Privacy Policy and Personal Data Protection Law (PDPL) Disclosure Text
Effective Date: 12.12.2023
We, Elaves Education and Technology Inc., operating the www.elaves.com ("Website") and the application installed on mobile devices ("Mobile Application") (hereinafter collectively referred to as the "Platform"), respect and value the protection of the data of Platform users/members/visitors ("Data Subject") and their privacy. The Company highly respects the privacy of its users and members and has made it a principle. Please take a few minutes to review this Privacy Policy to learn about the terms and conditions regarding the use of your personal data through the Platform.
Users and members, by accessing and using this Platform, will be deemed to have expressly accepted this Privacy Policy. This Privacy Policy is only applicable to the relevant Platform and does not apply to links directed through the Platform.
1. Processed Personal Data
When this Platform is visited, certain personal data must be obtained directly or indirectly for the provision of necessary services. Your personal data processed by the Company is categorized in accordance with the Personal Data Protection Law ("Law") as follows. Unless explicitly stated otherwise, the term "personal data" in the context of this Privacy Policy will include the following information:
-
Identity and Contact Information: Name, surname, telephone, address, email address
-
User Information, User Transaction Information, and Financial Information: Membership information, membership ID number, data related to the time and date of using Company services, reasons for contacting the Company, terms used when searching on the Website, filtering preferences, your ratings and comments, invoice and payment information, balance information (examples of invoices sent to users and receipts for payments received from users, invoice number, invoice amount, invoice issuance date, etc.). When you use a credit card to pay the product price, you agree that your credit card number, expiration date of your credit card, CVV2 code, and similar information will be shared with banks. However, credit card and/or bank card information used during order creation is not stored in our systems in any way.
-
Transaction Security Information: Membership information, password information
-
Marketing Information: Reports and evaluations showing your habits and preferences, targeting information, cookie records, etc. Marketing and communication data include your preferences for receiving marketing materials
-
from us and our third parties as well as your communication preferences
-
Request/Complaint Management Information: Your requests and complaints made through the Website and Mobile Application and your comments shared on the Website and Mobile Application
-
Risk Management Information: IP address
-
Audio Recording Information: Your participation in online and physical events, your participation in user research, and your voice recording during interactions with the call center.
-
Visual Recording Information: Your participation in online and physical events, your participation in user research, and your visual recording during interactions with the call center.
-
Legal Transaction Information: Information in correspondence with authorized individuals, institutions, and organizations, information in lawsuit and execution files, information on legal information requests,
-
To detect potential malicious software, our Android application component may access the full list of applications installed on the phone.
-
In addition, we collect, use, and share aggregate data, such as statistical or demographic data, for any purpose. Aggregate data may be derived from your personal data, but it is not considered personal data as it will not directly or indirectly identify you as an individual. For example, we may use your usage data to calculate the percentage of users accessing a specific feature of a website or mobile application. However, if we combine this type of aggregate data with your personal data in such a way that it can directly or indirectly identify you, we treat the combined data as personal data and process it in accordance with this Privacy Policy. Except for authorized units of the Website, only users/members concerned with personal data can access and modify this data. It is not possible for other users/members and third parties to change this data given by the user/member.
2. Purposes of Using Your Personal Data
The personal data you share with the Company may be processed for the following purposes in compliance with the purposes stipulated in the Law and other relevant legislation:
For you to benefit from the services provided through the Platform, to carry out your membership registration, to update your membership registration, to improve the services provided by the Company and through the platform and to introduce new services, to conduct commercial activities, to determine and implement commercial, scientific and business strategies, to ensure the legal and commercial security of the persons, including those abroad, who have a business relationship with the Company, and to provide the necessary information to you in this context, and to fulfill the obligations arising from the nature of these activities.
The personal data may be used to communicate with you or to improve your experience on the Platform. These data may also be used for internal reporting and business development activities, to make various statistical evaluations without disclosing your identity, to create a database, and to conduct market research. The said information may be processed by the Company for direct marketing, digital marketing, remarketing, targeting, profiling, and analysis purposes, stored, transferred to third parties including those abroad, and you may be contacted for notifications regarding the promotion, maintenance, and support activities of various applications, products, and services through these channels.
In addition, the Company may process personal data without obtaining your additional consent in accordance with Articles 5 and 8 of the Law and/or the existence of exceptions in the relevant legislation, and may share it with third parties. These situations are as follows:
-
When explicitly prescribed by laws,
-
When necessary for the protection of life or bodily integrity of the person or someone else who is unable to express his/her consent due to actual impossibility or whose consent is not legally valid,
-
Provided that it is directly related to the conclusion or performance of any contract between the Data Subject and the Company, when it is necessary for the processing of personal data,
-
When necessary for the Company to fulfill its legal obligations,
-
When it has been made public by the Data Subject,
-
When it is necessary to establish, exercise, or protect a right,
-
Provided that it does not violate the fundamental rights and freedoms of the Data Subject, when it is necessary for the legitimate interests of the Company.
3. Changing the Purpose of Data Usage
The Company will only use your personal data for the purposes for which it was collected unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
​
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
​4. Transfer of Personal Data
The Company may transfer your personal data and any new data obtained through the use of your personal data to Company employees, affiliates, subsidiaries, including those abroad, branches and branch employees, business partners or intermediaries with whom we may do business, auditors, lawyers, and consultants, among other professional advisors, for the purposes specified under this Privacy Policy. In this context, the Company may also transfer your personal data to legally authorized public institutions, including those based abroad, as well as private legal entities. Anonymous or limited data transfer may also be made to our business partners and suppliers, subject to separate approval in such cases. The Company may share your personal data with third-party service providers, including but not limited to external service providers such as email and SMS senders, hosting service providers, and law firms, to improve your user experience (including enhancement and personalization), ensure your security, detect fraudulent or unauthorized use, conduct operational assessments, address errors related to platform services, and achieve any of the purposes stated in this Privacy Policy. As a Data Subject, you acknowledge that the aforementioned third parties may store your personal data on servers anywhere in the world, and you hereby consent to this. The individuals and legal entities, including those abroad, with whom your personal data may be shared, are as follows:
-
External third parties: service providers, bankers and financial market infrastructure institutions, marketplaces, official, regulatory or similar institutions or industry organizations, competent courts or judicial authorities, law enforcement agencies, certifying authorities, notaries, administrators, trustees or other executive authorities, liquidator in any bankruptcy, preventive measure situation, trustee, trustee, trustee or temporary manager, external manager, administrator or similar or equivalent appointed authority, bankruptcy, liquidation, dissolution, or similar or equivalent any transaction), third-party service providers such as IT system management or information security service providers.
-
Third parties to whom we may sell, transfer, or merge part of our business or assets. Alternatively, we may attempt to acquire or merge with other businesses. In the event of a change in our business, new owners may use your personal data as described in this privacy policy.
​
We mandate that all third parties respect the security of your personal data and process them in compliance with the law. We do not permit our third-party service providers to utilize your personal data for their own purposes and only allow them to process your personal data for specific purposes and in accordance with our instructions.
5. Storage Period of Your Personal Data
Your personal data shared with the Company is retained for the duration required by the purposes specified in this Privacy Policy and for the statutory limitation periods stipulated in the relevant legislation. Additionally, your personal data may be retained, to a limited extent, for the purpose of providing necessary defenses in the event of any dispute between you and the Company.
6. Ensuring the Security of Your Personal Data
The Company takes appropriate technical and administrative measures, considering the costs, to ensure the minimum level of security required by the relevant legislation or as stipulated in this Privacy Policy, in order to:
-
prevent unlawful processing of personal data,
-
prevent unauthorized access to personal data, and
-
safeguard the confidentiality of personal data.
​
Furthermore, the Company refrains from disclosing the personal data obtained from you to any third party in violation of this Privacy Policy and the provisions of the Personal Data Protection Law, and it does not use them for purposes other than the intended processing. In case of linking to other applications through the website, the Company disclaims any responsibility for the privacy policies and contents of such applications and recommends reviewing their respective texts.
​
The data pertaining to users and members are securely stored by our Website. However, these data may be used to establish communication with users/members via mail, email, telephone, and other technological communication channels.
The user/member pledges to ensure that the data covered by this Privacy Policy are complete, accurate, and up-to-date, and agrees to promptly update them via the Website in case of any changes. The Company shall not be held liable for any direct or indirect damages arising from the failure of the user/member to provide complete, accurate, and up-to-date information. The user/member hereby acknowledges, declares, and undertakes this commitment.
7. Changes to the Privacy Policy
By utilizing the services offered through the platform, users are deemed to have read and accepted all these terms. The Company reserves the right to modify the provisions of the Privacy Policy without prior notice in line with changes in legislation. The current Privacy Policy becomes effective as of the date it is presented to the User through any means.
USER INFORMATION TEXT REGARDING THE PROTECTION OF PERSONAL DATA UNDER TURKISH LAW NO. 6698 ON PERSONAL DATA PROTECTION ("PDPL")
As Elaves Education and Technology Inc., established in Turkey, we have adopted certain fundamental rules to protect the privacy of all personal data of users of www.elaves.com ("Website") and the mobile applications ("Mobile Application") installed on mobile devices, in accordance with Turkish Law No. 6698 on the Protection of Personal Data ("PDPL"), acting as the data controller. The Company aims to protect the justified trust of users in the Company by adhering to these fundamental rules. In accordance with Article 10 of the PDPL, this information text has been prepared to inform you about the purpose, scope, duration, and other matters that may affect you regarding the processing of your personal data.
​
Your personal data will be:
-
Processed within the framework of the purpose requiring processing and in connection with this purpose, in a limited and proportionate manner,
-
Maintained in its most accurate and up-to-date form, as notified to us or as reported,
-
Recorded, stored, preserved, reorganized, shared with competent institutions authorized to request such personal data under the PDPL, and transferred to third parties, including those abroad, in accordance with the conditions prescribed by the PDPL, and may be processed in other ways as specified in the PDPL.
1. Method of Collection and Legal Basis for Processing Personal Data
Your personal data is collected by Elaves Education and Technology Inc. through channels such as e-mail, relevant websites, and mobile applications, as well as electronically through social media accounts that allow access to the Company and through call center channels or physically via mail/courier.
​
Your personal data may be processed by Elaves Education and Technology Inc. within the scope of the services provided by the Company, including legal obligations, reasons directly related to the establishment and performance of the contract, reasons envisaged in the laws, and the legitimate interests of the Company, as well as with the explicit consent of the data subject. Within this scope, your personal data may be collected by Elaves Education and Technology Inc. through verbal, written, or electronic means by providing your consent during the service request, at the time of the establishment of the contract, or later, or by creating a user registration on the internet and saving information, or by submitting a request or complaint.
​
Elaves Education and Technology Inc. is obliged to take all necessary technical and administrative measures to ensure an adequate level of security to prevent the processing of personal data unlawfully, prevent unauthorized access to data, and ensure the protection of personal data.
2. Processing of Personal Data and Processing Purposes
Your personal data is collected by Elaves Education and Technology Inc. through various channels for the purpose of conducting our activities based on legal grounds for ensuring compliance with legislation and Company policies. The collected personal data will be processed by Elaves Education and Technology Inc. within the framework of the basic principles prescribed by the PDPL and the personal data processing conditions and purposes specified in Articles 5 and 6 of the PDPL, and limited and proportionate to the purposes listed below.
-
Conducting commercial activities of the Company in compliance with legislation and Company policies
-
Fulfillment of the contract related to the service provided by the Company;
-
Planning and execution of activities necessary to enhance the user experience for the products and services offered by the Company, and customization of products and services according to the preferences, usage habits, and needs of the relevant individuals, and planning and execution of activities necessary to offer and promote them to relevant individuals;
-
Conducting studies by our business units to benefit the relevant individuals from the products and services offered by the Company and to enhance the experience of these users, and carrying out relevant business processes;
-
Ensuring the legal, technical, and commercial business security of the Company and individuals in business relations with the Company;
-
Planning and execution of commercial and/or business strategies of the Company.
​
Elaves Education and Technology Inc. may process the following personal data provided by users themselves:
-
Identity and Contact Information: Name, surname, phone number, address, e-mail address, fixed and mobile phone numbers
-
User Information, User Transaction Information, and Financial Information: Membership information, membership ID number, data regarding the date and time of using Company services, reasons for contacting the Company, terms used and filtering preferences when searching on the Website and Mobile Application, ratings and comments, invoice and payment information, balance information (such as sample invoices sent to users and receipts of payments received from users, invoice number, invoice amount, invoice issuance date, etc.)
-
Transaction Security Information: Membership information, password information
-
Marketing Information: Reports and evaluations showing your preferences and likes, targeting information, cookie records, etc.
-
Request/Complaint Management Information: Requests and complaints made through the Website and Mobile Application, and comments shared on the Website and Mobile Application
-
Risk Management Information: IP address
-
Audio Recording Information: Your participation in online and physical events, your participation in user research, and your voice recording during interactions with the call center.
-
Visual Recording Information: Your participation in online and physical events, your participation in user research, and your voice recording during interactions with the call center.
-
Legal Transaction Information: Information in correspondence with authorized persons, institutions, and organizations, information in lawsuit and execution files, and information regarding legal information requests.
3. Recipients and Purposes of Transfer of Processed Personal Data
Your collected personal data may be transferred by Elaves Education and Technology Inc. to the following recipients and for the purposes listed below, in compliance with the basic principles stipulated by the PDPL and the personal data processing conditions and purposes specified in Articles 8 and 9 of the PDPL, including but not limited to, our business partners, our branches including those abroad, our suppliers, our shareholders, competent public institutions and private persons:
-
Conducting necessary activities by the business units of Elaves Education and Technology Inc. to ensure compliance with legislation and Company policies in the commercial and scientific activities conducted by the Company;
-
Management of financial and accounting processes, detection and evaluation of risks, prevention of fraud, with our relevant business partners, consultants, and service providers, banks, and financial advisors,
-
Sending e-invoices to customers electronically through e-invoice business partners; physical delivery of contracts or invoices through cargo and courier companies, with private integrator, independent audit, customs, financial advisor/accountant, and legal service providing business partners,
-
With our business partners and service providers providing our IT infrastructure services,
-
Determining, planning, and implementing the short, medium, and long-term commercial and scientific policies of the Company;
-
Ensuring the commercial and legal security of individuals in business relations with the Company;
-
Protecting the commercial reputation of the Company and the trust it has built.
4. Retention Period of Personal Data
Our company keeps personal data for the period specified in the relevant laws and regulations, if provided for by law.
If the purpose of processing personal data has ended and the end of the periods specified in the relevant legislation and determined by the company for retention has been reached, personal data may only be stored for possible legal disputes to serve as evidence or to assert the related right related to personal data or to exercise the defense right, provided that it is stored for this purpose.
​
In this case, access to the stored personal data is not provided for any other purpose, and access to the relevant personal data is provided only when necessary for the relevant legal dispute. After the mentioned period expires, personal data is deleted, destroyed, or anonymized. The Company undertakes to,
-
Prevent the unlawful processing of personal data,
-
Prevent unauthorized access to personal data,
-
Take necessary technical and administrative measures to ensure an adequate level of security to protect personal data.
5. Deletion, Destruction, and Disposal of Personal Data
Your personal data, which is preserved within the scope of the law, will be kept for the maximum period required by the relevant legislation or for the maximum period required for the purpose for which they are processed, and in any case, until the statutory limitation periods. Despite being processed in compliance with the law as regulated in Article 138 of the Turkish Penal Code and Article 7 of the Law on the Protection of Personal Data, if the reasons requiring processing have ceased, your personal data will be deleted, destroyed, or anonymized under the conditions specified in the Regulation on the Deletion, Destruction, or Anonymization of Personal Data published in the Official Gazette dated 28.10.2017 and numbered 30224, either ex officio or upon your request.
6. Rights of the Data Subject
As data subjects, you may submit your requests regarding your rights to our Company, and the Company will conclude your request free of charge within the shortest time and at the latest within thirty (30) days, depending on the nature of the request. However, if the process requires an additional cost, the fee specified in the tariff determined by the Personal Data Protection Board will be charged by the Company. Within this scope, data subjects have the following rights:
-
To learn whether personal data is processed,
-
To request information if personal data is processed,
-
To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
-
To know the third parties to whom personal data are transferred domestically or abroad,
-
To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data have been transferred,
-
Although it has been processed in accordance with the law and other relevant provisions, to request the deletion or destruction of personal data in case the reasons requiring processing have ceased and to request notification of the transaction made within this scope to third parties to whom personal data have been transferred,
-
To object to the emergence of a result against the individual by analyzing the processed data exclusively through automated systems,
Data subjects have the right to demand compensation if they suffer damage due to the unlawful processing of personal data.
​
In order to exercise your rights regarding the processing of your personal data, you must submit your application to our Company by filling out the application form on the Company's website, in writing, or by using the registered electronic mail address, secure electronic signature, mobile signature, or the electronic mail address previously notified to us and recorded in our records. Depending on the nature of your request and the application method, additional verifications (such as sending a message to your registered phone number, calling you) may be requested by the Company to determine whether the application belongs to you and thus to protect your rights. For example, if you apply through the e-mail address registered in the Company's records, we may contact you using another contact method registered in the Company's records and request confirmation of whether the application belongs to you.
7. Contact Information for Rights and Requests
For your questions regarding your personal data and your rights and requests specified in Article 11 of the PDPL, you can send your application to the e-mail address hello@elaves.com via the e-mail address associated with your membership registered in our system. You can access the application form from here.
​
Additionally, you can send your application in accordance with the conditions specified in the Regulation on the Procedures and Principles of Application to the Data Controller by submitting a properly prepared petition or in-person to "ReÅŸitpaÅŸa Mah. Katar Cad. İTÜ Arı 3 Teknokent Binası No: 4 Ä°ç Kapı No: B204 SARIYER/ İSTANBUL / Türkiye", by registered mail, or by notary or via a Registered Electronic Mail address (elaves@hs03.kep.tr) signed with a Secure Electronic Signature or Mobile Signature. It is mandatory for the applicants to prove their identity with documents.
About the Information Text
Elaves Education and Technology Inc. reserves the right to update this Cookie Information Text at any time within the framework of changes that may be made in the current legislation.
Contact Information
Email Address: hello@elaves.com
KEP Address: elaves@hs03.kep.tr
Phone: +90 212 217 22 30
Address: ReÅŸitpaÅŸa Mah. Katar Cad. İTÜ Arı 3 Teknokent Binası No: 4 Ä°ç Kapı No: B204 Sarıyer / Ä°stanbul / Türkiye 34467