Privacy Policy

This policy applies to all users, visitors, clients, job applicants, and partners interacting with Coreor.net through our websites, mobile applications, APIs, forms, communication channels, and related digital services.

2.1 Identity Data

Name, surname, email address, phone number, company information, job title, location, and other identifiers submitted through contact, quote, support, or application forms.

2.2 Professional Data and CV Data

Resume or CV information, employment history, education, skills, portfolio links, GitHub or LinkedIn profiles, references, interview notes, role preferences, compensation expectations, and other information voluntarily submitted during recruitment processes.

2.3 Technical Data

IP address, device type, operating system, browser type, session data, log records, cookie identifiers, interaction data, crash reports, analytics events, and security-related records.

2.4 Communication Data

Messages submitted through contact forms, email, support requests, business inquiries, project discussions, or other communication channels.

2.5 Sensitive Data

We do not intentionally request sensitive personal data unless it is legally necessary for a specific purpose. Job applicants should avoid including unnecessary sensitive information in CVs, cover letters, portfolios, or messages unless specifically requested for a lawful and limited purpose.

• Providing software development, application development, consulting, and technical services.
• Responding to contact, quote, demo, support, and business inquiry requests.
• Managing client relationships, project discussions, contracts, and operational records.
• Receiving, reviewing, and managing job applications and candidate evaluation processes.
• Improving products, services, platform performance, and user experience.
• Maintaining website, application, API, infrastructure, and account security.
• Detecting, preventing, and investigating fraud, abuse, unauthorized access, and security incidents.
• Complying with legal, regulatory, accounting, tax, employment, and recordkeeping obligations.
• Establishing, exercising, or defending legal claims.

Depending on the nature of the processing activity, we may process personal data based on one or more of the following legal grounds:

• Explicit consent, where required or where processing is optional.
• Performance of a contract or taking pre-contractual steps at your request.
• Compliance with legal obligations.
• Legitimate interests, provided that such interests do not override your fundamental rights and freedoms.
• Establishment, exercise, or defense of legal claims.
• Other legal grounds permitted under applicable data protection laws.

Where processing relies on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

If you apply for a role at Coreor.net, we process your application data to receive and review your application, communicate with you, organize interviews, evaluate your suitability, verify relevant information where appropriate, prepare offers, and maintain recruitment records.

Evaluation for a current role is generally based on pre-contractual steps, legitimate interests, legal obligations, or the establishment, exercise, or defense of legal claims. Consent is not usually the primary basis for assessing candidates for a current vacancy.

If we wish to keep your application data for future opportunities, we will request separate optional consent. Refusing this consent will not affect your current application.

We may share personal data with carefully selected recipients where necessary for the purposes described in this Privacy Policy.

• Hosting, cloud infrastructure, CDN, DNS, security, and backup providers.
• Email, CRM, customer support, communication, and productivity tools.
• Applicant tracking systems, recruitment platforms, and HR service providers.
• Analytics, error monitoring, performance monitoring, and log management providers.
• Legal, accounting, tax, audit, and professional advisors.
• Business partners, contractors, and suppliers involved in relevant projects.
• Public authorities, courts, regulators, and law enforcement bodies where legally required.

We require service providers that process personal data on our behalf to implement appropriate confidentiality, security, and data protection obligations.

Personal data may be transferred internationally where our service providers, infrastructure, support teams, or technical systems are located outside Turkey or the European Economic Area. Where required, such transfers are protected through appropriate safeguards, which may include adequacy decisions, Standard Contractual Clauses, binding corporate rules, approved transfer mechanisms, explicit consent, or other safeguards permitted by applicable law.

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law.

When personal data is no longer required, it is deleted, destroyed, anonymized, or otherwise restricted in accordance with applicable law and internal retention procedures.

We implement technical and organizational measures designed to protect personal data against unauthorized access, unlawful processing, accidental loss, destruction, alteration, or disclosure.

• Role-based access controls and least-privilege access.
• Multi-factor authentication for administrative and sensitive access where appropriate.
• Encryption in transit and appropriate protection for stored data.
• Secure password, secret, and identity management practices.
• Logging, monitoring, backup, and recovery processes.
• Vulnerability management, patching, and environment separation.
• Confidentiality obligations, staff awareness, vendor due diligence, and incident response procedures.

Although no digital system can be guaranteed to be completely secure, we work to maintain reasonable, current, and risk-based safeguards.

Depending on the applicable law, you may have the right to:

• Access your personal data.
• Request correction of inaccurate or incomplete data.
• Request deletion or destruction of your personal data.
• Restrict or object to processing.
• Request data portability where applicable.
• Withdraw consent where processing is based on consent.
• Object to direct marketing.
• Challenge certain automated decisions where applicable.
• Request information about transfers to third parties in Turkey or abroad.

To exercise your rights, contact us at hello@coreor.net. We may request reasonable information to verify your identity before responding.

We use cookies and similar technologies to operate our website, maintain security, remember preferences, analyze performance, and improve our services.

Essential cookies may be used because they are necessary for the website to function. Analytics, personalization, advertising, or similar non-essential technologies are used only where legally permitted and, where required, based on your consent. You may manage cookie preferences through our cookie banner or browser settings.

We do not make decisions based solely on automated processing that produce legal or similarly significant effects unless permitted by law and accompanied by appropriate safeguards. Tools used for security, analytics, CV parsing, spam filtering, or technical classification are generally used as support tools rather than final decision-makers.

Our website, applications, or communications may contain links to third-party websites, platforms, repositories, social media pages, or professional profiles. We are not responsible for the privacy practices of third parties. Please review their privacy notices before submitting personal data to them.

Our services are not directed to children, and we do not knowingly seek to collect personal data from children. If you believe that a child has provided personal data to us, please contact us so that we can review and take appropriate action.

If you are not satisfied with our response to your request, you may have the right to lodge a complaint with the competent data protection authority. Under KVKK, complaints are generally submitted to the Turkish Personal Data Protection Authority after first applying to the data controller. Under GDPR, you may contact the relevant supervisory authority in the European Economic Area where applicable.

Coreor.net
Ankara, Turkey
Email: hello@coreor.net