This Privacy Policy explains the privacy policies and procedures of Ustads and its affiliates (“Ustads”, “we”, “us” or “our”) regarding personal data we collect in the context of our interactions with you through our websites, marketing initiatives, and our websites, applications, and other services (“Services”) that link to this Privacy Policy.
1. General: By using this site, you are deemed to have read and accepted the privacy and security terms and rules. If you think you cannot fulfill the obligations set forth in the privacy terms, do not use this site. Special additional provisions and terms may apply to the use of certain parts of the site or interactions established with these parts.
2. Monitoring/Changes to Privacy and Security Terms: Ustads (“Site Owner”) reserves the right to make changes to the privacy and security terms or to introduce additional terms at any time without prior notice. Changes made to inform you of the nature of the information collected during use, how it is used, under what circumstances it is shared with others, and all necessary privacy conditions will be presented on this page. Since the site owner reserves the right to make changes to the privacy terms, they should be reviewed and read regularly. Continued use of this site after any such change may indicate acceptance of the changes to the privacy terms.
3. Open System: Users: (The term user is used as a general definition meaning everyone who enters the website, including members, if any.) acknowledge and accept that the internet is not a secure environment, that communication over the internet is risky, and that all kinds of information, including personal information, passwords, etc., may be the target of unlawful acts by third parties. The site owner makes no warranty regarding security and malicious acts.
4. Protection of Information: The site owner makes every effort to ensure the security of all pages on the website. Various technical and administrative practices are used to protect the confidentiality, security, and integrity of the data stored on the site.
5. Third-Party Sites: The site may contain and/or provide links to sub-sites and top-level sites operated by third parties that are not operated or controlled by the site owner. The site owner makes no guarantee or special commitment regarding the content, security, privacy policies, or continuous availability of communication of these accessible sites. Responsibility is subject to the terms written on third-party sites. Before taking any action, the security and privacy conditions on the relevant sites should be read. The site owner cannot be held responsible for the personal information provided to such sites, the content and services used from such sites, or the privacy policies and practices of such sites.
6. Site Utilities: The user may need to use utilities in order to benefit from certain parts of the site. If these parts are used, data related to the manner and scope of use may be recorded in the site database. Likewise, we may use certain “cookies” to make it easier for you to use the sections and may send some information to the user through them.
7. Personal Information:
i. Pursuant to the Personal Data Protection Law No. 6698 (“Law”), any information relating to an identified or identifiable natural person constitutes personal data (“Personal Data”). The User’s first name, last name, phone number, e-mail address, IP information, and date and time of use may have been transmitted to, disclosed to, or recorded on the Website in order for the User to visit or use the Website or, if applicable, to receive services offered through the Website. By taking into account that the Personal Data they have transmitted, disclosed, or recorded will be accessible to Ustads under the conditions set forth in these Website Terms, Users shall be deemed to have disclosed such information and to have accepted that any Personal Data they disclose, record, or reveal on the Website loses its confidentiality vis-à-vis Ustads.
ii. The aforementioned personal data may be processed, in whole or in part, by automated means by Ustads on the legal grounds set forth in Article 5 of the Law, namely that “processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of the contract, and that processing is necessary for the data controller to fulfill its legal obligation.” These Personal Data may also be processed, where the relevant User has given explicit consent, for other purposes stated in the Information Notice published on the Website and/or presented to the User’s information and/or approval in various sections.
iii. Special Categories of Personal Data: Unless required by law, Ustads does not request from Users, in any way and under any circumstances, data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing and attire, membership of an association, foundation or trade union, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data. Ustads has no responsibility arising from such information being provided, recorded, or disclosed to the Website or through the Website.
The Policy on the Protection, Processing, Storage and Destruction of Personal Data, which contains detailed information regarding Personal Data and is available on the Website, is an integral part of these Website Terms
8. Violation of Privacy and Security Terms: The Site Owner reserves the right to refuse information already in the system, remove it from content, delete it, and, without prior notice, suspend users’ access to the site and services, terminate access, and cancel membership (though not obligated to do so) if the privacy terms are not complied with or if an attempt is made to violate the rules, whether or not the violation is fully completed. This rule also applies in cases where the terms are indirectly violated or an attempt is made to violate them by a third party acting on behalf of the user.
9. Information and Communication: For questions regarding the privacy terms of Ustads’s website, you can get more information by writing to privacy@ustads.com.
I. Personal Information
Information You Provide to Us
The personal information you provide to us may include:
Contact information and correspondence:
When you interact with us via web forms, phone, email, mail, or social media, your name, contact information (such as phone numbers and email address), other information you choose to provide, and the content of your communications may be collected.
Registration information:
To use certain features of the Services, you must register and create an account. When creating an account, basic registration information such as email address, username, password, and mobile phone number will be requested.
Account information:
Information you provide while using your Ustads account, such as profile information, account settings, subscriptions, and content you create or interact with while using the account (such as your posts, responses, likes, shares, emojis, watchlists, people you follow, followers, and messages), is collected.
Payment information:
When you sign up for any subscription or make another payment to us, we collect payment information such as your name, payment card details, and billing information through our payment service providers. Please note that we do not store payment card numbers in our systems; we only store a tokenized version of this information. The information you provide regarding your payments is handled by our third-party payment processors in accordance with their terms of service and privacy policies.
Marketing information:
When you sign up to receive any type of marketing communication from us or interact with our marketing communications, we may collect your name, contact information, marketing preferences, and details about your interactions.
Surveys, reviews, and testimonials:
When you participate in any of our surveys or write a review/testimonial about us or our products, we may collect your name, job title, contact information, survey responses, and the content of your review/testimonial.
Vendors/business partners and representatives:
When you enter into a vendor/business partner agreement with us or are a representative of a vendor/business partner, we may collect your name, company information, job title, contact information, and the content of your correspondence with us.
Other information:
Any other personal information not specifically mentioned here but requested or received will be used as described in this Privacy Policy or as disclosed at the time of collection.
Information We Obtain from Third Parties
Social media information:
We have pages on social media sites such as Instagram, Facebook, Twitter, Medium, Vimeo, YouTube, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we may collect personal information you choose to provide to us, such as your contact information. In addition, the companies hosting our Social Media Pages may provide us with aggregated information and analytics regarding the use of these pages.
Third-party credentials:
You may also enter certain passwords, usernames, account numbers, and other account information for websites, applications, products, or services offered by third-party service providers (“Third-Party Services”).
II. Automatic Data Collection
We and our service providers may automatically record and combine information about you, your computer or mobile device, and your interactions with our Services, communications, and other online services over time. This information may include:
Device data:
The type and version of your computer’s or mobile device’s operating system, manufacturer and model, browser type, screen resolution, device type (for example, phone, tablet), IP address, device identifiers, language settings, and general location information such as city, state, or geographic area. If you choose to use location-enabled Services, we may collect location information from your device. You can control or disable the sharing of location information through your device settings and/or browser settings.
Online activity data:
The pages or screens you view, how long you spend on a page or screen, the website you visited before browsing the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access, and whether you open or otherwise interact with our communications, such as marketing emails (for example, whether you click links or files in them).
We use cookies, web beacons (for example, pixel tags), browser web storage (also known as locally stored objects or "LSOs"), and similar technologies to collect certain information. For more information about how we use these technologies, please review our Cookie Policy.
III. How Do We Use Your Personal Information?
We use your personal information as described in this Privacy Policy or at the time of collection, and for the following purposes:
Providing the Services:
We use your personal information to operate, maintain, and provide our Services to you. This includes enabling you to use and access our website and your Ustads account. In particular, we will use your personal information to fulfill our contractual obligations under our Terms of Service.
Communicating with You About the Services:
We will use your personal information to communicate with you in order to fulfill our contractual obligations or in line with our legitimate business interests. This includes responding to your requests, providing support, and sending announcements, updates, security alerts, and support/help messages related to our Services.
Improving, Monitoring, Personalizing, and Protecting the Services:
Maintaining and improving the quality of our Services and providing a safe environment for our users is in line with our legitimate business interests. In this context:
· Understanding your needs and interests and personalizing your interactions with the Services,
· Troubleshooting, conducting tests and research, keeping our IT systems, architecture, networks and Services secure,
· includes investigating and protecting against fraudulent, harmful, unauthorized or illegal activity.
Research, Development, Market Analysis, and Comparison:
We may use personal information for research, product improvement and development, market analysis, and comparison purposes to analyze and improve our Services and our overall business. We may also provide access to general information in our Services to allow them to analyze market trends and use it for other business purposes. We may create anonymized or de-identified data derived from the personal information we collect in connection with these activities, and we may share such data with third parties for our legitimate business purposes, such as analyzing, improving, or promoting our Services.
Surveys and Reviews:
It is among our legitimate business interests to conduct surveys and collect feedback from you. If we consider publishing your survey responses or reviews together with information that identifies you, we will obtain your consent to process this information.
Marketing and Advertising:
· Direct Marketing: We may contact you directly for marketing communications about our Products and Services. Where required by law, we will send marketing information only with your consent. Otherwise, we will send this information only in pursuit of our legitimate business interests.
· Interest-Based Advertising and Third-Party Advertising Services: We work with our advertising partners to show you ads that we think may be of interest to you when you visit Ustads and other websites. These partners may use cookies and similar technologies to collect information about your interactions with our Services and other online activities. For more information, please review our Cookie Policy.
Supplier/Partner Relationships:
When you are a supplier/partner or a representative of a supplier/partner, we may use your personal information to contact you and/or your company and manage our relationship. Where we have signed a contract, we will use your personal information to fulfill our obligations under the relevant contract.
Compliance and Protection:
We may use personal information to comply with legal obligations and defend ourselves against legal claims or disputes. This includes the following:
· To protect our rights, privacy, safety, or property,
· To audit our internal processes for compliance with legal and contractual requirements,
· To enforce the terms and conditions governing the services,
· To prevent, investigate, and deter fraud, harmful, unauthorized, or illegal activity,
· To comply with applicable laws, official requests, and legal processes (for example, subpoenas or requests from public authorities)
IV. Sharing Information
We may share your personal information with recipients in the following categories:
Service Providers
We may share your information with trusted third parties that work with us to provide services and perform functions. These services include hosting, maintenance, and other information technology services. These third parties will use your information provided to them solely for the purpose of performing these functions and providing the services, in accordance with confidentiality and security obligations.
Advertising Partners
We may share your information with third-party advertising partners for interest-based advertising and third-party ad display purposes. For example, we may share data with advertising partners so that ads related to our services can be shown to you and other users on third-party platforms. In addition, information may be shared with third parties who promote their own products and services on our services so that they can analyze and improve the effectiveness of advertising campaigns.
Authorities and Others
We may share your information with government authorities, law enforcement, or private parties, in good faith, for purposes of compliance with the law and protection.
Business Transfers
In connection with business transfers, we may share your personal information with buyers or relevant parties. This includes processes such as mergers, consolidations, acquisitions, restructurings, sales of assets, or bankruptcy.
Affiliates
We may share your information with our current and future affiliates, that is, entities controlled by, controlling, or under common control with Ustads.
Other Users and the General Public
Ustads is generally a publicly accessible platform. Therefore, information visible on your Ustads profile (your photo, bio, name, location, website, following list, posts, replies, likes, and watchlists) can be seen by other users and the general public. By using our services, you consent to this information being shared publicly. In addition, we may share public information with our business partners for business, research, and analytics purposes.
Social Media
We may share your public content on our pages on social media platforms such as YouTube, Instagram, Facebook, Twitter, Medium, Vimeo, and LinkedIn.
Professional Advisors
Where necessary, we may share your information with professional advisors such as lawyers, bankers, auditors, and insurers.
Third-Party Services
When you integrate our services with third-party platforms (for example, by signing in with a third-party account or by providing an API key or similar access token), we may share your personal information with those third parties. For more information, we recommend reviewing the relevant third party’s privacy policy.
V. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes stated in this Privacy Policy. This includes situations where we have a legitimate business need to provide the Services and due to legal or regulatory obligations (for example, tax, legal, or accounting purposes), or to prevent and enforce breaches of the Services’ terms and conditions, or to defend legal claims.
When determining the appropriate retention period for your personal data, we take into account the amount, nature, and sensitivity of the personal data, the potential risk of harm arising from unauthorized use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes by other means, the permissions you have given regarding your personal information, and applicable legal and regulatory requirements.
VI. Destruction of Personal Data
Reasons requiring the destruction of personal data
If all of the conditions for processing personal data set out in Articles 5 and 6 of the Law cease to exist, personal data shall be deleted, destroyed, or anonymized by the Company ex officio or upon the request of the relevant person.
Technical and administrative measures taken to ensure the secure storage of personal data and to prevent unlawful processing and access
Physical Measures
Physical access controls (locked rooms and cabinets)
Security plan
Physical security applicable to workplaces
Security measures governing the hardware where personal data is stored, via Google Drive corporate agreement through third parties
Back-up storage (backup)
Technical Measures
Individual user names (user IDs)
Passwords
Automatic session logoff; Google has it, the computer and system do not
Audit trail / log keeping
Firewall; Mac is used
Encryption
Administrative Measures
Policies restricting access to data for employees who need to use personal data
Policies regarding the proper collection, use, disclosure, storage and/or destruction of personal data
Policies regarding the proper use of mobile electronic devices storing personal data
Technical and administrative measures taken for the lawful destruction of personal data
The destruction of personal data is carried out by the Company by selecting one of the methods of deletion, destruction, or anonymization.
Methods for Deleting Personal Data
a. Application Type Cloud Solutions as a Service
In the cloud system, data is deleted by issuing a delete command. While performing this operation, the relevant user does not have the authority to recover deleted data on the cloud system.
b. Personal Data in Paper Form
Personal data in paper form is deleted using the blacking-out method.
c. Office Files Located on the Central Server
The file is deleted with the delete command in the operating system, or the relevant user's access rights to the file or the directory where the file is located are revoked.
d. Personal Data on Portable Media
Personal data on flash-based storage media is stored in encrypted form and deleted using software suitable for these media.
e. Databases
The relevant rows containing personal data are deleted with database commands (DELETE, etc.).
Methods for Destroying Personal Data
a. Local Systems
Demagnetization, physical destruction, and overwriting methods are used.
b. Peripheral Systems
i. Network devices (switches, routers, etc.)
ii. Flash-based media
iii. Units such as magnetic disks
iv. Mobile phones
v. Optical disks
vi. Peripherals such as printers
c. Paper and microfiche media
d. Cloud environment
Methods for Anonymizing Personal Data
Titles, departments, and job descriptions of those involved in personal data retention and destruction processes
Periodic Destruction Period
By virtue of Article 11 of the Regulation, the Company has set the periodic destruction period at 6 months. Accordingly, periodic destruction is carried out at the Company in June and December each year. All employees are obliged to ensure that the data under their control is destroyed in accordance with this policy. In this context, they are obliged to notify the destruction officers at the end of the retention periods.
VII. Your Choices and Rights
Access or update your information
If you have created an account with us, you can log in to your account and review and update certain personal information in your profile.
Unsubscribe from marketing communications.
To opt out of marketing-related emails, you can follow the unsubscribe or opt-out instructions at the bottom of our emails, or contact us at privacy@ustads.com. You may continue to receive service-related or other non-marketing emails.
Personal information requests.
Depending on where you are located and the nature of your interactions with our services, you may make the following requests regarding personal information:
Access. Provide information about the processing of your personal information and access to a copy of the personal information we have collected from you.
Correction. Update or correct inaccurate or outdated personal information.
Deletion. Delete your personal information that is no longer needed to provide the Services or for other legal purposes.
Portability. Provide your personal information to you or to a third party of your choice in a portable, machine-readable, and usable format.
Additional rights. Object to the processing of your personal information, request that we restrict the use of your personal information, and, where applicable, withdraw your consent to the processing of your personal information.
To submit a request, you can contact us by email or by mail at the address specified in the "Contact Us" section below. We may ask you for certain information to help us verify your identity. Depending on where you live, you may authorize an agent to make requests on your behalf. In accordance with applicable laws, we will require authorized agents to verify their identities and authority.
In some cases, your requests may be limited; for example, where fulfilling your request would violate the rights of others, prevent us from providing a service you requested, or affect our ability to comply with legal obligations and enforce our legal rights. If you are not satisfied with how we respond to your request, you may appeal by contacting us through the methods specified in the "Contact Us" section or by filing a complaint with the data protection regulator in the place where you live, work, or where you believe the violation occurred.
Choosing not to share your personal information.
Where we are required by law to collect your personal information, or where we need it to provide the Services to you, if you do not provide this information when requested (or later ask us to delete it), we may not be able to provide our Services to you. We will tell you what information you need to provide in order to receive the Services by marking it as "required" during collection or by other appropriate means.
Third-party platforms.
If you choose to connect to the Services through a third-party platform, when you log in using the third party's authentication service or link your account, you may have the option to limit the information we may receive from the third party. You can later control these settings through the third-party platform or service. If you withdraw our access to certain information from the third-party platform, this preference does not apply to information we have already received from the third party.
Limiting online tracking and cookies.
As part of our commitment to privacy and transparency, our Cookie Policy (https://ustads.com/about/legal/cookie-policy) provides information about how you can opt out of cookies and about our advertising partners that engage in online behavioral advertising.
VII. Other Websites and Services
Our Website may contain links to other websites that are not operated or controlled by Ustads, including social media services. A link to a website does not imply endorsement, authorization, or representation of our affiliation with that third party. We do not control third-party websites. These other websites may place their own cookies or other files on your computer, collect data, or request personal information from you. Information you share with Third Party Services will be subject to the specific privacy policies and terms of service of those services, not this Privacy Policy. We recommend that you read the privacy policies of other websites and online services you use.
VIII. Security
The security of your personal information is important to us. We implement administrative, physical, and electronic safeguards to help protect against unauthorized access to your information, but we cannot guarantee that these measures will be entirely sufficient to prevent attempts to gain unauthorized access to your information.
IX. Our Policy Toward Children
Our Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If a parent or guardian becomes aware that his or her child has provided us with personal information without permission, please contact us at privacy@ustads.com. If we discover that a child under 18 has provided us with personal information, we will delete that information from our records.
X. Changes to This Privacy and KVKK Policy
This Privacy Policy may be updated from time to time for any reason; each version will apply to information collected while it is in effect. We will post the new Privacy Policy on our Website to notify you of material changes to our Privacy Policy. Please review this Privacy Policy regularly.
XI. Contact Us
If you wish to exercise your rights regarding your personal information processed by Ustads and/or if you have any questions about the processing of your personal information, please send an email to privacy@ustads.com.