This notice is prepared in accordance with the EU General Data Protection Regulation (GDPR) and Turkish Law No. 6698 (KVKK).
1
Data Controller
Kurtsan Porya Sanayi
Konya Organized Industrial Zone, Büyükkayacık OSB, 101. Cd No:20, 42250 Selçuklu / Konya, Türkiye
Tel: +90 (332) 239 07 73
Konya Organized Industrial Zone, Büyükkayacık OSB, 101. Cd No:20, 42250 Selçuklu / Konya, Türkiye
Tel: +90 (332) 239 07 73
2
Categories of Personal Data Processed
| Category | Data |
|---|---|
| Identity | First name, last name |
| Contact | Email address, phone number, postal address |
| Business | Company name, tax/VAT number, city, country |
| Account | Encrypted credentials, account role, approval status |
| Consent | GDPR/KVKK consent records, commercial communication preference, newsletter subscription |
| Technical | Session cookie (token), language preference cookie, IP address (logging) |
3
Purposes of Processing
- B2B membership application, review, and account creation
- User authentication and session management
- Order fulfilment and delivery management
- Customer service and technical support
- Compliance with legal obligations (invoicing, accounting)
- Commercial electronic communications (where explicit consent is given)
- Newsletter distribution (where subscribed)
- Platform security and unauthorised access prevention
4
Legal Basis (GDPR Article 6)
| Purpose | Legal Basis |
|---|---|
| Account creation, order management | Performance of a contract (Art. 6(1)(b)) |
| Invoicing, accounting records | Legal obligation (Art. 6(1)(c)) |
| Platform security | Legitimate interests (Art. 6(1)(f)) |
| Commercial communications, newsletter | Consent (Art. 6(1)(a)) |
5
Data Processors and Infrastructure
Your personal data is processed through the following sub-processors:
| Provider | Purpose | Data Centre |
|---|---|---|
| Vercel Inc. | Web application hosting | Frankfurt, Germany (EU — FRA1) |
| Neon Inc. | Database service | Frankfurt, Germany (EU — FRA1) |
Both providers operate data centres within the European Union (Frankfurt, Germany). Your data is not physically transferred outside the EU/EEA.
6
International Transfers
As detailed in Section 5, all data is hosted and processed within the EU. Where any international transfer occurs, it is conducted under appropriate safeguards, including Standard Contractual Clauses (SCCs) or adequacy decisions.
7
Retention Periods
| Data Type | Retention Period |
|---|---|
| Account and contact data | Duration of account + 3 years |
| Order and invoice records | 10 years (statutory requirement) |
| Session cookie (token) | 7 days (deleted with session) |
| Newsletter subscription | Until unsubscription |
| Consent records | 3 years from date of consent |
8
Your Rights (GDPR Articles 15–22)
- Access — obtain confirmation of whether we process your data and a copy
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion ('right to be forgotten')
- Restriction — request that we limit processing in certain circumstances
- Data portability — receive your data in a structured, machine-readable format
- Object — to processing based on legitimate interests or for direct marketing
- Withdraw consent — at any time, without affecting prior lawful processing
- Lodge a complaint — with your national supervisory authority
To exercise your rights, please contact us at the address in Section 1.
9
Cookies
The platform uses only essential technical cookies. Please refer to our Cookie Policy for details.