Privacy Policy

DISCONTI PRIVACY POLICY

1. KEY DETAILS AND WHO WE ARE

1.1. Our Purpose

As Disconti Bilgi Teknolojileri A.Ş. (“We”, “Disconti”) we are deeply concerned about our users’ (“User”) and visitors’ (“Visitor”) privacy regardless of point of access to our website with domain name https://www.disconticard.com (“Website”) or Disconti mobile application (“Application”) or your country of residency. For this reason, with this Privacy Policy (“Policy”) we aim to inform you about who we are, why we collect your personal information, whom we may share your information with, our legal basis and reasons for processing, and finally your rights.

The personal information subject to processing may differ from one action to another such accessing to Website, assigning-up for an account, using the Application, using services provided with Disconti card (“Disconti Card”) or contacting us; and Disconti using the Policy herein informs you about how we handle your personal information in different cases.

It is of utmost importance to read the Policy provided herein in tandem with our Terms of Use to better grasp the key terms provided and explained therein.

If you are a resident of State of California, please see §7.1 titled “Additional Information for Users/Visitors from California” and; if you are a European citizen, see §7.2 titled “Additional Information for Users/Visitors from European ”.

1.2. Data Controller

Disconti Bilgi Teknolojileri A.Ş. having its address at Atatürk Mahallesi Ertuğrul Gazi Sokak Metropol İstanbul Sitesi C2 Blok Apt. No:2A/14 Ataşehir/İstanbul with trade registry number 231647-5 is a data controller (“Controller”) for any and all data processing that occurs through accessing the Application and purchasing Disconti Card.

1.3. Contact Details

Contact details of Disconti are as follows:

Name of the company: Disconti Bilgi Teknolojileri A.Ş.

Postal address of the company: Atatürk Mahallesi Ertuğrul Gazi Sokak Metropol İstanbul Sitesi C2 Blok Apt. No:2A/14 Ataşehir/İstanbul

E-mail address [email protected]

Trade registry number 231647-5

2. DEFINITIONS

For the Policy the definitions provided herein shall be understood as follows:

CCPA The California Consumer Privacy Act of 2018, signed into law on June 28, 2018 by the State of California

Data Controller A natural or legal person who determines the means of and purposes for processing personal data

Data Subject A natural person who can be identified or rendered identifiable through the personal data related to

GDPR The General Data Protection Regulation, signed into law on May 25, 2018 by the European

Personal Data Information that makes it possible for any other person to identify an individual to whom the data relates to

Personal Data Breach A breach of security whether accidental or on purpose, resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data

Sensitive Personal Data Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade membership and; genetic and biometric information, information concerning data subject’s sex life or sexual orientation

Third Party Any other natural or legal person that is not part of Disconti

3. YOUR PERSONAL DATA

3.1. Personal Data You Provide Us

The Personal Data listed hereunder may be collected when you;

• create an account,
• use our Application,
• provide us with your feedback,
• purchase Disconti Card
• contact us or
• request technical support services.

3.2. Categories and Types of Personal Data

• Contact Information : Email Address
• Contact Information : Phone Number
• Identifying Information : First Name and Last Name
• Marketing Information : Order History
• Location Information : Location
• Account Information : Location
• Other : Gender

3.3. Personal Data Collected by Us

The Personal Data listed hereunder may be collected through automatic means including without limitation cookies, server logs and other technologies of equivalent nature. In cases where a Third Party uses our cookies, we may also receive Personal Data therefrom.

3.3.1. Categories and Types of Personal Data

• User Feedback : Feedback when prompted automatically by the Application and Website
• Technical Information : Internet Protocol (IP) address, login data, device and browser type, time zone settings, and version, operating system and platform (“Cookie Information”)
• Profile Information : Password preferences and how you contact our User Services
• Usage Information : The pages that you have visited on the Website and the Application, and time spent, the frequency of your use of Application, the links that you access, language preferences

3.4. How Your Personal Data is Processed

Your Personal Data given to or collected by us shall only be processed when necessary and as it is given in the table below:

3.4.1. Identity

3.4.1.1. First Name and Last Name

3.4.1.1.1. Processing Reason:  Creating an account

3.4.1.1.1.1. Legal Basis: Entering into a contract

3.4.1.1.2. Processing Reason: Identifying the contracting party

3.4.1.1.2.1. Legal Basis: Entering into a contract

3.4.1.1.3. Processing Reason: Issuing an e-archive invoice

3.4.1.1.3.1. Legal Basis: Complying with a legal obligation

3.4.1.1.4. Processing Reason: Sending a reply to whom contacted us through Website

3.4.1.1.4.1. Legal Basis: Legitimate interest

3.4.2. Contact

3.4.2.1. Email Address

3.4.2.1.1. Processing Reason: Creating an account

3.4.2.1.1.1. Legal Basis: Entering into a contract

3.4.2.1.2. Processing Reason: Guiding for password renewal

3.4.2.1.2.1. Legal Basis: Performance of a contract

3.4.2.1.3. Processing Reason: Notifying about distant sales agreement

3.4.2.1.3.1. Legal Basis: Performance of a contract

3.4.2.1.4. Processing Reason: Sending an e-archive invoice

3.4.2.1.4.1. Legal Basis: Complying with a legal obligation

3.4.2.1.5. Processing Reason: Sending a reply to whom contacted us through Website

3.4.2.1.5.1. Legal Basis: Legitimate interest

3.4.2.1.6. Processing Reason: Sending commercial messages

3.4.2.1.6.1. Legal Basis: Clarified explicit consent

3.4.2.2. Phone Number

3.4.2.2.1. Processing Reason: Allocating an account to a phone number

3.4.2.2.1.1. Legal Basis: Performance of a contract

3.4.2.2.2. Processing Reason: Notifying about distant sales agreement

3.4.2.2.2.1. Legal Basis: Performance of a contract

3.4.2.2.3. Processing Reason: Sending a reply to whom contacted us through Website

3.4.2.2.3.1. Legal Basis: Legitimate interest

3.4.3. Marketing Information

3.4.3.1. Order History

3.4.3.1.1. Processing Reason: Issuing an e-archive invoice

3.4.3.1.1.1. Legal Basis: Complying with a legal obligation

3.4.4. User Feedback

3.4.4.1. Feedback

3.4.4.1.1. Processing Reason: Improving the Application

3.4.4.1.1.1. Legal Basis: Legitimate interest

3.4.5. Profile Information

3.4.5.1. Password

3.4.5.1.1. Processing Reason: Creating an account

3.4.5.1.1.1. Legal Basis: Entering into a contract

3.4.6. Usage Information

3.4.6.1. Use of the Application

3.4.6.1.1. Processing Reason: Improving the Application

3.4.6.1.1.1. Legal Basis: Legitimate interest

3.4.7. Location Information

3.4.7.1. Location

3.4.7.1.1. Processing Reason: Suggesting nearby places

3.4.7.1.1.1. Legal Basis: Clarified explicit consent

3.4.8. Other

3.4.8.1. Gender

3.4.8.1.1. Processing Reason: Offering personalized campaigns and discount options to Users

3.4.8.1.1.1. Legal Basis: Legitimate interest

3.4.9. Technical Information

3.4.9.1. IP Address

3.4.9.1.1. Processing Reason: Accessing the Application

3.4.9.1.1.1. Legal Basis: Complying with a legal obligation

3.4.9.2. Cookie Information

3.4.9.2.1. Processing Reason: Improving the Application

3.4.9.2.1.1. Legal Basis: Legitimate interest

3.5. Changes to Above-Mentioned Information About Processing

In the event of any changes to those listed in §3.3, this Policy shall be updated accordingly.

4. Data Transfer

Your Personal Data may only be transferred when your explicit and informed consent is acquired to do so with exceptions mentioned below.

4.1. Competent Authorities such as Law Enforcement and Judiciary Authorities

Your Name-Surname data may be transferred to competent authorities in case of dispute.

4.2. Presidency of Revenue Administration

Your Name-Surname, E-mail Address and Order History data may be transferred to Presidency of Revenue Administration within the scope of e-archive services in accordance with the legislation.

4.3. Eren Holding & Group Companies

Your Name-Surname, E-mail Address, Phone Number, Order History, Location Data and Gender data may be transferred to Eren Holding and group companies in order to collaborate in commercial activities.

4.4. İleti Yönetim Sistemi Anonim Şirketi

Your E-mail Address data may be transferred to İleti Yönetim Sistemi Anonim Şirketi within the scope of conducting permission and complaint operations through Message Management System in order to fulfill our obligations arising from the legislation.

4.5. E-Mail Sending Service Provider

Your E-Mail Address data may be transferred to the company providing e-mail sending service in order for us to send commercial e-mails.

4.6. Mobile Application Server and Infrastructure Services Provider

Your Name-Surname, E-mail Address, Phone Number, Order History, Location Data and Gender data may be transferred to the company providing server and infrastructure services for Mobile Application.

5. Information Security

We have enacted appropriate security measures to ensure the safety, protection and the encryption of your Personal Data such that we may prevent accidental or unauthorized destruction, loss, theft or; unauthorized use, alteration and disclosure.

To do so, we limit the accessibility of your Personal Data to our employees, agents, contractors, affiliates, directors and other relevant Third Parties on a need-to-know basis. Any legal or natural person processing your Personal Data shall be under the duty of confidentiality and shall act accordingly.

In addition, any case of Personal Data Breach or reasonable suspicion of shall be handled according to our internal documents detailing how to act under such circumstances.

6. Children’s Privacy

Our Application is not intended for those under the age of 13 and between 13 and 18 without his/her parent’s or legal guardian’s allowance (a “Minor”) as stipulated in our Terms of Service, as a result of this Disconti does not knowingly collect Personal Data belonging to a Minor.

If we learn that any Personal Data processed by us, belongs to a Minor Disconti shall take the appropriate measures to delete such Personal Data.

7. Additional Information Regarding Different Legislation

7.1. Additional Information for Users/Visitors in California

7.1.1. California Residents’ Privacy Rights

Our Users and Application/Website Visitors residing in the State of the California have the right to contact us to be informed about their Personal Data, if any processed by us or shared by us with Third Parties.

7.1.2. 7.1.2. California and Delaware “Do Not Track” Disclosures

As per California and Delaware State Laws, Disconti honors the “Do Not Track” settings in the privacy settings that turn-off targeted advertising.

7.2. Additional Information for Users/Visitors in European

7.2.1. Principles

Your Personal Data listed under §3.3 shall be processed,

• lawfully, fairly and in a transparent manner in relation to the Data Subject (“Lawfulness”, “Fairness” and “Transparency”)
• accurately and where necessary, kept up to date (“Accuracy”)
• for specific, explicit and legitimate purposes (“Purpose Limitation”),
• relevant, limited and proportionate to the purposes for which they are processed (“Data Minimization”), and
• in a manner that ensures appropriate security of the Personal Data and kept in a form which allows identification of Data Subjects for no longer than is necessary for the Processing Reasons.

7.2.2. Legal Bases

Legal Bases for processing Personal Data listed thereunder §3.3 shall be understood as listed under GDPR Article 6 as;

• Entering into a contract Processing your Personal Data such that we can enter into a contract to provide you access to our Application, i.e. signing up for an account
• Performance of a contract Processing your Personal Data such that we can honor our obligations arising out of the contract between you and us, i.e. providing you with a Persona
• Necessity to comply with a legal obligation Processing your Personal Data because of a valid European Law, i.e. logging your IP address
• Legitimate interest Processing your Personal Data for the security concerns or development of the Application, i.e. your Gender
• Consent Giving us permission to use your Personal Data in accordance with our Processing Reasons via an opt-in mechanism

8. Your Rights

• Right to be informed
• Right of access
• Right of rectification
• Right to restrict processing
• Right to erasure
• Right to data portability
• Right to object
• Rights in relation to automated decision making
• You may send us your request on using your above-mentioned rights, together with documents providing your identity and the scope of your request through below-mentioned manners:
• Sending an electronically signed or unsigned e-mail to [email protected]
• Delivering by hand, by notary or by certified mail to Atatürk Mahallesi Ertuğrul Gazi Sokak Metropol İstanbul Sitesi C2 Blok Apt. No:2A/14 Ataşehir/İstanbul

We undertake to respond your request as soon as possible but not more than 30 (thirty) days, and without any charge, as long as there is no transaction cost.