ring bell

Applications for the Kaizen Talent Program are now open! 🤩

arrow

PERSONAL DATA PROTECTION POLICY

This Personal Data Protection Policy (“Policy”) explains how personal data collected/obtained from natural persons specified under the "Scope" section (“Data Subjects” or “Relevant Persons”) is used by the data controller, Kaizen Tasarım ve Teknoloji Anonim Şirketi (“Kaizen Technology” or “Kaizen”). The Policy has been prepared in accordance with the relevant provisions of the Personal Data Protection Law No. 6698 (“KVKK”) and the General Data Protection Regulation of the European Union (“GDPR”) to inform and enlighten data subjects. Kaizen Technology, as the data controller, processes your personal data and undertakes to protect the personal data of Relevant Persons within the framework of KVKK, GDPR, and the applicable legislation. 

 

Scope 

 

This Policy covers all personal data, whether fully or partially processed through automated means or non-automated means provided that they are part of any data recording system, belonging to our natural person customers, potential customers, suppliers, and the representatives and employees of customers/suppliers, our employees and job applicants, our company shareholders, company executives, visitors, employees and representatives of the institutions we collaborate with, and third parties. The protection of personal data, the rights of Data Subjects, the observance of these rights, the enlightenment of Data Subjects, and matters related to the processing of personal data constitute the scope of this Policy. 

All employees of Kaizen Technology are expected to adopt this Policy and act in accordance with the principles set forth herein. 

 

Methods of Collecting Personal Data 

We collect your personal data through the following methods and based on one of the personal data processing conditions listed under the "Conditions for Processing Personal Data" section of this Policy: 

  • Directly through forms on our website (www.kaizentech.net), 
  • Automatically through cookies, server logs, and similar technologies, 
  • Kaizen Loyalty Platform, 
  • Social media channels, 
  • E-mail, phone/mobile number, SMS, mail, courier, in-person delivery, contracts, 
  • Customer support interactions, 
  • Business partnerships and collaborations 
  • Through third-party services during job applications, subscriptions, or marketing campaigns. 

 

Our Purposes for Processing Your Personal Data 

 

Your personal data is processed in accordance with the personal data processing principles and conditions set forth under KVKK and GDPR for the following purposes: 

  • To enhance the functionality/performance of the website and platform and to customize, 
  • To detect and prevent fraud, 
  • To respond to Communication or Demo Requests, 
  •  To manage subscription and marketing activities, 
  • To evaluate case studies or other downloads, 
  • To conduct employee and intern recruitment and placement processes; to collaborate with a third-party service provider in managing job applications. 
  • To ensure compliance with legal regulations and legislation, 
  • To provide and improve our services (Kaizen Loyalty Platform), 
  • To fulfill contractual and legal obligations, 
  • To conduct business operations and maintain relationships with customers, business partners, and suppliers, 
  • To fulfill employment contract obligations and legal requirements arising from regulations for employees, 
  • To carry out occupational health and safety activities, 
  • To carry out activities ensuring business continuity, 
  • To conduct performance evaluation and assignment processes, 
  • To provide information to authorized persons, institutions, and organizations, 
  • To conduct workplace disciplinary processes, 
  • To plan, execute, and/or improve human resources processes, 
  • To carry out training activities, 
  • To manage corporate organization and event planning, 
  • To conduct corporate communication processes, 
  • To manage emergency management processes, 
  • To define access permissions, 
  • To carry out finance and accounting operations, 
  • To carry out the marketing processes of products and services, 
  • To manage processes related to company, product, and service loyalty, 
  • To conduct customer relationship management processes, 
  • To perform reporting activities, 
  • To manage the procurement processes of goods and services, 
  • To carry out audit and ethical compliance activities, 
  • To ensure physical space security, 
  • To follow up and manage legal affairs, 
  • To conduct communication activities, 
  • To receive and evaluate suggestions for improving business processes, 
  • To carry out investment processes, 
  • To conduct storage and archiving activities, 
  • To manage administrative operations, 
  • To create and track visitor records, 
  • To conduct internal audit, investigation, and intelligence activities 
  • To ensure information security and manage related processes and projects, 
  • To resolve user issues and provide technical support, 
  • To manage all processes related to websites, including design and security, 
  • To ensure cybersecurity. 

 

Conditions for Processing Personal Data 

Kaizen processes personal data within the scope of KVKK based on one of the following personal data processing conditions: 

  • If it is explicitly stipulated by law, 
  • If it is necessary for Kaizen to fulfill its legal obligations, 
  • If the processing of personal data belonging to the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract, 
  • If the data has been made public by the data subject, 
  • If it is necessary [to process personal data] to protect the life or physical integrity of the data subject or another person where the data subject is physically or legally incapable of giving consent, 
  • If it is necessary for the establishment, exercise, or protection of a legal right, and  
  • If it is necessary for the legitimate interests of the Company, provided that it does not harm the fundamental rights and freedoms of data subjects, or  
  • If the Data Subjects have given explicit consent.  

 

Personal data processed under the scope of GDPR is processed based on one of the following personal data processing conditions: 

  • If the data subject has given consent to the processing of their personal data,  
  • If it is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract,  
  • If it is necessary for Kaizen to comply with its legal obligations,  
  • If it is necessary to protect the vital interests of the data subject or another natural person,  
  • If it is necessary for Kaizen to fulfill a task in the public interest or to exercise the official power vested in it or, 
  • If it is necessary for the legitimate interests of Kaizen or a third party, provided that it does not override the fundamental rights and freedoms of the data subject. 

 

Processing of Special Categories of Personal Data 

 

Special categories of personal data include information related to race, ethnic origin, political opinion, philosophical beliefs, religion, sect, or other beliefs, clothing and attire, association, foundation, or trade union membership, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data. 

Kaizen implements appropriate and sufficient administrative and technical measures to ensure the security and lawful processing of special categories of personal data. These types of data are processed based on one of the following personal data processing conditions: 

  • If the Data Subjects have given explicit consent, 
  • If it is explicitly stipulated in the law, 
  • If it is necessary [to process personal data] to protect the life or physical integrity of the data subject or another person where the data subject is physically or legally incapable of giving consent, 
  • If it is related to personal data that has been made public by the data subject and is in accordance with their intention to disclose it, 
  • If it is necessary for the establishment, exercise, or protection of a legal right, 
  • If it is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment, and care services, or the planning, management, and financing of healthcare services, provided that it is carried out by persons or authorized institutions and organizations subject to confidentiality obligations, 
  • If it is necessary for fulfilling legal obligations in the fields of employment, occupational health and safety, social security, social services, and social assistance. 

 

Categories of Processed Personal Data 

 

As Kaizen Technology, we collect personal data of Data Subjects in the following categories: 

  • Identity: Name, last name, birth date etc. 
  • Communication Details: E-mail address, phone number, address etc. 
  • Employment Records: Payroll information, disciplinary investigation records, employment entry-exit documents, resume details, performance evaluation reports, etc. 
  • Legal Transaction: Information contained in case files, details included in correspondence with judicial authorities. 
  • Customer Transaction: Information such as records related to loyalty platform usage and interactions, invoice, promissory note, check details, order information, request details. 
  • Physical Space Security: Information such as the entrance-exit records of employees and visitors, and camera records. 
  • Transaction Security: IP address, login records, security logs, browser type, operating system, device type, cookies, and interaction data. 
  • Marketing and Sales Data: Communication preferences, feedback, survey responses, etc. 
  • Professional Experience: Information such as diploma information, courses attended, on-the-job training information, certificates, transcript information, sector and details of the company. 
  • Finance: Information such as balance sheet information, financial performance information, loan and risk information, and information on assets. 
  • Health Data: information on disability status, blood group information, personal health data etc. 
  • Criminal Conviction and Security Measures: Information such as information on criminal convictions, and information on security measures. 

 

Transfer of Personal Data 

 

Personal data may be shared with the following domestic or international individuals and organizations in accordance with the purposes specified in this Policy and in compliance with KVKK and GDPR requirements: 

  • Kaizen affiliates and/or branches, 
  • Legal and regulatory authorities, in compliance with applicable laws, 
  • Financial and tax advisors, auditors, and legal consultants, 
  • Marketing and advertising partners, 
  • Authorized public institutions and organizations, 
  • Kaizen business partners, customers, and suppliers,  
  • Third-party service providers. 

 

Personal data may be transferred domestically provided that appropriate and sufficient security measures are in place and that one of the personal data processing conditions specified under the "Conditions for Processing Personal Data" and "Processing of Special Categories of Personal Data" sections of this Policy is met.  

For international data transfers, the cross-border personal data transfer mechanisms of KVKK and GDPR are applied, and the principles and rules established for international data transfers are strictly followed. 

 

We Prioritize the Privacy and Security of Your Personal Data 

 

Kaizen Technology takes all necessary technical and administrative measures to ensure an appropriate level of security to prevent the unlawful processing of personal data, unauthorized access to personal data, and to ensure the lawful storage of personal data. Kaizen maintains, processes, and ensures the security of personal data in accordance with its Information Security Policy and, without limitation, the following methods and principles, ensuring that data remains accurate and up to date: 

  • Encouraging innovative and creative approaches, 
  • Enhancing the technical and behavioral competencies of our employees, 
  • Measuring the performance of our processes and ensuring continuous improvement, 
  • Considering potential risks and opportunities to achieve the highest performance in our processes, 
  • To share all our knowledge and expertise to support the development and growth of our customers through our experiences and technology solutions, 
  • Establishing partnerships with our stakeholders based on trust and mutual benefit, 
  • Providing sustainable and secure products, solutions, and services that comply with national/international regulations and standards affecting our products and services, 
  • Ensuring the confidentiality, integrity, accessibility, and security of personal data, 
  • Fully complying with all legal regulations and contractual obligations related to information security and privacy, 
  • Producing, making accessible, and storing information in full compliance with legal requirements, 
  • Systematically managing risks associated with information assets, 
  • Implementing the most up-to-date and high-tech security controls, 
  • Ensuring the continuity of operational and support business activities with minimal disruption, 
  • Raising awareness of information security and privacy among all stakeholders, 
  • Maximizing employee compliance with awareness, security, and privacy requirements, 
  • Retaining personal data only for as long as necessary for processing purposes, 
  • Considering applicable personal data protection legislation and regulations in the development and maintenance of information security and privacy policies, 
  • Organizing training programs to enhance technical and behavioral competencies and increase awareness of information security and privacy. 

Kaizen exercises the utmost care in determining the data processor when personal data is processed on its behalf by another natural or legal person. Additionally, Kaizen shares joint responsibility with data processors for implementing the measures specified in this Policy. 

Kaizen conducts or commissions internal audits to ensure compliance with KVKK and GDPR requirements and, whenever possible, also audits data processors. 

If personal data is unlawfully obtained by unauthorized parties, Kaizen notifies the relevant authorities within a maximum of 72 hours. 

 

Rights of Data Subjects 

If you are accessing our website from Türkiye, you have the following rights under Article 11 of the KVKK: 

  • Learning whether their personal data are processed, 
  • If personal data are processed, requesting information on such processing, 
  • Learning the purpose of the processing of the personal data and whether such collected data are used for the intended purpose, 
  • Learning the identity of third parties to whom personal data are transferred in or out of the country, 
  • Requesting rectification of any personal data which is processed incompletely or inaccurately, and Requesting erasure or destruction of personal data in line with Article 7 of the KVKK, 
  • In the event the reasons for processing personal data cease to exist, although such data had been processed in compliance with the Law, requesting personal data to be erased or destroyed, and requesting third parties to whom their personal data were transferred to be informed of this operation, 
  • Filing an objection against an outcome which is against their interest, as a result of analysis of the processed personal data solely through automated systems, 
  • Claiming compensation of any damages suffered as a result of unlawful processing of the personal data, 
  • Withdrawing the explicit consent given for the processing and/or transfer of personal data. 

 

If you are accessing our website from European Union countries, you have the following rights under Chapter 3 of the GDPR: 

  • Being informed about data processing activities, 
  • Accessing your processed personal data and information regarding the processing activity, 
  • Requesting the rectification of your personal data, 
  • The right to be forgotten (erasure), 
  • Request the restriction of personal data processing activities, 
  • Requesting that third parties to whom your personal data has been transferred be informed of the rectification, erasure, or restriction of processing of your personal data, 
  • Data portability, 
  • Objection; and  
  • The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. 

In order to exercise the rights mentioned above, you must submit your requests to Kaizen in writing, along with information that enables the verification of your identity, by sending an email with a secure electronic signature to Kaizen’s registered electronic mail (KEP) address [email protected] or to [email protected] with the subject line stating “Information Request Pursuant to the Law on the Protection of Personal Data and/or the General Data Protection Regulation”. 

 

Amendments to our Policy 


This Policy regularly reviewed and updated when necessary. The latest version is available on our website. Any changes will be published on the website and will be deemed effective upon publication. 

 

Contact Us 

 

If you have any questions or concerns regarding this Policy, you can contact us: 

E-mail: [email protected] 

Address: Reşitpaşa Mah. Katar Cad. İTÜ ARİ Teknokent 4 Binası Blok No: 2/50 İç Kapı No: 6 Sarıyer / İstanbul