CibusyI. INTRODUCTION
The General Data Protection Regulation (GDPR) and data protection legislation regulate the definition of personal data, obligations for its protection and processing conditions.
This Policy regulates the obligations and practices regarding personal data processed within the scope of all mobile applications, websites, restaurant management systems and desktop software services ("Cibusy Platforms") provided by Cibusy.
Personal data is processed in accordance with applicable legislation; necessary administrative and technical measures are taken.
II. PERSONAL DATA PROCESSING
1. Types of Personal Data Processed
Personal data processed by Cibusy includes:
- Full Name
- Phone Number
- Email Address
- Location Information
- Device Information
- IP Address
- Reservation and Order Information
- Payment Information
- Profile Photo
- Messaging Content
- Employee Shift, Leave, Schedule and Performance Information
2. Processing Purposes
Personal data is processed for the following purposes:
- Provision of Cibusy services and user account management
- Operation of reservation and ordering systems
- Operation of payment infrastructure
- Management of employee work processes and attendance records
- Provision of user support services
- Ensuring system security, backup and data security
- Fulfilling legal obligations
- Conducting audit and reporting activities
- Making performance and operational improvements
3. Processing Principles
Personal data is processed:
- In accordance with law and rules of honesty
- Accurately and up-to-date
- For specific, explicit and legitimate purposes
- Limited and proportionate to the purpose
- For the period specified in legislation
and stored accordingly.
III. TRANSFER OF PERSONAL DATA
1. Transfer Principles
Personal data may only be transferred to third parties under the conditions specified in this policy and applicable law. Necessary technical and administrative security measures are taken during transfer.
2. International Transfer
Due to cloud infrastructures used within the scope of Cibusy service provision, personal data may be transferred abroad for the purpose of carrying out the service. This transfer is carried out by taking necessary technical and administrative measures in accordance with data protection regulations.
3. Third Parties to Which Transfer May Be Made
- Cloud infrastructure service providers
- Third-party service providers
- Payment infrastructure service providers
- Authorized public institutions and organizations
- Business partners and service providers
IV. DATA SECURITY MEASURES
Cibusy takes necessary technical and administrative measures to ensure the security of processed personal data, including:
- Access controls
- Encryption and secure storage methods
- Network and system security
- Backup systems
- Employee confidentiality agreements and training
- Audit and reporting mechanisms
V. DATA SUBJECT RIGHTS
In accordance with data protection regulations, data subjects have the right to:
- Learn whether their personal data is being processed
- Request information if processed
- Learn the purpose of processing and whether it is used appropriately
- Know the third parties to which it is transferred
- Request correction, deletion or destruction
- Request restriction of processing
- Object to processing
- Request compensation in case of damage
VI. RETENTION PERIODS
Personal data is retained during the use of Cibusy services and for the periods specified in relevant legislation. If no specific period is specified in legislation, it is retained for a reasonable period related to the activity and then deleted, destroyed or anonymized.
VII. APPLICATION AND CONTACT
Data subjects may submit their requests under data protection regulations to:
Applications will be responded to within 30 days at the latest.
Effective Date
This Policy enters into force on the date of publication. Cibusy may make updates and publish them when deemed necessary.