Bandwidth Privacy Notice – Voxbone Turkey
Effective Date: March 17, 2023
Who we are
Hello there and welcome to the Voxbone Turkey Privacy Notice! This Notice applies to Voxbone Telekomünikasyon ve İletişim Ticaret Limited Şirketi (“Voxbone Turkey”) part of Bandwidth group of companies, which provides electronic communications services in Turkey. We are a cloud-based communications provider for enterprises. Our global solutions include a broad range of software APIs for voice and text functionality, as well as our own IP voice network. A reference to “Voxbone,” is a reference to Voxbone Telekomünikasyon ve İletişim Ticaret Limited Şirketi (“Voxbone Turkey”). For online platforms, websites managed at group level as well as services you may purchase from our other group companies except for electronic communication services in Turkey, Bandwidth and any of its relevant affiliates may also be considered as a data controller. Please also refer to the global Bandwidth’s Privacy Notice HERE.
As used in this Privacy Notice, “personal data” means any information that relates to, describes, or could be used to identify an individual, directly or indirectly. This does not include anonymous or de-identified data, which does not relate to an identified or identifiable natural person or cannot be linked to or identify an individual.
This Privacy Notice applies to personal data collected by Voxbone Turkey through the bandwidth.com website, voxbone.com website and during establishment and performance of a subscription. This Privacy Notice does not cover handling of your personal data as an employee, intern, consultant, contractor or applicant of Voxbone Turkey and does not cover any information collected by third-party sites or content or applications that may link to or be accessible from or on our websites.
Please read this Privacy Notice carefully to understand how we collect and process personal data.
Personal data that we collect
- Identifiers, your full name, address, email, company name, company website, telephone number, caller ID information, unique personal identifier, online identifier, Internet Protocol (“IP”) address, proof of address and ID of end users (where there is a regulatory requirement).
- Account Payment Information, your credit/debit card number, signature, bank wire transfer information.
- Commercial Information, records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet or Similar Network Activity, your browsing and search history, information on your interaction with our websites and advertisements, information about the communications delivered via our platform.
- Metadata, information about the communications delivered via our platform such as source and destination information, IP address, completion status, time and duration of use.
- Geolocation Data, when you use our products or services, such as source and destination information about the communications delivered, via the Voxbone Turkey products or services.
- Cookies and Other Technologies, website cookies and similar technologies to distinguish you from other visitors and compile information about the usage of our websites. For further information, please see “Cookies and other tracking technologies”. Please also refer to our Global Privacy HERE.
- Sensory Data, your interactions with our sales and customer support teams may be recorded for quality assurance, training, and analysis purposes (subject to your consent if required by applicable law). When you use our global products or services, it may include text-to-speech transcriptions, DTMF tones, media in your voice calls and text messages. For such services, please refer to our global Privacy Notice HERE.
How we collect your personal data
We use different methods to collect personal data from and about you including through:
- Direct interactions. You may give us information about you by filling in forms, engaging in chat on our website, accessing or utilizing any of our websites, opening an account with us, requesting support, subscribing to our newsletters, requesting information or materials (e.g. whitepapers), registering for events or webinars, visiting our booth at a trade show or other event, participating in surveys or evaluations, accessing or utilizing any of our websites, submitting questions or comments, or by corresponding with us by phone, email, video, or otherwise.
- Automated technologies or interactions. As you interact with our websites, we may automatically collect technical data about your equipment, browsing actions, and patterns as specified above. See “Cookies and other tracking technologies.”
- Third parties or publicly available sources. We may receive information about you if you visit other websites employing our cookies or from third parties including, for example, advertising networks, analytics providers, or through publicly available data, such as social media (like LinkedIn, Facebook, and others) and websites.
- Indirectly. As a service provider in the course of providing voice and messaging communications services.
How we use your personal data
We may use the personal data we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information and to provide our products and services in accordance with Article 5/2(c) of the Turkish Personal Data Protection Law No. 6698:
- To respond to your inquiry about our products and services, including to investigate and address your concerns and monitor and improve our responses.
- To enable our customers and end users to send and receive communications via our platform and to bill for those services.
- To allow you to interact with our systems, including our websites.
- To create, maintain, customize and secure your account with us.
- To process your requests, purchases, transactions and payments.
- To bill, collect, and remit taxes, fees and surcharges to the appropriate jurisdictions.
- To maintain the safety, security and integrity of our website, services, databases and other technology assets and business.
- For testing, research, development, and analysis in connection with mitigation of fraud and spam (as applicable per specific product offering), unlawful or abusive activity, or violations of our Acceptable Use Policy; perform quality control; gauge routing effectiveness and deliverability and product development.
- If you have elected to have your name, address, and telephone number published in directories, we may share such information with directory publishers (who publish white pages, yellow pages, and other similar directories) and directory assistance providers.
- As described to you when collecting your personal data.
- Law enforcement in accordance with Article 5/1(a) and Article 5/1(ç) of the Turkish Personal Data Protection Law No. 6698
- To respond to law enforcement requests and as required by applicable law, court order, governmental regulations, or other legal process where we believe in good faith that disclosure protects your safety or the safety of others, or where we need to protect a legitimate business interest such as fighting against fraud that harms our rights.
- As we may need for our legitimate interest without any adverse effect on your rights in relation to and use of our services in accordance with Article 5/1(f) of the Turkish Personal Data Protection Law No. 6698:
- To inform you of additional features, expanded coverage or other products or services offered by us.
- To personalize your website experience and to deliver content and service information relevant to your interests, including targeted offers, marketing communications and ads through our websites, third-party sites and via email.
- For testing, research, development, and analysis, including developing and improving our websites and products and services.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Bandwidth’s assets, whether at Bandwidth’s discretion or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by Bandwidth about you is among the assets transferred.
- For security purposes to register visitors to our offices and to manage non-disclosure agreements that visitors may be required to sign, to the extent such processing is necessary for our legitimate interest in protecting our offices and our confidential information against unauthorized access.
We may depend on the legal basis for collecting and using the personal data, which are described above.
Voxbone Turkey will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you notice. We may use non-personal data for any business purpose. To improve our products and services, we commonly will de-identify/anonymize or aggregate your personal data (so that it can no longer be associated with you), in which case we may use this information indefinitely without further notice to you.
How we share your personal data
We may disclose your personal data to a third party for a business purpose. Voxbone Turkey may share your personal data in the following ways to the extent required to fulfill the purpose for which you provide your personal data, to protect the rights, property, or safety of our business, our employees, our customers, or others and for any other purpose that we disclose herein or in writing when you provide the personal data:
- To Bandwidth Inc. and its affiliates, a group companies of which Voxbone Turkey is part, providing services, licenses, platforms, web applications and rights to perform our obligations in connection to the services we provide to you, to enforce our customer Services Agreement including the Subscriber Contract, Acceptable Use Policy, and other agreements.
- To companies that perform services on our behalf only as needed for them to perform those services, including other communications providers in order to route communications over the Voxbone Turkey network.
- To advertising and marketing companies and networks.
- To data analytic providers.
- To other companies and entities, to:
- Respond to emergencies or exigencies;
- Comply with court orders, law, and other legal process, including responding to your legal requests or any government or regulatory request;
- Assist with identity verification, preventing fraud, and identity theft;
- Provide directory assistance services, with your consent;
- Host our services and infrastructure;
- Comply with your data subject requests.
- To potential investors to sell, transfer, merge, divest, restructure, reorganize, or dissolve all or a portion of our business or assets if deemed necessary.
International data transfers
Bandwidth and its affiliates (including Voxbone Turkey) are a global organization, with legal entities, business practices, and technical systems that operate across borders. Your personal data may be collected, transferred to, and stored by us in the European Economic Area and in the United States, and by our subsidiaries and/or third-party service providers that are in other countries. Therefore, your personal data may be transferred and processed outside your jurisdiction and in countries that may not provide for the same level of data protection as your jurisdiction, such as Turkey .
For international transfers outside Turkey due to any reason set forth above (please also refer to the section “How we share your personal data”), we rely on your explicit consent in accordance with Article 9/1 of the Turkish Personal Data Protection Law No. 6698. Your consent will be subject to the consent form you provided us.
Specifically for international transfer of Communications Metadata including traffic data, please also refer to the below for more details:
- Scope of Communications Metadata Transfer: Information generated in connection with the conveyance of communications via the Services, such as source and destination information, IP address, time duration or completion status (which are considered as traffic data).
- Communications Metadata Recipient: Communications Metadata will be transferred to the following recipients: Voxbone SA, (Belgium), Bandwidth Inc. (United States) and affiliates that may need access in order to provide services. Amazon Web Services and Snowflake (EU region servers) to store the data as data processors on our behalf (EU region servers), Zendesk (EU and US servers) as a data processor for customer support ticketing system.
- Purpose of Communications Metadata Transfer: provision, administration, billing of the ECS as a part of the Global Solution services.
- Communications Metadata Transfer Period: for the duration of the provision of the ECS and in accordance with the local retention requirements.
For more information regarding international data transfers among Bandwidth affiliates, please visit www.bandwidth.com/legal/data-protection-and-privacy.
Cookies and other tracking technologies
For any information about cookies and other tracking technologies, please refer to our Global Privacy Notice HERE.
Data subject rights
You have certain rights regarding our processing of your personal data under the Turkish Personal Data Protection Law No. 6698. This section describes these rights and how you can exercise them.
- Right to know. You have the right to ask us to confirm whether or not we process your personal data and how your personal data is being processed, including but not limited to the categories of personal data we have collected and the sources from which we collect it, our purposes for collecting your personal data, the categories of third parties to whom we disclose your personal data in Turkey or outside Turkey, and the specific pieces of personal data we have collected about you.
- Right to access. You have the right to request a copy of your personal data and supplementary information.
- Right to correction/rectification. You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete information you believe is incomplete. When requested and if applicable, we will also notify the recipients to which we disclose your personal data about your correction or rectification request.
- Right to erasure/deletion. You have the right to request that we erase or delete your personal data. For your personal data processed based on your consent, we erase or delete your personal data upon your request. On the other hand, for other personal data processed based on other legal reasons, please note that we can erase or delete your personal data after their retention period determined based on why they are collected and processed by us. If applicable, we will also notify the recipients to which we disclose your personal data about your erasure or deletion request.
- Right to withdrawal of consent. In the event our processing of your personal data is based on your consent, you may withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to object to processing. You have the right to object to the processing of your personal data at any time if your personal data is analyzed through automated systems and such processing results in a negative impact on you.
- Right to request for compensation. If you incur any damages due to unlawful processing of your personal data, you may also ask for compensation for such damages.
Exercising your rights
Except as otherwise noted above, to exercise any of the above rights or if you have any questions about this Privacy Notice, please submit them through our DATA SUBJECT RIGHT REQUEST FORM.
- Making a Request; requests by others on your behalf. Only you, or someone legally authorized to act on your behalf (this includes an authorized agent), may make a verifiable request related to your personal data using the methods described above. The response we provide will also explain the reason we cannot comply with a request, if applicable.
- Fees. You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
- Information we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights, such as your first and last name, email address, mailing address, telephone number, or other information necessary to verify your identity or that your representative is authorized to act on your behalf. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to assist with our response. Any personal data provided to us for verification and fraud-prevention purposes will only be used for that purpose and such information will be deleted as soon as practical after processing your consumer request.
- Timing. We try to respond to all legitimate requests within one month of receipt of the request. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- Appeals. If we refuse to take action on your request, you may appeal that refusal by contacting us through our DATA SUBJECT RIGHT REQUEST FORM.
You may also make a complaint about our processing of your personal data to the Turkish Personal Data Protection Authority if we reject your request or our answer is not satisfactory to you. We would, however, appreciate the opportunity to address your concerns before you do so.
How long we retain your personal data
We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal, regulatory, tax, accounting or other requirements. After expiration of the applicable retention periods, your personal data will be deleted or anonymized. If there is any personal data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use or access of such personal data by our team except for our IT team responsible for storage, protection and back-ups of personal data. To improve our products and services, we commonly aggregate your personal data (so that it can no longer be associated with you), in which case we may use this information indefinitely without further notice to you.
How we protect your personal data
Voxbone takes precautions including administrative, technical, and physical measures to help safeguard against the accidental or unlawful destruction, loss, alteration and unauthorized disclosure of, or access to, the personal data we process or use. You are solely responsible for protecting your account password(s), limiting access to your devices, and signing out of websites after your sessions. You are responsible for any activity conducted using your credentials or passwords. If you believe your password to any of our websites or systems have been compromised, please notify us immediately at [email protected].
For your convenience, hyperlinks may be posted on our websites that link to other websites (“third-party sites”). We are not responsible for the privacy practices of any third-party sites or of any companies that we do not own or control. This Privacy Notice does not apply to third-party sites. Third-party sites may collect information in addition to that which we collect on our websites. We do not endorse any of these third-party sites, the services or products described or offered on such third-party sites, or any of the content contained on the third-party sites. We encourage you to read the privacy notice of each third-party site that you visit to understand how the information that is collected about you is used and protected.
Our websites, products, and services are not directed to children (under the age of 18) and we do not knowingly collect online personal data directly from children. If you are a parent or guardian of a minor child and believe that the child has disclosed online personal data to us, please contact us at [email protected].
Changes to this Privacy Notice
We reserve the right to make corrections or updates to this Privacy Notice at our discretion from time to time. When we do so, we will post the updated Privacy Notice on our website and update the Privacy Notice’s Effective Date. We will notify you of material changes to this Privacy Notice by placing a prominent notice at the top of the Privacy Notice for thirty (30) days and/or by sending a notice to the customer email address you have provided us. We encourage you to periodically review this Privacy Notice.
How to contact us
If you have questions about this Privacy Notice, concerns, or questions, please contact [email protected].
To contact us in writing, please use:
Voxbone Telekomünikasyon ve İletişim Ticaret Limited Şirketi
Attn: Legal – Privacy
Armada Iş Merkezi. Eskişehir Yolu No: 6 Kat: 11 Söğütözü 06520 Yenimahalle/Ankara