1. Purpose
This policy explains how pofft DIGITAL SOLUTIONS TRADE INC. ("Company") processes and protects personal data in line with applicable data protection laws, including Law No. 6698.
2. Scope
The policy covers all departments, employees, interns, contractors, and service providers who process personal data on behalf of the Company.
3. Core Principles
Personal data is processed lawfully, fairly, accurately, and for specific and legitimate purposes. Data is retained only for the necessary period and protected with technical and administrative safeguards.
4. Data Subject Rights
Data subjects may request access, correction, deletion, restriction, objection, and information about transfers. Requests are evaluated and finalized within legal timelines.
5. Security and Governance
The Company applies role-based access, logging, confidentiality commitments, and periodic controls to ensure confidentiality, integrity, and availability of personal data.
6. Effective Date and Updates
This policy entered into force on 01.05.2022 and is reviewed periodically by the data protection committee based on legal and operational requirements.
1. Data Controller
pofft DIGITAL SOLUTIONS TRADE INC. acts as the data controller and processes personal data in accordance with Law No. 6698 and related legislation.
2. Collected Data and Purposes
We may process your name, surname, and email address when you use contact forms, and cookie data when you browse our website.
This data is processed to provide services, improve customer experience, respond to requests, perform analytics, comply with legal obligations, and ensure data security.
3. Transfers
Personal data may be shared with legally authorized public institutions, auditors, legal advisors, and technical service providers, only where necessary and on valid legal grounds.
4. Your Rights
You may exercise your rights under applicable law (such as access, correction, deletion, and objection) through formal application channels.
Applications are assessed and responded to within legal periods.
pofft.com uses only operational (strictly necessary) cookies.
These cookies are required for essential website functions such as session handling, navigation continuity, and secure access to certain features.
If strictly necessary cookies are disabled in your browser settings, some parts of the website may not function properly.
For this reason, these cookies are used by default and cannot be disabled through site-level consent controls.
This commitment sets out the obligations of the service provider acting as a data processor for pofft under Law No. 6698 and the main service agreement between the parties.
The data processor undertakes to:
Process personal data only on documented instructions of pofft and only for contractual purposes,
Apply adequate technical and administrative security measures,
Avoid unauthorized disclosure, transfer, or use,
Notify pofft without delay in case of any data incident or legal request,
Support pofft in fulfilling data subject requests and legal compliance obligations.
At the end of the contractual relationship, personal data and all copies must be returned or securely destroyed, unless retention is required by law.
The processor is responsible for damages resulting from non-compliance.
The supplier undertakes to process any personal data obtained within the scope of services provided to pofft in compliance with Law No. 6698.
The supplier accepts that personal data:
Will be used only for the agreed service scope and purpose,
Will not be shared with unauthorized third parties,
Will be protected through appropriate technical and organizational measures,
Will be deleted, anonymized, or destroyed when legal retention periods expire or the processing purpose ends.
The supplier also accepts liability for any administrative, legal, or financial consequences arising from breach of these obligations.
1. Scope
This policy defines principles and procedures for domestic and international transfers of personal data processed by pofft.
2. Domestic Transfers
Personal data is transferred only where there is a valid legal basis, such as explicit legal requirement, contract performance, legal obligations, legitimate interest, protection of rights, or explicit consent where required.
3. International Transfers
International transfers are carried out in compliance with legal transfer mechanisms, including explicit consent where applicable and required safeguards under relevant regulations.
4. Special Category Data
Special category data is transferred only under stricter safeguards and legal conditions, with enhanced security controls.
5. Security Measures
Encryption, controlled access, secure communication channels, and confidentiality measures are applied during transfers.
1. Purpose and Scope
This procedure sets out how personal data is recorded, stored, retained, and destroyed across physical and electronic environments managed by the Company.
2. Retention Rules
Personal data is retained only for legal, contractual, and operational periods defined in the data inventory and applicable regulations.
3. Security Controls
Appropriate technical and administrative controls are applied, including authorization management, logging, backup governance, and secure archiving.
4. Destruction Methods
When retention periods expire, data is securely deleted, destroyed, or anonymized using methods suitable for the storage medium.
5. Periodic Destruction
Periodic destruction is performed at regular intervals and recorded to ensure accountability and auditability.
1. Purpose
This procedure defines response steps for actual or potential personal data breaches and ensures timely legal notifications.
2. Incident Reporting
Employees must report suspected breaches immediately to the designated contact person with available incident details.
3. Response Workflow
The crisis team conducts initial assessment, containment and recovery, impact analysis, notification planning, and improvement actions.
4. Notifications
Breaches are notified to the competent authority within legal deadlines and, where applicable, to affected data subjects using appropriate communication channels.
5. Post-Incident Improvement
Each incident is documented, root causes are analyzed, and preventive technical and organizational measures are implemented.
This procedure defines how requests submitted by data subjects are received, verified, evaluated, and answered.
Applications must include sufficient identity and request details and be submitted through legally accepted channels.
Where information is missing, the applicant may be asked to provide supporting details before evaluation.
Requests are reviewed by relevant teams and resolved within legal time limits.
If processing costs exceed ordinary handling, a fee may be charged in line with applicable regulations.
All actions, correspondence, and outcomes are logged and retained for compliance and audit purposes.
1. Purpose
This procedure regulates the processing of special category personal data by pofft and defines related responsibilities.
2. Principles
Special category data is processed lawfully, for specific purposes, and with enhanced safeguards. Explicit consent is obtained where required by law.
3. Access and Security
Access is limited to authorized personnel. Encryption, access logging, confidentiality undertakings, and periodic controls are applied.
4. Transfer and Storage
Transfers are performed through secure channels and protected media. Physical and digital storage environments are secured against unauthorized access.
5. Review
The procedure is periodically reviewed and updated according to legal developments and operational needs.
