GDPR Compliance

General Data Protection Regulation Compliance

Our Commitment to GDPR

VIOP is committed to protecting the personal data of individuals in the European Union in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller

VIOP Teknoloji A.S. acts as the Data Controller for personal data collected through our services.

  • Address: Istanbul, Turkey
  • Email: gdpr@viop.io
  • Data Protection Officer: dpo@viop.io

2. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Consent: Where you have given explicit consent
  • Contract: Where processing is necessary for the performance of a contract
  • Legal Obligation: Where we are legally required to process data
  • Legitimate Interests: Where we have a legitimate business interest

3. Your Rights Under GDPR

As an EU data subject, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of processing
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Decision-Making: Not be subject to solely automated decisions

4. Data Processing Activities

We maintain a record of processing activities as required by Article 30 of the GDPR. This includes:

  • Categories of data subjects and personal data
  • Purposes of processing
  • Categories of recipients
  • Transfers to third countries
  • Retention periods
  • Security measures

5. International Data Transfers

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Binding Corporate Rules where applicable

6. Data Protection by Design

We implement data protection by design and by default in all our products and services. This includes:

  • Data minimization
  • Purpose limitation
  • Storage limitation
  • Integrity and confidentiality

7. Security Measures

We implement appropriate technical and organizational measures including:

  • Encryption of personal data
  • Access controls and authentication
  • Regular security testing
  • Incident response procedures
  • Employee training

8. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay where required.

9. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing operations likely to result in high risk to individuals.

10. Supervisory Authority

You have the right to lodge a complaint with your local Data Protection Authority. Our lead supervisory authority is the Turkish Personal Data Protection Authority (KVKK).

11. Contact Us

For any GDPR-related inquiries or to exercise your rights, please contact:

  • Data Protection Officer: dpo@viop.io
  • General inquiries: gdpr@viop.io