Brotek Teknoloji A.Ş., a company duly incorporated and existing under the laws of the Republic of Türkiye, with its registered office at Esentepe Mah. Büyükdere Cad. No:175/7 Kat:B4 34360 Şişli/İstanbul, together with its affiliates and subsidiaries (collectively referred to as “COENSIO”, the “Company” or “we”), processes your personal data in its capacity as a data controller in accordance with the Personal Data Protection Law No. 6698 (“Kişisel Verilerin Korunması Kanunu” or “KVKK”).
In the course of the assessment conducted via our platform, brief screen recordings may be captured where you exit full-screen mode or switch to another tab or application. During such recordings, certain personal data relating to you may be accessed. This Privacy Notice (the “Notice”) explains how personal data that identifies you or may be associated with you (“Personal Data”) is collected, used, disclosed, and safeguarded in connection with the services provided through our website, coens.io (the “Platform”).
The Personal Data that may be processed during the assessment process includes the following:
• Identity data: Name, surname, parents’ names, mother’s maiden name, date and place of birth, gender, marital status, nationality, ID card details, Turkish ID number, etc.
• Contact and location data: Email address, residential address, mobile phone number, registered electronic mail (KEP) address, address number, etc.
• Special categories of personal data: Where voluntarily disclosed by you or incidentally captured via screen recordings or camera footage; data relating to your race, ethnic origin, political opinions, philosophical beliefs, religion or other beliefs, attire, association/foundation/union membership, health data, sexual life, criminal convictions and security measures, as well as biometric and genetic data, including health-related information (e.g. disability status, blood type, medical devices or prosthetics), and location data.
• Education data: Educational background, diplomas and certifications, areas of expertise, foreign language proficiency, skills, courses and seminars attended, computer literacy, examination records.
• Employment and personnel data: Professional experience, employment status and title, employment history (including employer names, duration, and job descriptions), payroll data, disciplinary records, onboarding documentation, asset declarations, CV information, performance evaluation records.
• Legal transaction data: Information contained in correspondence with judicial or administrative authorities and data included in case files.
• Visual and audio data: Screen recordings captured upon exiting full-screen mode or switching tabs/applications; photographs and/or video recordings where the camera is enabled during the assessment.
• Behavioral data: Data relating to user activity during the session, including tab switching, screen transitions, return times, and responses provided during the assessment.
• Report data: Analytical reports generated by artificial intelligence systems summarizing candidate behavior during the assessment.
• Customer transaction data: Call center records, invoices, promissory notes, checks, transaction receipts, and request/order information.
• Security data: IP address, login/logout records, authentication credentials such as passwords.
• Marketing data: Survey responses, cookie data, campaign-related data, and similar information.
Your Personal Data is collected through the following means:
• Information you provide to us in physical and/or electronic environments, as well as data, audio, and visual inputs you submit via our Platform;
• Assessment results collected based on tests provided to you by the relevant employer or evaluating entity;
• Cookies and similar technologies used on our Platform, as detailed in our Cookie Policy, within the scope of our legitimate interests in improving services and user experience;
• During online assessments conducted via the Platform, including:
o Recording of up to 10 seconds when exiting full-screen mode,
o Recording of up to 60 seconds when switching tabs or applications,
o Recording of photographs and/or video footage where the camera is enabled.
Your Personal Data is processed for the following purposes:
• Compliance with legal and regulatory obligations;
• Providing information to authorized public institutions and organizations;
• Conducting and managing legal processes;
• Administration, execution, and improvement of assessment processes;
• Prevention of cheating, fraud, or misconduct during assessments;
• Behavioral analysis through artificial intelligence tools;
• Generation and sharing of assessment reports with the relevant employer;
• Ensuring the security of the Platform and maintaining the integrity of examination processes;
• Monitoring whether the Platform and our other technological services are used appropriately and optimizing their functionality;
• Improving test, and monitoring the effectiveness of the Platform, and identifying or resolving technical issues;
• Monitoring metrics such as total number of visitors, traffic, demographic trends, and trends in test results in an anonymized and aggregated manner;
• Safeguarding our legitimate interests by improving and enhancing the Platform through the use of cookies on our website, as explained in our Cookie Policy.
Your personal data is transferred in accordance with the data processing conditions and purposes set out in Articles 5 and 6 of the KVKK.
• The screen recordings will not be shared directly with the company conducting the evaluation/employer. These recordings will be analyzed by an artificial intelligence system, and a written report summarizing the actions you performed throughout the session will be prepared based on the analysis. Only this written report will be provided to the company conducting the evaluation.
• In the event that the camera is enabled the evaluation process, the visual data belonging to you (photos and/or video recordings) will be shared with the employer.
• The screen recordings and collected personal data may be shared with domestic or international technical service providers for the purposes of data storage, hosting, and the provision of artificial intelligence analysis services. In this context, personal data may be transferred to information technology infrastructure service providers, cloud computing and data hosting service providers, and third-party service providers offering AI analysis services. In cases where your personal data is transferred abroad, such transfers will be made to countries that provide adequate protection in accordance with Article 9 of the KVKK, or, if adequate protection is not available, appropriate safeguards as determined by the Authority will be implemented.
• In the scope of fulfilling our obligations arising from legislation, your personal data may be shared with authorized public institutions and organizations upon their request.
• All of your personal data, including sensitive personal data, may be transferred to our lawyers or legal advisors in order to exercise our right of defense in any dispute.
• Screen recordings and visual data obtained via camera are retained for a period of 6 months and are securely deleted upon the expiry of this period.
• Written reports generated as a result of the analysis may be retained for the period necessary to ensure access by the relevant employer.
• Other Personal Data is retained for the periods specified below for the purposes of conducting assessment processes and fulfilling audit obligations, and is subsequently deleted, destroyed, or anonymized upon the expiry of such periods:
o Identity, contact, personnel, legal transaction, customer transaction, transaction security, risk management, financial, professional experience, and marketing data are retained for a period of 10 years for the purposes of complying with legal obligations, resolving potential disputes, and safeguarding the legitimate interests of the Company.
o Location data is retained for the duration of the contractual relationship with the relevant data subject group and is deleted, destroyed, or anonymized upon termination of such relationship.
o Data relating to physical premises security, such as CCTV recordings and visitor entry/exit logs, is retained for 1 year and securely destroyed thereafter.
o Visual and audio recordings are retained for a maximum period of 3 years and are subsequently deleted or anonymized.
o Among special categories of personal data, health data is retained for 10 years for the purposes of complying with legal obligations and managing occupational health and safety processes. Personal data relating to criminal convictions and security measures is retained for the periods prescribed under applicable legislation and is securely destroyed upon expiry of such periods.
Your Personal Data is processed in accordance with Articles 5 and 6 of the KVKK based on the following legal grounds:
• Explicit consent (based on the Explicit Consent Form regarding the processing of personal data to be obtained from you prior to the commencement of the assessment),
• Performance of the contract (for the provision of the assessment services conducted via the Platform),
• Legitimate interests of the Company (such as the management of business processes, service improvement, and understanding user needs, provided that such interests do not override your fundamental rights and freedoms).
Pursuant to Article 11 of the KVKK, you may exercise the following rights by applying to us:
• To learn whether your Personal Data is being processed and to request information if it has been processed,
• To learn the purposes of the processing of your Personal Data and whether such data is used in accordance with those purposes,
• To learn the third parties to whom your Personal Data is transferred domestically or abroad,
• To request the rectification of incomplete or inaccurate Personal Data and to request that such corrections be notified to third parties to whom the Personal Data has been transferred,
• To request the deletion, destruction, or anonymization of your Personal Data within the framework of the conditions set forth under Article 7 of the KVKK, and to request that such actions be notified to third parties to whom the Personal Data has been transferred,
• To object to the occurrence of a result to your detriment arising from the analysis of your Personal Data exclusively through automated systems,
• To request compensation for damages in the event that you suffer damage due to the unlawful processing of your Personal Data.
As a Data Subject, your Personal Data is also protected under the GDPR. In cases where the GDPR is applicable (e.g., for European Union citizens or individuals residing in the European Union), Data Subjects may exercise the following rights:
• To obtain confirmation as to whether or not Personal Data concerning them is being processed, and, where that is the case, access to such data (Right of Access, Article 15),
• To request the rectification of inaccurate or incomplete Personal Data (Right to Rectification, Article 16),
• To request the erasure of Personal Data where the conditions set out under Article 17 of the GDPR are met (Right to Erasure, Article 17),
• To request the restriction of processing, for example where the accuracy of the data is contested or the processing is unlawful (Right to Restriction of Processing, Article 18),
• To object to the processing of Personal Data (Right to Object, Article 21),
• Where technically feasible, to request the transfer of Personal Data held by COENSIO to another data controller (Right to Data Portability, Article 20).
You may submit your requests regarding the processing of your Personal Data through the Application Form to the Data Controller in writing, via registered electronic mail (KEP), secure electronic signature, mobile signature, or through your email address registered in the COENSIO system.
In order to verify that the request has been made by you and to ensure the secure protection of your rights, we may carry out additional verification procedures where necessary (e.g., sending a message to your registered phone number or contacting you directly).
For further information, opinions, and suggestions regarding the agreement, please contact us via contact@coens.io email address.
Data Controller:
Brotek Teknoloji A.Ş. (COENSIO)
Address: Esentepe Mah. Büyükdere Cad. No:175/7 Kat:B4 34360 Şişli/İSTANBUL
E-mail: contact@coens.io
KEP Address: brotekteknoloji@hs01.kep.tr
Website: https://coens.io
