GDPR Disclosure

How SECAN processes your personal data — equivalent disclosure under EU GDPR and Turkish KVKK (Law No. 6698)

1. Data Controller

Under EU GDPR and Turkish Personal Data Protection Law (KVKK, Law No. 6698), your personal data may be processed by SECAN Bilişim Teknolojileri Limited Şirketi ("SECAN") as the data controller, within the scope described below.

SECAN Bilişim Teknolojileri Limited Şirketi

ETİLER MAH. EVLİYA ÇELEBİ CAD. NO: 23, İÇ KAPI NO: 107

MURATPAŞA / ANTALYA / TURKEY

MERSIS No: 0757108315800001

Tax ID: 7571083158

Email: inbox@secan.info

2. Purposes of Processing

Your personal data is processed for the following purposes:

  • Responding to inquiries and managing customer relationships
  • Preparing and performing service contracts
  • Providing project management and technical support services
  • Delivering the WhatsApp Business Assistant (Asistan) service on behalf of business customers
  • Billing and accounting operations
  • Meeting legal obligations
  • Improving service quality and website performance
  • Conducting aggregated, non-identifying statistical analysis

3. Categories of Personal Data Processed

Categories of personal data we process:

  • Identity: First name, last name
  • Contact: Email address, phone number, postal address
  • Customer transaction: Project details, requests, complaints
  • Financial: Invoice details, payment information
  • Technical / security: IP address, cookie records, log records
  • WhatsApp Assistant data (when SECAN operates the Asistan service for a business customer): end-user WhatsApp phone number (E.164), WhatsApp profile name (if shared), message content (text), timestamps, and AI reply metadata. See our Privacy Policy §5 for the full Assistant data flow.

4. How Personal Data Is Collected

Your personal data is collected via:

  • Website contact forms
  • Email communication
  • Telephone conversations
  • Service contracts
  • Cookies and similar technologies
  • For the Assistant service: WhatsApp Business Cloud API webhook events delivered by Meta

5. Data Sharing and International Transfers

Within the lawful bases of KVKK Art. 8/9 and the equivalent GDPR Chapter V provisions, your personal data may be transferred to:

  • Technical infrastructure and hosting providers (Cloudflare, Inc. — USA + EU regions; SCC apply for EU→US transfers)
  • AI sub-processor (Anthropic, PBC — USA; SCC apply, no model training on the data)
  • Email delivery sub-processor (Sendinblue SAS / Brevo — France/EU)
  • Accounting and tax advisory firms (Turkey)
  • Public authorities, where required to meet legal obligations
  • Business partners, only to the extent required by project requirements

6. Lawful Basis for Processing

Personal data is processed on the following lawful bases (KVKK Art. 5/6; GDPR Art. 6):

  • Performance of a contract or necessary pre-contractual steps
  • Compliance with a legal obligation to which the controller is subject
  • Legitimate interests of the controller, provided those interests do not override the data subject's fundamental rights and freedoms
  • Explicit consent of the data subject

7. Your Rights (KVKK Art. 11 / GDPR Art. 15–22)

As a data subject you have the following rights:

  • To learn whether your personal data is being processed
  • To request information about how your personal data has been processed
  • To learn the purpose of processing and whether the data has been used in accordance with that purpose
  • To know the third parties (domestic or international) to whom your data has been transferred
  • To request rectification if your personal data is incomplete or incorrect
  • To request erasure or destruction of your personal data under the conditions of KVKK Art. 7 / GDPR Art. 17 (right to be forgotten)
  • To request that rectification, erasure or destruction be communicated to third parties to whom the data was transferred
  • To object to decisions based solely on automated processing that produce adverse effects
  • To claim compensation for damages arising from unlawful processing of your personal data

8. How to Exercise These Rights

To exercise the rights above, send a request to SECAN that identifies you and clearly states which right you are exercising:

  • In writing: ETİLER MAH. EVLİYA ÇELEBİ CAD. NO: 23, İÇ KAPI NO: 107, MURATPAŞA / ANTALYA / TURKEY
  • Registered electronic mail (KEP): secan.ltd@gmail.com
  • Email: inbox@secan.info

We respond to requests free of charge within 30 days. If the operation requires additional cost, SECAN may charge a fee per the tariff set by the Turkish Personal Data Protection Authority.

For Assistant-specific deletion requests (e.g. removing your WhatsApp conversation history with a business that uses our service), see the dedicated Data Deletion Instructions page.

9. Data Security

SECAN takes all necessary technical and organisational measures to prevent unlawful processing or access to personal data and to preserve its confidentiality, integrity and availability. Examples include TLS for data in transit, AES-GCM encryption at rest for sensitive credentials such as Meta access tokens, principle-of-least-privilege access controls, and audit logging of admin operations.

10. Contact

For questions about this disclosure:

SECAN Bilişim Teknolojileri Limited Şirketi

ETİLER MAH. EVLİYA ÇELEBİ CAD. NO: 23, İÇ KAPI NO: 107

MURATPAŞA / ANTALYA / TURKEY

Tax ID: 7571083158

Email: inbox@secan.info

Note

This disclosure is the English equivalent of our Turkish KVKK Aydınlatma Metni. In case of any conflict, the Turkish version (available at /tr/legal/kvkk) is authoritative as it carries the legally binding text under Turkish law. SECAN reserves the right to update this disclosure; the most recent version is always available on our website.