A new version is available. Please refresh.
Aris888
Aris888
Login

Corporate Privacy, Information Security and PDPL Undertaking

Undertaking of principles on data security, privacy, and personal data protection regarding metaverse infrastructure, virtual office systems, corporate platforms, and software services.

This Corporate Privacy, Information Security and Protection of Personal Data Undertaking ("Undertaking") has been prepared to regulate the principles of data security, privacy, and personal data protection related to all digital services, metaverse infrastructure, virtual office systems, corporate platforms, digital exhibition spaces, and related software services offered by Aris888 Metaverse Company.

This Undertaking is binding on all natural and legal persons who create a corporate account, receive services, rent a virtual space, or in any way benefit from corporate services on the Aris888 platform.

By using the platform, the corporate user declares that they have read, understood, and accepted this Undertaking with all its consequences.

1. CONFIDENTIALITY AGREEMENT AND GENERAL OBLIGATIONS

The corporate user accepts that all information, data, system documents, software components, user data, commercial information, and technical infrastructure information they access within the scope of the Aris888 platform are of confidential nature.

In this context, the corporate user undertakes not to share, disclose, copy, or use the said information for commercial purposes with third parties. The confidentiality obligation continues indefinitely not only during the service period but also after the termination of the service.

The corporate user is obliged to take all necessary administrative and technical measures for the protection of confidential information.

2. CORPORATE DATA PROCESSING (PDPL / GDPR) AGREEMENT

The corporate user accepts that personal data processed through the Aris888 platform are processed within the scope of the Personal Data Protection Law (KVKK) No. 6698 and, where applicable, the General Data Protection Regulation (GDPR).

In this context, Aris888 may act as the data controller or data processor, and the corporate user acts as the data controller responsible for its own data processing activities.

The corporate user declares that all personal data they upload or process on the platform are obtained lawfully, that necessary disclosures have been made, and that required permissions have been obtained from the personal data owners.

Aris888 processes personal data only for the purpose of providing services, operating the infrastructure, ensuring security, and improving system performance. This data is never sold to third parties or transferred for commercial purposes without permission.

The corporate user is obliged to inform Aris888 immediately in case of suspicion or occurrence of a data breach.

3. CYBERSECURITY AND INFRASTRUCTURE RESPONSIBILITIES

The corporate user is obliged to act in accordance with cybersecurity standards in all transactions they perform on the Aris888 platform. Any behavior that threatens the security of the platform is strictly prohibited.

In this context, the following are strictly prohibited:

  • Unauthorized access attempts,
  • Exploitation of system vulnerabilities,
  • Data leakage attempts,
  • Use of bots, automation, or malicious software,
  • Attack or testing activities that will damage the infrastructure

are strictly prohibited.

Aris888 has the right to monitor and analyze access logs, transaction records, and technical data within the legal framework to ensure system security.

The corporate user is responsible for security vulnerabilities that may occur in their own infrastructure and their effects on Aris888 systems.

4. DATA SECURITY AND PROTECTION STANDARDS

The corporate user is obliged to take all necessary technical and administrative measures for the protection of data processed on the platform. These measures include access control, encryption, authorization systems, and firewall use.

Aris888 applies SSL encryption, firewall systems, unauthorized access detection mechanisms, and data integrity controls to ensure high-security standards.

Nevertheless, it is accepted by the parties that 100% security cannot be guaranteed due to the nature of internet-based systems.

5. CONFIDENTIAL DATA BREACH AND NOTIFICATION OBLIGATION

The corporate user is obliged to notify Aris888 without delay in case of any data breach, cyberattack, or detection of a security vulnerability.

Aris888 has the right to take necessary legal and technical steps in data breach cases, to temporarily stop the relevant systems, and to notify the competent institutions.

6. LIMITATION OF LIABILITY

Aris888 is only in the position of a technical service provider supplying the platform infrastructure. All legal, financial, and administrative responsibility arising from the corporate user's own data processing activities belongs to the user.

The corporate user is exclusively responsible for all kinds of damages that may arise from data breaches that may occur in the eyes of third parties.

This Corporate Privacy, Information Security and KVKK Undertaking enters into force from the moment access to the platform is provided and is binding on the corporate user. Aris888 reserves the right to make changes in this text and changes take effect when they are published.