Privacy Policy

Last updated on Jul 01, 2020.

Sufle Teknoloji Araştırma Geliştirme Limited Şirketi is committed to protect privacy and confidentiality of information that is entrusted to us in compliance with the “Kişisel Verilerin Korunması Kanunu (KVKK)” and “EU General Data Protection Regulation (GDPR)”. What information is collected and the extent to which the collected information is used and protected is given in the Privacy Policy below. Please read Privacy Policy to learn your rights of data.

1. Who are we?

This website is operated by Sufle Teknoloji Araştırma Geliştirme Limited Şirketi (“Sufle”, “we” or “us”). This Privacy Policy is applicable to Sufle.

2. Who can you contact for privacy questions or concerns?

If you have any question or comment on this Privacy Policy or the way we handle personal information, please e-mail: [email protected]

Sufle aims to respond within 30 days after the receivement of privacy related concerns.

3. How do we collect personal data?

Direct: We acquire personal data from individuals directly through various sources: business cards that are provided from individuals, completed online forms and surveys, subscribed newsletters and bulletins, registered webinars, events or meetings that we host and recruitment documents that individuals provide us at our office. Sufle also might collect personal data directly through contracts created for business relationships, professional services or its software applications.

Indirect: Sufle collects personal data from individuals indirectly through various sources: recruitment service and clients that we work with. Sufle might attribute personal data to its customers relationship management (CRM) processes to improve its offers for business clients, subscribers and individuals.

Public Sources: Sufle collects personal data from the sources that are open to the general public such as news articles, sanctions lists, Internet searches and so on.

Social and professional network platforms: When individuals register or login to our website using social media (Facebook, Twitter, Google or LinkedIn) in order to authenticate their identity or connect social media login information with this website, Sufle might collect information needed for the registration or login process that is permitted by the relevant social media provider. This particular information might be name, e-mail address and additional details based on the individual’s privacy settings on the social media platform. Individuals who want to set and control the information shared with this website can change their privacy settings and controls on the relevant social media platform.

Business clients: The professional services we perform for our business clients might engage sharing personal data controlled by our clients if needed. Examples include audit processes undertaken for the compliance assessments that involve employee information. Our professional services might also include processing personal data that is controlled by our clients on behalf of them on our hosted applications. This type of collection and processing of personal data is subject to different privacy terms, policies and notices.

Recruitment services: Sufle may collect personal data from candidates that apply through employment agencies and other parties such as our former employers.

4. What categories of personal data do we collect?

We collect personal data within the categories defined below through direct interactions, indirect interactions that include sources as business client engagements, applicants, and others described in this Privacy Policy.

Personal data that is commonly collected by Sufle to conduct our business processes:

Contact details (including name, company name, job title, work and mobile telephone numbers, work and personal email address, postal address)
Professional details (including job and career history, educational background, published articles, projects and job-related memberships)
Family and beneficiary details for insurance and pension plans (including name and date of birth)
Financial information (including taxes, payrolls, pensions, assets, bank details)

Sensitive personal data: Sufle does not obtain sensitive or special type of personal data from individuals besides its own employees. Sufle may collect and process sensitive personal data from individuals (that are not employed by Sufle) when it is instructed by a third party with the expressed consent of individuals to do so, or when it is required by law. Examples of sensitive data Sufle may collect or hold is given below:

Documents that identify personal characteristics such as race, religion or ethnicity, biometric data of individuals, beneficial owners of corporate entities or applicants.*
Adverse information about our existing or potential business clients or job applicants that might include criminal history and such information.
Information provided by business clients through our professional engagement and service.
Children data. Even though sufle does not purposefully collect information from individuals that are under 13 years of age, Sufle may receive information about children who attend its events or meetings with their parents and guardians (example: training, summits).

5. What lawful reasons do we have for processing personal data?

Sufle may collect and use personal data in order to conduct business and provide its product and services based on lawful reasons:

Contracts: Sufle might process personal data to perform its contractual obligations owed to the relevant individuals or to create a contract with them.

Consent: Sufle might collect and use personal data based on the freely consent given by the individuals when they provide their personal data.

Legitimate interests: Sufle might collect and use personal data relying on legitimate interests based on the evaluation of fair, reasonable and justifiable processing. These legitimate interests include:

Delivering service to our clients: Sufle might collect and use personal data to perform its professional services for its engaged clients.
Direct marketing: Sufle might collect and use personal data obtained by business clients, subscribers or interacted individuals to assess market insights and market trends.
Legal requirements: Sufle might collect and process personal data to meet is legal and regulatory obligations and instructions.

6. Why do we need personal data?

Sufle aims to be transparent when it collects and uses personal data and why the personal data is needed in the first place. The reasons why Sufle collects and uses personal data includes:

To provide and perform professional consultancy related to our service areas: cloud, DevOps, compliance and software development. Our services might include reviewing business files for assessment, implementation and audit purposes, which may involve processing personal data for the corresponding business clients.
To promote our professional services, capabilities and products to existing and potential clients.
To send invitations and to provide access to registrants attending our webinars, in person events or our sponsored events.
To personalise our website landing pages and online communications provided to our existing and potential business clients.
To administer, maintain and ensure the protection and security of our information systems, our website and hosted applications.
To authenticate registered users to certain areas of our websites.
To seek qualified job candidates and to carry candidate career information to our human resources activities, which might be subject to different privacy terms and policies.
To process online requests, which might include responding to communication request from individuals or requests for proposals and quotations for our offered services.

7. Do we share personal data with third parties?

Sufle might occasionally share personal data with the third parties it trusts in order to improve and increase efficiency of its service offerings. These third parties are contractually obligated to protect and secure the data that is shared with them. Sufle might engage with one or more of the following categories of data recipients described below:

Parties that help Sufle to deliver its professional services such as telecommunication providers, technical support, cloud-based software services and so on.
The professional advisers that Sufle works with, including lawyers, insurers and auditors.
A potential buyer, transferee, merger partner or seller and their professional advisers for an actual or potential transfer or merger of our several business assets and associated rights or interests, or to acquiring or merging with the business.
Sufle’s marketing service providers.
Legal enforcements, regulatory agencies (including government) and other required parties based on the applicable laws and regulations.
Sufle’s recruitment service providers.

8. Do we use cookies?

This website uses cookies. When and where cookies are used, a statement about the use of cookies is sent to the relevant browser. Please read our Cookie Policy to learn about use of cookies further.

9. What are your data protection rights?

Access: Individuals can ask Sufle anytime to verify whether it processes personal data of them and if so, they can ask for specific details of which type of information is processed.

Correction: Individuals can ask Sufle to edit and correct its records if they see any incorrect or incomplete information about them is held.

Erasing: Individuals can ask Sufle to delete or erase any of their personal data after they withdraw their information processing consent or when Sufle does not need the specific information for the initial collection purpose.

Processing restrictions: Individuals can ask Sufle to restrict the processing of their personal data temporarily if they object to the accuracy of their data and prefer to restrict its use instead of asking for erasure. Individuals can also ask Sufle to preserve their personal data to establish or defend a legal claim. A temporary restriction is applied while the legitimate grounds of processing personal data is verified. Individuals can ask for to be informed by Sufle when the temporary processing restriction is lifted.

Data portability: Individuals can occasionally ask Sufle to transmit their collected personal data directly to another company in a structured, machine-readable format if it is technically consistent.

Automated Individual Decision Making: Individuals can ask Sufle to review the decisions made about them in accordance with the automated processing services that might bring legal effects concerning or significantly affecting them, such as profiling.

Right to Object to Direct Marketing Including Profiling: Individuals can object to use of their personal data for Sufle’s direct marketing purposes and activities, including profiling. In this case, Sufle might need to keep some minimal amount of information about them to meet their request of ending marketing for these individuals.

Right to Withdraw Consent: Individuals can withdraw their previously given consent for one or more specified purposes for personal data processing. Withdraw of consent does not affect the legitimacy of any data processing that is done before the withdrawal. Withdrawal of consent might mean inability to offer certain services or products to individuals and if so, they will be informed of the situation.

Individuals who would like to exercise their Data Subject Rights can email: [email protected] Sufle might require some specific information regarding these individuals to confirm their identity and help them access their personal information and exercise any of their data rights. This process helps both Sufle and individuals to ensure the personal data is not disclosed to any other person who has not the right to access this data. These requests can be made with no charges if they are obviously grounded and conscionable. In some cases, Sufle may be unable to meet these requests if they conflict with other lawful grounds.

10. What about personal data security?

Sufle exercises necessary technical and organizational security policies and procedures to ensure the protection of personal and sensitive personal data from loss, misuse, change and demolition. Sufle is dedicated to ensure the access to personal data is limited only to those who have justifiable reasons to access. The individuals who have access to the personal data are required to protect the confidentiality of such information as well. Sufle may practice pseudonymisation, de-identification or anonymisation methods to protect the personal data effectively.

Individuals should also be aware that the security concerns involved in transmitting data via the Internet is at their own risk. While the security of data transmission to the website is not completely guaranteed, Sufle aims to protect the security of personal data.

11. Do we link to other websites?

This website might include links to other websites including our partners’ and customers’ websites that are not subject to this Privacy Policy. Individuals should review the links’ destination website and their Privacy Policies before submitting their personal data on these websites. Although Sufle aims to link only to the websites which are trustworthy and respectful privacy, Sufle is not responsible for the security or privacy practices exercised by any other website.