Privacy Policy

Privacy Policy – Steptember

1             Privacy Policy

1.1          This is the Privacy Policy regarding the Steptember campaign in Turkey being conducted collaboratively between Türkiye Spastik Çocuklar Vakfı and the Cerebral Palsy Alliance (ABN 45 000 062 288), a charity registered in Australia.  The organisations will jointly determine manner in which your personal data is processed, including the way in which it is used and disclosed and are the joint data controllers of your personal data.

1.2          The names and contact details of the organisations (referred to in this Policy as we, us and our) are:

Türkiye Spastik Çocuklar Vakfı
registered as a foundation in Turkey (number 2100)
Address: Prof. Dr. Hifzi Ozcan Cd. No: 8 34750 Atasehir, Istanbul, Turkey
Phone number: [+90 850 220 0707]
Email (general enquiries): []
Email (Bağışçı İlişkileri): []

Cerebral Palsy Alliance
Address: PO Box 6427, Frenchs Forest, NSW 2086 Australia
Phone number: +61 2 9975 8000
Email (general enquiries):
Email (Privacy Officer):

1.3          We are committed to safeguarding the privacy of participants and donors to the Steptember campaign in Turkey, as well as of users who visit our Steptember website (Website). 

1.4          This Privacy Policy sets out how we process and manage your personal data that we collect through the Website and the mobile app. This Privacy Policy also informs you how we use and disclose your personal data and your rights relating to your personal data. 

1.5          Our Website and other media (including communications with you) may contain links to third party websites.  If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies, or their processing of your personal data or the content of those websites.  Please check those policies before you submit any personal data to third party websites.

1.6          This Privacy Policy covers the following areas:

(1)           What personal data we may collect about you

(2)           How we may process that personal data

(3)           How we protect your personal data

(4)           How you can contact us, and your rights to prevent marketing and to access and update your personal data

(5)           Our cookies policy

(6)           How changes to this Privacy Policy and the Cookies Policy will be made

2             What personal data we may collect about you

2.1          We will collect and process all or some of the following personal data about you:

(1)           If you are a participant in Steptember:  your first and last name, email address, telephone number, whether you are over or under 18 years or age, your postal address (if you require a pedometer), limited digits of your credit card, the amount of donations you have raised, step count per day and the type / model of your mobile device or computer;

(2)           If you are a Steptember donor:  your first and last name, email address, your postal address, limited digits of your credit card, the amount of donations you have given; and

(3)           Generally:

(a)           information on how you use our services and programs and your preferences regarding our services and programs

(b)           details of your visits to our websites and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.

2.2          We generally collect personal data directly from you, such as when you visit our Website or otherwise contact and correspond with us (e.g. over the phone, via email or in person). Where it is not practicable to collect personal data from you, we may also collect personal data from publicly available sources of information, and, where you have provided your consent, from third parties.

2.3          If you do not provide us with the personal data we have requested, we may not be able to provide you with services, programs and assistance to the extent that they require us to collect, use or disclose personal information.

2.4          The Website and the Steptember campaign are for individuals who are 18 years old or older.  If you are below the age of 18 years, you must tell us and must seek the permission or your parent or guardian before providing your personal data to us.

3             How we process your personal data

3.1          In this section, we set out the purposes for which we process the personal data we collect from you.  We are required to process personal data in accordance with the applicable national laws in Turkey.  When we use the word “processing”, it means any operation or set of operations performed on personal data including its storage, use and disclosure. 

3.2          Please note that in addition to the disclosures we have identified below, we may disclose personal data for the purposes we explain in this policy to our service providers, contractors, agents, advisors (e.g. legal, financial, business or other advisors) and our affiliates that perform any activities on our behalf.

3.3          If the collaboration between Türkiye Spastik Çocuklar Vakfı and the Cerebral Palsy Alliance comes to an end, the Cerebral Palsy Alliance may enter into a new collaboration.  Under that new collaboration, the Cerebral Palsy Alliance will continue to process, use and disclose your personal data (with the new collaborator) for the same purposes, including to provide you with the opportunity to participate in, or donate to, new Steptember campaigns.

3.4          We process your personal data for the following purposes:

(1)           To communicate effectively with you and conduct our programs:  To conduct our business, including to facilitate our campaigns and programs and the provision of services to you, to respond to your queries, communicate with you, verify your identity, and process gifts or donations you make to us. 

(2)           To provide you with marketing materials:  To send you marketing information and materials related to the Steptember campaign and our other services and programs, including via email or other digital communications.

(3)           For quality and improvement purposes:  To develop and improve the quality and scope of the services and programs we provide, including to seek your feedback about our services, programs and campaigns.

(4)           To inform you of changes:  To notify you about changes to our services, programs or campaigns. 

(5)           To ensure our website content and other media is relevant:  To ensure that content from our website and other media is presented in the most effective manner for you and your device, which may include passing your data to business partners, suppliers and/or service providers. 

(6)           To reorganise or make changes to our business:  If we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; (iii) undergo a re-organisation; or (iv) the Cerebral Palsy Alliance’s collaboration partner changes, we may need to transfer some or all of your personal data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your personal data to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this Privacy Policy.

(7)           Disclosure to related companies and service providers:  We may disclose your personal data to our related companies, contractors providing services to us and to other third party service providers (such as our platform service provider, mobile app service provider, payment gateway provider and marketing service providers) we use in conducting our business.

(8)           In connection with legal or regulatory obligations:  We may process your personal data to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your personal data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so.  Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.

(9)           In relation to fraud prevention:  We and other organisations may also access and use certain information to prevent fraud as may be required by applicable law and regulation and best practice at any given time.  If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them.

4             Who do we share your personal data with and why?

4.1          For the purposes set out above, we may share your personal data with third parties. These third parties include:

(1)           Service providers: These may include:

(a)           Payment gateway providers and banks for authorisation and approval, in order to process your credit card information to complete your transactions;

(b)           third-party contractors who perform functions for us, such as order fulfilment, package delivery, marketing assistance, postal and email delivery, customer service, data analysis, and credit processing; and

(c)           IT cloud and hosting providers.

(2)           Advisors: These may include legal, financial, business or other advisors.

(3)           Other users of the Website: Any personal data you make available publicly such as by your comments or testimonials on the Website will be shared with other users of the Website.

(4)           Third parties as required by law or regulation: We may disclose your personal data as required by law or regulation, and when we believe that disclosure is necessary to protect our rights or to comply with a judicial proceeding, court order, or legal process.

5             Transmission, storage and security of your personal data

Security over the internet

5.1          No data transmission over the Internet or our Website can be guaranteed to be secure from intrusion.  However, we maintain commercially reasonable physical, electronic, technical, administrative, and procedural safeguards to protect your personal data in accordance with data protection legislative requirements.

5.2          All information you provide to us is stored on our or our subcontractors’ secure servers and accessed and used subject to our security policies and standards.  Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential and for complying with any other security procedures that we notify you of.  We ask you not to share a password with anyone.

5.3          Your personal data may be accessed by staff or suppliers in, transferred to, or stored at, a destination outside the country in which you are located, whose data protection laws may be of a lower standard than those in your country.  We will, in all circumstances, safeguard personal information as set out in this Privacy Policy. 

6             Storage

6.1          Our retention periods for personal data are based on business needs and legal requirements.  We retain personal data for as long as is necessary for the processing purposes for which the information was collected, and any other permissible, related purpose.  For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data.  When personal data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.

7             Your rights & contacting us


7.1          You have the right to ask us not to process your personal data for marketing purposes.  We will inform you if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes.  You can exercise your right to prevent such processing by not checking certain boxes on the forms we use to collect your personal data.  You can also exercise the right at any time by contacting us using the details set in this Privacy Policy.

Updating information

7.2          We will use reasonable endeavours to ensure that your personal data is accurate.  In order to assist us with this, you should notify us of any changes to the personal data that you have provided to us by contacting us as using the details set in this Privacy Policy. 

Your rights

7.3          If you have any questions in relation to our use of your personal data, you should first contact us using the details set in this Privacy Policy.  Under certain conditions, you may have the right to require us to:

(1)           provide you with further details on the use we make of your information;

(2)           provide you with a copy of information that you have provided to us;

(3)           update any inaccuracies in the personal data we hold;

(4)           delete any personal data that we no longer have a lawful ground to use;

(5)           where processing is based on consent, to withdraw your consent so that we stop that particular processing (see above in respect of marketing);

(6)           to ask us to transmit the personal data you have provided to us and we still hold about you to a third party electronically (where our processing activity is based on contract performance or consent);

(7)           object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and

(8)           restrict how we use your information whilst a complaint is being investigated.

7.4          Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). 

7.5          When contacting us to request access or correction of any personal data we hold about you, or to exercise your other rights, we ask that you provide us with as much detail as you can about the data in question as this will help us to assist you.  Before we provide you with access to your personal data, we may require some proof of identity.  If you exercise any of these rights we will check your entitlement and respond in most cases within a month.

7.6          If you have any questions about this Privacy Policy, any concerns or a complaint regarding the treatment of your personal data or a possible breach of your privacy, please contact us.

7.7          We will deal with any complaint by investigating it, and providing a response to you within a reasonable time, provided that we have all necessary information and have completed any investigation required.  In some cases, we may need to ask you to put your complaint in writing so that we are sure that we understand it, and may also need to ask you for further information or to verify your identity.  We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome.  We will treat your complaint confidentially and respond to you within a reasonable time, usually in writing.

7.8          If you are not satisfied with our use of your personal data or our response to any exercise of these rights you have the right to complain to the Board of General Data Protection. Under the Data Protection Law of Turkey Nr. 6698, data subjects can file complaint applications in relation to data controllers and to compel them to carry out their obligations under the Data Protection Law. The application must be in writing or in any other means, as to be determined by the Institution, to the data controller (Law Nr. 6698, Article 13, Data Protection Law).


The Data Protection Law in Turkey states that these applications must be concluded within a maximum period of 30 days. Following the assessment of the application by the data controller, the response (whether positive or negative) will be delivered in writing or through electronic medium.

Contacting us

7.9          If you have any questions in relation to this policy, please contact us using the contact details shown at the beginning of this Privacy Policy.

8             Cookies Policy

8.1          We use cookies on our Website. Cookies are useful because they:

  • allow a website to recognise a user’s device and to target the content displayed to the user’s interests
  • help us to improve our website
  • offer you a better service more tailored to your requirements
  • enable us to recognise your device when you return to our website
  • store information about your favourite activities on the website, thereby allowing us to tailor our website to your individual interests. This may, for example, include advertising according to your personal interests and accelerate the rate at which we can deal with your queries

By using our website you agree that, unless you have set your computer’s browser to reject them, we can place different types of cookies on your device and use that data in accordance with this policy.

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser’s Help section for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore it is recommended that you do not disable cookies.

9             Changes to our Privacy Policy or Cookies Policy

9.1          We may change our activities, the content of our Website or how we use cookies and consequently our Privacy Policy and our Cookie Policy may change from time to time in the future.  If we change this Privacy Policy or our Cookies Policy, we will update the date it was last changed below.  If these changes are material, we will indicate this clearly on our Website.

9.2          This Privacy Policy was last updated in [20 July 2020].


Image of Charli and Tej

Connect with Us