Privacy Information Notice
Information notice regarding the processing of your personal data in accordance with Law No. 6698 on Protection of Personal Data
1 Data Controller
In accordance with Law No. 6698 on Protection of Personal Data ("KVKK"), your personal data; as the data controller Orca SaaS may be processed within the scope explained below.
Data Controller Information
Trade Name: Orca SaaS Technology Inc.
Address: [Company Address]
Email: kvkk@orcasaas.com
Phone: [Phone Number]
Registration No: [Registration Number]
2 Purposes of Processing Personal Data
Your collected personal data may be processed for the following purposes within the framework of personal data processing conditions specified in Articles 5 and 6 of KVKK:
- Providing platform services and user account management
- Customer relationship management and ensuring user satisfaction
- Development, improvement and personalization of products and services
- Conducting marketing and sales activities
- Providing technical support and customer services
- Execution of invoicing, payment and financial transactions
- Fulfillment of legal obligations
- Conducting security, cybersecurity and audit activities
- Conducting statistical analysis and reporting
- Monitoring and analyzing platform performance
- Fraud prevention and risk management
3 Categories of Personal Data Processed
3.1. Identity Information
3.2. Contact Information
3.3. Customer Transaction Information
3.4. Financial Information
3.5. Transaction Security Information
3.6. Marketing Information
3.7. Physical Security Information
4 Transfer of Personal Data
Your collected personal data may be transferred to the following persons and organizations within the framework of personal data processing conditions and purposes specified in Articles 8 and 9 of KVKK:
| Transferable Party | Transfer Purpose |
|---|---|
| Service Providers | Platform infrastructure, cloud services, payment systems |
| Business Partners | Joint service delivery, integration services |
| Authorized Public Institutions and Organizations | Fulfillment of legal obligations |
| Audit and Consulting Firms | Audit, accounting and legal consulting services |
| Overseas Servers | Data storage and cloud services (GDPR compliant) |
International Data Transfer: When your personal data is transferred abroad, necessary security measures are taken within the scope of Article 9 of KVKK and data security is ensured.
5 Methods of Collecting Personal Data
Your personal data is collected through the following methods:
- Registration forms and account creation processes on the website
- Automatic data collection tools during platform usage
- Through email, phone and live support channels
- Mobile application usage (if applicable)
- API integrations and third-party services
- Cookies and similar technologies
- Security cameras in physical locations
- Social media platforms and interactions
- Event and seminar participations
6 Your Rights Under KVKK
In accordance with Article 11 of KVKK, you can exercise the following rights by applying to our company as the data controller:
Information Access
Right to learn whether your personal data is being processed
Request Information
Right to request information if processed
Learn Purpose
Learn the purpose of processing and whether it is used appropriately
Transfer Information
Right to know third parties to whom data is transferred domestically or abroad
Correction
Right to request correction if processed incompletely or incorrectly
Deletion/Destruction
Request deletion or destruction within the framework of legal conditions
Request Notification
Request notification of correction/deletion to third parties
Objection
Right to object to automated analysis results
Compensation
Request compensation for damages due to unlawful processing
7 Application Method and Process
7.1. Application Methods
To exercise your rights under KVKK, you can apply to us through the following methods as specified in the Communiqué on Procedures and Principles for Application to the Data Controller:
Application by Email
Address: kvkk@orcasaas.com
Subject: "KVKK Application"
Must be sent with secure electronic signature, mobile signature or from the email address previously provided by the relevant person.
Written Application
Address: [Company Address]
The envelope of your application must be marked "Information Request Under Personal Data Protection Law".
In-Person Application
You can apply in person to the company address with identification documents.
7.2. Application Process
- Your application will be finalized free of charge within 30 (thirty) days at the latest
- If the transaction requires additional costs, the fee determined by the Personal Data Protection Board may be charged
- If your application is rejected, the reason for rejection will be notified with justification
- If another institution needs to be contacted to respond to your application, this will be notified and your request will be forwarded to the relevant institution
7.3. Required Information for Application
- Name, surname and signature if written application
- ID number (if available)
- Contact information (address, email, phone)
- Subject of request (which right you wish to exercise)
8 Security of Personal Data
Our company, pursuant to Article 12 of KVKK, takes necessary technical and administrative measures to ensure appropriate level of security to prevent unlawful processing and access to personal data and to ensure their protection.
Technical Security Measures
- 256-bit SSL/TLS encryption protocols
- Firewalls and intrusion detection systems
- Regular security scans and penetration tests
- Data encryption and anonymization techniques
- Secure data backup and recovery systems
- Multi-factor authentication (MFA)
- Maintaining and monitoring log records
Administrative Security Measures
- Maintaining personal data processing inventory
- Employee confidentiality agreements and training
- Access authorization and control systems
- Data processing policies and procedures
- Regular audits and risk assessments
- Data breach notification processes
- Data Protection Impact Assessments (DPIA)
9 Retention and Destruction of Personal Data
Your personal data is retained for the period necessary for processing purposes and the maximum periods stipulated in relevant legislation.
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Customer Transaction Information | While account is active + 3 years | Contractual relationship, legitimate interest |
| Financial Records | 10 years | Tax Procedure Law |
| Communication Records | 2 years | Legal obligation |
| Security Camera Records | 6 months | Legal obligation |
| Log Records | 1 year | Information security |
| Marketing Consents | Until consent is withdrawn | Explicit consent |
Automatic Destruction: Personal data whose retention period has expired is automatically deleted or anonymized within the framework of our technical and administrative destruction processes.
10 Cookies and Similar Technologies
Our website and platform use cookies to improve user experience, personalize services and collect analytical data.
Cookie Types Used
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Basic functionality of the website | Session duration |
| Performance Cookies | Usage analysis and performance measurement | 1-2 years |
| Functional Cookies | Remembering your preferences | 1 year |
| Targeting/Advertising Cookies | Delivering relevant content and advertisements | 3-12 months |
You can control, delete or block cookies from your browser settings. For detailed information, please review our Privacy Policy.
11 Changes to Information Notice
This Information Notice may be updated from time to time due to legal compliance, service changes or updates in company policies.
- You will be notified via email or platform notification when significant changes are made
- The current information notice will always be published on our website
- The last update date is indicated at the top of this page
- We recommend reviewing the notice regularly
KVKK Contact
Contact us if you have questions about the protection of your personal data
Orca SaaS Technology Inc.
KVKK Compliance Unit
Last Update: November 4, 2025