DISCLOSURE ON PROTECTION OF PERSONAL DATA
I. IDENTITY OF DATA CONTROLLER
Under the Personal Data Protection Law and the General Data Protection Regulation of the European Union, FOYER DIGITAL HİZMETLER TİCARET ANONİM
ŞİRKETİ holds the title of data controller. As PHOYER, the security of your
personally identifiable information is a priority for us. In this regard, this Disclosure on the
Protection of Personal drafted as per the the Law as well as the Communiqué
on the Procedures and Principles to be Applied for Fulfilling the Obligation to Disclose
is presented to the attention of our users and third parties using our website.
PHOYER takes the necessary steps to ensure the appropriate level of security in
accordance with the legislation in order to prevent the unlawful use of your personal data and
to ensure that it is preserved during the processing of your personal data.
II. METHODS USED FOR THE COLLECTION OF YOUR PERSONAL DATA
Your personal data may be collected in writing and electronically via our website, social
media platforms, and cookies.
PHOYER makes use of cookies in order to provide its services and tailor content to the
specific requirements and interests of individual users. You are welcome to review our
Cookie Policy if you would like more in-depth information about cookies.
III. CATEGORIES OF PERSONAL INFORMATION:
Identity Information: Name, Surname, Information from Your Identification Card, Your
Taxpayer ID Number, Tax Office, and Workplace Title
Contact Information: Address, Email Address, Mobile Phone Number, and Landline
Telephone Number
Location Information: Information regarding the location
Financial Information: Account Number, IBAN Number, Credit Card Usage Details,
Billing Details, and Bank Customer Number
Customer Transaction Data: Information on services purchased, records of payments
made, shopping history, permission to receive commercial electronic messages, records of
campaigns participated, and message records
Marketing Data: Cookie Records, User History, Targeting, Records of Habits and Likes,
etc.
Legal Data: Request and complaint records, permission for sending commercial
electronic messages, records of legal transaction files, warnings, details of correspondence
with judicial and administrative authorities, signature circular and signature statement,
activity certificate, and records from the Trade Registry Gazette.
Transaction Security Data: IP Address, Passwords Credentials, Traffic Data, Details of
Login and Logout for Website and Mobile Applications, User Name
Information for risk management: IP address, Password, and Username Credentials.
IV. THE PURPOSES AND LEGAL REASONS OF PROCESSING OF YOUR
PERSONAL DATA
The following information is provided about the purposes for which we process your
personal data and the legal grounds for doing so:
1. Verifying the personal information of website users before they are allowed to
complete financial transactions
Personal Data Processed: Identity, Communication, Transaction Security Data, and
Risk Management Data
Legal Reasons: i) It is clearly stipulated in the laws; ii) It is necessary to process the
personal data of the parties of the contract, provided that it is directly related to the
establishment or performance of a contract; iii) It is mandatory for the data controller to
fulfil its legal obligation; iv) data processing is mandatory for the establishment, exercise,
or protection of a right, and v) data processing is mandatory for the legitimate interests of
the data controller, provided that it does not harm the fundamental rights and freedoms of
the data subject.
2. Allowing customers to communicate with other users via the website in order to
facilitate the delivery of service.
Personal Data Processed: Identity Information, Communication, Customer Deals, Legal
Deals
Legal Reasons: i) It is necessary to process the personal data of the parties of the
contract, provided that it is directly related to the establishment or performance of a
contract, ii) It is mandatory for the data controller to fulfil its legal obligation iii) Data
processing is mandatory for the establishment, exercise, or protection of a right, and iv)
Data processing is mandatory for the legitimate interests of the data controller, provided
that it does not harm the fundamental rights and freedoms of the data subject.
3. To communicate about the conditions and current status of contracts concluded
under the relevant articles of the Law on Distance Sales Contract and Consumer
Protection, to provide necessary information
Personal Data Processed: Identity, Finance, Communication, Customer Deals, Legal
Deals
Legal Reasons: i) It is clearly stipulated in the laws, ii) It is necessary to process the
personal data of the parties of the contract, provided that it is directly related to the
establishment or performance of a contract, iii) It is mandatory for the data controller to
fulfil its legal obligation iv) Data processing is mandatory for the establishment, exercise,
or protection of a right.
4. To perform the obligations and exercise the rights assumed pursuant to the
contracts concluded under the distance sales contracts and the relevant articles of the
Law on the Protection of the Consumer
Personal Data Processed: Identity, Finance, Communication, Location, Customer
Deals, Legal Deals
Legal Reasons: i) It is clearly stipulated in the laws, ii) It is necessary to process the
personal data of the parties of the contract, provided that it is directly related to the
establishment or performance of a contract, iii) It is mandatory for the data controller to
fulfil its legal obligation iv) Data processing is mandatory for the establishment, exercise,
or protection of a right, and v) Data processing is mandatory for the legitimate interests of
the data controller, provided that it does not harm the fundamental rights and freedoms of
the data subject
5. To carry out membership procedures and enable users to benefit from membership
rights
Personal Data Processed: Identity, Communication, Customer Deals, Legal Deals,
Transaction Security Data, Risk Management Data
Legal Reasons: i) It is necessary to process the personal data of the parties of the
contract, provided that it is directly related to the establishment or performance of a
contract, ii) It is mandatory for the data controller to fulfil its legal obligation iii) Data
processing is mandatory for the establishment, exercise, or protection of a right, and iv)
Data processing is mandatory for the legitimate interests of the data controller, provided
that it does not harm the fundamental rights and freedoms of the data subject
6. To generate purchasing records and invoices for accounting purposes
Personal Data Processed: Identity, Finance, Communication, Customer Deals, Legal
Deals
Legal Reasons: i) It is clearly stipulated in the laws, ii) It is necessary to process the
personal data of the parties of the contract, provided that it is directly related to the
establishment or performance of a contract, iii) It is mandatory for the data controller to
fulfil its legal obligation iv) Data processing is mandatory for the establishment, exercise,
or protection of a right, and v) Data processing is mandatory for the legitimate interests of
the data controller, provided that it does not harm the fundamental rights and freedoms of
the data subject
7. To organize records and documents that will serve as the foundation for the
transaction, either in paper or digital format (including the internet, mobile devices,
etc.)
Personal Data Processed: Identity, Finance, Communication, Customer Deals, Legal
Deals
Legal Reasons: i) It is clearly stipulated in the laws, ii) It is necessary to process the
personal data of the parties of the contract, provided that it is directly related to the
establishment or performance of a contract, iii) It is mandatory for the data controller to
fulfil its legal obligation iv) Data processing is mandatory for the establishment, exercise,
or protection of a right, and v) Data processing is mandatory for the legitimate interests of
the data controller, provided that it does not harm the fundamental rights and freedoms of
the data subject
8. To increase the quality of the services we provide to customers while also
conducting business development operations
Personal Data Processed: Identity, Communication, Customer Deals, Marketing Data
Legal Reasons: Data processing is mandatory for the legitimate interests of the data
controller, provided that it does not harm the fundamental rights and freedoms of the data
subject
9. To provide responses to requests for information made by competent authorities
Personal Data Processed: Identity, Finance, Communication, Customer Deals, Legal
Deals, Transaction Security Data, Marketing Data, Risk Management Data
Legal Reasons: i) It is clearly stipulated in the laws, ii) It is mandatory for the data
controller to fulfil its legal obligation iii) Data processing is mandatory for the
establishment, exercise, or protection of a right, and iv) Data processing is mandatory for
the legitimate interests of the data controller, provided that it does not harm the
fundamental rights and freedoms of the data subject
10. To provide information about the service that the users may find interesting and
notify campaigns while taking the users' interests into consideration
Personal Data Processed: Identity, Communication, Customer Deals, Marketing Data
Legal Reasons: Explicit Consent
11. To perform advertising, marketing, and promotion activities with a focus on the
unique preferences and interests of the users by conducting market analysis, targeting,
profiling, and analysis studies.
Personal Data Processed: Identity, Communication, Customer Deals, Marketing Data,
Transaction Security Data, Risk Management Data
Legal Reasons: Explicit Consent
12. To improve the experience of users who conduct transactions on the website; to carry out
the loyalty processes of the services; to carry out activities to ensure user satisfaction; and to
conduct surveys in electronic and / or physical environments through contracted institutions.
Personal Data Processed: Identity, Communication, Customer Deals, Transaction
Security Data, Marketing Data, Risk Management Data
Legal Reasons: Explicit Consent
13. To send promotional electronic messages to customers for the purposes of
marketing, promotion, advertising, campaigning, and celebrating
Personal Data Processed: Identity, Communication, Customer Deals, Marketing Data
Legal Reasons: Explicit Consent
14. To assess requests, suggestions, and complaints made by users
Personal Data Processed: Identity, Communication, Customer Deals, Legal Deals,
Transaction Security Data, Risk Management Data
Legal Reasons: i) It is mandatory for the data controller to fulfil its legal obligation ii)
Data processing is mandatory for the establishment, exercise, or protection of a right, and
iii) Data processing is mandatory for the legitimate interests of the data controller,
provided that it does not harm the fundamental rights and freedoms of the data subject.
15. To ensure information and transaction security while our services are used
Personal Data Processed: Identity, Communication, Customer Deals, Legal Deals,
Transaction Security Data, Risk Management Data
Legal Reasons: i) It is clearly stipulated in the laws, ii) It is necessary to process the
personal data of the parties of the contract, provided that it is directly related to the
establishment or performance of a contract, iii) It is mandatory for the data controller to
fulfil its legal obligation iv) Data processing is mandatory for the establishment, exercise,
or protection of a right, and v) Data processing is mandatory for the legitimate interests of
the data controller, provided that it does not harm the fundamental rights and freedoms of
the data subject
16. To follow-up and execute legal affairs
Personal Data Processed: Identity, Finance, Communication, Customer Deals, Legal
Deals, Transaction Security Data, Marketing Data, Risk Management Data
Legal Reasons: i) It is clearly stipulated in the laws, ii) It is necessary to process the
personal data of the parties of the contract, provided that it is directly related to the
establishment or performance of a contract, iii) It is mandatory for the data controller to
fulfil its legal obligation iv) Data processing is mandatory for the establishment, exercise,
or protection of a right, and v) Data processing is mandatory for the legitimate interests of
the data controller, provided that it does not harm the fundamental rights and freedoms of
the data subject
17. To execute and supervise our business activities, improvement and development of our
services
Personal Data Processed: Identity, Finance, Communication, Customer Deals, Legal
Deals, Transaction Security Data, Marketing Data, Risk Management Data)
Legal Reasons: i) It is clearly stipulated in the laws, ii) It is necessary to process the
personal data of the parties of the contract, provided that it is directly related to the
establishment or performance of a contract, iii) It is mandatory for the data controller to
fulfil its legal obligation iv) Data processing is mandatory for the establishment, exercise,
or protection of a right, and v) Data processing is mandatory for the legitimate interests of
the data controller, provided that it does not harm the fundamental rights and freedoms of
the data subject
18. To fulfill our legal obligations and exercise our rights arising from the current
legislation
Personal Data Processed: Identity, Finance, Communication, Customer Deals, Legal
Deals, Transaction Security Data, Marketing Data, Risk Management Data
Legal Reasons: i) It is clearly stipulated in the laws, ii) It is necessary to process the
personal data of the parties of the contract, provided that it is directly related to the
establishment or performance of a contract, iii) It is mandatory for the data controller to
fulfil its legal obligation iv) Data processing is mandatory for the establishment, exercise,
or protection of a right, and v) Data processing is mandatory for the legitimate interests of
the data controller, provided that it does not harm the fundamental rights and freedoms of
the data subject
V. THE PARTIES TO WHICH YOUR PERSONAL DATA IS TRANSFERRED,
AS WELL AS THE REASON FOR THE TRANSFER IN QUESTION
Your private information may be provided to the following domestic and international
recipients in order to accomplish the following purposes in compliance with the law:
– Instructors available to assist users
– Contracted payment institutions, banks, and the Interbank Card Centre for processing
payment transactions
– Our contracted business partners for the purpose of being able to send commercial
electronic messages based on user consent and for the purpose of carrying out
advertisement, campaign, and promotion activities within this scope.
– Various advertising agencies, market research firms, and survey companies in the country
as well as abroad within the context of marketing activities to enhance the user
experience and guarantee user satisfaction.
– To service providers to ensure the delivery of statistical and technical service
– Shareholders and affiliates of PHOYER for the purposes of carrying out corporate
management processes, statistical study processes, and reporting processes
– Programme partner organisations and social networking sites located in the country and
other countries, with which we collaborate in order to carry out our activities and develop
our business in the most effective manner possible.
– Our business partners located in the country and other countries, as it is from them that
we receive the service of storing personal information in a cloud-based environment
– Companies located in the country and other countries that operate as service providers
and provide the website with technological infrastructure, server service, e-mail service,
and cookie service; and
– Audit firms, legal professionals, government-approved institutions, and other
organisations to satisfy our legal obligations
VI. RIGHTS OF THE DATA SUBJECT
Users can forward their requests as per Article 11 of the Law "regulating the rights of the
data subjects" to the following email address: support@phoyer.app.
On October 7, 2016, Article 11 of the Law on Protiction of Personal Data numbered 6698
became effective. In accordance with the applicable article, the rights of data subjects after
such date are as follows:
A data subject may enjoy the following rights by submitting an application to PHOYER:
1. to learn whether his/her personal data are processed or not
2. to demand for information as to if his/her personal data have been processed
3. to learn the purpose of the processing of his/her personal data and whether these
personal data are used in compliance with the purpose
4. to know the third parties to whom his personal data are transferred in country or
abroad
5. to request the rectification of the incomplete or inaccurate data, if any
6. to request the erasure or destruction of his/her personal data in accordance with
Article 7 of the Law
7. to request reporting of such erasure or destruction operations to third parties to whom
his/her personal data have been transferred
8. to object to the occurrence of a result against the person himself/herself by analysing
the data processed solely through automated systems; and
9. and to claim compensation for the damage arising from the unlawful processing of
his/her personal data
If you send your requests to PHOYER, then PHOYER will finalise your request at no
cost to you within thirty (30) days at the absolute latest after receiving it. PHOYER, on the
other hand, reserves the right to charge you a fee in accordance with the tariff that will be
determined by the Personal Data Protection Board in the event that additional costs are
incurred.
In its capacity as a data controller, FOYER DİJİTAL HİZMETLER TİCARET ANONİM
ŞİRKETİ, seated at the address ‘Donanmacı Mah. Kemalpaşa Cad. No:7 İç Kapı No:401
Karşıyaka / İZMİR’, with MERSIS No. 0388164118500001, acknowledges and respects
your status as valuable data subjects, and we will do everything in our power to assist you in
meeting the requirements outlined in your application. You can contact us at
support@phoyer.app or at the physical address listed on our website, as required by Article
11 of the Law.
VII. CHANGES THAT MAY BE MADE IN THE DISCLOSURE ON THE
PROTECTION OF YOUR PERSONAL DATA:
PHOYER retains the right to modify the contents of this Disclosure at any time they see
fit. The alterations that may be made by PHOYER shall take effect as soon as the Disclosure
has been posted on the website.
VIII. RIGHTS UNDER GDPR
On May 25, 2018, GDPR came into force and replaced the “Data Protection Directive
95/46/EC” of October 24, 1995. The General Data Protection Regulation (GDPR) establishes
certain requirements that must be met by companies and organisations based in Europe.
Serving users in Europe or European citizens, PHOYER, as a data controller, attaches
importance to the protection of personal data of users and its own employees and processes it
in accordance with GDPR. The General Data Protection Regulation (GDPR) incorporates the
well-established privacy principles of transparency, fairness, and accountability. The General
Data Protection Regulation (GDPR) requires data controllers to use only data processors who
process personal data on behalf of the data controller and to provide sufficient guarantees to
meet certain requirements of the GDPR.
PHOYER complies with the GDPR as well.
International Data Transfers under GDPR: PHOYER has designed its privacy and
security programmes to provide an appropriate level of data protection and has outlined
additional safeguards and protections for the transfer of personal data outside of the
European Union and the European Economic Area. These mechanisms aim to provide an
adequate level of protection or ensure that appropriate safeguards are applied when personal
data is transferred to a third country. PHOYER is committed to maintaining a mechanism to
facilitate such transfers, as required by GDPR, in situations in which personal data will be
transferred outside the EU to third countries that are not covered by adequacy decisions.
User Rights under GDPR: The rights that users have under GDPR are as follows: the
right to information; the right of access; the right to rectification; the right to delete or be
forgotten; the right to restrict processing; the right to data portability; and the right to object.
Right to Erasure in Accordance with the GDPR (Also Known as the Right to Be
Forgotten): The user has the right to delete their personal data, and PHOYER has the
obligation to delete personal data without delay if requested by the users. If PHOYER
receives a complete deletion request from the user, it will delete the relevant user data from
the entire database within a maximum of 30 days.
Please visit the following website if you would like to learn more about GDPR:
https://ec.europa.eu/info/law/law-topic/data-protection_en.