BiP Privacy Notice

Publication Date: 14/01/2021

Who We Are

The BiP Application (“Application”) is provided by BiP İletişim Teknolojileri ve Dijital Servisler A.Ş. (hereinafter to be referred to as “BiP”, “we”, “us”, “our”).

BiP is committed to protect and respect your Personal Data in accordance with the applicable data protection legislation, including the provisions of the Law No. 6698 on the Protection of Personal Data, General Data Protection Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data and other applicable laws (hereinafter referred to as the “Data Protection Legislation”).

This Privacy Policy (“Policy“) regulates the ways in which information (“Personal Data“) that makes your identity specific or identifiable (“you”, “you” or “belonging to the user”) can be collected, used and shared. If you have a request concerning this Notice or if you have a complaint, please contact us through our Data Protection Officer whose contact details are provided under “Contact us” section below. You may also contact your local data protection authority. For the interpretation of undefined terms stated in this Notice, we refer to the definitions as used in the internal BiP terms of use of BiP (“Terms of Use”). For more information about cookies please also read our cookie policy.

In What Way are Your Personal Data Collected?

BiP collects your Personal Data, depending on the products or services used, if you directly provide us with your own will or when you transmit information through the Application.This include information you provide when you register to use the Application, create an account, set up a profile, complete a form, correspond with us, purchase products through the Application or respond to surveys or promotions. In the following sections, you may find detailed information on which data are collected for which purposes.

Which Personal Data are Collected?

Although the information in this transcript may differ from person to person due to issues such as the products and services that people benefit from or their requests and consents, the categories of your personal data that can be processed by BIP are as follows.

Identity and Contact Details: data such as your phone number, user name (nickname), avatar, GSM operator, passwords used to keep the Application safe if available for the identity verification and for access to the account.

Usage Information: Technical data collected from your device through technical equipment, the type of messages (text message, video, etc.) sent (without collecting any information about its content), active time, type of services used, usage habits related to the application interface, the last access to the application date, errors and information about the error that occurred during the use of the application, data related to the communication type (BiP Out Calls, call/instant messages etc.), the duration, time, type, parties and contacts of communication. BiP does not collect any data related to the content of your communication made via the Application.

Personalization Information and Polls: Nickname, Profile Photo, Status Information, Blocked Numbers. Data on the results of surveys conducted through the application.

Location Data: The location data of the users depending on the settings of their device (approximate) location.

Device Data: data such as device model, operating system of the device, preferred phone language, information regarding which operator the users use, country information.

Backup Data: in case the users request, the communication data can be backed up by BiP.

Address Book Data: Contact List containing phone numbers and related details stored on the user’s device.

For What Purposes Your Personal Data are Processed?

Depending on the relationship you have established with BiP, your Personal Data may differ from person to person depending on the product / services used, but in accordance with the legislation on the protection of personal data, it may be processed for the following purposes and legal grounds specified in the legal basis article.

Identity Information: These are processed for the purposes of user registration, error/failure notice, control, developing and realizing operational activities, business development, measurement of the service quality, communication, intra-company evaluation, promotion, service analysis, complaint management, management of the customer survey process and forwarding the Application subscription to other devices.

Usage and Favorites: These Personal Data are processed for the purposes of business development, direct or indirect marketing (customer campaigns, advertisement, services and functions within the application which are being advised to the customers, the offering of advertisements), profiling (the offering of advertisements according to your preferences, diversification of customers according to location, operator, tenure, the duration of using the application, and its functions), supervision and control, risk management, intra-company evaluation, measurement and development of the service quality, communication, execution of the complaint management processes, execution and development of operational activities, translate services which are being provided by Microsoft and Google (as further referenced below), error/failure notice and recovering service quality based on usage habits.

Location Data: These Personal Data are processed for the purposes of allowing users to share their location with each other, supervising and controlling location services associated with the “Discovery” area, product and strategy development.

Device Data: These Personal Data are processed in order to optimize the Application and related services and to enable the device to work properly with the Application and its settings.

Usage Information: These Personal Data are used to determine the usage habits with the purpose of the business development, marketing, enhancing the service quality and the unauthorized and fraudulent use. During the processing of these personal data, there is no processing of any data regarding the content of the communication.

Backup Data: These Personal Data are used for backing up the communications of the users at their request. The messages that the user has received from or sent to another user shall be archived only upon the request of the other user.

BiP may anonymize and aggregate any of the data which has been collected (so that it does not directly or indirectly identifies or specifies the users). BiP may use anonymized data for purposes that include testing its IT systems, research, data analysis, improving the Application, developing new products, advertisement, profiling and features or displaying information via the Application

What is The Legal Basis for Processing the Personal Data?

BiP is obligated to process the Personal Data in accordance with the above-mentioned purposes and in compliance with the applicable Data Protection Legislation. The Personal Data processed by  BiP may be required for registering the use of the Application, creating an account, setting up a profile, completing a form, corresponding with BiP, purchasing products through the Application or responding to surveys or promotions, for which the user has given its consent.

Although the legal basis for the processing of Personal Data may differ from person to person due to the following legal reasons, products and services used by individuals, or requests and consents, the user can withdraw the consent at any time in cases where the user has given consent as the legal basis for the processing of Personal Data, the user always has the right to withdraw consent at any time.

Personal Data may be collected wholly or partially via automatic or non-automatic methods, processed and transferred for the purposes contained in this Notice based on legal grounds indicated in Articles 5 and 6 of Law on the Protection of Personal Data and listed hereunder and also Article 6 of GDPR (or other Applicable Data Protection Legislation)

• As required explicitly stipulated in the legislation to which  BiP is subjected,

• Provided that the processing is directly related to conclusion or performance of a contract, it is necessary to process Personal Data of the parties to the contract in order to be able to provide the requested products and services, or to fulfill the requirements of any contracts that users have concluded,

• Data processing is mandatory in order for BiP to fulfill its legal liabilities,

• Respective Personal Data has already been made public by data subject,

• Data processing is obligatory for the establishment, exercise or protection of a right,

• Data processing is necessary for the legitimate interests of BiP, provided that such collecting, processing and transferring do not violate the fundamental rights and freedoms of the data subjects.

Purpose Limitation

The Personal Data may only be processed to the extent necessary for the purposes described above. Personal Data may not be processed for other purposes other than that for which the Personal Data were collected. If there is a necessity or need to process Personal Data for other purposes, BiP shall investigate whether the purposes of the intended data processing are compatible with the original purposes. BiP shall provide the user prior to that further processing with information on that other purpose. BiP shall minimize data processing as is reasonable and appropriate to do so.

Where is Personal Data Being Stored and Processed?

BiP servers are located in Turkey, all data is stored for use in Turkey.

Within the scope of cooperation of operators abroad, in line with the use of BiP in their own countries, data related to users of these countries can be transferred to the relevant operator and stored on that operator’s servers. BiP takes all reasonable steps to ensure that the Personal Data is treated securely and in compliance with this Notice and the Data Protection Legislation. The transfer of Personal Data take place only in compliance with the applicable Data Protection Legislation, and where appropriate safeguards are in place that ensure the level of protection of parties as required by the applicable laws.

With Whom and For What Purposes are the Personal Data Shared?

BiP may share the Personal Data it has obtained with the following parties in accordance with the purposes and regulations set out in this Policy:
Users: Users may share the Personal Data with other users (including Official Accounts) as part of the Application so users are able to interact with other users as permitted by the functionality of the service and their preferences and applicable law. Where a User shares Personal Data of another individual, they take full responsibility for their actions in doing so.
Law enforcement, regulators and other parties for legal reasons: BiP is obliged to provide Personal Data within a legal obligation and in order to protect both its own rights, property or security and the rights, property or security of third parties with authorities.
BiP may provide third parties with aggregate statistical data and analyses about users of the Application. BiP declares that no one can be identified from the data shared like this as long as it has not been disclosed by BiP.
If you activate automatic translation functionality, the submitted words will be shared with a third-party service provider Microsoft and Google. BiP is not responsible for such third-party service providers.
Communication content between users is not monitored.

Your Rights Regarding Your Personal Data

Application users, pursuant to the Article 11 of Law on the Protection of Personal Data, may be entitled to exercise the following rights:

• To learn if their Personal Data is processed or not,

• If processed, to request information in this regard,

• To learn the purpose of processing for Personal Data and to know whether it is processed based on these purposes,

• To learn the third parties inside Turkey or abroad to whom the Personal Data is transferred,

• To request Personal Data to be corrected if it has been processed deficiently or incorrectly,

• To have their Personal Data deleted or destroyed within the framework of terms set forth in Article 7 of Law on the Protection of Personal Data,

• To request transactions made pursuant to correction, deletion and destruction rights indicated above to be informed to the third persons to whom Personal Data is transferred,

• To object to processing of their Personal Data exclusively by automatic means,

• To request to indemnify the damage they have suffered in case of illegal processing of their Personal Data.
In addition to the rights stated above, depending on their location, the Application users may also have the right to:

• Learn whether their Personal Data are being processed;

• Request information and a copy if their Personal Data have been processed;

• Learn the purpose of the processing of Personal Data and whether these are being processed in compliance with such purpose;

• Learn the third-party recipients to whom the Personal Data are disclosed within the country or abroad,

• Request rectification, correction or limitation of the processed Personal Data which is incomplete or inaccurate,

• Erasure or destruction of data in accordance with the conditions set forth in the Data Protection Legislation,

• Request processing is restricted where dependent on user consent,

• If applicable, request their personal data, which they provided to BiP, is transferred to another data controller or data subjects themselves in a structured, commonly used and machine-readable format,

• Object to the processing of their personal data

• Notify the third person to whom the Personal Data are disclosed, about the processes regarding rectification, erasure and destruction of data,

• Object to negative consequences about them that are concluded as a result of analysis of the processed Personal Data by solely automatic means, which produces legal effects or significantly affects them,

In order to exert any of your rights stated above in relation to your Personal Data or exert your right of data portability (if applicable), please contact us using the contact details set out in the “Contact Us” section below. In order to help you find the data you would like to use your abovementioned rights, please provide as much information as you can about the data you would like to use your rights. Information provided shall be free of charge, unless the request is clearly unfounded or disproportionate, in which case a reasonable fee may be requested, or the request may be refused. Users also have the right to lodge a complaint with a local supervisory authority.

Alternatively, you can forward your questions and requests regarding your Personal Data via one of the following methods:

(i) Once you download Personal Data Application Form (https://bip.com/form/personal-data-application.pdf) to your device, by filling it digitally and e-mailing to bipiletisim@hs03.kep.tr address from your registered electronic mail (KEP).

(ii) Once you print out the Personal Data Application Form, by completing the form in writing and sending it to “BiP İletişim Teknolojileri ve Dijital Servisler A.Ş. Aydınevler Mahallesi İnönü Caddesi No:20 Küçükyalı Ofis Park B Blok – Maltepe/İstanbul” address via the notary public.

(iii) Send an e-mail to kisiselverilerikoruma@bip.com using your application that you have prepared in accordance with Comminuque on the Principles and Producers for the Request to Data Controller, by using your e-mail address which is previously notified to the company applied and registered in the company’s system.

Age Restriction

Users must be 16 years of age or older to subscribe, register or share any Personal Data to the Application and we do not intend to solicit, collect or process Personal Data of Users under the age of 16. In certain jurisdictions, the age may be older than 16, in which case, you must satisfy that age in order to become a subscriber. If you believe we have inadvertently processed Personal Data of a User under the age of 16, please contact us at the details provided.  If we discover that we have inadvertently processed the Personal Data of any user under the age of 16, we reserve the right to delete it.

Retention Period of Personal Data

BiP shall retain Personal Data during the period necessary for the purpose(s) for which it has been collected and/or is being processed for up to 2 (two) years unless a longer retention period is established by applicable laws. This includes the retention of Personal Data during a limited period determined as per the relevant legislation in case any dispute might arise from the Terms of Use. Please note that messages sent while a user is offline will be kept for a maximum of three weeks and will be deleted after the expiration of the aforementioned period. BiP will securely delete Personal Data and ensure all recipients of Personal Data comply with the same obligation as soon as Personal Data is no longer necessary in relation to the purpose for which it was processed unless BiP is required to retain Personal Data for a longer period by law.

Measures for Data Security

BiP takes the security of your Personal Data seriously and it has appropriate technical and organizational measures in place in order to prevent unauthorized access and unlawful processing of Personal Data. Your Personal Data is protected by our strong security features, which we strictly enforce and periodically review.

BiP shall not disclose any Personal Data of users to any third party in defiance of this Notice and/or applicable Data Protection Legislation. BiP shall only use Personal Data for secondary processing insofar such processing is compatible and lawful. In case Personal Data of the users are shared with outsource service providers in accordance with the provisions of this Notice, BiP shall take necessary measures so that such third-party providers shall provide at least a similar level of security for the personal data.

However, BiP does not bear any responsibilities for third party applications to which a link is provided via the Application and for transactions conducted with other users and/or third parties under the “Discover feature of the Application, where the Application has channels related to different subjects, with the aim of providing different content to users, to the extent these applications are not under the control of BiP.

Automated Decision Making We do not use Personal Data to make automated decisions about users.

About This Policy

BiP shall update and change the provisions of this Notice, e.g. in case of any change/update in the Data Protection Legislation, in which case the updated Notice will be brought under your attention by publishing it via the Application. Updates and changes in the Notice made by BiP shall be effective as of the date of its publication on the Application. The information in the policy may differ from person to person due to issues such as products and services that people benefit from or their requests and consents.

Contact us

Questions, comments and requests regarding this Notice can be addressed via email at info@bip.com  or in writing to the below e-mail or postal addresses:

Data Protection Officer
dpo@bip.com

Aydınevler Mahallesi İnönü Caddesi No:20/36 Küçükyalı Ofispark Maltepe/ İstanbul Turkey