GDPR Uyum Bildirimi

Son güncelleme: 16 Aralık 2025

Bu belge, Avrupa Birliği Genel Veri Koruma Yönetmeliği (GDPR) kapsamındaki uyumluluk bilgilerini içermektedir. / This document contains compliance information under the EU General Data Protection Regulation (GDPR).

1. Data Controller / Veri Sorumlusu

Pergen AI Teknoloji A.Ş.
Address: Teknopark Istanbul, Pendik, Istanbul, Turkey
Email: gdpr@pergen.ai
Data Protection Officer (DPO): dpo@pergen.ai

2. Legal Basis for Processing

Under Article 6 of GDPR, we process personal data based on the following legal grounds:

  • Consent (Art. 6(1)(a)): Where you have given explicit consent
  • Contract (Art. 6(1)(b)): Processing necessary for contract performance
  • Legal Obligation (Art. 6(1)(c)): Processing required by law
  • Legitimate Interests (Art. 6(1)(f)): For our legitimate business interests

3. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights:

Right of Access (Art. 15)

You can request a copy of your personal data and information about how it is processed.

Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17)

You can request deletion of your personal data under certain circumstances.

Right to Restriction (Art. 18)

You can request restriction of processing under certain circumstances.

Right to Data Portability (Art. 20)

You can request your data in a structured, machine-readable format.

Right to Object (Art. 21)

You can object to processing based on legitimate interests or direct marketing.

4. International Data Transfers

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with adequacy decisions
  • Binding Corporate Rules where applicable

5. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable laws. When data is no longer needed, it is securely deleted or anonymized.

6. Security Measures

We implement appropriate technical and organizational measures to protect personal data:

  • AES-256 encryption for data at rest and in transit
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

7. Data Breach Notification

In accordance with Articles 33 and 34 of GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals. Affected individuals will be notified without undue delay if the breach is likely to result in a high risk.

8. Exercising Your Rights

To exercise any of your GDPR rights, please contact us:

Email: gdpr@pergen.ai
DPO: dpo@pergen.ai

We will respond to your request within one month. This period may be extended by two further months for complex requests.

9. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

GDPR Compliance | Pergen AI