PRIVACY POLICY

Last Updated: April 02, 2025

1. INTRODUCTION AND SCOPE

As CORIUS YAZILIM VE TEKNOLOJİ ANONİM ŞİRKETİ ("Corius", "Our Company", "We"), we attach great importance to the privacy and security of personal data of our website visitors (https://corius.com.tr), our customers who benefit from our services, our business partners, and all relevant individuals who communicate with us. This Privacy Policy ("Policy") has been prepared to inform you about the personal data processed by our Company in accordance with the Law on Protection of Personal Data No. 6698 ("KVKK").

This Policy explains how the personal data we collect through our website, mobile applications (if any), services, events, and all other channels are processed, with whom they are shared, your rights as a data subject, and how you can exercise these rights.

2. DATA CONTROLLER

The party acting as the "Data Controller" regarding your personal data within the scope of KVKK is:

Title: CORIUS YAZILIM VE TEKNOLOJİ ANONİM ŞİRKETİ
MERSIS No: 212100060600001
Tax ID: 2121000606
Address: Kızılırmak Mah. Dumlupınar Bulvarı Next Level No:3 A Kat:4 D.No:10 PK:06520 Çankaya / Ankara - Türkiye
Phone: +90 312 911 63 81
Email: [email protected]
Website: corius.com.tr

3. PROCESSED PERSONAL DATA AND COLLECTION METHODS

Depending on your interaction with our Company, the following categories of your personal data may be processed:

Identity Information: Name, surname, Turkish Republic identity number (where necessary), title.
Contact Information: Email address, phone number, company name, address details.
Customer Transaction Information: Request information, order information, invoice information, project details (within the scope of the service).
Transaction Security Information: IP address, website login-logout information, log records, cookie data.
Marketing Information: Cookie records, targeting information, habits and preferences, email consent status.
Location Information: Approximate location information during website access (from IP address).
Visual and Audio Records: Records made during events or for security purposes (if any and if informed).
Personnel Information: Information contained in the CV if a job application is made.
Other Information: Information in the message content you send to us via contact forms or other channels.

Your personal data is collected by automatic or non-automatic methods such as forms on our website (contact, demo request, etc.), cookies, email, phone, social media, job applications, contracts, fairs/events.

4. PURPOSES AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

Your personal data is processed for the following purposes and based on the legal grounds specified in Article 5 of the KVKK:

Processing Purpose	Relevant Personal Data Categories	Legal Ground under KVKK (Article 5)
Provision of our services, execution of contract processes	Identity, Contact, Customer Transaction	It is necessary to process personal data belonging to the parties of a contract, provided that it is directly related to the establishment or performance of the contract (5/2-c)
Evaluation of requests, complaints, and suggestions, responding to communication	Identity, Contact, Customer Transaction, Other	It is mandatory for the data controller to process data for its legitimate interests, provided that it does not harm the fundamental rights and freedoms of the data subject (5/2-f), It is mandatory for the data controller to fulfill its legal obligation (5/2-ç)
Website operation, performance analysis, improving user experience	Transaction Security, Location, Marketing (Cookies)	It is mandatory for the data controller to process data for its legitimate interests, provided that it does not harm the fundamental rights and freedoms of the data subject (5/2-f), Explicit Consent (except for essential cookies) (5/1)
Fulfillment of legal obligations (e.g., invoicing, official reporting)	Identity, Contact, Customer Transaction	Explicitly stipulated in laws (5/2-a), It is mandatory for the data controller to fulfill its legal obligation (5/2-ç)
Conducting marketing, promotional, and informational activities	Contact, Marketing	Explicit Consent (5/1)
Execution of job application processes	Identity, Contact, Personnel	Directly related to the establishment or performance of a contract (employment contract) (5/2-c), Explicit Consent (for future positions) (5/1)
Execution of information security processes	Transaction Security	It is mandatory for the data controller to fulfill its legal obligation (5/2-ç), Legitimate Interest (5/2-f)

5. TRANSFER OF PERSONAL DATA

Your personal data may be transferred to the following recipient groups, located domestically or abroad, in line with the purposes stated above and in accordance with KVKK Articles 8 and 9:

Suppliers and Service Providers: Our business partners from whom we receive services such as hosting, cloud computing, email sending, web analytics, CRM, payment systems (with necessary confidentiality commitments and contracts).
Business Partners: Our business partners with whom we cooperate for the provision of our services (for example, for a specific technology integration) (where necessary and with legal grounds).
Authorized Public Institutions and Organizations: In accordance with legal requests and for the purpose of fulfilling our legal obligations (Courts, Ministries, BRSA, etc.).
Legal and Audit Firms: When necessary for the follow-up of legal processes or audit activities.

In case of international data transfer, the conditions specified in Article 9 of the KVKK (countries declared to have adequate protection by the Personal Data Protection Board, or in cases where there is no adequate protection, the parties' written commitment to provide adequate protection and the Board's permission) are observed.

6. RIGHTS OF THE DATA SUBJECT

In accordance with KVKK Article 11, you have the following rights regarding your personal data:

To learn whether your personal data is being processed,
To request information if your personal data has been processed,
To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
To know the third parties to whom your personal data is transferred domestically or abroad,
To request correction of your personal data if it is incomplete or incorrectly processed, and to request that the transaction made in this context be notified to third parties to whom your personal data has been transferred,
To request the deletion or destruction of your personal data in the event that the reasons requiring its processing have disappeared, even though it has been processed in accordance with the KVKK and other relevant laws, and to request that the transaction made in this context be notified to third parties to whom your personal data has been transferred,
To object to the occurrence of a result against you by analyzing your processed data exclusively through automated systems,
To demand compensation for damages if you suffer damage due to unlawful processing of your personal data.

7. EXERCISING RIGHTS

To exercise your rights mentioned above, you can submit your requests to our Company with identity-proving documents using one of the following methods:

With Secure Electronic Signature or Mobile Signature: By sending an email to [email protected].
From your email address previously notified to our Company and registered in our system: By sending an email to [email protected].

Your application must clearly state your name, surname, TR identity number (if the applicant is a foreigner, nationality, passport number, or identity number if any), residential address or business address for notification, email address for notification if any, phone number, and the subject of your request.

Your applications will be concluded free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, fees determined by the Personal Data Protection Board may be charged.

8. SECURITY OF PERSONAL DATA

Our Company takes all necessary administrative and technical measures to ensure an appropriate level of security to prevent unlawful processing of your personal data, unauthorized access, and to ensure its preservation. In this context, reasonable physical, electronic, and managerial procedures are applied to prevent unauthorized access, protect data integrity, and ensure data confidentiality.

9. RETENTION PERIOD OF PERSONAL DATA

Your personal data will be retained for the period required by the processing purposes and/or for the retention periods stipulated in the relevant legal regulations. When the processing purpose ceases to exist or the legal retention period expires, your personal data will be deleted, destroyed, or anonymized ex officio or upon your request.

10. COOKIE POLICY

Cookies are used on our website to improve user experience, operate the site effectively, and perform analyses. Detailed information about our cookie policy can be found at https://corius.com.tr/policies/cookies.

11. PRIVACY POLICY UPDATES

This Privacy Policy may be updated periodically in line with changing legal regulations or changes in our Company's data processing activities. Significant changes made to the Policy will be notified to you by publishing them on our website or through other appropriate communication channels. We recommend that you regularly review the Policy.

12. CONTACT

For all your questions, opinions, and requests regarding the Privacy Policy or the processing of your personal data, you can reach us via the Data Controller's contact information specified in Article 2 above or at the email address [email protected].