Personal Data Protection Law (KVKK) Information Notice
Data Controller: Turgut KALFAOGLU (operator of www.kalfaoglu.net)
Last Updated: 02.02.2026
1. Purpose and Scope This information notice has been prepared by Turgut KALFAOGLU ("Data Controller") in accordance with the Law No. 6698 on the Protection of Personal Data ("KVKK") to inform you about the processing of personal data of customers, visitors and users ("Data Subject") within the scope of domain registration, web hosting, e-mail hosting and related digital services ("Services") offered through the www.kalfaoglu.net website.
2. Personal Data Collected and Processing Purposes The personal data specified below may be processed for specific, explicit and legitimate purposes, in accordance with the principle of proportionality, through automated or non-automated means:
Data Category Example Data Types Processing Purposes
Identity and Contact Name, surname, Turkish Republic Identity Number Identity Number (if legally required), email, phone number, address, tax number/Turkish National Identity Number (for invoicing). Establishment and performance of the service contract, invoicing, keeping distance sales records, communication, account verification.
Customer Transactions: Order information, payment amount and history, request/complaint content. Fulfillment of contractual obligations, financial reconciliation, customer relationship management.
Technical and Transaction Security: IP address, login information and durations, browser and device information, system log records. Monitoring service quality, security breach analysis, prevention of unauthorized access, troubleshooting, site performance analysis.
Service-Specific Data: Domain name information, hosting account information (FTP, panel logins), email content (within the scope of technical support). Provision of technical service, registration of domain name in accordance with ICANN and NIC.tr rules, resolution of technical problems.
Financial Information: Credit card information is NOT PROCESSED. Payment is made through PCI-DSS compliant payment intermediaries (PayTR, Iyzico, etc.). Completion of the payment process (via a third-party payment intermediary).
3. Transfer of Personal Data Your personal data may be transferred to the following parties, within the limits and under the conditions stipulated in Articles 8 and 9 of the KVKK (Law on Protection of Personal Data), for the purposes stated above:
Payment Service Providers: To ensure the secure execution of payment transactions (e.g., banks, payment intermediary institutions).
Domain Registrars: To register the domain name you purchased in global or national databases (NIC.tr for .tr extensions) and to process WHOIS information (within the scope of legal requirements).
Infrastructure and Server Service Providers: To ensure the uninterrupted provision of services through physical servers (domestic/foreign data centers and cloud service providers). These transfers are made in the capacity of "Data Processor" and under strict contractual obligations.
Legally Authorized Authorities: To public institutions and organizations explicitly authorized by law (courts, supervisory authorities) in case of legal obligation.
4. Method and Legal Grounds for Personal Data Collection Your personal data is collected electronically (website, email, automated log records). The legal grounds for our processing activities are as follows:
KVKK Article 5/2-a: Your explicit consent (e.g., newsletter subscription).
KVKK Article 5/2-c: Your being a party to a contract, provided it is directly related to the establishment or performance of the contract (Service Contract).
KVKK Article 5/2-ç: It is necessary for the data controller to fulfill its legal obligations (invoicing, tax and commercial bookkeeping obligations).
KVKK Article 5/2-f: It is necessary for the legitimate interests of the data controller (prevention of security breaches, fraud detection).
5. Retention Periods Your personal data is stored for the periods stipulated in the relevant legislation or for the period required by the purpose of processing. For example:
Invoice and commercial records: 10 years (Tax Procedure Law Article 359).
Distance sales contract records: 3 years (Consumer Protection Law).
Request and complaint records: 2 years following the completion of the request.
Technical log records: Generally 6 months - 1 year for system security analysis.
Upon expiration of the periods or the cessation of the processing purpose, your data will be deleted, destroyed, or anonymized.
6. Rights of the Data Subject (KVKK Article 11) In accordance with Article 11 of the KVKK, regarding your personal data;
You have the right to:
Learn whether your personal data is being processed,
Request information regarding processing if it is being processed,
Learn the purpose of processing and whether it is being used in accordance with its purpose,
Know the third parties to whom it is transferred domestically/internationally,
Request correction if it is incomplete/incorrect,
Request its deletion or destruction within the framework of the conditions stipulated in the KVKK ("Right to be Forgotten"),
Request that the third parties to whom it has been transferred be notified of the above correction/deletion request,
Request that a result detrimental to you arise from the analysis of processed data exclusively through automated systems.
You have the right to object to the unlawful processing of your personal data, and to demand compensation for any damages you suffer as a result of the unlawful processing of your personal data.
7. Method of Exercising Your Rights To exercise the rights listed above, you can submit your application, along with your identity verification documents, in accordance with the "Notification on the Procedures and Principles for Applications to the Data Controller":
In writing: delivered in person or via notary public to the address ITOKENT CAD, URLA, IZMIR,
With a secure electronic signature/mobile signature: to info@kalfaoglu.net,
From your email address info@kalfaoglu.net: by filling out the application form (the form is available on our website).
Including explanatory information and identity verification information in your application, depending on the nature of your request, is necessary for the quick and accurate processing of your request. Your request will be processed free of charge within a maximum of 30 (thirty) days, depending on its nature.
This text has been prepared in accordance with the Personal Data Protection Law (KVKK) and may be amended in line with legal changes and updates to business processes. The current version will always be published on www.kalfaoglu.net.
