KVKK Disclosure Notice
Personal Data Processing Disclosure Notice under Article 10 of the Turkish Personal Data Protection Law No. 6698 (KVKK)
Last Updated: May 18, 2026
1. Data Controller
Tengra Teknoloji ("Company") is the data controller responsible for processing your personal data. Company Address: Turkey | Email: info@tengrateknoloji.com | Phone: +90 (531) 866-3101
2. Categories of Personal Data Processed
Identity Data: name, surname, date of birth, national ID number (for invoicing where legally required). Contact Data: phone number, email address, postal address. Account Data: username, profile photo, password (hashed). Financial Data: payment records, billing information, invoices. Usage Data: course enrollment and progress, lesson completion, login activity, device and browser information, IP address. Marketing Data: communication preferences, campaign interaction data.
3. Purposes of Processing
Your personal data is processed for: (a) providing access to courses and coaching workspaces and managing your account (contract performance); (b) processing payments and issuing invoices (legal obligation); (c) providing customer support and responding to inquiries (legitimate interest); (d) ensuring platform security and preventing fraud (legitimate interest); (e) improving course quality and user experience with operational records that do not require non-essential cookies (legitimate interest); (f) sending marketing communications, using analytics cookies, producing AI-assisted coaching drafts, or using providers that require overseas transfer consent where applicable (only with separate explicit consent); (g) complying with legal and regulatory requirements (legal obligation).
4. Methods of Collection
Personal data is collected through: online registration forms, purchase transactions, customer support communications, platform usage (automated collection through cookies and similar technologies), third-party payment processors, and identity verification services.
5. Legal Basis for Processing
Under KVKK Article 5, your data is processed based on: (a) performance of a contract (KVKK Art. 5/2-c) — for delivering educational and coaching services; (b) legal obligation (KVKK Art. 5/2-ç) — for tax, billing, and regulatory compliance; (c) legitimate interest (KVKK Art. 5/2-f) — for platform security, fraud prevention, and core service improvement, provided this does not override your fundamental rights; (d) explicit consent (KVKK Art. 5/1) — for marketing, non-essential cookies, AI-assisted coaching drafts, and overseas transfer purposes that require consent. The disclosure notice and explicit consent choices are presented separately.
6. Data Recipients & Transfers
Your personal data may be shared with: (a) payment service providers — for transaction processing (legal obligation and contract performance); (b) cloud service and hosting providers — for data storage and platform operation; (c) analytics providers — in anonymized/pseudonymized form for service improvement; (d) legal authorities — upon lawful request; (e) professional advisors — for legal, accounting, and auditing purposes. Data may be transferred abroad to cloud service providers, subject to the protective measures set forth by the KVKK Board, including Standard Contractual Clauses and adequacy decisions.
7. Data Retention Periods
Personal data is retained for: account data — duration of your active account plus 3 years after deletion; transaction records — 10 years as required by Turkish Commercial Code and Tax Procedural Law; usage logs — 24 months, then anonymized; consent records — 10 years; marketing preferences — until consent is withdrawn. When retention periods expire, data is securely deleted or irreversibly anonymized.
8. Your Rights Under KVKK Article 11
You have the right to: (a) learn whether your personal data is processed; (b) request information about processing activities; (c) learn the purpose of processing and whether data is used accordingly; (d) know domestic or foreign third parties to whom data is transferred; (e) request correction of incomplete or inaccurate data; (f) request deletion or destruction of data when processing conditions no longer exist (under KVKK Art. 7); (g) request notification of corrections/deletions to third parties; (h) object to results arising exclusively from automated processing that produce adverse effects; (i) claim compensation for damages caused by unlawful processing.
9. How to Exercise Your Rights
You may submit your requests via: (a) Email: info@tengrateknoloji.com (with a signed petition or secure electronic signature); (b) The data request form in your account settings; (c) Registered mail to our company address. We will respond to your request free of charge within 30 days. If your request requires additional effort, we may charge a fee in accordance with the tariff set by the KVKK Board. If your request is denied or you find our response insufficient, you may file a complaint with the KVKK Board within 30 days.
10. Data Security Measures
We implement appropriate technical and organizational security measures including: encryption of data in transit and at rest, access controls and authentication mechanisms, regular security assessments and penetration testing, employee training on data protection, incident response and data breach notification procedures, and physical security measures for server infrastructure.