Privacy

Privacy Policy

How Digidrom collects, processes and protects your personal data.

Last updated: 18 April 2026 · Version 1.1

At Digidrom ("we", the "Company") we care deeply about the privacy of our visitors and clients. This Privacy Policy explains how personal data collected through digidrom.com and its sub-domains is processed, with whom it is shared and what rights you have in that process.

Our policy complies with applicable legislation, notably Turkish Law No. 6698 on the Protection of Personal Data (KVKK) and the EU General Data Protection Regulation (GDPR).

1. Data Controller

The controller under this policy is Digidrom.

2. Categories of Data We Collect

2.1 Information you give us

  • Identity & contact: name, surname, email, phone, company name, position.
  • Message content: texts and attachments sent through the contact form, quote requests or email.
  • Contractual data: invoicing details, tax number, bank information (only in commercial relationships).

2.2 Information collected automatically

  • Connection data: IP address, browser type and version, operating system, device type, screen resolution.
  • Usage data: pages visited, time spent, click-path, referring URL, exit page.
  • Cookies and similar technologies: session, security, analytics and (with consent) marketing cookies. See Cookie Policy for details.

3. Purposes and Legal Basis

  • Responding to requests and quotes — contract performance and legitimate interest.
  • Providing services and support — contract performance.
  • Billing and accounting — legal obligation.
  • Site security, error diagnosis and improvement — legitimate interest.
  • Marketing and commercial communications — your explicit consent.
  • Complying with legal obligations — legal obligation.

4. Retention

We keep your personal data only as long as required for the processing purpose and applicable legal retention:

  • Contact requests: 2 years
  • Contract and invoice records: 10 years (Turkish Tax Procedure Law)
  • Marketing consents: until consent is withdrawn, max 3 years
  • Server and access logs: 1 year

5. Transfers — Domestic and Cross-Border

Your data may be transferred to the following categories of data processors:

  • Hosting and cloud infrastructure providers,
  • Email delivery services,
  • Anonymous analytics and performance tools,
  • Accounting and legal advisors,
  • Authorised public bodies (upon lawful request).

Cross-border transfers rely on KVKK Art. 9 (standard contractual clauses or Board decisions).

6. Cookies (Short Summary)

We use three categories of cookies:

  • Strictly necessary: session and security (CSRF), no consent required.
  • Analytics: anonymous visitor behaviour, loaded with your consent.
  • Marketing: only with explicit consent.

You can change your preferences anytime via the cookie panel at the bottom of the page.

7. Your Rights

Under KVKK Art. 11 you have the right to:

  • Learn whether your personal data is being processed,
  • Request information about it if so,
  • Learn the purpose and whether the data is used accordingly,
  • Know third parties to whom data is transferred (domestically or abroad),
  • Request correction, deletion or destruction if data is incomplete or incorrect,
  • Object to adverse automated decisions,
  • Claim compensation for damages

To exercise these rights, send a written request to [email protected]. We reply within 30 days.

8. Security Measures

  • End-to-end encrypted transmission (SSL/TLS),
  • Password hashing (bcrypt) and admin two-step login,
  • Access control and least-privilege principle,
  • Daily backups and incident response procedures.

9. Children's Privacy

Our site does not knowingly collect data from children under 13. If we become aware of such data, it is deleted immediately.

10. Changes

This policy may be updated in line with legal or operational requirements. The current version is always published on this page; version and date are shown at the top.

11. Contact

Digidrom · Antalya Kemer Atatürk Mah. · [email protected]

CONSULTANCY GET A QUOTE