Data controller information notice under Turkish PDPL (Law No. 6698, Art. 10) and GDPR.
This notice is prepared under the Turkish Personal Data Protection Law No. 6698 ("KVKK") and the EU General Data Protection Regulation ("GDPR") by Ali Enis Tekin ("Data Controller"), operator of the Teknik Danışman platform, regarding the processing of personal data of panel users.
| Data Controller | Ali Enis Tekin |
|---|---|
| Contact | legal@teknikdanisman.net |
| KVKK Contact Person | kvkk@teknikdanisman.net |
| VERBIS Registration No | Registration application in progress — this section will be updated once the registration number is issued. |
The following categories of data may be processed in the course of providing our service:
| Category | Data Type | Source |
|---|---|---|
| Identity | Name, surname, username, Turkish ID no. (only if the employer uploads it for HR documents) | User / Employer |
| Contact | Email address, phone, address | User / Employer |
| Employee | Position, department, start/end date, leave/warning records | Employer |
| Transaction security | IP address, session data, browser/device info, MFA status, audit log | Automatically collected |
| Financial | Billing address, payment method reference (card number stored by the payment provider, not by us) | User |
| Visual/audio | Profile picture, company logo | User / Employer |
| Purpose | Legal Basis (KVKK Art. 5/2) |
|---|---|
| Performance of the service agreement, creating and maintaining the user account | Formation or performance of a contract (c) |
| Billing, payment tracking, commercial and technical support | Legal obligation (a) / Performance of contract (c) |
| Security audit, fraud prevention, brute-force protection, audit logging | Legitimate interest of the controller (f) |
| Marketing communication (only with explicit consent) | Explicit consent (a) — Law No. 6563 |
| Providing tools to the customer (employer) for running HR/IT operations | Performance of contract (c) — we act as Data Processor for the employer |
| Fulfilment of legal obligations (tax, commercial, KVKK, GDPR) | Legal obligation (a) |
Your personal data may be shared with the following third parties, only to the extent necessary to provide the service:
| Recipient Category | Data Type | Purpose | Location |
|---|---|---|---|
| Server infrastructure (Hetzner) | All panel data | Hosting | Germany (EU) |
| Email provider (Microsoft 365 / Google Workspace — provider the customer connects via OAuth) | Noteification email content | Automated notification delivery | EU / US |
| Payment provider (iyzico) | Billing info | Collection | Türkiye |
| AI service provider (Groq) | Only user prompts entered in AI chat windows | Response generation | US — provider commits to not storing data |
| Communication/support tools | Contact info + support message content | Customer support | EU / US |
Cross-border transfers are made under appropriate safeguards (Standard Contractual Clauses / SCC) per KVKK Art. 9.
| Data Category | Retention |
|---|---|
| Active user account data | For the duration the account is active |
| Passive/deleted account data | Permanent deletion 60 days after account deletion |
| Audit log records | 6 months (for security investigation needs) |
| Invoice and commercial records | 5 years under Turkish Tax Procedure Law Art. 253, 10 years under the Turkish Commercial Code |
| Labour Law records (uploaded by the customer) | 10 years per Labour Law Art. 32 (customer's responsibility) |
As a data subject you have the following rights:
You can submit requests in writing to kvkk@teknikdanisman.net or via the methods prescribed by KVKK. We respond free of charge within 30 days.
The panel only uses the following strictly necessary cookies — no marketing or analytics cookies:
PHPSESSID — Session management (HttpOnly, Secure, SameSite=Lax)td_remember — "Remember Me" feature (HttpOnly, opt-in)td_trusted_* — 2FA trusted device recognitionAll cookies are retained for the duration of your session or up to 30 days; they are not shared with third parties.
For a detailed security architecture see the Trust Center. Short summary:
Under KVKK Art. 12/5 and GDPR Art. 33-34, in the event a data breach is detected:
This notice may be updated in line with changes in legislation and the scope of our service. The current version is always published on this page; active users are notified by email for material changes.
If you are not satisfied with our response, you have the right to lodge a complaint with the Turkish Personal Data Protection Authority:
www.kvkk.gov.tr · Nasuh Akar Mah. Ziyabey Cad. 1407. Sok. No:4 Balgat-Çankaya/ANKARA