TR
EN
Privacy Policy
Data Controllers / Parties
Company Name: Kisa Digital LTD
Company Type: Private company limited by shares (England & Wales)
Companies House Number: 17087896
VAT Number: Not VAT-registered
Registered Office: Office 17814, 182-184 High Street North, East Ham, London E6 2JA, United Kingdom
Email: info@kisadigital.com
ICO Registration No: Registration in progress
Trade Name: Serkan Kısa (Sole Proprietorship)
Merchant: Serkan Kısa
Tax Office: Ataşehir Vergi Dairesi
Tax Number: 5581289828
Address: Atatürk Mah. Ertuğrul Gazi Sok. Metropol İstanbul Sitesi C1 Blok Kat 25, No:376, Ataşehir/İstanbul, Türkiye
Email: info@kisadigital.com
1. General
This Privacy Policy describes how Kısa Digital processes the personal data collected via our website and services. It is compliant with the UK GDPR + Data Protection Act 2018 and, for customers resident in Türkiye, the Turkish Personal Data Protection Law No. 6698 (KVKK).
2. Categories of Personal Data Processed
- Identity: Name, surname, national ID (for invoicing where applicable)
- Contact: Email, phone, address, country, postcode
- Transaction: Orders, invoices, payment method, balance history
- Security: IP address, session logs, login attempts, user agent
- Marketing: Preferences, consents, campaign interaction (consent-based only)
3. Purposes & Lawful Bases
| Purpose | UK GDPR Lawful Basis | KVKK Legal Ground |
|---|---|---|
| Contract formation & performance | Art. 6(1)(b) | Art. 5/2-c |
| Legal obligations (invoicing, tax) | Art. 6(1)(c) | Art. 5/2-a, ç |
| Account security, fraud prevention | Art. 6(1)(f) legitimate interest | Art. 5/2-f |
| Marketing / newsletter | Art. 6(1)(a) consent | Explicit consent |
4. Data Sharing
Data may be shared with the following third parties strictly as necessary:
- Payment institutions and acquirers
- E-invoice / e-archive integrators (TR)
- Hosting / CDN providers
- Email delivery services
- Competent public authorities (when legally required)
International transfers are made under UK GDPR Chapter V (adequacy, SCCs, BCRs) and KVKK Art. 9 (adequate country list or written undertakings).
5. Retention
- Order/invoice records: 10 years (UK Companies Act s.388 / TR TTK Art. 82)
- Account data: as long as the account is active, plus 2 years
- Marketing consents: until withdrawn
- Security logs: 180 days
A. Customers Outside Türkiye (UK GDPR Rights)
Under UK GDPR Articles 15-22 and DPA 2018 you have the following rights:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure ("right to be forgotten") (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Rights related to automated decision-making (Art. 22)
- Right to withdraw consent (Art. 7(3))
- Right to lodge a complaint with the ICO (ico.org.uk)
How to exercise: Send a written request to info@kisadigital.com. We respond within 1 month, extendable by 2 further months if complex.
B. Customers Resident in Türkiye (KVKK Rights)
Under KVKK Article 11 you have the right to:
- Learn whether your data is processed and request information about it
- Learn the purpose of processing and whether it is used in line with that purpose
- Know domestic/foreign third parties to whom data is transferred
- Request rectification of incomplete/inaccurate data
- Request deletion/destruction where the legal grounds have ceased
- Request notification of such operations to recipients
- Object to outcomes resulting from automated analysis
- Claim damages caused by unlawful processing
How to exercise: Send a written request to info@kisadigital.com or via Registered Electronic Mail (KEP), in accordance with the Communiqué on Data Subject Applications.
6. Security
HTTPS/TLS, password hashing (bcrypt/argon2), CSRF protection, session limits, brute-force lockout, audit logging, and access segregation are applied.
7. Children
Our services are not directed to persons under 18 and we do not knowingly collect their data.
8. Updates
This policy may be updated; significant changes will be announced on the site.