CLARIFICATION TEXT REGARDING THE PROCESSING OF PERSONAL DATA

This clarification text pertains to the personal data processing activities carried out by Ibility Teknoloji A.Ş. in its capacity as data controller and data processor. The Customer is separately responsible for its own disclosure obligations within the scope of its own data controllership.

As Ibility Teknoloji Anonim Şirketi ("Ibility" or "Company"), we attach great importance to the protection of your personal data. We process your personal data in a transparent, fair and lawful manner within the limits stipulated in Article 10 of the Law No. 6698 on the Protection of Personal Data ("Law") and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Disclosure Obligation, and we take care to take the necessary administrative and technical measures in this direction.

Within the scope of this clarification text, Ibility;

i. acts as data controller with regard to personal data processed within the scope of its own commercial activities,

ii. acts as data processor with regard to personal data entered, created or managed by customers through the application.

With this clarification text, we would like to inform you about the personal data we process within the framework of your business relationship with Ibility.

DATA CATEGORIES USED

Customer Personal Data:Name, surname, email address, company name, phone number, address, city, postal code.

Data Shared by Users:Text, images, content, streams, etc.

Test Answers and Data Entered in Training Modules:Information provided by users.

Data Collected from Service Usage:Cookies, IP address, device information, usage statistics.

Device and Usage Data:Browser type, operating system, network type, cookies, session information and activity logs.

Billing and Management Data:Name, signature, phone number, address and payment information.

DATA PROCESSING PURPOSES

Providing services and communicating with users.
Managing accounts so that users can use the services.
Execution of Finance, Accounting and Marketing activities (through newsletters, social media, events).
Execution of Activities in Compliance with Legislation.
Ensuring the Legal and Commercial Security of Persons in Business Relationship with Our Company.
Execution of Customer Satisfaction Activities (Analysis, reporting and personalization to improve user experience).
Determining and Implementing the Commercial and Business Strategies of Our Company.
Ensuring the Execution of Human Resources Policies of Our Company.
Execution of Contract Processes.
Tracking Requests/Complaints.

CATEGORIES OF DATA SUBJECTS

Company Officials (Training Content Editors and Managers):Persons who create and share training materials, usually employees in corporate learning departments.

End Users Using the Application:Persons who consume training content, usually company employees.

Visitors and Business Contacts:Those who visit the website or communicate with business partners.

DATA SHARING SITUATIONS

Data may be shared with third-party service providers (e.g., Onesignal, Meta, Atlas, MongoDB).
International sharing of data is carried out with appropriate security measures and Standard Contractual Clauses.
Data may be shared with authorized authorities when required by legal obligations.

Determination of Data Controller and Data Processor Status

Within the scope of software, applications and services provided by Ibility; the relevant customer acts as data controller and Ibility acts as data processor with regard to personal data entered, created or managed by customer institutions or persons in the system.

In this context, Ibility processes the personal data in question only for the purposes limited to providing the relevant service, operating the system, providing technical support and the purposes specified in the contract; in accordance with the instructions of the data controller and in compliance with the Law. Ibility does not use personal data for purposes other than those determined by the data controller and takes the instructions of the data controller as the basis before transferring data to third parties.

DATA RETENTION PERIODS

Data is retained for the period necessary to fulfill the processing purposes. At the end of this period, data is deleted or anonymized. Data is retained until a retrieval or deletion request is made by the customer.
In case of a user account deletion request, data is anonymized within one month.
Data that needs to be retained for longer periods due to legal regulations is protected in compliance with the relevant laws.

TO WHOM AND FOR WHAT PURPOSE PROCESSED PERSONAL DATA MAY BE TRANSFERRED

Within the framework of the above-mentioned purposes and the personal data processing conditions specified in Articles 8 and 9 of Law No. 6698 regarding the transfer of personal data, your personal data provided to I-bility within the scope of a business relationship:

To Banks and Suppliers for the Execution of Finance and Accounting Affairs.
To the Revenue Administration for the Purpose of Providing Information to Authorized Persons, Institutions and Organizations.
To Judicial and Administrative Authorities for the Follow-up and Execution of Legal Affairs.
May be shared with Authorized Persons, Institutions or Organizations Permitted by the Provisions of Other Relevant Legislation.

Data transfer within Turkey may be transferred without seeking explicit consent, limited to the cases pursuant to subparagraph 8/2(a) of KVKK, where it is required by law pursuant to KVKK 5/2 (a), (c) is mandatory for the establishment and/or performance of the contract, (ç) is mandatory for the fulfillment of a legal obligation, and (e) is mandatory for the establishment, exercise or protection of a right.

METHOD AND LEGAL REASON FOR COLLECTING PERSONAL DATA

Your personal data is obtained by Ibility through automatic means via application and email, and non-automatic means such as filling out a written form or hand delivery within the scope of all processes, as stipulated in the laws specified in paragraph 2 of Article 5 of the Law, for the establishment and/or performance of the contract, fulfillment of the legal obligation, provided that it does not harm the fundamental rights and freedoms of the data subject.

Your personal data is processed based on national and international regulations, especially the Constitution, and pursuant to Article 5 of the Personal Data Protection Law, for the reasons that it is clearly stipulated in the laws, provided that it does not harm the fundamental rights and freedoms of the data subject, data processing is mandatory for the legitimate interests of the data controller, it is mandatory for the data controller to fulfill its legal obligation, it is necessary to process personal data belonging to the parties to the contract provided that it is directly related to the establishment or performance of a contract, and data processing is mandatory for the establishment, exercise or protection of a right.

RIGHTS OF THE DATA SUBJECT LISTED IN ARTICLE 11 OF THE LAW

As personal data subjects, you have the following rights under Article 11 of the Law:

Right to Request Information:To learn whether your personal data is being processed, and to request information if it has been processed.

Right of Access:To access processed personal data.

Right to Rectification:To request correction of your personal data in case of incompleteness or inaccuracy.

Right to Erasure and Destruction:To request the deletion or destruction of your personal data within the framework of the conditions stipulated in Article 7 of the Law.

Right to Object to Processing:To object to the processing of your personal data.

Right to Object to Transfer:To request to know the third parties to whom processed data has been transferred.

Right to Compensation:To request compensation for damages in case of damage due to unlawful processing of personal data.

Data Subject Application Method

You can submit your above-mentioned rights in writing to [email protected] as the data controller, or through other methods determined by the Personal Data Protection Board, in accordance with the provisions of the Communiqué on the Procedures and Principles of Application to the Data Controller. These rights are granted to ensure the protection of personal data and to create remedies in case of violation of the rights of data subjects. The exercise of these rights enables data subjects to control the processing of their personal data. Ibility will finalize your request as soon as possible upon receipt of the relevant documents. Depending on the nature of your request, this period is thirty days at the latest. However, if the process requires an additional cost, the fee specified in the tariff determined by the Board may be charged.

Identity of the Data Controller

Company Title:Ibility Teknoloji Anonim Şirketi

Mersis No:1008207

Contact Address:Reşitpaşa Mah.Katar Cad.İTÜ Tasarım ve Prototip Merkezi Binası No:2/41 İç Kapı No:2 Sarıyer/ İstanbul,34467

E-Mail Address:[email protected]

KEP Address:[email protected]