Brotek Teknoloji A.Ş., established and existing in accordance with the laws of the Republic of Turkey, headquartered at Esentepe Mah. Büyükdere Cad. No:175/7 Kat:B4 34360 Şişli/ISTANBUL, together with its subsidiaries and affiliates (“COENSIO”, “Company” or “we”), values the protection and respect of your privacy.
This privacy policy (“Privacy Policy”) explains how data that identifies you or can be associated with you (“Personal Data”) is collected, used, shared, and protected, including the services provided through our website coens.io (“Platform”) as defined in the “Terms of Use,” as well as your choices regarding the collection and use of such data.
COENSIO is a technology company using machine learning technologies to provide candidate pre-assessment services for recruitment specialists, human resources professionals, and managers. COENSIO operates an assessment platform where employers and clients (“Clients”) can direct employees and candidates (“Test Participants”) to skills, personality, and aptitude tests via the Platform. This Privacy Policy applies to all visitors, users, and other persons (“Users”) who access or use the Platform.
Before accessing or using the Platform, please ensure that you have read and understood this Privacy Policy. This Privacy Policy may be updated at any time by notifying you via email or by posting an announcement on the website. Unless stated otherwise, changes take effect on the date specified in the announcement. It is the User’s responsibility to follow the current version. This Privacy Policy was last updated on 01.04.2026.
a) Log File Information: When you visit the Platform, we collect information sent by your browser. This may include your IP address, browser type and version, pages visited on the Platform, date and time of your visit, time spent on those pages, and similar statistics.
b) Analytics Services (Non-Personal Data): We use third-party analytics tools to help measure traffic and usage trends on the Platform. These tools collect information sent from your device or our Platform, including web pages visited, plugins, and other information that helps us improve the Platform. These tools use cookies placed on your device to anonymously collect your log information and behavioral data. This analytics data is collected and used together with data from other Users in a manner that does not reasonably allow the identification of any individual User. Specifically for Google Analytics, while Google Analytics may place a persistent cookie on your browser for identification purposes, this cookie can only be used by Google. The use and sharing of data collected through Google Analytics are restricted by the Google Analytics Terms of Service and Google Privacy Policy. You can disable cookies to prevent Google Analytics from recognizing you on future visits.
i) DoubleClick Cookie: Google uses cookies as a third-party provider to deliver ads on the Platform. The DoubleClick cookie enables the serving of ads based on visits to the Platform or other websites. You can opt out of interest-based ads via Google Ads Settings.
ii) Remarketing: Remarketing services are used to deliver ads on third-party websites after you visit the Platform.
iii) Google: Google Ads remarketing services are provided by Google Inc. You can disable Google Analytics Display Advertising features and customize Google Display Network ads through the Google Ads Settings page. Google also recommends installing the Google Analytics Opt-out Browser Add-on to prevent Google Analytics from collecting and using your data. For more information about Google’s privacy practices, visit the Google Privacy & Terms webpage.
• Identity data: Name, surname, parents’ names, mother’s maiden name, date and place of birth, gender, marital status, nationality, ID card series and number, Turkish ID number, etc.
• Contact and location data: Email address, physical address, mobile phone number, registered electronic mail (KEP) address, address number, location information, etc.
• Education data: Educational background, diplomas and certificates, areas of expertise, foreign language skills, trainings and courses attended, computer literacy, exam information, etc.
• Employment and personnel data: Total professional experience, employment status, job title and position information, work history (company names, durations, job descriptions), resumes, employment documents, payroll information, performance evaluation reports, disciplinary records, department, division, and representation authority, etc.
• Special categories of personal data: If provided or obtained via screen recording or camera; race, ethnicity, political opinions, philosophical beliefs, religion, denomination or other beliefs, clothing style, association/foundation/union membership, health information (disability status, blood type, personal health information, medical device or prosthesis used, etc.), sexual life, criminal convictions and security measures, biometric and genetic data, etc.
• Visual and audio data: Short-term screen recordings if leaving full-screen mode or switching tabs/apps during assessments, and photo/video recordings of candidates if the camera is on during the assessment process.
• Behavioral data: Tab switches, screen changes, return times to assessment screens, test responses, and similar usage data during sessions.
• Report data: Written reports summarizing candidate behavior during the assessment process, produced through AI analysis of screen recordings.
• Client transaction data: Service purchase and contract information, call center records, billing and payment records, invoices, checks, promissory notes, receipts, orders, and requests, etc.
• Financial data: Bank account information, tax number, receivable and payable balances, invoices, checks, promissory notes, etc.
• Transaction security data: IP address, website and platform login/logout records, user logs, passwords, etc.
• Legal transaction data: Information contained in correspondence with judicial and administrative authorities, information related to lawsuits and enforcement files, etc.
• Marketing data: Shopping history, survey data, cookie records, information obtained through campaigns and promotional activities, etc.
We use your personal data to provide and support the services offered on our Platform in the following ways:
a) Service provision: For conducting and managing tests you booked, participated in, or developed;
b) Communication: To inform you about the Platform via email, newsletters, and other messages. You can unsubscribe from some or all of these communications through the opt-out link in the messages. Your personal data is also used to evaluate and respond to requests, questions, and complaints you submit regarding the Platform;
c) Website monitoring: To ensure appropriate use of the Platform and other technological services and to optimize functionality;
d) Platform improvement: To develop, test, and monitor the effectiveness of the Platform and identify or resolve technical issues;
e) Supplier management: To manage suppliers providing services to us;
f) Ease of access: To allow quick and effective access to your information after logging in and to avoid re-entering information during or in your next visit;
g) Statistics: To monitor metrics such as total visitors, traffic, demographic trends, and test results trends in an anonymized and aggregated manner;
h) Development: To develop and test new products and features;
i) Benchmarking: To provide benchmarking data to clients and improve services using anonymized and aggregated test scores and demographic data.
Your personal data is processed for the following reasons:
a) With your explicit consent;
b) Necessity for the performance or establishment of a contract, directly related to the contract;
c) Necessary for the legitimate interests of us or a third party, provided it does not harm your fundamental rights and freedoms.
Your personal data may be shared with the following individuals and organizations:
Employer Clients: Data related to test participants may be shared with the employer clients requesting the test. However, screen captures and short-term screen videos are not directly shared with employers. These records are analyzed by the AI system, and only the summary report is shared with the employer client conducting the assessment. Your personal data is never rented or sold to third parties.
Test results: Information related to test participants is shared with the clients administering the test.
Suppliers: Shared with suppliers supporting our operations, including IT and communication suppliers, outsourced business support services, business intelligence, marketing and advertising agencies, and backup service providers. Suppliers are obligated to meet certain information security standards, and data is only shared within the scope of their tasks.
Change of control: In case COENSIO or its assets are sold or transferred to another entity (e.g., merger, acquisition, bankruptcy, dissolution, or liquidation), personal data collected via the Platform may be transferred among the assets. The acquiring party must comply with the commitments provided under this Privacy Policy.
Legal claims and prevention of harm: We may access, store, and share your personal data in good faith when required by legal claims (search warrants, court orders, etc.) or to comply with legal obligations. Additionally, we may access, store, and share your data (i) to detect, prevent, and combat fraud and other illegal activities, and (ii) to protect ourselves, you, and third parties during investigations. Information obtained may be accessed, processed, and retained for long periods if necessary for legal claims, official investigations, examination of violations of our terms or policies, or preventing harm.
COENSIO has taken appropriate technical and administrative measures using the latest technologies to protect your personal data against loss or unlawful processing. Various security measures are implemented to ensure the safety of information collected through the Platform, including steps to verify your identity before accessing your account (e.g., requesting a unique password). However, we cannot fully guarantee the security of information you provide or that information on the Platform will not be subject to unauthorized access, disclosure, alteration, or destruction. You are responsible for protecting the confidentiality of your password and account information and controlling access to email communications with us. COENSIO is not responsible for the functionality, privacy practices, or security measures of other organizations.
Under Article 11 of Law No. 6698 on the Protection of Personal Data, you can exercise the following rights by applying to us:
• Learn whether your personal data is processed and request information if it has been processed;
• Learn the purpose of processing your personal data and whether it is used in accordance with that purpose;
• Learn the third parties to whom your personal data is transferred domestically or internationally;
• Request correction of incomplete or inaccurate personal data and notify third parties to whom the data has been transferred;
• Request deletion, destruction, or anonymization of personal data in accordance with Article 7 of KVKK and notify third parties to whom the data has been transferred;
• Object to results arising solely from automated system analyses;
• Request compensation for damages due to unlawful processing of personal data.
Your personal data is also protected under the GDPR. In cases where GDPR applies (i.e., for European Union citizens or individuals residing in EU countries), Data Subjects may exercise the following rights:
• The right to obtain confirmation as to whether or not personal data concerning them is being processed, and, where that is the case, access to the personal data (Right of Access, GDPR Article 15),
• The right to request the rectification of inaccurate or incomplete personal data (Right to Rectification, GDPR Article 16),
• The right to request the erasure of personal data where the conditions set out in GDPR Article 17 are met (Right to Erasure, GDPR Article 17),
• The right to request the restriction of processing of personal data; for example, where the accuracy of the data is contested or processing is unlawful, to limit the use of the data (Right to Restriction of Processing, GDPR Article 18),
• The right to object to the processing of personal data (Right to Object, GDPR Article 21),
• Where technically feasible, the right to request that personal data held by COENSIO be transferred to another data controller (Right to Data Portability, GDPR Article 20).
We are not responsible for the information or content on any applications, websites, or services linked to or linking to our Platform. When using a link directing to another application, website, or service, this Privacy Policy does not apply to the third-party application, website, or service. Your navigation and interactions with third-party applications, websites, or services are subject to their own rules and policies. You acknowledge that we have no control over and are not responsible for any third parties with access to your account. Any actions taken and permissions granted to third parties are your responsibility.
We retain your personal data for as long as necessary to provide the services on our Platform. However, your data may need to be retained to comply with legal, accounting, or regulatory obligations.
Photo/video recordings and screen recordings taken during assessments are stored for 6 months.
Written reports generated from analyses can be retained as long as necessary for employer access.
Other personal data may be kept for 1–10 years to fulfill contractual obligations, conduct assessment processes, or comply with audit requirements.
Upon expiration of the retention period, data is deleted, destroyed, or anonymized.
Your personal data is stored on domestic and/or international servers for the purpose of providing data storage and hosting services. These data are protected in accordance with applicable local data protection legislation.
Within this scope, your personal data may be shared with IT infrastructure service providers, cloud computing and data hosting service providers located domestically and/or abroad, for the purpose of ensuring data storage and hosting services.
Your personal data may be transferred to and stored on servers located in states, provinces, countries, or other jurisdictions where data protection legislation may differ from that of your country. By choosing to provide information to us, you are deemed to have consented to the transfer of your personal data to these domestic and/or international technical service providers.
