Data Protection Notice

1. Data Controller Identity

Serversium Technology, headquartered in Izmir, Turkey, acts as the data controller for personal data collected through our services and website. Registry details available in your client area billing settings.

2. Categories of Personal Data Processed

We process the following categories of personal data:

• check_circleIdentity data: name, surname, government ID where required for billing
• check_circleContact data: email, phone, billing/shipping address
• check_circleFinancial data: payment information (processed by our PCI-DSS-compliant payment partners)
• check_circleAccount data: username, password (hashed), account preferences, service history
• check_circleTransaction data: orders, invoices, support ticket history
• check_circleTechnical data: IP addresses, browser type, device info, cookies
• check_circleMarketing data: communication preferences (only with explicit consent)

3. Purposes of Processing

Personal data is processed for the following purposes:

• check_circlePerforming the contract (provisioning services you ordered)
• check_circleBilling, invoicing, and tax compliance
• check_circleCustomer support and dispute resolution
• check_circleAccount security and fraud prevention
• check_circleLegal compliance (KVKK, tax law, court orders)
• check_circleService improvement based on aggregate analytics
• check_circleMarketing communications (only with explicit consent)

4. Legal Basis for Processing

Under KVKK Article 5 and GDPR Article 6, we process your data based on: contractual necessity (services you ordered), legitimate interest (fraud prevention, security), legal obligation (tax law, KVKK retention), and explicit consent (marketing communications).

5. Data Transfers

Personal data is primarily stored in our Tier III+ data center in Turkey. Cross-border transfers to EU/US service providers (payment processors, transactional email) are protected by Standard Contractual Clauses (SCCs) and KVKK adequacy mechanisms. We do not transfer data to jurisdictions without adequate protection.

6. Data Retention

Active account data: retained for the duration of the customer relationship. After account closure: 5 years for tax/legal compliance. Server access logs: 12 months. Marketing data: until consent is withdrawn. Backups: per our backup policy.

7. Your Rights Under KVKK & GDPR

You have the following rights regarding your personal data:

• check_circleRight to know whether your data is being processed
• check_circleRight to access your data (export available)
• check_circleRight to rectification (correct inaccurate data)
• check_circleRight to erasure ('right to be forgotten') subject to legal retention
• check_circleRight to restrict processing
• check_circleRight to data portability (machine-readable export)
• check_circleRight to object to processing based on legitimate interest
• check_circleRight to withdraw consent (where consent is the basis)
• check_circleRight to lodge complaints with KVKK Authority (kvkk.gov.tr) or your local DPA

8. Cookie Notice

Our website uses essential cookies for authentication and security. Analytics and marketing cookies are loaded only after explicit consent via our cookie banner. You may withdraw consent at any time from our cookie settings.

9. Automated Decision-Making

We use limited automated systems for fraud detection during signup and payment. These do not have legal or similarly significant effects on you. Human review is available on request for any flagged transaction.

10. Contact for Data Rights

To exercise any of the rights listed above, contact our Data Protection Officer at [email protected] or via written request to our registered address. We respond within 30 days (extendable to 90 days for complex requests). Identity verification may be required.