PERSONAL DATA PROTECTION AND PRIVACY POLICY

1. Parties

This Personal Data Protection and Privacy Policy (the "Policy") is established by ESD Pro Information Technologies Software Industry and Trade Limited Company ("ESD Pro" or "Data Controller") for users and customers of its services.

2. Purpose and Scope

This Policy regulates the processing, storage, protection, and destruction of personal data in accordance with applicable data protection legislation, including Law No. 6698 on the Protection of Personal Data (KVKK).

3. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person

• Data Controller: ESD Pro

• Data Processor: A real or legal person processing personal data on behalf of the Data Controller

4. Processed Personal Data

ESD Pro may process the following personal data:

• Identity information (name, surname, national ID where required)

• Contact information (phone number, email address, postal address)

• Billing and payment information

• IP address, traffic data, and log records

• Service usage and transaction records

5. Purposes of Processing Personal Data

Personal data are processed for the following purposes:

• Provision and performance of services

• Customer relationship management and support

• Billing and accounting processes

• Compliance with legal obligations

• Information security and system integrity

6. Collection Method and Legal Basis

Personal data are collected via websites, customer panels, contracts, electronic forms, and support channels based on the legal grounds specified in Articles 5 and 6 of KVKK.

7. Transfer of Personal Data

Personal data may be transferred, in compliance with applicable legislation, to:

• Authorized public institutions and authorities

• Business partners providing accounting, legal, or infrastructure services

• Domestic or international domain registrars and hosting providers where necessary

8. Data Security

ESD Pro implements appropriate technical and administrative measures to ensure the security of personal data.

9. Data Retention Period

Personal data are retained for the periods stipulated by relevant legislation or as required for processing purposes and are deleted, destroyed, or anonymized upon expiration.

10. Rights of the Data Subject

Pursuant to Article 11 of KVKK, data subjects have the right to:

• Learn whether personal data are processed

• Request information regarding processed data

• Learn the purpose of processing and whether data are used accordingly

• Request correction, deletion, or destruction of personal data

• Learn third parties to whom data are transferred

• Claim compensation for damages arising from unlawful processing

11. Cookies

Cookies may be used on websites and panels to enhance user experience and ensure security.

12. Confidentiality

Personal data shall not be disclosed to third parties except as required by law.

13. Amendments

ESD Pro reserves the right to amend this Policy. Updates become effective upon publication.

14. Effective Date

This Policy becomes effective upon use of the services.

15. Governing Law and Jurisdiction

This Policy shall be governed by the laws of the Republic of Türkiye. Courts and Enforcement Offices of Kocaeli shall have jurisdiction.