Privacy Policy

1. INTRODUCTION

Welcome to the TestEd platform ("Platform", "Service", "tested.com.tr"). This Privacy Policy ("Policy") describes how AB ORTADOĞU DIŞ TİCARET VE EĞİTİM HİZMETLERİ LTD. ŞTİ. ("TestEd", "Company", "we") collects, uses, processes, stores, and protects the personal data of all users ("you", "User") who use the Platform.

TestEd, as a subsidiary of the MEDIARUBIC brand, provides online assessment services to corporate clients in the areas of talent management, personality inventory, competency assessment, and employee development.

By reading this Policy, you will be informed about how your personal data is processed. By continuing to use the Platform, you are deemed to have accepted this Policy.

2. DEFINITIONS

The terms used in this Policy have the following meanings:

• "Personal Data": Any information relating to an identified or identifiable natural person

• "Data Controller": AB ORTADOĞU DIŞ TİCARET VE EĞİTİM HİZMETLERİ LTD. ŞTİ.

• "Data Processor": A natural or legal person who processes personal data on behalf of the data controller based on the authority given by the data controller

• "Corporate Customer": Companies that purchase Platform services

• "End User": Individuals who take tests as employees of corporate customers

• "Demo User": Guest users who access the platform via QR code or demo link

3. IDENTITY OF THE DATA CONTROLLER

4. WHAT PERSONAL DATA DO WE COLLECT?

4.1. Data We Collect from Corporate Customer Authorized Personnel

Account Information:

• Name, surname

• Job title

• Company name and tax information

• Business email address

• Business phone

• Billing address

4.2. Data We Collect from End Users (Employees)

Identity Information:

• Name, surname

• Email address (corporate)

• Employee ID/Registry number (optional)

Assessment Data:

• Test responses and results

• Competency scores

• Personality profile analyses

• Behavioral tendencies

• Development areas and recommendations

4.3. Automatically Collected Data

Technical Data:

• IP address

• Browser type and version

• Operating system

• Device information

• Pages visited and clicks

• Time spent on the Platform

• Cookies and similar technologies

5. WHY DO WE COLLECT PERSONAL DATA?

5.1. Service Provision

• Implementation of online assessment tests

• Analysis and reporting of test results

• Providing personalized development recommendations

• Talent management support to corporate customers

5.2. Account Management

• Creation and management of user accounts

• Authentication and authorization

• Password reset and account recovery

• Storage of user preferences

6. HOW DO WE USE PERSONAL DATA?

We process your personal data based on the following legal grounds:

6.1. Performance of Contract

Data processing activities necessary to fulfill our service contract with our corporate customers.

6.2. Explicit Consent

We obtain your explicit consent for marketing communications, cookie usage, and voluntary data sharing.

6.3. Legitimate Interest

We rely on our legitimate interests for platform security, fraud prevention, service improvement, and statistical analyses.

6.4. Legal Obligation

Our data processing obligations in accordance with legal regulations, court orders, or official authority requests.

7. WITH WHOM DO WE SHARE PERSONAL DATA?

7.1. Corporate Customers

Employee test results and analyses are shared only with relevant corporate customer authorized personnel.

7.2. Service Providers

• Cloud infrastructure providers (AWS, Google Cloud)

• Email sending services

• Payment processors

• Analytics tools (Google Analytics)

7.3. Legal Authorities

Within the framework of our legal obligations, we may share data with authorized public institutions and judicial authorities.

8. HOW DO WE PROTECT PERSONAL DATA?

8.1. Technical Measures

• SSL/TLS encryption for data transmission

• AES-256 data encryption

• Firewalls and intrusion detection systems

• Regular security tests and penetration tests

• Two-factor authentication (2FA)

8.2. Administrative Measures

• Employee confidentiality agreements

• Data access authorization matrix

• Regular security training

• Data breach response plan

• ISO 27001 certification (process ongoing)

9. HOW LONG DO WE RETAIN PERSONAL DATA?

10. WHAT ARE YOUR RIGHTS?

Under KVKK and GDPR, you have the following rights:

10.1. Right to Information

You have the right to learn whether your personal data is being processed and to request information about it if it is being processed.

10.2. Right of Access

You have the right to access your processed personal data and obtain a copy of it.

10.3. Right to Rectification

You have the right to request the correction of incorrect or incomplete personal data.

10.4. Right to Erasure

Under certain conditions, you have the right to request the deletion of your personal data.

10.5. Right to Restriction of Processing

In certain cases, you have the right to request the restriction of the processing of your personal data.

10.6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

10.7. Right to Object

You have the right to object to data processing activities based on legitimate interest.

10.8. Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing.

11. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies on the Platform. For detailed information, please review our Cookie Policy.

11.1. Types of Cookies We Use

• Strictly necessary cookies (required for Platform operation)

• Performance cookies (to measure site performance)

• Functional cookies (to remember your preferences)

• Targeting/Advertising cookies (for marketing purposes)

12. CHILDREN'S PRIVACY

Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from individuals under 18. If we discover that we have collected data belonging to an individual under 18, we will delete this data immediately.

13. INTERNATIONAL DATA TRANSFERS

Your personal data may be transferred to overseas locations where our service providers' servers are located. In these transfers:

• Transfers are made to countries with adequate levels of protection

• Standard contractual clauses are used

• Your explicit consent is obtained (when necessary)

14. PRIVACY POLICY CHANGES

We may update this Privacy Policy from time to time. For significant changes:

• We will notify you by email

• We will publish announcements on the Platform

• We will obtain renewed consent if necessary

15. CONTACT

You can contact us for privacy-related questions and requests:

This Privacy Policy was last updated on 01.08.2025.