UzayTech

Data Protection

Privacy Notice & Data Protection

At Uzay Tech we process the personal data of visitors, customers, and partners within a KVKK- and GDPR-aligned framework. This notice sets out clearly and comprehensively what data we process, why, and how.

This notice has been prepared in line with Türkiye's Personal Data Protection Law (KVKK, Law No. 6698) and the European Union's General Data Protection Regulation (GDPR, EU 2016/679). Uzay Tech A.Ş. (Türkiye) and Uzay Tech GmbH (Germany) are data controllers processing user data in a legitimate, limited, and transparent manner.

Data Controller

The data controller for processing activities in Türkiye is Uzay Tech A.Ş. (Konak Mah. Barış(120) Sk. Ofis Artı Blok No: 3 İç Kapı No: 10 Nilüfer/Bursa). The controller for processing in Germany and the wider DACH region is Uzay Tech GmbH (Ulrich-von-Hassell-Straße 6, 40789 Monheim am Rhein). For any KVKK or GDPR-related request, contact info@uzay.tech.

Personal Data We Process

Uzay Tech collects only the data directly relevant to the purpose of the interaction. The categories below summarise the typical data types we may process across our activities.

Identity & Contact
Full name, email, phone, company information, job title (forms and career applications).
Job Application
CV content, education and experience information, certifications (careers module).
Technical Log Data
IP address, browser, language preference, visit duration (server logs, service continuity).
Cookie-Based
Session cookies and language-preference cookie. No analytics or marketing cookies.

Processing Purposes and Legal Bases

  • Responding to requests submitted via the contact form (KVKK Art. 5/2-c, GDPR Art. 6(1)(b) pre-contractual steps).
  • Evaluating job applications and managing candidate processes (GDPR Art. 6(1)(b) and Art. 6(1)(a) explicit consent).
  • Fulfilment of legal obligations (KVKK Art. 5/2-ç, GDPR Art. 6(1)(c)).
  • Information security and cyber-threat prevention (legitimate interest — GDPR Art. 6(1)(f)).
  • Website service continuity and technical maintenance (legitimate interest — GDPR Art. 6(1)(f)).

Data Transfers

Your personal data are shared only to the extent required by the processing purpose and only with parties bound by a duty of confidentiality. Typical transfer scenarios:

  • Internal data sharing between Türkiye and Germany affiliates in the context of collaboration (under appropriate safeguards).
  • Limited and necessary data sharing within EU-funded project consortia (EFFEREST, PROMISE, MOTIONS, etc.).
  • Server and hosting services (within the EU or in countries covered by GDPR adequacy decisions).
  • Sharing with competent public authorities where required by law.

Retention

We retain personal data only for as long as the processing purpose requires. Requests submitted via the contact form are archived for at most 12 months after closure. Job application data are retained for at most 24 months from the application decision date. Where legal obligations (e.g. tax law) prescribe different retention periods, those prevail.

Your Rights as a Data Subject

Under Article 11 of KVKK and Chapter III of the GDPR you have the rights set out below. You may exercise these rights at any time by writing to info@uzay.tech; we will respond within 30 days at the latest.

  • Learn whether your personal data are being processed
  • Request information on processed data and processing purposes
  • Request correction of incomplete or inaccurate data
  • Request erasure or destruction where legal conditions are met
  • Request restriction of processing
  • Data portability right (structured-format export)
  • Right to object (to processing on legitimate-interest grounds)
  • Object to automated decision-making
  • Right to lodge a complaint with the supervisory authority (Türkiye: KVKK Authority; Germany: BfDI / LDI NRW)

Cookies

Our website uses only functional cookies (language preference, session continuity). We do not place analytics or marketing cookies. You can disable cookies in your browser settings; in that case your language preference will not be remembered across sessions.

Security Measures

We apply industry-standard technical and organisational measures to protect personal data. TLS encryption, role-based access control, periodic security reviews, employee awareness training, and penetration testing are part of our routine operations. In the event of a data breach, we notify the relevant authorities within 72 hours and inform affected data subjects directly.

Updates to This Notice

This Notice may be updated to reflect changes in our activities or in applicable law. Significant changes will be announced prominently on the website. The 'Last Updated' date at the top of this page always indicates the current version.