Personal Data Protection Law Information Text

1. Introduction and Definitions

1.1 This Disclosure Text has been prepared by Bright Craft Research and Strategic Consulting Service Ltd. Şti. (“Company” or “Data Controller”) to explain our principles regarding the processing, protection, and transfer of personal data of our valued users/members, in accordance with the Personal Data Protection Law No. 6698 (“KVKK”).

1.2 “Personal Data” means any information relating to an identified or identifiable natural person. “Data Controller” refers to the natural or legal person who determines the purposes and methods of processing personal data.

1.3 In accordance with the KVKK and relevant legislation, we adhere to the principles of “compliance with the law and rules of honesty, accuracy, timeliness, processing for specific and legitimate purposes, being limited and proportionate in relation to the purpose of processing, and preserving data for the period stipulated in the relevant legislation or necessary for the purpose of processing.”

2. Processed Personal Data and Processing Tools

2.1. Collected Data:

  • Identity Information: Name, surname, T.R. ID number (if required).
  • Contact Information: Email address, telephone number, full address.
  • Payment/Financial Information: Bank account/IBAN information, credit card information (partially/masked), billing information.
  • User Transaction Information: IP address, cookie records, user activity (site navigation information), education purchase records.

2.2.  Processing Purposes:

  • Service Provision: Providing training, video training, webinars, live training, WhatsApp subscriptions, or similar services through our website, and performing registration transactions.
  • Payment Transactions and Billing: Issuing invoices and collecting payments for paid services.
  • Fulfillment of Legal Obligations: Accounting and tax obligations arising from legislation, and responding to requests from official institutions.
  • Communication and Support: Evaluating requests, complaints, and suggestions; Providing information, announcements, and campaigns.
  • Site Security and Development: To analyze the use of our site, improve its performance, and detect fraud and abuse.

2.3. Personal data may be processed within the company, in whole or in part, by automated or non-automatic means, such as obtaining, recording, storing, preserving, modifying, rearranging, transferring, etc.

2.4. Statistical data that does not contain personal information may be shared with company employees and contracted consultants, such as performance assistants.

2.5. Member information may only be disclosed to official authorities if such information is duly requested by official authorities and in cases where disclosure is required by applicable mandatory legislation.

2.6. By accepting this Agreement, the Member acknowledges that they have read and understood the Company’s “Privacy Policy”/”Disclosure Text” section.

3. Collection Methods and Legal Reasons

3.1. Your personal data may be collected automatically when you register on our site, purchase online training, or visit the site, through cookies, electronic forms, customer service calls, email, and similar communication channels.

3.2. Legal reasons may include:

  • Explicitly prescribed by law (KVKK Article 5/2-a),
  • Establishment or performance of a contract (KVKK Article 5/2-c),
  • Fulfillment of a legal obligation (KVKK Article 5/2-ç),
  • Publication by the relevant person (KVKK Article 5/2-d),
  • Establishment, exercise or protection of a right (KVKK Article 5/2-e),
  • Legitimate Interest (KVKK Article 5/2-f) – (For example, ensuring site security, preventing fraud, etc.)
  • Explicit consent (KVKK Article 5/1, 6/2) – (May be necessary, especially for marketing and profiling activities).
4. Transfer of Personal Data
  • Domestic Transfers: Your personal data may be transferred to our business partners, suppliers, legal, financial, and technical advisors, legally authorized public institutions and organizations, and authorized private legal entities, limited to the purposes mentioned above.
5. Retention Periods

5.1. Your personal data will be stored for the period required by the processing purposes and in accordance with the statutes of limitations and retention periods specified in the relevant legal legislation.

5.2. After the storage period expires, your data will be deleted, destroyed or anonymized.

6. Data Security

6.1. As the Data Controller, we take technical and administrative measures to protect the confidentiality, integrity, and accessibility of personal data. These measures include applications such as SSL certificates, access restrictions, encryption methods, regular security scans, and data masking.

6.2. Despite all the precautions taken, if data is damaged or obtained by third parties as a result of cyberattacks on our site or servers, the necessary administrative and legal steps will be taken immediately. Despite the Company taking the necessary information security measures, the Company will not be held liable if confidential information is damaged or obtained by third parties as a result of attacks on the Site or system.

7. Your Rights

7.1. Under Article 11 of the KVKK, data subjects may apply to the Company to:

  • Learn whether their personal data has been processed,
  • If so, request information about it,
  • Learn the purpose of processing and whether it is being used in accordance with its purpose,
  • Know the third parties to whom personal data has been transferred, domestically or internationally,
  • Request correction of any incomplete or inaccurate data,
  • Request deletion or destruction within the framework of the terms of the KVKK,
  • Request notification of correction, deletion, or destruction to third parties to whom personal data has been transferred,
  • Object to any adverse outcome resulting from the analysis of processed data, exclusively through automated systems,
  • Request compensation for damages suffered due to unlawful processing.

7.2. To exercise these rights, you can contact us at futurebrightacademy@futurebright.com.tr. Your request will be finalized within 30 (thirty) days after we receive it.

8. Updates
8.1. This Disclosure Statement may be updated as needed and to comply with legal regulations. You can track the last update date on the “Personal Data Policy” page.