Data Protection Notice
Privacy notice under Turkish Personal Data Protection Law No. 6698
Data Controller
İntem Triko Sanayi ve Ticaret A.Ş.
Akçaburgaz, 3097. Sk No:18, Esenyurt / İstanbul
Phone: 444 66 65 · Email: bilgi@intemtriko.com
Mersis No: [To be added]
VERBİS Registration No: [To be added]
As İntem Triko Sanayi ve Ticaret A.Ş. ('Company'), in our capacity as data controller under the Turkish Personal Data Protection Law No. 6698 ('KVKK'), we process your personal data within the framework described below. This notice is prepared in accordance with Article 10 of KVKK and the Communiqué on Procedures and Principles to be Followed in Fulfilling the Obligation of Disclosure.
1. Personal Data Processed, Purposes and Legal Basis
The following categories of personal data are processed by the Company:
- Identity Data: First name, last name
- Contact Data: Email address, phone number, company name, country
- Request Data: Message content submitted via contact form, area of interest
- Transaction Security Data: IP address, browser type and version, operating system, device type, session data, cookie data, MAC ID
- Marketing Data: Pages visited, page transition times, on-site interaction data, referring URL, communication permissions
- Financial Data: Payment methods, check/guarantee letter/bond information
Processing purposes and legal bases for personal data:
| Legal Basis | Data Processed | Purpose |
|---|---|---|
| Explicitly stipulated by law | Identity, Contact, Request | Fulfilling legal obligations under Consumer Law and related legislation |
| Establishment or performance of a contract | Identity, Contact, Financial | Fulfilling product exchange contracts, preparing quotations and managing commercial relationships |
| Establishment, exercise or protection of a right | Identity, Contact, Transaction Security, Financial | Retaining information for possible disputes, managing information security processes |
| Made public by the data subject | Identity, Contact | Sharing information between parties during business negotiations |
| Legitimate interest | Identity, Contact, Security, Marketing, Financial | Improving website performance, receiving and responding to contact requests |
| Explicit Consent | Identity, Contact, Marketing | Marketing communications including internet-based channels (WhatsApp, Telegram, Push Notification etc.) |
2. Methods of Data Collection
Your personal data is collected through contracts entered into by the Company, fairs and events attended by the Company, communication channels, website, email and similar communication methods, legal authorities and judicial bodies, and requests and complaints received by the Company.
3. Transfer of Personal Data
Your personal data may be transferred to the following parties in accordance with Articles 8 and 9 of KVKK:
- Authorised public institutions in case of legal obligation (courts, prosecutors, regulatory authorities, tax offices)
- Website infrastructure and hosting service providers
- Analytics service providers (Google Analytics etc.)
- Email and communication service providers
- Group companies and business partners for business processes
In case of international data transfers, current regulations under Article 9 of Law No. 6698 are complied with. Personal data may be transferred abroad through appropriate safeguards, primarily standard contractual clauses, as prescribed by the Board.
Limited personal data transfers may occur through analytics tools, cloud services, hosting, content delivery networks (CDN), communication infrastructure and similar technical service providers used within the website.
4. Data Retention Period
- Contact form data: Maximum 2 years if no business relationship established
- Analytics data: Maximum 26 months
- Cookie data: End of session or maximum 13 months depending on type
- Business relationship data: Duration of relationship + statute of limitations
Statutory retention periods (Turkish Commercial Code, Tax Procedure Law etc.) are reserved. Upon expiry, your data is deleted, destroyed or anonymised in accordance with Article 7 of KVKK.
5. Data Security Measures
Our Company takes all necessary technical and administrative measures under Article 12 of KVKK:
- SSL/TLS encryption, firewall, intrusion detection/prevention systems
- Access authorisation, multi-factor authentication, data masking and encryption
- Regular security updates, backup and disaster recovery procedures
- Staff confidentiality agreements, awareness training, data access policies
- Data minimisation, regular internal audits and data processing agreements with third parties
6. Your Rights as Data Subject (KVKK Article 11)
- Learning whether your personal data is being processed
- Requesting information regarding the processing
- Learning the purpose and whether data is used accordingly
- Knowing third parties to whom data has been transferred
- Requesting correction of incomplete or inaccurate data
- Requesting deletion or destruction under Article 7
- Requesting notification of corrections to third parties
- Objecting to results arising from automated analysis
- Requesting compensation for damages from unlawful processing
7. How to Submit a Request
You may submit your requests under Article 11 of KVKK in writing or via registered electronic mail (KEP), secure electronic signature, mobile signature or your email address registered in our system:
- Written application to Akçaburgaz, 3097. Sk No:18, Esenyurt / İstanbul with wet signature
- Email to bilgi@intemtriko.com via KEP, secure e-signature or mobile signature
- Application via notary public
Your application will be concluded within 30 days free of charge.
8. Right to Complaint to the Data Protection Board
If your application is rejected, deemed insufficient, or not responded to within the deadline, you may file a complaint with the Personal Data Protection Board within 30 days from the date you learn of the response and in any case within 60 days from the date of application.
Kişisel Verileri Koruma Kurumu · Nasuh Akar Mah. Ziyabey Cad. 1407. Sok. No:4, 06520 Balgat / Ankara · www.kvkk.gov.tr
9. Data Breach Notification
In the event of a personal data breach, our Company will notify the Personal Data Protection Board within 72 hours under Article 12(5) of KVKK. Where the breach poses a high risk, affected data subjects will also be notified.
10. Effective Date
This notice became effective in March 2026 and may be updated.