GDPR - Data Protection Notice
Data Protection Notice (KVKK)
Disclosure Pursuant to Turkish Personal Data Protection Law No. 6698
Last Updated: March 2026
1. Introduction
This notice has been prepared by ArtX Agency ("the Company") as the data controller, in accordance with Article 10 of the Turkish Personal Data Protection Law No. 6698 ("KVKK") and the GDPR.
This notice is intended to inform all individuals ("Data Subject" or "you") who visit artxagency.com, use our contact forms, schedule appointments, or use our services.
2. Data Controller
Company: ArtX Agency
Website: artxagency.com
Email: [email protected]
3. Personal Data We Collect
3.1 Identity & Contact Data
Data Type | Collection Method | Purpose | Legal Basis |
|---|---|---|---|
Full Name | Contact / Appointment form | To evaluate and respond to your request | Explicit consent |
Email Address | Contact / Appointment form | To follow up on your inquiry | Explicit consent |
Phone Number | Contact form (optional) | To reach you for detailed discussions | Explicit consent |
Message Content | Contact form | To understand the scope of your request | Explicit consent |
Appointment Date/Time | Appointment form | Meeting scheduling | Performance of contract |
3.2 Technical & Digital Data
Data Type | Purpose | Legal Basis |
|---|---|---|
IP Address (anonymized) | Site security, anonymous location analysis | Legitimate interest |
Browser Type & Version | Cross-browser compatibility | Legitimate interest |
Operating System | Technical compatibility | Legitimate interest |
Pages Visited & Duration | Content strategy and UX improvement | Explicit consent |
Traffic Source | Marketing channel effectiveness | Explicit consent |
3.3 Cookie Data
For detailed information about cookies and tracking technologies, please see our Cookie Policy.
3.4 Chatbot Interaction Data
Chat messages: Processed to answer your questions and provide support.
Session ID: Automatically generated for chat continuity; deleted when the browser session ends.
4. Purposes of Processing
Responding to contact form inquiries and feedback
Processing appointment requests
Providing instant support via chatbot
Displaying the site in your preferred language
Analyzing and improving user experience
Measuring advertising campaign effectiveness
Complying with legal obligations
Ensuring site security
5. Legal Basis for Processing
Legal Basis | KVKK Article | Scope |
|---|---|---|
Explicit Consent | Art.5/1 | Analytics, marketing, preference cookies; contact form; chatbot |
Performance of Contract | Art.5/2-c | Appointment processing; service delivery |
Legal Obligation | Art.5/2-ç | Legal retention requirements |
Legitimate Interest | Art.5/2-f | Site security; necessary cookies; server logs |
You may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
6. Data Transfers
6.1 Domestic Transfers
Hosting and server service providers
Legal advisors (when required)
Authorized public institutions (when legally required)
6.2 International Transfers
Recipient | Country | Purpose | Safeguard |
|---|---|---|---|
Google LLC | USA | Web analytics (GA4), ad conversion tracking | EU-U.S. Data Privacy Framework |
Meta Platforms Inc. | USA | Ad targeting (Meta Pixel) | Standard Contractual Clauses (SCC) |
No data is transferred internationally for categories where you have not given consent.
7. Data Retention Periods
Data Category | Retention Period |
|---|---|
Contact form data | 2 years (contract + 10 years if service agreement is formed) |
Appointment data | 1 year |
Cookie consent preferences | 1 year (auto-reset upon expiration) |
Analytics data (GA4) | 14 months |
Marketing cookies | 90 days — 3 months |
Server logs | 90 days |
Chatbot session data | Browser session duration |
8. Your Rights
Under KVKK Article 11 and GDPR Articles 15-22, you have the right to:
Know whether your personal data is being processed
Request information about processing
Learn the purpose of processing and whether it's used accordingly
Know third parties to whom your data is transferred
Request correction of inaccurate or incomplete data
Request deletion or destruction under KVKK Article 7
Request notification of corrections/deletions to third parties
Object to automated decision-making that produces adverse effects
Claim compensation for damages from unlawful processing
9. How to Submit a Request
Email: [email protected] (from your registered email)
Written Application: Signed petition via registered mail
Applications will be concluded free of charge within 30 days.
10. Complaint to the Data Protection Board
If your application is rejected, the response is inadequate, or no response is provided, you may file a complaint with the Turkish Personal Data Protection Board within 30 days of learning the response, and in any case within 60 days of application.
Board website: www.kvkk.gov.tr
11. Data Security Measures
SSL/TLS (HTTPS) encryption
Firewall and network security
Regular security updates and patch management
Access control and authorization mechanisms
IP anonymization in analytics
Privacy by default (all cookies denied by default)
Database encryption and regular backups
12. Contact
Data Controller: ArtX Agency
Website: artxagency.com
Email: [email protected]