Personal Data and General Privacy Policy
www.Qrmenue.com (hereinafter referred to as "Qrmenue") will not share, sell, or allow the use of the personal data transmitted to it electronically by users through the website www.Qrmenue.com (the "Website") or its mobile applications, for purposes other than those set out in the "Turkish Personal Data Protection Law No. 6698" and the General Data Protection Regulation (GDPR).
Qrmenue's "Personal Data and General Privacy Policy" is set out below.
IP Addresses: In order to identify system-related issues, promptly resolve problems that may arise on the Website / mobile applications, and, where necessary, notify the competent legal authorities in accordance with applicable laws and procedures, Qrmenue may detect and use users' IP addresses when required. IP addresses may also be used to identify users in a general (anonymous) manner and to gather comprehensive demographic information.
Anonymous Data: Information requested by Qrmenue, information provided by the user, or information relating to transactions carried out through the Website / Mobile Application may be used anonymously (without disclosing the user's identity) by Qrmenue and its business partners for various statistical evaluations, database creation, offering personalized packages / offers, and market research.
Links to other sites: Qrmenue may provide links to other sites within the Website / Mobile Application. Qrmenue bears no responsibility whatsoever for the privacy practices or content of the sites accessed through such links.
Bank / Credit Card Information: Qrmenue uses an SSL certificate (green bar) that secures data transmission with 256-bit encryption. Users' bank / credit card information is used solely by the bank or payment institution during the purchase transaction and is never stored in the database. To facilitate users' subsequent purchases, Qrmenue may offer an infrastructure through which card information can be stored via PCI DSS-certified institutions. Card Storage Services that hold PCI DSS certification and are licensed by the Banking Regulation and Supervision Agency (BRSA) facilitate the Authentication and Authorization steps for information contained on bank / credit cards, thereby providing bank / credit card holders with a safe and convenient means of payment.
Circumstances under which user data may be disclosed: Personal data belonging to the user includes full name, address, phone number, e-mail address, and any other information that may identify the user. Unless otherwise stated in this privacy policy, Qrmenue will not disclose any personal data to third parties other than its business partners and affiliated companies. In the circumstances set out below, Qrmenue may, departing from the provisions of this privacy policy, disclose users' information to third parties. These circumstances are;
Compliance with obligations imposed by laws, decree-laws, regulations, and similar legal rules issued and in force by a competent legal authority;
Fulfilment and implementation of the requirements of the agreements Qrmenue has entered into with users;
Cases where it is necessary to request information about users for the purpose of conducting an investigation or inquiry duly carried out by the competent administrative or judicial authority, or to provide information in order to protect the rights or safety of users.
Qrmenue undertakes to keep confidential information strictly private and confidential, to treat this as an obligation of confidentiality, and to take all necessary measures and exercise all due care to ensure and maintain confidentiality and to prevent all or any part of the confidential information from entering the public domain, being used without authorization, or being disclosed to a third party.
Cookies: Qrmenue may obtain information about users and their use of the Website through a technical communication file (Cookie) prepared by itself or by third parties. Such technical communication files are small text files that a website sends to the user's browser to be stored in memory. A technical communication file keeps a session active by storing the user's session information, password, and preferences, and makes subsequent use easier by recognizing the user on their next visit. It also helps to obtain statistical information about how many people use the Website, for what purpose and how many times a person visits the Website, and how long they stay, and helps generate advertising and content dynamically from user pages designed specifically for users. A technical communication file is not designed to retrieve data from memory or e-mail, or any other personal information. Most browsers are initially set to accept technical communication files by default; however, users may change their settings so that technical communication files are not sent, or so that a warning is given whenever a technical communication file is sent.
Data collected through surveys, contests, and similar activities: Information requested from users who respond to periodic surveys and contests organized by Qrmenue within the Website is used by Qrmenue and its business partners to carry out direct marketing to these users, conduct statistical analysis, and build a database.
Newsletter mailings and announcements: Qrmenue sends users a weekly newsletter to inform them about economic developments, current affairs, and matters within its own field. Where it deems necessary, or where it has an agreement with third-party partners, it may send promotional and informational Campaign / Offer / Package announcements. When you create an account on our system for the first time, you accept, as a default setting, the receipt of e-mail and SMS messages. Users may prevent these e-mails from reaching them by clicking the link specified at the bottom of the e-mail, as explained there. In addition, options to block these are available in your user panel. If you wish to unsubscribe from our daily e-mail list at any time, you can easily unsubscribe from the newsletter with a single click by clicking the "Please click to unsubscribe from our newsletter" link found at the bottom of the e-mails we send.
General information about the Personal Data Protection Law
Law No. 6698 on the Protection of Personal Data was adopted on 24 March 2016 and published in the Official Gazette No. 29677 dated 7 April 2016. The EU General Data Protection Regulation (GDPR) entered into force on 25 May 2018. As the data controller under Law No. 6698 on the Protection of Personal Data and the EU General Data Protection Regulation (GDPR), we will record, classify, process, store, and update the personal data of our valued customers, and may disclose it to third parties in accordance with the applicable legislation and where you have given your consent; we hereby inform you of our mutual rights and obligations under the relevant legislation.
Information provided in the capacity of data controller
As Qrmenue, whose detailed corporate information is published below, in accordance with the laws set out above, in our capacity as Data Controller, your personal data will, within the framework described below, be recorded, stored, updated, and, where permitted by legislation, disclosed to / transferred to third parties, classified, and processed.
Definition of Personal Data under the Law
This refers to any information that enables you to be identified or identifiable, such as your identity (full name, date of birth, national ID number, etc.), contact details, and information relating to the methods used when accessing our products (IP address, mobile phone brand and model, browser type and version, social media information, actions performed on screens, etc.).
How your personal data may be processed
Under Law No. 6698 on the Protection of Personal Data (KVKK) and the EU General Data Protection Regulation (GDPR), the personal data you share with our company may be processed by us, whether wholly or partly, by automated means, or by non-automated means provided that it forms part of a data recording system, through obtaining, recording, storing, altering, and reorganizing it; and, provided that its security and confidentiality are ensured within the scope of the applicable legislation, through disclosing, transferring, taking over, making it accessible, classifying it, or restricting its use — in short, through any type of operation carried out on the data. Any operation carried out on data under the laws set out above is considered "processing of personal data."
Purposes and legal grounds for processing your personal data
The personal data you share;
To fulfil the requirements of the services we provide to our customers in accordance with the requirements of the agreement and technology, and to improve the products and services offered,
To be able to formally issue invoices after the purchase of all products and services we offer,
To comply with information retention, reporting, and disclosure obligations required by legislation and other authorities,
To be able to provide information to public prosecutors, courts, and relevant public officials upon request and as required by legislation, in matters relating to public safety and legal disputes,
will be processed in accordance with the scope, procedures, and principles of Law No. 6698 (KVKK) and the EU General Data Protection Regulation (GDPR).
Your identity, address, tax number, and other information will be recorded in order to identify the party carrying out and the counterparty to any transaction or process to be carried out in connection with any products and services to be offered to you; documents and information supporting transactions and processes to be carried out electronically will be prepared; information retention, reporting, and disclosure obligations required by all competent judicial and administrative authorities under the relevant legislation (such as the courts, the Union of Turkish Bar Associations, the BRSA, the Capital Markets Board, the Central Bank, MASAK, and the ICTA) will be complied with; and the data will be processed for the purposes of providing any other products and services offered and requested by Qrmenue and fulfilling the requirements of the agreements between us.
Information about third parties or organizations to which your personal data may be transferred
For the purposes set out above, the persons / organizations to which the personal data you share with our company may be transferred include our main shareholders, our direct or indirect domestic / international affiliates, and, without limitation, persons and organizations related to the services provided, in order to carry out our operations and/or the service providers, business partners, program partner organizations, domestic / international organizations, and other third parties from whom we receive services in the capacity of Data Processor.
In addition, your personal data may be transferred, within the framework of our relevant business partnerships, to institutions, organizations, banks, financial institutions, providers, or companies from whom we receive services or with whom we cooperate on matters relating to product/service comparison and application processes, to persons and institutions from whom we receive cloud storage services for data, to institutions with which we have agreements for sending communications to our customers, and to other third parties.
How your personal data is collected
Your personal data;
is processed in the form of your full name, national identity number, passport number, address, phone number, business or personal e-mail address, age, gender, occupation, preferences on pages accessed using your username and password, IP records of transactions carried out, cookie data collected by the browser together with browsing duration and detail data, and location data, collected through forms on our company's website and mobile applications;
verbally, in writing, or electronically, through our sales and marketing department staff, our agents, our dealers, paper forms, business cards, digital marketing, and channels such as our call center;
obtained, in physical or virtual environments, face-to-face or remotely, verbally, in writing, or electronically, from persons who share their personal data through business cards, résumés (CVs), offers, and similar means for purposes such as establishing a business relationship with our company, applying for a job, or submitting an offer;
in addition, data obtained indirectly through various channels, such as data obtained from websites, blogs, contests, surveys, games, campaigns, and similar (micro) websites and social media, newsletter reading or click activity, data provided by publicly accessible databases, and publicly shared profiles and data from social media platforms (such as Facebook, Twitter, Google, Instagram, Snapchat, etc.);
may be processed and collected in the manner described above.
Your personal data obtained before Law No. 6698 (KVKK) and the EU General Data Protection Regulation (GDPR) entered into force — that is, personal data lawfully obtained before 7 April 2016, the effective date of the KVKK, and before 25 May 2018, the effective date of the EU General Data Protection Regulation (GDPR) — is also processed and stored, in accordance with the terms and conditions set out in this document, on our servers located in a data center in "Germany" that operates with "24/7 security and every type of protective measure in place."
Storage and protection of personal data
Your personal data will be kept confidential in the database and systems maintained by our company, in accordance with Law No. 6698 (KVKK) and the EU General Data Protection Regulation (GDPR), and will not be shared with third parties under any circumstances other than legal obligations and the arrangements set out in this document. In accordance with Law No. 6698 (KVKK) and the EU General Data Protection Regulation (GDPR), our company is obliged to take software-based measures such as hashing, encryption, transaction logging, and access management, as well as physical security measures, to prevent the unlawful processing of your personal data, to prevent unauthorized access, and to ensure the systems and databases in which your personal data resides are properly protected. If it becomes known that personal data has been obtained by others through unlawful means, the matter will be reported immediately, in writing, to the Personal Data Protection Board, in accordance with the applicable legislation.
Personal data will be retained for as long as the purpose for which it was provided remains valid. In order to determine your needs, serve you more quickly, and respond to your subsequent service requests, your data will continue to be processed by us even after the service you received from us has ended. Data will be subject to legally prescribed periods and, where it needs to be retained for reporting or disclosure purposes to legal authorities and relevant public bodies, or where the legislation requires longer retention periods, these limits will be observed. We will take the necessary security measures to prevent stored and recorded data from being lost, falling into the hands of unauthorized persons, or being used unlawfully.
Keeping personal data accurate and up to date
Pursuant to Article 4 of the KVKK, our company is obliged to keep your personal data accurate and up to date. In this context, in order for our company to fulfil its obligations arising from the applicable legislation, our customers are required to share accurate and up-to-date data, or to update it via the website / mobile application.
Rights of the personal data owner under Law No. 6698 (KVKK) and the EU General Data Protection Regulation (GDPR)
The Personal Data Owner has the right to apply to our company (the data controller) to;
learn whether their personal data is being processed,
request information about it, if it has been processed,
learn the purpose of the processing of personal data and whether it is used in accordance with that purpose,
know the third parties, domestic or abroad, to whom personal data is transferred,
request that personal data be corrected if it has been processed incompletely or incorrectly,
request that personal data be deleted or destroyed within the framework of the conditions set out in Article 7 of the KVKK,
request that these corrections, deletions, or destructions be notified to the third parties to whom the personal data has been transferred,
object to the emergence of a result to their own detriment through the exclusively automated analysis of processed data,
and request compensation for damages suffered as a result of the unlawful processing of personal data.
The Data Controller Representative to be appointed by Qrmenue will be announced in the Data Controllers' Registry, once the legal infrastructure is in place, and at the internet address where this document is located.
Personal Data Owners may direct their questions, opinions, or requests to any of the following communication channels:
e-mail: [email protected]
Our company may provide a positive or negative response to requests submitted, in writing or in digital form, provided that the response is reasoned and given within 30 days. As a general rule, the necessary procedures relating to requests are free of charge. However, if the procedures require a cost, our company reserves the right to charge a fee. Such fees are determined according to the tariff set by the Personal Data Protection Board pursuant to Article 13 of the Law on the Protection of Personal Data.
Türkçe
English
Deutsch
Ελληνικά
Français