KVKK Privacy Notice

1. Data Controller

This privacy notice is prepared by InfinitumIT Bilişim Sanayi ve Ticaret A.Ş. as data controller under Article 10 of Turkey's Personal Data Protection Law No. 6698 ("KVKK") and the "Communiqué on the Procedures and Principles to be Followed in Fulfilling the Obligation to Inform".

2. Personal Data Processed

• Identity: First name, last name.
• Contact: Email, phone, address.
• Professional: Company name, position (optional).
• Message content: Free-text submitted via form or email.
• Technical: IP address, log records, cookie data.
• Incident response requests: Relevant technical context (attack type, impact level).

3. Purposes of Processing

• Quote, contract processes, and communication regarding the services we offer.
• Responding to incident response (IR) and technical support requests.
• Fulfilling obligations arising from legislation and contracts.
• Notification and reporting to authorized public bodies.
• Conducting information security processes (under ISO 27001).
• If you have given marketing consent, event and content announcements.

4. Transfer

Your personal data may be transferred to authorized public bodies when legally required, to our infrastructure (email, cloud) providers within the scope of a contractual relationship, and to our auditors/consultants. International transfer is carried out only with the explicit consent of the data subject or to countries that the Personal Data Protection Authority has declared to provide adequate protection.

5. Collection Method and Legal Basis

Your personal data is collected by automated or partially automated means via forms on our website, email, phone, contract processes, and cookies. Our processing bases under Article 5 of KVKK:

• Necessary for the conclusion or performance of a contract.
• Fulfillment of legal obligations.
• Legitimate interests of the data controller, provided that they do not harm the fundamental rights and freedoms of the data subject.
• Explicit consent (where required).

6. Retention Period

Your personal data is deleted, destroyed, or anonymized once the processing purpose has ceased and the period prescribed by relevant legislation has expired. See Privacy Policy for details.

7. Your Rights

Under Article 11 of KVKK, you have the right to:

1. Learn whether your personal data is processed,
2. Request information if it has been processed,
3. Learn the purpose of processing and whether it is used for that purpose,
4. Know the third parties to whom data has been transferred domestically or abroad,
5. Request correction if processed incompletely or incorrectly,
6. Request deletion or destruction,
7. Request that correction/deletion be communicated to third parties,
8. Object to a result against you arising from analysis by automated systems,
9. Request compensation for damage suffered due to unlawful processing.

8. Application

To exercise your rights above, in accordance with the "Communiqué on Application Procedures and Principles for Data Controllers", you may apply in writing or via registered electronic mail (KEP), or via secure electronic signature, mobile signature, or your personally representing email address to [email protected].

Your request will be concluded free of charge as soon as possible and within 30 (thirty) days at the latest, depending on its nature. A fee may be charged if the Personal Data Protection Authority sets one.

9. Changes

This notice is updated as needed. Significant changes are announced via our website.