Last Updated: March 27, 2019
Colendi Yapay Zekâ ve Büyük Veri Teknoloji Hizmetleri Anonim Şirketi (from hereinafter referred to as “Colendi”, or “us”), its website (www.colendi.com), and its mobile applications (both hereon referred to as “Sites”) adopt the following privacy policy for any user who registers with either one of these sites (from hereinafter referred to as “User”, or “Users” in plural). Colendi’s mission is to provide its Users a credit scoring service that is based on financial and social credibility scores. The service is enabled through advanced technologies and applications that are developed by data from Users and from the platform. The platform obtains credit from sellers and Users’ credit scores (the platform will be referred to as “Services” from hereinafter). At the crux of this mission, the data we collect about you, how we use it, how we share it, and how we protect it are essential in order to ensure the safety of your data.
This privacy policy contains information about how you can monitor the integrity of personal and private data (from hereinafter referred to as “data”) collected from Users under this privacy policy (from hereinafter referred to as “Policy”). The Policy also has Colendi’s contact information, and how you can request to delete/anonymize data if you so choose. The Services are provided in blockchain structure which comes with the principles of nonerasable data. Any information that is collected directly by Colendi from you when you register (from hereinafter referred to as “User Contact Data”) will be held encrypted in the blockchain. But the data collected from third parties and surveys for calculating User’s credit score, will not be stored in the blockchain. Therefore, when Users start using Services, only Users’ Contact Data will be added to the blockchain system and will not be erased even after Users delete their accounts.
Blockchain is a decentralized digital recording system that keeps the data in blocks which attach each other and create a chain. Once the data is added to blockchain, it cannot be erased. Therefore, even if the User erases his/her account, the User’s Contact Data will be kept in the blockchain system. The data kept in blockchain is encrypted and only the User has access to unencrypted version.
The Users Contact Data is mutually kept in all computers who connect to the blockchain system rather than being stored on a centralized server. The computers in the blockchain validate each other and update simultaneously. However, the computers in the blockchain and Colendi will only have access to the encrypted version of data.
Colendi collects data directly from you, Colendi’s own technology, and from third party sources in order to maintain the results you expect from its Services.
Users who register with one of Colendi’s Sites express their consent to Colendi’s data operations. The operations include data collection from social media accounts, smartphone data, and appropriate commercial shopping history with the consent of Users.
Name and Contact Information: Colendi collects the Users' name, surname, phone number, email address, country of residence, and its addresses.
Authentication Information: User’s password, membership information, and account authentication are processed. Account authentication is held after all the information is anonymized.
Demographic Data: Date of birth, age, and gender are processed.
Favorites and Usage Data: Data from social media sites (only the ones consented by User through the social media account connection page such as Facebook, LinkedIn, Google, Twitter, etc.) are gathered and processed from the User’s device(s), including smartphone(s). Additional favorites and usage data include p h o n e directory data, application usage data, visited pages, social media validation data, number of friends in a given social media platform, a User’s friends’ profile information (including data embedded in comments, photos, and social tastes).
Location Data: Data from a Users’ smartphone or social networks are processed.
Payment Data: Data from commercial purchases and payments are processed.
Device Information: Data from a Users’ electronic device model and its IP address information.
Cookies and Similar Technologies: Our “Cookie Policy” has information on how we use cookies and how you can control their use. You can check our Cookie Policy to get information.
Survey Information: We collect data from our surveys to profile Users status such as credit usage data, education level, income data, residential status, information about family members, profession, marital status, financial information and background (credit cards, bank accounts, loans), daily habits.
Under this Policy, irreversibly anonymous data will not be deemed as data.
We collect your data by the procedures below:
Collected data when you registered to Colendi: To benefit from the Services when you register to Colendi, we collect User Contact Data such as your name, surname, email, mobile phone number, date of birth, profile photo. User Contact Data is collected directly by Colendi and not be accessible to us after registration is completed
Collected survey data by Colendi: To personalize and improve the Services, we collect personal data (profession, education level, financial background, etc.) through surveys. Surveys will help us to provide Services to Users.
Data collected by third parties to benefit from our Services: In order to calculate your credit score, we collect data such as your address information, your social network data ofwhichyouprovidedconsent for (such as Facebook, Linkedin, Google, Twitter, etc.) collected rothrough your devices especially from your smartphone, your contacts information, application usage data, visited pages data, data
to determine whether you are a valid social media User, your friends’ p h o n e numbers and their profile information on social media, your comments and likes on the above mentioned social media platforms, your registered photographs on social media, your location data, payment data and device information, your commercial and payment information. Colendi is collecting data through third parties’ tokens embedded to the Sites. Token is a piece of data created by Colendi and allows Colendi to access information to identify the User when data are received from third parties. Third party data will only be collected if the User, provides expressly consent to Colendi through token to access data.
Colendi collects data in proportion to a specific User purpose in order to fulfill services a User requests. Where data are stored and processed, depends on how the data is collected. User Contact Data collected directly by Colendi will be stored in the distributed storage. Therefore, only the User will have access to the User Contact Data. Also, some of the data is stored on the mobile phone of User.
Datacollected through third parties, such as social networks and data received from surveys, are stored and processed at Amazon Web Services in a third country instead of the distributed storage. With accepting and using the Services, User gives explicit consent to Colendi to transfer the data to a third country.
Prescribed security measures from the country’s legislation are obeyed.
Data obtained by Colendi are used to provide credit scoring and microcredit services on the basis of financial and social scores. The scores are derived from the use of credit evaluation algorithms that are used to analyze User data. The algorithm also provides relevant measurements, artificial intelligence-based credit scores, etc. The data improve Colendi’s services, a r e applied to Colendi’s or other third-party advertising/marketing campaigns, provide promotions to Users, fulfill legal obligations, create User credibility scores via a rating engine, and create Colendi scorecards that contribute to Colendi’s functionality.
Besides, Colendi uses data to identify system problems and resolve them quickly. This is accomplished through the use of a User’s I.P. address, if necessary. I.P. addresses are also used to identify Users generally and to collect demographic information.
Colendi will not share User’s data to third parties that have not provided explicit consent of User.
Third parties and third-party vendors that provide promotions can only have access to the credit score of User. In addition, Colendi’s technology provide outsourcing services to providers, such as to microcredit lenders.
Colendi shall not be liable to you for any purpose that is related to satisfying t h e required services and development of those services. Explicit consent from the User for any related purposes are also not under Colendi’s liabilities. Finally, any purposes specified under the use of a third party are also exempted from Colendi’s liabilities.
Users can share their credit score and User Contact Data with third parties at their will via QR Code scan. However, Colendi will still have no access to User Contact Data even if a User shares his or her data via QR Code.
Colendi will be able to process and share User data with third parties in accordance with the Turkish Protection of Personal Data Act No. 6698 and within cases of exemptions in relevant legislation. Relevant legislation pieces are listed below:
The enactment of the law itself influences how Colendi processes the data.
A person failing to explain reasons due to actual impossibility or lack of legal validity within his or her discretion is obliged to protect his/her bodily integrity or the integrity of someone else.
It is necessary to process data when it is related to a contract to that establish operations or to
execute other contracts.
Colendi must fulfill its legal obligations.
User data becomes e available to the public domain in accordance with the law.
Data processing that is mandatory for the establishment, use, or protection of a right is essential.
It is imperative that Colendi processes data in accordance with its legitimate interests, so long as the data processing does not infringe on the fundamental rights and freedoms of its Users.
Pursuant to Law No. 6698, concerned Users can be referred to Colendi in the following ways;
To learn of whether personal data is processed or not;
To request information about personal data if it has been processed;
To learn about the purpose of processing personal data and whether they are used appropriately for their purposes;
To know the third parties to which personal data is being transferred to, within Turkey or abroad;
To correct mistakes from missing personal data or incorrectly processed data;
To request that personal data be deleted or destroyed within the framework of conditions stipulated in relevant legislation;
To request correction, deletion, and destruction to be done in accordance with relevant legislation with notification to the third party in question;
To object to a result that goes against himself/herself through analysis of the processed data in automated systems;
To claim damages in the event of an injury that resulted from t h e processing of personal data in violation of the law.
Users may send, in writing, their complaints and referrals in hard copy, or soft copy through a
registered email address with a secure electronic or mobile signature, or through an e-mail address previously registered with Colendi. Users can also make referrals to Colendi via other applications, so long as the purpose of that application is to write and send referrals. Users must draft their complaints/referrals within the scope of the following rights and ways:
A signature is required whenever a name and surname are on a document;
Nationality and Passport/ID Number (if you are a Turkish citizen, enclose your T.R. ID number instead);
The business address or the address for which settlement documents are to be sent;
If available, the email address, telephone number, and fax number for the referral should be enclosed;
The subject of the demand/referral/request must be enclosed.
Colendi shall notify its Users, in writing, of their reasons for accepting or rejecting a referral. The reply should be sent as soon as possible and no more than within thirty days from the date of a referral filing. Upon accepting a referral, Colendi shall inform the User accordingly of the accepted subject matter.
Users commit to this Policy to ensure that their information is complete, accurate, and updated. Any change in such information must be updated by the User. If the User fails to do so, Colendi will not have any liability for damages stemming from the changed information.
The rights that are granted to you as a data bearer under the GDPR, unless limited by applicable law, include the following:
The Right of Access: The right to access information that concerns you;
The Right to Amend: The right to change or update your data if it is incorrect or incomplete;
The Right to Erasure: The right to request deletion/anonymization of your account;
The Right to Restrict: The right to request a temporary or permanent suspension of a part or whole of your data;
The Right to Object: The right to object to the processing of your data at any time on the basis of particular circumstances;
The Right to Object (2): The right to object to the processing of your data for the purpose of direct marketing;
The Right of Data Portability: The right to request a copy of your data in electronic form, alongside the right to have that data in use with another party’s service;
The Right of Non-Compliance with Automatic Processing Systems: The right to refuse subjection
to an automatic decision-making system, including profiling if there is a legal or similar legal effect on the decision.
Colendi reserves the right to keep data collected during a statute of limitations period set forth in applicable legislation. This right is limited to extents necessary for Colendi to perform its services, follow collection purposes, maintain legal compliance, and execute administrative and judicial proceedings under dispute.
From the basis of blockchain structure even when the User deletes his/her account, the User Contact Data will be kept encrypted in blockchain system. Colendi will not have access to the unencrypted data after the account deleted. However, Users can always have access to his/her accounts.
Your erasable data shall be deleted, destroyed or anonymized upon your request or automatically by Colendi following the deletion of your account. Colendi reserves the right to select unilaterally the method regarding the destruction of data.
Colendi will preserve the collected data for the purpose of using it for product improvement purposes and will not use or transfer it to third parties except for the purposes stated in this Policy. User Contact Data is stored as encrypted in blockchain system; therefore only the User will have access the unencrypted data.
With this bet, Colendi will make data exchanges that will be performed by the service as encrypted through HTTPS. Personalized data belonging to Users are stored by means of advanced encryption methods, some of which are accessible only to Users and some of which are accessible to both Users and Colendi. Access to systems with sensitive personal data will only be provided from certain IPs using the VPN system. By anonymizing data collected by Colendi, Colendi can process these data for the purposes of; average usage of credits under a loan from the system, determination of the countries with the most loans, and determination of the distribution of loan repayment rates by age ranges.
Colendi does not bear any responsibility for the privacy policies and content of the applications for links given to other applications through the Site.
Colendi shall not disclose to the other party the data it obtains from the Users that it collects in violation of the provisions of this Policy and the relevant legislation and shall take the necessary technical and administrative measures to ensure the appropriate level of security in order to ensure the confidentiality of the data it collects; unauthorized access will not be allowed. However, please note that no system is 100% secure.
If Colendi finds a violation related to the security system, it may try to inform you electronically by sending a notification to support@colendi.com or by sending you an email. If you have any problems with data security, you can contact us via support@colendi.com.
Changes to the Policy
Colendi may change this Policy from time to time. You can check that when we lastly update the Policy from the "last updated" section. The Policy provisions amended by Colendi shall enter into force on the date of publication. In addition, Colendi will notify you in advance of any important changes that may be made by showing you a specific notice in accordance with the conditions or by sending you an e-mail. For this reason, please be sure about reading all such notices carefully.
Children's Privacy
Colendi is not intended for children under 16 years old. However, in some countries tighter age limits may
apply under local law.
We are deliberately unaccompanied by children under the age of 16 or under the current age limit. If you are under 16 please do not use Colendi Services and do not give us your personal data. If you are a parent of a child under the age of 16 and you notice that your child has given the data to Colendi, please contact us at support@colendi.com.
We will take reasonable steps to erase data if we notice that we have collected the data of a child under 16.
Contact
If you have any questions about this Policy, you can contact our Data Protection Officer by typing in the address given below.