Privacy Policy

1. Purpose and Scope

This Privacy Notice & Data Protection Policy (the “*Privacy Notice(support.wix.com)r(zoom.com)lected, used, shared, stored and protected when you visit the HimerAgile website, contact us, subscribe to our newsletter, register for or attend a training programme, webinar or event, purchase a training or digital service, participate in an online learning session, or otherwise interact with HimerAgile.

This Privacy Notice is intended for visitors, customers, participants, business contacts and newsletter subscribers located in Türkiye or internationally. HimerAgile is established in Türkiye and processes personal data in accordance with applicable Turkish data protection law, including Law No. 6698 on the Protection of Personal Data (“KVKK”).

Where HimerAgile offers services to, or processes personal data in a manner subject to the EU General Data Protection Regulation (“EU GDPR”) or the United Kingdom General Data Protection Regulation (“UK GDPR”), the relevant mandatory rights and obligations under those laws shall also apply to the extent required.

This Privacy Notice should be read together with our Cookie Policy, International Terms of Sale for Training and Digital Services, and Service Delivery, Cancellation, Withdrawal and Refund Policy, where applicable.

2. Who We Are: Data Controller

For the purposes of the personal data processing activities described in this Privacy Notice, the data controller is:

Data Controller / Service Provider: Çiğdem Şengül, trading under the brand name HimerAgile
Business Address: Mithatpaşa Mah. Abdulhamit Han Cad. Kemer Life 23 Metal Yapı Konut No: 19-23 İç Kapı No: 14, Eyüpsultan / Istanbul, Türkiye
Email: contact.himera@himeragile.com
Telephone: +90 532 491 04 30
Website: www.himeragile.com

In this Privacy Notice, “HimerAgile”, “we”, “us” or “our” means Çiğdem Şengül operating under the HimerAgile brand.

3. Whose Personal Data We May Process

Depending on your interaction with HimerAgile, we may process personal data relating to:

visitors to our Website;
individuals who contact us through website forms, email or telephone;
prospective or current individual customers;
participants who register for or attend training programmes, workshops, webinars or events;
representatives, employees or participants of corporate customers;
newsletter and commercial communication subscribers;
speakers, collaborators, prospective business partners or professional contacts; and
persons who submit cancellation, withdrawal, refund, support or data protection requests.

4. Categories of Personal Data We Collect

The categories of personal data we process depend on the nature of your relationship with us and the services you use.

Category

Examples of Personal Data We May Process

Identity Information

First name, last name, participant name, certificate name details

Contact Information

Email address, telephone number, postal address, communication preferences

Professional and Organisational Information

Job title, company or organisation name, sector, professional interests, corporate participation details

Registration and Order Information

Training or event selected, registration date, order number, participant details, attendance status, programme transfer or cancellation requests

Billing and Payment Information

Billing name, invoice address, tax information where supplied, payment status, transaction reference, refund status; payment card data is handled through the relevant payment provider and is not stored by HimerAgile in full card form

Contract and Consent Records

Acceptance of sales terms, withdrawal/early performance consents, digital access acknowledgement, newsletter consent or unsubscribe records

Communication and Request Information

Form submissions, emails, enquiries, feedback, complaints, support and refund requests

Training and Event Information

Session attendance, participation records, certificate information, evaluation responses, learning feedback

Image, Audio and Meeting Content

Audio, video, image, chat content, questions or other material shared in a Zoom session or an event, only in line with the purposes and notices described below

Marketing and Newsletter Data

Newsletter subscription, communication consent or opt-out status, email engagement information generated through Wix newsletter functions

Technical and Security Data

IP address, device/browser information, date/time logs, site security or error logs, online access information

Cookie and Usage Data

Essential cookie data and, where consent is required and obtained, analytics or marketing cookie data

HimerAgile does not intend to collect special category or sensitive personal data as part of its ordinary website, training or sales activities. Please do not share health information, biometric data, government identification information or other sensitive information through general forms, email communications, Zoom chats or training exercises unless it is necessary and specifically requested through an appropriate process.

5. How We Collect Personal Data

We may collect personal data directly from you, automatically through our Website and service platforms, or from an organisation registering you for a programme, through the following channels:

forms, registrations and subscriptions submitted through the Wix-hosted Website at www.himeragile.com;
newsletter subscription, distribution and unsubscribe processes managed through Wix;
programme, webinar, workshop and event registrations;
card payment transactions processed through iyzico;
direct payment through bank transfer/EFT and associated bank transaction records;
online training sessions and webinars conducted through Zoom;
email and telephone communications;
invoices, contracts, cancellation, withdrawal, refund or customer support records;
cookies, technical logs and similar technologies used through the Website; and
information provided by a corporate customer or business contact registering participants for a Service.

Where you register another person for an event or provide participant information on behalf of an organisation, you are responsible for ensuring that you are authorised to provide the relevant information and that the participant is appropriately informed about this Privacy Notice.

6. Purposes of Processing and Legal Bases

We process personal data only where we have an appropriate legal basis under applicable law. The table below describes our principal processing activities.

Purpose of Processing

Types of Data Involved

Legal Basis under KVKK

Legal Basis where EU GDPR / UK GDPR Applies

Responding to enquiries, contact forms, proposal or information requests

Identity, contact, professional and communication data

Processing necessary for establishment or performance of a contract; legitimate interest; consent where required

Steps prior to a contract or performance of a contract; legitimate interests; consent where required

Managing registrations for training programmes, webinars, workshops and events

Identity, contact, professional and registration data

Establishment or performance of a contract; legitimate interest

Performance of a contract; legitimate interests

Selling training programmes or digital services and administering orders

Identity, contact, order, contract/consent and payment status data

Establishment or performance of a contract; legal obligation

Performance of a contract; legal obligation

Receiving payments through iyzico or bank transfer and issuing refunds

Identity, order, transaction, billing and refund data

Establishment or performance of a contract; legal obligation; establishment, exercise or protection of a right

Performance of a contract; legal obligation; legitimate interests/legal claims

Issuing invoices and complying with accounting and tax obligations

Identity, billing, tax and order information

Legal obligation; establishment, exercise or protection of a right

Legal obligation; legitimate interests/legal claims

Supplying online access, live training or Digital Content

Identity, contact, access, registration and order data

Performance of a contract

Running online training sessions and webinars via Zoom

Identity, contact, registration, meeting participation and voluntarily shared content

Performance of a contract; legitimate interest; consent where required for specific recording/use

Performance of a contract; legitimate interests; consent where required

Issuing participation certificates or completion records

Identity, registration and attendance data

Performance of a contract; legitimate interest

Performance of a contract; legitimate interests

Handling cancellation, withdrawal, transfer, refund, complaint or support requests

Identity, contact, order, payment and communication data

Performance of a contract; legal obligation; establishment, exercise or protection of a right

Performance of a contract; legal obligation; legitimate interests/legal claims

Protecting the security and functionality of the Website and online services

Technical, log, device, security and essential cookie data

Legitimate interest; legal obligation where applicable

Legitimate interests; legal obligation where applicable

Managing essential cookies and recording cookie preferences

Cookie preference and essential technical data

Legal obligation; legitimate interest

Compliance with applicable electronic communications/privacy rules; legitimate interests for strictly necessary cookies

Using non-essential analytics or marketing cookies

Website interaction and cookie-derived usage data

Consent where required

Sending newsletters, programme announcements or promotional communications

Identity, contact, marketing preference and subscription data

Commercial electronic communication consent and/or consent where required; applicable exceptions reserved

Consent or other lawful basis permitted for electronic marketing in the relevant jurisdiction

Using event or training recordings for external communications, promotion or content production

Image, audio, video, name/title where applicable

Explicit consent or another applicable legal basis identified for the specific use

Consent or another applicable legal basis identified for the specific use

Managing disputes, enforcing contractual terms and protecting intellectual property rights

Contract, order, communication, participation and access records

Establishment, exercise or protection of a right; legitimate interest

Legitimate interests; establishment, exercise or defence of legal claims

Providing information necessary for registration, contract formation, payment, invoicing or service delivery is required for us to provide the relevant Service. If you do not provide such information, we may not be able to complete your registration, process your order or deliver the Service.

Purchasing a Service or registering for a training programme does not automatically enrol you in promotional communications or newsletters. Marketing preferences are handled separately as described below.

7. Service Providers, Platforms and Recipients of Personal Data

We may share personal data only to the extent necessary for the purposes described in this Privacy Notice, where permitted by law and subject to appropriate safeguards where required.

Recipient / Platform

Purpose of Sharing or Access

Wix.com Ltd. and relevant Wix infrastructure/service providers

Hosting and operation of the Website; management of forms, registrations and newsletter subscription/distribution processes; technical security and site functionality

iyzi Ödeme ve Elektronik Para Hizmetleri A.Ş. (iyzico)

Processing card payments, transaction verification, payment security and refund processes

Relevant banks

Receiving direct bank transfer/EFT payments, verifying payments, processing refunds and maintaining financial records

Zoom Video Communications, Inc. and relevant Zoom service providers

Delivering live online training programmes and webinars; enabling meeting registration and participation; handling session content where participants choose to share it or where a recording is separately notified

Accounting, tax, invoicing or professional advisory service providers

Fulfilling invoicing, accounting, tax, legal compliance, audit and professional advisory needs

Trainers or programme delivery support personnel, where applicable

Delivering the relevant training or event and managing participation

Public authorities, courts, regulators or legally authorised parties

Responding to lawful requests, complying with obligations, handling disputes or protecting rights

Your employer, organisation or authorised representative, where applicable

Managing corporate participation, billing, programme registration or reporting requested by that organisation and compatible with applicable law

Payment Information

Where you make a card payment, the transaction is processed through iyzico. iyzico may process your payment-related personal data in accordance with its own applicable privacy and personal data notices. HimerAgile does not store your full card number or card security code through the iyzico payment flow.

Where you pay by direct bank transfer/EFT, payment information such as your name or account holder name, amount, transaction date and payment description may be processed in the records of the relevant bank and in HimerAgile’s financial administration records.

Zoom Sessions

When you attend a Zoom-based online training programme or webinar, Zoom may process participant registration information, display name, email address, device and connection information, meeting participation information, and content you voluntarily share during the session, such as chat messages, questions, audio, video or screen sharing. Whether camera, microphone or other participation functions are used remains subject to the format of the session and your participation choices, unless a specific programme requirement is clearly communicated in advance.

8. International Transfers of Personal Data

Because HimerAgile is established in Türkiye and uses international digital service platforms, your personal data may be processed in, accessed from, or transferred to countries other than your country of residence.

In particular:

Personal data submitted through our Website, forms or newsletter functions is processed through Wix infrastructure. Wix may store or process site visitor and user data in locations outside Türkiye, including through its international data centre and service provider arrangements.
Personal data processed for live online training programmes and webinars is handled through Zoom. Zoom may process participant and meeting-related data internationally in accordance with its service infrastructure and privacy framework.
Card payments are processed through iyzico, a payment service provider established in Türkiye. Other entities involved in the payment process, such as banks or card scheme participants, may process information under their own legal obligations and privacy notices.
Direct bank transfer/EFT payments are processed through the relevant banks involved in the transaction.

Transfers under Turkish Law

Where personal data is transferred abroad within the scope of HimerAgile’s processing activities, such transfers shall be handled in accordance with Article 9 of KVKK and applicable secondary legislation. Depending on the circumstances, the applicable transfer mechanism may include an adequacy decision, appropriate safeguards such as standard contracts, or another legally available mechanism.

Transfers Where EU GDPR or UK GDPR Applies

Where EU GDPR or UK GDPR applies to a relevant processing activity, transfers of personal data outside the European Economic Area or the United Kingdom shall be subject to an applicable transfer mechanism and supplementary measures where required under the relevant law. Such mechanisms may include an adequacy decision, approved standard contractual clauses, the UK International Data Transfer Agreement or UK Addendum, or another recognised legal safeguard.

You may contact us at contacthimera@himeragile.com to request further information about the relevant categories of international transfers and applicable safeguards, subject to legal and confidentiality limitations.

9. Newsletter and Marketing Communications

If you subscribe to receive news, insights, training announcements, webinar invitations, event communications or promotional content from HimerAgile, we may process your name, email address, subscription preferences, consent or opt-out record, and email interaction data available through the newsletter service.

Newsletter subscription and distribution processes are managed through Wix infrastructure.

Subscribing to marketing communications is optional and is not a condition for purchasing or attending a Service. Where your consent is required, it will be collected separately. You may unsubscribe at any time by using the unsubscribe option contained in an applicable email or by contacting us at contact.himera@himeragile.com.

Unsubscribing from marketing communications does not prevent us from sending non-promotional communications necessary to administer your order or Service, such as purchase confirmations, invoices, Zoom access links, event changes, certificate communications or cancellation/refund updates.

10. Cookies and Similar Technologies

Our Website is operated through Wix and may use cookies and similar technologies for website functionality, security, fraud prevention, preference management and, where enabled and lawfully permitted, analytics or marketing purposes.

Strictly necessary cookies may be used to ensure that the Website functions correctly and securely. Non-essential analytics or marketing cookies shall be managed in accordance with applicable consent requirements and the preferences you select through the cookie banner or preference centre made available on the Website.

Further information on the types of cookies used, their purpose, duration, provider and how you can manage your preferences shall be provided in our separate Cookie Policy.

11. Online Training, Webinars, Images and Recordings

HimerAgile online training programmes and webinars are delivered through Zoom. When you join a session, personal data such as your display name, email address, participation time, technical connection data and any content you choose to share through audio, video, chat, Q&A or screen-sharing functions may be processed for the purposes of providing the session.

A training programme, webinar or event will not be used as external promotional recorded content merely because you joined the session. Where HimerAgile intends to record a session, participants shall be informed before the recording begins. Where recordings, screenshots, photographs or participant contributions are intended to be used for promotional communications, social media, content creation or reuse in later learning products, the appropriate legal basis shall be assessed separately and consent shall be obtained where required.

Participants are requested not to share confidential business information, sensitive personal data or personal data relating to third parties in Zoom chats, shared documents, exercises or screen shares unless such disclosure is necessary and appropriately authorised.

12. Retention of Personal Data

We retain personal data only for as long as necessary for the purposes for which it was processed, to fulfil legal or contractual obligations, to establish or defend legal rights, and to maintain appropriate security and accountability records.

Data / Processing Activity

General Retention Approach

Order, sales terms acceptance, invoice, payment and refund records

Retained for the period required by applicable financial, tax, consumer protection and legal record-keeping obligations

Training, webinar and event registration/attendance information

Retained as necessary to deliver the Service, administer certificates and handle potential requests or disputes

Communications, enquiries, support and complaint records

Retained for as long as necessary to respond, manage follow-up and protect relevant rights

Newsletter consent, opt-out and commercial communication records

Retained for as long as necessary to manage communications preferences and demonstrate compliance with applicable requirements

Website security logs and technical records

Retained for an appropriate period necessary for security, troubleshooting, fraud prevention or legal compliance

Consent-based image, audio or promotional content records

Retained until the relevant purpose ends or consent is withdrawn, subject to any legal retention need and use already lawfully made before withdrawal

When personal data is no longer required and there is no lawful basis to retain it, we take appropriate steps to delete, destroy or anonymise it in accordance with applicable requirements.

13. Data Security

HimerAgile takes reasonable administrative and technical measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. Such measures may include use of secure service infrastructure, access limitation, record keeping, contractual arrangements with relevant service providers and operational controls appropriate to the nature of the data and services.

No internet-based transmission or storage system can be guaranteed to be completely secure. If you have concerns about the security of personal data relating to you, please contact us using the details in this Privacy Notice.

14. Your Rights under Turkish Data Protection Law (KVKK)

Under Article 11 of KVKK, and subject to the applicable conditions, you may have the right to:

learn whether your personal data is being processed;
request information if your personal data has been processed;
learn the purpose of processing and whether your data is used in accordance with that purpose;
know the third parties to whom your personal data has been transferred in Türkiye or abroad;
request correction of incomplete or inaccurate personal data;
request deletion or destruction of personal data where the applicable conditions are met;
request notification of correction, deletion or destruction operations to third parties to whom personal data has been transferred;
object to an outcome against you arising from analysis exclusively through automated systems; and
request compensation where you suffer damage due to unlawful processing of personal data.

15. Additional Rights for Individuals in the EEA or the United Kingdom

Where EU GDPR or UK GDPR applies to our processing of your personal data, you may, subject to the conditions and limitations in the applicable law, have the right to:

request access to your personal data and receive a copy of it;
request correction of inaccurate or incomplete data;
request erasure of your personal data;
request restriction of processing;
object to processing based on legitimate interests;
object at any time to processing for direct marketing purposes;
receive personal data you provided in a structured, commonly used and machine-readable format and request portability where applicable;
withdraw consent at any time for future processing where processing is based on consent; and
submit a complaint to the competent supervisory authority in your country of residence, place of work or where an alleged infringement occurred.

Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.

16. Rights under Other Applicable Local Privacy Laws

Depending on your country or state of residence and whether the relevant privacy law applies to HimerAgile’s processing, you may have additional rights in relation to your personal data. Nothing in this Privacy Notice is intended to restrict any privacy right that cannot be waived under applicable mandatory law.

You may contact us using the details below to ask whether a particular privacy right applies in relation to your personal data and to submit a request.

17. How to Exercise Your Rights

You may submit privacy-related requests by contacting us through the following channels:

Email: contact.himera@himeragile.com
Postal Address: Çiğdem Şengül / HimerAgile, Mithatpaşa Mah. Abdulhamit Han Cad. Kemer Life 23 Metal Yapı Konut No: 19-23 İç Kapı No: 14, Eyüpsultan / Istanbul, Türkiye
Telephone: +90 532 491 04 30

Your request should describe the right you wish to exercise and include sufficient information to allow us to identify the relevant interaction or records. We may request additional information reasonably necessary to verify your identity and protect personal data against unauthorised disclosure.

Requests under KVKK shall be assessed and answered as soon as possible and no later than 30 days, subject to applicable procedural and fee rules. Where EU GDPR or UK GDPR applies, requests shall be handled within the timeframes and procedures required by that applicable law.

18. Children’s Data

HimerAgile services are primarily directed to adult professionals, organisations and adult participants in learning programmes. We do not knowingly aim to collect personal data from children through our general website, sales or training processes.

If you believe that personal data relating to a child has been provided to us without appropriate authority or safeguards, please contact us so that we can review the matter and take appropriate action.

19. Third-Party Sites and Platform Notices

Our Website or communications may contain links to third-party websites, payment pages, Zoom sessions, social media channels or other digital services. Third parties may process personal data under their own privacy notices and legal responsibilities. We encourage you to review the privacy information made available by those third parties when you use their services.

In particular, card payments through iyzico and participation in Zoom sessions may also be subject to the respective privacy information provided by those platforms.

20. Changes to This Privacy Notice

We may update this Privacy Notice to reflect changes in our Services, technology infrastructure, service providers or applicable legal requirements. The current version shall become effective on the date it is published on our Website.

Where a material change affects how we process personal data in connection with an active relationship, we may provide additional notice through an appropriate communication channel where reasonably required.

21. Contact Us

For questions about this Privacy Notice, our personal data processing activities, or the exercise of your rights, please contact:

Çiğdem Şengül / HimerAgile
Mithatpaşa Mah. Abdulhamit Han Cad. Kemer Life 23 Metal Yapı Konut No: 19-23 İç Kapı No: 14
Eyüpsultan / Istanbul, Türkiye
Email: contact.himera@himeragile.com
Telephone: +90 532 491 04 30
Website: www.himeragile.com

Privacy Policy

CONTACT