LPPD Clarification Text

DISCLOSURE TEXT WITHIN THE SCOPE OF THE LAW ON THE PROTECTION OF PERSONAL DATA


Thorne IT Inc. ("Thorne" and/or "Company"), as the data controller, your personal data; within the framework of the purpose requiring their collection and processing, in connection with this purpose, in a limited and measured manner, as you have notified our Company or as notified to our Company, by maintaining the accuracy and the most up-to-date form of personal data, will be recorded, stored, preserved, rearranged, shared with institutions that are legally authorised to request this personal data, and under the conditions stipulated by LPPD, transferred to third parties at home and / or abroad, transferred, classified and processed in other ways listed in PDPL.

1-Personal Data Processing Collection Methods, Purposes and Principles

The activities of our Company are activities for crypto asset production and sales activities, processes related to these activities and related services. Our Company will process personal data obtained within the framework of this scope in accordance with the legislation. The following data may be processed within the scope of the services provided by our Company:

- Name-surname, Turkish ID number, identity information that may be included in the identity card and / or passport wallet
- Contact details such as e-mail address or telephone number
- Address details
- Photo.
- Biometric data that can be collected through facial recognition or fingerprint enrolment systems,
- Your transaction information, which may include your orders, requests or complaints
- Your security data such as IP address or site login and logout records
- Financial data such as bank account details and/or IBAN information
- Data on suspicious or risky transactions
- Data such as usage preferences or cookie records that may be stored for marketing purposes

Your personal data;

- Execution of access processes within the scope of the services offered by our company,
- Fulfilment of crypto asset sales / purchase processes duly,
- Execution of crypto asset production and marketing processes,
- Providing support services to our customers after the service,
- Fulfilment of the obligations specified in the legislation and to which our Company is subject,
- Ensuring process and information security,
- To fulfil the obligations of identification, information retention, reporting and information obligations stipulated in the legislation and to provide information to the institutions and organisations authorised within this scope,
- Managing contract processes and other business activities,
- Improving the quality of services provided by the company,
- Carrying out internal audit processes,
- Improvement of the services offered by the company and its quality policy,
- Execution of complaint and request processes,
- Follow-up and execution of legal processes,
- Execution of risk management processes,
purposes of processing and preservation. Our company will act in accordance with the principles, purposes and procedures set out in the Law while carrying out data processing activities. In addition to the provisions of LPPD, Thorne IT also takes adequate measures determined by the Board in the processing of special categories of personal data.

Your personal data will be processed by our Company within the processing conditions specified in Articles 5 and 6 of the Law.

- Explicitly stipulated in the laws;
- Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to the contract,
- It is mandatory for our company to fulfil its legal obligations,
- The personal data has been made public by the personal data subject himself/herself,
- Data processing is mandatory for the establishment, exercise or protection of a right,
- Provided that it does not harm the fundamental rights and freedoms of data subjects, it is mandatory for our Company to process data for its legitimate interests.

Your personal data may be collected by our company through digital technologies such as telephone, e-mail, SMS, cookies and our company's website and other verbal, electronic or written media. Regarding the data processed through automated systems, Thorne will act in accordance with the legislation and the regulated policy text. Your personal data will be retained for the maximum period specified in the relevant legislation or required for the purpose for which they are processed, and in any case for the statutory statute of limitations.

2- Your Sensitive Personal Data

Within the scope of our company's activities and services provided, your biometric data within the scope of special categories of personal data may be processed. The data in question will be collected and processed in order to carry out the identification processes stipulated in the legislation and to ensure information security, and will be retained for the legal limitation periods specified in the relevant legislation or required for the purpose for which they are processed and in any case. Your biometric data will be processed and stored in accordance with the text of the "Guideline on the Issues to be Considered in the Processing of Biometric Data" published by the Personal Data Protection Board.

3- Transfer of Personal Data Domestically and Abroad

Your personal data collected by Thorne IT may be transferred to the following persons and institutions in accordance with the LPPD and other legislation; our employees, shareholders, financial advisors and audit companies, business partners, suppliers who help our company to fulfil the services offered by our company, and legally competent state authorities and official institutions and organisations, especially the Financial Crimes Investigation Board.

Your personal data collected by our company are stored on servers located in foreign countries in order to fulfil the services provided and to ensure data security. In this context, your personal data may be transferred to Microsoft Office applications, cloud-based systems or backup systems located in foreign countries in accordance with Article 9 of the Law.

4- Rights of the Data Subject Pursuant to Article 11 of the LPPD

Pursuant to Article 11 of the LPPD, the data subject may apply to our company to learn whether the personal data belonging to him/her and/or his/her legal guardian is being processed;

- To learn whether the personal data belonging to him/her and/or his/her legal guardian are processed or not,
- If processed, to request information about it,
- To learn the purpose of processing and whether they are used for their intended purpose,
- To know the third parties to whom personal data are transferred domestically or abroad,
- To request correction in case of incomplete or incorrect processing,
- To request the deletion or destruction of personal data in accordance with the legal legislation,
- To request notification of the correction/deletion/destruction to third parties to whom personal data are transferred,
- To object to the emergence of an unfavourable result due to the analysis exclusively through automated systems,
- It has the right to demand the compensation of the damage suffered due to processing in violation of the LPPD.

In this context, the relevant person may submit his/her applications for the above-mentioned purposes to Thorne IT in writing or in accordance with this method if a separate method is determined by the Personal Data Protection Board. The relevant person, together with the documents identifying his identity, Acıbadem Mahallesi Gömeç Sok. Akgün Business Centre No: 37/4 Kadıköy Istanbul address by registered letter with return receipt requested or by sending an e-mail by using info@thornebilisim.com, which was previously notified to the data controller by the data subject and registered in the system of the data controller.

In the written application of the data subject; the matter requested must be clear and understandable, the subject of the request must be related to his/her person or if acting on behalf of someone else, he/she must be specially authorised in this regard and the authorisation must be documented. You can access the "Application Form" that can be used in the applications to be made by the relevant person here.