Legal & Compliance

GDPR Compliance

How Platinum Technologies collects, processes, stores, and protects personal data in accordance with EU General Data Protection Regulation 2016/679.

GDPR Compliance Statement

Platinum Technologies is committed to protecting the privacy and personal data of every individual we interact with. This document explains, in plain language, how we comply with the European Union General Data Protection Regulation (Regulation 2016/679) when collecting, processing, and storing personal information.

We treat personal data as a responsibility, not an asset. Anything we collect serves a clear, lawful purpose — and you can request access, correction, or deletion at any time.

1. Who we are

Platinum Technologies A.Ş. ("Platinum", "we", "us") is the data controller for personal information processed through our website, products, and services. You can reach our Data Protection Officer at dpo@platinum.tech for any question covered by this document.

Contact details

  • Company: Platinum Technologies A.Ş.
  • Address: Organize Sanayi Bölgesi, 8. Sokak No: 12, 42050 Selçuklu / Konya, Türkiye
  • Email: dpo@platinum.tech
  • Phone: +90 850 222 12 34

2. What data we collect

We collect only the data needed to deliver the service you request. The categories below cover everything we process — we do not sell, trade, or share personal data with third parties for marketing purposes.

Category Examples Purpose
Identity Name, company, role Identify the person making a request
Contact Email, phone, address Communicate about quotes, support, deliveries
Transactional Order history, invoices, machine serial numbers Fulfil contracts, provide warranty service
Technical IP address, browser type, cookies Operate and secure the website
Marketing Newsletter preferences, opt-in records Send updates only when you've explicitly subscribed

3. Lawful basis for processing

Under Article 6 of the GDPR, we rely on the following bases when processing personal data:

  1. Contract — to deliver products, services, and warranty obligations you've agreed to.
  2. Consent — for newsletters, marketing communications, and optional analytics cookies.
  3. Legitimate interest — to secure our website, prevent fraud, and improve our products in a way that does not override your rights.
  4. Legal obligation — to comply with tax, accounting, and regulatory recordkeeping requirements.

4. Your rights

The GDPR gives you eight specific rights regarding your personal data. You can exercise any of them by contacting dpo@platinum.tech. We respond within 30 calendar days as required by Article 12.

The eight rights

  • Right to be informed — what we collect and why (this document).
  • Right of access — request a copy of the data we hold about you.
  • Right to rectification — ask us to correct inaccurate data.
  • Right to erasure — ask us to delete data when there's no compelling reason to keep it.
  • Right to restrict processing — pause our use of your data while a request is investigated.
  • Right to data portability — receive your data in a machine-readable format.
  • Right to object — opt out of processing based on legitimate interest or for marketing.
  • Rights related to automated decision-making — request a human review of any automated decision that affects you.

5. Data retention

We keep personal data only as long as needed for the purpose it was collected. After that, data is either deleted or fully anonymized.

Retention windows by category

  • Sales enquiries: 24 months from last contact
  • Customer accounts: active relationship + 7 years (legal accounting requirement)
  • Service tickets: 5 years for warranty traceability
  • Newsletter subscribers: until unsubscribe + 30 days for confirmation logs
  • Website analytics: 14 months (anonymized after 90 days)

6. International transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer personal data to these providers, we use one of the safeguards approved by the European Commission:

  • Standard Contractual Clauses (SCCs) under Commission Decision 2021/914
  • Adequacy decisions for countries the Commission has confirmed offer equivalent protection
  • Binding Corporate Rules where applicable

You can request a list of the providers we use and the safeguards in place by contacting our DPO.

7. Security

We protect personal data through a combination of organizational and technical measures, including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access control with multi-factor authentication for staff
  • Annual penetration testing by an independent third party
  • ISO 27001-aligned information security management
  • Documented incident-response procedure with 72-hour breach notification to authorities

8. Cookies and tracking

For details on which cookies we use and how to manage them, please see our Cookie Policy. In short: essential cookies are always active; analytics and marketing cookies require your explicit consent and can be revoked at any time from the cookie banner.

9. Complaints

If you believe we've handled your personal data incorrectly, please contact our DPO first — we'd like the chance to fix things directly. You also have the right to lodge a complaint with your local supervisory authority. In Türkiye, this is the KVKK; in the EU, it's the data protection authority of your country of residence.

10. Changes to this policy

We may update this document occasionally. The version number and "last updated" date in the sidebar always reflect the current revision. Material changes are announced by email to active customers at least 30 days before they take effect.

This document is published in English. Translations are provided for convenience; in case of discrepancy, the English version prevails.