Privacy Policy

STEPS ON CLOUDS (Ayhan ERDEN) – CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA

This Clarification Text has been prepared by Steps on Clouds (Ayhan ERDEN) ("Company") to inform its customers about the processing of their personal data by the Company, within the scope of the Law No. 6698 on the Protection of Personal Data (“Law”).

1. a) Methods of Obtaining Personal Data and Legal Grounds

Your personal data is collected through physical and/or electronic means. Personal data collected for the legal reasons specified in this Clarification Text can be processed and shared within the conditions of data processing outlined in Articles 5 and 6 of the Law.

1. b) Purposes of Processing Personal Data

Your personal data may be processed for the following purposes, within the legal grounds stated in Articles 5 and 6 of the Law:

• Planning and executing activities necessary to personalize and promote the products and services offered by the Company based on your preferences, usage habits, and needs;

• Carrying out necessary operations by business units to ensure you benefit from the products and services;

• Executing commercial activities of the Company and relevant business processes;

• Planning and execution of the Company's commercial and/or business strategies;

• Ensuring legal, technical, and commercial-business security of the Company and third parties in business relationship with the Company.

1. c) Recipients and Purposes of Data Sharing

Your personal data may be shared under the conditions and purposes stated in Articles 8 and 9 of the Law, including but not limited to:

• Planning and executing activities necessary to customize and promote the Company's products and services based on your preferences, usage habits, and needs;

• Enabling access to products and services by performing required work and business processes;

• Ensuring commercial activity execution and business strategy planning;

• Securing legal, technical, and commercial-business safety of the Company and its business-related parties.

Your personal data may be shared with:

• Company’s domestic service providers and business partners (e.g., call centers, data collection device providers, marketing/advertising/analytics providers, database and server providers, site and app usage monitoring service providers, email providers, e-invoice providers, electronic communication tool providers, cargo and courier companies, suppliers offering custom product tailoring, card printing services, printing houses, storage providers, banks and e-payment institutions, legal and financial consultants, independent audit services, archiving providers, customer support/video call providers, and online messaging/voice call service providers);

• Legally authorized public institutions and organizations;

• Legally authorized private legal entities.

1. d) Rights of Data Subjects and Exercise of Rights

As data subjects, if you submit your requests regarding your rights below to the Company through the methods indicated under the section "Exercise of Data Subjects’ Rights", the Company will evaluate and finalize your request as soon as possible and no later than 30 (thirty) days.

Under Article 11 of the Law, you have the following rights:

• To learn whether your personal data is processed;

• If processed, to request information regarding this;

• To learn the purpose of processing and whether it is used in line with this purpose;

• To know the third parties to whom data has been transferred domestically or internationally;

• To request correction of incomplete or inaccurate data, and notification of such correction to third parties;

• To request deletion or destruction of personal data if the reasons requiring processing no longer exist, and to request notification of this to third parties;

• To object to results arising against you through automated analysis;

• To request compensation in case of damage due to unlawful data processing.

According to Article 28(2), the following cases are excluded from the exercise of these rights:

• When processing is necessary to prevent crime or for criminal investigations;

• When personal data is made public by the data subject;

• When processing is required for supervisory or regulatory tasks of authorized public institutions or professional organizations;

• When processing is necessary for protection of State's financial and economic interests.

According to Article 28(1), the Law does not apply in the following cases, and requests in these areas will not be evaluated:

• Processing by real persons for personal or family matters, provided it’s not shared with third parties and data security is ensured;

• Processing for research, planning, and statistics after anonymization;

• Processing for artistic, historical, literary, or scientific purposes, or within the scope of freedom of expression, provided it doesn’t violate privacy or constitute a crime;

• Processing by authorized public institutions for national defense, public safety, or intelligence activities;

• Processing by judicial authorities in relation to investigations, prosecutions, trials, or enforcement.

Exercise of Data Subjects’ Rights

You may submit your requests under Article 11 of the Law to us via:

• Written application to: Hasanpaşa Mh. Uhuvvet Sk. No:2/1 Kadıköy / Istanbul

• Email from your registered email: iletisim@stepsonclouds.com

Upon your request for deletion of your personal data, such data will be deleted within the period stipulated by the Law, and you will be notified. (Please note that your request must meet the criteria defined in the Communiqué on Application Procedures to Data Controller.)

The Company may verify your identity and request additional information if needed.