This Personal Data Protection and Processing Policy has been prepared in accordance with the Law No. 6698 on the Protection of Personal Data (“Law”) to inform real persons (“Data Subjects”) regarding the collection, processing, storage, and deletion of their personal data by Bentego Teknoloji A.Ş. (“Company”) and the rights granted to them under the Law.

1. DEFINITIONS

KVKK: Law No. 6698 on the Protection of Personal Data
GDPR: General Data Protection Regulation of the European Union
Data Processor: Natural or legal person who processes personal data on behalf of the data controller based on their authority
Data Controller: The person who determines the purposes and means of processing personal data and manages the data recording system
Data Subject: Real persons whose personal data are processed including but not limited to employees, customers, business partners, shareholders, officials, potential customers, job applicants, interns, visitors, suppliers, and employees of institutions with which the Company collaborates
Explicit Consent: Freely given, specific, informed and unambiguous indication of the data subject’s wishes
Personal Data: Any information relating to an identified or identifiable natural person
Processing of Personal Data: Any operation performed on personal data including obtaining, recording, storing, retaining, altering, rearranging, disclosing, transferring, acquiring, making available, classifying or preventing the use of personal data
Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person
Deletion: Making personal data inaccessible and unusable for relevant users
Destruction: Making personal data inaccessible, irretrievable, and unusable for anyone
Company: Data Controller, Bentego Teknoloji A.Ş.
Board: Personal Data Protection Board

2. PURPOSE OF THE POLICY

The aim of this Policy is to inform individuals whose data is processed by the Company as a data controller about the methods, purposes, and legal grounds for collecting, processing, storing, protecting, and destroying their personal data and the rights they hold under the Law.

3. GENERAL PRINCIPLES

In accordance with Article 4 of the Law, personal data may only be processed in line with the principles outlined in the Law and other related regulations:

  • Lawful and fair processing

  • Being accurate and, where necessary, up-to-date

  • Processing for specific, explicit, and legitimate purposes

  • Being relevant, limited and proportionate to the purpose

  • Retaining data only for as long as necessary

  • Ensuring appropriate security of personal data

4. METHODS OF OBTAINING PERSONAL DATA

Personal data may be obtained directly from the data subject or through third parties and legal authorities via tools such as websites, contracts, emails, application forms, and other written, verbal, or electronic communication channels.

5. CATEGORIES OF PERSONAL DATA

Personal data collected may include:

  • Identity Information

  • Contact Information

  • Customer Information

  • Family and Relatives Information

  • Customer Transaction Information

  • Physical Security Information

  • Transaction Security Information

  • Risk Management Information

  • Financial Information

  • Job Applicant Information

  • Legal Process and Compliance Information

  • Audit and Inspection Information

  • Sensitive Personal Data

  • Request/Complaint Management Information

  • Reputation Management Information

  • Visual/Audio Data

6. PURPOSE OF PROCESSING PERSONAL DATA

Personal data may be processed for:

  • Management and execution of company operations and fulfillment of contractual obligations

  • Marketing and promotional activities, customization of services

  • Fulfillment of financial, legal, and administrative obligations

  • Legal dispute resolution

  • Human resources and employment processes

  • Occupational health and safety

  • Ensuring internal and external security of the Company and its systems

  • Website usage analysis

  • Archiving and data inventory creation

7. TRANSFER OF PERSONAL DATA

Personal data may be transferred within Turkey or abroad in line with legal regulations, with appropriate safeguards to:

  • Consultants, audit firms, collaborators

  • Customers, shareholders, company officials

  • Banks and financial institutions

  • Judicial and administrative authorities
    Transfer abroad is only possible with explicit consent or in case of sufficient protection or mutual undertakings approved by the Board.

8. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

Data may be processed without explicit consent if:

  • Processing is explicitly provided by law

  • It is necessary to protect life or physical integrity of the data subject or another

  • Processing is required for performance of a contract

  • It is necessary to fulfill the data controller’s legal obligations

  • The data subject has made the data public

  • It is necessary for the establishment, use or protection of a right

  • Processing is necessary for the legitimate interests of the data controller, provided that it does not violate fundamental rights and freedoms

9. DATA SECURITY MEASURES

The Company takes the following administrative and technical measures to ensure data security:

  • Conducts risk assessments

  • Provides periodic employee awareness training

  • Implements policies and procedures

  • Minimizes collected data

  • Monitors data security

  • Secures physical and cloud storage systems

  • Takes necessary IT security measures

10. DATA RETENTION AND DESTRUCTION

Data is stored only as long as necessary and then deleted, destroyed or anonymized based on:

  • Legal obligations and time limits

  • The purpose of processing
    Improperly received data or data without valid consent is promptly deleted.

11. RIGHTS OF THE DATA SUBJECT

Under Article 11 of the Law, data subjects have the right to:

  • Learn whether personal data is processed

  • Request information if processed

  • Learn the purpose and whether it is used appropriately

  • Know third parties to whom data is transferred

  • Request correction of incomplete or incorrect data

  • Request deletion or destruction of personal data

  • Object to decisions based on automated processing

  • Claim compensation for unlawful processing

Requests must be submitted with the necessary identity documents by:

  • Sending a form by post or visiting the Company’s address

  • Sending via registered email, secure electronic signature, or other verified methods

Data Controller: Bentego Teknoloji A.Ş.
Address: Yeşiltepe Mah. İsmetinönü-2 Cad. 2/57 Anadolu University Technopark Building No:109 Tepebaşı Eskişehir, Turkey
MERSIS No: 0164083609800001
Trade Registry No: 28500
Phone: +90 850 466 34 26
Website: www.bentego.com
KEP: bentegoteknoloji@hs03.kep.tr
Email: finance@bentego.com

 
  • Çözümlerimiz

      BÜYÜK VERİ ÇÖZÜMLERİ

      Açık Kaynaklı Büyük Veri Çözümleri

      Gerçek Zamanlı Akış Çözümleri

      Veri Ambarı (DWH) Çözümleri

      Data Lake Çözümleri

      Yapay Zeka, Makine ve Derin Öğrenme Çözümleri

      Özel çözümlere mi ihtiyacınız var?

      Bentego’nun uyarlanabilir çözümleri hizmetinizde.

      İş Süreci Çözümleri

      Müşteri Yolculuğu Çözümleri

      İş Süreci Otomasyonu

      -

      -

      -

      Belge İşleme Çözümleri

      Docman

      DİĞER ÇÖZÜMLER

      Eğitim

      -

      Bize ulaşın
  • Teknolojiler
  • Başarı Hikayelerimiz
  • Şirket
  • Takım
İletişim