PERSONAL DATA PROTECTION AND PROCESSING POLICY
Last Updated: 27.03.2025
PURPOSE
According to Article 20 of the Constitution of the Republic of Turkey, everyone has the right to request the protection of their personal data. This right includes being informed, accessing data, requesting the correction or deletion of data, and learning whether the data is being used in accordance with its intended purpose.
The Personal Data Protection Law No. 6698 (“KVKK”) was enacted on 07.04.2016 to protect individuals’ fundamental rights and freedoms and to regulate the obligations of individuals and institutions that process personal data.
Algofact Software and Technology Inc. ("Company") collects, processes, stores, and protects personal data in accordance with KVKK and other relevant legal regulations. This policy aims to ensure transparency in fulfilling our obligations regarding personal data protection.
The Personal Data Protection Law No. 6698 (“KVKK”) was enacted on 07.04.2016 to protect individuals’ fundamental rights and freedoms and to regulate the obligations of individuals and institutions that process personal data.
Algofact Software and Technology Inc. ("Company") collects, processes, stores, and protects personal data in accordance with KVKK and other relevant legal regulations. This policy aims to ensure transparency in fulfilling our obligations regarding personal data protection.
DEFINITIONS
Explicit Consent: A freely given, informed, and specific declaration of approval regarding a particular subject.
Personal Data: Any information relating to an identified or identifiable natural person.
Sensitive Personal Data: Personal data related to race, ethnic origin, political opinions, religious beliefs, sect, health information, and sexual life.
Data Subject (Relevant Person): A natural person whose personal data is processed.
Data Controller: A real or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.
Data Processor: A real or legal person who processes personal data on behalf of the data controller based on the authority given.
Processing of Personal Data: Any operation performed on personal data, whether fully or partially by automated means or non-automated means, such as collection, recording, storage, retention, alteration, disclosure, transfer, classification, or prevention of use.
PRINCIPLES FOR PROCESSING PERSONAL DATA
The Company processes personal data in accordance with the following principles:
Compliance with the law and principles of honesty
Accuracy and keeping data up-to-date where necessary
Processing for specified, explicit, and legitimate purposes
Processing in a manner that is relevant, limited, and proportionate to the purposes for which they are processed
Retention for the period specified in the relevant legislation or necessary for the purposes of processing
In accordance with these principles, our company ensures transparency and accountability in all data processing activities.
CONDITIONS FOR PROCESSING PERSONAL DATA
As per Article 5 of KVKK, personal data cannot be processed without the explicit consent of the data subject. However, in the following cases, data can be processed without explicit consent:
If explicitly required by law
If it is necessary for the protection of life or physical integrity of a person who is unable to give consent due to actual impossibility
If the processing is directly related to the establishment or performance of a contract
If it is necessary to fulfill a legal obligation
If the data is made public by the data subject
If processing is necessary for the establishment, exercise, or protection of a legal right
If processing is necessary for the legitimate interests of the data controller, provided it does not violate the fundamental rights and freedoms of the data subject
If explicit consent is required, the data subject will be informed accordingly.
PROCESSING OF SENSITIVE PERSONAL DATA
Sensitive personal data, including race, ethnic origin, political opinion, religion, sect, health, and sexual life, can only be processed under the conditions specified by law and by taking necessary administrative and technical measures. Currently, we do not process sensitive personal data such as health information. However, if such processing becomes necessary, additional security measures will be implemented.
DATA SECURITY
The Company takes appropriate technical and administrative security measures to prevent unauthorized access, disclosure, loss, or damage to personal data. These measures include:
Access controls
Encryption
Logging systems
Firewalls
Limiting access to authorized personnel only
DATA RETENTION AND DISPOSAL
Personal data is deleted, destroyed, or anonymized when the processing purpose is no longer applicable or when the legal retention period expires.
TYPES OF PERSONAL DATA COLLECTED
Data Type | Description |
Name, SurnamePhone NumberEmail AddressIP AddressUser Activity InformationFeedback Content | For identification and communication purposesFor communication purposesFor information and communication purposesFor security and system logsData recorded during website and application useEvaluations or requests provided by users |
TRANSFER OF PERSONAL DATA
Personal data may be transferred to third parties within or outside the country in compliance with Articles 8 and 9 of KVKK and by taking necessary security measures. Currently, no personal data processed by the Company is transferred outside Turkey.
RIGHTS OF DATA SUBJECTS
According to Article 11 of KVKK, data subjects have the right to:
Learn whether their personal data is being processed
Request information if their personal data has been processed
Learn the purpose of data processing and whether it is used for its intended purpose
Know the third parties to whom their personal data is transferred within or outside the country
Request correction of incomplete or incorrect data
Request the deletion or destruction of personal data
Request notification of rectification or deletion to third parties to whom the data has been transferred
Object to adverse outcomes resulting from the automatic processing of personal data
Demand compensation if they suffer damage due to unlawful data processing
If a data subject wishes to exercise their rights, they may submit their requests via email to the Company's management. The Company is obliged to respond promptly to such requests.
POLICY UPDATES
This Policy is effective from the date of publication and is made publicly available on the Company's website. The Company reserves the right to make changes to this Policy as needed. Updated versions will be published on the Company's official website.
EN 
TR 
AR 
RU 
DE 
FR 
ES