Privacy Notice for the Contact Form 

As Apex Crm Bilişim ve Bulut Teknolojileri Anonim Şirketi (“Company”), we attach great importance to the protection of your personal data during your visit to and use of our website.

For any questions, requests, or feedback you may have, you may contact us at any time by filling out the contact form available on our website at apexloyalty.com.

We would like to inform you, through this Privacy Notice for the Contact Form (“Privacy Notice”), about how we process your personal data within the scope of your submitted requests and in accordance with the Law on the Protection of Personal Data No. 6698.

This Privacy Notice has been prepared in both Turkish and English and is hereby presented for your information. The English version appears first, followed by the Turkish version.

• Personal Data We Process

We process the following personal data (“Personal Data”) of individuals who wish to contact us via the Contact/Book a Demo section on our website: the name of the company the individual represents, the individual’s full name, e-mail address, phone number, country of residence, and the personal data included in the content of the message submitted.

Even if you do not share any information with us through our website or other communication channels, please refer to our cookie policy for information about other data that may be collected during your visit to our website. In accordance with our Cookie Policy, we only use limited types of cookies for analytical purposes and to ensure that your visit experience meets your needs.

• Method of Collecting Your Personal Data

Your Personal Data is collected through the online completion of the contact form on our website, through other communication channels (such as our phone number and e-mail addresses), or verbally, in writing, or electronically via our business partners. To better understand your request, we may contact you and request additional information either verbally or in writing, through automated or non-automated means. Such additional information will also be processed strictly within the scope outlined above.

• Purposes, Legal Grounds, and Transfer of Your Personal Data

Following your submission of the contact form provided under the Contact/Book a Demo section on our website, or in case you reach out to our representatives via other communication methods available on our website, we process your Personal Data for the purposes of responding to your questions or requests, evaluating your feedback, and contacting you as needed in this context.

Your Personal Data is collected, recorded, processed, stored, and categorized by us in our capacity as the data controller based on the legal ground that processing is necessary for the legitimate interests pursued by the data controller, pursuant to Article 5/2(f) of the Law on the Protection of Personal Data No. 6698 (“Law”).

In addition, your Personal Data may be disclosed to public authorities without your explicit consent if and when such disclosure is required by applicable mandatory legislation or upon lawful request by competent authorities. Your Personal Data may also be used and shared with courts or other authorized institutions to the extent necessary for the handling of actual or potential legal disputes involving the Company. Accordingly, your Personal Data may be processed without your explicit consent in accordance with Article 5/2(ç) of the Law, where processing is necessary for the Company to fulfill its legal obligations, and Article 5/2(e) of the Law, where processing is necessary for the establishment, exercise, or protection of the Company’s legal rights.

Within this framework, your Personal Data may be shared, only to the extent necessary and limited to the purposes mentioned above, with information technology service providers from whom we receive support regarding our systems, software, and platform infrastructure (including database and server providers, middleware providers, archiving services, and platform service providers), as well as with independent audit firms involved in the Company’s internal or external audit processes.

In order to conduct its business operations efficiently and effectively, the Company may transfer the data it processes to 360 DRC, Inc., a service provider acting as a data processor whose servers are located abroad. This international transfer is carried out in compliance with applicable legislation, provided that all necessary technical and administrative safeguards are in place, and a standard contractual clause approved by the Board is executed between the parties.

The Company ensures that such international transfers are performed only when necessary for its operational needs and in full compliance with data privacy and security regulations, protecting the confidentiality, integrity, and security of the personal data.

• Your Rights as a Data Subject Under the Law

Within the scope of the Law and other applicable legislation, you have the following rights:

1. To learn whether your Personal Data is being processed,
2. If your Personal Data has been processed, to request information regarding such processing,
3. To learn the purpose of processing your Personal Data and whether it is used in accordance with its intended purpose,
4. To know the third parties to whom your Personal Data is transferred, whether domestically or abroad,
5. In the event that your Personal Data is incomplete or inaccurate, to request its correction and to request notification of such correction to third parties to whom the data has been transferred (if any),
6. In the event the reasons requiring the processing of your Personal Data no longer exist, to request the deletion or destruction of your Personal Data and, if applicable, to request that this be communicated to third parties to whom the data has been transferred,
7. To object to any outcome against you that arises from the analysis of your Personal Data exclusively through automated systems,
8. If you suffer damage due to the unlawful processing of your Personal Data, to request compensation for such damage.

• Methods for Submitting Requests to the Company Regarding Your Rights

You may submit your applications regarding the rights mentioned above in accordance with the provisions of the Communiqué on the Principles and Procedures for the Request to Data Controller. Applications may be submitted either in writing or electronically via registered electronic mail (KEP) address, secure electronic signature, mobile signature, or the e-mail address previously notified to our Company and registered in our systems, together with information/documents verifying your identity (but not containing any sensitive personal data such as religion or blood type) in order for our Company to verify your legal ownership of the request. Such information/documents may include: Turkish ID number or passport number (for foreign nationals), residence or business address for notification, mobile/phone/fax number, and e-mail address. Applications can be submitted by physical mail to the address İsbi İhtisas Serbest Bölgesi Yeşilköy Sb Mah. İsbi Plaza Sk. No: İsbi Plaza No:1 İç Kapı No:936 Bakırköy/İstanbul, or by e-mail to [[email protected]].

Depending on the nature of your request, it will be finalized as soon as possible and no later than 30 (thirty) days, free of charge. However, if the processing of your request requires an additional cost, a fee may be charged in accordance with the tariff determined by the Personal Data Protection Board (“Board”).

In the event of any change in the data processing activities regulated under this Privacy Notice, such changes will be reflected in the Privacy Notice as soon as possible, and you may always access the most up-to-date version of the notice through the Platform.