

PRIVACY POLICY
Privacy Policy
SYNETA BiliÅŸim Hizmetleri A.Åž.
Kişisel Verilerin Korunması Aydınlatma Metni
Last updated: April 8, 2026 — Version 2.0
​
1. Introduction
This Privacy Policy describes how SYNETA BiliÅŸim Hizmetleri A.Åž. ("SYNETA", "we", "us", or "our") collects, uses, stores, and discloses your personal data when you visit our website at www.syneta.net or engage with our services. This policy is issued in accordance with our obligation to inform data subjects under Article 10 of the Turkish Personal Data Protection Law No. 6698 ("KVKK").
We are committed to protecting your privacy and handling your personal data in a transparent, lawful, and secure manner, in compliance with the KVKK, its implementing regulations, and, where applicable, the EU General Data Protection Regulation ("GDPR").
​
2. Data Controller
The data controller responsible for your personal data is:
Company: SYNETA BiliÅŸim Hizmetleri A.Åž.
Registered address: Karacaibrahim Mh. Hapishane Sk. No:1/1, 39000 Merkez / Kırklareli, Türkiye
Tax office / Tax ID: Kırklareli VD. / 7881149866
Email: info@syneta.net
Phone: +90 212 224 12 02
Website: www.syneta.net
For the purposes of KVKK, SYNETA is the Data Controller (Veri Sorumlusu). Where applicable under the GDPR, SYNETA also acts as the Data Controller within the meaning of that regulation.
​
3. Scope
This policy applies to all personal data processed by SYNETA, whether collected through our website, by email, by telephone, in person, or in the context of delivering our services, including but not limited to: managed IT services, IT field services, IT consulting and strategy, IT staffing, IT sourcing, and digital forensics.
This policy applies to individuals located in Türkiye and to international clients and contacts whose data we may process in connection with our business activities. Where we process personal data of individuals located in the European Economic Area (EEA), the GDPR-specific provisions in Section 12 of this policy apply in addition to the KVKK provisions.
​
4. Key Definitions
-
Personal Data: Any information relating to an identified or identifiable natural person.
-
Special Categories of Personal Data (Sensitive Data): Data relating to race, ethnicity, political opinions, philosophical or religious beliefs, physical appearance, membership in associations or trade unions, health, sexual life, criminal convictions, and biometric/genetic data.
-
Data Controller (Veri Sorumlusu): The natural or legal person who determines the purposes and means of the processing of personal data.
-
Data Processor (Veri İşleyen): The natural or legal person who processes personal data on behalf of the Data Controller.
-
Data Subject (İlgili Kişi): The natural person whose personal data is processed.
-
Processing: Any operation performed on personal data, whether automated or not, such as collection, recording, storage, alteration, transfer, disclosure, or erasure.
-
VERBİS: The Data Controllers Registry Information System maintained by the Turkish Data Protection Authority.
-
KVKK Board (Kurul): The Personal Data Protection Board of Türkiye, the supervisory authority under KVKK.
5. Personal Data We Collect
5.1 Data Collected Through Our Website
When you visit www.syneta.net or interact with us, we may collect the following categories of personal data:
-
Identity data: first name, last name, job title, company name.
-
Contact data: email address, phone number, postal address.
-
Technical data: IP address, browser type and version, operating system, device identifiers, time zone, and pages visited on our website.
-
Communication data: the content of messages sent through our contact form or by email.
-
​
5.2 Data Collected in Connection With Our Services
In the context of delivering our B2B IT services, including digital forensics, we may process additional categories of personal data:
-
Professional data: company name, role, department, business address.
-
Contract data: information necessary for contract performance, invoicing, and service delivery.
-
IT systems data: data contained on IT systems we are engaged to support, maintain, or investigate, which may incidentally include personal data of our client's employees, customers, or other third parties.
-
Digital forensics data: in the context of forensic engagements, we may process data recovered from digital devices, which may include personal communications, files, metadata, and other data types as defined by the scope of the engagement.
-
​
5.3 Data We Do Not Intentionally Collect
We do not intentionally collect special categories of personal data (sensitive data) as defined under Article 6 of the KVKK, unless this is strictly required by the nature of a specific engagement (e.g., digital forensics) and is governed by a separate data processing agreement with the client.
​
6. Purposes and Legal Basis for Processing
We process your personal data for the following purposes and on the following legal bases under Article 5 of the KVKK:
-
Responding to enquiries and contact form submissions — Legal basis: Legitimate interest of the data controller (Art. 5/2(f)) — Data: Identity, Contact, Communication
-
Performing contracts for IT services — Legal basis: Necessary for performance of a contract (Art. 5/2(c)) — Data: Identity, Contact, Contract, IT systems
-
Conducting digital forensics engagements — Legal basis: Necessary for performance of a contract (Art. 5/2(c)); Explicit consent where sensitive data is involved (Art. 6) — Data: Identity, Contact, Contract, Forensics
-
Sending service-related communications — Legal basis: Legitimate interest (Art. 5/2(f)) — Data: Identity, Contact
-
Complying with legal obligations (tax, accounting, regulatory) — Legal basis: Legal obligation (Art. 5/2(ç)) — Data: Identity, Contact, Contract
-
Website analytics and improvement — Legal basis: Legitimate interest (Art. 5/2(f)); Consent for non-essential cookies — Data: Technical
-
Protecting IT security and preventing fraud — Legal basis: Legitimate interest (Art. 5/2(e)) — Data: Technical, Identity
-
​
7. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to ensure the website functions correctly and to understand how visitors interact with it. Cookies are small data files stored on your device by your browser.
​
7.1 Types of Cookies We Use
-
Essential cookies: Required for the website to function. These cannot be disabled. They include session management and security cookies set by our hosting platform (Wix).
-
Analytics cookies: Help us understand how visitors use our website by collecting anonymised usage data. We may use tools such as Google Analytics or Wix Analytics for this purpose.
-
Preference cookies: Allow the website to remember choices you make (e.g., language preferences).
7.2 Cookie Consent
Non-essential cookies are only placed on your device with your prior consent, which you can manage through our cookie consent banner. You may also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
​
8. Sharing and Disclosure of Personal Data
We may share your personal data with the following categories of recipients, strictly on a need-to-know basis and in compliance with Articles 8 and 9 of the KVKK:
-
Service providers and data processors: Third parties that provide services on our behalf, such as our website hosting provider (Wix.com Ltd.), cloud service providers, and IT tools. These parties process data only on our instructions and under contractual safeguards.
-
Business partners and subcontractors: In the context of IT service delivery, we may engage field engineers or subcontractors who may access personal data in the course of their work. Such access is governed by confidentiality and data processing agreements.
-
Clients: Where we act as a service provider (data processor) on behalf of a client, data may be shared with or returned to the client in accordance with the applicable service agreement.
-
Legal and regulatory authorities: We may disclose personal data to courts, law enforcement agencies, tax authorities, or regulatory bodies where required by law or in response to lawful requests.
-
Professional advisors: Lawyers, auditors, and accountants, as necessary for the conduct of our business.
We do not sell your personal data to third parties. We do not share your data for direct marketing purposes by third parties.
​
9. International Data Transfers
SYNETA is based in Türkiye and primarily processes personal data within Türkiye. However, given the nature of our business and the international reach of our clients and service providers, personal data may be transferred to or accessed from countries outside Türkiye.
Where such transfers occur, they are carried out in compliance with Article 9 of the KVKK, as amended in 2024, using one or more of the following safeguards:
-
Transfer to a country recognised by the KVKK Board as providing an adequate level of data protection.
-
Standard Contractual Clauses (SCCs) approved by the KVKK Board.
-
Binding Corporate Rules (BCRs) approved by the KVKK Board.
-
Explicit consent of the data subject, where no other safeguard is available and the data subject has been informed of the risks.
Our hosting provider, Wix.com Ltd., is headquartered in Israel and may process data in data centres located outside Türkiye. For more information on Wix's data practices, please refer to Wix's Privacy Policy at www.wix.com/about/privacy.
​
10. Data Retention
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by applicable law. Our general retention practices are as follows:
-
Contact form enquiries: Retained for the duration of the business relationship and for a period of 2 years after the last interaction, unless a longer period is required by law.
-
Contract and invoicing data: Retained for the duration of the contract and for 10 years thereafter, in compliance with Turkish commercial and tax legislation.
-
Digital forensics engagement data: Retained in accordance with the terms of the specific engagement agreement, after which it is securely destroyed unless retention is required by law or court order.
-
Website analytics data: Anonymised analytics data may be retained indefinitely. Identifiable technical data (e.g., IP addresses) is retained for no longer than 2 years.
When personal data is no longer required, it is securely deleted, destroyed, or anonymised in accordance with our data retention and destruction policy, as required by the KVKK Regulation on the Erasure, Destruction, or Anonymisation of Personal Data.
​
11. Your Rights Under KVKK
Under Article 11 of Law No. 6698 (KVKK), you have the following rights in relation to your personal data:
-
The right to learn whether your personal data is being processed.
-
The right to request information about the processing, if your data has been processed.
-
The right to learn the purpose of processing and whether your data is used in accordance with that purpose.
-
The right to know the third parties to whom your personal data has been transferred, domestically or abroad.
-
The right to request correction of your data if it is incomplete or inaccurate.
-
The right to request the erasure or destruction of your personal data under the conditions set out in Article 7 of the KVKK.
-
The right to request that any correction, erasure, or destruction be notified to third parties to whom your data has been transferred.
-
The right to object to a decision made exclusively by automated processing that produces a result to your detriment.
-
The right to claim compensation if you suffer damage due to unlawful processing of your personal data.
​​
How to Exercise Your Rights
You may submit your requests by email to info@syneta.net or by post to our registered address. Please include your full name, contact details, and a clear description of your request. We may ask you to verify your identity before processing your request.
We will respond to your request within 30 days of receipt. If we are unable to fulfil your request, we will inform you of the reasons in writing. If you are not satisfied with our response, you have the right to lodge a complaint with the KiÅŸisel Verileri Koruma Kurumu (Turkish Personal Data Protection Authority) at www.kvkk.gov.tr.
​
12. Additional Rights for EEA Data Subjects (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, the EU General Data Protection Regulation (GDPR) may also apply to our processing of your personal data. In addition to the rights listed above, you have the following additional rights under the GDPR:
-
The right to data portability: to receive your personal data in a structured, commonly used, and machine-readable format.
-
The right to restriction of processing: to request that we limit how we process your data in certain circumstances.
-
The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You may exercise these rights by contacting us at info@syneta.net. You also have the right to lodge a complaint with a supervisory authority in your country of residence.
​
13. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction, in accordance with Article 12 of the KVKK. These measures include, but are not limited to:
-
Encryption of data in transit (TLS/SSL) and at rest where appropriate.
-
Access controls and role-based permissions.
-
Regular security assessments of our systems and processes.
-
Confidentiality agreements with employees and subcontractors.
-
Secure disposal procedures for digital media and forensics evidence.
While we take all reasonable precautions, no method of electronic transmission or storage is entirely secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections and responding promptly to any data breach in accordance with KVKK requirements.
​
14. Special Provisions for Digital Forensics Services
In the course of digital forensics engagements, SYNETA may access and process data recovered from digital devices. This data may include personal data belonging to individuals other than the contracting client.
In such engagements, SYNETA acts in accordance with a dedicated Data Processing Agreement (DPA) entered into with the client. The client, as the entity commissioning the forensic investigation, typically acts as the Data Controller or joint controller for the data recovered. SYNETA processes this data strictly within the scope of the engagement, applies chain-of-custody protocols, and securely destroys or returns all data upon completion of the engagement, unless retention is required by law.
If you believe your personal data has been processed in the course of a forensic engagement and wish to exercise your rights, please contact the entity that commissioned the engagement in the first instance. You may also contact SYNETA directly.
​
15. Children's Privacy
Our services are designed for business clients and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a person under 18, we will take steps to delete such data promptly. If you are a parent or guardian and believe your child has provided personal data to us, please contact us at info@syneta.net.
​
16. Links to Third-Party Websites
Our website may contain links to external websites that are not operated by SYNETA. We have no control over the content or privacy practices of these sites and are not responsible for them. We encourage you to review the privacy policy of every website you visit.
​
17. Website Hosting
Our website is hosted on the Wix.com platform. Wix provides the technology infrastructure to operate our website and may process certain personal data (such as technical data and cookies) on our behalf. For more information about Wix's data practices, please refer to their privacy policy at www.wix.com/about/privacy.
​
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. Any updates will be posted on this page with a revised "Last updated" date. We encourage you to review this page periodically. Material changes will be communicated via our website or by email where appropriate.
​
19. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, you can contact us through the following channels:
Email: info@syneta.net
Phone: +90 212 224 12 02
Address: Karacaibrahim Mh. Hapishane Sk. No:1/1, 39000 Merkez / Kırklareli, Türkiye
Website: www.syneta.net/contact
Supervisory authority: KiÅŸisel Verileri Koruma Kurumu (KVKK) — www.kvkk.gov.tr
