VIVAMIT Privacy Policy
This Privacy Policy ("Policy") explains how VİVA MARKETİNG İT OPERASYON VE YÖNETİM DANIŞMANLIĞI LİMİTED ŞİRKETİ ("we", "us", or "our") collects, uses, and protects your personal data when you visit or interact with our website https://vivamit.com ("Website").
This Policy is designed to comply with the Turkish Personal Data Protection Law (Law No. 6698 – KVKK) and is designed to comply with international data protection standards.
We are committed to protecting your personal data, upholding the principles of Environmental, Social, and Governance (ESG) throughout our operations, and ensuring transparency in how we process your information. Our approach to data processing goes beyond legal compliance – it reflects our dedication to responsible technology, ethical and sustainable business practices. By using this website, you contribute to a digital environment where privacy, ethics, and sustainability are core values.
Please be aware that your interactions with this website may involve the use of third-party services or infrastructure (such as hosting, analytics, or embedded content) that operate independently and may collect and process personal data in accordance with their own privacy policies. These providers may process data in jurisdictions outside of Türkiye.
We recommend reviewing the privacy practices of any third-party services you access via this site.
BY ACCESSING OR USING THIS WEBSITE, YOU CONFIRM THAT YOU HAVE READ AND UNDERSTOOD OUR PRIVACY POLICY. YOU ALSO PROVIDE YOUR EXPLICIT CONSENT TO THE COLLECTION, USE, AND PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED THEREIN.
If you do not agree with this Policy, please do not use the website and refrain from submitting any personal information. We respect your choice and are committed to protecting your privacy. Please note, however, that if you do not provide the requested consent, certain features or services on the website may not be accessible to you.
2. Data Controller
The data controller responsible for the processing of your personal data is:
VİVA MARKETİNG İT OPERASYON VE YÖNETİM DANIŞMANLIĞI LİMİTED ŞİRKETİ
Email: coo@vivamit.com
3. What Data Do We Collect?
We may collect the following categories of personal data through the Website:
- A. Full name;
- B. Email address;
- C. Phone number;
- D. Professional information (e.g., job title, CV content, LinkedIn profile, experience, etc.);
- E. Any other information you voluntarily provide via contact or application forms.
IMPORTANT: WE DO NOT INTEND TO COLLECT SENSITIVE PERSONAL DATA (SUCH AS HEALTH DATA, RELIGIOUS BELIEFS, BIOMETRIC OR RACIAL/ETHNIC INFORMATION). PLEASE DO NOT SUBMIT SUCH DATA.
You confirm that any personal data provided is voluntarily shared and DOES NOT CONTAIN SENSITIVE DATA (e.g., health information, racial or ethnic origin, religion, biometric data, or any other sensitive categories under applicable law).
We encourage you to be mindful of the risks inherent in any data submission. While we are committed to protecting your data, there are always risks associated with the use of third-party platforms, especially in relation to data transmission over the internet.
You should ensure that the personal data you provide to the bot complies with applicable laws, including KVKK.
By submitting your data, you acknowledge that you are solely responsible for ensuring that the information you share does not violate any legal provisions, including but not limited to the Turkish Personal Data Protection Law (KVKK), or infringe upon the rights of third parties.
In alignment with our ESG commitments, we are dedicated to safeguarding not only your privacy but also ensuring that any personal data shared is processed with respect and integrity. We do not intentionally collect sensitive data, and we strongly advise against submitting any such information. If sensitive data is shared inadvertently, we will take all reasonable steps to ensure compliance with the applicable laws and minimize any potential risks to your privacy.
4. Purposes of Data Processing
We process your personal data for the following purposes, in accordance with applicable laws and our commitment to ethical, secure, and sustainable data practices:
- A. Communication and Inquiry Management: To respond to your inquiries, requests, or messages submitted via our contact form or other communication channels. This includes maintaining records of such communications for quality assurance and compliance purposes.
- B. Recruitment and Talent Management: To evaluate job applications submitted through our careers page, communicate with applicants regarding current or future employment opportunities, and maintain a secure record of recruitment activity in compliance with applicable labor and data protection laws.
- C. Website Optimization and Functionality: To ensure the secure, reliable, and efficient functioning of our Website. This includes the use of cookies and similar tracking technologies to enhance your browsing experience, support core site functionality, prevent fraudulent activity, and maintain system integrity.
- D. Compliance and Risk Management: To comply with our legal obligations, including but not limited to obligations under Turkish law (KVKK), the European General Data Protection Regulation (GDPR), and other applicable data protection frameworks. We may also process your data to exercise or defend legal claims, cooperate with supervisory authorities, or respond to law enforcement or regulatory requests.
- E. Internal Analytics and Service Improvement: To perform anonymized or pseudonymized analysis of Website usage trends, user interactions, and performance metrics. This helps us to improve our content, enhance user experience, and refine our service offerings in a manner consistent with data minimization and ethical use principles.
5. Legal Basis for Processing
We process your personal data in compliance with the KVKK and other applicable regulations, based on the following legal grounds:
- A. Your Explicit Consent: When you voluntarily provide your personal data through contact forms, career applications, or other means, we process such data based on your explicit, informed consent. This includes any optional data fields or additional information you choose to provide.
- B. Compliance with Legal Obligations: Certain data may be processed and retained to fulfill our legal and regulatory obligations, including but not limited to tax, employment, data retention, or compliance with requests from public authorities and judicial bodies.
-
C. Legitimate Interests:
We may process personal data where it is necessary for the protection of our legitimate interests, provided such processing does not unduly infringe your fundamental rights and freedoms. These legitimate interests include, but are not limited to:
- ensuring the security, integrity, and functionality of our Website;
- preventing fraud, abuse, or unauthorized access;
- enhancing and improving the quality, relevance, and usability of our services;
- conducting internal audits and anonymized data analytics;
- safeguarding our legal rights and ensuring business continuity.
- D. Establishment, Exercise, or Defense of Legal Claims: Where necessary, we may process your data in the context of actual or potential legal proceedings or compliance with lawful governmental requests.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable laws, regulations, or legitimate business needs. Data is stored securely, with access strictly limited to authorized personnel on a need-to-know basis.
STANDARD RETENTION PERIODS
- Contact Form Submissions: Personal data submitted through the contact form is retained for a period of up to 6 months following the last correspondence, unless continued retention is necessary for legitimate interests, such as responding to follow-up inquiries, handling disputes, or maintaining operational records.
- Job Applications: Personal data provided during the application process is retained for up to 12 months from the date of receipt or the conclusion of the recruitment process (whichever is later), unless a longer period is required by labor, anti-discrimination, or audit laws. This allows us to consider your application for future opportunities unless you request earlier deletion.
-
Legal and Compliance Data:
Certain data may be retained for longer periods where required to:
- Comply with statutory retention obligations (e.g., tax, commercial, or employment laws);
- Establish, exercise, or defend legal claims;
- Support regulatory reporting or respond to competent authorities;
- Fulfill internal audit or corporate governance requirements in line with ESG principles.
We implement a data minimization policy and periodically review the necessity of retained data. When personal data is no longer required for any lawful purpose, it is securely deleted or anonymized using industry best practices.
-
You may request the deletion of your personal data at any time by contacting us at coo@vivamit.com. Upon verifying your identity and request, we will act on it within 30 calendar days, unless:
- the data must be retained to comply with legal obligations;
- retention is necessary to establish, exercise, or defend legal claims;
- other overriding legitimate grounds apply under KVKK or similar applicable law.
- In such cases, we will inform you of the lawful basis for continued retention and limit further processing to the strict minimum.
7. Sharing of Data
We do not sell or rent your personal data to third parties. However, in certain limited and strictly controlled circumstances, we may share your personal data with third parties, only when such sharing is:
-
Necessary for the Provision of Services:
We may share personal data with carefully selected third-party service providers strictly to the extent necessary to operate our services and fulfill the purposes described in this Privacy Policy. These may include:
- Hosting providers, for the storage and delivery of content and platform operations;
- CRM (Customer Relationship Management) systems, for managing user relationships and communications.
-
Compliance with Legal Obligations:
We may disclose your personal data if we are legally required to do so under applicable laws and regulations, including but not limited to:
- Requests from competent courts or public authorities (e.g., the Turkish Personal Data Protection Authority – KVKK Kurumu);
- Obligations under consumer protection.
WHERE LEGALLY REQUIRED OR APPROPRIATE, WE WILL REQUEST YOUR EXPLICIT CONSENT BEFORE SHARING YOUR PERSONAL DATA WITH THIRD PARTIES FOR ANY OTHER PURPOSES NOT COVERED ABOVE.
8. International Data Transfers
Although our primary data processing operations are conducted within Turkey, your personal data may, in certain circumstances, be transferred to and processed in jurisdictions outside of Turkey. This can occur, for example, when we utilize cloud hosting providers, IT service vendors, or other third-party processors whose infrastructure or operations are based abroad.
Such international data transfers inherently involve additional risks, including differences in data protection laws, potential governmental access requests, and challenges in enforcing your rights across borders. To mitigate these risks and protect your data privacy and security, we implement the following strict safeguards and principles:
- Adequacy and Legal Compliance: We ensure that any transfer of your personal data to a country or territory outside Turkey is only made where that jurisdiction has been recognized by the KVKK as providing an adequate level of data protection, consistent with Turkish data protection law and international standards. Transfers to such jurisdictions are deemed to comply with all relevant legal requirements without compromising your rights.
- Contractual and Organizational Safeguards: Where the recipient jurisdiction does not benefit from an adequacy decision, we transfer data only if appropriate safeguards are in place.
- Explicit Informed Consent: In cases where adequate protection or safeguards are not available or applicable, we will seek your explicit, informed consent prior to transferring your data internationally. This consent process ensures transparency regarding the risks and protections involved in such transfers.
- Technical Security Measures: To minimize exposure and prevent unauthorized access, loss, or alteration of your data during international transfers, we implement robust technical measures.
- Organizational Controls and Accountability: We maintain comprehensive documentation of all international data transfers and conduct periodic risk assessments to evaluate ongoing compliance and emerging threats. We also provide regular training to employees and service providers on cross-border data protection obligations.
- Limitation of Transfer Scope: We limit international transfers to the minimum personal data strictly necessary for the relevant service or processing purpose, consistent with the principles of data minimization and purpose limitation under KVKK and ESG best practices.
- Your Rights and Remedies: You retain the right to withdraw consent to international transfers at any time, subject to legal or contractual limitations, by contacting us at coo@vivamit.com.
9. Your Rights
As per the KVKК, you have the following rights regarding your personal data:
-
Right to Access:
You have the right to request a copy of your personal data. Upon your request, we will provide this data in a machine-readable format, allowing you to easily transmit it to another data controller (Right to Data Portability).
- To request access to your personal data, please contact us at coo@vivamit.com.
-
Right to Rectification:
You can update most of your personal data that we hold directly through your account settings on the bot interface.
- If you believe we hold inaccurate or incomplete information about you that cannot be updated via the bot, you can contact us directly at coo@vivamit.com, and we will correct or update the information accordingly.
- Right to Deletion: You have the right to delete your account and/or request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected. If you no longer wish to use the bot, you can also request the deletion of your personal data directly by contacting us.
-
Right to Object to the Processing of Your Personal Data:
You have the right to object to the processing of your personal data if we process it based on our legitimate interests, or those of a third party. If you believe your interests override our legitimate interests, please provide us with any relevant information, and we will reassess our legitimate interest and, if necessary, stop processing your personal data for that purpose.
- Additionally, if you object to the use of your personal data for direct marketing purposes, we will stop using your personal data for marketing communications immediately.
-
Right to Restrict the Processing of Your Personal Data:
You can request us to restrict the use of your personal data if:
- You believe the data we hold is inaccurate,
- You believe the processing of your data is unlawful but do not want it deleted,
- We no longer need your data for the intended purpose but you need it for establishing, exercising, or defending legal claims,
- You have objected to the processing of your data and wish for a temporary restriction until we assess your objection.
- Withdrawal of Consent If you have provided consent for the processing of your personal data, you have the right to withdraw your consent at any time, free of charge.
How to Exercise Your Rights?
To exercise any of the rights outlined above, please contact us at coo@vivamit.com. We will promptly respond to your request and ensure that we fulfill your rights in full compliance with KVKK and other applicable Turkish laws. Your request will be addressed within 7 calendar days.
10. Data Security
We take the protection of your personal data very seriously and implement appropriate technical and organizational measures to safeguard your information from unauthorized access, loss, alteration, or disclosure. Our security practices are designed to ensure the confidentiality, integrity, and availability of your personal data, in line with both KVKK and international standards.
To protect your personal data, we employ industry-standard security technologies and practices, including but not limited to:
- Access Control: We limit access to personal data to those employees and service providers who need it to perform their duties. Access is granted on a need-to-know basis and is monitored regularly.
- Data Minimization: We collect only the minimum necessary data required to fulfill the purpose of our services. By minimizing the data we hold, we reduce the risks associated with potential data breaches.
- Incident Response Plan: In the event of a security breach or data incident, we have a clearly defined incident response plan in place. This plan includes prompt notification procedures, risk assessment, and remediation steps to mitigate any potential damage. We are committed to notifying you without undue delay if your personal data is compromised.
- Data Retention & Secure Deletion: We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy. Once your data is no longer needed, we ensure that it is securely deleted in a manner that prevents unauthorized access or recovery.
- Third-Party Service Providers: If we engage third-party service providers to process your personal data on our behalf, we ensure that they implement appropriate security measures to protect your data. We require all service providers to comply with our strict data protection standards and enter into contractual agreements to safeguard your privacy.
- Continuous Improvement: We are committed to continuously improving our data security practices. Our team regularly reviews and updates security measures to stay ahead of evolving threats and to align with best practices in data protection.
WHILE WE EMPLOY ALL REASONABLE SECURITY MEASURES TO PROTECT YOUR PERSONAL DATA, IT IS IMPORTANT TO NOTE THAT NO METHOD OF DATA TRANSMISSION OVER THE INTERNET OR ELECTRONIC STORAGE IS COMPLETELY SECURE. WHILE WE STRIVE TO USE COMMERCIALLY ACCEPTABLE MEANS TO PROTECT YOUR PERSONAL INFORMATION, WE CANNOT GUARANTEE ITS ABSOLUTE SECURITY. BY USING OUR SERVICES, YOU ACKNOWLEDGE AND ACCEPT THE INHERENT RISKS ASSOCIATED WITH THE TRANSMISSION AND STORAGE OF DATA ONLINE.
11. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time, in order to reflect changes in our practices, legal obligations, or industry standards. Any updates to this Policy will be published on this page, and the “Effective Date” at the top of the Policy will be revised to reflect the most recent update.
In the event of any significant changes that affect the way we process your personal data, we will notify you through a prominent notice on the Website or other appropriate communication channels (if applicable).
- Such changes may include, but are not limited to, updates related to the types of personal data collected, the purposes of data processing, or the rights and choices available to you regarding your personal data.
By continuing to interact with the Website after any updates or modifications to this Privacy Policy, you acknowledge and consent to the revised terms. If any change to this Policy is not acceptable to you, you should stop using the Website and discontinue all interactions with us. Your continued use of the Website following any such changes constitutes your acceptance of the new terms.
We encourage you to review this Privacy Policy periodically to ensure you are informed about how we are safeguarding your personal data, as well as your rights under KVKK and applicable international data protection standards.
In the event of significant updates, we will take appropriate steps to obtain your consent if necessary, and inform you of your rights and options.
BY ACCEPTING AND CONTINUING TO USE OUR WEBSITE, YOU CONFIRM THAT YOU HAVE READ AND UNDERSTOOD ANY MODIFICATIONS OR UPDATES TO THIS PRIVACY POLICY.
12. Contact Us
We are committed to ensuring the privacy and protection of your personal data. If you have any questions, concerns, or requests regarding this Privacy Policy or how we process your personal data, please do not hesitate to reach out to us. We are here to assist you and address any inquiries or issues you may have.
You can contact us through the following channel:
- Email: coo@vivamit.com Please include "Website Privacy Policy Inquiry" in the subject line of your email to ensure prompt attention to your request. We will respond to your inquiry as quickly as possible, typically within 7 business days.
- If you prefer to send a physical letter, please address it to the company's registered address. However, please be aware that sending physical mail introduces additional risks, such as potential delays in delivery, loss, or unauthorized access to your letter during transit. While we will make every effort to acknowledge receipt and respond in a timely manner, we recommend using digital communication channels (such as email) for faster and more secure handling of your inquiries, particularly when dealing with sensitive personal data.
