STABLEX  

CLARIFICATION TEXT  

ON PERSONAL DATA PROTECTION  

DATA CONTROLLER’S IDENTIFICATION:  

DATA CONTROLLER : STABLEX BİLİŞİM TEKNOLOJİ ANONİM ŞIRKETİ 

ADDRESS           : EMNİYET EVLERİ MAHALLESİ ESKİ BÜYÜKDERE CAD. NO: 1 SAPPHIRE TOWER KAT:19/03 PK:34415 KAĞITHANE/İSTANBUL 

TAX OFFICE: ZINCIRLIKUYU / TAXPAYER’S ID: 7810858761 

Objective of this Stablex Clarification Text: It is intended to clarify Users regarding terms and conditions in connection with processing personal data of users (“User or Data Owner”) when they are using services provided on the website www.stablex.net (“Website”) being operated by Stablex Bilişim Teknoloji A.Ş. (“Company”).   

In interpretation of wordings not defined in this clarification text, definitions in Stablex User Agreement ("Agreement") published in the website will be used. 

Automatic processing of any other data provided by you without Company’s request than the data requested by Company shall not be deemed as personal data processed by Company within the scope of this clarification text.   

LIABILITY OF CLARIFICATION  

Dear Users; we as STABLEX would like to inform you about our Company’s methods to collect, process and transfer your personal data as well as about time of processing and rights you have regarding your personal data in question.   

Pursuant to the provisions of the Personal Data Protection Law No. 6698 ("PDP Law") and applicable regulations (Personal Data Protection Regulations), any information of you which identifies your identity or makes it identifiable is qualified as Personal Data and processed by STABLEX in the capacity of Data Controller within the context as described below and limits instructed by the regulation, complying with required obligations.    

As part of the right of privacy and protection of fundamental rights and freedoms, and pursuant to 20th article of our Constitution; “Everyone has the right to demand protection of their personal data. This right includes that the person should be notified about his/her personal data, access to such data, request correction or deletion of them, and come to know whether they are used in line with their intended use. Personal data can be processed only in the events anticipated by law and/or with express consent of the person. Principles and procedures regarding protection of personal data are governed by law.”   

In this context, “Information request” is also listed among other rights of personal data owner, in 11th article of the Law on Personal Data Protection numbered 6698. Stablex provides required information upon personal data owners request in accordance with the Constitution and PDP Law.    

Stablex processes and protects data within the framework of compliance with Law on Personal Data Protection (Law No. 6698) and EU Regulations, in the context of GDPR (General Data Protection Regulation), and in accordance with the foregoing. Stablex also provides clarification to personal data owners at the time of collection of their personal data, in accordance with 10th article of Personal Data Protection Law No. 6698  that for what purpose the personal data collected will be processed, to whom and for what purpose such personal data may be transferred, as well as methods and legal grounds of collecting personal data and the rights personal data owners have under 11th article of Personal Data Protection Law No. 6698 ("PDP Law").   

Each user who agreed to the User Agreement provided on the website and signed up to the website agrees that this clarification is served to them.   

DEFINITIONS: 

For other definitions, please review definitions given in Stablex User Agreement (https://10.0.0.15:2020/en-us/Terms-and-Conditions).   

COMPANY (Stablex) 

STABLEX BİLİŞİM TEKNOLOJİ A.Ş.

WEBSITE 

USER 

Natural person signed up to the website 

PDP Law

Personal Data Protection Law No. 6698 https://www.mevzuat.gov.tr/mevzuatmetin/1.5.6698.pdf

PDPA

Personal Data Protection Authoritywww.kvkk.gov.tr

DATA

TDK (Turkish Language Association)Display of facts, concepts or commands in an eligible format for communication, interpretation and transaction. 

Typical definition:It is the name given to raw (unprocessed) real information particle.

PERSONAL DATA

All and any kind of information about a natural person whose identity is clear or identifiable. 

I.e;Name-surname, TR ID Number, e-mail, address, birth date, credit card number, bank account number, etc. 

* Processing data owned by legal entities is not included in the context of this law. 

PERSONAL DATA OF SPECIAL QUALITY (SENSITIVE PERSONAL DATA)

Race, ethnical origin, political thought, philosophical belief, religion, sect or other beliefs, clothing, membership to organizations, foundations or unions, health, sexual life, criminal record or security action related data as well as biometric and genetic data are of special quality. 

DATA CONTROLLER 

A person who determines purposes and means of processing personal data, manages the place where data are kept systematically (data registration system) is data controller. 

DATA PROCESSOR 

Natural person and/or legal entity who is processing personal data on behalf of data controller relying on the authority vested by him/her.  

DATA CATEGORY

Personal data class of Data Subject Group(s) in which personal data are categorized based on similar characteristics. 

DATA CONTROLLERS’ REGISTRY: 

A registration system anticipated by law, to which data controllers must be registered and that is kept publicly by personal data protection authority under supervision of the board.  

TDCR: TURKISH DATA CONTROLLER REGISTRY (VERBIS)

An informatics system which is created and managed by personal data protection authority, accessible on the internet and used by data controllers in registration applications and other transactions related to registration. 

DATA CONTROLLER’S REPRESENTATIVE 

A legal entity seated in Turkey or a natural person who is a Turkish citizen, having minimum power to represent Data controllers who are not resident in Turkey, in connection with matters specified in 11th article of regulation on registration of data controllers. 

LIABILITY OF REGISTRATION 

A liability regarding registration that has to be done in accordance with the regulation on registration of data controllers. 

DATA OWNER (RELEVANT PERSON – SUBJECT OF DATA) 

A natural person whose data is being processed.  

Data owner is defined in the shortest term as “a natural person whose data is being processed”. 

It is called “relevant person” by Personal Data Protection Law.

However, the term “data owner” is also used besides many other names such as “the person whose data is processed”, “data subject”, “person subject to data” and etc. 

USER

DATA OWNER – RELEVANT PERSON 

PROVISION OF PROCESSING: 

Circumstances described in 6698 numbered law, which are taken by data controllers as basis for their activity of processing personal data. 

RELEVANT USER:

Except for the person or division being responsible for technical data storage, protection and back-up, a natural person or legal entity who processes personal data within the data controller organization and/or based on the power and instruction from data controller.  

CONTACT PERSON

A natural person who is reported to data controllers’ registry at the time of registration by data controller for the purpose of communications with the authority in connection with liabilities of legal entity data controllers seated in Turkey or representatives of legal entity data controllers not resident in Turkey that are to be imposed under Personal Data Protection Law and any secondary arrangements to be issued based on the same law.  

GROUP OF PEOPLE SUBJECT TO DATA 

Category of relevant person whose personal data are processed by data controllers. 

PROCESSING PERSONAL DATA: 

All and any kind of activity performed on data such as collection, recording, storing, maintaining, modification, editing, description, transfer, taking over, making available, classification or obscuring use of personal data, using full or semiautomatic ways or non-automatic ways provided to be a part of any data recording system. 

INVENTORY OF PROCESSED PERSONAL DATA 

An inventory detailed with descriptions of personal data processing activities being performed by data controllers based on their work processes, maximum timeperiod required for the purposes of personal data processing, data category and purposes of processing personal data that are created by relating transferee group with data subject group, personal data which are expected to be transferred to foreign countries and actions taken for data safety.  

PERSONAL DATA RETENTION PERIOD 

Maximum time period for keeping personal data processed in accordance with the provisions of 6698 numbered law and other applicable laws, which is anticipated in relevant regulations and/or required for the purpose of processing. 

DATA SAFETY: 

Protection of personal data by all technical and administrative means to prohibit any illegal processing of personal data, to block illegal access to personal data and to ensure protection of personal data. 

LEGITIMATE INTEREST: 

The benefit that data controller will get from processing personal data, provided not to damage any fundamental rights and freedoms of relevant person, being related to a legitimate, effective, specific and available interest of data controller. 

TEMPERANCE: 

Having personal data processed limited with those only required for the purpose of processing, a reasonable balance being found between processed data and purpose of processing

LIABILITY OF NON-DISCLOSURE

Data controller or the processing person has the liability of not to disclose personal data they come to know to any third parties against provisions of 6698 numbered law, and not to use them outside their purpose of processing. 

BALANCE TEST:

A test used to assess which rights and interests prevail undercircumstances where more than one right and interest compete. 

CONSENT 

Consent, require, request.

EXPLICIT CONSENT:

A consent relying on information provided regarding a specific matter, based on information and disclosed with free will.

WITHDRAWING EXPLICIT CONSENT: 

Withdrawing prospectively of a consent given by relevant person to data controller regarding a specific matter, based on information and with his/her free will. 

EXPLICIT CONSENT METHOD (OPT-IN)

A method of consent requiring an active movement of relevant person, meaning that consent is not given to immobility. 

BLANKET CONSENT: 

A general consent which is not limited with a specific matter and with the respective transaction. 

ANONYMIZATION 

Making personal data impossible to link them with a person who can be identified or identifiable in any event whatsoever not even by matching any other data. 

TRANSFER

Disclosing of personal data collected by data controller to natural persons or legal entities, public authorities and organizations or other organs in domestic and/or abroad. 

CLARIFICATION

Notification to relevant person done by data controller or its authorized person at the time of collection, indicating identity of data controller and (if any) its representative; for what purpose personal data are processed; to whom and for what purpose processed personal data can be transferred; and what are the methods and legal grounds of collecting personal data as well as other rights of relevant person. 

BIOMETRIC DATA:

Personal data derived from specific technical operations regarding an individual’s physical, physiological and behavioral characteristics ensuring that a natural person can be identified and verified genuinely based on unique identifiers such as facial images or dactiloscopic data.  

LIABILITY OF KEEPING RECORDS:

A liability of keeping records required to be done in accordance with the regulation on data controllers’ registration.

RECORDING ENVIRONMENT 

Any kind of environment in which personal data being processed by full or semi automatic ways, or non-automatic ways providedthat they should be a part of any data registration system are stored and kept. 

ELECTRONIC ENVIRONMENT: 

An environment ensuring processing, storing and transmitting data upon digitization.

CLOUD COMPUTING 

A model allowing access to collective pool of adjustable informatics resources such as computer networks that can be supplied and released quickly through a low-level management effort or service provider interaction, servers, storage, application and services, etc., and to network from anywhere at any time conveniently.

LAYERED NOTIFICATION:

Notification to be done to relevant person by data controller regarding processing his/her personal data, using multiple channels and mediums.

LOG

Keeping incident logging generated by informatics systems with time stamp.

IP ADDRESS

(INTERNET PROTOCOL ADDRESS)

Address used by devices connected to other package switched networks using internet or tcp/ip protocol to exchange data through network with each other.

API 

(APPLICATION PROGRAMMING INTERFACE)

Application programming interface is an interface ensuring that an application/ service/ platform

(i.e.  Youtube, mailchimp, facebook, google, wordpress, digitalocean, grav, nginx, ubuntu, android etc.) can be used besides their current abilities within the limitations as allowed. 

AUTOMATED PROCESSING: 

Transaction being done upon structuring personal data, minimizing human interference and efforts, based on specific criteria with electronic or informatics systems in a digital environment.

AUDIT:

Auditing done or caused to be done in its own establishment or organization in orderto ensure that data controller complies with provisions of law.

REQUIREMENT TEST: 

Testing used to assess if it is required to process personal data of relevant person by data controller within the scope of other legal grounds of data processing conditions than those included in open consent.

DELETION:

Making personal data inaccessible and non-reusable by relevant users in anyway.

DESTRUCTION:

Making personal data inaccessible, non-retrievable and non-reusable by anyone in anyway.

PHYSICAL DESTRUCTION:

Making personal daya physically inaccessible through actions such as melting, burning optic or magnetic media, crushing them into powder or grinding by means of a metal grinder.

DISPOSAL:

Deleting, destroying or anonymizing personal data.

PERSONAL DATA STORAGE AND DISPOSAL POLICIES 

A policy used by data controllers as basis for deletion, destruction and anonymization upon determination of maximum time period required for the purposes of processing personal data.  

PERIODICAL DISPOSAL 

Deletion, destruction and/or anonymization to be done ex officio in repeating intervals as specified in the policy of storage and disposal of personal data in the event that the conditions for processing personal data set out in the law are completely ruled out.  

DATA LEAK

Unauthorized transfer of personal data to an external target or receiver from the organization inside by electronic or physical methods. Data controller: a natural person or a legal entity who is responsible for determining purposes and means of processing personal data, and for installation and management of data registration system. 

DATA MINIMIZATION:

Collecting and processing of data bydata controller in a way limited, restrained and connected to conditions of processing as set forth in the law and to the purposes for achieving such conditions.

BLACK-OUT:

Actions such as drawing a line on, painting on or censoring entirety of personal data, making them unrelatable with a natural person whose identity is clear or identifiable.   

MASKING:

Actions such as erasing, drawing a line on, painting on or putting crosses on specific areas of personal data, making them unrelatable with a natural person whose identity is clear or identifiable.  

PROFILING:

A way of processing personal data primarily by analyzing and estimating aspects regarding relevant person’s professional performance, financial status, health, personal preferences, areas of interest, credibility, behaviors, position or actions, by evaluating specific personal features of said person; by means of processing personal data exclusively via automated systems.

DEMAGNETIZATION: 

Disruption of a magnetic media as to make personal data inside unreadable by putting it in a specific device to have it exposed to a high level of magnetic field.    

DIRECT IDENTIFIERS:

Identifiers which directly expose, disclose and make identifiable the person with whom they are alone in a relationship. 

INDIRECT IDENTIFIERS:

Identifiers which come together with other identifiers and expose, disclose and make identifiable the person with whom they are in a relationship. 

RIGHT OF PETITION:

Relevant person’s right to submit his/her claims regarding implementation of 6698 numbered law to data controller either in writing or in other ways as described in the communiqué on principles and procedures of petition.  

COMPLAINT:

An application submitted by relevant person to Personal Data Protection Board from the date when he/she received data controller’s reply, in the following events; rejection of his/her application to data controller, finding answers given insufficient or failure to give an answer to the application in time.

RIGHT OF CORRECTION:

Relevant person’s right to request from data controller to correct his/her personal data that are processed incompletely or incorrectly.

ADEQUATE PRECAUTIONS: 

Precautions determined by the board and required to be taken by data controller for the purpose of processing personal data of special quality. 

FOREIGN SERVICE PROVIDERS 

An organization or a part of an organization which is based in abroad and providing said service(s), that administers provision of service(s) to customeras an example (Cloud Service, Wallet Service, etc.) 

CHATBOT 

Chatbots are software applications designed to assist users in services sector, mimicking written and/or verbal human talk. 

CRYPTO MONEY 

Crypto money is a digital asset, a virtual entity that is designed as a means of exchange alternative to cash in its way of working, uses cryptography namely encoding to secure its transactions. 

WALLET  

Digital/ virtual wallets in which you can keep your crypto money savings. 

YOUR PERSONAL DATA BEING PROCESSED  

As detailed by Stablex in this section, your personal data are processed under 13 titles.   

It is listed in groups in the following based on the fact which personal data that are processed under services provided by company and considered as personal data in accordance with Personal Data Protection Law belong to Users. Unless otherwise is expressly specified, “personal data” and “personal data of special quality” terms used herein contain the following information according to the provisions and conditions given in this Text.   

Data collected for signing up  

Data collected for identity authentication steps   

Data collected through cookies  

Demographic data  

Data collected for payment transactions  

Statutory collection of data under the regulations  

Data collected for social media tools  

Data collected for Call Center – Customer Services Specialists  

Data collected by customer services specialists  

Data collected for domestic service providers  

Data collected for foreign partners and affiliates of the company  

Data received from companies with abroad servers and through their service providers  

Personal Data of special quality  

WHAT PERSONAL DATA OF YOURS ARE BEING PROCESSED?  

We as Stablex will process your following data based on legal relationship to be established with you and/or transaction to be done, provided that they shall not be limited to data collected as a result of the foregoing titles and that such list shall only be a sample provided for you. If you signed in to our website as a user, such data shall be matched with your username and following data shall be processed depending on your actions. If you did not sign in as a user, your data which may vary according to cookie settings you use shall be processed by Stablex website as anonymous data. See COOKIE POLICY.    

Name-Surname, Birth Date, Gender, Occupation, Education, Cell phone, E-mail address, Turkish identity number or ID number given by country of nationality, identity card serial number, IBAN data, Address documents (Residence Certificate with Barcode, obtained from Turkish E-State System or a Platform of their country of nationality which serves for the same purpose, Electric or Water Bill on which current address of the user is written, Identity certificate of the User (T.R. Identity Card, Passport, Driver’s License), Passwords used for user identity validation steps and for access to Stablex account, and stored as encrypted, Copy of user’s identification including both sides, Current Photo, Contact information, password tips, bank account information including current address, location info, IP address of the first access, LOGs / API records, times of sign in & sign out (time stamps), location info, type of device used, Password/ Key Code Reminder system, operating system and browser, etc., data on website visits, sub-pages you visited, times spent there, etc. user statistics, list of favourite crypto currencies, web preferences in use (Night Mode – Day Mode preferences), preferred Language data, Country/ City you live (location info), sub-pages you visited, times spent there, etc. user statistics, data on purchase – sale transactions done through the platform, users’ bank accounts information, crypto wallet addresses, protocol in use, browser you use to access our website, information of websites or apps from which you came, bank information, past transactions, past transfers, wallet transactions, purchase – sale transactions, logs of customer service specialists, call center voice recordings, mobile app logs, SMS logs, e-mail logs, voice logs, call center codes (ticket info), data owner’s trouble code (ticket) logs, Chatbot logs are processed.          

 FOR WHAT PURPOSE ARE WE PROCESSING YOUR PERSONAL DATA:   

DATA COLLECTED FOR SIGNING UP: Your contact information you provided to us by using our forms and/or at the time of sign-up,   

DATA COLLECTED FOR IDENTITY AUTHENTICATION STEPS:  

Data we need to collect in accordance with the regulations and within the framework of “Customer Recognition System (Know your Customer – KYC)” from those signed up online, for you to have the capacity of being a user.

DATA COLLECTED THROUGH COOKIES: As Stablex we use cookies to improve our website, make it useful, effective and safe. If you continue to surf within our website, we would access to cookies in your device and process such data. You may get further information about your processed data from “Cookie Policy” published on your site. 

DEMOGRAPHIC DATA: Signup forms, identity authentication data, data on site use habits and your data collected as a result of survey analysis.   

DATA COLLECTED FOR PAYMENT TRANSACTIONS: Your data needed for user’s purchase – sale transactions,  

STATUTORY COLLECTION OF DATA UNDER REGULATION: Limited to the extent of and anticipated in applicable laws only; warrants requested by FCIB (Financial Crimes Investigation Board), BRSA (Banking Regulation and Supervision Agency), CMB (Capital Markets Board of Turkey), Turkish courts for public authorities and organizations, judicial authorities with jurisdiction, requests placed by Syber Crimes Unit through Prosecutors’ Offices, and international organizations contracted under law, circumstances requiring transfer of data as anticipated expressly in the laws. 

DATA COLLECTED FOR SOCIAL MEDIA TOOLS: Your data collected for using in news on social media events, detecting visitors’ use habits, performing data analysis, improving quality of our website services provided, using in campaign, sales and marketing activities. 

DATA COLLECTED FOR CALL CENTER – CUSTOMER SERVICES SPECIALISTS: Data collected for using fast and effective communication channels to provide better service to Stablex’s users (data owner) and using in campaign, sales and marketing activities, and for call center and/or complaint follow-up service companies’s use to settle customer complaints.   

DATA COLLECTED BY CUSTOMER SERVICE SPECIALISTS: Your Data collected for information, information safety and troubleshooting purposes, provided to Customer Support Specialist (CSS) to solve ticket created in connection with data owner’s troubles.   

DATA COLLECTED FOR DOMESTIC SERVICE PROVIDERS: Your data collected in order to ensure Stablex internal audit, prepare financial reports, create company budget plans, perform technical and social analysis, and establish business partnerships with some domestic companies and suppliers.   

DATA COLLECTED FOR FOREIGN PARTNERS AND AFFILIATES OF COMPANY: Your data collected in order to ensure Stablex external audit, prepare external audit financial reports, create company budget plans, perform technical and social analysis, and establish business partnerships with some foreign companies and suppliers.    

DATA COLLECTED FROM COMPANIES WITH SERVERS ABROAD AND THROUGH SERVICE PROVIDERS: Stablex works with Foreign Service Providers to provide better service to data owners (users), work with the most reliable service providers to ensure world-standard data safety and find fastest solutions. Your data will be transferred to service providers in abroad as soon as you sign up.  

PERSONAL DATA OF SPECIAL QUALITY: (Stablex acts in accordance with the arrangements set forth in the Personal Data Protection Law. Stablex not only ensures safety of your personal data of special quality at best but also takes your open consent for your personal data of special quality in order to provide best service to users, establish collaborations required for execution of contract and in case of presence of mandatory conditions for transfer of data as it is expressly set out in Laws.  

TO WHOM WE TRANSFER YOUR PERSONAL DATA:  

For aforesaid purposes and under the terms and conditions as set out in the Law, your processed personal data ARE TRANSFERRED TO;  

Stablex employees, Cloud service providers, authorities required to share with under applicable regulation, banks, call centers, shipment firms, biometric data to identity validation companies, survey companies, foreign third party service providers, website security service providers, international organizations required by law, authorities required to transfer data as it is expressly anticipated by laws, Financial Crimes Investigation Board (FCIB), Banking Regulation and Supervision Agency (BRSA), Capital Markets Board (CMB), Turkish courts, tax offices, syber crimes units through prosecutors’ offices, agencies we work with, our marketing department, customer support specialists, risk management department, operator corporations, foreign data transfer centers, domestic auditor firms, financial consultancy service providers, associate companies of the company, its subsidiaries, principal partner firms, our affiliates, our group companies, shareholders, - limited to the purpose of providing goods and services – our business partners and suppliers, shipment firms that company works with, customer loyalty service providers, law offices that company works with, survey firms that company works with, online billing companies, data safety providers, foreign auditor companies, domestic service providers to fulfill legal obligations for compliance, foreign auditor firms and their financial consultancy service providers, in case you are getting foreign auditing service, customer information (bills and information written on such bills) provided to such companies, foreign business partners, service providers, our business partners and suppliers – limited to the purpose of providing goods and services, affiliate companies of the company, subsidiaries, principal partner firms, foreign shipment firms that company works with, foreign survey firms that company works with, data safety providers (data leak tests, safety precautions), voice recognition, recording service providers, safety service providers.      

PERSONAL DATA RETENTION PERIOD  

Stablex shall act in accordance with the provisions of applicable regulations issued by Financial Crimes Investigation Board (“FCIB”) within the time periods anticipated by authorized organizations and judicial authorities as limited to the conditions and extent provided in the Personal Data Protection Law No. 6698 ("PDP Law") and Regulation on Deletion, Destruction and/or Anonymization of Personal Data (“Regulation”) and only in the Laws. Stablex shall duly fulfill its liability under 12th article of the Regulation against Users demanding disposal of their personal data pursuant to 13th article of the Law. For details on periods, you may see section E, DISPLAY OF YOUR PROCESSED PERSONAL DATA IN THE TABLE.     

METHODOLOGY AND LEGAL GROUNDS OF PERSONAL DATA PROCESSING  

Your personal data are collected by Stablex with your open consent through verbal, written, visual and/or electronic channels including but not limited to our website, social media channels and mobile applications. However, if the exceptions exist as described in the Personal Data Protection Law No. 6698 ("PDP Law"), articles 5 and 8 and/or respective regulation, personal data can be processed and shared with third parties WITHOUT HAVING FURTHER CONSENT from Users in Clarification Text. The most common ones of such circumstances are given in the following;     

Clearly anticipated by laws,  

Required for protection of a person’s (who is in a position unable to declare his/her consent due to actual impossibility and/or whose consent is not deemed legally valid), his/her or someone else’s life or their bodily integrity.  

Requirement of processing personal data including contract itself, provided that it is directly related with forming or executing a contract,    

Required for fulfillment of a legal obligation of company,  

If it is made public by users themselves,  

Required for processing data in order to establish, exercise or preserve a right,  

Sharing with our business partners, suppliers in addition to the necessity of processing data for legitimate interests of the company, provided not to harm any fundamental rights and freedoms of users.   

OUR RIGHT TO USE ANONYMIZED DATA:  

It means personal data become impossible to relate with a natural person whose identity is clear or identifiable even by matching with other data under no circumstance whatsoever. Pursuant to 3rd and 7th articles of Law; anonymized data shall not be considered as personal data in accordance with the Law, and processing of such data can be done without depending on provisions of this Clarification Text. Data owner undertakes that his/her data subject to this Clarification Text are complete, correct and up to date; that he/she will immediately update such data in case of any change. Company disclaims any responsibility arising due to applicant’s failure to share his/her up-to-date information.   

YOUR RIGHTS AS DATA OWNER  

We’d like to remind you as data owner your rights under Personal Data Protection Law No. 6698 ("PDP Law"), article 11. In this context, you can claim your following rights in conjunction with procedures and methods described.   

Applying to Stablex, User has the following rights on his/her personal data;  

Learn if they are processed,  

(if processed) demand information,  

Learn purpose of processing and if they are used in line with such purpose,  

Learn about local/ foreign third parties to whom data are transferred,  

Request correction if they are processed incompletely/ incorrectly,  

Request Deletion/ Destruction within the framework of conditions set out in 7th article of Personal Data Protection Law No. 6698 ("PDP Law"),  

Demand notification to transferee third parties about any action done in accordance with paragraphs (5) and (6) above,  

Place an objection to a result found against user due to analysis by means of automated systems exclusively,  

Request a remedy in case of any damages due to processing against the law.  

UPON HIS/HER USE OF STABLEX’S WEBSITE, USER DECLARES, AGREES AND UNDERTAKES THAT; 

HE/SHE ACKNOWLEDGES PROVISIONS OF THE FOREGOING PARAGRAPH, HAS KNOWLEDGE ON SUCH MATTER AND ESPECIALLY READ AND UNDERSTOOD REGULATIONS SPECIFIED IN 5TH AND 6TH ARTICLES OF PERSONAL DATA PROTECTION LAW No. 6698 ("PDP LAW"), AND GIVES HIS/HER “EXPLICIT CONSENT” AS DATA OWNER UNDER THE ARTICLES HEREOF.   

STABLEX, THE FOREGOING PURPOSE PERFORMED be WITH LIMITED TO, TO BUY HOSTING OF PERSONAL DATA USER'S Country of residence outside the WORLD ANYWHERE to found servers (to him, AFFILIATES its SUBCONTRACTORS to OR INTERNATIONAL LEVEL MAY BELONGING TO RELIABILITY PROVEN SERVICE PROVIDERS) USER ON SHALL HAVE THE RIGHT TO TRANSFER DATA ACCORDING TO ITS CONSENT. 

DATA OWNER’S APPLICATION METHOD 

Personal Data Owners who are also defined as relevant person in Personal Data Protection Law No. 6698 ("PDP Law") (hereinafter referred as “Applicant”) are entitled a right to file certain requests regarding personal data processing under PDP Law, article 11.   

Pursuant to PDP Law, article 13 paragraph one; any application submitted to our company as data controller, in connection with such rights should be in writing and submitted in accordance with the following methods as defined by Personal Data Protection Authority (“Authority”).   

In this context applications shall be submitted “in writing” to our Company with a printed copy of this form; applications in Turkish language shall prevail. You may submit your application;    

Upon applicant’s application in person,  

Through Notary Public,  

Via registered mail,  

By sending to Company’s registered e-mail address as signed by applicant with “safe electronic signature” as defined in 5070 numbered Law on Electronic Signature   

You may submit your requests regarding your rights as data owner by filling “DATA OWNER REQUEST FORM” (https://10.0.0.15:2020/en-us/DATA-OWNER-APPLICATION-FORM) in person and sending it to our correspondence address and/or sending it via verified e-mail with safe electronic signature or sending it to following address in writing and with wet-ink signature.  

Your requests, depending on their nature, would be resolved in the shortest time possible and not later than 30 days free of charge.  

However, if this action requires a further cost, a price may be charged based on the tariff set by Personal Data Protection Board. If you are sending a request on behalf of someone else, you have to attach a power of attorney issued hereof and other documents to verify your identity with your application. Upon your request if it requires sending you a reply that includes personal data or taking an action regarding processed personal data, unless application is made in person, through Notary Public or Registered E-mail Address (KEP) (all of which allow identity authentication, STABLEX may ask you to verify your identity in order to avoid delivering data to wrong persons or causing any actions done by other people with malicious intentions than real data owner.   

Correspondence Address: Emniyetevleri Mahallesi Eski Büyükdere Caddesi No:1 Sapphire Tower Kat:19/03   Kağıthane/İSTANBUL 

Stablex Registered E-mail Address (KEP): stablexbilisim@hs01.kep.tr 

Stablex Call Center: 0850 808 83 21  

Stablex E-mail: kisiselveri@stablex.net   

ATTACHMENTS: 

COOKIE POLICY  

EXPLICIT CONSENT FORM  

DATA OWNER REQUEST FORM   

*Stablex Personal Data Protection Clarification Text is drawn up both in Turkish and English languages; in case of a conflict, Turkish Text shall prevail.