GDPR Notice

Privacy Notice

Last updated: August 28, 2025
Home Contact

Introduction and Scope

As Deepp AI (technology consulting and artificial intelligence software), we prioritize the security of your personal data as our top concern. This Privacy Notice explains what personal data we process, for what purposes and on what legal grounds we process it, to whom the data may be transferred, by what methods we obtain the data, and your rights under applicable data protection laws.

Who is the Data Controller?

Under applicable data protection legislation, the data controller is:

Legal Entity

Deepp Yapay Zeka Teknolojileri A.Ş.
MERSİS: 0272119319200001

Contact

Address: Cevizlik Mah. İstanbul Cad. Hamurcu İş Merkezi No: 12/26 – Bakırköy/İstanbul, Türkiye
Email: info@deepp.ai
KEP: deepp@hs02.kep.tr

Controller/Processor Roles

We act as a data controller for our website, marketing activities, and application/contact processes conducted on our own behalf. For services provided to our clients under contract, we mostly act as a data processor and operate according to the client's instructions. In this context, the primary data processing notification obligation belongs to the client for customer data processing activities.

Categories of Personal Data Processed

Identity & Contact
  • Name, surname, title/role
  • Corporate email, phone, company name
  • Address (if any)
Customer Transaction & Support
  • Request/proposal records, meeting notes
  • Support tickets, call/messaging records
  • Project documentation related logs
Transaction Security & Technical
  • IP, device/browser information, usage logs
  • Authentication and access records
  • Cookie data (see Cookies section)
Visual-Audio & Marketing
  • Event photo/video records (with consent)
  • Communication preferences, campaign interactions
Finance & Billing (B2B)
  • Invoice and payment information (corporate)
  • Tax/Commercial title data
Recruitment (If Application)
  • Resume, education and reference information
  • Interview assessments

Processing Purposes and Legal Bases

Main Purposes
  • Provision of services, management of proposal & contract processes
  • Communication and fulfilling support requests
  • Security, debugging, prevention of misuse
  • Service quality measurement and improvement
  • Fulfillment of legal obligations
  • Marketing/event communication (under explicit consent/ETK framework)
Legal Bases
  • Contractual necessity: For contract establishment/performance
  • Legal obligation: Fulfillment of legal requirements
  • Legitimate interests: Our business interests (without harm to fundamental rights)
  • Vital interests: Protection of vital interests
  • Explicit consent: For commercial communications, promotional visuals, etc.
AI-Specific Commitments
  • Customer Content (documents/data, prompts and outputs provided by the customer) will not be used for model training without your explicit written consent.
  • Customer Content is kept separate in service environments; access is managed with authorization matrices and records.
  • Necessary contractual and technical safeguards are provided when third-party model/infrastructure providers are used.
  • On-premise/private cloud deployment options are offered upon request.

Personal Data Collection Methods

  • Forms on our website (contact, demo/proposal requests, event registrations)
  • Email, phone/call center, online meetings and messaging applications
  • Contracts, procurement/purchasing and billing processes (B2B)
  • Technical logs and cookies generated during service usage
  • Job applications and resume submissions (if any)

Personal Data Transfers and Recipient Groups

  • Service/Infrastructure Providers: suppliers providing hosting, cloud, security, communication, analytics, logging services
  • Business Partners and Suppliers: project collaborations, subcontractors and consultants
  • Finance and Legal: financial advisors, audit, legal consultants
  • Authorized Institutions/Organizations: as required by legislation or upon request
  • Group/Affiliates: for business operations and corporate reporting purposes

Necessary confidentiality and data processing clauses are concluded with recipients; transfers are limited to the purpose.

International Transfers

Personal data may be transferred abroad to countries with adequate protection as determined by relevant authorities, through approved commitment processes, or with your explicit consent when necessary. Additional technical/organizational security measures are applied in international transfers.

Retention Periods and Deletion

Personal data is retained for the period stipulated in relevant legislation or required by the processing purpose, and upon expiration of the period, it is deleted, destroyed or anonymized in accordance with legislation. Details regarding periods are defined in our company's data retention-deletion policies.

Your Data Protection Rights

  • To learn whether your data is being processed and request information
  • To learn the purpose of processing and whether it is used appropriately for the purpose
  • To know the third parties to whom data is transferred domestically/abroad
  • To request correction if processed incompletely/incorrectly
  • To request deletion/destruction when conditions are met
  • To request notification of transfers
  • To object to adverse outcomes from exclusively automated systems analysis
  • To seek compensation in case of damage
Application Method

You can submit your requests regarding your rights in compliance with applicable procedures; in writing, via KEP, secure electronic signature, mobile signature, or through your registered email address in our system. Applications are concluded as soon as possible and at the latest within 30 days according to their nature. If the transaction additionally requires costs, fees according to the tariff determined by relevant authorities may be requested.

Cookies

For analytical/marketing cookies other than necessary cookies, a consent mechanism is applied within the scope of legal requirements. You can review our Cookie Policy for details.

Updates

This notice may be updated in line with our applications, technologies, or legislative changes. The current version is published on this page.

Contact

  • Data Controller: Deepp Yapay Zeka Teknolojileri A.Ş.
  • MERSİS: 0272119319200001
  • Address: Cevizlik Mah. İstanbul Cad. Hamurcu İş Merkezi No: 12/26 – Bakırköy/İstanbul, Türkiye
  • Email: info@deepp.ai
  • KEP: deepp@hs02.kep.tr