Skip to main content
TR

Privacy Policy

How we collect, use, share, store and protect personal data, the legal bases we rely on, how long we keep it, and the rights you can exercise — in one document.

1. Introduction and Scope

Benjis E-Ticaret Danışmanlık Ltd. Şti. ("Benji's Digital", "we", "us" or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, store and protect personal data of visitors to benjisdigital.com (the "Website"), prospective and existing clients, business partners, suppliers, and job applicants.

This Policy is designed to comply with: Turkish Law No. 6698 on the Protection of Personal Data ("KVKK"), Law No. 5651 on the Regulation of Internet Publications, Law No. 6563 on the Regulation of Electronic Commerce ("ETK"), Law No. 5809 on Electronic Communications, and—to the extent applicable to you based on your location and the way we offer our services—the EU General Data Protection Regulation ("GDPR"), the UK GDPR, and other applicable data protection laws.

Where we collect data through specific intake points (e.g. contact forms, sign-ups, RFP submissions), we provide additional just-in-time notices at the point of collection. Cookies are addressed in our Cookie Policy.

1.1. Definitions

  • Personal data — any information relating to an identified or identifiable natural person.
  • Processing — any operation performed on personal data, whether automated or not (collection, storage, use, disclosure, deletion, etc.).
  • Data subject — the natural person to whom personal data relates.
  • Controller — the entity that determines the purposes and means of processing personal data.
  • Consent — a freely given, specific, informed and unambiguous indication of the data subject's wishes.

2. Data Controller

Benji's Digital is the controller in respect of personal data processed through this Website and our business operations. Our identification details are set out in the panel at the top of this Policy. Although we are not required to appoint a Data Protection Officer or an EU/UK representative, you can reach our privacy contact at [email protected] for any data protection enquiry.

3. Categories of Personal Data We Process

We may process the following categories of personal data, depending on the nature of our relationship with you:

  • Identity data: name, surname, title, national identification number (only where legally required for invoicing or contracts).
  • Contact data: e-mail address, phone number, company name, postal address, website URL.
  • Client / engagement data: contract details, scope of services, support requests, complaint records.
  • Financial data: billing details, payment information, bank account details (only as needed for performing contracts).
  • Marketing data: newsletter subscription status, preferences, event registration data.
  • Legal and compliance data: contracts, powers of attorney, dispute records, legal correspondence.
  • Technical and security data: IP address, log files, browser and device identifiers, session data.
  • Online behavioural data: data collected via cookies, including pages visited, click behaviour, time on site, referring URLs and approximate location data.
  • Audio/visual records: online meeting recordings, made only with the parties' knowledge and consent.
  • Recruitment data: CVs, education, employment history and references provided in job applications (where applicable in the future).

We do not, as a rule, process special category data (data revealing racial or ethnic origin, political opinions, religious beliefs, trade-union membership, health, biometric or genetic data, or data concerning a person's sex life or sexual orientation). Where such processing is necessary, we rely on the explicit conditions set out in KVKK Art. 6 and GDPR Art. 9 and apply additional safeguards.

4. How We Collect Personal Data

  • Directly from you — when you submit forms, request a quote, sign up for our newsletter, communicate with us by e-mail, phone or in person, sign a contract, or attend a meeting or event.
  • Automatically — when you use the Website, through cookies, server logs, analytics, tag management and similar technologies.
  • From third parties — including suppliers and partners, references you provide, payment and invoicing providers, analytics and advertising platforms, and publicly available sources (e.g. LinkedIn, corporate websites).

5. Purposes of Processing

We process personal data in line with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and accountability. Specific purposes include:

  • Providing our services (digital marketing, e-commerce consulting, SEO/GEO, ad management, social media management, web design, etc.) and performing client contracts;
  • Managing client relationships, handling enquiries and complaints, and providing support;
  • Preparing quotes, scoping engagements and entering into contracts;
  • Invoicing, collections, accounting and meeting financial reporting obligations;
  • Complying with legal obligations (tax, social security, e-invoicing, corporate record-keeping, etc.);
  • Maintaining Website security, keeping access logs (in accordance with Law No. 5651), preventing fraud and abuse;
  • Measuring and improving the performance of our Website and user experience (subject to consent for non-essential analytics);
  • Conducting marketing and communications activities (subject to consent and applicable opt-in registers);
  • Establishing, exercising or defending legal claims;
  • Internal reporting, statistics and quality improvement.

6. Legal Bases

We rely on the following legal bases for processing:

  • Performance of a contract (KVKK Art. 5(2)(c); GDPR Art. 6(1)(b)) — for client engagements, billing and contract management.
  • Compliance with a legal obligation (KVKK Art. 5(2)(ç); GDPR Art. 6(1)(c)) — for tax, accounting, retention and reporting obligations.
  • Establishment, exercise or defence of legal claims (KVKK Art. 5(2)(e); GDPR Art. 9(2)(f) where relevant).
  • Legitimate interests (KVKK Art. 5(2)(f); GDPR Art. 6(1)(f)) — for Website security, fraud prevention, B2B relationship management, service improvement and direct B2B communications, after balancing our interests against your rights and freedoms.
  • Consent (KVKK Art. 5(1); GDPR Art. 6(1)(a)) — for non-essential cookies, marketing communications and other processing not covered by another legal basis.

Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

7. Disclosure and Transfers

7.1. Recipients

We may share personal data with:

  • Our accountants and tax advisors (for invoicing and statutory compliance);
  • Our legal advisors (for the conduct of legal matters);
  • Banks and payment service providers;
  • IT, hosting and infrastructure suppliers;
  • Competent public authorities, where required by law;
  • Business partners and suppliers, only as strictly necessary to provide our services.

7.2. International Transfers

We use cloud-based services that may host data outside Türkiye, the EEA and the UK, including in the United States. The principal categories of providers we work with include: Google Workspace (e-mail, Drive, document management); Slack, Notion, Asana and similar collaboration tools; HubSpot, Pipedrive and similar CRM platforms; international hosting providers; and analytics/advertising platforms operated by Google, Meta and LinkedIn.

For transfers leaving Türkiye, we comply with KVKK Art. 9 (as amended on 12 March 2024), relying on (i) adequacy decisions issued by the Turkish Personal Data Protection Authority, (ii) appropriate safeguards (such as Authority-approved standard contractual clauses, binding corporate rules or undertakings) or (iii) the limited derogations set out in Art. 9(6) (including explicit consent and contractual necessity).

For transfers leaving the EEA or the UK, we rely on (i) adequacy decisions of the European Commission / UK Government, (ii) the European Commission's / UK ICO's Standard Contractual Clauses (with supplementary measures where necessary), or (iii) the derogations under GDPR Art. 49 / UK GDPR Art. 49. You may request a copy of the relevant safeguards by contacting us at [email protected].

8. Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, plus any retention periods required by law. We then delete, destroy or anonymise the data in accordance with our internal Personal Data Retention and Destruction Policy.

Data category Retention period Legal basis / driver
Client and contract data 10 years from termination of the contract Turkish Commercial Code Art. 82, Code of Obligations
Invoicing and accounting records 5 years following the relevant tax year Tax Procedure Law Art. 253
Website server logs 2 years Law No. 5651
Contact form / enquiry records 3 years from resolution of the request Legitimate interests; statute of limitations
Marketing / consent records Until withdrawal of consent; thereafter 3 years for evidentiary purposes ETK; Regulation on Commercial Communications
Cookie and online behavioural data As specified in our Cookie Policy Consent / legitimate interests
Job applications (during recruitment) Up to 1 year from the application date Consent; legitimate interests

9. Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, damage or disclosure, in accordance with KVKK Art. 12 and GDPR Art. 32.

9.1. Technical Measures

  • SSL/TLS encryption of data in transit;
  • Role-based access controls and least-privilege principles;
  • Strong password policies and multi-factor authentication;
  • Up-to-date firewalls, anti-malware solutions and intrusion detection/prevention systems;
  • Regular backups, business continuity and disaster recovery procedures;
  • Logging and monitoring of access to systems containing personal data.

9.2. Organisational Measures

  • Confidentiality and data protection clauses in employee and supplier contracts;
  • Personal data inventory and regular review of processing activities;
  • Privacy and security awareness training for staff;
  • Documented data breach response procedure and notification process;
  • Internal retention and destruction procedures with periodic destruction cycles.

10. Children

Our Website and services target business and professional audiences and are not directed at children under 18. We do not knowingly collect personal data from children. If you become aware that personal data of a child has been provided to us, please contact us at [email protected] and we will delete it promptly.

11. Cookies

We use cookies and similar technologies to operate the Website, analyse its use and—with your consent—provide marketing-related functionality. Detailed information is provided in our Cookie Policy.

12. Marketing Communications

Where we send you marketing communications, we do so only with your prior consent (or, where permitted by applicable law, on a soft opt-in basis for similar B2B services). For Türkiye, marketing e-mails and SMS are managed through the official Message Management System (İYS) in accordance with ETK and the Regulation on Commercial Communications.

Every marketing message we send includes a free, simple opt-out mechanism. You may unsubscribe at any time using the link in the message, by contacting us at [email protected], or—for Turkish recipients—through the İYS portal. Opt-out requests are processed within the timeframes prescribed by applicable law.

13. Third-Party Links and Social Media

The Website may contain links to third-party websites and embeds from social media platforms (e.g. LinkedIn, Instagram, Facebook). These third-party sites and platforms are governed by their own privacy policies; we are not responsible for their content or practices. We encourage you to review their privacy policies before interacting with them.

14. Your Rights

Subject to the law applicable to you, you have the following rights:

  • Right to be informed about and access your personal data;
  • Right to rectification of inaccurate or incomplete data;
  • Right to erasure ("right to be forgotten") in defined circumstances;
  • Right to restrict or object to processing, including direct marketing;
  • Right to data portability (where applicable under GDPR/UK GDPR);
  • Right to withdraw consent at any time (without affecting prior lawful processing);
  • Right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects;
  • Right to lodge a complaint with the Turkish Personal Data Protection Authority (KVKK Art. 14) or with another competent supervisory authority (e.g. an EEA Data Protection Authority or the UK ICO) where applicable.

15. How to Exercise Your Rights

You can submit requests by:

  • E-mail: [email protected] (sent from an e-mail address registered with us where required under Turkish law);
  • Postal mail: at our registered office address shown above, in writing and signed.

For Turkish residents, requests should be made in line with the Communiqué on Application Procedures to Data Controllers and include name, identification details, contact information and the specific request. We aim to respond within 30 days. Where a request is manifestly unfounded or excessive (in particular because of its repetitive character), we may charge a reasonable fee or refuse to act, in accordance with applicable law.

Note: Exercising your rights is generally free of charge. Fees may apply only where permitted by applicable law (e.g. for manifestly unfounded or excessive requests, or where a tariff is set by the competent authority).

16. Updates to This Policy

We may update this Privacy Policy to reflect changes in law, regulatory guidance, our services or technology. The current version is always available on this page. Where changes are material, we will provide additional notice or, where required, seek your renewed consent.

17. Contact

Benjis E-Ticaret Danışmanlık Ltd. Şti.
Address: Evliya Çelebi Mah. Sadi Konuralp Cad. No: 5/2, 34430 Beyoğlu / İstanbul, Türkiye
E-mail: [email protected]
Web: www.benjisdigital.com