At InfinitumIT (hereinafter "the Company"), we attach great importance to the privacy and security of personal data of visitors and customers using our services. This policy explains how we collect your data, the purposes for which we process it, how long we retain it, and your rights.
1. Data Controller
InfinitumIT Bilişim Sanayi ve Ticaret A.Ş.
Address: Istanbul, Türkiye
Email: [email protected]
2. Data We Collect
2.1. Collected from you
- Contact form: First name, last name, email, phone, company info, message content.
- Incident response (Under Attack) form: The above plus estimated impact level and technical context.
- Event and report registrations: Name, email, company; optionally position.
- Job applications: Information in CV and the application form.
2.2. Automatically collected
- IP address, browser, and device information (in server log records).
- Cookie information (see Cookie Policy).
3. Purposes of Processing
- Responding to your service and quote requests.
- Contract negotiations, pre- and post-sales support.
- Rapid response to incident response (IR) requests.
- Fulfilling our legal obligations (KVKK, tax, commercial regulation).
- Ensuring site security and preventing abuse attempts.
4. Legal Basis
Your data is processed under Article 5/2 of KVKK on the following legal grounds:
- Necessary for the conclusion or performance of a contract (quote and service processes).
- Fulfillment of legal obligation (regulatory compliance).
- Legitimate interest (site security, abuse detection and prevention).
- Explicit consent where required.
5. Transfer
We transfer your personal data only to authorized public bodies when legally required or to our service providers (e.g., email infrastructure, cloud provider) under contractual safeguards. We do not sell to third parties for marketing purposes.
6. Retention Period
- Contact and quote requests: 3 years.
- Contracted customer data: contract term + 10 years (per legislation).
- Server and security logs: 2 years.
- Job applications: 1 year after the position closes.
At the end of the period, data is deleted, destroyed, or anonymized.
7. Security Measures
- ISO 27001-certified information security management system.
- Encryption in transit and at rest (TLS, AES-256).
- Access control, MFA, and PAM (privileged access management).
- Regular penetration testing and vulnerability scanning.
- Employee awareness training and confidentiality undertakings.
8. Your Rights
Under Article 11 of KVKK you have the right to:
- Learn whether your personal data is processed.
- If processed, learn the purposes of processing.
- Know third parties to whom data has been transferred domestically or abroad.
- Request correction if processed incompletely or incorrectly.
- Request deletion or destruction.
- Object to a result against you arising from automated analysis.
- Request compensation for damage suffered due to unlawful processing.
You may contact us for your requests via [email protected]. A response will be provided within 30 days at the latest.
9. Policy Updates
This policy is updated as needed. Significant changes are announced via our website.
