EN
TR
Login
EN
TR
Products
Products
Web Application
eSignature API
Features
About eSignature
What is eSignature
eSignature in Europe
eSignature levels
Biometric Signature
Pricing
eSignature
eSignature
eSignature Software
eSignature in Europe
How to sign electronically?
eIDAS
What is eSignature
eSignature Levels
Security & eSignature
Resources
Rescources
Use Cases
Blog
Documentation
Contact Us
Login Try for free
EN Login
Try for free
Search in
EN
Home

Privacy Policy

Update Date: 27.12.2023

This Privacy Policy and Personal Data Text, Altunizade Mahallesi Kısıklı Caddesi No:4 (1.Blok) Floor:3 İç Kapı No:9 Üsküdar / İSTANBUL Digital Transformation Technology Services Inc. operating at. To Members who become members of the Site operated and managed by ( DDTech ); Apart from these, Visitors, Site It has been prepared to enlighten and inform Members, Visitors and Buyers about the terms and conditions regarding the use of data obtained and/or to be obtained from Members, Visitors and Buyers in any way within the scope of the Services offered through and the processing methods of the data.

  1. Definitions and General Explanations

In this Policy:

Relevant Person/s; Buyer, Member and Visitor,

Law; Personal Data Protection Law No. 6698,

Policy; this Privacy Policy and Personal Data Text,

Data Controller; It refers to the person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

Capitalized terms used in this Policy and not separately defined herein shall have the meanings they have in the Site Usage Agreement.

DDTech adopts this Policy regarding the confidentiality, use and other related matters of the information processed regarding the Members for whom it has started to provide Services or those who access the Site without directly benefiting from the Services.

Personal data refers to any information regarding an identified or identifiable natural person. For this reason, the regulations regarding personal data contained in this text will apply if the relevant information belongs to a natural person. If the relevant information belongs to legal entities, regulations other than the regulations regarding personal data in this text apply.

DDTech attaches importance to the confidentiality of data and takes care to be transparent about storing information. This Policy includes clarification on what types of data are collected, how this data is used, with whom this information is shared if necessary, what the rights are regarding personal data and how these rights can be exercised, and the principles adopted by DDTech regarding confidentiality.

DDTech encrypts the Document uploaded to the Site by the Member using SSL technology/methods at the time of upload and does not access the Document, the Document content and personal data that may be obtained through the Document in any way.

DDTech Document signed by the Buyer; It encrypts the time stamp, location information and the Recipient’s signature certificate and does not access the Document, the Document content or personal data that can be obtained through the Document in any way.

After the Document is signed by the Buyer, the signed Document is forwarded to the Member by DDTech. The Member and the Buyer will be able to save the signed Document to any electronic medium they wish via the Site . The account manager can delete it if he/she wishes ; any information about a deleted document is not stored within the Site and/or by DDTech in any other way.

DDTech processes the Recipient information shared by the Member for the purpose of signing the Document only for the purpose of transmitting the Document to the Recipient, and after the Document is transmitted to the Recipient. 

Personal data is processed in accordance with the following basic principles as regulated in the Law:

  • Complying with the law and the rules of honesty,
  • Being accurate and up to date when necessary,
  • Processing for specific, clear and legitimate purposes,
  • Being related to the purpose for which they are processed, being limited and proportionate,
  • To be kept for the period stipulated in the relevant legislation or necessary for the purpose for which they are processed.
  1. Enlightening and Informing the Relevant Person

During the acquisition of personal data in accordance with the Law, DDTech is obliged to enlighten/inform the real persons whose data will be processed in accordance with Article 10 of the Law. The scope of this disclosure obligation is as follows:

  • Identity of the data controller and his representative, if any,
  • For what purpose personal data will be processed,
  • To whom and for what purpose the processed personal data can be transferred,
  • For the management and legal reason of personal data collection,
  • Rights of the person concerned.  

In this context, DDTech aims to provide the necessary clarifications with this Policy. In accordance with the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation of Disclosure, DDTech fulfills its obligation to inform the Recipient as the Relevant Person within a reasonable period of time after the personal data is obtained with this Policy, since the identity and contact information of the Recipients are not obtained from them.

  1. Collection of Personal Data, Collection Method and Legal Reasons

Information sent by Relevant Persons to DDTech while subscribing to the Site and/or while using the Site or Services, collected by automatic means through the Site, and Information shared through and/or stored in accessible form may fall within the scope of personal data processed within the scope of this Policy. The identity and contact information of the Buyers are transmitted to DDTech by the Members.

Personal data may be collected verbally, in writing or electronically through DDTech’s websites, call centers that may receive service from third parties and all other similar channels, through the Site, automatically or non-automatically. If the Relevant Persons benefit from the Services or access the Site even if they do not benefit from the Services, the information specified below regarding the Relevant Person and his use of the Services from various sources is collected for the legal reasons stated below.

The information below is stated separately if the Relevant Person is a Member, Buyer and Visitor; It will find its application area depending on the title of the Relevant Person.

  1. Data Categories and Data Types
MemberIdentity InformationName, surname, TR ID number
Communication informationPostal address, e-mail address, home or work phone/mobile phone number
Customer Transactionhttps://tapandsign.com/api-pricing/ , https://tapandsign.com/application-pricing/ for the provision of Services to the Member in accordance with the service agreement concluded with DDTech.  and the package selected through the Site and payment information for the package.
Transaction SecurityIP address information, website login and logout information, password and password information, document timestamp and information collected through cookies.
BuyerIdentity InformationName, surname, TR ID number
Communication informationPostal address, e-mail address, home or work phone/mobile phone number
Transaction SecurityIP address information, website login and logout information, password and password information, document timestamp and information collected through cookies.
VisitorTransaction SecurityIP address information, website login and logout information, password and password information, document timestamp and information collected through cookies.
  1. Legal reasons

The above-mentioned personal data is subject to the Relevant Person disclosing this data to DDTech and for the purposes listed below; In accordance with the conditions and principles contained in Article 4 of the Law and repeated in this Policy; It may be processed within the personal data processing conditions specified in Articles 5 and 6 of the Law. The legal reasons for each data category are clearly stated below:

MemberIdentity InformationIt is clearly stipulated in the law,It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,It is mandatory for DDTech to fulfill its legal obligation,Data processing is mandatory for the establishment, exercise or protection of a right,It is necessary to process data for the legitimate interests of DDTech, provided that it does not harm the fundamental rights and freedoms of the Relevant Person.
Communication informationIt is clearly stipulated in the law,It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,It is mandatory for DDTech to fulfill its legal obligation,Data processing is mandatory for the establishment, exercise or protection of a right,It is necessary to process data for the legitimate interests of DDTech, provided that it does not harm the fundamental rights and freedoms of the Relevant Person.
Customer TransactionIt is clearly stipulated in the law,It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,It is mandatory for DDTech to fulfill its legal obligation,Data processing is mandatory for the establishment, exercise or protection of a right,It is necessary to process data for the legitimate interests of DDTech, provided that it does not harm the fundamental rights and freedoms of the Relevant Person.
Transaction SecurityIt is clearly stipulated in the law,It is mandatory for DDTech to fulfill its legal obligation.
BuyerIdentity InformationIt is clearly stipulated in the law,It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,It is mandatory for DDTech to fulfill its legal obligation,Data processing is mandatory for the establishment, exercise or protection of a right,It is necessary to process data for the legitimate interests of DDTech, provided that it does not harm the fundamental rights and freedoms of the Relevant Person.
Communication information
It is clearly stipulated in the law,It is necessary to process personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract,It is mandatory for DDTech to fulfill its legal obligation,Data processing is mandatory for the establishment, exercise or protection of a right,It is necessary to process data for the legitimate interests of DDTech, provided that it does not harm the fundamental rights and freedoms of the Relevant Person.
Transaction SecurityIt is clearly stipulated in the law,It is mandatory for DDTech to fulfill its legal obligation.
VisitorTransaction SecurityIt is clearly stipulated in the law,It is mandatory for DDTech to fulfill its legal obligation.
  1. For what purpose will personal data be processed?

Within the scope of this Policy, the personal data of the Relevant Persons listed in Article 2 are processed for the following purposes in accordance with the general conditions specified in this Policy:

MemberIdentity InformationCarrying out activities in accordance with the legislationCarrying out commitment processes for companies/products/servicesFollow-up and execution of legal affairsCarrying out communication activitiesExecution/supervision of business activitiesCarrying out activities to ensure business continuityCarrying out after-sales support servicesExecution of service sales processesExecution of service production and operation processesExecution of customer relationship management processesCarrying out activities for customer satisfactionExecution of advertising/campaign/promotion processesExecution of contract processesFollow-up of requests/complaints
Communication informationCarrying out activities in accordance with the legislationCarrying out commitment processes for companies/products/servicesFollow-up and execution of legal affairsCarrying out communication activitiesExecution/supervision of business activitiesCarrying out activities to ensure business continuityCarrying out after-sales support servicesExecution of service sales processesExecution of service production and operation processesExecution of customer relationship management processesCarrying out activities for customer satisfactionExecution of advertising/campaign/promotion processesExecution of contract processesFollow-up of requests/complaints
Customer TransactionCarrying out financial and accounting affairsExecution/supervision of business activitiesCarrying out after-sales support servicesExecution of service sales processesExecution of contract processes
Transaction SecurityExecution of information security processesConducting audit/ethics activitiesExecution of access authorizationsExecution/supervision of business activitiesCarrying out activities to ensure business continuityProviding information to authorized persons, institutions and organizations
BuyerIdentity InformationCarrying out activities in accordance with the legislationFollow-up and execution of legal affairsCarrying out communication activitiesExecution/supervision of business activitiesCarrying out activities to ensure business continuityExecution of contract processes
Communication informationCarrying out activities in accordance with the legislationFollow-up and execution of legal affairsCarrying out communication activitiesExecution/supervision of business activitiesCarrying out activities to ensure business continuityExecution of contract processes
Transaction SecurityExecution of information security processesConducting audit/ethics activitiesExecution of access authorizationsExecution/supervision of business activitiesCarrying out activities to ensure business continuityProviding information to authorized persons, institutions and organizations
VisitorTransaction SecurityExecution of information security processesConducting audit/ethics activitiesExecution of access authorizationsExecution/supervision of business activitiesCarrying out activities to ensure business continuityProviding information to authorized persons, institutions and organizations
  1. Transfer of Personal Data

DDTech may transfer the personal data obtained by the Relevant Person to servers abroad for the purpose of performing the Services offered by DDTech through the Site and provided that it fulfills the obligations declared in the Policy. DDTech may also transfer personal data regarding Relevant Persons to the following persons for the following purposes:

Related personTransfer Purpose and Transferred Group
MemberSharing contact information with intermediary service providers for the purpose of sending SMS or e-mail;Sharing invoice information with the e-invoice supplier to send the Member’s e-invoice electronically;Sharing personal data with a lawyer for the purpose of carrying out legal processes and/or receiving consultancy services;Sharing electronic member data with suppliers for storage;Sharing site usage preferences and navigation history with suppliers for segmentation purposes;Transfer of Member data to DDTech’s business partners and shareholders due to measurement and reporting and commercial relations established with DDTech’s business partners/shareholders.
BuyerSharing contact information with intermediary service providers for the purpose of sending SMS or e-mail;for segmentation purposes .
VisitorSharing site usage preferences and navigation history with suppliers for segmentation purposes.
  1. Technical and Administrative Measures Taken to Ensure Data Security

DDTech undertakes to take all necessary technical and administrative measures and to exercise due care to ensure the confidentiality, integrity and security of personal data. In this context, it takes the necessary measures to prevent unlawful processing of personal data, unauthorized access to data, unlawful disclosure, alteration or destruction of data. In this direction, DDTech; It takes the following technical and administrative measures regarding the personal data it processes:

Anti-virus application. All computers and servers in DDTech’s information technologies infrastructure have a periodically updated anti-virus application installed.

firewall The data center and disaster recovery centers hosting DDTech servers are protected by firewalls loaded with periodically updated software; The relevant new generation firewalls control the internet connections of all personnel and provide protection against viruses and similar threats during this control.

VPN. Suppliers; DDTech can access servers or systems via SSL-VPN defined on Firewalls. A separate SSL-VPN definition has been made for each supplier; With the definition made, the supplier only accesses the systems that it needs to use or has been authorized.

User definitions. The authority of DDTech employees to DDTech systems is limited only to the extent necessary by their job descriptions; Systemic authorities are also updated in case of any change in authority or duty.

Information security threat and incident management. Events occurring on DDTech servers and firewalls are transferred to the “Information Security Threat and Event Management” system. This system warns responsible personnel when a security threat occurs and provides the opportunity to respond to the threat immediately.

Penetration test. Periodically, penetration tests are carried out on the servers in the DDTech system. The security vulnerabilities that arise as a result of this test are closed, and a verification test is performed to verify that the relevant security vulnerabilities are closed. In addition, penetration testing is performed automatically by the Information Security Threat and Incident Management system.

Information Security Management System (ISMS). At the ISMS meetings established within DDTech, the topics in the control forum are audited monthly by the information technologies director and financial affairs manager.

Education. In order to increase the awareness of DDTech employees against various information security violations and to minimize the effect of the human factor in information violation incidents, training is provided to employees at regular intervals.

Pseudonymous data. It uses the Pseudonymization (pseudonymised data) method for all secondary data processing other than the primary processing purpose (Example: Ahmet Yılmaz “A… Y…”).

Physical data security. It ensures that personal data in paper form is kept in locked cabinets and can only be accessed by authorized persons.

Deletion of cookies. Personal data processed through cookies belonging to third parties from whom services are received are deleted from third party systems if the membership is terminated.

Although DDTech takes the necessary information security measures, in the event that personal data is damaged or obtained by unauthorized third parties as a result of attacks on the Site or the DDTech system, DDTech immediately notifies the Relevant Persons and the Personal Data Protection Board and takes the necessary measures. gets.

  1. Changes and Updates

As DDTech, we have the right to change the Policy, provided that it complies with the Law and better protects personal data.

This Policy may be re-edited and updated as new features are added to the Site or new suggestions come from Relevant Persons. However, in this case, the Relevant Persons will be informed by publishing the changes on the Site. We may notify you of such changes, in some important cases, by additional notices, as appropriate, by e-mail or by another conspicuous method reasonably designed to notify the Relevant Persons. Upon notification of these changes, if the Relevant Person continues to access the Site and benefit from the Services after the notification period, he/she will be deemed to have consented to the changes in the Policy. Therefore, we recommend that the Relevant Person review the Policy each time he/she accesses the Site. If the policy provisions change, it will come into force on the date of publication.

  1. Rights of Related Persons

Relevant Persons have the following rights against the Data Controller DDTech in accordance with Article 11 of the Law;

  • Learning whether personal data is processed or not,
  • Requesting information if personal data has been processed,
  • Learning the purpose of processing personal data and whether they are used for their intended purpose,
  • Knowing the third parties to whom personal data is transferred at home or abroad,
  • Requesting correction of personal data in case personal data has been processed incompletely or incorrectly and requesting that the action taken in this context be notified to third parties to whom personal data has been transferred,
  • Requesting the deletion or destruction of personal data, within the framework of the conditions stipulated in Article 7 of the Law, in the event that the reasons requiring processing are eliminated, even though it has been processed in accordance with the provisions of the Law and other relevant laws, and requesting that the action taken in this context be notified to third parties to whom the personal data has been transferred,
  • To object if the processed data is analyzed exclusively through automatic systems and results in a result against the Relevant Person,
  • Requesting compensation of the damage in case the Relevant Person suffers damage due to the processing of personal data contrary to the law.

Complaints/requests made by the Relevant Persons whose personal data are processed by DDTech in order to exercise their rights will be answered and concluded by DDTech as positive/negative with reasons as soon as possible and within 30 days at the latest. The answering process is free of charge as long as there is no additional cost; If an additional cost is required, DDTech may charge the fee at the tariff determined by the Personal Data Protection Board.

The Relevant Person can submit his requests and complaints in person, provided that his identity is checked by the relevant unit of DDTech, or by proxy, provided that a notary approved power of attorney is presented, applications made through a notary, and through registered e-mail addresses, provided that a secure electronic signature is used, at info@tapandsign.com can be made to the address.

In accordance with the Law, the Relevant Person has the right to apply to the Personal Data Protection Board within thirty days from the date of learning of DDTech’s response, from the first response to the first complaint application, and in any case within sixty days from the date of first application, and compliance with the said periods is detrimental. It is of quality. Additionally, Covered Persons may visit the “Contact” page to change their communication preferences.

Company Title : Digital Transformation Technology Services Inc.

Address: Altunizade Mahallesi Kısıklı Caddesi No:4 (1.Blok) Floor:3 İç Kapı No:9 Üsküdar / İSTANBUL 

Email: info@tapandsign.com

Phone: (0216) 255 50 05

Cookie Policy

We use cookies and similar technologies to help personalise content, tailor and measure ads, and provide a better experience. By clicking OK or turning an option on in Cookie Preferences, you agree to this, as outlined in our Cookie Policy. To change preferences or withdraw consent, please update your Cookie Preferences.