IFE Logo

Privacy Policy

This Personal Data Protection Disclosure Statement is issued by İFE İstanbul Finans Enstitüsü Eğitim ve Danışmanlık Hizmetleri A.Ş. (“Company” or “IFE” or “Istanbul Institute of Finance”) in its capacity as data controller, in order to inform you, our valued customers and website users, about the collection, processing, and transfer of your personal data, and your rights under the Law No. 6698 on the Protection of Personal Data (“Law”).

For more detailed information, you may also review our Policy on the Processing and Protection of Personal Data (available on our website).

Personal Data We Process

We process the following categories of personal data in the context of our online training services

  • Identity Information: Name, surname; Turkish Identification Number, and (if applicable) Tax Identification Number[5].
  • Contact Information: Email address; telephone numbers (mobile/landline); and other contact details; residential or workplace address.
  • Customer Transaction Data: Details of orders and training services purchased; any requests or complaints you submit; and records of your service usage.
  • Visual/Audio Recordings: Audio and video recordings from your participation in online trainings (for example, recordings of virtual classes or webinars).
  • Web Usage & Security Data: Technical data such as website login/logout logs, IP address, browser type/version, and cookies or similar tracking data collected during your website visits.
  • Financial Information: Financial data necessary for payment processing, such as bank account number, IBAN, and billing information.

Purposes of Processing Personal Data

We process your personal data only for specific and lawful purposes, including but not limited to the following:

  • Service Delivery & Operations: To carry out the sale, provision, and operational management of our online training services. This includes processing data to register you for courses, provide access to our e-learning platform, and ensure the services are delivered as promised.
  • Customer Relations & Support: To provide after-sale support for training services; manage customer relationships; and conduct customer satisfaction activities such as obtaining feedback and resolving complaints.
  • Contractual and Legal Compliance: To execute and manage service contracts with you; perform accounting, finance, and invoicing processes; and fulfill our legal obligations under applicable laws and regulations.
  • Marketing & Communication (with Consent): To conduct marketing and loyalty activities related to our products/services; inform you about new services, promotions or campaigns – these will only be done where permitted by law or with your explicit consent.
  • Security and Audit: To ensure the security of our operations and website (e.g., maintaining log records, preventing fraud); to conduct internal business audits; and to provide information to authorized authorities when legally required.
  • Request Tracking: To track, evaluate, and respond to any requests or complaints you submit regarding our services.

Methods of Collecting Personal Data

We collect your personal data through multiple channels by automated or non-automated means

  • Direct Interactions: Information you provide to us directly via our website forms (e.g., registration, contact or application forms), email communications, telephone calls, or in-person interactions.
  • Digital Platforms: Our website, online training platform, and mobile applications, including data collected automatically through cookies and similar technologies during your interactions with these platforms.
  • Physical Media: Paper forms and contracts you fill out; documents sent via mail/cargo; or information obtained during face-to-face meetings or through business cards exchanged.
  • Third Parties: We may receive data from third parties such as business partners, corporate clients purchasing training on behalf of their employees, or payment service providers, in accordance with legal provisions and after ensuring you have been informed (where required).

Legal Bases for Processing Personal Data

Our processing of your personal data is carried out in accordance with the conditions set forth in Articles 5 and 6 of the Law No. 6698. In practice, we rely on one or more of the following legal grounds:

  • Performance of a Contract: Where processing is necessary to enter into or perform our contract with you (Law 6698 Art.5/2(c)). For example, using your identity and contact details to register you for a course and provide the service you requested.
  • Compliance with Legal Obligations: Where we must process data to comply with a legal obligation (Art.5/2(ç)), such as maintaining transaction records for tax and accounting regulations or providing information to authorities when legally required.
  • Legitimate Interests: Where processing is necessary for the legitimate interests of our Company (Art.5/2(f)), provided that your fundamental rights and freedoms are not harmed. For instance, using certain analytics data to improve service quality or ensuring IT and platform security can be based on our legitimate interests.
  • Establishment, Exercise or Protection of a Right: Where processing is necessary for the establishment, exercise, or defense of legal claims (Art.5/2(e)). For example, retaining certain transaction records to defend against potential legal disputes.
  • Explicit Consent: In cases where none of the above legal grounds apply or where the law specifically requires it, we will obtain yourexplicit consent (Art.5/1) before processing your data. For instance, if we intend to send you electronic commercial communications (marketing emails/SMS) or record your image during an online training when not otherwise legally permitted, we will seek your consent for such processing.

For any sensitive (special category) personal data (if ever collected, such as health information or biometric data), we will process such data in accordance with Article 6 of the Law – either based on your explicit consent or under strictly regulated exceptional circumstances permitted by law.

Transfer of Personal Data

We may share or transfer your personal data to third parties, within the scope of the purposes mentioned above, and in compliance with the conditions in Articles 8 and 9 of the Law:

  • Affiliates and Business Partners: If necessary for the provision or marketing of our services, we may share data with our domestic or international business partners, affiliates, or program collaborators (for example, a partner institution co-organizing a training program).
  • Service Providers: We transfer data to third-party service providers who perform functions on our behalf, such as information technology support, payment processing, accounting, legal counsel, or consultancy services. These providers are given access only to the data necessary for them to perform their services and are bound by confidentiality and data security obligations.
  • Authorized Public Authorities: Where required by law, we may disclose personal data to courts, regulatory bodies, the Personal Data Protection Authority, or other authorized public institutions and organizations upon their lawful request or as part of our legal compliance (e.g., tax audits, law enforcement requests).
  • Internal and Group Sharing: Within the Company and with any parent, subsidiary, or affiliated companies (if any), personal data may be shared on a need-to-know basis to carry out the administrative and management operations, subject to the same data protection principles.

If it becomes necessary to transfer your personal data abroad (e.g., using cloud services or servers located outside Turkey), we will ensure that the recipient country provides sufficient data protection or obtain the necessary permissions and/or your explicit consent as required under Article 9 of the Law. We will take all required measures to protect your data in such cross-border transfers.

Data Retention Period

We will retain your personal data for no longer than is necessary for the purposes for which it is processed or as required by applicable laws. Specifically, personal data will be stored for the duration of your relationship with us and thereafter for the period required by relevant legislation (for instance, data in financial records may be kept for the legally mandated retention periods) or for as long as needed to protect our legal rights.

When the processing purpose is fulfilled or no longer applicable, and/or after the expiration of the statutory retention periods, your personal data will be safely deleted, destroyed, or anonymized. We conduct periodic reviews of the data we hold, and if we determine that certain data is out-of-date or no longer necessary, we securely dispose of it without waiting for the scheduled retention period to end.

Your Rights under KVKK

Pursuant to Article 11 of the Law, as a data subject you have the following rights regarding your personal data:

  • Right to Be Informed: To learn whether or not your personal data has been processed, and to request information regarding such processing.
  • Right to Access: To learn the purpose of processing your personal data and whether your data is being used in line with that purpose, and to know the third parties (in Turkey or abroad) to whom your personal data has been transferred.
  • Right to Rectification: To request the correction of your personal data if it is incomplete or inaccurate, and to ask that third parties to whom the data has been transferred are informed about the correction.
  • Right to Erasure/Destruction: To request the deletion or destruction of your personal data if the reasons for processing no longer exist,even if it has been processed in accordance with the law, and to request notification of this to third parties to whom the data was transferred.
  • Right to Object to Automated Decisions: To object to any result that is to your detriment, arising from the analysis of your personal data exclusively by automated systems.
  • Right to Claim Damages: If you incur losses due to unlawful processing of your personal data, to request compensation for the damage.

You may exercise your rights by contacting us through the designated channels. For ease of process, you can send us your requests by filling out the “Data Subject Application Form” available on our website (if provided). You can submit this form to us through written application or other methods specified by the Personal Data Protection Authority (such as via registered email to our KEP address or through secure electronic signature).

Your applications will be resolved free of charge within 30 days at the latest, depending on the nature of your request. However, if the action you request incurs an additional cost, we may charge you a fee in the amount determined by the Personal Data Protection Board’s tariff for such cases.

We are committed to safeguarding your personal data. We implement necessary technical and organizational measures to protect data against unauthorized access, loss, or alteration, in compliance with KVKK and related regulations. This Information Notice has been issued to fulfill our obligation to inform data subjects. If you have any questions or requests regarding your personal data, please do not hesitate to contact us.

Data Controller Contact Information: İFE İstanbul Finans Enstitüsü Eğitim ve Danışmanlık Hizmetleri A.Ş. – Address: Küçük Çamlıca, Libadiye Caddesi, Öznur Sokak No: 7, Üsküdar 34696 Istanbul, Türkiye. (Additional contact details will be provided on our official website.)