KVKK Clarification Text

Within the scope of KVKK, your personal data may be processed by PithSafe as the data controller.

When you communicate with PithSafe through the website, contact forms, appointment forms, email, phone or similar channels, we may process the following categories of personal data.

Your personal data may be processed for the following purposes:

• Responding to your contact requests
• Receiving and evaluating appointment, preliminary meeting or service review requests
• Providing information about cybersecurity services
• Conducting preliminary assessments based on your service needs
• Determining service scope, proposal requirements and project priorities
• Managing customer and potential customer relationships
• Carrying out pre-contractual communication and proposal processes
• Performing contractual obligations if a service relationship is established
• Meeting legal obligations
• Ensuring business continuity, information security and record security
• Preventing or resolving legal disputes
• Receiving, evaluating and responding to requests, complaints and applications
• Ensuring website security
• Improving website experience and technical performance

PithSafe processes personal data only for the purposes described above and aims not to use such data in a manner incompatible with those purposes.

Your personal data may be collected electronically or physically through the following channels:

• Contact forms on the website
• Appointment or security review request forms
• Email correspondence
• Phone calls
• Online meetings
• Face-to-face meetings
• Proposal, contract and project processes
• Mandatory and optional cookies used during website visits
• Information and documents you provide directly to PithSafe

Your personal data may be processed based on the legal grounds specified under Article 5 of KVKK, including:

• Processing being necessary for the establishment or performance of a contract
• Processing being necessary for the data controller to fulfill legal obligations
• The data having been made public by the data subject
• Processing being necessary for the establishment, exercise or protection of a right
• Processing being necessary for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject
• Explicit consent where required

Personal data submitted through contact and appointment forms is primarily processed to respond to your request, carry out pre-contractual communication and pursue legitimate business interests. Where a separate processing activity requires explicit consent, your consent will be requested separately and clearly.

Your personal data may be shared, limited to the purposes described above and in accordance with KVKK, with the following parties:

• Email, hosting, infrastructure, software, security and technical support providers
• Consultants, suppliers and service providers supporting business processes
• Authorized public institutions and organizations
• Courts, enforcement offices, regulatory and supervisory authorities where legally required
• Business partners or technical service providers where necessary for the performance of services

PithSafe aims to take appropriate technical and administrative measures when sharing personal data with third parties.

PithSafe may use service providers located abroad or service providers whose technical infrastructure includes servers located outside Türkiye for website hosting, email infrastructure, security services, analytics or technical tools.

In this context, personal data may be processed or stored on systems located outside Türkiye depending on the technical nature of the service provider. Where international transfer is required, PithSafe aims to act in accordance with the conditions set out under KVKK.

Your personal data is retained for the period required by the purposes of processing and for the retention periods required by applicable legislation.

In general:

• Contact and appointment requests may be retained during the request handling process and for a reasonable follow-up period
• Proposal and contract records may be retained for the period required by commercial and legal obligations
• Accounting and invoice records may be retained for statutory periods
• Website technical logs may be retained for security and audit purposes for a reasonable period
• Records that may be relevant to legal disputes may be retained during applicable limitation periods

When the retention period expires or the processing purpose no longer exists, personal data is deleted, destroyed or anonymized where appropriate.

PithSafe aims to take appropriate technical and administrative measures to prevent unlawful processing of personal data, prevent unauthorized access and ensure secure storage.

These measures may include:

• Access controls
• Strong authentication and password practices
• Secure communication protocols
• Use of updated systems and software
• Logging and monitoring mechanisms
• Backup and business continuity measures
• Awareness of personnel and service providers
• Data minimization and masking where appropriate

Under Article 11 of KVKK, you may have the following rights regarding your personal data:

• To learn whether your personal data is processed
• To request information if your personal data has been processed
• To learn the purpose of processing and whether it is used in accordance with that purpose
• To know the third parties to whom personal data is transferred domestically or abroad
• To request correction if personal data is incomplete or inaccurate
• To request deletion or destruction of personal data under the conditions set out in KVKK
• To request notification of correction, deletion or destruction to third parties to whom personal data has been transferred
• To object to a result against you arising from analysis exclusively through automated systems
• To request compensation if you suffer damage due to unlawful processing of personal data

You may submit your requests regarding your KVKK rights through the following channels:

Your application should include your name, contact details, the subject of your request and information necessary to verify your identity. PithSafe evaluates and responds to applications within the periods required by applicable legislation.

PithSafe may update this Clarification Text due to changes in business processes, legal requirements or website updates. The current version becomes effective when published on pithsafe.com.