Privacy Policy

This Privacy Policy is designed to inform individuals about the processing of their personal data, including collection, recording, and transfer within national and international boundaries, in accordance with relevant legal frameworks, including the Law on the Protection of Personal Data No. 6698 (“KVKK”) and the European Union’s General Data Protection Regulation (“GDPR”). This document serves to comply with obligations under the GDPR, KVKK, and the Communiqué on Principles and Procedures to be Followed in Fulfilling the Obligation to Inform.

Data Controller Information

The joint data controllers are ECHO External Threat Protection Platform (DİSTA Siber Güvenlik Yazılım ve Danışmanlık Eğitim Hiz. Tic. A.Ş.), with principal office locations at “Ahmet Yesevi Mahallesi, Kerem Sokak, No:9 TEKNOPOL İSTANBUL Pendik/İSTANBUL” (collectively referred to as the “Data Controllers”).

Legal Grounds and Mechanisms for Gathering Personal Information

Personal data may be collected through automated systems or through non-automated means, as part of a structured data recording framework and in accordance with the GDPR and KVKK Articles 5 and 6. This processing is grounded in legal obligations and the legitimate interests of Data Controllers, including:

  • The need to process personal data directly tied to the establishment or performance of an agreement,
  • The necessity of processing to establish, exercise, or protect legal rights, or
  • Other legitimate interests that do not infringe upon the fundamental rights and freedoms of the individual.

Categories and Purposes of Processed Personal Data

Data Controllers process various categories of data to enhance operational efficiency across departments, including Research & Development, Cyber Threat Intelligence, Product Engineering, and Market Strategy. Personal data may be processed for the following purposes:

  • To Improve Service Quality: Processing identifiers like name, surname, national identity or passport number, and contact information to enhance product and service quality.
  • For Marketing and Market Research: Use of name and contact information to conduct marketing initiatives and analyze market trends.
  • For Online and Sales Operations: Processing identifiers and financial information as part of online sales transactions.
  • To Assess Customer Preferences and Satisfaction: Collection of identifiers and contact details to evaluate purchasing preferences and improve satisfaction.
  • To Enhance User Experience: Processing of personal data for a seamless and personalized user experience.
  • For Business Activities and Operational Security: Handling personal data to secure business processes and ensure operational integrity.

Data Controllers may store, update, and process your data as described above, ensuring secure handling in both physical and digital storage environments, and, where applicable, share this data with authorized third parties, in line with GDPR, KVKK, and other governing laws.

Data Transfers: Recipients and Purpose

Your personal data may be shared domestically or internationally with authorized units within the Data Controllers, financial institutions, insurance providers, regulatory agencies, law enforcement authorities, and third-party cloud services such as Google Analytics, Microsoft Azure, Amazon Web Services, and Microsoft Clarity. Such transfers are conducted securely and align with GDPR and KVKK requirements, primarily for business operations and monitoring user activity.

In other instances where legally required, personal data may be shared with relevant authorities to fulfill legal obligations.

Your Rights Under GDPR and KVKK

As the data subject, you have rights as outlined in Articles 12–23 of the GDPR and Article 11 of the KVKK. You may apply to the Data Controllers to:

  • Request information on the processing of your data if it has been processed;
  • Confirm whether your personal data is being processed;
  • Know the third parties with whom your data has been shared, domestically or abroad;
  • Learn the purpose of processing and whether your data is used for its intended purpose;
  • Request deletion or destruction of your data under KVKK conditions;
  • Request correction of incomplete or inaccurate data;
  • Request notification of actions taken in compliance with items above;
  • Object to data processing conducted exclusively through automated means, particularly if it results in unfavorable outcomes;
  • Claim compensation for damages incurred due to unlawful processing of your data.

To exercise these rights, requests can be submitted to the Data Controllers in writing at “Ahmet Yesevi Mahallesi, Kerem Sokak, No:9 TEKNOPOL İSTANBUL Pendik/İSTANBUL” or “Şerifali, Turgut Özal Blv No:205, 34775 Ümraniye/İstanbul” or through other authorized methods prescribed by the Personal Data Protection Authority, in line with GDPR and KVKK guidelines. Requests will be processed within the timelines specified by these regulations.

By reviewing this document, you acknowledge and confirm that you have been fully informed by the Data Controllers regarding the identity of the data controller, data collection methods and legal basis, the types of personal data processed, processing purposes, data transfer recipients and purposes, and your rights as a data subject under the GDPR and KVKK. You further acknowledge that Data Controllers have fulfilled their obligation to inform.

This policy may be updated in accordance with GDPR, KVKK, and related legislation as deemed necessary by the Data Controllers.

Agreement on the Processing, Collection, and Transfer of Personal Information

The joint data controllers for this consent document are ECHO External Threat Protection Platform and DİSTA Siber Güvenlik Yazılım ve Danışmanlık Eğitim Hiz. Tic. A.Ş. (collectively referred to as “Data Controllers”), with principal offices located at “Ahmet Yesevi Mahallesi, Kerem Sokak, No:9 TEKNOPOL İSTANBUL Pendik/İSTANBUL” and “Şerifali, Turgut Özal Blv No:205, 34775 Ümraniye/İstanbul”.

As a valued user/customer, you confirm that you have been duly informed by the Data Controllers on all relevant points listed in the “Information Letter on Collection, Processing and Transfer of Your Personal Data,” as per the EU General Data Protection Regulation (GDPR), the Turkish Law on the Protection of Personal Data No. 6698 (KVKK), and other relevant regulations. This acknowledgment also confirms that the Data Controllers have fully met their information obligations.

Data Transfers: Purpose and Recipients

Your personal data may be transferred domestically and internationally to authorized departments within the Data Controllers, financial institutions, insurance providers, regulatory authorities, and third-party cloud service providers, including Amazon Web Services, Microsoft Azure, Microsoft Clarity, and Google Analytics, where necessary. Such transfers comply with GDPR and KVKK standards and are conducted to support business activities, monitor in-product user interactions, and fulfill the operational needs of the Data Controllers.

Furthermore, as legally required, your data may be disclosed to relevant authorities to meet compliance and regulatory requirements.

Explicit Consent Declaration

By this document, you, as our user/customer, hereby give your explicit and informed consent, with full knowledge and free will, for the collection, processing, use, and transfer of your personal data, both domestically and internationally, as outlined above.