Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) is entered into between Fios Yazılım Sanayi Ticaret Anonim Şirketi (“Data Processor”) and the natural or legal person using the Bildirt platform (“Data Controller”) in accordance with the Turkish Personal Data Protection Law No. 6698 (“KVKK”) and the General Data Protection Regulation (“GDPR”).

1. Parties

Data Processor:
Fios Yazılım Sanayi Ticaret Anonim Şirketi
Nevşehir Tax Office – Tax ID: 3881663882
Address: Kapadokya Teknopark, 2000 Evler Mah. CZ07, Merkez / Nevşehir, Turkey
Email: [email protected]

Data Controller:
The customer receiving services via the Bildirt platform.

2. Subject of the Agreement

This DPA regulates the rights and obligations of the parties regarding the processing of personal data belonging to the Data Controller through the Bildirt platform.

3. Personal Data Processed

  • Website visitor data
  • Cookie preferences and consent records
  • IP address, device, and browser information
  • Technical identifiers related to push notification delivery

Push notification tokens are technical identifiers that do not enable direct identification of an individual on their own.

4. Purposes of Data Processing

  • Providing push notification services
  • Managing cookies and storing consent records
  • Ensuring service security and maintaining technical operations

5. Data Processing Duration

Personal data is processed in accordance with the instructions of the Data Controller and for the duration of the service.
Upon termination of the service, data is deleted, destroyed, or anonymized.

6. Obligations of the Data Processor

  • To process personal data only in accordance with the instructions of the Data Controller
  • To implement appropriate technical and administrative measures to ensure data security
  • To take necessary measures against unauthorized access and data breaches
  • To use sub-processors only to the extent necessary for service delivery

7. Sub-processors

The Data Processor may engage sub-processors for hosting, infrastructure, and technical services.
Sub-processors are selected in compliance with KVKK and GDPR requirements.

Servers may be located in Turkey and/or within the European Union.

8. Personal Data Breach

In the event of a personal data breach, the Data Processor shall notify the Data Controller within a reasonable time and take necessary technical and administrative measures.

9. Data Subject Rights

The Data Processor shall provide reasonable assistance to the Data Controller in fulfilling data subject requests.

10. Right to Audit

The Data Controller may request information regarding data processing activities under this DPA, provided that reasonable prior notice is given.

11. Term of the Agreement

This DPA remains in effect for the duration of the Service Agreement and terminates automatically upon termination of the Service Agreement.

12. Governing Law

This DPA shall be governed by the laws of the Republic of Turkey.
Nevşehir Courts and Enforcement Offices shall have jurisdiction in case of disputes.

13. Effectiveness

By using the Bildirt platform, the Data Controller is deemed to have accepted this Data Processing Agreement.

Last updated: 03.02.2026