TERMS OF SERVICE
Last Updated: May 24, 2025
1. PARTIES
On the one hand, Muhammet Safa Demirdağ, residing at “Yunusemre Mah. Bursa Cd. 63/10 Denizli/Pamukkale”, Pamukkale Tax Office / Tax ID Number 2840598730 (hereinafter referred to as the “SERVICE PROVIDER”), and on the other hand, the natural or legal person who declares their information through registration/order forms on the Site or via other communication channels for the purpose of purchasing and/or using the products and services (“Services”) offered by the SERVICE PROVIDER via the SERVICE PROVIDER’s website "veribu.tr" or other sales channels, and who electronically approves/accepts this Agreement (hereinafter referred to as the “CUSTOMER” and/or “USER”), have concluded this Service and Usage Agreement (hereinafter referred to as the “Agreement”) under the terms and conditions set forth below.
Hereinafter in the Agreement, the CUSTOMER/USER and the SERVICE PROVIDER shall be referred to individually as a “Party” and collectively as the “Parties.”
The CUSTOMER, for the purpose of benefiting from the Services offered by the SERVICE PROVIDER, declares and undertakes that they have read and understood this Agreement and accept all the terms and rules specified in the Agreement. The CUSTOMER’s placement of a Service order via the Site and/or commencement of using the Services shall mean that this Agreement has been accepted.
2. DEFINITIONS
Services: Web hosting (shared, VPS, VDS, dedicated server, etc.), domain name registration, SSL certificates, email services, and other related services offered by the SERVICE PROVIDER.
User Content: Any data, text, software, code, music, sound, photographs, graphics, video, messages, or other materials uploaded, hosted, processed, or transmitted by the CUSTOMER to the SERVICE PROVIDER’s servers.
AUP (Acceptable Use Policy): The policy detailing the acceptable and prohibited uses of the Services, which is an integral part of this Agreement and published on the Site.
SLA (Service Level Agreement): The agreement containing the SERVICE PROVIDER's commitments regarding service interruptions and uptime (if any and separately specified).
Force Majeure: Unforeseeable events beyond the control of the Parties, such as natural disasters, fire, flood, earthquake, war, acts of terrorism, cyber-attacks (DDoS, etc., beyond the reasonable control of the SERVICE PROVIDER), strikes, lockouts, epidemics, widespread and prolonged interruptions in energy and communication infrastructure beyond the control of the SERVICE PROVIDER, legal regulations, or orders from official authorities.
Site: The SERVICE PROVIDER’s website located at "veribu.tr" and its affiliated subdomains.
3. SCOPE OF SERVICES
3.1. The SERVICE PROVIDER undertakes to provide services in accordance with the features of the Service package selected and paid for by the CUSTOMER, as specified on the Site.
3.2. The details of the Services (disk space, bandwidth, CPU, RAM, number of email accounts, etc.) are as specified on the Site and in the CUSTOMER panel.
3.3. The SERVICE PROVIDER reserves the right to make changes to the Service features or infrastructure in line with technological developments, operational requirements, or legal obligations. Such significant changes will be notified to the CUSTOMER via the Site or email within a reasonable period инфекция (generally at least 15-30 days) in advance.
3.4. Domain name registration services are subject to the rules and policies of the relevant registration authorities (ICANN, .TR Domain Name Administration, etc.). The CUSTOMER is obliged to comply with these rules.
4. CUSTOMER OBLIGATIONS
4.1. Accurate Information: The CUSTOMER undertakes that all information provided during registration and thereafter (identity, contact, billing, etc.) is accurate, current, and complete. It is the CUSTOMER's responsibility to promptly update any changes to this information. The CUSTOMER is responsible for any problems (service interruption, legal issues, etc.) that may arise due to incorrect or incomplete information.
4.2. Account Security: The CUSTOMER is solely responsible for the security and confidentiality of the passwords and other access information for the account allocated to them (customer panel, FTP, email, database, etc.). The CUSTOMER is responsible for any damages that may arise from sharing this information with third parties or from unauthorized use. The SERVICE PROVIDER must be informed immediately in case of suspicious situations or if a security breach is noticed.
4.3. User Content Responsibility:
* The CUSTOMER is solely and exclusively responsible for all User Content (website files, databases, emails, etc.) hosted, published, transmitted, or processed on our servers and for all actions related to this content.
* User Content may not be contrary to the laws of the Republic of Turkey, international agreements, general morality, and decency.
* Content that infringes upon copyrights, trademarks, patents, trade secrets, or other intellectual property rights may not be hosted, distributed, or facilitated.
* Content that promotes illegal activities (gambling, fraud, terrorism propaganda, etc.), contains hate speech, is pornographic (especially child pornography, which is strictly prohibited and will be immediately reported to legal authorities), or distributes or hosts malicious software (viruses, trojans, malware, ransomware, spyware, etc.) is strictly prohibited.
4.4. Resource Usage and System Performance:
* The CUSTOMER agrees not to exceed the defined resource limits (CPU, RAM, disk space, bandwidth, I/O, inode, process count, etc.) of the purchased hosting package. Limits are specified on the Site or in the CUSTOMER panel.
* If excessive resource usage negatively affects the service quality of other CUSTOMERS or threatens server stability, the SERVICE PROVIDER reserves the right to restrict or suspend the relevant service or demand additional fees, with prior warning or, in urgent cases, without warning.
* In shared hosting services, the fair sharing of server resources is essential. For sites that continuously consume high resources, an upgrade to higher packages may be requested.
4.5. Data Backup Responsibility and Data Loss:
* The SERVICE PROVIDER may offer system-wide or CUSTOMER account backup services at specific intervals. However, this backup service is provided as a courtesy and is not under the primary responsibility or guarantee of the SERVICE PROVIDER. The consistency, timeliness, and completeness of backups are not guaranteed.
* The CUSTOMER is primarily and entirely responsible for regularly backing up their own data (website files, databases, emails, configuration files, etc.) and for securely storing these backups.
* Data loss caused by the CUSTOMER: The SERVICE PROVIDER cannot be held responsible in any way for data loss occurring due to the CUSTOMER's own error, negligence, intentional deletion, faulty coding, security vulnerabilities in software used by the CUSTOMER (CMS, plugins, themes, etc.), malicious software uploaded or run by the CUSTOMER, unauthorized access resulting from theft of CUSTOMER account information, or other reasons under the CUSTOMER's control.
* The CUSTOMER should not refrain from taking their own backups by relying on the SERVICE PROVIDER's backup service.
4.6. Software Licenses and Updates: The CUSTOMER is responsible for the licenses of all software (excluding the operating system, if not managed by the SERVICE PROVIDER), scripts, themes, plugins, and other applications installed or used on their servers, and for keeping this software updated and secure. The CUSTOMER is responsible for any problems (data breaches, hacking, etc.) that may arise due to outdated or vulnerable software.
4.7. Acceptable Use Policy (AUP): The CUSTOMER accepts and undertakes to comply with the AUP published on the Site, which is an integral part of this Agreement, and other policies (e.g., Spam Policy). Violation of the AUP may result in the immediate suspension or permanent termination of the service without warning.
4.8. Legal Demands and Cooperation: The CUSTOMER accepts that the SERVICE PROVIDER is obliged to comply with requests from legal authorities (providing information, removing content, etc.) and undertakes to cooperate with the SERVICE PROVIDER in this process.
5. SERVICE PROVIDER OBLIGATIONS
5.1. The SERVICE PROVIDER will make reasonable commercial efforts to keep the necessary infrastructure, technical hardware, and software updated and operational to provide the committed Services to the CUSTOMER.
5.2. The SERVICE PROVIDER will take industry-standard technical and administrative measures to ensure the confidentiality and security of CUSTOMER data. However, 100% security cannot be guaranteed due to the nature of the internet environment. Details are provided in the "Privacy Policy" and "KVKK Clarification Text."
5.3. The SERVICE PROVIDER will offer technical support services through the channels (support system, email, phone, etc.) and during the hours specified on the Site. The scope of support is limited to the SERVICE PROVIDER's infrastructure, server hardware, and directly offered services (hosting control panel, basic server software). Third-party software installed by the CUSTOMER, website coding issues, and CUSTOMER-caused configuration errors are generally outside the scope of support or may be subject to additional charges.
5.4. The SERVICE PROVIDER will notify the CUSTOMER of planned maintenance work (infrastructure updates, hardware changes, etc.) as early as possible, usually at least 24-48 hours in advance, via email or an announcement on the Site. Prior notification may not be possible for urgent and mandatory interventions (critical security vulnerabilities, hardware failures, etc.).
5.5. The SERVICE PROVIDER, within the scope of the backup service it offers (if any), does not guarantee that backups are taken and stored regularly. This service is an additional convenience and does not remove the CUSTOMER's own backup responsibility.
6. FEES AND PAYMENT
6.1. Service fees are calculated based on the current prices stated on the Site and in the selected currency. VAT and other taxes are specified separately.
6.2. Payments are made in advance at the beginning of the service period according to the payment period selected by the CUSTOMER (monthly, quarterly, semi-annually, annually, etc.).
6.3. Renewal fees are invoiced to the CUSTOMER before the service end date. For payments not made by the due date, the SERVICE PROVIDER reserves the right to suspend the service (usually 7 days after the last payment date) and, after a certain period (usually 7 days after suspension), to delete the data and terminate the service completely. Legal default interest may be applied for late payments.
6.4. The SERVICE PROVIDER reserves the right to change service fees. Price changes will be effective immediately for new CUSTOMERS and from the next renewal period for existing CUSTOMERS, and the CUSTOMER will be notified at least 30 days in advance.
6.5. Domain name registration, renewal, transfer fees, and services involving third-party costs such as SSL certificates and license fees are generally non-refundable. For other services, the refund policy is subject to the "Refund Policy" clearly stated on the Site. Refund conditions (e.g., within the first 7-15 days, not exceeding certain resource usage, etc.) are clearly defined.
7. TERM AND TERMINATION OF THE AGREEMENT
7.1. This Agreement enters into force upon the CUSTOMER's completion of the Service order, payment, and the SERVICE PROVIDER's confirmation of the order, and remains valid for the service period selected by the CUSTOMER.
7.2. At the end of the service period, unless a cancellation request is submitted by the CUSTOMER via the customer panel or by written notification and the relevant renewal fee is paid, the service is automatically renewed for the same period (if auto-renewal is active).
7.3. Termination by CUSTOMER: The CUSTOMER may request to terminate their service before the end of the service period via the customer panel or by written notification (email, support ticket). Refunds for prepaid fees are subject to the "Refund Policy" and the relevant clauses of this Agreement.
7.4. Termination by SERVICE PROVIDER:
* If the CUSTOMER materially breaches this Agreement, the AUP, or other supplementary policies (especially illegal content, spam, misuse of system resources, etc.), the SERVICE PROVIDER may immediately suspend or terminate the service without warning or with a short warning period.
* In case of non-payment by the due date and failure to pay within the granted additional period.
* In cases of legal obligations, court orders, or force majeure.
* If the CUSTOMER engages in inappropriate, threatening, or harassing behavior towards SERVICE PROVIDER personnel.
7.5. Data After Termination: In the event of termination of the Agreement for any reason (CUSTOMER cancellation, non-payment, breach of agreement, etc.), the SERVICE PROVIDER reserves the right to delete all User Content and data belonging to the CUSTOMER on its servers without further notice to the CUSTOMER and without incurring any liability. The CUSTOMER is responsible for backing up all their data before the service termination. The SERVICE PROVIDER has no obligation to store or recover data after termination.
8. PRIVACY AND PERSONAL DATA PROTECTION
8.1. The Parties undertake to protect the confidential information of the other Party (trade secrets, CUSTOMER lists, financial information, technical know-how, etc.) learned within the scope of this Agreement and not to share it with third parties without legal obligations or the written consent of the relevant Party. This obligation shall continue even after the termination of the Agreement.
8.2. The SERVICE PROVIDER will process, protect, and take necessary measures for the personal data belonging to the CUSTOMER in accordance with the Personal Data Protection Law No. 6698 (KVKK) and other relevant legislative provisions. Detailed explanations on this matter are provided in the "Privacy Policy" and "KVKK Clarification Text" published on the Site, and these documents are an integral part of this Agreement.
9. INTELLECTUAL PROPERTY
9.1. Software (control panel interface, etc.), designs, trademarks, logos, and other intellectual property rights offered by the SERVICE PROVIDER belong to the SERVICE PROVIDER or its licensors. The CUSTOMER is granted only a limited, non-transferable right to use the Services for their intended purpose.
9.2. The CUSTOMER represents and warrants that they own all intellectual property rights to their User Content or have the necessary licenses and permissions. The CUSTOMER undertakes that the User Content does not infringe upon the intellectual property rights (copyright, trademark, patent, etc.) of third parties. The CUSTOMER is responsible for all claims and lawsuits that may be directed against the SERVICE PROVIDER in this regard.
10. LIMITATION OF LIABILITY
10.1. The SERVICE PROVIDER offers its Services "as is" and "as available." No express or implied warranty is given that the Services will be uninterrupted, error-free, secure, or meet all of the CUSTOMER's expectations.
10.2. The SERVICE PROVIDER cannot be held liable in any way for indirect, incidental, special, punitive, or consequential damages (loss of profit, loss of data, loss of reputation, business interruption, CUSTOMER's liabilities towards their own customers, etc.) that the CUSTOMER or third parties may suffer, even if the possibility of such damages has been reported.
10.3. The total financial liability of the SERVICE PROVIDER for any claim arising out of or in connection with this Agreement or the Services shall in no event exceed the total service fee paid by the CUSTOMER for the relevant service within the last 1 (one) month prior to the date the event causing the damage occurred.
10.4. Disclaimer for Data Loss: The CUSTOMER accepts the risk of data loss due to hardware failures (disk failure, RAM error, etc.), software errors, unexpected system problems, cyber-attacks, viruses, or other unforeseeable technical problems that may occur on server hardware, despite the SERVICE PROVIDER's best commercial efforts. Although the SERVICE PROVIDER will make reasonable efforts to recover data in such cases, it cannot be held responsible for data loss arising from such events. This clause reinforces the CUSTOMER's own backup responsibility stated in Article 4.5.
10.5. Force Majeure: The SERVICE PROVIDER cannot be held responsible for interruptions, delays, disruptions, or data loss in its Services due to force majeure events beyond its control. The obligations of the Parties shall be suspended during the period of force majeure.
10.6. The SERVICE PROVIDER is not responsible for security vulnerabilities, performance issues, or legal violations caused by the CUSTOMER's website content, applications, or software uploaded by the CUSTOMER.
11. ACCEPTABLE USE POLICY (AUP)
The CUSTOMER accepts and undertakes to comply with the current Acceptable Use Policy (AUP). Prohibited activities specified in the AUP include, but are not limited to:
Sending unsolicited bulk email (Spam), buying/selling email lists, phishing, identity theft.
Hosting or distributing illegal (drug, weapon sales, gambling, etc.), pornographic (especially materials involving child abuse), violence- or terrorism-promoting, hate speech-containing, or defamatory content.
Unauthorized distribution or hosting of materials infringing on intellectual property rights such as copyrights, trademarks, patents, or trade secrets (software, music, movies, etc.) (Warez, Nulled scripts, etc.).
Attempting to violate system or network security (hacking, port scanning, organizing or mediating DoS/DDoS attacks, network sniffing, etc.).
Excessive consumption of server resources (CPU, RAM, network traffic, disk I/O) in a way that negatively affects other users; cryptocurrency mining (generally prohibited); file sharing/downloading (torrent clients, warez sites, etc.), video/audio streaming (generating heavy traffic), using as a public proxy, VPN, or TOR exit node (generally prohibited in shared hosting).
Distribution, hosting, or running of malicious software (viruses, malware, ransomware, spyware, botnet C&C, etc.).
Running IRC servers, bots, or eggdrops (generally prohibited).
Violation of the AUP may result in the immediate and unannounced suspension or termination of services and the initiation of legal proceedings. The SERVICE PROVIDER reserves the right to evaluate AUP violations at its sole discretion.
12. AMENDMENTS TO THE AGREEMENT
The SERVICE PROVIDER reserves the right to unilaterally change or update this Agreement and its annexes (AUP, Privacy Policy, SLA, etc.) at any time, at its sole discretion. Changes will become effective from the date they are published on the SERVICE PROVIDER’s Site. Significant changes (usually price, basic scope of service, etc.) will be notified to the CUSTOMER via their registered email address within a reasonable period (usually at least 15-30 days) in advance. The CUSTOMER's continued use of the Services after the changes are published and/or notified means that they accept the revised terms of the Agreement. The CUSTOMER is responsible for regularly checking the current Agreement.
13. NOTICES
All notices within the scope of this Agreement will be made by the SERVICE PROVIDER to the CUSTOMER's registered email address in the system via electronic mail or through the CUSTOMER panel. Notices to be made by the CUSTOMER to the SERVICE PROVIDER must be made through the support system, registered email address, or official communication channels specified on the Site. The CUSTOMER is responsible for keeping their contact information (especially email address) up to date. Notices sent to the email address are deemed to have been served at the time of sending.
14. GOVERNING LAW AND JURISDICTION
The laws of the Republic of Turkey shall apply to the resolution of any disputes arising from the interpretation, application, and validity of this Agreement, and to any disputes that may arise between the parties.
15. SEVERABILITY
If any article, provision, or term of this Agreement is determined to be invalid, illegal, or unenforceable for any reason, this shall not affect the validity, legality, and enforceability of the remaining articles, provisions, or terms of the Agreement, and they shall remain in full force and effect.
16. WAIVER
The failure or delay of either Party to exercise any right, power, or privilege under this Agreement shall not operate as a waiver thereof, nor shall any single or partial exercise of any right preclude any other or future exercise of that right. Any waiver will be valid only if made in writing and signed by the waiving Party.
17. ENTIRE AGREEMENT
This Agreement, together with its annexes (AUP, Privacy Policy, SLA (if any), and other documents accepted in the order form), constitutes the entire agreement and final expression of the Parties. This Agreement supersedes all prior oral or written agreements, representations, undertakings, and discussions between the Parties on the subject matter. No representation, promise, or undertaking not expressly stated in this Agreement shall be binding.
18. EVIDENTIARY AGREEMENT
The Parties accept, declare, and undertake that in disputes arising from this Agreement, the commercial books and records of the SERVICE PROVIDER, computer records (including log records, email correspondence, database records), CUSTOMER panel records, and documents such as microfilm, microfiche, and sound recordings shall constitute conclusive and exclusive evidence within the meaning of Article 193 of the Code of Civil Procedure No. 6100.
BY ORDERING SERVICES, REGISTERING ON THE SITE, AND/OR COMMENCING USE OF THE SERVICES, THE CUSTOMER DECLARES AND UNDERTAKES THAT THEY HAVE CAREFULLY READ AND UNDERSTOOD THIS AGREEMENT AND ALL ITS REFERENCED ANNEXES, AND UNCONDITIONALLY ACCEPTS ALL ITS PROVISIONS.
1. POLICY ON THE PROTECTION AND PROCESSING OF PERSONAL DATA (PRIVACY POLICY)
Last Updated: May 24, 2025
1. INTRODUCTION AND PURPOSE
As Muhammet Safa Demirdağ (Veribu Bilişim Teknolojileri) ("Company"), we attach great importance to the privacy and security of the personal data of our customers, potential customers, website visitors, and all other natural persons interacting with our services. This Policy on the Protection and Processing of Personal Data (“Policy”) explains how our Company collects, uses, processes, stores, shares, and protects personal data in accordance with the Law on the Protection of Personal Data No. 6698 (“KVKK”) and other relevant legislation.
This Policy applies to personal data obtained through all products and services offered by our Company (the "veribu.tr" website, mobile applications (if any), customer panel, support services, etc.).
2. DEFINITIONS
Personal Data: Any information relating to an identified or identifiable natural person.
Special Categories of Personal Data (Sensitive Personal Data): Data relating to race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data. (Hosting companies generally do not directly collect or process such data, but it should be considered that customers may host such data on their own sites.)
Processing of Personal Data: Any operation performed upon personal data, whether wholly or partly by automated means or non-automated means which form part of a data filing system, such as collection, recording, storage, retention, alteration, adaptation, disclosure, transfer, retrieval, making available, alignment or combination, or blocking, erasure or destruction.
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system (Muhammet Safa Demirdağ).
Data Processor: A natural or legal person who processes personal data on behalf of the data controller based on the authority granted by the data controller.
Data Subject: The natural person whose personal data is processed (Customer, Visitor, etc.).
Explicit Consent: Freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
KVKK: The Law on the Protection of Personal Data No. 6698.
3. GENERAL PRINCIPLES REGARDING THE PROCESSING OF PERSONAL DATA
Our Company undertakes to comply with the following fundamental principles when processing personal data:
Lawfulness, fairness, and transparency.
Accuracy and, where necessary, keeping data up to date.
Processing for specified, explicit, and legitimate purposes.
Being relevant, limited, and proportionate to the purposes for which they are processed.
Being kept for no longer than is necessary for the purposes for which the personal data are processed or as prescribed by relevant legislation.
4. CATEGORIES OF PERSONAL DATA PROCESSED
Depending on the nature of the services offered, our Company may process the following categories of personal data:
Identity Information: Name, surname, T.R. ID number (where necessary), date of birth, gender.
Contact Information: Email address, phone number, address information, social media account information (if shared for communication purposes).
Customer Transaction Information: Order information, billing information, payment information (credit card details are not stored directly but processed through secure payment institutions), customer number, service usage details, support request records.
Financial Information: Bank account information (for refund or payment transactions), tax number (for legal entities).
Marketing Information: Cookie records, campaign participation information, survey responses, email newsletter subscription status.
Transaction Security Information: IP address, MAC address, log records, password and passcode information (encrypted), website and customer panel navigation information.
Visual and Auditory Records: Call center voice recordings (for quality and security purposes), security camera recordings (for physical office and data center security).
Other Information: Other data voluntarily shared by the customer during service use or data generated due to the nature of the service.
5. PURPOSES OF PROCESSING PERSONAL DATA
Our Company may process your personal data for the following purposes:
Provision, management, and invoicing of services.
Creation and management of customer accounts.
Responding to customer requests, questions, and complaints, providing technical support.
Fulfillment of contractual obligations.
Improvement, development, and personalization of products and services.
Conducting marketing and promotional activities (subject to explicit consent or within the scope of legitimate interest).
Informing about campaigns, promotions, and announcements.
Fulfillment of legal obligations (tax legislation, e-commerce legislation, etc.).
Resolution of legal disputes.
Execution of information security processes, prevention of fraud.
Management of Company operations and business processes.
Performance analysis of the website and services, and improvement of user experience.
6. METHODS OF COLLECTING PERSONAL DATA AND LEGAL GROUNDS
Your personal data may be collected through the following methods:
Registration and order forms filled out on our website (veribu.tr).
Customer panel.
Communication channels such as email, phone, live support.
Cookies and similar tracking technologies.
Social media platforms (if permitted by the CUSTOMER).
Forms filled out in a physical environment (rarely).
Business partners, suppliers, or third-party service providers (in accordance with the law).
Your personal data is processed based on the following legal grounds specified in Articles 5 and 6 of the KVKK:
Explicitly provided for by law.
Processing is necessary for the establishment or performance of a contract to which the data subject is party.
Processing is necessary for compliance with a legal obligation to which the data controller is subject.
Data has been made public by the data subject themself.
Processing is necessary for the establishment, exercise, or defense of legal claims.
Processing is necessary for the legitimate interests pursued by the data controller, provided that such processing does not override the fundamental rights and freedoms of the data subject.
Explicit consent (in cases where other legal grounds are not present).
7. TRANSFER OF PERSONAL DATA
Your personal data may be transferred to the following parties located domestically and/or abroad for the purposes stated above and in accordance with Articles 8 and 9 of the KVKK:
Business Partners and Suppliers: Parties collaborated with for the provision of services (domain name registrars, SSL certificate providers, payment institutions, data center operators, email service providers, cargo companies, etc.).
Legal Authorities: Authorized public institutions and organizations (courts, prosecutor's offices, ministries, etc.) upon their legal requests.
Consultants: Parties from whom consultancy is received on matters such as law, finance, and auditing (under confidentiality agreements).
Group Companies (if any): Group companies to which our Company is affiliated (for management and reporting purposes).
Transfer of data abroad is carried out in accordance with the conditions specified in Article 9 of the KVKK (explicit consent of the data subject, or transfer to countries declared by the Personal Data Protection Board to have an adequate level of protection, or, in the absence of adequate protection, if the parties undertake in writing to provide adequate protection and the Board's permission is obtained).
8. RETENTION PERIOD OF PERSONAL DATA
Your personal data will be stored for the period prescribed by the relevant legislation or for the period necessary for the purpose for which they are processed. At the end of the period or when the purpose of processing ceases to exist, your personal data will be deleted, destroyed, or anonymized in accordance with the KVKK and relevant legislation. For example:
Accounting and tax records for the relevant legal periods (generally 5-10 years).
Data arising from contractual relationships, during the contract period and statute of limitations periods.
Log records according to legal regulations (e.g., 6 months to 2 years under Law No. 5651).
Cookies, for different periods depending on their type (session cookies are deleted when the browser is closed, persistent cookies remain for a certain period or until manually deleted).
9. RIGHTS OF THE DATA SUBJECT
Pursuant to Article 11 of the KVKK, anyone whose personal data is processed has the right to apply to our Company and:
Learn whether their personal data is being processed.
Request information if their personal data has been processed.
Learn the purpose of processing their personal data and whether they are used in accordance with their purpose.
Know the third parties to whom personal data is transferred domestically or abroad.
Request correction of personal data if it is incomplete or incorrectly processed.
Request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the KVKK.
Request notification of the operations carried out pursuant to sub-paragraphs (d) and (e) to third parties to whom personal data has been transferred.
Object to the occurrence of a result against the person themself by analyzing the processed data exclusively through automated systems.
Request compensation for damages in case of suffering damage due to unlawful processing of personal data.
You can submit your requests to exercise these rights to our company in writing or by other methods determined by the Personal Data Protection Board (registered electronic mail (KEP) address, secure electronic signature, mobile signature, or by using the email address previously notified to our company by you and registered in our system). The application form is available on our website (veribu.tr/iletisim).
Your applications will be concluded free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of the request. However, if the transaction also requires a cost, the fee in the tariff determined by the Personal Data Protection Board may be charged.
10. SECURITY OF PERSONAL DATA
Our Company takes all necessary technical and administrative measures to ensure the appropriate level of security to prevent unlawful processing of, unlawful access to, and to ensure the preservation of your personal data. These measures include (examples):
Ensuring network security and application security (firewalls, intrusion detection and prevention systems).
Data leakage prevention software.
Access authorization matrices and authorization controls.
Encryption of data (SSL, database encryption, etc.).
Regular security audits and penetration tests.
KVKK and information security training for employees.
Data backup policies.
Confidentiality agreements.
11. COOKIE POLICY
Cookies are used on our website to improve user experience, analyze site traffic, and conduct targeted advertising. For detailed information about our cookie policy, please visit veribu.tr/cerez-politikasi.
12. POLICY CHANGES
Our Company reserves the right to update this Policy from time to time in line with legal regulations and Company policies. The updated Policy will take effect on the date it is published on our website. Significant changes will be notified to you separately.
13. CONTACT
For any questions, requests, or complaints regarding this Policy or the processing of your personal data, you can contact us using the following contact information:
Data Controller: Muhammet Safa Demirdağ
Address: Yunusemre Mah. Bursa Cd. 63/10 Denizli/Pamukkale, Turkey
Phone: +90 (850) 840 36 95
Email: [email protected]
2. CLARIFICATION TEXT (General Example)
CLARIFICATION TEXT ON THE PROCESSING OF PERSONAL DATA
As Muhammet Safa Demirdağ (“Company”), in our capacity as Data Controller under the Law on the Protection of Personal Data No. 6698 (“KVKK”), we process the personal data of you, our valued customers/visitors, within the scope described below.
1. Data Controller and Representative
Pursuant to the KVKK, your personal data may be processed by Muhammet Safa Demirdağ (Yunusemre Mah. Bursa Cd. 63/10 Denizli/Pamukkale, Turkey, Pamukkale Tax Office, Tax ID: 2840598730) as the data controller, within the scope described below.
2. Purpose of Processing Personal Data
Your collected personal data (e.g., your identity information, contact information, customer transaction information, financial information, transaction security information) will be processed for the purposes of:
Ensuring that the necessary work is carried out by our business units to enable you to benefit from the products and services offered by our Company,
Establishment and performance of service agreements,
Management of customer accounts, processing of orders, invoicing, and execution of payment transactions,
Provision of technical support and customer services,
Customizing our products and services according to your tastes, usage habits, and needs, and recommending them to you,
Informing you about marketing, campaign, and promotional activities (if you have given your explicit consent),
Fulfillment of our legal obligations (Law No. 5651, tax legislation, e-commerce legislation, etc.),
Ensuring information security, detection and prevention of fraud,
Resolution of legal disputes,
within the scope of the personal data processing conditions and purposes specified in Articles 5 and 6 of the KVKK. For detailed information, please review our Policy on the Protection and Processing of Personal Data (veribu.tr/cerez-politikasi) [Note: This link seems to point to the cookie policy, it should probably point to the full Privacy Policy if they are separate. Update link accordingly].
3. To Whom and For What Purpose Processed Personal Data May Be Transferred
Your collected personal data may be transferred to:
Our business partners, suppliers (domain name registrars, SSL providers, payment service providers, data center operators, etc.),
Legally authorized public institutions and private individuals,
Third parties from whom we receive legal, financial, and operational consultancy,
for the realization of the purposes stated above and within the framework of the personal data processing conditions and purposes specified in Articles 8 and 9 of the KVKK.
4. Method and Legal Grounds for Collecting Personal Data
Your personal data is collected by our Company through various channels such as our website, mobile applications (if any), customer panel, email, telephone, call center, support requests, contracts, and forms, by automated or non-automated means. Your personal data is processed based on the legal grounds of "necessity for the establishment or performance of a contract," "necessity for the data controller to fulfill its legal obligation," "necessity for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject" as stated in Article 5 of the KVKK, or by obtaining your explicit consent.
5. Rights of the Data Subject Listed in Article 11 of the KVKK
As a personal data owner, we inform you that you have the following rights under Article 11 of the KVKK:
To learn whether your personal data is processed,
To request information if your personal data has been processed,
To learn the purpose of processing your personal data and whether they are used in accordance with their purpose,
To know the third parties to whom your personal data is transferred domestically or abroad,
To request correction of your personal data if it is incomplete or incorrectly processed, and to request notification of the transaction made within this scope to third parties to whom your personal data has been transferred,
To request the deletion or destruction of your personal data in the event that the reasons requiring its processing cease to exist, despite it having been processed in accordance with the KVKK and other relevant law provisions, and to request notification of the transaction made within this scope to third parties to whom your personal data has been transferred,
To object to the occurrence of a result against you by analyzing your processed data exclusively through automated systems,
To request compensation for damages if you suffer damage due to unlawful processing of your personal data.
You can submit your applications regarding your rights listed above by filling out the Application Form available at veribu.tr/iletisim, or in writing to Yunusemre Mah. Bursa Cd. 63/10 Denizli/Pamukkale, Turkey, or to the email address [email protected] (with a secure electronic signature, mobile signature, or via the email previously notified by you and registered in our system). Your applications will be concluded free of charge as soon as possible and within thirty days at the latest, depending on the nature of your request.
Our Company reserves the right to make changes to this Clarification Text in line with legal legislation and Company policies.
Important Notes from Previous Turkish Version (Retained for Context):
Layered Clarification: The Clarification Text can be shorter and more concise, in line with the principle of layered clarification, while the Privacy Policy should be more detailed. Usually, the Clarification Text refers to the Privacy Policy.
Explicit Consent: If you conduct data processing activities outside the conditions of KVKK Art. 5/2 and Art. 6/3 (e.g., sending emails for direct marketing, using certain types of cookies), you must obtain separate explicit consent from the Data Subject. Explicit consent texts should also be designed separately from these documents, for a specific purpose, and in an "opt-in" (user actively ticks) manner.
Cookie Policy: Creating a separate Cookie Policy and referring to it in the Privacy Policy and Clarification Text is good practice. The Cookie Policy should explain what types of cookies are used, their purposes, and how users can manage their cookie preferences.
Data Inventory: To prepare these documents correctly, it is very important to first create a data inventory (also necessary for VERBİS registration) that identifies which personal data your company processes, for what purposes, on what legal grounds, for how long, and to whom it is transferred.
VERBİS Registration: Data controllers exceeding certain thresholds for annual employee numbers or annual financial balance totals are obliged to register with the Data Controllers' Registry Information System (VERBİS). Check this situation.
Legal Support is Essential: To reiterate, these drafts are just a starting point. The KVKK compliance process is complex and detailed. It is vital that these documents and all your data processing processes are reviewed by a legal consultant and prepared specifically for your company. Otherwise, you may face serious administrative fines.