CONSENT, DATA PROCESSING AND PRIVACY NOTICE

(Ultimate Global Compliance Version – GDPR + KVKK + CCPA + LGPD Compliant)**


Profylee (“Platform”, “we”, “us”) is committed to processing, storing and protecting your personal data in accordance with the highest international privacy and security standards.

This Privacy Notice and Consent Statement has been prepared in compliance with:

GDPR (EU Regulation 2016/679), KVKK (Turkish Data Protection Law No. 6698), CCPA/CPRA, LGPD (Brazil), OECD Privacy Principles, ISO/IEC 27701 and other global data protection regulations.

Please read this document carefully before using the Platform.



1. DATA CONTROLLER

Since the company establishment process is ongoing, the Platform currently operates under the name Profylee.

Data Controller: Profylee

E-mail: [contact@example.com]

Address: [To be added upon company establishment]

Data Protection Officer (DPO): To be appointed. Until then, all requests should be submitted to the contact address above.



2. CATEGORIES OF PERSONAL DATA PROCESSED

The following categories of personal data may be collected, processed, stored and transferred for the operation of all Platform modules (Wallet, Flow, Works, Showcase, Publish, Analytics, Insight, Wall, Message, Calendar, AI Digital Identity, Search Engine):



2.1. Identity Data

  1. Name, surname

  3. Age / year of birth

  5. Gender (optional)

  7. Profile name / username



2.2. Contact Data

  1. E-mail address

  3. Phone number

  5. Location information (country/city)

  7. IP address



2.3. CV & Professional Career Data

(Required for the core functionality of the Platform)

  1. Education details

  3. Work experience

  5. Certificates and documents

  7. References

  9. Skills and competencies

  11. Foreign language proficiency

  13. All CV content uploaded by the user



**2.4. User-Generated or Uploaded Content

(Publish, Showcase, Works, Wall Modules)**

  1. Articles, writings, posts

  3. Project files and works

  5. Portfolio items

  7. Job listing details

  9. Announcements, posts, texts and images shared through Wall

  11. Comments, likes, interactions

  13. Uploaded files, visuals, documents, videos

Wall Module Clause:

“Content, posts, text, images, comments, likes and interaction data shared by the user through the Wall module are processed as User-Generated Content (UGC).”



2.5. Visual / Audio Data

  1. Profile photo

  3. Video CV (optional)



2.6. Messaging Data (Message Module)

  1. Direct message content

  3. Conversation records

  5. Timestamp information

Note: All message content is protected through robust security measures.



2.7. Wallet & Payment Data (Wallet Module)

  1. Wallet balance

  3. Credits used

  5. Transaction history

  7. Payment provider transaction ID (PayTR, Paddle)

  9. Invoice information

Credit card details are not stored by Profylee.



**2.8. Behavioral and Technical Data

(Analytics, Insight, AI, Search)**

  1. Platform usage behavior

  3. Search history

  5. Employer interaction logs

  7. Clickstream data

  9. IP, device, browser information

  11. Cookies

  13. Session logs (retained for 15 days)

  15. Heatmap, scroll and interaction data (anonymous)






**2.9. AI Model Processing Data

(Using OpenAI infrastructure)**

  1. Automated CV analysis

  3. Summarization, classification, tagging

  5. Matching score generation

  7. Profile optimization suggestions

  9. Embedding (vector) generation for search algorithms

Personal data is anonymized before processing.

No data is used for model training.



2.10. Calendar Integration (Google Calendar API – Full Scope)

  1. Event reading

  3. Event creation

  5. Event updating / deletion

  7. Meeting synchronization

Profylee fully complies with Google Calendar API Restricted Scope Requirements.





3. LEGAL BASIS FOR PROCESSING PERSONAL DATA

3.1. Explicit Consent (GDPR 6/1-a, KVKK 5/1)

  1. CV processing

  3. Profile matching

  5. AI-based analysis and summarization

  7. Global visibility

  9. Google Calendar API access

  11. Storage of Wallet transaction history

  13. Retention of message content



3.2. Performance of a Contract (GDPR 6/1-b, KVKK 5/2-c)

  1. Account creation

  3. CV sharing

  5. Job search and job posting

  7. Service exchange through Works module

  9. Operation of Flow, Pool and employer dashboards



3.3. Legitimate Interest (GDPR 6/1-f, KVKK 5/2-f)

  1. Fraud prevention

  3. Security logging

  5. Fake account detection

  7. Analytics and performance measurement



3.4. Legal Obligations (GDPR 6/1-c, KVKK 5/2-ç)

  1. Regulatory requests

  3. Government investigations

  5. Mandatory record retention (financial and legal)



4. PURPOSES OF PROCESSING PERSONAL DATA

4.1. Platform Services

  1. Creating digital CVs

  3. Profile visibility

  5. Job matching

  7. Job posting – application – offer processes

  9. Freelancer–employer interactions

  11. Content sharing through Wall

  13. Creating company/freelancer showcases

  15. Publishing articles and content

  17. Flow (Pipeline management)

  19. Pool (Candidate database)




4.2. AI-Based Processing

  1. CV analysis

  3. Recommendation generation

  5. Tag extraction

  7. Matching score generation

  9. Creating SEO-friendly digital identity

  11. Search engine optimization



4.3. Wallet Operations

  1. Credit movements

  3. Purchases

  5. Invoice generation

  7. PayTR / Paddle payment transactions



4.4. Security and Operational Purposes

  1. Fraud prevention

  3. IP log retention (15 days)

  5. Account security




5. SHARING PERSONAL DATA WITH THIRD PARTIES

5.1. Service Providers

  1. OpenAI (anonymized processing)

  3. PayTR

  5. Paddle

  7. Server/hosting providers

  9. Google Calendar API



5.2. Employers and HR Companies

Your profile may be viewed by global employers solely for job-related purposes.

There is no premium visibility system; all visibility is equal.



5.3. Government Authorities

Only when legally required.



5.4. International Transfers

Transfers outside Türkiye or the EU are carried out under:

  1. Standard Contractual Clauses (SCC)

  3. Data minimization

  5. Anonymization




6. DATA RETENTION PERIODS

  1. Profile & CV data: Active account + 1 year

  3. Wallet transactions: As required by financial regulations

  5. Logs: 15 days

  7. Message content: Until account deletion

  9. Flow / Pool data: 1 year

  11. Calendar data: Until user deletion request

All data is securely destroyed at the end of retention periods.



7. USER RIGHTS

Under GDPR (Articles 15–22), KVKK, CCPA, and LGPD, you have the right to:

  1. Request information

  3. Access your data

  5. Request correction

  7. Request deletion (“right to be forgotten”)

  9. Restrict processing

  11. Request data portability

  13. Object to processing

  15. Withdraw consent

  17. File a complaint with data protection authorities

Requests: [contact@example.com]



8. SECURITY MEASURES

Profylee implements:

  1. ISO/IEC 27001 & 27701 aligned security framework

  3. SSL/TLS encryption

  5. Two-factor authentication (2FA)

  7. Token-based API security

  9. Access log monitoring

  11. Data minimization

  13. Secure storage and access policies



9. CONSENT STATEMENT

(Required for the core functionalities of the Platform)

“I have read and understood the Privacy Notice.

I hereby give my explicit consent for Profylee to process my personal data for the purposes of:

Creating and managing my CV, profile, job matching, AI-powered analysis, messaging, search engine functions, calendar integration, wallet operations, security measures, global visibility, sharing with employers, and the operation of all Platform modules.

I consent to sharing my data with service providers such as PayTR, Paddle and OpenAI.

I consent to the anonymized processing of my data for AI-based operations.

I consent to the access and management of my calendar information through the Google Calendar API.”

I Accept

I Do Not Accept

Full Name:

Date:

(Digital confirmation is sufficient; no signature required.)