Reference translation
KVKK Disclosure
Last updated:
This English version is provided as a reference for English-speaking readers. For Turkish-domiciled parties, the binding text is the Turkish version. Where this translation conflicts with the Turkish original, the Turkish original prevails.
View the binding Turkish version →1. What this disclosure is
This page is the disclosure ("aydınlatma metni") required by Turkish Law No. 6698 on the Protection of Personal Data (KVKK), art. 10. KVKK requires data controllers to inform data subjects, at the moment of collection, of (a) the identity of the controller, (b) the purposes of processing, (c) the recipients, and (d) the data subject's rights.
2. Identity of the data controller
Akitle is the "data controller" (KVKK art. 3; GDPR Art. 4(7)) for the personal data of account holders, their users, and platform visitors. Contact: support@akitle.com.
For renter data collected through a share link, Akitle acts as a "data processor" (KVKK art. 3; GDPR Art. 4(8)) on behalf of the issuing company. See the Data Processor Agreement for the controller-processor terms.
3. Categories of personal data
- Identity: full name, signature image, KVKK acknowledgement.
- Contact: email address.
- Transaction: contracts created / sent / signed, audit-trail events.
- Customer-record data: customer entries you create within Akitle (renter contact, identifiers).
- Financial: iyzico transaction reference, contract-rights balance, contract-package purchase history.
- Audit-trail technical signals: IP address, user-agent string, timestamps.
4. Legal basis for processing
| Framework | Recognition | Evidentiary effect |
|---|---|---|
| Türkiye — KVKK art. 5 | Art. 5/2-c: necessary for performance of a contract; Art. 5/2-f: legitimate interest of the controller (audit trail, fraud prevention, security) | Special-category data (art. 6) does NOT apply — Akitle does not require sensitive categories |
| EU — GDPR Art. 6(1) | Art. 6(1)(b): necessary for the performance of a contract; (c): legal obligation (tax retention); (f): legitimate interest | Art. 9 special-category data does NOT apply |
| US — CCPA / CPRA | Business-purpose processing for contract performance; service-provider exemption for sub-processors | No 'sale' or 'share' for cross-context behavioral advertising — opt-out (§1798.120) does not apply |
5. Recipients and international transfers
Personal data is shared only with sub-processors listed in the Privacy Policy (Convex, iyzico, hosting infrastructure), all under data-processing agreements. Cross-border transfers follow KVKK art. 9 (express consent or KVKK Authority adequacy decision); transfers from the EEA / UK follow Chapter V of the GDPR (Standard Contractual Clauses or an adequacy decision).
6. Your rights under KVKK art. 11
KVKK art. 11 gives you the following rights, exercisable against Akitle as data controller:
| Framework | Recognition | Evidentiary effect |
|---|---|---|
| KVKK art. 11 | Learn whether data is processed, request information, learn the purpose and recipients, request correction or deletion, restrict processing, request notification to third parties, object to automated decisions, claim damages | Apply via the procedure below; KVKK Authority complaint possible (art. 13–14) |
| GDPR Arts. 15–22 | Access (15), rectification (16), erasure (17), restriction (18), portability (20), objection (21), automated decisions (22) | Apply via the procedure below; supervisory-authority complaint possible (Art. 77) |
| CCPA §§1798.100–.135 | Right to know, right to delete, right to correct, right to opt out of sale/share (N/A here), right to limit sensitive-data use, right to non-discrimination | Apply via the procedure below; California AG complaint possible |
7. How to apply
Submit your request by email to support@akitle.com with the subject line "KVKK / GDPR / CCPA request". Include your full name, the email address on file with Akitle, and a clear description of the right you wish to exercise.
KVKK art. 13 requires a response within 30 days; GDPR Art. 12(3) allows 30 days extendable by 60 in complex cases; CCPA allows 45 days extendable by 45. If we cannot identify you from the information provided, we may request additional verification.
If you are not satisfied with our response, you may lodge a complaint with the Turkish Personal Data Protection Authority (KVKK), your EU supervisory authority, the UK ICO, or the California Attorney General.
8. Changes
Akitle may amend this disclosure. Material changes will be announced in-app or by email before they take effect.