Data Breach Notification Process

We take data security seriously. Should a breach occur, we act transparently and quickly in line with Türkiye’s KVKK and the Board’s decisions. Our process is written out below.

1. Detection & containment

The moment a suspected breach is detected, we isolate the affected system, freeze access logs and apply technical measures to stop further leakage.

2. Assessment

We determine which data categories, how many people and what likely consequences are involved, and document the root cause and scope.

3. Notifying the Board — within 72 hours

From the moment we become aware of a personal data breach, we notify the Turkish Data Protection Board as soon as possible and in any case within 72 hours, covering the nature of the breach, affected people and records, likely consequences and measures taken.

4. Notifying affected individuals

We inform affected individuals as soon as reasonably possible, in plain language: what happened, which data was affected, the likely risks and steps you can take to protect yourself.

5. Remediation & prevention

We fix the root cause, apply technical and organizational measures to prevent recurrence, and record the process.

Contact

If you have found a vulnerability, please contact us or report via security.txt.

This page summarizes our process and does not replace the legal text; KVKK and Board decisions prevail.