picture

ÖMER BALKAN BİLİŞİM HİZMETLERİ

USER CLARIFICATION TEXT

This clarification text has been prepared by the data controller Ömer Balkan Bilişim Hizmetleri within the scope of Article 10 of the Law No. 6698 on the Protection of Personal Data and the Communiqué on the Procedures and Principles to be Followed in Fulfillment of the Disclosure Obligation.

Dear customers; Within the scope of the Law No. 6698 on the Protection of Personal Data (“Law”), which entered into force on April 7, 2016, personal data is defined as any information relating to an identified or identifiable natural person and the protection of your personal data and being informed about your personal data is one of your fundamental rights in accordance with the Constitution of the Republic of Turkey (“Constitution”). In this respect, since ensuring the security and processing of your personal data is of great importance and sensitivity for Ömer Balkan Bilişim Hizmetleri as well as an obligation, your data is processed and protected by Ömer Balkan Bilişim Hizmetleri within the framework of the Constitution of the Republic of Turkey and the Law.

Article 10 of the Law imposes an obligation on the “Data Controller” to inform the relevant persons about the identity of the data controller and its representative, if any, during the acquisition of personal data, the purposes for which personal data will be processed, to whom and for what purposes the processed personal data may be transferred, the method and legal reason for collecting personal data and other rights listed in Article 11 of the Law, and with this clarification text, it is aimed to inform you about the personal data processing activities carried out by “Ömer Balkan Bilişim Hizmetleri”, which has the title of data controller under the “Law”.

1- Ömer Balkan Bilişim Hizmetleri Data Controller Title

The data controller is defined in Article 3-i of the Law as the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system, and Ömer Balkan Bilişim Hizmetleri is the data controller in terms of data related to our valued customers / potential customers.
Company Name: BMind
Contact Email: contact@bmindacademy.com
Application: BMind – Case Study Competition Platform

2- Scope and Target Audience

This Privacy Notice applies to all individuals aged 18 and over who use the BMind mobile application. BMind is designed for university students and recent graduates, offering case study competitions, interactive business scenarios, and competitive quiz formats. Individuals under the age of 18 are not permitted to use the application. By registering, you confirm that you meet this age requirement.

3- Personal Data We Process

3.1- Mandatory Data

  • Full name
  • Email address
  • Password (stored in encrypted / hashed form)
  • Date of birth (for age verification purposes)
  • Registration date and last login information

3.2- Optional Data (User Discretion)

  • Profile photo
  • University / school name
  • Graduation year and field of study
  • Username (display name / alias)
  • LinkedIn profile URL

3.3- Automatically Collected Data

  • Device type, operating system, and application version
  • IP address and connection details
  • In-app behavioural data (clicks, session duration, page views)
  • Crash reports and error logs
  • Competition participation, scores, and leaderboard rankings

4- Purposes of Processing
  1. Creating, managing, and authenticating user accounts
  2. Enabling participation in case study competitions and managing leaderboards
  3. Delivering personalised content, recommendations, and notifications
  4. Monitoring application performance and resolving technical issues
  5. Improving user experience and developing new features
  6. Fulfilling legal obligations
  7. Performing security and identity verification procedures
  8. Conducting statistical analysis and anonymous reporting

5- Legal Grounds for Processing

Your personal data is processed on the following legal grounds under KVKK Article 5 and 6 (and GDPR Article 6, where applicable):
Performance of a contract: Account creation, competition participation, and delivery of application services
Explicit consent: Marketing communications, optional profile data, and analytics-related processing
Legitimate interests: Application security, error detection, and product development activities
Legal obligation: Disclosure to competent authorities when required by law

6- Transfer of Personal Data

Your personal data may be transferred to the following categories of recipients, solely for the purposes stated:
• Infrastructure and cloud service providers (server hosting and data storage)
• Analytics and performance monitoring services (e.g. Firebase, Crashlytics)
• Email and push notification service providers
• Competent public authorities and regulators when required by law
Where personal data is transferred outside of Turkey, the safeguards required under KVKK Article 9 are ensured. Your data is not shared with third-party advertisers or data brokers.

7- Data Retention Periods

Account data: For the duration of the active account + 3 years after account deletion
Competition and score data: For the duration of the active account; anonymised statistics retained indefinitely
Technical / log data: 6 months
Email communication records: 3 years
Data subject to legal obligations: As required by applicable legislation
Upon expiry of the applicable retention period, data is securely deleted, destroyed, or anonymised.

8- Your Rights Under KVKK

Pursuant to KVKK Article 11, you have the following rights regarding your personal data:
• To learn whether your personal data is being processed
• To request information if it has been processed
• To learn the purpose of processing and whether it is used accordingly
• To know the third parties to whom your data has been transferred, domestically or abroad
• To request correction of incomplete or inaccurate data
• To request deletion or destruction of your data in accordance with applicable law
• To object to a result that arises to your detriment through automated processing
• To claim compensation for damages arising from unlawful processing
To exercise your rights, please contact us at:
Email: kvkk@bmind.app
Please include information sufficient to verify your identity. Requests will be responded to within 30 days.

9- Data Security

BMind implements the following technical and administrative measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:
• Passwords stored using strong cryptographic hashing algorithms
• SSL/TLS encryption for all data in transit
• Access controls and role-based authorisation
• Regular security assessments and patch management
• Data breach notification procedures in compliance with KVKK and applicable regulations

10- In-App Tracking Technologies

BMind may use third-party analytics tools such as Firebase Analytics and Crashlytics to improve service quality, detect errors, and enhance user experience. These tools may collect anonymised or pseudonymised data. You may limit or disable such data collection through your device or application settings.

11- Changes to This Privacy Notice

BMind may update this Privacy Notice from time to time in response to changes in business operations or applicable law. Material changes will be communicated to users via in-app notification or email. The effective date of the most recent version is displayed at the top of this document.

12- Contact and How to Apply

For any questions, comments, or requests relating to this Privacy Notice:

Email: contact@bmindacademy.com

You also have the right to lodge a complaint with the Personal Data Protection Authority of Turkey (KVKK). For more information: www.kvkk.gov.tr.