This Privacy Policy explains how personal data is processed on the Durgan Interact platform provided by Durgan Bilişim Ticaret Limited Şirketi. It is intended as a general notice for account users, customer representatives, recipients and people who respond to interactions through the platform.
1) Controller and processor roles
Durgan Bilişim may act as a data controller for data it processes for its own purposes, such as account creation, user management, payment, support, security and service operation. For recipient lists, contact details, interaction content and responses uploaded by customers, Durgan Bilişim generally acts as a platform provider/data processor acting under the customer's instructions. The customer determines why such data is collected, which legal basis applies and what notice must be given to recipients.
2) Categories of processed data
- Account and user data: Name, surname, email, password hash, role/permission information, language and time zone preferences.
- Company and billing data: Legal title, short name, tax number, tax office, address, phone, email, website and representative.
- Recipient and contact data: Name, identifier, email, phone, alternative contact details and recipient-specific parameters uploaded by the customer.
- Interaction data: Notification content, response forms, questions, answers, sending status, error logs and result reports.
- Files and attachments: Receipts, support request attachments, image parameters, template images or other files uploaded by the customer.
- Technical data: IP address, transaction time, session information, browser/device information, system logs and API key usage records.
- Financial transaction data: Plan, credit, payment notice, receipt name and payment request status.
3) Purposes of processing personal data
- Creating platform accounts, authentication and user authorization.
- Creating interactions, sending notifications, collecting responses and reporting results.
- Running account, plan, credit, payment notice and billing processes.
- Receiving support requests, investigating issues and maintaining customer communication.
- Security, abuse prevention, error analysis, logging and audit activities.
- Meeting retention, notification and competent authority request obligations arising from law.
- Improving service quality, developing the product and performing statistical analysis.
4) Legal bases
Personal data may be processed on legal bases such as establishment and performance of a contract, compliance with legal obligations, establishment/exercise/protection of a right, legitimate interest, service security provided that fundamental rights and freedoms are not harmed, and explicit consent where required. For recipient data processed by the customer, the customer is responsible for determining the appropriate legal basis and informing the data subjects.
5) Data collection methods
Data is collected through registration forms, account/billing forms, file uploads, API integrations, interaction response forms, support forms, payment notices, system logs, email sending infrastructure and user actions on the platform by automated or partially automated methods.
6) Recipient data and customer responsibility
The customer confirms that recipient data uploaded to the platform has been obtained lawfully, that required notice and permission processes have been completed, and that all relevant obligations including commercial electronic message rules are fulfilled by the customer. Durgan Bilişim does not independently verify the legal relationship or communication permissions for people in the customer's recipient lists.
7) Commercial electronic messages and opt-out rights
The platform may allow customers to send notifications by email and by other channels that may be activated in the future. For messages that qualify as commercial electronic messages, obtaining prior consent, managing Message Management System processes, handling opt-out requests and keeping permission records are the customer's responsibility.
8) Data transfers
Personal data may be transferred to suppliers providing hosting, security, email sending, technical support, file storage, backup, accounting and consultancy services; to banks; to competent public institutions and organizations; and to lawyers and competent authorities for resolving legal disputes. Some technical services, such as email sending and cloud infrastructure, may involve systems located abroad. In such cases, transfer processes are carried out considering the safeguards required by applicable legislation.
9) Retention and deletion
Personal data is retained for the period necessary for the processing purpose and for limitation, retention and evidentiary periods required by applicable legislation. When the period expires or the processing conditions no longer apply, the data is deleted or destroyed. Security and dispute records may be retained longer to the extent required by legal obligations.
10) Security measures
Durgan Bilişim applies reasonable technical and administrative measures such as authorization, access control, encryption/masking, logging, backup, security updates and segregation of duties. However, no electronic system can provide an absolute security guarantee. Customers and users are responsible for using strong passwords, not sharing access information with unauthorized persons and reporting suspicious situations.
11) Cookies and local storage
The platform may use cookies, session information or browser local storage for mandatory purposes such as maintaining sessions, language preference, user experience, security and authentication. If non-essential analytics or marketing cookies are used, appropriate notice and preference mechanisms are provided in line with applicable legislation.
12) Data subject rights
Under Law No. 6698 on the Protection of Personal Data, data subjects have the right to learn whether their personal data is processed, request information if processed, learn the purpose of processing and whether it is used in accordance with that purpose, know third parties to whom it is transferred, request correction of incomplete or inaccurate data, request deletion or destruction where conditions apply, object to adverse results arising from analysis exclusively by automated systems, and claim compensation if they suffer damage.
13) Application method
You may send requests relating to processes where Durgan Bilişim acts as data controller to support@durganbilisim.com. For requests made by the customer's recipients or interaction responders, the request may need to be directed to the relevant customer as the primary data controller.
14) Children's data
The platform is not designed as a service directly aimed at children. If the customer creates a use case requiring processing of children's data, the customer must obtain parent/guardian approval and meet the relevant special legal obligations.
15) Policy changes
This Privacy Policy may be updated due to changes in legislation, service or security needs. The current text becomes effective when published on the platform.