Data Processing Addendum
This Data Processing Addendum (“DPA”) forms part of the Carstudio’s Terms of Service (“Agreement”) between
Alıcıbul Information Technologies Inc. and the User. The User entered into this DPA on behalf of itself, the
purpose of this DPA is to reflect the parties’ agreement regarding the processing of Personal Data in
accordance with the requirements of Data Protection Legislation as defined below.
Data Protection Legislation”means all applicable legislation relating to data protection and privacy
including the EU Data Protection Directive 95/46/EC and and 2002/58/EC and any regulations which amend
or replace any of them, including the General Data Protection Regulation (GDPR).
Data Processor”, “Data Controller”, and “Data Subject” shall be interpreted in accordance with
applicable Data Protection Legislation.
“Subprocessor”means a third-party services engaged by Carstudio to process personal data.
“Personal Data”means information relating to an identified or identifiable individual. This includes
but not limited to information the User provided in their account and information relating to Clients
who engages in a transaction through the User’s website.
Terms not otherwise defined here shall have the meaning as set forth in the Agreement.
2.Processing of Personal Data
The parties agree that User is the Data Controller and that Carstudio is its Data Processor in
relation to Personal Data that is processed in the course of providing the Services. User shall always
comply with Data Protection Legislation in respect of all personal data it provided to Carstudio
pursuant to the Agreement.
Carstudio will process the Personal Data as a Data Processor, only for the purpose of providing the
Services in accordance with the Agreement or with instructions from the User (including instructions
provided through the User's Account).
User agrees that the Personal Data will be collected in compliance with Data Protection Legislation,
including all legally required consents, approvals and authorizations. Upon Carstudio’s request, User
shall provide adequate proof of having properly obtained all such necessary consents, authorizations and
If Carstudio is required by law to process the Personal Data for any other purpose, Carstudio will
provide the User with prior notice of this requirement, unless prohibited by law.
Carstudio may transfer Personal Data away from the location it which it was originally collected (i.e.
outside of the EEA), in such case, Carstudio will ensure the transfers will be completed in compliance
with mechanisms that is recognized under the relevant Data Protection Legislation as providing an
adequate level of protection for data transfers.
Following termination of the Agreement, on the User’s request, Carstudio will delete all Personal Data
processed, unless it is required by applicable law to retain the Personal Data.
Carstudio will implement and maintain appropriate technical and organizational measures to protect the
Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of,
or access to Personal Data. These measures shall be appropriate to the harm which might result from any
unauthorized or unlawful processing, accidental loss, destruction, damage or theft of Personal Data and
appropriate to the nature of the Personal Data which is to be protected.
Carstudio will ensure that all Carstudio personnel required to access the personal data are informed
of the confidential nature of the personal data and comply with the obligations sets out in this DPA.
Carstudio will notify the User promptly upon becoming aware of and confirming any accidental,
unauthorized, or unlawful processing of, disclosure of, or access to the Personal Data. Carstudio will
also take action to investigate the incident and reasonably prevent or mitigate the effects of the case.
Carstudio may use Subprocessors to process the Personal Data. The use of Subprocessor to process the
Personal Data will follow Data Protection Legislation and will be governed by a contract between
Carstudio and Subprocessor.
Sub processors will be permitted to process personal data only to deliver the services Carstudio has
requested, and they shall be prohibited from using Personal Data for any other purpose. A list of our
current Subprocessors is available upon request by sending an email to info@Carstudio.ai
In the case where the sub-processor further engages with other processor to process Personal Data,
they will respect the obligations set out in this DPA.
5. Information Requests and Audits
Carstudio will promptly notify the User of any complaints, questions or requests received from Data
Subjects regarding the Personal Data.
When applicable, Carstudio will assist the User in fulfilling your obligations in relation to Data
Subject requests under the applicable Data Protection Legislation, to the extent that the information is
available to Carstudio and that you cannot otherwise obtain the relevant information. User shall be
solely responsible for responding to any Data Subjects’ requests and user shall reimburse Carstudio for
the costs arising from this assistance.
Upon request, Carstudio will provide all reasonable assistance to the User in respect to exercising
its audit rights. Given the purpose of the audit is to verify the Processing of personal data in
accordance with this DPA. Prior to the audit, parties will agree on the duration and scope. The request
from Users in this aspect shall be reasonable to the extent required by the Data Protection Legislation
and Users will be responsible for any cost incurred with regards to the resources and time spent by
Upon your written request, Carstudio will destroy all Personal Data in its possession or return the
Personal Data to User, as requested. This requirement will not apply to the extent Carstudio is required
by applicable law to retain some or all of the User’s Data. User Data on backup servers is protected
from any further processing, except to the extent required by applicable law.
This DPA only applies where the Personal Data originates from the EEA or is otherwise subject to the
Data Protection Legislation through the process of Personal Data during providing Services to the User.
In the event of any conflict or inconsistency between the terms of the Agreement and this DPA, the
provisions of this DPA shall prevail. This DPA might be amended from time to time. Any claims brought
under this DPA will be subject to the same terms and conditions, including the exclusions and
limitations of liability, as are set out in the Agreement.