This Privacy Policy explains the privacy policies and procedures of Ustads and its affiliates (“Ustads”, “we”, “us” or “our”) regarding personal data we collect in the context of our interactions with you through our websites, marketing initiatives, and our websites, applications, and other services (“Services”) that link to this Privacy Policy.
1. General: By using this site, you are deemed to have read and accepted the privacy and security terms and rules. If you think you cannot fulfill the obligations set forth in the privacy terms, do not use this site. Special additional provisions and terms may apply to the use of certain parts of the site or interactions established with these parts.
2. Monitoring/Changes to Privacy and Security Terms: Ustads (“Site Owner”) reserves the right to make changes to the privacy and security terms or to introduce additional terms at any time without prior notice. Changes made to inform you of the nature of the information collected during use, how it is used, under what circumstances it is shared with others, and all necessary privacy conditions will be presented on this page. Since the site owner reserves the right to make changes to the privacy terms, they should be reviewed and read regularly. Continued use of this site after any such change may indicate acceptance of the changes to the privacy terms.
3. Open System: Users: (The term user is used as a general definition meaning everyone who enters the website, including members, if any.) acknowledge and accept that the internet is not a secure environment, that communication over the internet is risky, and that all kinds of information, including personal information, passwords, etc., may be the target of unlawful acts by third parties. The site owner makes no warranty regarding security and malicious acts.
4. Protection of Information: The site owner makes every effort to ensure the security of all pages on the website. Various technical and administrative practices are used to protect the confidentiality, security, and integrity of the data stored on the site.
5. Third-Party Sites: The site may contain and/or provide links to sub-sites and top-level sites operated by third parties that are not operated or controlled by the site owner. The site owner makes no guarantee or special commitment regarding the content, security, privacy policies, or continuous availability of communication of these accessible sites. Responsibility is subject to the terms written on third-party sites. Before taking any action, the security and privacy conditions on the relevant sites should be read. The site owner cannot be held responsible for the personal information provided to such sites, the content and services used from such sites, or the privacy policies and practices of such sites.
6. Site Utilities: The user may need to use utilities in order to benefit from certain parts of the site. If these parts are used, data related to the manner and scope of use may be recorded in the site database. Likewise, we may use certain “cookies” to make it easier for you to use the sections and may send some information to the user through them.
7. Personal Information:
i. Pursuant to the Personal Data Protection Law No. 6698 (“Law”), any information relating to an identified or identifiable natural person constitutes personal data (“Personal Data”). The User’s first name, last name, phone number, e-mail address, IP information, and date and time of use may have been transmitted to, disclosed to, or recorded on the Website in order for the User to visit or use the Website or, if applicable, to receive services offered through the Website. By taking into account that the Personal Data they have transmitted, disclosed, or recorded will be accessible to Ustads under the conditions set forth in these Website Terms, Users shall be deemed to have disclosed such information and to have accepted that any Personal Data they disclose, record, or reveal on the Website loses its confidentiality vis-à-vis Ustads.
ii. The aforementioned personal data may be processed, in whole or in part, by automated means by Ustads on the legal grounds set forth in Article 5 of the Law, namely that “processing of personal data of the parties to a contract is necessary, provided that it is directly related to the establishment or performance of the contract, and that processing is necessary for the data controller to fulfill its legal obligation.” These Personal Data may also be processed, where the relevant User has given explicit consent, for other purposes stated in the Information Notice published on the Website and/or presented to the User’s information and/or approval in various sections.
iii. Special Categories of Personal Data: Unless required by law, Ustads does not request from Users, in any way and under any circumstances, data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing and attire, membership of an association, foundation or trade union, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data. Ustads has no responsibility arising from such information being provided, recorded, or disclosed to the Website or through the Website.
The Policy on the Protection, Processing, Storage and Destruction of Personal Data, which contains detailed information regarding Personal Data and is available on the Website, is an integral part of these Website Terms
8. Violation of Privacy and Security Terms: The Site Owner reserves the right to refuse information already in the system, remove it from content, delete it, and, without prior notice, suspend users’ access to the site and services, terminate access, and cancel membership (though not obligated to do so) if the privacy terms are not complied with or if an attempt is made to violate the rules, whether or not the violation is fully completed. This rule also applies in cases where the terms are indirectly violated or an attempt is made to violate them by a third party acting on behalf of the user.
9. Information and Communication: For questions regarding the privacy terms of Ustads’s website, you can get more information by writing to privacy@ustads.com.
I. Personal Information
Information You Provide to Us
The personal information you provide to us may include:
Contact information and correspondence:
When you interact with us via web forms, phone, email, mail, or social media, your name, contact information (such as phone numbers and email address), other information you choose to provide, and the content of your communications may be collected.
Registration information:
To use certain features of the Services, you must register and create an account. When creating an account, basic registration information such as email address, username, password, and mobile phone number will be requested.
Account information:
Information you provide while using your Ustads account, such as profile information, account settings, subscriptions, and content you create or interact with while using the account (such as your posts, responses, likes, shares, emojis, watchlists, people you follow, followers, and messages), is collected.
Payment information:
When you sign up for any subscription or make another payment to us, we collect payment information such as your name, payment card details, and billing information through our payment service providers. Please note that we do not store payment card numbers in our systems; we only store a tokenized version of this information. The information you provide regarding your payments is handled by our third-party payment processors in accordance with their terms of service and privacy policies.
Marketing information:
When you sign up to receive any type of marketing communication from us or interact with our marketing communications, we may collect your name, contact information, marketing preferences, and details about your interactions.
Surveys, reviews, and testimonials:
When you participate in any of our surveys or write a review/testimonial about us or our products, we may collect your name, job title, contact information, survey responses, and the content of your review/testimonial.
Vendors/business partners and representatives:
When you enter into a vendor/business partner agreement with us or are a representative of a vendor/business partner, we may collect your name, company information, job title, contact information, and the content of your correspondence with us.
Other information:
Any other personal information not specifically mentioned here but requested or received will be used as described in this Privacy Policy or as disclosed at the time of collection.
Information We Obtain from Third Parties
Social media information:
We have pages on social media sites such as Instagram, Facebook, Twitter, Medium, Vimeo, YouTube, and LinkedIn (“Social Media Pages”). When you interact with our Social Media Pages, we may collect personal information you choose to provide to us, such as your contact information. In addition, the companies hosting our Social Media Pages may provide us with aggregated information and analytics regarding the use of these pages.
Third-party credentials:
You may also enter certain passwords, usernames, account numbers, and other account information for websites, applications, products, or services offered by third-party service providers (“Third-Party Services”).
II. Automatic Data Collection
We and our service providers may automatically record and combine information about you, your computer or mobile device, and your interactions with our Services, communications, and other online services over time. This information may include:
Device data:
The type and version of your computer’s or mobile device’s operating system, manufacturer and model, browser type, screen resolution, device type (for example, phone, tablet), IP address, device identifiers, language settings, and general location information such as city, state, or geographic area. If you choose to use location-enabled Services, we may collect location information from your device. You can control or disable the sharing of location information through your device settings and/or browser settings.
Online activity data:
The pages or screens you view, how long you spend on a page or screen, the website you visited before browsing the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access, and whether you open or otherwise interact with our communications, such as marketing emails (for example, whether you click links or files in them).
We use cookies, web beacons (for example, pixel tags), browser web storage (also known as locally stored objects or "LSOs"), and similar technologies to collect certain information. For more information about how we use these technologies, please review our Cookie Policy.
III. How Do We Use Your Personal Information?
We use your personal information as described in this Privacy Policy or at the time of collection, and for the following purposes:
Providing the Services:
We use your personal information to operate, maintain, and provide our Services to you. This includes enabling you to use and access our website and your Ustads account. In particular, we will use your personal information to fulfill our contractual obligations under our Terms of Service.
Communicating with You About the Services:
We will use your personal information to communicate with you in order to fulfill our contractual obligations or in line with our legitimate business interests. This includes responding to your requests, providing support, and sending announcements, updates, security alerts, and support/help messages related to our Services.
Improving, Monitoring, Personalizing, and Protecting the Services:
Maintaining and improving the quality of our Services and providing a safe environment for our users is in line with our legitimate business interests. In this context:
· Understanding your needs and interests and personalizing your interactions with the Services,
· Troubleshooting, conducting tests and research, keeping our IT systems, architecture, networks and Services secure,
· includes investigating and protecting against fraudulent, harmful, unauthorized or illegal activity.
Research, Development, Market Analysis, and Comparison:
We may use personal information for research, product improvement and development, market analysis, and comparison purposes to analyze and improve our Services and our overall business. We may also provide access to general information in our Services to allow them to analyze market trends and use it for other business purposes. We may create anonymized or de-identified data derived from the personal information we collect in connection with these activities, and we may share such data with third parties for our legitimate business purposes, such as analyzing, improving, or promoting our Services.
Surveys and Reviews:
It is among our legitimate business interests to conduct surveys and collect feedback from you. If we consider publishing your survey responses or reviews together with information that identifies you, we will obtain your consent to process this information.
Marketing and Advertising:
· Direct Marketing: We may contact you directly for marketing communications about our Products and Services. Where required by law, we will send marketing information only with your consent. Otherwise, we will send this information only in pursuit of our legitimate business interests.
· Interest-Based Advertising and Third-Party Advertising Services: We work with our advertising partners to show you ads that we think may be of interest to you when you visit Ustads and other websites. These partners may use cookies and similar technologies to collect information about your interactions with our Services and other online activities. For more information, please review our Cookie Policy.
Supplier/Partner Relationships:
When you are a supplier/partner or a representative of a supplier/partner, we may use your personal information to contact you and/or your company and manage our relationship. Where we have signed a contract, we will use your personal information to fulfill our obligations under the relevant contract.
Compliance and Protection:
We may use personal information to comply with legal obligations and defend ourselves against legal claims or disputes. This includes the following:
· To protect our rights, privacy, safety, or property,
· To audit our internal processes for compliance with legal and contractual requirements,
· To enforce the terms and conditions governing the services,
· To prevent, investigate, and deter fraud, harmful, unauthorized, or illegal activity,
· To comply with applicable laws, official requests, and legal processes (for example, subpoenas or requests from public authorities)
IV. Sharing Information
We may share your personal information with recipients in the following categories:
Service Providers
We may share your information with trusted third parties that work with us to provide services and perform functions. These services include hosting, maintenance, and other information technology services. These third parties will use your information provided to them solely for the purpose of performing these functions and providing the services, in accordance with confidentiality and security obligations.
Advertising Partners
We may share your information with third-party advertising partners for interest-based advertising and third-party ad display purposes. For example, we may share data with advertising partners so that ads related to our services can be shown to you and other users on third-party platforms. In addition, information may be shared with third parties who promote their own products and services on our services so that they can analyze and improve the effectiveness of advertising campaigns.
Authorities and Others
We may share your information with government authorities, law enforcement, or private parties, in good faith, for purposes of compliance with the law and protection.
Business Transfers
In connection with business transfers, we may share your personal information with buyers or relevant parties. This includes processes such as mergers, consolidations, acquisitions, restructurings, sales of assets, or bankruptcy.
Affiliates
We may share your information with our current and future affiliates, that is, entities controlled by, controlling, or under common control with Ustads.
Other Users and the General Public
Ustads is generally a publicly accessible platform. Therefore, information visible on your Ustads profile (your photo, bio, name, location, website, following list, posts, replies, likes, and watchlists) can be seen by other users and the general public. By using our services, you consent to this information being shared publicly. In addition, we may share public information with our business partners for business, research, and analytics purposes.
Social Media
We may share your public content on our pages on social media platforms such as YouTube, Instagram, Facebook, Twitter, Medium, Vimeo, and LinkedIn.
Professional Advisors
Where necessary, we may share your information with professional advisors such as lawyers, bankers, auditors, and insurers.
Third-Party Services
When you integrate our services with third-party platforms (for example, by signing in with a third-party account or by providing an API key or similar access token), we may share your personal information with those third parties. For more information, we recommend reviewing the relevant third party’s privacy policy.
V. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes stated in this Privacy Policy. This includes situations where we have a legitimate business need to provide the Services and due to legal or regulatory obligations (for example, tax, legal, or accounting purposes), or to prevent and enforce breaches of the Services’ terms and conditions, or to defend legal claims.
When determining the appropriate retention period for your personal data, we take into account the amount, nature, and sensitivity of the personal data, the potential risk of harm arising from unauthorized use or disclosure of your personal data, the purposes for which we use your personal data and whether we can achieve those purposes by other means, the permissions you have given regarding your personal information, and applicable legal and regulatory requirements.
VI. Destruction of Personal Data
Reasons requiring the destruction of personal data
If all of the conditions for processing personal data set out in Articles 5 and 6 of the Law cease to exist, personal data shall be deleted, destroyed, or anonymized by the Company ex officio or upon the request of the relevant person.
Technical and administrative measures taken to ensure the secure storage of personal data and to prevent unlawful processing and access
Physical Measures
Physical access controls (locked rooms and cabinets)
Security plan
Physical security applicable to workplaces
Security measures governing the hardware where personal data is stored, via Google Drive corporate agreement through third parties
Back-up storage (backup)
Technical Measures
Individual user names (user IDs)
Passwords
Automatic session logoff; Google has it, the computer and system do not
Audit trail / log keeping
Firewall; Mac is used
Encryption
Administrative Measures
Policies restricting access to data for employees who need to use personal data
Policies regarding the proper collection, use, disclosure, storage and/or destruction of personal data
Policies regarding the proper use of mobile electronic devices storing personal data
Technical and administrative measures taken for the lawful destruction of personal data
The destruction of personal data is carried out by the Company by selecting one of the methods of deletion, destruction, or anonymization.
Methods for Deleting Personal Data
a. Application Type Cloud Solutions as a Service
In the cloud system, data is deleted by issuing a delete command. While performing this operation, the relevant user does not have the authority to recover deleted data on the cloud system.
b. Personal Data in Paper Form
Personal data in paper form is deleted using the blacking-out method.
c. Office Files Located on the Central Server
The file is deleted with the delete command in the operating system, or the relevant user's access rights to the file or the directory where the file is located are revoked.
d. Personal Data on Portable Media
Personal data on flash-based storage media is stored in encrypted form and deleted using software suitable for these media.
e. Databases
The relevant rows containing personal data are deleted with database commands (DELETE, etc.).
Methods for Destroying Personal Data
a. Local Systems
Demagnetization, physical destruction, and overwriting methods are used.
b. Peripheral Systems
i. Network devices (switches, routers, etc.)
ii. Flash-based media
iii. Units such as magnetic disks
iv. Mobile phones
v. Optical disks
vi. Peripherals such as printers
c. Paper and microfiche media
d. Cloud environment
Methods for Anonymizing Personal Data
