At Bros Group (TUNCEL TURIZM ITHALAT IHRACAT VE TICARET LIMITED SIRKETI), safeguarding your personal data is a top priority. When engaging with the CONGRESS website or using our congress mobile app (hereafter referred to as the "Site"), we may collect personal data about you.

This policy outlines our methods for processing your data in accordance with the General Data Protection Regulation (GDPR) concerning the protection and free movement of personal data.

1. Data Controller Identification:

TUNCEL TURIZM ITHALAT IHRACAT VE TICARET LIMITED SIRKETI, a limited company registered in Turkey under number 8670049171, and based at Esentepe Mah Saglam Fikir Sok 28-3 Sisli, Istanbul ("We"), is the data controller.What data do we collect?

2. Data Collection:

Personal data is any information that can directly or indirectly identify an individual. We collect the following types of data:

• Identification data such as names, titles, email addresses, and phone numbers.
• Professional data, including your company’s name. Data marked with an asterisk is essential for us to deliver our services when collected.

3. For what purposes and on what legal basis is your personal data collected, and how long is it kept?

Purposes	Legal basis	Retention periods
To provide the services available on our platform (turnkey solution for organising remote or face-to-face events)	Execution of a contract you have entered into	The data is kept for the duration of the commercial relationship
To carry out customer management operations relating to contracts, orders, invoices, and follow-up of the relationship with customers	Execution of a contract you have entered into	Personal data is kept for the duration of the contractual relationship. Data relating to your bank card is kept by our payment service provider until the price is paid in full.
		Data relating to the visual cryptogram or CVV2 on your bank card is not stored.
To compile a file of customers and leads	Our legitimate interest in developing and promoting our business	For customers: data is kept for the duration of the commercial relationship and is deleted on expiry of a period of 3 years after the end of the commercial relationship. For leads: data is kept for a period of 3 years from your last contact with us.
To send out newsletters, special offers and promotional messages	Our legitimate interest in developing and promoting our business	Data is kept for 3 years from your last contact with us.
To respond to your requests for information	Our legitimate interest in responding to your requests	The data is kept for as long as necessary to process your request for information and is deleted once the request for information has been processed.
To comply with the legal obligations applicable to our business	To comply with our legal and regulatory obligations	For invoices: invoices are archived for a period of 10 years. Data relating to your transactions (with the exception of banking data) is kept for 5 years.
To manage requests to exercise rights	To comply with our legal and regulatory obligations	If we ask you for proof of identity, we keep it only for as long as needed to verify your identity. Once we have checked it, the supporting document is deleted. If you exercise your right to object to prospecting, we keep this information for 3 years.

4. Who receives your data?

Your data is accessible to our staff and subcontractors, including our newsletter provider and payment processor.

1. Email delivery: Mailjet
2. Payment platform: Lookus Scientific

As needed, relevant public or private entities may access your data to fulfill our legal obligations.

5. Your rights:

You have the following rights with regard to your personal data :

• Right to be informed: Access, rectification, restriction, erasure, and to object.This right is provided for in Articles 13 and 14 of the GDPR.
• Right of access: you have the right to access all of your personal data at any time under Article 15 of the GDPR.
• Right to rectification: you have the right to rectify inaccurate, incomplete or obsolete data about you at any time in accordance with Article 16 of the GDPR
• Right to restriction of processing: you have the right to obtain the restriction of processing of your personal data in specific cases defined in Article 18 of the GDPR.
• Right to erasure (‘right to be forgotten’): you have the right to demand that your personal data be erased, and to prohibit any future collection for the reasons set out in Article 17 of the GDPR
• Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data infringes the applicable legislation. (Article 77 of the GDPR)
• Right to specify instructions relating to the storage, erasure and disclosure of your personal data after your death, in accordance with Article 40-1 of the French Data Protection Law.
• Right to withdraw your consent at any time: where processing is based on consent, Article 7 of the GDPR provides that you can withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
• Right to data portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data that you have provided us in a standard machine-readable format and to require it to be transferred to the recipient of your choice.
• Right to object: under Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note, however, that we may continue to process it despite this objection, for legitimate reasons or to defend legal proceedings.

You can exercise these rights by writing to us using the contact details below. We may then ask you to provide us with additional information or documents to prove your identity.

6. Point of contact for personal data

Contact email : info@brosgroup.net
Contact telephone: +90 212 296 66 70
Contact address : BROS GROUP, Esentepe Mh Saglam Fikir Sok No 28-3 Osmanbey Sisli - Istanbul

7. Updates

This policy is subject to updates to maintain compliance with regulations and adapt to legal, editorial, or technical changes. We encourage regular review of this policy, which will be amended on our platform. We will inform you of significant modifications.