logo

PRIVACY AND COOKIE POLICY

Effective Date: 05.07.2025

Last Updated: 05.07.2025

*
*
*

1. DEFINITIONS AND SCOPE
1.1 Data Controller: [Company Title], [Trade Registry No], [Tax No], [Address]
1.2 EU Representative (GDPR Art.27): [Name & Contact Information]
1.3 Contact: privacy@profylee.com | +90 XXX XXX XX XX
1.4 This policy applies to all individual and corporate users and visitors using the Profylee platform.

*
*
*

2. COLLECTED DATA CATEGORIES
2.1 Identity Information: Name, surname, ID number, passport – Parental consent required for under 16.
2.2 Professional Information: CV, education, experience, documents – Used for candidate matching.
2.3 Financial Data: Credit card, IBAN, invoice information – Encrypted in PCI-DSS compliant manner.
2.4 Session and Behavioral Data: Click history, IP, session information – Processed for AI analysis and security audit.
2.5 Visual Data: Profile photo, video – Collected based on user preference.

*
*
*

3. DATA PROCESSING PURPOSES
3.1 Membership and account management
3.2 AI-assisted position and candidate matching
3.3 Fulfillment of legal obligations
3.4 Service quality improvement and analysis
3.5 Security and fraud prevention
3.6 Marketing and personalization (only with explicit consent)

*
*
*

4. LEGAL BASIS AND INTERNATIONAL DATA TRANSFER
4.1 Pursuant to KVKK and GDPR, the following legal bases apply:
4.1.1 Explicit Consent: KVKK 5/1, GDPR 6/1(a)
4.1.2 Contract Necessity: KVKK 5/2(c), GDPR 6/1(b)
4.1.3 Legal Obligation: KVKK 5/2(ç), GDPR 6/1(c)
4.1.4 Legitimate Interest: KVKK 5/2(f), GDPR 6/1(f)
4.2 International data transfers are only carried out with SCC (Standard Contractual Clauses) and additional security measures.
4.3 Transfer providers: AWS (Ireland/USA), Google Cloud (Netherlands), Stripe (USA)

*
*
*

5. DATA RETENTION PERIODS
5.1 Membership Information: Until account deletion – Completely deleted within 90 days.
5.2 Financial Data: 10-year legal retention period – Stored in encrypted archive.
5.3 CV and Contents: 2 years in passive accounts – Automatically marked and deleted.

*
*
*

6. USER RIGHTS AND APPLICATION METHODS
6.1 Your Rights (KVKK Art.11, GDPR Art.15–22):
a.Access, correction, deletion
b.Data portability (CSV/JSON)
c.Withdrawal of consent
d.Objection to automated decisions
6.2 Application Methods:
6.2.1 In-platform: [Data Rights Panel]
6.2.2 Email: privacy@profylee.com
6.2.3 Mail: [Company Address] (notarized application)
6.3 Response time: KVKK: 30 days, GDPR: 1 month

*
*
*

7. COOKIE POLICY
7.1 Profylee uses cookies to improve user experience. Layered consent management is applied.
7.2 Cookie types and descriptions:
Essential: session_id – Session and security purposes – No consent required
Analytics: _ga, _gid – Anonymous analysis – Explicit consent required
Functional: lang_pref – Preference and language memory – Explicit consent required
7.3 All cookie preferences can be updated from the [Cookie Settings] page.

*
*
*

8. SECURITY MEASURES AND BREACH MANAGEMENT
8.1 Technical measures: AES-256 encryption, TLS, 2FA, IP filtering
8.2 Organizational measures: ISO/IEC 27001 and 27701 compliance, staff awareness training
8.3 Breach notification:
8.3.1 To competent authorities within 72 hours
8.3.2 To users within 7 days (if risk exists)

*
*
*

9. CHILDREN'S DATA AND SPECIAL CATEGORIES
9.1 Parental consent is required for users under 16.
9.2 Special category data is only processed with explicit consent.
9.3 Full compliance with COPPA and GDPR Art.8 is ensured.

*
*
*

10. THIRD PARTIES AND SUB-PROCESSORS
10.1 Service providers used and data usage:

10.1.1 AWS (EU/USA): Server hosting – Encrypted data
10.1.2 Google Cloud (EU): Integration – User content
10.1.3 Stripe (USA): Payment processing – Tokenized card data
10.1.4 Google Analytics: Anonymous site analytics – Global
10.1.5 SendGrid (USA): Email notifications – Email address
10.1.6 Cloudflare: Traffic security – IP & session data – Global

*
*
*

11. UPDATES
11.1 Policy updates are announced at least 30 days in advance via in-platform and email.
11.2 The most current text can always be accessed at https://profylee.com/privacy.

*
*
*

12. COMPETENT COURT AND LAW
12.1 Turkey: Istanbul Çağlayan Courts – Turkish Law
12.2 EU & United Kingdom: London Commercial Court – English and Welsh Law
12.3 USA: Delaware State Courts – Delaware Law
12.4 Others: ICC Arbitration (Paris) – UNCITRAL Rules

*
*
*

APPENDICES
Appendix A – Data Processing Inventory: All data types, purposes, legal bases, and retention periods are listed in table format.
Appendix B – Artificial Intelligence Transparency Report: CV matching, content tagging, and recommendation engines work with AI systems; trained only with anonymous data; decisions are subject to human oversight.
Appendix C – Data Breach Notification Procedure: Technical detection within 24 hours, authority notification within 72 hours, user notification within 7 days is implemented.
Appendix D – Extended Cookie Policy: Cookie type, name, provider, retention period, and purpose are listed. Users can access at https://profylee.com/cookies.