Privacy Policy

1. Introduction

At EnegalTech ("Company", "we", "our"), we attach great importance to the protection of your personal data. This Privacy Policy provides detailed information about how your personal data is collected, processed, stored, and protected when you use our website (enegaltech.com) and our services.

This policy has been prepared in accordance with the Personal Data Protection Law No. 6698 dated April 7, 2016 ("KVKK"), the European Union General Data Protection Regulation ("GDPR" - EU Regulation 2016/679), and international data protection standards.

By visiting our website, using our services, or contacting us, you are deemed to have accepted the terms set forth in this Privacy Policy. If you do not accept our policy, please do not use our website.

2. Data Controller

In accordance with Article 3 of KVKK and Article 4 of GDPR, the data controller responsible for the processing of your personal data is the following entity:

As the data controller, EnegalTech determines the purposes and means of processing personal data and is responsible for fulfilling all obligations under the relevant legislation.

3. Personal Data Collected

The following categories of personal data are collected within the scope of providing our services and the operation of our website:

3.1. Data Provided Directly

• Identity Information: Name, surname, title
• Contact Information: Email address, phone number, address
• Company Information: Company name, industry, job description
• Contact Form Data: Messages and requests submitted through our website

3.2. Data Collected Automatically

• IP Address: The IP address associated with your internet connection
• Browser Information: Browser type, version, language preference
• Device Information: Operating system, screen resolution, device type
• Usage Data: Pages visited, click data, site entry/exit times, page view durations
• Location Data: Approximate geographical location obtained through IP address
• Cookie Data: Data collected through cookies used on our website (see Section 6 for details)

3.3. Data Obtained from Third Parties

• Contact information received through business partnerships and referrals
• Publicly available profile information through social media platforms
• Statistical data obtained from analytics service providers

4. Purposes of Data Processing

The collected personal data is processed for the following purposes:

1. Service Delivery: Providing the services you request, fulfilling contractual obligations, and managing customer relationships
2. Communication: Responding to your requests and inquiries, providing information and support services
3. Website Improvement: Improving the performance, content, and user experience of our website
4. Security: Conducting information security processes, detecting and preventing unauthorized access attempts
5. Marketing: With your explicit consent, conducting promotions, campaigns, and announcements related to our services
6. Analysis and Reporting: Conducting statistical analyses, determining usage trends
7. Legal Obligation: Fulfilling legal regulations and legislative requirements, responding to requests from authorized institutions and organizations
8. Business Development: Developing new services and products, improving existing services

5. Legal Basis for Data Processing

Your personal data is processed based on the following legal grounds:

5.1. Under KVKK (Article 5)

Your personal data is processed under the following conditions pursuant to Article 5 of KVKK No. 6698:

• Explicit Consent (Art. 5/1): Your explicit consent is obtained for marketing communications and the use of non-essential cookies.
• Explicitly Stipulated by Laws (Art. 5/2-a): Data processing activities required by legal regulations.
• Performance of a Contract (Art. 5/2-c): Data processing activities necessary for the establishment or performance of our service contracts.
• Legal Obligation (Art. 5/2-ç): Processing necessary for the fulfillment of our legal obligations as the data controller.
• Legitimate Interest (Art. 5/2-f): Data processing activities necessary for our legitimate interests, provided that they do not harm your fundamental rights and freedoms.

5.2. Under GDPR (Article 6)

The legal bases for the processing of your personal data pursuant to Article 6 of GDPR are as follows:

• Consent (Art. 6/1-a): You have given clear and specific consent for certain processing activities.
• Performance of a Contract (Art. 6/1-b): Processing is necessary for the performance of a contract concluded with you or for taking pre-contractual measures.
• Legal Obligation (Art. 6/1-c): Processing is necessary for the fulfillment of a legal obligation to which the data controller is subject.
• Legitimate Interest (Art. 6/1-f): Processing is necessary for the legitimate interests of the data controller or a third party (this basis does not apply where the fundamental rights and freedoms of the data subject prevail).

6. Cookies

Our website uses cookies to improve user experience and enhance service quality.

6.1. Cookie Types

6.2. Cookie Management

You can reject cookies or receive a warning when a cookie is sent by changing your browser settings. However, please note that disabling cookies may prevent some features of our website from functioning properly. You can manage your cookie preferences through the following methods:

• Through your browser's privacy/security settings
• Through the cookie preference panel on our website
• Using third-party cookie management tools

7. Data Transfer

Your personal data may be transferred to the following parties within the scope of Articles 8 and 9 of KVKK and Articles 44-49 of GDPR, limited to the purposes stated above:

7.1. Domestic Transfer

• Business Partners: To business partners we collaborate with, to the extent required for service delivery
• Service Providers: To providers offering technical services such as hosting, email, analytics, and similar services
• Authorized Institutions and Organizations: To relevant public institutions and organizations within the scope of legal obligations
• Legal Advisors and Auditors: Within the scope of conducting legal processes and audit activities

7.2. International Transfer

Your personal data may be transferred abroad within the scope of providing our services. These transfers are carried out under the following safeguards in accordance with Article 9 of KVKK and Chapter V of GDPR (Articles 44-49):

• The existence of adequate protection in the country to which the transfer is made
• In the absence of adequate protection, the data controller and the relevant party abroad committing to adequate protection and obtaining the permission of the Personal Data Protection Board
• Use of Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) under GDPR
• Obtaining the explicit consent of the data subject

8. Data Retention Period

Your personal data is stored for the duration required by the processing purpose and within the framework of our legal obligations. The following criteria are taken into account when determining the retention period:

• Contract Period: For the duration of the service contract and the periods arising from the statute of limitations in effect from the termination of the contract
• Legal Obligation: Mandatory retention periods prescribed by the relevant legislation (for example, 5 years under tax legislation, 10 years under commercial law)
• Legitimate Interest: The period during which the risk of legal dispute continues
• Consent: Until the withdrawal of consent

Upon the expiration of the retention period or the elimination of the processing purpose, your personal data is deleted, destroyed, or anonymized in accordance with Article 7 of KVKK and the relevant regulation provisions.

9. Data Security

EnegalTech implements the following technical and administrative measures within the scope of Article 12 of KVKK and Article 32 of GDPR to ensure the security of your personal data:

9.1. Technical Measures

• Ensuring the security of data transmission with SSL/TLS encryption
• Use of up-to-date firewalls
• Access control mechanisms and authorization systems
• Regular vulnerability scans and penetration testing
• Storage of data in encrypted environments (encryption at rest)
• Regular backup operations
• Monitoring unauthorized access attempts through log records
• Use of anti-virus and anti-malware software

9.2. Administrative Measures

• Providing regular training to employees on personal data protection
• Establishing data processing inventories and record systems
• Executing confidentiality agreements
• Regular auditing of data processing activities
• Establishing and implementing data breach notification procedures
• Evaluating the data security practices of third-party service providers
• Establishing and implementing a Personal Data Retention and Destruction Policy

Despite all these measures, we would like to point out that data transmission over the internet is not 100% secure. In the event of a possible data breach, the relevant personal data protection authority and affected data subjects will be notified without delay in accordance with Article 12 of KVKK and Articles 33-34 of GDPR.

10. Rights of the Data Subject

As a personal data subject, you have the following rights:

10.1. Your Rights Under KVKK (Article 11)

You have the following rights pursuant to Article 11 of KVKK No. 6698:

1. To learn whether your personal data is being processed
2. To request information if your personal data has been processed
3. To learn the purpose of personal data processing and whether it is used in accordance with its purpose
4. To know the third parties to whom personal data has been transferred domestically or abroad
5. To request rectification of personal data if it has been processed incompletely or inaccurately
6. To request the deletion or destruction of personal data within the framework of the conditions set forth in Article 7 of KVKK
7. To request that the operations carried out pursuant to items (5) and (6) above be notified to third parties to whom personal data has been transferred
8. To object to the occurrence of a result against you through the exclusive analysis of processed data by automated systems
9. To claim compensation for damages in case of damage due to unlawful processing of personal data

10.2. Your Rights Under GDPR (Articles 15-22)

If you reside in the European Economic Area (EEA), you have the following additional rights under GDPR:

• Right of Access (Article 15): The right to request access to your processed personal data and to obtain a copy thereof
• Right to Rectification (Article 16): The right to request the rectification of inaccurate or incomplete personal data
• Right to Erasure / Right to be Forgotten (Article 17): The right to request the deletion of your personal data under certain conditions
• Right to Restriction of Processing (Article 18): The right to request the restriction of processing of your personal data in certain circumstances
• Right to Data Portability (Article 20): The right to receive your personal data in a structured, commonly used, and machine-readable format and to transfer it to another data controller
• Right to Object (Article 21): The right to object to data processing based on legitimate interest or public interest
• Right Not to be Subject to Automated Decision-Making (Article 22): The right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you

10.3. How Can You Exercise Your Rights?

To exercise the rights stated above, you can choose one of the following methods:

• Email: By submitting a written application to info@enegaltech.com
• Mail: By submitting a written application to our company address with documents that allow identity verification

Your applications will be concluded free of charge as soon as possible and within 30 (thirty) days at the latest, depending on the nature of your request. If the transaction requires an additional cost, the fee determined by the Personal Data Protection Board tariff may be charged.

11. Children's Privacy

EnegalTech services are not intended for individuals under the age of 18. We do not knowingly or intentionally collect personal data from individuals under the age of 18. If you are a parent or legal guardian and notice that your child has provided us with personal data, please contact us immediately.

If we determine that we have collected personal data from an individual under the age of 18 without the consent of a parent or legal guardian, we will take the necessary steps to delete this data from our servers. Under GDPR, the provisions of GDPR Article 8 regarding children's consent in relation to information society services shall apply.

12. International Data Transfers

As a technology company providing services internationally, EnegalTech may transfer your personal data to countries outside of Turkey. These transfers are carried out through one of the following safeguard mechanisms in accordance with Chapter V of GDPR (Articles 44-49) and Article 9 of KVKK:

12.1. Adequacy Decision

Transfers to countries recognized by the European Commission as having an adequate level of data protection are carried out without requiring additional safeguards.

12.2. Appropriate Safeguards

• Standard Contractual Clauses (SCCs): Standard data protection clauses approved by the European Commission are used.
• Binding Corporate Rules (BCRs): Binding corporate rules may be applied for transfers within the corporate group.
• Codes of Conduct and Certification: Transfers may be made within the framework of approved codes of conduct or certification mechanisms.

12.3. Derogations

In the absence of the safeguard mechanisms mentioned above, transfers may be made under the exceptional circumstances set forth in GDPR Article 49 (explicit consent, performance of a contract, public interest, establishment of legal claims, protection of vital interests).

12.4. Transfer Impact Assessment

A Transfer Impact Assessment (TIA) is conducted for international data transfers to evaluate the adequacy of data protection legislation in the destination country. This assessment analyzes the legal framework regarding surveillance in the destination country, the level of protection of data subjects' rights, and the effectiveness in practice.

13. Policy Changes

EnegalTech reserves the right to update this Privacy Policy at any time. Significant changes to the policy will be announced on our website and the updated policy will take effect on the date of publication.

You can always access the most current version of the policy on this page. The "Last updated" notice at the top of the page indicates when the policy was last revised.

In the event of significant changes (such as changes in data processing purposes, collected data categories, or third-party sharing), registered users will be notified by email. Your continued use of our services after the changes take effect will constitute your acceptance of the updated policy.

14. Contact

For questions, suggestions, or complaints regarding this Privacy Policy or the processing of your personal data, you can reach us through the following channels:

Your right to file a complaint with the Personal Data Protection Authority under KVKK is reserved. Likewise, under GDPR, you also have the right to file a complaint with the Data Protection Authority (Supervisory Authority) in the relevant European Union country.

For more information about your data protection rights:

• KVKK: Personal Data Protection Authority (kvkk.gov.tr)
• GDPR: European Data Protection Board (edpb.europa.eu)