Dedi Application (“Dedi”) is a secure communication application using the end-to-end encryption method created by Bilgi Teknolojileri & İnternet Güvenliği Derneği (“BTİDER”). As BTİDER, we care so much about your privacy. For this reason, we would like to inform you of this policy about our processing activities according to the Law on the Protection of Personal Data no: 6698 (“LPPD”), EU General Data Protection Regulation (“GDPR”) dated 27 April 2016 and relevant secondary legislation (hereinafter: “Data Protection Regulation”)
1. WHO WE ARE?
As BTİDER, we are the data controller and our contant information is as below:
Name: Bilgi Teknolojileri & İnternet Güvenliği Derneği
Adress: Beytepe Mahallesi Umut Sokak Oryap KY Koop. Sit. No:44 Çankaya/Ankara
Phone: 0 312 222 02 84
2. WHICH DATA ARE WE PROCESSING?
Phone Number : You have to register with your phone number in order to use Dedi. Your phone number is stored in encrypted form on our servers located in Turkey.
Nickname and Avatar : You may add a nickname or avatar to your account. You can always update your information via the “Settings” section of Dedi. This information is stored in encrypted form on our servers located in Turkey.
ID and Contact Information
Information that you share with us when communicating with us to get support, make a complaint, or give a suggestion is only used for these purposes and then is deleted.
Dedi has to process your Contact List to find other Dedi users. You may refuse that processing, however, in that case, Dedi cannot work effectively. This information is stored in encrypted form on our servers located in Turkey.
Messages : Dedi or third parties cannot access the content of your messages as they are end-to-end encrypted. Your messages are not stored on Dedi’s servers but on your device at which you use Dedi. However, your undelivered messages (e.g. when the receiver’s phone is off) are stored in encrypted form on our servers for a limited time until they are delivered. In addition to this, media messages are stored in encrypted form on our servers for a limited time to make their transfer more efficient.
Dedi cannot Access your messages. Metadata regarding messaging (e.g. time or the parties of messaging) is stored in encrypted form on our servers in Turkey for Dedi to run properly.
Groups : Groups that you attend are stored in encrypted form on our servers in Turkey.
Contact Information : You may prefer Dedi to show which people in your contact list are Dedi users in order to use Dedi effectively. In that case, your contact list is stored in encrypted form on our servers in Turkey while completely protecting your and the people’s privacy in your contact list.
Technical Information : Additional technical information such as keys to ensure the efficient operation of calls and messaging, notification reception, and security of the account are stored in encrypted form on our servers in Turkey. Dedi keeps this technical information to the minimum required for the application to work properly.
3. LAWFUL BASIS AND THE METHOD OF THE PROCESSING
Dedi processes your personal data in accordance with the Data Protection Regulation.
We process your personal data on the following lawful basis:
- Processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract.
You accept the User Agreement by downloading Dedi. Our processing activity is directly related to the performance of this Agreement.
- It is necessary for compliance with a legal obligation to which the data controller is subject.
As also explained below, where Dedi is subject to legal obligations, it may process and share your personal data.
- Data processing is necessary for the establishment, exercise, or protection of any right.
Dedi may process and share your personal data in order to protect its or third persons’ rights, security, or property.
- Processing of data is necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject.
It is our legitimate interest to ensure that Dedi runs properly.
We collect and process personal data by non-automated means which provided that form part of our data filing system or, wholly or partially by automated means.
We collect your personal data via the following methods:
Personal Data We Collect Directly from You : We collect your personal data explained under the headings of “Account Information” and “ID and Contact Information” above directly from you. You share this information with us via Dedi, electronic form, e-mail, or other communication tools.
Personal Data We Collect Indirectly from You : We collect your data explained under the heading of “Usage Information” indirectly from you via your usage of Dedi.
4. PURPOSES OF THE PROCESSING
Account Information : Your phone number information is processed for you to be able to register Dedi.
ID and Contact Information : ID and Contact Information is processed in order to answer you when you would like to get support from us or make a complaint or give a suggestion.
Usage Information : Usage information is processed for the security of the application and to enable Dedi to run properly.
Other Information : We process your other information mentioned above for Dedi to work effectively.
5. TRANSFER OF YOUR DATA
We may work with third parties to enable Dedi to run properly. For instance, your phone number is transferred to the relevant operator for the verification of your mobile number so that the verification code can be transmitted to you during registration to the application. Your data is only transferred when it is mandatory for the functions of Dedi and it is not transferred for any commercial purposes such as advertising.
Dedi may share your data mentioned above with the authorities where it is subject to a legal obligation. Moreover, Dedi may share your data mentioned above with the authorities in order to protect its or thirds parties’ rights, security, or properties.
Your data is stored on our servers located in Turkey and is not transferred abroad.
6. STORAGE OF YOUR DATA
Your personal data is stored in encrypted form on our servers located in Turkey during the time required for only the purposes mentioned above.
Dedi retains your personal data for the period specified Data Protection Regulation.
7. YOUR RIGHTS
As per article 11 of LPPD and relevant regulation, you have certain rights as a relevant data subject. You can always contact us via firstname.lastname@example.org or our contact information specified above to exercise your rights below:
a) to learn whether your personal data are processed or not,
b) to demand for information as to if your personal data have been processed,
c) to learn the purpose of the processing of your personal data and whether these personal data are used in compliance with the purpose,
ç) to know the third parties to whom your personal data are transferred in country or abroad,
d) to request the rectification of the incomplete or inaccurate data, if any,
e) to request the erasure or destruction of your personal data,
f) to request reporting of the erasure or rectification operations carried third parties to whom your personal data have been transferred,
g) to object to the occurrence of a result against yourself by analysing the data processed solely through automated systems,
ğ) to claim compensation for the damage arising from the unlawful processing of your personal data.
In addition to these, Dedi Users have the right to lodge a complaint with the local data protection authority.
Dedi Users can exercise the rights below in addition to the above if they are in the EU:
a) to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
b) to obtain from the controller the erasure of personal data concerning him or her without undue delay where Data Protection Regulation applies
c) to obtain from the controller restriction of processing where Data Protection Regulation applies
d) to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where Data Protection Regulation applies
e) to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions
f) to want the controller to communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.