Yasin Serdar Saglam is the data controller responsible for the processing of your personal data as described in this Privacy Policy, in compliance with the General Data Protection Regulation (GDPR) and applicable Spanish data protection laws (LOPDGDD).
2. Information We Collect
2.1 Information You Provide
Contact Information: Name, email address, phone number when you contact us or engage our services
Payment Information: Billing details processed securely through Stripe. We do not store your full credit card numbers, CVV, or sensitive payment data on our servers
Business Information: Company name, industry, and project details relevant to service delivery
Communications: Content of emails, messages, and correspondence with us
2.2 Information Collected Automatically
Usage Data: Pages visited, time spent, referral sources, and interaction patterns
Device Information: Browser type, operating system, screen resolution, and IP address
Cookies & Tracking: We use Google Analytics and essential cookies for website functionality and analytics
3. How We Use Your Information
We use the collected information for the following purposes:
To provide, maintain, and improve our services
To process payments and issue invoices
To communicate with you about your projects, inquiries, or support requests
To comply with legal obligations, including tax reporting requirements under Spanish and EU law
To protect our rights, prevent fraud, and ensure the security of our services
To analyze website usage and improve user experience
4. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
Contractual Necessity: Processing necessary for the performance of a contract or to take pre-contractual steps at your request
Legitimate Interest: Processing necessary for our legitimate business interests, such as fraud prevention, service improvement, and direct marketing to existing clients
Legal Obligation: Processing required to comply with Spanish and EU tax, accounting, and regulatory obligations
Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications)
5. Payment Data & Stripe
Payment processing is handled exclusively by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. When you make a payment:
Your payment card details are transmitted directly to Stripe's secure servers
We receive only a transaction reference, last four digits of your card, and payment status
We do not store, process, or have access to your full card details
We do not sell, rent, or trade your personal information. We may share data with:
Stripe: For payment processing
Google Analytics: For website usage analytics (anonymized where possible)
Tax Authorities: As required by Spanish and EU tax regulations
Legal Requirements: When required by law, court order, or governmental authority
Professional Advisors: Accountants, lawyers, and auditors bound by confidentiality obligations
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this policy:
Client data: For the duration of the business relationship plus 5 years (as required by Spanish commercial law)
Invoice & tax records: Minimum 5 years (Spanish tax law requirement)
Analytics data: Up to 26 months (Google Analytics default)
Communications: For the duration of the business relationship plus 3 years
8. Your Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
Right of Access: Request a copy of the personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your data (subject to legal retention requirements)
Right to Restrict Processing: Request limitation of data processing in certain circumstances
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at bilgi@gizlimedya.com.tr. We will respond within 30 days as required by GDPR.
9. Cookies
Our website uses the following types of cookies:
Essential Cookies: Required for basic website functionality
Analytics Cookies: Google Analytics cookies to understand website usage patterns
You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.
10. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States (e.g., Stripe, Google). Such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission.
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
SSL/TLS encryption for all data in transit
Secure server infrastructure with regular updates
Access controls and authentication measures
Regular review of data processing practices
12. Children's Privacy
Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.
14. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD) at www.aepd.es.
15. Contact
For privacy-related inquiries or to exercise your data protection rights: