CROMS - Core Resources and Operations Management System

CROMS Personal Data Protection and Processing Policy

1. Data Controller Identity

This disclosure text has been prepared by CROMS, acting as the data controller within the scope of the Personal Data Protection Law No. 6698 ("KVKK"), in order to explain our obligations regarding the protection of personal data and the rights of users.
Data Controller Contact Information:

• Company: Endurans Technology Inc.
• Website: croms.com.tr
• E-mail: info@croms.com.tr
• Address: Hacettepe Teknokent, Üniversiteler Mh. 1596 Cd. No:6-E/6, Çankaya, Ankara, TURKEY

2. Purposes of Collecting Personal Data

Users' personal data is collected and processed for the following purposes:

• To carry out the necessary processes to benefit from the services offered through our website,
• To improve user experience,
• To fulfill our legal obligations within the scope of the relevant legislation,
• To inform about our products and services, to inform about campaigns,
• To manage customer relations and respond to their requests.

3. Processed Personal Data and Its Scope

As CROMS, the personal data we may obtain from you may include the following:

• Identity Information: Name, surname, Turkish identity number
• Contact Information: E-mail address, telephone number
• User Transaction Information: IP address, browser information, cookie data
• Financial Information: Credit card information (encrypted with secure payment systems), invoice information
• Other Information: Correspondence with customer services, user feedback.

4. Personal Data Collection Method and Legal Reason

Personal data is collected through information that the user shares directly with us, data automatically collected during website visits, and information obtained from third-party providers. Data processing is carried out in accordance with the legal reasons specified in Articles 5 and 6 of the KVKK:

• Necessary for the performance of the contract,
• Clearly provided for in the laws,
• Mandatory for our legitimate interests,
• Explicit consent of the user.

5. Purposes of Processing Personal Data

The collected personal data is processed for the following purposes:

• Providing our services and improving the quality of these services,
• Providing user-specific content and advertising,
• Carrying out transactions in accordance with legislative requirements,
• Ensuring user satisfaction and conducting customer service processes.

6. Transfer of Personal Data

Your personal data may be shared with the following parties:

• Our business partners and service providers,
• Public institutions and organizations in accordance with legal regulations,
• Third parties processing data (e.g. hosting and infrastructure providers)
• Data can only be transferred domestically and internationally within the framework of Articles 8 and 9 of the KVKK.

7. Storage Period of Personal Data

Your personal data will be stored for the period necessary for the purpose for which they are processed. After the storage period expires, your data will be deleted, destroyed or anonymized in accordance with the legislation.

8. Rights of the Data Owner (Article 11 of the KVKK)

As personal data owners, you have the following rights in accordance with Article 11 of the KVKK:

• Learning whether your personal data is being processed,
• Requesting information about it if it has been processed,
• Learning the purpose of processing the data and whether it is being used in accordance with its purpose,
• Knowing the third parties to whom the data is transferred domestically or abroad,
• Request correction of incomplete or incorrectly processed data,
• Request deletion or destruction of personal data,
• Request notification of third parties to whom data is transferred in the event of correction, deletion or destruction of data,
• Object to a result that is detrimental to you as a result of the analysis of processed data by automated systems,
• Request compensation for damages in the event that you suffer damages due to data processed in violation of the law.

9. Data Security Measures

CROMS implements technical and administrative measures to ensure the confidentiality, integrity and security of personal data. In this context:

• Your data is protected by encryption methods,
• Access permissions are limited and controlled,
• Firewalls and antivirus software are used.

10. Response to Data Owner Requestsreci

If data owners submit their requests to the data controller in writing or through other methods determined by the Personal Data Protection Board, the requests will be finalized within 30 days at the latest. You can use the following communication channels for your requests:

• E-mail: info@croms.com.tr
• Address: Hacettepe Teknokent, Üniversiteler Mh. 1596 Cd. No:6-E/6, Çankaya, Ankara, TURKEY

11. Updates and Changes

CROMS may regularly review this KVKK text in accordance with current legislation and company policies. Any changes to be made will be announced on our website.