An enterprise framework for data security and privacy

1. Identity of the Data Controller

Pursuant to the Turkish Law No. 6698 on the Protection of Personal Data ('PDPL'), your personal data is processed by [Company Full Legal Name] in its capacity as data controller, within the scope set out below. Data controller details: Legal Name: [Company Full Legal Name], Address: [Address], Contact: [Data Controller Contact], E-mail: [Email].

2. Personal Data Processed

Depending on the nature of our services, the following may be processed: identity data (name, surname), contact data (e-mail, phone, address), customer transaction data, digital trace/transaction security data (IP address, cookie records, session information) and other data you share with us.

3. Purposes of Processing

Your personal data is processed for the purposes of delivering the services offered, fulfilling contractual and legal obligations, managing requests and complaints, maintaining communication activities, ensuring information security, and improving service quality.

4. Legal Grounds

Your data is processed under Articles 5 and 6 of the PDPL based on the legal grounds of the conclusion or performance of a contract, fulfilment of a legal obligation, establishment/exercise/protection of a right, the legitimate interest of the data controller, and, where required, your explicit consent.

5. Transfer of Data

Your personal data may be transferred, limited to the above purposes and in accordance with Articles 8 and 9 of the PDPL, to authorized public institutions, business partners, suppliers, and the infrastructure/cloud providers we work with, subject to the necessary technical and administrative measures. Where transfer abroad is involved, the conditions stipulated in the PDPL are observed.

6. Retention Period

Your personal data is retained for the period required by the purpose of processing and for the statutory limitation and retention periods set out in the applicable legislation; upon expiry of these periods it is deleted, destroyed or anonymized.

7. Data Security Measures

Appropriate technical and administrative measures such as access authorization, encryption, logging, network security and regular auditing are taken to prevent the unlawful processing of and access to your personal data and to ensure its safekeeping.

8. Rights of the Data Subject (Art. 11)

Under Article 11 of the PDPL, you have the right to: learn whether your personal data is processed; request information if it has been processed; learn the purpose of processing and whether it is used in accordance with that purpose; know the third parties to whom it is transferred domestically or abroad; request correction if it is processed incompletely or inaccurately; request its deletion/destruction; request that such actions be notified to third parties to whom the data was transferred; object to a result against you arising from analysis solely by automated systems; and claim compensation for damage arising from unlawful processing.

9. Cookie Policy

Our website may use mandatory and optional cookies for the operation of the service, ensuring security and improving the user experience. You can manage your cookie preferences through your browser settings or via the cookie management tool on the site.

10. Application and Contact Method

You may submit your requests under Article 13 of the PDPL, together with information verifying your identity, in writing to [Address] or electronically to [Email]. Your applications will be concluded as soon as possible and within thirty days at the latest, depending on the nature of the request.

Submit a Data Subject Request