KVKK Clarification Text | YouContent360 Legal

1. Notice as Data Controller

DİJİTAL AI TEKNOLOJİ YAZILIM A.Ş. ("YouContent360"), with MERSIS No. 0295132643700001, having its registered address at Maslak Mah. Maslak Meydan Sk. Beybi Giz Plaza A Blok No:1 D:55, 34485 Sarıyer / İstanbul, takes utmost care of the security of your personal data. Your personal data is processed and retained in accordance with Turkish Personal Data Protection Law No. 6698 ("KVKK"). KVKK was published in the Official Gazette dated 7 April 2016 and numbered 29677. The said law was enacted to protect the fundamental rights and freedoms of natural persons whose personal data is processed — including the right to privacy protected by our Constitution and Turkish Penal Code — and to define the obligations of natural and legal persons processing personal data.

The purpose of our personal data protection and processing policy ("PDP Policy") is to establish the management instructions and procedural conditions to ensure that YouContent360 processes and protects personal data in compliance with KVKK.

Pursuant to KVKK, your personal data may be collected and processed by us as data controller within the scope explained below. As YouContent360, in our capacity as Data Controller and pursuant to KVKK, your personal data may — within the framework explained on this page — be recorded, retained, updated, disclosed/transferred to third parties where the legislation permits, classified and processed in the manners enumerated under KVKK.

DİJİTAL AI TEKNOLOJİ YAZILIM A.Ş.

Registered Address: Maslak Mah. Maslak Meydan Sk. Beybi Giz Plaza A Blok No:1 D:55, 34485 Sarıyer / İstanbul

Trade Name: DİJİTAL AI TEKNOLOJİ YAZILIM A.Ş.
MERSIS Number: 0295-1326-4370-0001
Tax Office / Number: Maslak V.D. / 2951326437
Registered Address: Maslak Mah. Maslak Meydan Sk. Beybi Giz Plaza A Blok No:1 D:55, 34485 Sarıyer / İstanbul
Email Address: hello@dijitalai.com.tr

2. Definitions

Explicit Consent: Means consent regarding a specific subject, based on information and given by free will.
Disclosure Obligation: The obligation under KVKK art. 10 of the data controller or its authorised person to inform data subjects, during the collection of personal data, about: the identity of the data controller and its representative (if any), the purposes for which personal data will be processed, the recipients to whom personal data may be transferred and the purpose of transfer, the method and legal basis of personal data collection, and the rights set out under KVKK art. 11.
Data Subject: Means the natural person whose personal data is processed.
Law / KVKK: Means the Turkish Personal Data Protection Law No. 6698.
Personal Data: Means any information relating to an identified or identifiable natural person.
Processing of Personal Data: Means any operation performed on data such as obtaining, recording, storing, retaining, modifying, reorganising, disclosing, transferring, taking over, making retrievable, classifying or preventing the use of personal data.
Board: Means the Personal Data Protection Board (KVK Kurulu).
Authority: Means the Personal Data Protection Authority (KVK Kurumu).
Data Processor: Means the natural or legal person processing personal data on behalf of the data controller, based on the authorisation given by the data controller.
Data Controller: Means the natural or legal person who determines the purposes and means of processing of personal data and is responsible for establishing and managing the data registry system.

3. Processing of Personal Data

Pursuant to KVKK, the personal data you share with YouContent360 may be processed by us — fully or partly, automatically, or non-automatically as part of any data registry system — and subject to any operation performed on data including obtaining, recording, storing, modifying, reorganising. Under KVKK, any operation performed on data is considered "processing of personal data".

YouContent360 may collect and process personal data obtained through web pages, events, training and the portal generally for the following purposes:

To collect personal information for enabling interaction via web pages, events, training or the portal,
To offer personalised services to our users,
To contact users and inform them about services and opportunities,
To provide the services we offer under contracts,
To send newsletters or promotional/notification messages by email,
To send promotional or notification messages by SMS,
To answer incoming calls and respond to your support needs,
To develop our current and R&D-stage applications and establish management processes,
To resolve complaints in accordance with your requests, complaints arising from social media, or complaints regarding the services we provide,
To collect and process your data for various statistical evaluations, database creation and market research without disclosing the user's identity.

4. Recipients and Purposes of Data Transfer

By accepting the Personal Data Protection Policy, you consent to the collection, retention, processing, use, domestic and cross-border transfer of your personal data — within the scope of YouContent360 applications and services and shared with YouContent360, with our business partners in Türkiye and abroad and with platform users — to third parties with whom we have a contractual relationship and who carry the same legal and technical responsibilities regarding data protection and security and who comply with the relevant legislation.

YouContent360 may share your data regarding your visits or applications and your traffic information such as browsing data with public authorities legally authorised to request such information — for your safety and for YouContent360 to fulfil its legal obligations (including but not limited to combating crime and threats to state and public security, and circumstances where YouContent360 has a legal or administrative duty to notify or report).

5. Method and Legal Grounds of Personal Data Collection

Pursuant to KVKK, the personal data you share with YouContent360 may be processed by us — fully or partly, automatically, or non-automatically as part of any data registry system — and subject to any operation performed on data. Your personal data may be collected in written/physical or electronic form when you obtain a service or product from YouContent360, when you participate in training or events, when you use YouContent360 services, when you sign up or apply for advertising or marketing campaigns, when you become a member or register, and through cookies.

6. Data Categories

Identity Information

When you obtain a product or service from YouContent360, register for training or events, sign up for advertising or marketing applications, or become a member or register, you voluntarily share information such as "Name", "Surname", "Email", "Phone" with YouContent360. We process identity information to fulfil our obligations under the legislation, carry out necessary operational activities, and engage in interactions.

Contact Information

When you obtain a product or service from YouContent360, register for training or events, sign up for advertising or marketing applications, or become a member or register, you voluntarily share information such as "Email Address", "Address", "City and District", and "Mobile Phone" with YouContent360. Sharing contact information is important for enabling communication between YouContent360 and service recipients, training/event participants, and users.

Visual and Multimedia Data

When you obtain a product or service from YouContent360, register for training or events, sign up for advertising or marketing applications, or become a member or register, you voluntarily share your photographs, multimedia recordings, and visual content related to your work with YouContent360. Sharing visual and multimedia data is important for facilitating user communication with YouContent360.

Location Information

When you obtain a product or service from YouContent360, register for training or events, sign up for advertising or marketing applications, or become a member or register, you voluntarily share location information such as live location, address, and waypoints with YouContent360. Sharing this data serves the purpose of identifying users and participants nationwide.

Information Automatically Collected (Not Personal Data)

Through cookies or our other programs and software, we may collect information about your in-site usage — such as click counts, frequency of opening tabs, and your behaviour in the digital environment relating to topics of interest.

Device Information

We may collect data through electronic devices you use (computers, laptops, tablets, smartphones, smart TVs, etc.) — including data that may or may not be matched to you (e.g. location information).

Cookie Information

Cookies are small text files stored on your device or network server by the websites you visit through your computer or mobile device. Depending on the type, cookies in websites collect data on browsing and usage preferences on the device used to visit the site. This data covers many details such as the pages you access, the services and products you review, your preferred language and other preferences. We use many cookie types to provide a better experience to our users and visitors. In this context;

essential and important cookies such as session, load-balancing user identity and security cookies that allow web pages to function properly,
preference cookies — such as password, language, location, history, flash and mobile cookies — that increase usage efficiency in line with users' and visitors' preferences,
functional and analytical cookies that gather analytics data and provide information about web page visits,
targeting and marketing cookies — including advertising, market analysis, targeting, fraud detection and campaign promotion cookies — frequently used today, especially for advertisements,
third-party cookies including advertising or extension cookies that typically appear on sites that host advertisements for other web pages — we use these on our website. Unless the user changes these settings, the user is deemed to have given explicit consent to the use of cookies.

We may provide links to third-party websites, portals or mobile applications via YouContent360. However, we have no responsibility for the application of privacy policies on those sites or third-party policies. Privacy policies of third-party websites or mobile applications may differ from this Personal Data Protection Policy.

Other Information

You voluntarily share information preferred by the user or visitor — such as Smatch (automatic matching) information and similar — with YouContent360. Where you choose to disclose information or data publicly such that other members can access and view it, this is deemed disclosed by you and may be used for statistical, advertising or promotional purposes. We have no liability where personal data you disclose is used by third parties or other sites.

Customer Transaction

This data category covers types such as call centre records, invoices, promissory notes, cheque information, ticket office receipts, order information, and request information. This data is processed where it is directly related to the establishment or performance of a contract, where it is mandatory for the data controller to fulfil its legal obligation, where processing of personal data of contract parties is necessary, where data processing is mandatory for the establishment, exercise or protection of a right, and where data processing is mandatory for the legitimate interests of the data controller.

Marketing

This data category covers types such as purchase history information, surveys, cookie records, and information obtained through campaign activities. This data is processed where it is directly related to the establishment or performance of a contract, where it is mandatory for the data controller to fulfil its legal obligation, where processing of personal data of contract parties is necessary, where data processing is mandatory for the establishment, exercise or protection of a right, and where data processing is mandatory for the legitimate interests of the data controller.

7. Personal Data Retention and Destruction Policy

6.1. Purpose

YouContent360 commits to comply with KVKK, related regulations and other arrangements regarding personal data protection, processing and destruction. Regarding the deletion, destruction or anonymisation of personal data, YouContent360 wishes to inform data subjects under both KVKK art. 7 and the Regulation on Deletion, Destruction or Anonymisation of Personal Data dated 28 October 2017, numbered 30224.

6.2. Definitions

Destruction: The deletion, destruction or anonymisation of personal data.
Data Registry Environment: Any environment where personal data — processed fully or partly, automatically, or non-automatically as part of any data registry system — is located.
Anonymisation of Personal Data: Rendering personal data, even when matched with other data, in a way that under no circumstances can it be associated with an identified or identifiable natural person.
Deletion of Personal Data: Rendering personal data inaccessible and unusable in any way for the relevant users.
Destruction of Personal Data: The process of rendering personal data inaccessible, irretrievable and unusable in any way by anyone.
Periodic Destruction: The deletion, destruction or anonymisation operation performed ex officio at recurring intervals — as specified in the personal data retention and destruction policy — when all conditions for processing personal data set out in the Law cease.

6.3. Scope and Data Registry Environments

Your personal data is retained — for the retention periods stated in the relevant legislation, or where no period is specified, for the period required by the processing purposes — within the scope of the obligations specified in our personal data inventory and KVKK legislation, and is then deleted, destroyed or anonymised in accordance with KVKK. Our personal data registry environments are as follows.

Electronic Environments

Servers (domain, backup, email, database, web, file sharing, etc.)
Software (office software, portal, VERBIS)
Information security devices (firewall, intrusion detection and prevention, log files, antivirus, etc.)
Personal computers (desktop, laptop)
Mobile devices (phone, tablet, etc.)
Optical discs (CD, DVD, etc.)
Removable storage (USB, memory card, etc.)
Printer, scanner, photocopier

Non-Electronic Environments

Training
Paper
Manual data registry systems (survey forms, visitor logbooks)
Written, printed and visual environments

6.4. Legal and Technical Grounds for Personal Data Retention

Pursuant to KVKK art. 7 and Turkish Penal Code art. 138, YouContent360 retains the personal data it processes only for the period stipulated in the relevant legislation, or — if no period is stipulated — for as long as required by the processing purpose. If the processing purpose has ceased or the retention period has ended, personal data may be retained only to the extent required by potential legal obligations.

Personal data processed in compliance with KVKK and other applicable laws must be deleted, destroyed or anonymised by YouContent360 — ex officio or upon the data subject's request — in a way that the data can no longer be used or recovered, when the reasons requiring its processing cease. The procedures and principles for lawful destruction or anonymisation of personal data shall be carried out in accordance with the principles and rules specified in the Regulation.

6.5. Personal Data Retention and Destruction Periods

Personal data retention and destruction periods
Records	Duration	Legal Basis
Membership and sales records	10 years	Law No. 6698
All accounting and financial transaction records	10 years	Law No. 6102, Law No. 213
Cookies	Up to 540 days	EU Cookie Law
Commercial electronic message consent records	3 years from the date consent is withdrawn	Law No. 6563 and related secondary legislation
Traffic information regarding online visitors	2 years	Law No. 5651
Personal data relating to YouContent360	10 years after the legal relationship ends	Law No. 6102, Law No. 6098 and Law No. 213

8. Technical and Administrative Measures Concerning Personal Data

Pursuant to KVKK art. 12, YouContent360's obligations regarding data security as data controller are;

to prevent unlawful processing of personal data,
to prevent unlawful access to personal data,
to take all technical and administrative measures to ensure protection of personal data,
to carry out or have carried out the necessary audits within its organisation.

YouContent360 takes care to process data and ensure tax security in accordance with the above obligations. YouContent360 takes the necessary measures to prevent its employees from sharing personal data with third parties, and notifies the data subject and the Board if a breach occurs.

At YouContent360:

Network security and application security are ensured.
Closed system networks are used for personal data transfers via networks.
Key management is implemented.
Security measures are taken within the scope of supply, development and maintenance of information technology systems.
Security of personal data stored in the cloud is ensured.
Disciplinary regulations containing data security provisions exist for employees.
Data security training and awareness activities are conducted for employees at regular intervals.
An authorisation matrix has been established for employees.
Access logs are kept regularly.
Corporate policies on access, information security, usage, retention and destruction have been prepared and implemented.
Data masking is applied where necessary.
Confidentiality undertakings are signed.
Authorisations of employees who have changed roles or left the organisation are revoked.
Up-to-date anti-virus systems are used.
Firewalls are used.
Signed contracts contain data security provisions.
Extra security measures are taken for personal data transferred via paper, and the relevant documents are sent in classified document format.
Personal data security policies and procedures have been established.
Personal data security issues are reported promptly.
Personal data security is monitored.
Necessary security measures are taken regarding entry and exit to physical environments containing personal data.
Security of physical environments containing personal data against external risks (fire, flood, etc.) is ensured.
Security of environments containing personal data is ensured.
Personal data is minimised wherever possible.
Personal data is backed up, and the security of backed-up data is also ensured.
User account management and authorisation control systems are implemented and monitored.
Internal periodic and/or random audits are carried out and commissioned.
Log records are kept in a way that prevents user intervention.
Existing risks and threats have been identified.
Protocols and procedures for the security of special categories of personal data have been established and implemented.
If special categories of personal data are sent by email, they are sent encrypted and using KEP or corporate email accounts.
Secure encryption / cryptographic keys are used for special categories of personal data and are managed by different units.
Intrusion detection and prevention systems are used.
Penetration testing is performed.
Cyber security measures are taken and their implementation is continuously monitored.
Encryption is performed.
Special categories of personal data transferred via portable storage, CDs or DVDs are encrypted.
Audits of data processor service providers are performed at regular intervals.
Awareness of data processor service providers regarding data security is ensured.
Data loss prevention software is used.

YouContent360 takes all technical and administrative measures specified in the Law and Board decisions, and the measures specified in guidelines to prevent unlawful access by third parties to personal data, including those addressing cyber attacks.

YouContent360 audits the security of the data inventory it has created in accordance with the legislation, the security of the system and software, and reports to the authorised person or to the Board upon request, ensuring the protection of personal data as stipulated in the legislation.

9. Rights of the Data Subject

KVKK Law No. 6698, art. 11, entered into force on 7 October 2016. Pursuant to that article, the rights of the Data Subject as of that date are as follows: The Data Subject, by applying to YouContent360, has the right to;

learn whether their personal data is processed,
request information regarding processed personal data,
learn the purpose of processing and whether the data is used in accordance with such purpose,
know the third parties to whom personal data is transferred domestically or internationally,
request correction of personal data if processed incompletely or inaccurately,
request deletion or destruction of personal data within the conditions stipulated in KVKK art. 7,
request that the correction, deletion or destruction operations be notified to third parties to whom personal data has been transferred,
object to the emergence of a result against the data subject by analysis of processed data exclusively through automated systems,
claim compensation for damages arising from the unlawful processing of personal data.

10. Application to the Data Controller and Application Method

DİJİTAL AI TEKNOLOJİ YAZILIM A.Ş. ("YouContent360"), with MERSIS No. 0295132643700001, having its registered address at Maslak Mah. Maslak Meydan Sk. Beybi Giz Plaza A Blok No:1 D:55, 34485 Sarıyer / İstanbul, operating in compliance with KVKK as data controller, respects the rights of you valued data subjects and strives to assist in fulfilling your requests in your application. The right to apply to our company through this form prepared pursuant to KVKK art. 11 belongs directly to the personal data subject. Applications made on behalf of third parties require an appropriate power of attorney to represent the relevant person.

Pursuant to KVKK art. 13/1, applications regarding these rights to our company as data controller must be submitted to us in writing or by other methods determined by the Personal Data Protection Board ("Board").

After completing and signing the KVK Application Form ("KVK Application Form") available at YouContent360, please submit it to the address below in person or by registered mail. We will respond to your application within at most 30 (thirty) days.

In this regard, applications to be made to our company in "writing" are to be submitted by printing the form;

in person by the applicant,
via notary,
or signed by the applicant using "secure electronic signature" as defined in Electronic Signature Law No. 5070 and sent to our company's registered electronic mail address.

11. Effective Date

This Policy enters into force on the date of its publication and remains in force until removed from the website. The effective date of the Policy will be updated upon any renewal of the Policy in whole or in part. This Policy entered into force on 24 April 2026 and was updated on 28 April 2026.