Privacy Notice for the Contact Form
This Privacy Notice explains how Prismind (“Prismind”, “we” or the “Data Controller”) processes personal data submitted through the contact form (the “Form”) on brokerdesk.prismindmedia.com.
It has been prepared in accordance with Article 10 of the Turkish Personal Data Protection Law No. 6698 (“KVKK”) and the relevant communiqué on the fulfilment of the obligation to inform, and aims to satisfy the transparency requirements of Articles 13–14 of the EU General Data Protection Regulation (“GDPR”) for users in the European Economic Area.
1. Identity of the Data Controller
The Data Controller for the personal data processed via the Form is:
- Entity: Prismind
- Contact: brokerdesk@prismindmedia.com
- Website: prismindmedia.com
2. Personal Data We Process
We only process the personal data you voluntarily provide through the Form:
- Identity data: full name.
- Contact data: work email address.
- Professional data: company / organisation name (optional).
- Message data: the content of the message you send and any other information you choose to include.
- Technical / security data: the IP address, timestamp and browser-generated technical metadata captured at the time of submission. This data is used solely for bot detection, abuse prevention and service security.
The Form does not request special-category personal data (health, biometric data, beliefs, trade-union membership, etc.). Please do not include such information in your message.
3. Purposes of Processing
We process the data above strictly for the following purposes:
- Reviewing and responding to the requests, questions or feedback you submit,
- Conducting any information, demo or service-related conversations you initiate,
- Routing your message to the appropriate team and managing follow-up communications,
- Securing our services and detecting bots or abusive submissions,
- Complying with our legal obligations and lawful requests from competent authorities.
Without your explicit consent, we do not use your personal data for marketing, profiling, newsletter distribution or sale to third parties.
4. Lawful Bases for Processing
The lawful bases for our processing activities are:
- Performance of a contract / pre-contractual steps (KVKK Art. 5/2-c · GDPR Art. 6(1)(b)): processing necessary to handle the inquiry, demo or service request you initiated.
- Legal obligation (KVKK Art. 5/2-ç · GDPR Art. 6(1)(c)): record-keeping and compliance with applicable laws.
- Legitimate interests (KVKK Art. 5/2-f · GDPR Art. 6(1)(f)): securing the service, preventing abuse and managing inbound communications efficiently. Where this basis is used, we balance our interests against your rights and freedoms.
- Consent (KVKK Art. 5/1 · GDPR Art. 6(1)(a)): for any processing not covered by the bases above. You may withdraw your consent at any time without affecting the lawfulness of prior processing.
5. Recipients and Transfers
Your personal data may be shared with the following recipients, strictly for the purposes listed above:
| Recipient | Purpose | Location |
|---|---|---|
| Authorised Prismind staff | Reviewing and responding to your inquiry | Türkiye |
| Hosting provider (Netlify) | Website hosting and ephemeral processing of Form submissions | Outside Türkiye (US/EU infrastructure) |
| SMTP / email-delivery provider | Delivering the Form message to our authorised inbox | Outside Türkiye (provider data centre) |
| Competent public authorities | When required by law or a valid legal request | Türkiye |
Cross-border transfers are carried out under KVKK Art. 9 and Chapter V of the GDPR, with appropriate safeguards (such as standard contractual clauses) and, where applicable, your explicit consent.
6. Retention
Personal data submitted via the Form is retained only for as long as necessary to fulfil the purposes set out above and to comply with legal retention requirements. Once the relevant purpose is exhausted or the statutory retention period ends, the data is deleted, destroyed or anonymised in accordance with KVKK Art. 7 and the Regulation on the Erasure, Destruction or Anonymisation of Personal Data.
Indicative retention periods:
- Active correspondence: for the duration required to handle the conversation,
- After closure: for potential claims and statutory limitation periods (generally up to 3 years),
- Security and access logs: up to 6 months.
7. Security Measures
Prismind implements appropriate technical and organisational measures pursuant to KVKK Art. 12 and GDPR Art. 32 to protect your personal data against unlawful processing and unauthorised access. These include end-to-end HTTPS / TLS encryption for Form submissions, role-based access controls on the receiving inbox, rate limiting, bot detection and audit logging.
8. Your Rights
Under KVKK Art. 11 and Articles 15–22 of the GDPR (where applicable), you have the right to:
- Confirm whether your personal data is being processed and obtain a copy,
- Be informed about the purposes of processing and whether the data is used in accordance with those purposes,
- Be informed about the recipients and any cross-border transfers,
- Request the rectification of inaccurate or incomplete data,
- Request the erasure or destruction of your personal data where the legal conditions are met,
- Request that any rectification, erasure or destruction be communicated to recipients,
- Object to a decision based solely on automated processing that produces an adverse legal effect on you,
- Claim compensation for damage suffered as a result of unlawful processing,
- (GDPR) Restrict processing, port your data and lodge a complaint with a supervisory authority.
9. How to Exercise Your Rights
To exercise the rights above, please send a written request — together with documents verifying your identity — to one of the following channels, in line with the “Communiqué on the Procedures and Principles for the Application to the Data Controller”:
- By email: brokerdesk@prismindmedia.com — clearly stating the subject of your request.
- In writing: a signed letter sent to the Data Controller using the contact details above, accompanied by identity documents.
We will respond free of charge within 30 (thirty) days, depending on the nature of the request. Where the request entails additional cost, we may charge a fee in line with the tariff set by the Personal Data Protection Authority.
If your request is denied, our response is unsatisfactory or no response is provided within the statutory period, you may file a complaint with the Personal Data Protection Authority of Türkiye (KVKK) within 30 days of becoming aware of our response and in any event within 60 days of your initial application. EEA users may also lodge a complaint with the supervisory authority of their habitual residence.
10. Changes to This Notice
We may update this Privacy Notice from time to time to reflect changes in law or in our services. The current version, together with its effective date, is always published on this page. We will provide additional notice for material changes affecting your personal data.
This notice covers only personal data collected through the Form. Personal data processed under separate service agreements is governed by the relevant contractual notices.