This disclosure notice has been prepared by Centerium Bilişim Teknolojileri ve Danışmanlık Hizmetleri Ltd. Şti. ("ProxyTurk", "Company") as the data controller, within the scope of Article 10 of the Personal Data Protection Law No. 6698 ("KVKK") and the Communiqué on Procedures and Principles to be Followed in Fulfilling the Disclosure Obligation.
1. Data Controller
Centerium Bilişim Teknolojileri ve Danışmanlık Hizmetleri Ltd. Şti.
Address: Yavuz Sultan Selim Mah. Ali Yücel Sk. No:5/B D:12 Körfez / KOCAELİ
Tax Office / No: Körfez / 2061619932
Email: [email protected]
Phone: +90 850 308 9985
2. Personal Data Collected
The following personal data is collected and processed by ProxyTurk:
2.1. Identity Information
- Name, surname
- Turkish ID Number (during KYC verification process)
- Identity document image (during KYC verification process)
- Date of birth
2.2. Contact Information
- Email address
- Phone number
- Address information (province, district, full address, postal code)
2.3. Financial Information
- Billing information (company name, tax number, tax office)
- Payment history and transaction records
- IBAN number (for refund transactions)
- Credit card information (via Stripe, PCI-DSS compliant - card information is not stored on our servers)
2.4. Digital Identity and Access Information
- IP address
- Browser information (User Agent)
- Operating system information
- Login/logout times and dates
- Session data
- Cookie data
- Device information
2.5. Service Usage Information
- Proxy usage statistics (bandwidth, connection count, data transfer)
- Subscription and package information
- Service access information (proxy credentials)
- Support requests and communication history
3. Purposes of Processing Personal Data
Your personal data is processed in accordance with the processing conditions specified in Articles 5 and 6 of the KVKK for the following purposes:
- Membership registration creation and management
- Conducting identity verification (KYC) processes
- Service delivery, management and improvement
- Conducting purchase, payment and billing transactions
- Conducting refund and cancellation processes
- Providing customer support services
- Ensuring service security and preventing misuse
- Fulfilling legal obligations (including log retention obligation under Law No. 5651)
- Following and conducting legal processes
- Conducting internal and external audit activities
- Statistical analysis and reporting
- Conducting information security processes
- Fraud and abuse detection and prevention
- Providing information to authorized public institutions and organizations
- Conducting contract processes
- Communication and informational activities (with explicit consent)
- Marketing and campaign activities (with explicit consent)
4. Legal Reasons for Processing Personal Data
Your personal data is processed based on the following legal reasons specified in Article 5 of the KVKK:
- Explicitly stipulated in laws: Storage of traffic information under Law No. 5651, obligations under Law No. 6563 on the Regulation of Electronic Commerce, obligations under tax legislation
- Establishment or performance of a contract: Establishment of service contract, subscription management, payment transactions
- Legal obligation: Legal retention periods, requests from authorized authorities, tax and accounting obligations
- Legitimate interest of the data controller: Service security, fraud prevention, system improvement, statistical analysis
- Explicit consent: Marketing communications, profiling and personalized service delivery
- Establishment, exercise or protection of a right: Conducting legal processes, exercising recourse rights
5. Transfer of Personal Data
Your personal data may be transferred to the following parties in accordance with Articles 8 and 9 of the KVKK:
5.1. Domestic Transfer
- To authorized public institutions and organizations within the scope of legal obligations (courts, prosecutors, Information and Communication Technologies Authority, law enforcement, Personal Data Protection Authority, etc.)
- To lawyers, certified public accountants and independent auditors in legal processes
- To banks and payment institutions for payment transactions
- To certified public accountants within the scope of invoicing and tax obligations
5.2. International Transfer
Within the scope of Article 9 of the KVKK, your personal data may be transferred to the following international business partners in countries with adequate protection or based on your explicit consent when necessary for service delivery:
- Stripe, Inc. (USA): Payment transactions and fraud detection (PCI-DSS compliant)
- Google LLC (USA): Analytics services and ad management
- Cloudflare, Inc. (USA): Content delivery network and security services
- Amazon Web Services (USA/EU): Cloud infrastructure services
These companies operate in compliance with international data protection standards (GDPR, Standard Contractual Clauses, EU-US Data Privacy Framework, etc.).
6. Retention Periods of Personal Data
Your personal data is retained for as long as required by the processing purpose and within the statute of limitations prescribed by the relevant legislation:
| Data Category | Retention Period | Legal Basis |
|---|
| Identity and contact data | 10 years after membership ends | Turkish Code of Obligations No. 6098, Turkish Commercial Code No. 6102 |
| Financial data | 10 years from transaction date | Tax Procedure Law No. 213, Turkish Commercial Code No. 6102 |
| Traffic and access logs | 2 years | Law No. 5651 |
| KYC documents | 10 years after relationship ends | Law No. 5549, MASAK regulations |
| Support requests | 3 years from closing of request | Legitimate interest |
| Cookie data | Variable by cookie type (session - 2 years) | Law No. 5809 |
| Marketing consents | Until consent is withdrawn + 3 years | Law No. 6563 |
Personal data whose retention period has expired is deleted, destroyed or anonymized during periodic destruction periods (every 6 months).
7. Data Security Measures
The following administrative and technical measures are taken to ensure the security of your personal data:
7.1. Technical Measures
- Secure data transmission with SSL/TLS encryption
- Data storage with strong encryption algorithms (AES-256)
- Firewall and DDoS protection systems
- Regular vulnerability scanning and penetration tests
- Access control mechanisms and authorization
- Log management and monitoring systems
- Backup and disaster recovery plans
- PCI-DSS compliant payment infrastructure
7.2. Administrative Measures
- Creation of personal data processing inventory
- KVKK and data security training for employees
- Confidentiality agreements and commitments
- Data processing policies and procedures
- Data breach response plan
- Periodic internal audits and controls
- Data processing agreements with third parties
8. Rights of the Data Subject (KVKK Article 11)
You have the following rights under Article 11 of the KVKK:
- Learning whether your personal data has been processed
- Requesting information if your personal data has been processed
- Learning the purpose of processing your personal data and whether they are used in accordance with their purpose
- Knowing the third parties to whom your personal data is transferred domestically or abroad
- Requesting correction if your personal data has been processed incompletely or incorrectly
- Requesting deletion or destruction of your personal data within the framework of conditions stipulated in Article 7 of the KVKK
- Requesting notification of correction, deletion or destruction operations to third parties to whom your personal data has been transferred
- Objecting to the emergence of a result against you through the analysis of processed data exclusively by automated systems
- Requesting compensation for damages in case of unlawful processing of personal data
9. Application Method
You can apply to our Company through the following methods to exercise your rights under the KVKK:
- Email: You can send an email to [email protected] with "KVKK Application" in the subject line. The email must be sent from your registered email address.
- Written application: You can send your wet-signed petition with a copy of your ID by registered mail to our company address.
- Registered email (KEP): You can apply through your registered electronic mail (KEP) address.
Documents verifying your identity may be requested in applications. Applications will be concluded free of charge within the shortest time and within 30 (thirty) days at the latest, depending on the nature of your request. If the response exceeds 10 (ten) pages or is provided on CD/flash drive, the fee schedule determined by the Personal Data Protection Board may apply.
10. Right to Complain to the Personal Data Protection Board
In case your application is rejected, the response is found insufficient, or no response is given within 30 days, you may file a complaint with the Personal Data Protection Board ("Board") within 30 days from the date you learned of the response and in any case within 60 days from the date of application.
Board's contact information: www.kvkk.gov.tr
11. Changes to the Disclosure Notice
ProxyTurk reserves the right to update this disclosure notice in line with legal regulations and changes in data processing activities. The updated notice becomes effective from the moment it is published on the website.