Data Protection Notice (KVKK)
Note: This English text is provided for convenience only. The Turkish version at menuverse.me/kvkk.html is the legally binding original; in the event of any conflict, the Turkish text prevails.
This disclosure notice is prepared under Article 10 of the Turkish Personal Data Protection Law No. 6698 ("KVKK") and the related Communiqué, in the capacity of data controller, by Ömer Bozkurt, who operates Menuverse as a natural person.
1. Identity of the Data Controller
Data Controller: Ömer Bozkurt (natural person)
Brand: Menuverse
Address: Antalya / Türkiye
E-mail: [email protected]
2. Categories of Personal Data Processed
| Category | Example Data |
|---|---|
| Identity | Name-surname, national ID no (when issuing an expense voucher) |
| Contact | E-mail, phone, address |
| Customer Transaction | Order history, expense voucher/payment records, subscription records |
| Transaction Security | Password hashes, session records, IP, logs |
| Legal Transaction | Contract, consent and approval records |
| Financial | Bank/IBAN, expense voucher/payment details (no card data stored) |
| Marketing | Consent records, preferences, campaign responses |
| Technical | Device/browser info, cookies, usage analytics |
3. Purposes of Processing
- Providing, managing and improving Menuverse SaaS services,
- Creating the user account, authentication and authorization,
- Subscription, payment documentation (expense voucher) and collection,
- Managing customer requests and complaints, providing technical support,
- Ensuring platform security, preventing abuse,
- Fulfilling legal obligations (Tax Procedure Law, Commercial Code, Law 5651, KVKK),
- With explicit consent, marketing, campaigns and newsletters,
- Product development and improvement, using anonymized analytics where possible.
4. Legal Bases of Processing (KVKK art. 5–6)
- Explicitly provided by law (Tax Procedure Law, Commercial Code, Law 5651, etc.),
- Necessary for the establishment/performance of a contract (subscription, service delivery),
- Necessary for the data controller to fulfil a legal obligation,
- Necessary for the establishment, exercise or protection of a right,
- The data controller's legitimate interest, provided fundamental rights are not harmed,
- Explicit consent (marketing communication, cross-border transfers where adequate protection is absent).
5. Recipients and Purpose of Transfers
Your data may be transferred, within the conditions of KVKK art. 8 and 9, to:
- Service Providers / Data Processors: Cloud hosting, e-mail, analytics, payment infrastructure, customer support software (under KVKK-compliant agreements).
- Authorized Public Bodies: Within lawful request and audit processes.
- Independent Audit, Accounting and Legal Advisory Providers: To fulfil legal obligations.
- Cross-Border Providers: Only when KVKK art. 9 conditions are met (adequate protection / Board-permitted undertaking / explicit consent).
Your personal data is not transferred or sold to third parties for advertising or sales purposes.
6. Collection Methods
Data is collected by automated (forms, cookies, logs) and non-automated (e-mail, phone, contract) means, electronically and/or physically, via the website, management panel, support channels and business partners.
7. Retention Periods
Data is retained for the periods set out in the relevant legislation or for as long as the processing purpose requires. When the period expires, Menuverse deletes, destroys or anonymizes the data. See Privacy Policy section 7 for example periods.
8. Rights of the Data Subject (KVKK art. 11)
By applying to Menuverse, you may exercise the rights to:
- Learn whether your data is processed,
- Request information if it has been processed,
- Learn the purpose and whether it is used accordingly,
- Know third parties to whom it is transferred at home/abroad,
- Request correction of incomplete/inaccurate data,
- Request deletion/destruction under KVKK art. 7,
- Request that actions under (5) and (6) be notified to recipients,
- Object to an adverse result from automated analysis,
- Claim compensation for damages due to unlawful processing.
9. How to Apply
To exercise your rights, you may apply in line with the relevant Communiqué: by signed petition to the address above; from your registered e-mail (KEP) to the KEP address we provide; by e-mail signed with a secure electronic signature to [email protected]; or from the e-mail address registered in our system to [email protected].
Your request is resolved free of charge within 30 days at the latest. If the request requires an additional cost, the fee in the Board's tariff may be charged. If your request is rejected or the response is insufficient, you may complain to the Personal Data Protection Board within 30 days under KVKK art. 14.
10. Data Security
Under KVKK art. 12, Menuverse takes technical and administrative measures appropriate to its scale to prevent unlawful processing and access and to ensure the safekeeping of personal data: TLS encryption, least-privilege access control, encrypted backups and regular review.
11. Breach Notification
If data falls into the hands of unauthorized persons, notification is made to the Personal Data Protection Board and affected data subjects within 72 hours of detection, under KVKK art. 12/5.
12. Updates
This Notice may be updated due to legislative changes and Menuverse policies. You can always reach the current version at menuverse.me/en/kvkk.html.