Last reviewed: 2026-02-19

Privacy Policy

This Privacy Policy explains how DPPskop and its parent company Tekvizyon Technology Services collect, use, and protect personal data. We comply with the EU General Data Protection Regulation (GDPR) and Turkish KVKK.

Pre-Content: Legal Side Nav

Data We Collect

We collect three categories of personal data:

  • Account data: name, email, company, role, password hash
  • Usage data: log-in times, pages visited, features used, IP region (anonymised)
  • Communications: support tickets, demo requests, sales emails

DPPskop's product analytics is privacy-first: no cookies, no IP storage, no cross-site tracking. See the Analytics page for technical details.

How We Use Data

  • Service delivery: Provide the DPPskop platform under our customer contract
  • Support: Respond to questions, troubleshoot issues
  • Improvement: Analyse aggregate usage to improve features (no individual profiling)
  • Security: Detect and prevent unauthorised access
  • Communication: Service notifications, security alerts, contractual updates
  • Marketing: Only with explicit opt-in; one-click unsubscribe
  • Compliance: Meet our own ESPR, GDPR, KVKK obligations

Your Rights (GDPR + KVKK)

Under GDPR and KVKK, you have the following rights regarding your personal data:

  • Access (GDPR Art. 15 / KVKK Art. 11): Request a copy of your data
  • Rectification (Art. 16): Correct inaccurate data
  • Erasure / Right to be Forgotten (Art. 17): Request deletion
  • Restriction (Art. 18): Limit processing
  • Portability (Art. 20): Export your data in machine-readable format
  • Objection (Art. 21): Opt out of legitimate-interest processing
  • Automated decision-making (Art. 22): Right to human review
  • Withdraw consent: Where consent is the basis, withdraw at any time
  • Lodge a complaint: With your supervisory authority (e.g., your country's DPA)

To exercise any of these rights, contact our DPO at [email protected]. We respond within 30 days.

Data Retention & Sharing

We retain personal data only as long as necessary:

  • Active accounts: For the duration of the customer relationship
  • After termination: Deletion within 30 days, with cryptographic verification
  • Audit logs: 7 years (compliance requirement)
  • Backups: Encrypted, 90-day rolling retention

We do not sell or rent personal data. We share data only with:

  • Sub-processors necessary for service delivery (AWS, Stripe, SendGrid) — all GDPR-compliant
  • Authorities, only when legally required (court order, regulatory request)

Frequently Asked Questions

EU servers only — AWS Frankfurt (primary) and Dublin (backup). Zero data egress to non-EU regions. ISO 27001 + SOC 2 Type II certified.

Email [email protected] with your request. We respond within 30 days. Identity verification may be required for sensitive requests.

Functional cookies only (login session, language preference). No tracking, no advertising cookies. Analytics is cookie-free first-party aggregation.

TLS 1.3 in transit; AES-256 at rest; bcrypt for passwords; field-level encryption for sensitive fields.

We notify affected users within 72 hours of confirmed breach (GDPR Art. 33). Notifications include scope, mitigation steps, and your protective actions.

Yes — when you terminate or request deletion, supplier-uploaded data linked to your tenant is fully purged within 30 days.

Our DPO is reachable at [email protected]. The DPO is independent and reports to executive management for compliance oversight.

Related DPP Topics

📄

DPP Platform

Create & manage digital passports.
🇪🇺

EU DPP Regulation

EU 2024/1781 details.

DPP & ESPR Compliance

Technical compliance roadmap.
🧵

Textile DPP

Sector-specific solution.
📘

DPP Guide

Free 13-page handbook.

ESPR Compliance Test

5-min self-assessment.

What is DPP?

Definition & basics.
📰

Blog

Latest DPP & ESPR insights.

Questions About Privacy?

Our Data Protection Officer responds within 1 business day.

Contact DPO