PRIVACY POLICY

Last Updated: April 02, 2025

1. INTRODUCTION AND SCOPE

As CORIUS YAZILIM VE TEKNOLOJİ ANONİM ŞİRKETİ ("Corius", "Our Company", "We"), we place great importance on the privacy and security of the personal data of our users visiting our website (https://corius.com.tr), our customers benefiting from our services, our business partners, and all relevant persons who contact us. This Privacy Policy ("Policy") has been prepared to inform you about the personal data processed by our Company in accordance with the Law on Protection of Personal Data No. 6698 ("KVKK").

This Policy explains how the personal data we collect through our website, mobile applications (if any), services, events, and all other channels are processed, with whom they are shared, your rights as a data subject, and how you can exercise these rights.

2. DATA CONTROLLER

The party acting as the "Data Controller" regarding your personal data under KVKK is:

Title: CORIUS YAZILIM VE TEKNOLOJİ ANONİM ŞİRKETİ
MERSIS No: 212100060600001
Tax Identification No: 2121000606
Address: Kızılırmak Mah. Dumlupınar Bulvarı Next Level No:3 A Kat:4 D.No:10 PK:06520 Çankaya / Ankara - Türkiye
Phone: +90 312 911 63 81
E-mail: [email protected]
Website: corius.com.tr

3. PROCESSED PERSONAL DATA AND COLLECTION METHODS

Depending on your interaction with our Company, the following categories of your personal data may be processed:

Identity Information: Name, surname, T.C. identity number (where necessary), title.
Contact Information: E-mail address, phone number, company name, address details.
Customer Transaction Information: Request details, order details, invoice details, project details (within the scope of service).
Transaction Security Information: IP address, website login-logout information, log records, cookie data.
Marketing Information: Cookie records, targeting information, habits and preferences, e-mail permission status.
Location Information: Approximate location information during website access (from IP address).
Visual and Auditory Records: Recordings made at events or for security purposes (if any and if informed).
Personnel Information: Information contained in the CV if a job application is made.
Other Information: Information in the content of messages you send us via contact forms or other channels.

Your personal data is collected through automatic or non-automatic methods such as forms on our website (contact, demo request, etc.), cookies, e-mail, telephone, social media, job applications, contracts, fairs/events.

4. PURPOSES AND LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

Your personal data is processed for the following purposes and based on the legal grounds specified in Article 5 of the KVKK:

Processing Purpose	Relevant Personal Data Categories	Legal Ground under KVKK (Article 5)
Provision of our services, execution of contract processes	Identity, Contact, Customer Transaction	Processing of personal data belonging to the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract (5/2-c)
Evaluation of requests, complaints, and suggestions, responding to communications	Identity, Contact, Customer Transaction, Other	Processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject (5/2-f), Processing is necessary for compliance with a legal obligation to which the data controller is subject (5/2-ç)
Operation of the website, performance analysis, improvement of user experience	Transaction Security, Location, Marketing (Cookies)	Processing is necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject (5/2-f), Explicit Consent (except for necessary cookies) (5/1)
Fulfillment of legal obligations (e.g., invoicing, official reporting)	Identity, Contact, Customer Transaction	Explicitly provided for by law (5/2-a), Processing is necessary for compliance with a legal obligation to which the data controller is subject (5/2-ç)
Conducting marketing, promotion, and information activities	Contact, Marketing	Explicit Consent (5/1)
Conducting job application processes	Identity, Contact, Personnel	Directly related to the establishment or performance of a contract (employment contract) (5/2-c), Explicit Consent (for future positions) (5/1)
Conducting information security processes	Transaction Security	Processing is necessary for compliance with a legal obligation to which the data controller is subject (5/2-ç), Legitimate Interest (5/2-f)

5. TRANSFER OF PERSONAL DATA

Your personal data may be transferred to the following recipient groups located domestically or abroad, in line with the purposes stated above and in accordance with Articles 8 and 9 of the KVKK:

Suppliers and Service Providers: Our business partners from whom we receive services such as hosting, cloud computing, e-mail delivery, web analytics, CRM, payment systems (with necessary confidentiality commitments and contracts).
Business Partners: Our business partners with whom we collaborate for the provision of our services (e.g., for a specific technology integration) (where necessary and with legal grounds).
Authorized Public Institutions and Organizations: In response to legal requests and to fulfill our legal obligations (Courts, Ministries, BRSA, etc.).
Law and Audit Firms: If necessary for tracking legal processes or audit activities.

In case of data transfer abroad, the conditions specified in Article 9 of the KVKK (countries declared to have adequate protection by the Personal Data Protection Board, or in cases where adequate protection is lacking, the parties providing adequate protection in writing and obtaining the Board's permission) are observed.

6. RIGHTS OF THE DATA SUBJECT

Pursuant to Article 11 of the KVKK, you have the following rights regarding your personal data:

To learn whether your personal data are processed or not,
To request information if your personal data have been processed,
To learn the purpose of the processing of your personal data and whether they are used in accordance with the purpose,
To know the third parties to whom your personal data are transferred in the country or abroad,
To request the rectification of incomplete or inaccurate data, if any, and to request notification of the operation carried out within this scope to third parties to whom your personal data has been transferred,
To request the erasure or destruction of your personal data in the event that the reasons requiring its processing cease to exist despite having been processed in accordance with the KVKK and other relevant laws, and to request notification of the operation carried out within this scope to third parties to whom your personal data has been transferred,
To object to the occurrence of a result against yourself by analyzing the data processed solely through automated systems,
To claim compensation for the damage arising from the unlawful processing of your personal data.

7. EXERCISING RIGHTS

To exercise your rights mentioned above, you can submit your requests to our Company, along with documents verifying your identity, using one of the following methods:

With Secure Electronic Signature or Mobile Signature: By sending an e-mail to [email protected].
From the e-mail address you previously notified to our Company and registered in our system: By sending an e-mail to [email protected].

Your application must clearly state your name, surname, T.C. identity number (if the applicant is foreign, nationality, passport number, or identity number if available), residential or business address for notification, e-mail address for notification if available, telephone number, and the subject of the request.

Your applications will be concluded free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the request. However, if the transaction requires an additional cost, the fees in the tariff determined by the Personal Data Protection Board may be requested.

8. SECURITY OF PERSONAL DATA

Our Company takes all necessary administrative and technical measures to ensure the appropriate level of security to prevent unlawful processing of, prevent unlawful access to, and ensure the preservation of your personal data. In this context, reasonable physical, electronic, and managerial procedures are implemented to prevent unauthorized access, maintain data integrity, and ensure data confidentiality.

9. RETENTION PERIOD OF PERSONAL DATA

Your personal data is retained for the period required by the purposes of processing and/or for the retention periods stipulated in the relevant legal legislation. When the purpose of processing ceases to exist, or the legal retention period expires, your personal data is deleted, destroyed, or anonymized ex officio or upon your request.

10. COOKIE POLICY

Cookies are used on our website to improve user experience, operate the site effectively, and perform analyses. Detailed information about our cookie policy can be found at https://corius.com.tr/policies/cookies.

11. PRIVACY POLICY UPDATES

This Privacy Policy may be updated periodically in line with changing legal regulations or changes in our Company's data processing activities. Significant changes to the Policy will be notified to you by publishing them on our website or through other appropriate communication channels. We recommend that you review the Policy regularly.

12. CONTACT

For any questions, opinions, or requests regarding the Privacy Policy or the processing of your personal data, you can contact us using the Data Controller contact information specified in Article 2 above or via the e-mail address [email protected].