Each year we, as Cloud Markethink ("Cloud Markethink", "We", "Us" or "Host"), bring together the companies ("companies") and attendees ("attendees") from dozens of countries who operate in the cloud sector, at Cloud Markethink GLOBAL ("event"), the largest sectoral networking event in the Eurasia.
As Cloud Markethink, we attach great importance to the protection of personal data of all natural persons and data subjects ("You") that we have contacted in any way, while carrying out our activities. Since our event is international we are devoted to comply with the Data Protection Act 2018 ("DPA 2018”), as well as General Data Protection Regulation ("GDPR") of the EU.
This policy does not apply to third-party websites of companies and sponsors which are presented on our website as links. We cannot guarantee the reliable and secure processing of your personal data by those third party organizations. We highly encourage you to review the privacy statements of these websites before using them.
As Cloud Markethink, we take all necessary administrative and technical measures within our company for the protection and security of personal data.
Cloud Markethink aims to process personal data of natural persons in accordance with DPA 2018 and GDPR and relevant legislation provisions in Turkey and the in the EU.
We state that personal data, that you have submitted to our Company and/or obtained by our Company are recorded, stored, protected, reorganized and transferred at home or abroad under the conditions stipulated by DPA 2018, GDPR and related legislation. We may share personal data with public organizations if required by law. It is your obligation to provide accurate and up-to-date data. We keep your submitted personal data as accurate and up-to-date as possible as a "Data Controller".
This Policy concerns all your personal data, that are processed either by automated means or non-automated means as a part of our data filing system. The data obtained from you in accordance with your consent or other lawfulness cases listed in the Law will be used for the purpose of providing you the best experience that you should get from our events, increase the quality of the services we provide.
C. WHICH PRINCIPLES DO WE FOLLOW?
Cloud Markethink processes personal data in accordance with the procedures and principles stipulated in DPA 2018, GDPR and other relevant legislation (Article 4 of the DPA 2018, Article 5 of the GDPR) :
1. Fairness and lawfulness: Cloud Markethink questions the source of the data it collects or comes from other companies and places importance on obtaining them within the framework of lawfulness and good faith.
2. Accuracy and up-to-dateness: Cloud Markethink pays attention to the fact that all the data we process is accurate and does not contain false information under available conditions. Personal data is updated when necessary and when it is possible. We consider your statement of your personal data to be true. We are not obliged to investigate the accuracy of the data declared by our data subjects.
3. Purpose limitation: Cloud Markethink processes data only for purposes that it offers and receives consent from people during service. It does not process, use and make use of data other than for business purposes.
4. Data minimization: We do not collect data that we do not require. Information that is not required for the purpose is either not recorded in the system or it will be deleted or anonymized. These data can be used for statistical purposes. The data collected are sufficient, appropriate and limited to what is required for the purposes for which they are processed.
5. Storage Limitation: We preserve personal data within the scope of retention periods stipulated in DPA 2018 and GDPR, and the requirements of commercial and tax law. However, when these aims disappear, we review whether the purpose of processing data remains. As a result of this review, we may continue the processing of the data within regulatory limits, or we may delete, anonymize or destroy it according to DPA 2018 and GDPR. Personal data may be stored for longer periods, subject to the application of appropriate technical and regulatory measures required in accordance with the DPA 2018 and GDPR, as long as the data is processed for statistical purposes and to guarantee the rights and freedoms of the data subject.
6. Confidentiality: We respect the confidentiality of personal data. No one may use, copy, duplicate, transfer to others, or use for other than business purposes this data without agreement or law compliance and for purposes other than those set by Cloud Markethink. Only authorized people can access personal data within the company. All necessary technical and administrative measures are taken to protect the personal data collected and to prevent unauthorized access and the data subject to suffer. In this context, we comply with software standards and carefully select the third parties. We require third parties that we share personal data to be in accordance with the laws.
7. Accountability: As a data controller, we are responsible for acting in accordance with the principles and rules set out above, and this policy makes it visible that we act in accordance with these principles and rules.
These principles are effectual for the data we collect with or without your explicit consent.
D. WHOSE DATA WE PROCESS?
We process personal data of our representatives of sponsors, customers and participating organizations, as well as personal data of our employees, attendees, third party service providers and as such.
E. WHY DO WE COLLECT YOUR DATA?
We will collect your personal data for the purposes listed below:
1. For Event Registration
You are required to register in order to attend and participate our events. We store your data to avoid repeating of logging to our site, to use when you need to contact with us, to allow you take part in our networking events, for the reasons related to the execution agreements, billing and payment and for general evaluation of our services.
For this purpose, your IP address, name, surname, company name, company position, e-mail address, country and phone number will be processed. Your personal data will be processed upon your consent. For both of our digital and physical activities we require your accurate and true personal information for confirmation and security purposes. In that regard, you will not be able to attend our events if you do not give your open consent. This requirement is only binding for your registration. You are free to give or not to give your open consent for sharing your information with third parties.
We may share your personal data with other attendees, companies and sponsons that take part in our events, as well as third party software service providers within or without Turkey and/or European Union. Our digital events are held on "Hubilo" Online Event Management platform ("Hubilo") which acts a "data processor" in this case.
We carefully select third parties that we share data and establish proper measures to secure the transfer of data in accordance with the law.
2. For Attending Our Events
As a registered user, you will be able to attend various meetings, seminars and webinars, as well as visit stands and get in touch with your peers. As an attendee to our networking events, you are required to provide accurate and true information such as name, surname country, company name and company position, as well as a real profile picture.
3. For Statistics and Profiling
We also collect statistics on your attendance and use of our Sites and Services as well as collect and process data shared on open and internet sources for business purposes.
For this purpose, we collect information such as your company name, job title, company position, country, meetings and activities that you have attended. For compliance with the law we anonymize such statistical data such that they can no longer be related to any individual and you.
4. For Further Communication
You can contact our team members via email or provide your e-mail so that we can inform you about future events, activities and services as well as enabling you to provide your thoughts, comments and complaints. For communication purposes we will process your name, surname and email address.
5. For Promotional and Information
We design our events to allow attendees and organizations to meet their peers and enhance their networks within the Cloud sector, during and after.
We will also process your name, surname, email address, company name and company position to provide you with messages and emails from our Gold sponsors, about their products and activities. In this case no personal data will be shared with the Gold sponsors and we will play an intermediary role to forward you such messages, including promotions and information. You may unsubscribe from the mailing list and SMS messaging at any time you want.
We may also send you SMS messages and emails about upcoming event, new services and other related topics as a company.
In each of these occasions you are free not to give your consent for promotional and informational messaging and emailing, and also opt out even if you had given your consent in the past. In case you are concerned, you can object at any time against promotional communication using the cancellation link provided within e-mails, block such e-mails or inform us by contacting us. In such case we will also inform relevant parties to cease their promotional and informational activities directed to you.
6. For Advertisement Purposes
We use general advertisements about Sites, Platforms and our Service. We do not collect personal data for advertisement purposes.
7. For Legal Obligations
Personal data may be processed without prior approval, if the processing is clearly stated in the relevant legislation or for the fulfillment of a legal obligation determined by the legislation. The type and scope of data processing must be necessary for the legally permitted data processing activity and comply with the relevant legal provisions.
8. For establishment of Agreements
If a contractual relationship is established with attendees and componies, the personal data collected can be used without the consent of the customer. However, this use takes place for the purpose of better execution of the agreement and the requirements of the service and it is updated by contacting the customers when necessary.
9. For Employees
Cloud Markethink ensures the privacy and protection of its employees' data.
Cases That Do Not Require Explicİt Consent:
The personal data of our employees can be processed in the following situations and in other situations stipulated by law, without the approval and explicit consent of the employee.
Legal Obligations: Employee's explicit consent is not applied for personal data processed in order to fulfill the obligations specified in the Labor Law, Occupational Health and Safety Law and similar laws that regulate the business relationship between Cloud Markethink and its employees.
Transactions for the Benefit of Employees: Cloud Markethink can process personal data without obtaining approval for transactions for the benefit of company employees such as private health insurance. Cloud Markethink can also process employee data for disputes arising from business relationships.
Data Processed by Automated Systems We may organize lottaries among some of our attendees. In that case your personal data may be processed by automated systems to decide the winners.
Assigned Devices and Services
Company assign computers, phones, e-mail and other devices, services and applications to its employees only to be used for business purposes. The employee cannot use any of the tools that the company has allocated to it for private purposes and communication. The company has the right control and examine all data on these types of equipment. The employee undertakes that he/she will not have any other data or information other than work on the computer, telephones or other tools allocated to him/her from the moment he/she starts work.
11. Processing of Minors' Data
Our Site and Services are not designed for use under the age of 18. For this reason, Cloud Markethink does not process data for people under the age of 18.
E. WHO DO WE SHARE YOUR DATA WITH?
Cloud Markethink shares the personal data under its responsibility in the context of business efficiency, execution and integration of basic services, business continuity, the fulfillment of legal obligations, online event management and similar business requirements.
1. With Service Providers
Cloud Markethink shares data as a result of its use of SaaS (Software as a Service) applications, email, server, social media and similar service providers. Such service providers provide services in the status of data processor or sub-data processor according to the nature of the service and job. Cloud Markethink carries out the necessary checks and ensures the necessary legal commitments to ensure that such organizations and services from which it receives service as a data controller also fulfill the obligations specified under the DPA 2018 and GDPR. In this context,
- 1. We share all the personal data collected for digital events on Hubilo, a SaaS platform located in India.
- 2. We share data With Microsoft, for office and e-mail services,
- 3. With our Financial Consultant, for accounting business and transactions,
- 4. With Twitter, Instagram (Facebook) and Linkedin for social media presence of our events,
- 5. With Whatsapp (Facebook), used for instant messaging in business relationships between our attendees and participating organizations,
- 6. With Dropbox and Google Drive, used for the sharing of large files for business purposes,
- 7. With Google and Apple, which provide mobile and desktop OS and related services used in daily transactions,
2. With Cookie Providers
3. With Public Institutions and Judicial Authorities
Cloud Markethink will share your personal data with public institutions and with regard to business, transactions and lawsuits concerning judicial processes with judicial authorities in order to fulfill its obligations as required by the law.
4. With Our Sponsors
We share your data with diamond sponsors, and allow all attendees to see and observe personal of other participants with a commitment to data confidentiality and obliging third parties are to take needed measures to ensure data security.
5. Transfer of Personal Data Abroad
Cloud Markethink has the authority to transfer personal data abroad within the conditions determined by DPA 2018 and GDPR, in accordance with the other conditions in the Law and depending on the explicit consent of the person.
Our digital events are held by using technology provided by Hubilo, a brilliant and capable event management SaaS application, whose servers are located in India. And our headquarters are in Turkey.
In that regard as a EU resident we process your personal data in Turkey, USA and India. All three countries are not regarded as countries with adequate protection in line with GDPR. And therefore we need your explicit consent for transfer of your data to these countries.
And as a Turkish citizen we process your personal data in India and USA, which again are not regarded as countries with adequate protection in line with DPA 2018. Therefore we need your explicit consent for transfer of your data to these two countries.
Cloud Markethink elaborates to take relevant measures stipulated by the law, for data transfers made to countries which are not yet authorized to have adequate level of protection yet. Cloud Markethink transfer personal data to its international suppliers only within the limits the purpose of the services provided to carry out its commercial activities.
F. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
Cloud Markethink acknowledges that the data subject has the right to give his/her explicit consent before and to determine the fate of his data during and after processing of his/her data under the DPA 2018 and/or GDPR.
The data subject has the rights listed below according to the Article 11 of the DPA 2018 and the Article 15 etc. of the GDPR. In order to facilitate the exercise of these rights, an application form is also prepared by Cloud Markethink and presented to you on your web page.
Data subjects whose personal data are processed,
1. According to DPA 2018
if they are citizens of the Republic of Turkey or they are in Turkey during the data processing have the following rights within the scope of the DPA 2018,
- 1. To learn whether your personal data is processed or not,
- 2. To demand information on the processing of personal data,
- 3. To learn the purpose of the processing of your personal data and whether these personal data are used in compliance with the purpose,
- 4. To know the third parties to whom your personal data has been transferred at home or abroad,
- 5. To request the rectification of the incomplete or inaccurate data, if any, and to request notification of the transaction in this context to third parties to whom your personal data has been transferred,
- 6. Although it has been processed in accordance with the provisions of DPA 2018 and other relevant laws, within the framework of the conditions stipulated in article 7 of the DPA 2018, to request the deletion or destruction of your personal data if the reasons requiring its processing are no longer valid and to request notification of the transaction in this context to third parties to whom your personal data has been transferred,
- 7. To object to the occurrence of a result against you by analyzing the data processed solely through automated systems,
- 8. To claim compensation for the damage arising from the unlawful processing of your personal data.
2. According to GDPR
Data subjects in the European Union at the time of processing have the following rights under the GDPR.
- 1. To confirm whether personal data related to him/her has been processed,
- 2. To request access to the processed personal data,
3. To request information
- • regarding processing purposes,
- • personal data categories,
- • recipient and recipient categories, especially in countries and organizations outside the EU where personal data will be shared,
- • duration of processing personal data, if possible or if this is not possible, the criteria used to determine the duration about the processed personal data
- 4. To request correction of the processed personal data,
- 5. To request the completion of the missing part of the processed personal data,
- 6. To request restriction or deletion of processing of processed personal data,
- 7. To object against the processing of personal data and profiling,
- 8. To complain to a supervisory authority,
- 9. To learn the data source in cases where personal data are not obtained from him/her,
- 10. To be informed about the assurances that provide data security in case of transfer to countries and international organizations outside the EU,
- 11. To request a copy of personal data processed in a structured, widely used and easily readable format with any device, provided not to restrict the rights and freedoms of third parties,
- 12. To request the transfer of personal data to another data officer,
- 13. To request correction or deletion of incorrect personal data immediately (Except the right to delete the data given to the data controller under GDPR m.17) and/or to request that data processing be restricted until the accuracy of the data is provided,
- 14. To demand not to be included in the decision processes given automatically as a result of automated processing activities.
As Cloud Markethink, we respect these rights as the data controller without prejudice to our rights and exceptions arising from DPA 2018 Law and GDPR.
However, data subjects do not have any sort right of rights related to anonymized data within the Company. Cloud Markethink may share personal data in accordance with the business and contractual relationship with the relevant institutions and organizations for the purpose of a judicial duty or state authority to exercise its Legal powers.
G. YOUR REQUESTS AND APPLICATIONS
Data subjects will be able to submit their requests to the company, regarding their rights mentioned above by completing the application form, which they can obtain from our Site, signing it with a wet signature and sending it with registered letter with return receipt mail and with identity card photocopy (for the identity card, with a front copy only). Your applications will be answered as soon as possible according to the content of your application or within 30 days at the latest after reaching us. You must make your applications by registered letter with return receipt mail. Only the information that belongs to you will be provided. Any application about your spouse, relative, friends or any third person will not be accepted.
You can be sure that we will try to meet your requests, applications such as access, deletion, update, phasing out and correction, to the extent permitted by law and business requirements. If we are unable to fulfill your request, we will notify you about the reason. We would like to state that the copies of your data that you request to delete, correct and update may remain on the publication for a while after the request, as required by technical conditions.
Those who want to apply within the scope of DPA 2018 and in Turkish may make their applications by using the application forms at (http://Cloud Markethink.io/kvk/basvuru.html). Those who want to apply within the scope of GDPR and in English may make their applications by using the application forms on the Sites (http://Cloud Markethink.io/gdpr/request.html).
Cloud Markethink may request further information and documents from the applicants when necessary.
1. Request Information
As a data controller who processes your personal data, we take care to answer all your questions and requests regarding the processing of your personal data in a timely and duly manner.
2. Access and Correction
Cloud Markethink will take care to meet your acceptable and possible requests to allow you to access and correct your personal data that you have transferred to us, where permitted by law. However, we reserve the right to use your other personal data for the purposes of verifying your identity or for other security and support measures when we consider it necessary. Regarding the personal data we collect about you, you can request access, correction, suspension or phasing out of data.
3. Transfer to Third Parties
You may request the transfer of your Personal Data to third parties. However, this transfer can be carried out within existing technical capabilities of Cloud Markethink and within the time required by the working conditions. The data of the concerned parties are not given to third parties by our company in the cases mentioned above or without their approval and consent.
4. Deletion of Personal Data
Cloud Markethink protects the personal data it processes in accordance with the DPA 2018, GDPR and related legal legislation for the periods stipulated in the relevant legislation or required by the processing purpose.
When the legally required periods expire, the judicial processes are completed or other requirements disappear, these data can be deleted spontaneously or upon the request of the person concerned, can be destroyed or anonymized, or after reviewing the GDPR requirement, the processing can be continued provided that the necessary conditions are met again or data can be archived.
H. SECURITY OF YOUR DATA
All necessary technical and administrative measures are taken to protect the personal data collected by the Cloud Markethink and to prevent unauthorized access and to prevent our customers and potential customers from being suffered in accordance with DPA 2018 and GDPR.
1. Administrative Measures
2. Technical Measures
Cloud Markethink takes all possible technical measures relevant and possible. Security measures are constantly being renewed and developed. In order to reduce misuse and unauthorized access to personal data, we store the data in a separate system after receiving it, we use secure connections (Secure Sockets Layer of SSL) to encrypt all information between you and our website when entering your personal data.
3. Notification of Infringements
Cloud Markethink acknowledges that when it is notified that there is any infringement related to personal data, it should notify relevant Boards in Turkey and the EU from the date this situation was learned, without delay and within 72 hours at the latest. It minimizes the damage of the concerned and compensates the damage. When it is understood that the personal data have been intercepted by unauthorized persons, it immediately informs relevant Boards.
You can apply for the notification of infringements according to the procedures stated on our corporate website. Click for Application and Information Request Form
I. VALIDITY AND UPDATES OF POLICY