on other applicable European Laws and national laws of a EU-Country. We may also retain your data until the statutory limitation periods have expired (but up to 10 years in some cases), provided that this is necessary for the establishment, exercise, or defence of legal claims. After that, the relevant data are routinely deleted or anonymized.
Where We process personal data for marketing purposes or with your consent, We process the data until you ask us to stop and for a short period after this (to allow us to implement your requests).
7. Principles relating to personal data privacy
Our company acts in accordance with the principles stated below in all data processing activities. “lawfulness, fairness, and transparency”, “purpose limitation”, “data minimisation”, “accuracy”, “storage limitation”, “integrity and confidentiality” and “accountability”.
9. Use of Digital Platforms
Your personal data may be processed while your use of Digital Platforms to manage and operate the Website, to perform activities for optimizing and improving the user experience related to the Website and Application, to detect in what ways the Website is being used, to support and enhance the use of location-based tools, to manage your online accounts and to inform you about the services offered near you.
In case you desire to benefit from the offered product and services, your personal data will be processed only to make you get such product and services.
10. What are Your Rights as Data Subjects?
Under the GDPR you are entitled to the following rights (further information is available under https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/my-rights_en):
Right to withdraw consent (Art. 7 GDPR)
Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Under the GDPR or national laws, these rights may be limited, for example, if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to delete information which We are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in the GDPR or in applicable national laws. We will inform you of relevant exemptions We rely upon when responding to any request you make.
In order to exercise these rights please contact the [email protected] or "Fulya Mah. Büyükdere Cad. Torun Center D Blok Apt. No: 74 D: 10 Şişli/İstanbul” directly. Please specify which individual rights according to Art. 15 et seq. you want to exercise. For this purpose, We may have to confirm your identity before responding to your request.
In order to be able to process your request, as well as for identification purposes, please note that We will use your personal data in accordance with Art. 6 para. 1 (f) of the GDPR as legal obligation.
If you believe that We have failed to comply with data protection regulations when processing your personal data, you can lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.
11. The right to object to processing of personal data (Article 21 of the GDPR)
As indicated above, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6 (1) (e) or (f) of the GDPR, including profiling based on those provisions.
We shall no longer process the personal data unless We demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
12. Data security
We take all appropriate technical and organizational measures to safeguard your personal data and to mitigate risks arising in connection with unauthorized access, accidental data loss, deliberate erasure of, or damage to personal data.
In this respect our Company;
Ensures data security by utilizing protection systems, firewalls, and other software and hardware containing intrusion prevention systems against virus and other malicious software,
Access to personal data within our Company is carried out in a controlled process in accordance with the nature of the data and on a strict need-to-know basis,
Ensures the conduct of necessary audits to implement the provisions of the GDPR, in accordance with Article 32 of the GDPR,
Ensures the lawfulness of the data processing activities by way of internal policies and procedures,
Applies stricter measures for access to special categories of personal data,
In case of external access to personal data due to procurement of outsourced services, our Company obliges the relevant third party to undertake to comply with the provisions of the GDPR,
It takes necessary actions to inform all employees, especially those who have access to personal data, about their duties and responsibilities within the scope of the GDPR.
13. Changes to this Privacy Notice
We reserve the right to make changes to this Privacy Notice in order to provide accurate and up-to-date information concerning practices and regulations relating to the protection of personal data. Data subjects will be informed by appropriate means in the event of a substantial change to the Privacy Notice.