QR2Code.Com website (“QR2Code“, “Site“) takes care to act in accordance with the legislation and to protect personal data correctly and up to date in accordance with the Law on Protection of Personal Data (“Law“).
Purpose of the Policy
Scope of the Policy
This Policy has been prepared for all our services that can be accessed through communication and notification forms, communication via e-mail or social media, or any other means. This Policy informs personal data owners about the Law by being published within the boundaries of QR2Code web.
Collection of Personal Data
We collect your personal data when you provide us directly, automatically or not, when you use the services associated with the site while browsing the site.
When you contact us through our social media accounts or via e-mail, subscribe to a newsletter, fill out a questionnaire, submit a feedback, participate in a contest, fill in and send us any form of notification, communication or comment on our Site, navigate the pages or when you use any of the services offered, we collect, process and store it.
The Type of Personal Data We Collect
The most common types of personal data we collect include: name, surname, E-mail address, IP address, contact information, survey response, picture, comment, message, share, action, site analytics data.
Categorization of Personal Data
Personal data processed by QR2Code are categorized below.
- Identity – Name, surname
- Contact – Email address, contact address, Registered Email address (KEP)
- Location – Location information
- Transaction Security – IP address information
- Marketing – Information obtained through surveys, cookie records
Purposes of Processing Personal Data
Your personal data processed by QR2Code;
- Execution of Information Security Processes
- Conducting Activities in Compliance with Legislation
- Conducting Communication Activities
- Organization and Event Management
- Execution of Advertising / Campaign / Promotion Processes
- Execution of Custody and Archive Activities
- Execution of Contract Processes
- Conducting Activities for User Satisfaction
- Execution of User Relationship Management Processes
- Tracking of Requests / Complaints
- Execution of Information Security Processes
- Conducting Talent / Career Development Activities
processed and stored for its purposes.
Method and Legal Reason for Collecting Personal Data
Personal data related to the visitor are collected partially or completely automatically or not for other reasons determined within the framework of the policy or legislation. Personal data will be processed in line with the above-mentioned purposes and within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of Law numbered 6698.
Deletion, Destruction or Anonymization of Personal Data
Although it has been processed in accordance with the provisions of the relevant law as stated in Article 7 of the Law on Protection of Personal Data, if the reasons requiring its processing disappear, the personal data will be deleted, destroyed or anonymized in accordance with the decision of QR2Code or upon the request of the personal data owner.
Deletion of personal data – the process of making personal data inaccessible and unavailable in any way for the relevant users.
Destruction of personal data – it is the process of making personal data inaccessible, retrieved and reusable in any way.
Anonymization of data – personal data masking, aggregation, generalization, data derivation, data hash, etc. Even if it is matched with other data with techniques, it is making it impossible to be associated with an identified or identifiable real person in any way.
Storage Periods of Personal Data
Personal data is stored by QR2Code for the periods stipulated in laws and relevant legislation. If a storage period foreseen in the laws and the relevant legislation is not specified, your personal data is stored by QR2Code in connection with the activity it carries out while processing the data, in accordance with the Personal Data Storage and Destruction Policy, then deleted, destroyed or anonymized.
Law Rights of Personal Data Owner
Within the framework of Article 11 of the Law, the relevant person applied to us about himself;
- Learning whether your personal data is processed,
- If personal data has been processed, to request information regarding this,
- Learning the purpose of processing personal data and whether they are used appropriately for their purpose
- To know the third parties to whom personal data are transferred domestically or abroad,
- To request correction of personal data in case of incomplete or incorrect processing,
- To request the deletion or destruction of personal data,
- Request notification of the processes regarding the correction, deletion or destruction of personal data to third parties to whom personal data are transferred
- Object to the occurrence of a result against the person himself by analyzing the processed data exclusively through automated systems,
- In case of damage due to unlawful processing of personal data, requesting the compensation of the damage
has the rights.
Transfer of Personal Data
QR2Code can transfer personal data of personal data owners to third parties in accordance with the law by taking necessary confidentiality and security measures in line with the purpose of processing personal data. QR2Code acts in accordance with the regulations stipulated in the law during the transfer of personal data. In this context, in line with legitimate and lawful personal data processing purposes, it may transfer personal data to third parties based on one or more of the personal data processing conditions specified in Article 5 of the law.
- If the personal data owner has explicit consent,
- If personal data are clearly stipulated in laws,
- If the personal data owner is obliged to protect the life or body integrity of the personal data owner or someone else and the personal data owner is unable to disclose his consent due to the actual impossibility or his consent is not legally valid;
- If it is necessary to process personal data belonging to the parties of the contract, provided that it is directly related to the establishment or performance of a contract,
- If personal data transfer is mandatory for QR2Code to fulfill its legal obligation,
- If the personal data of the personal data owner has been made public by him,
- If data processing is mandatory for the establishment, use or protection of a right,
- If it is necessary to process personal data for the legitimate interests of QR2Code, provided that it does not harm the fundamental rights and freedoms of the personal data owner.
Situations completely excluded from the scope of the Law and Policy
This Policy and the provisions of the Law will not be applied in the following cases:
- Processing of personal data by real persons within the scope of activities related to them or their family members living in the same residence, provided that they are not given to third parties and obligations regarding data security are complied with,
- Processing personal data for purposes such as research, planning and statistics by making them anonymous with official statistics,
- Processing of personal data for artistic, historical, literary or scientific purposes or within the scope of freedom of expression, provided that it does not violate national defense, national security, public security, public order, economic security, privacy of private life or personal rights or constitute a crime,
- Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law and 8 in order to ensure national defense, national security, public security, public order or economic security,
- Processing of personal data by judicial authorities or execution authorities in relation to investigation, prosecution, trial or execution proceedings.
Partially Excluded from the Scope of Law and Policy
Article 10, which regulates the obligation of disclosure of the data controller, excluding the right to claim damages, 11 which regulates the rights of the data subject, and 16 regulating the obligation to register in the Registry of Data Controllers, provided that this Policy and the Law are in accordance with the purpose and fundamental principles of the Law, Not applicable in cases:
- Processing of personal data is necessary for the prevention of crime or for criminal investigation. (For example, a police officer processing the personal data of a suspect related to a crime is evaluated within this scope,
- Processing personal data made public by the person concerned,
- In order for this provision to be implemented, the personal data must be made public by the person concerned and the processing is carried out in accordance with this will,
- Processing of personal data is necessary for the execution of supervision or regulation duties and for disciplinary investigation or prosecution by authorized and authorized public institutions and organizations and professional organizations that have the quality of public institutions, based on the authority granted by law,
- Processing of personal data is necessary for the protection of the economic and financial interests of the State regarding budget, tax and financial issues.
Personal Data Processed Without Explicit Consent
Your personal data can only be processed without the explicit consent of the relevant person in the presence of any of the following conditions:
- It is clearly stipulated in the laws,
- It is mandatory for the protection of the life or physical integrity of the person who is unable to disclose his consent due to the actual impossibility or whose consent is not legally valid,
- Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract,
- It is mandatory for the data controller to fulfill his legal obligation,
- It is made public by the person concerned,
- Data processing is mandatory for the establishment, use or protection of a right,
- Provided that it does not harm the fundamental rights and freedoms of the data subject, it is necessary to process data for the legitimate interests of the data controller.
For questions or more, you can contact us at email@example.com