KVKK/GDPR Compliance Notes

Information about DZDESK compliance with data protection regulations.

Overview

DZDESK is designed to help organizations comply with:

KVKK: Kişisel Verilerin Korunması Kanunu (Turkey)
GDPR: General Data Protection Regulation (EU)

Data Controller vs Processor

Your Organization

As a DZDESK customer, you are typically the Data Controller:

Determines purposes of processing
Decides what data to collect
Responsible for legal basis

DZDESK

DZDESK acts as Data Processor:

Processes data on your behalf
Follows your instructions
Implements security measures

Personal Data in DZDESK

What Personal Data

Data Type	Examples
User data	Name, email, role
Request data	Descriptions, comments
Activity data	Actions, timestamps
Technical data	IP addresses, devices

Data Subjects

People whose data may be processed:

Your employees (users)
Request submitters
Mentioned individuals

KVKK Compliance

Key KVKK Principles

Principle	DZDESK Implementation
Lawfulness	Process based on your legal basis
Purpose limitation	Data used only for support
Data minimization	Collect only necessary data
Accuracy	Users can update their data
Storage limitation	Configurable retention
Security	Encryption, access controls

KVKK Rights Support

DZDESK helps you fulfill data subject rights:

Right	How to Fulfill
Access	Export user data
Correction	Edit user profiles
Deletion	Deactivate/delete users
Objection	Disable processing

Data Transfer

For KVKK compliance:

Data can be stored in Turkey (coming soon)
Currently in EU regions
Appropriate safeguards in place

Principle	DZDESK Implementation
Lawfulness	Process on valid legal basis
Transparency	Clear data usage
Purpose limitation	Defined purposes
Data minimization	Necessary data only
Accuracy	Update mechanisms
Storage limitation	Retention policies
Security	Technical measures
Accountability	Audit trails

Right	Implementation
Information	Privacy notices
Access	Data export
Rectification	Edit capabilities
Erasure	Deletion options
Restriction	Processing limits
Portability	Export formats
Objection	Opt-out mechanisms

Data Processing Agreement

DPA Available

DZDESK provides:

Standard DPA
KVKK-specific terms
GDPR-compliant clauses

DPA Contents

Includes:

Processing instructions
Security measures
Sub-processor list
Breach notification
Audit rights

Security Measures

Technical Measures

Encryption at rest and in transit
Access controls
Audit logging
Regular security testing

Organizational Measures

Employee training
Access policies
Incident response
Regular reviews

Data Retention

Default Retention

Data Type	Retention
Active data	While account active
Closed requests	Configurable
Audit logs	2 years
Backups	30 days

Customization

You can configure:

Retention periods
Auto-deletion rules
Archive policies

Breach Notification

Our Commitment

If a breach occurs:

Notification within 72 hours
Details of breach provided
Remediation actions
Support for your notifications

Your Responsibility

You are responsible for:

Notifying data subjects
Notifying authorities
Documenting incidents

Sub-Processors

Current Sub-Processors

Provider	Purpose	Location
Microsoft Azure	Hosting	EU/Turkey
Cloudflare	CDN, Security	Global

Changes Notification

Advance notice of changes
Objection rights
Documentation provided

Your Responsibilities

As Data Controller

Determine legal basis for processing
Provide privacy notices
Handle data subject requests
Report breaches to authorities
Maintain records of processing

Configuration Recommendations

Enable minimum necessary features
Configure appropriate retention
Limit data collection
Train your users

Documentation

Available Documents

Data Processing Agreement
Security documentation
Sub-processor list
Compliance certificates

How to Obtain

Contact:

Your account manager
compliance@dzdesk.com
Legal team

Encryption - Security measures
Data Residency - Storage locations
Audit Trails - Logging
Backups & Retention - Data retention

Overview​

Data Controller vs Processor​

Your Organization​

DZDESK​

Personal Data in DZDESK​

What Personal Data​

Data Subjects​

KVKK Compliance​

Key KVKK Principles​

KVKK Rights Support​

Data Transfer​

GDPR Compliance​

Key GDPR Principles​

GDPR Rights Support​

Data Processing Agreement​

DPA Available​

DPA Contents​

Security Measures​

Technical Measures​

Organizational Measures​

Data Retention​

Default Retention​

Customization​

Breach Notification​

Our Commitment​

Your Responsibility​

Sub-Processors​

Current Sub-Processors​

Changes Notification​

Your Responsibilities​

As Data Controller​

Configuration Recommendations​

Documentation​

Available Documents​

How to Obtain​

Related Topics​