Privacy Policy and Personal Data Protection Notice

The purpose of this Privacy Policy and Personal Data Protection Notice (“Notice”) is to set forth the terms and conditions for the use of any personal data obtained from the users (“User”) during the use of the IPMS® Web Application “online.deris.com.tr/renewals” (“Web Application”) and/or provided to the Company by the Users of services in connection with the renewals of trademark and design registrations and/or payment of the annuities of patent applications or grants (“Services”) before the Turkish Patent and Trademark Office (TURKPATENT,) provided by DERİŞ PATENT VE MARKA ACENTALIĞI A.Ş. (“Company”), in its capacity as the Service Provider, via the Web Application.

Which Personal Data is Processed?

This heading covers which personal data is regarded as personal data pursuant to the Personal Data Protection Act, and is processed within the scope of the Services provided by the Company. Unless expressly stated otherwise, the term ”Personal Data” defines the following information under the terms and conditions contained in this Notice. The following data that is provided in digital media during the membership login by the User is collected.

• Name, surname, e-mail address, phone number, company details, tax details, address details,
• Data required for the payment transaction.

The Company may obtain information on the User's use of the Web Application by using cookies, which are a technical communication file. The following data is collected from cookies to identify your access to the services provided on the Web Application, and your usage habits.

• Browser Type
• IP
• Operating System
• Viewed Pages
• Duration of Viewing

Pursuant to Articles 3 and 7 of the Law on the Protection of Personal Data, data that is irrevocably anonymized shall not be considered as personal data in accordance with the provisions of said law and the processing activities related to this data shall be performed notwithstanding the provisions of this Notice.

For What Purposes We Use Your Data?

The Company may use the personal data provided by the User as well as the new data generated by the Company by making use of such personal data, to enable Users to benefit from the Web Application, to provide and improve the services provided on the Web Application, to serve to the purposes of use of the personal data set forth in this Notice and the User Agreement and to accomplish such purposes, to fulfill the obligations arising from the nature of the Services and to fulfill all kinds of legal obligations.

The Company may obtain information on the User's use of the Web Application by using cookies, which are a technical communication file, in this context, may process data, and may transfer data to third parties for the purpose of being processed within the scope of analysis services provided by third parties, for being used only to the extent required by such analysis services. The afore-mentioned technical communication files are small text files sent by the Web Application to the User's browser to be stored in the main memory. The technical communication file facilitates the use of the Internet by storing status and preference settings about a web Application. The technical communication file is designed to obtain statistical information about how many people use the Web Application with temporal proportioning, with which purpose, how many times a person visits the Web Application, and how long they stay, and to help create content specifically designed content for the Users, and is used for these purposes. The technical communication file is not intended to receive any personal data other than from the main memory. Most browsers are primarily designed to accept the technical communication file, but if they wish, users can always change the browser settings for not to get technical communication file or to get the warning message when the technical communication file is sent.

With the purpose of describing and solving the system problems immediately, the Company shall identify and use the IP addresses of the Users, when necessary. IP addresses can also be used for the purpose of identifying the Users in general terms and collecting comprehensive demographic data.

Who can Access Your Data?

The Company may share the personal data provided by the User as well as the new data generated by the Company by making use of such personal data with the outsourced service providers in order to enable the provision of the Services, the performance of the User Agreement and the Services, the enhancement of the User's experience, the development of the Services and the accomplishment of any purposes specified under the heading “For What Purposes We Use Your Data” of this Notice. The Company will be able to share the personal data provided by the User with the respective Contractors that will provide the Services for the performance of Services and the outsourced service providers that will be used for the performance of the User Agreement and the Services, provided that the personal data is used to the extent specified, in connection with, limited to and proportionate to the purposes for which data is processed. The Company shall also be able to process and share the data with third parties, without seeking explicit consent from the User as per Articles 5 and 8 of the Law on the Protection of Personal Data and / or in the event that the exceptions set forth in the relevant legislation exist. The primary ones of these conditions are stated herein below:

• It is clearly provided for by the laws,
• It is mandatory for the protection of life or physical integrity of the person or of any other person who is bodily incapable of giving his consent or whose consent is not deemed legally valid,
• Processing of personal data is necessary provided that it is directly related to the conclusion or fulfillment of a contract, including the User Agreement,
• It is mandatory to be able to perform the legal obligations,
• The data concerned is made available to the public by the User himself/herself,
• Data processing is mandatory for the establishment, exercise or protection of any right,
• It is mandatory for the legitimate interests of the Company, provided that this processing shall not violate the fundamental rights and freedoms of the User.

Limited to the fulfillment of the above mentioned purposes, the Company has the right to transfer the personal data to servers located anywhere in the world outside the User's country of residence (the servers may belong to itself, its affiliates, subcontractors or outsourced service providers) in order to receive hosting services.

About Your Right of Access to Your Data and Correction Requests

The User has the right to apply to the Company:

• to learn whether his/her personal data are processed,
• to request information if his/her personal data are processed,
• to learn the purpose of processing his/her data and whether this data is used for intended purposes,
• to know the third parties to whom his/her personal data is transferred at home or abroad,
• to request the rectification of the incomplete or inaccurate personal data, if any,
• to request the deletion or destruction of his/her personal data under the conditions laid down in the relevant legislation,
• to request notification of the corrections, deletions and destruction carried out in compliance with the relevant legislation to the third parties to whom his/her personal data has been transferred,
• to object to the emergence of an unfavorable result for him/her by means of analyzing the processed data exclusively through automated systems,
• to request compensation for the damage arising from the unlawful processing of his/her personal data.

The user shall be able to direct the above mentioned requests to the address “renewals@deris.com“ in writing. In accordance with the above requests, the Company may send its reasoned positive/negative reply in writing, or via digital media. It is essential not to charge any fees for the necessary transactions performed for the requests. However, if the transactions incur a cost, it may be possible to charge a fee on the tariff determined by the Personal Data Protection Board in accordance with Article 13 of the Law on the Protection of Personal Data. The user undertakes that his or her information subject to this Notice is complete, accurate, and up-to-date, and that he/she shall immediately update them if there is any change in this information. The Company will not have any responsibility if the User has not provided up-to-date information.

Retention Period of Personal Data

The Company shall keep the personal data provided by the User during the provision of the Services in order to enable the User to benefit from the Web Application, and to provide the services offered herein, for the purpose of fulfilling the obligations specified in this Notice and User Agreement and arising from the nature of the Services. Furthermore, in case of any dispute arising from the User Agreement, the Company shall be able to keep the personal data, limited to the purpose of ensuring that the necessary defenses are put forward under the dispute, and during the period of limitations specified pursuant to the relevant legislation.

Our Precautions and Commitments for Data Security

The Company undertakes that the personal data, transmitted electronically through the Web Application, which are defined in the relevant legislation, or expressed in this Notice,

• shall not be processed unlawfully,
• shall not be accessed unlawfully, and
• that the Company shall take necessary technical and administrative measures to provide a sufficient level of security in order to ensure the retention of the personal data, and have necessary inspections conducted.
• The Company may not disclose the personal data obtained about the Users to anyone in breach of the provisions of this Notice and the Law on the Protection of Personal Data and may not use such data for purposes other than processing. In the case where links to other applications are provided in the Web Application, the Company does not bear any responsibility for the privacy policies and contents of the applications.

Permission to Contact

Upon acceptance of the Company's User Agreement and this Notice, you will give permission for the collection, retention, processing, use, transfer of your personal data which you consent to be shared with the Company, for the purpose of providing all kinds of electronic communications and other communication messages for providing the services offered in the Web Application. These personal data will be shared with the Company and all its subsidiaries and affiliates as well as with the third parties at home and / or abroad with which we have a contractual relationship. Users accept and declare that they give consent to such use and retention of their personal data by the Company. The Company shall take all necessary measures to safeguard such personal data, and to prevent unauthorized access and unlawful data processing, in accordance with Article 12 of the Law No. 6698 on Protection of Personal Data.

Amendments to the Notice

The Company may amend the provisions of this Notice at any time by means of being published on the Web Application. The provisions of the Notice made by the Company shall be effective on the date of publishing. Each time the User logs in the Web Application, he / she will be deemed to have accepted the updated articles of Notice.

Settlement of Disputes

This Notice is subject to the Laws of the Republic of Turkey. The Istanbul Courts shall have jurisdiction in all disputes arising out of or in connection with this Notice.