Personal Data Processing Notice
Last updated: March 12, 2026
1. Data Controller
Pursuant to the Turkish Personal Data Protection Law No. 6698 ("KVKK"), your personal data is processed by VEX-I Teknoloji ve Bilişim Hizmetleri Ltd. Şti. (the "Company") as the data controller, within the scope explained below. For visitors based in the European Economic Area, this notice also serves to provide the information required under Article 13 of the EU General Data Protection Regulation (GDPR).
Trade Name: VEXI Teknoloji ve Bilişim Hizmetleri Ltd. Şti.
Mersis No: 0925130183000001
Address: Nida Kule, Barbaros Mahallesi, Begonya Sk. No:1/2, Batı Ataşehir, Ataşehir - Istanbul
Email: info@vex-i.com
Website: https://vex-hub.com
2. Personal Data Processed
The following personal data is processed through our website (vex-hub.com):
a) Data Collected via the Contact Form
- First and last name
- Email address
- Phone number
- Content of the message you submit
b) Automatically Collected Data
- IP address
- Browser type and version
- Operating system information
- Page view and on-site navigation data
- Cookie data (see the Cookie Policy for details)
3. Purposes of Processing
Your personal data is processed for the following purposes:
- Evaluating your requests, questions, and suggestions submitted via the contact form and getting back to you
- Providing information and offers regarding our services
- Ensuring website technical functionality, measuring and improving performance
- Operating information security processes
- Fulfilling legal obligations
- Improving service quality through statistical analyses
4. Legal Bases for Processing
Your personal data is processed based on the following legal grounds set out in Article 5(2) of the KVKK (with corresponding GDPR equivalents):
| Processing Purpose | Legal Basis (KVKK Art. 5/2) |
|---|---|
| Responding to inquiries and providing offers | Directly related to the establishment or performance of a contract (Art. 5/2-c) |
| Ensuring website security and resolving technical errors | Legitimate interest of the data controller (Art. 5/2-f) |
| Visitor analytics and site performance measurement | Explicit consent (Art. 5/1) — subject to cookie consent |
| Compliance with legal obligations (tax, commercial law, etc.) | Explicitly stipulated by law (Art. 5/2-a) |
| Use as evidence in legal disputes | Establishment, exercise, or protection of a right (Art. 5/2-e) |
5. Methods of Collection
Your personal data is collected through the following methods:
- Directly: Information provided by you via our website contact form
- Automatically: During your visit, via cookies and similar technologies (Google Analytics 4)
6. Data Transfers
Your personal data may be transferred to the following parties, limited to the purposes stated above:
a) Domestic Transfers
- Public authorities (courts, prosecutors, regulatory bodies) where legally required
- Legal advisors and financial consultants
b) Cross-Border Transfers
Due to the technical infrastructure of our website, your personal data may be transferred to the following overseas service providers:
| Service Provider | Country | Purpose | Safeguard |
|---|---|---|---|
| Google LLC (Google Analytics) | USA | Website visitor analytics | EU-US Data Privacy Framework (DPF), Standard Contractual Clauses (SCC) |
| Vercel Inc. | USA | Website hosting and CDN | Standard Contractual Clauses (SCC) |
Cross-border data transfers are carried out with appropriate safeguards under Article 9 of the KVKK and, where applicable, GDPR Chapter V.
7. Data Retention Periods
Your personal data is retained for the period required by the purposes of processing and the statute of limitations under applicable laws:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Contact form data | 2 years following resolution of the request | Article 146 of the Turkish Code of Obligations No. 6098 (general statute of limitations) |
| Commercial electronic message consent records | 3 years after withdrawal of consent | Law No. 6563 and related regulations |
| Website access logs (IP, browser) | 2 years | Article 5 of Law No. 5651 |
| Cookie data | Up to 13 months depending on cookie type | Decisions of the Personal Data Protection Board and EU practice |
Upon expiry of the retention period, your personal data is deleted, destroyed, or anonymized in accordance with the KVKK and the Regulation on the Deletion, Destruction or Anonymization of Personal Data.
8. Data Security Measures
In accordance with Article 12 of the KVKK, we apply the following technical and organizational measures to safeguard your personal data:
- Encryption of data in transit using SSL/TLS
- Prevention of unauthorized access via authorization and access-control matrices
- Regular security updates and vulnerability scans
- Personal data protection awareness training for employees
- Maintaining and updating the data processing inventory
9. Your Rights as a Data Subject
Under Article 11 of the KVKK (and Articles 15-22 of the GDPR for EEA visitors), you have the following rights:
- To learn whether your personal data is being processed
- To request information about the processing if it has occurred
- To learn the purposes of processing and whether your data is used in accordance with those purposes
- To know third parties to whom your data is transferred domestically or abroad
- To request correction if your data is incomplete or inaccurate
- To request deletion or destruction under KVKK Art. 7
- To request that correction, deletion, or destruction be notified to third parties to whom the data was transferred
- To object to outcomes derived solely from automated analysis that adversely affect you
- To claim compensation for damages incurred due to unlawful processing
10. How to Submit a Request
To exercise the rights stated above, in accordance with the Communiqué on the Procedures and Principles of Application to the Data Controller, you may submit a request via one of the following channels:
(Use the subject "Personal Data Request" and attach a document verifying your identity.)
(Mark the envelope: "Information Request under the Personal Data Protection Law".)
Your request will be resolved free of charge within the shortest time possible and at the latest within 30 (thirty) days, depending on the nature of the request. If the operation requires a separate cost, the fee determined in the tariff set by the Personal Data Protection Board may be charged.
If your request is rejected, the response is found inadequate, or no response is provided within the deadline, you may submit a complaint to the Personal Data Protection Board within 30 days of becoming aware of the response and in any case within 60 days of the application date.
11. Updates to This Notice
This notice may be updated to comply with legal requirements and our company policies. The current version will always be published at vex-hub.com/en/privacy-notice.
VEX-I Teknoloji ve Bilişim Hizmetleri Ltd. Şti.
This notice has been prepared pursuant to Article 10 of the Personal Data Protection Law No. 6698 and the Communiqué on the Procedures and Principles for Compliance with the Disclosure Obligation.