X

Select Your Country

Turkey (Türkçe)Turkey (Türkçe) Worldwide (English)Worldwide (English)
X

Select Your Currency

Türk Lirası $ USD
X

Select Your Country

Turkey (Türkçe)Turkey (Türkçe) Worldwide (English)Worldwide (English)
X

Select Your Currency

Türk Lirası $ USD
Sign In Sign Up
Worldwide (English) USD
not found

1. POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA (PRIVACY POLICY)

Last Updated: May 24, 2025

1. INTRODUCTION AND PURPOSE

As Muhammet Safa Demirdağ (Veribu Bilişim Teknolojileri) ("Company"), we attach great importance to the privacy and security of the personal data of our customers, potential customers, website visitors, and all other natural persons interacting with our services. This Policy on the Protection and Processing of Personal Data (“Policy”) explains how our Company collects, uses, processes, stores, shares, and protects personal data in accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”) and other relevant legislation.

This Policy applies to personal data obtained through all products and services offered by our Company (the "veribu.tr" website, mobile applications (if any), customer panel, support services, etc.).

2. DEFINITIONS

  • Personal Data: Any information relating to an identified or identifiable natural person.

  • Special Categories of Personal Data (Sensitive Personal Data): Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data. (Hosting companies generally do not directly collect or process such data, but it should be considered that customers may host such data on their own sites.)

  • Processing of Personal Data: Any operation performed upon personal data, whether wholly or partly by automated means or non-automated means which form part of a data filing system, such as collection, recording, storage, retention, alteration, adaptation, disclosure, transfer, retrieval, making available, alignment or combination, or blocking, erasure or destruction.

  • Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system (Muhammet Safa Demirdağ).

  • Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.

  • Data Subject: The natural person whose personal data is processed (Customer, Visitor, etc.).

  • Explicit Consent: Freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

  • KVKK: The Law on the Protection of Personal Data No. 6698.

3. GENERAL PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA

Our Company undertakes to comply with the following fundamental principles when processing personal data:

  • Lawfulness, fairness, and transparency.

  • Accuracy and, where necessary, keeping data up to date.

  • Processing for specified, explicit, and legitimate purposes.

  • Being relevant, limited, and proportionate to the purposes for which they are processed.

  • Being kept for no longer than is necessary for the purposes for which the personal data are processed or as prescribed by relevant legislation.

4. CATEGORIES OF PERSONAL DATA PROCESSED

Depending on the nature of the services offered, our Company may process the following categories of personal data:

  • Identity Information: Name, surname, T.R. ID number (where necessary), date of birth, gender.

  • Contact Information: Email address, phone number, address information, social media account information (if shared for communication purposes).

  • Customer Transaction Information: Order information, billing information, payment information (credit card details are not stored directly but processed through secure payment institutions), customer number, service usage details, support request records.

  • Financial Information: Bank account information (for refund or payment transactions), tax number (for legal entities).

  • Marketing Information: Cookie records, campaign participation information, survey responses, email newsletter subscription status.

  • Transaction Security Information: IP address, MAC address, log records, password and passcode information (encrypted), website and customer panel navigation information.

  • Visual and Auditory Records: Call center voice recordings (for quality and security purposes), security camera recordings (for physical office and data center security).

  • Other Information: Other data voluntarily shared by the customer during service use or data generated due to the nature of the service.

5. PURPOSES OF PROCESSING PERSONAL DATA

Our Company may process your personal data for the following purposes:

  • Provision, management, and invoicing of services.

  • Creation and management of customer accounts.

  • Responding to customer requests, questions, and complaints, providing technical support.

  • Fulfillment of contractual obligations.

  • Improvement, development, and personalization of products and services.

  • Conducting marketing and promotional activities (subject to explicit consent or within the scope of legitimate interest).

  • Informing about campaigns, promotions, and announcements.

  • Fulfillment of legal obligations (tax legislation, e-commerce legislation, etc.).

  • Resolution of legal disputes.

  • Execution of information security processes, prevention of fraud.

  • Management of Company operations and business processes.

  • Performance analysis of the website and services, and improvement of user experience.

6. METHODS OF COLLECTING PERSONAL DATA AND LEGAL GROUNDS

Your personal data may be collected through the following methods:

  • Registration and order forms filled out on our website (veribu.tr).

  • Customer panel.

  • Communication channels such as email, phone, live support.

  • Cookies and similar tracking technologies.

  • Social media platforms (if permitted by the CUSTOMER).

  • Forms filled out in a physical environment (rarely).

  • Business partners, suppliers, or third-party service providers (in accordance with the law).

Your personal data is processed based on the following legal grounds specified in Articles 5 and 6 of the KVKK:

  • Explicitly provided for by law.

  • Processing is necessary for the establishment or performance of a contract to which the data subject is party.

  • Processing is necessary for compliance with a legal obligation to which the data controller is subject.

  • Data has been made public by the data subject themself.

  • Processing is necessary for the establishment, exercise, or defense of legal claims.

  • Processing is necessary for the legitimate interests pursued by the data controller, provided that such processing does not override the fundamental rights and freedoms of the data subject.

  • Explicit consent (in cases where other legal grounds are not present).

7. TRANSFER OF PERSONAL DATA

Your personal data may be transferred to the following parties located domestically and/or abroad for the purposes stated above and in accordance with Articles 8 and 9 of the KVKK:

  • Business Partners and Suppliers: Parties collaborated with for the provision of services (domain name registrars, SSL certificate providers, payment institutions, data center operators, email service providers, cargo companies, etc.).

  • Legal Authorities: Authorized public institutions and organizations (courts, prosecutor's offices, ministries, etc.) upon their legal requests.

  • Consultants: Parties from whom consultancy is received on matters such as law, finance, and auditing (under confidentiality agreements).

  • Group Companies (if any): Group companies to which our Company is affiliated (for management and reporting purposes).

Transfer of data abroad is carried out in accordance with the conditions specified in Article 9 of the KVKK (explicit consent of the data subject, or transfer to countries declared by the Personal Data Protection Board to have an adequate level of protection, or, in the absence of adequate protection, if the parties undertake in writing to provide adequate protection and the Board's permission is obtained).

8. RETENTION PERIOD OF PERSONAL DATA

Your personal data will be stored for the period prescribed by the relevant legislation or for the period necessary for the purpose for which they are processed. At the end of the period or when the purpose of processing ceases to exist, your personal data will be deleted, destroyed, or anonymized in accordance with the KVKK and relevant legislation. For example:

  • Accounting and tax records for the relevant legal periods (generally 5-10 years).

  • Data arising from contractual relationships, during the contract period and statute of limitations periods.

  • Log records according to legal regulations (e.g., 6 months to 2 years under Law No. 5651).

  • Cookies, for different periods depending on their type (session cookies are deleted when the browser is closed, persistent cookies remain for a certain period or until manually deleted).

9. RIGHTS OF THE DATA SUBJECT

Pursuant to Article 11 of the KVKK, anyone whose personal data is processed has the right to apply to our Company and:

  • Learn whether their personal data is being processed.

  • Request information if their personal data has been processed.

  • Learn the purpose of processing their personal data and whether they are used in accordance with their purpose.

  • Know the third parties to whom personal data is transferred domestically or abroad.

  • Request correction of personal data if it is incomplete or incorrectly processed.

  • Request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK.

  • Request notification of the operations carried out pursuant to sub-paragraphs (d) and (e) to third parties to whom personal data has been transferred.

  • Object to the occurrence of a result against the person themself by analyzing the processed data exclusively through automated systems.

  • Request compensation for damages in case of suffering damage due to unlawful processing of personal data.

You can submit your requests to exercise these rights to our company in writing or by other methods determined by the Personal Data Protection Board (registered electronic mail (KEP) address, secure electronic signature, mobile signature, or by using the email address previously notified to our company by you and registered in our system). The application form is available on our website (veribu.tr/iletisim).

Your applications will be concluded free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the request. However, if the transaction also requires a cost, the fee in the tariff determined by the Personal Data Protection Board may be charged.

10. SECURITY OF PERSONAL DATA

Our Company takes all necessary technical and administrative measures to ensure the appropriate level of security to prevent unlawful processing of, unlawful access to, and to ensure the preservation of your personal data. These measures include (examples):

  • Ensuring network security and application security (firewalls, intrusion detection and prevention systems).

  • Data leakage prevention software.

  • Access authorization matrices and authorization controls.

  • Encryption of data (SSL, database encryption, etc.).

  • Regular security audits and penetration tests.

  • KVKK and information security training for employees.

  • Data backup policies.

  • Confidentiality agreements.

11. COOKIE POLICY

Cookies are used on our website to improve user experience, analyze site traffic, and conduct targeted advertising. For detailed information about our cookie policy, please visit veribu.tr/cerez-politikasi.

12. POLICY CHANGES

Our Company reserves the right to update this Policy from time to time in line with legal regulations and Company policies. The updated Policy will take effect on the date it is published on our website. Significant changes will be notified to you separately.

13. CONTACT

For any questions, requests, or complaints regarding this Policy or the processing of your personal data, you can contact us using the following contact information:

Data Controller: Muhammet Safa Demirdağ
Address: Yunusemre Mah. Bursa Cd. 63/10 Denizli/Pamukkale, Turkey
Phone: +90 (850) 840 36 95
Email: [email protected]

2. CLARIFICATION TEXT (General Example)

CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA

As Muhammet Safa Demirdağ (“Company”), in our capacity as Data Controller under the Law on the Protection of Personal Data No. 6698 (“KVKK”), we process the personal data of you, our valued customers/visitors, within the scope described below.

1. Data Controller and Representative
Pursuant to the KVKK, your personal data may be processed by Muhammet Safa Demirdağ (Yunusemre Mah. Bursa Cd. 63/10 Denizli/Pamukkale, Turkey, Pamukkale Tax Office, Tax ID: 2840598730) as the data controller, within the scope described below.

2. Purpose of Processing Personal Data
Your collected personal data (e.g., your identity information, contact information, customer transaction information, financial information, transaction security information) will be processed for the purposes of:

  • Ensuring that the necessary work is carried out by our business units to enable you to benefit from the products and services offered by our Company,

  • Establishment and performance of service agreements,

  • Management of customer accounts, processing of orders, invoicing, and execution of payment transactions,

  • Provision of technical support and customer services,

  • Customizing our products and services according to your tastes, usage habits, and needs, and recommending them to you,

  • Informing you about marketing, campaign, and promotional activities (if you have given your explicit consent),

  • Fulfillment of our legal obligations (Law No. 5651, tax legislation, e-commerce legislation, etc.),

  • Ensuring information security, detection and prevention of fraud,

  • Resolution of legal disputes,
    within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the KVKK. For detailed information, please review our Policy on the Protection and Processing of Personal Data (veribu.tr/cerez-politikasi) [Note: This link seems to point to the cookie policy, it should probably point to the full Privacy Policy if they are separate. Update link accordingly].

3. To Whom and For What Purpose Processed Personal Data May Be Transferred
Your collected personal data may be transferred to:

  • Our business partners, suppliers (domain name registrars, SSL providers, payment service providers, data center operators, etc.),

  • Legally authorized public institutions and private individuals,

  • Third parties from whom we receive legal, financial, and operational consultancy,
    for the realization of the purposes stated above and within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVKK.

4. Method and Legal Grounds for Collecting Personal Data
Your personal data is collected by our Company through various channels such as our website, mobile applications (if any), customer panel, email, telephone, call center, support requests, contracts, and forms, by automated or non-automated means. Your personal data is processed based on the legal grounds of "necessity for the establishment or performance of a contract," "necessity for the data controller to fulfill its legal obligation," "necessity for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject" as stated in Article 5 of the KVKK, or by obtaining your explicit consent.

5. Rights of the Data Subject Listed in Article 11 of the KVKK
As a personal data owner, we inform you that you have the following rights under Article 11 of the KVKK:

  • To learn whether your personal data is processed,

  • To request information if your personal data has been processed,

  • To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,

  • To know the third parties to whom your personal data is transferred domestically or abroad,

  • To request correction of your personal data if it is incomplete or incorrectly processed, and to request notification of the transaction made within this scope to third parties to whom your personal data has been transferred,

  • To request the deletion or destruction of your personal data in the event that the reasons requiring its processing cease to exist, despite it having been processed in accordance with the KVKK and other relevant law provisions, and to request notification of the transaction made within this scope to third parties to whom your personal data has been transferred,

  • To object to the occurrence of a result against you by analyzing your processed data exclusively through automated systems,

  • To request compensation for damages if you suffer damage due to unlawful processing of your personal data.

You can submit your applications regarding your rights listed above by filling out the Application Form available at veribu.tr/iletisim, or in writing to Yunusemre Mah. Bursa Cd. 63/10 Denizli/Pamukkale, Turkey, or to the email address [email protected] (with a secure electronic signature, mobile signature, or via the email previously notified by you and registered in our system). Your applications will be concluded free of charge as soon as possible and within thirty days at the latest, depending on the nature of your request.

Our Company reserves the right to make changes to this Clarification Text in line with legal legislation and Company policies.

Important Notes from Previous Turkish Version (Retained for Context):

  • Layered Clarification: The Clarification Text can be shorter and more concise, in line with the principle of layered clarification, while the Privacy Policy should be more detailed. Usually, the Clarification Text refers to the Privacy Policy.

  • Explicit Consent: If you conduct data processing activities outside the conditions of KVKK Art. 5/2 and Art. 6/3 (e.g., sending emails for direct marketing, using certain types of cookies), you must obtain separate explicit consent from the Data Subject. Explicit consent texts should also be designed separately from these documents, for a specific purpose, and in an "opt-in" (user actively ticks) manner.

  • Cookie Policy: Creating a separate Cookie Policy and referring to it in the Privacy Policy and Clarification Text is good practice. The Cookie Policy should explain what types of cookies are used, their purposes, and how users can manage their cookie preferences.

  • Data Inventory: To prepare these documents correctly, it is very important to first create a data inventory (also necessary for VERBİS registration) that identifies which personal data your company processes, for what purposes, on what legal grounds, for how long, and to whom it is transferred.

  • VERBİS Registration: Data controllers exceeding certain thresholds for annual employee numbers or annual financial balance totals are obliged to register with the Data Controllers' Registry Information System (VERBİS). Check this situation.

  • Legal Support is Essential: To reiterate, these drafts are just a starting point. The KVKK compliance process is complex and detailed. It is vital that these documents and all your data processing processes are reviewed by a legal consultant and prepared specifically for your company. Otherwise, you may face serious administrative fines.

 

not found