Privacy and Personal Data Policy

CUSTOMER DISCLOSURE TEXT ON THE PROCUREMENT, PROCESSING AND PROTECTION OF PERSONAL DATA

1- GENERAL EXPLANATION AND DEFINITIONS

This text, Diattack Yazılım Bilişim Siber Güvenlik ve Danışmanlık A.Ş. (to be expressed as Phishup) as "data controller", within the scope of Article 10 of the Personal Data Protection Law (KVKK) No. 6698, in order to fulfill the "obligation to enlighten".
The meanings of the following terms in the information text refer to the definitions specified in the Law No. 6698, the Regulations and Communiqués issued regarding this Law, and are as follows.
* Personal data: Any information relating to an identified or identifiable natural person,
* Processing of personal data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data fully or partially automatically or non-automatically provided that it is a part of any data recording system All kinds of operations performed on data such as classification or prevention of use,
* Relevant person: The real person whose personal data is processed,
* Explicit consent: Consent on a specific subject, based on information and expressed with free will,
* Anonymization: Making personal data cannot be associated with an identified or identifiable natural person under any circumstances, even by matching them with other data,
* Data controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,
* Data processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by him,
* Data registration system: The registration system in which personal data is processed and structured according to certain criteria,
* Contact person: The natural person notified by the data controller during registration to the Registry for the communication to be established with the Authority, regarding the obligations of the legal persons residing in Turkey and the representative of the data controller of the legal entity not residing in Turkey, within the scope of the Law and secondary regulations to be issued based on this Law. ,
* Personal data retention and destruction policy: The policy on which data controllers base the process of determining the maximum time required for the purpose for which personal data is processed, and the process of deletion, destruction and anonymization.

2- INFORMATION REGARDING THE DATA SPEAKER

Data Controller;
Title : Diattack Yazılım Bilişim Siber Güvenlik ve Danışmanlık A.Ş.
Mersis Number: 0295 0943 0790 0001
Address: Sanayi Mahallesi Teknopark Bulvarı No:1/4C İç Kapı No:Z08, Pendik/Istanbul
Telephone: +90 216 706 68 20
E-Mail Address: info@phishup.co
Registered Electronic Mail (KEP): diattack@hs01.kep.tr

3- PERSONAL DATA TO BE PROCESSED

The personal data to be processed by PHISHUP are listed below, and when required and/or required by law, new information can be added and/or amended within the scope of legal legislation.

4- PURPOSE OF PROCESSING PERSONAL DATA

PHISHUP processes personal data for the following purposes. These purposes are;
* Making the sale, determining the financing conditions, making the collections,
* Providing after-sales support and customer satisfaction, finalizing complaints, ensuring communication,
* Notification of discounts and campaigns,
* Fulfilling legal obligations, especially Turkish Commercial Code, Turkish Code of Obligations, Tax Code,
* Ensuring the safety of property and life within the company, making an emergency response, increasing efficiency.

5- TRANSFER OF PERSONAL DATA AND PURPOSE OF TRANSFER

PHISHUP receives personal data obtained for data processing purposes, limited to the above-mentioned purposes, to persons, institutions and/or organizations required/permitted by the KVKK and other legislation provisions, including but not limited to domestic/foreign affiliates of PHISHUP, the cooperation program partner/solution partner institutions and organizations, reconciliation firm, companies from which consultancy and independent audit services are received, due to legal obligations; Even if there is no legal obligation, it will be able to transfer personal data to third parties and institutions in order to achieve the purposes within the scope of Article 4, provided that the rights of the person concerned under the PDPL are reserved.

6- METHODS OF OBTAINING PERSONAL DATA and LEGAL REASON

Based on Articles 5 and 6 of the KVKK, personal data can be obtained directly from the data owner orally, by hand and/or by e-mail, social media, written form and camera recording systems, in line with the above-mentioned purposes.

7- RIGHTS OF THE RELATED PERSON

Related persons can apply to the data controller and;
* Learning whether personal data is processed or not,
* If personal data has been processed, requesting information about it,
* Learning the purpose of processing personal data and whether they are used in accordance with the purpose,
* Knowing the third parties to whom personal data is transferred at home or abroad,
* Requesting correction of personal data in case of incomplete or incorrect processing,
* Requesting the deletion or destruction of personal data within the framework of the conditions stipulated in the law,
* Requesting notification of changes regarding correction, deletion or destruction of personal data to third parties to whom personal data has been transferred,
* Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
* In case of loss due to unlawful processing of personal data, it has the right to demand the compensation of the damage.


Copyright


All rights of the www.phishup.co site belong to Diattack Yazılım Bilişim Siber Güvenlik ve Danışmanlık A.Ş. (Diattack).
All software products and texts, articles, photographs, pictures, documents, sounds, signs and similar intellectual products in the content of Phishup site are protected in accordance with the legal legislation related to Copyrights.
None of these products can be used without the written permission of Phishup. The copying, reproduction, modification, unannounced and unauthorized use and distribution of these products for any purpose are prohibited by law.
Personal and Non-Commercial Use Limits
For personal and non-commercial reproductions where one copy is allowed, it is mandatory to indicate that Phishup is the owner of the trademark or copyright.

2.1.2. Technical and Administrative Measures Taken to Prevent Unlawful Access to Personal Data

Our company takes technical and administrative measures according to the nature of the data to be protected, technological possibilities and the cost of implementation in order to prevent the imprudent or unauthorized disclosure, access, transfer or any other unlawful access to personal data.
(i) Technical Measures Taken to Prevent Unlawful Access to Personal Data

The main technical measures taken by our company to prevent unlawful access to personal data are listed below:
* Technical measures are taken in accordance with the developments in technology, the measures taken are periodically updated and renewed.
* Access and authorization technical solutions are implemented in accordance with the legal compliance requirements determined on a business unit basis.
* The technical measures taken are periodically reported to the relevant person in accordance with the internal control mechanism, the risky issues are re-evaluated and the necessary technological solution is produced.
* Software and hardware including virus protection systems and firewalls are installed.
* Personnel knowledgeable in technical matters are employed.