Data Collection and Processing

As Theorova Academy, we collect various personal data to provide you with better services. This data includes your name, surname, email address, phone number, and information related to your educational background.

Types of Data We Collect

• Identity information: Name, surname, date of birth
• Contact information: Email, phone, address
• Education information: Educational status, professional experience
• Technical data: IP address, cookie data, device information
• Usage data: Platform usage habits, course completion rates

We collect this information through our website, mobile application, registration forms, and customer service channels. Additionally, your performance and progress data during the training process is systematically recorded.

Purposes of Data Use

We only use your personal data for legitimate and specific purposes. These purposes include the provision of training services, account management, customer support services, and the fulfillment of our legal obligations.

Main Areas of Use

• Providing access to the training platform and account management
• Offering a personalized learning experience
• Tracking progress and issuing certificates
• Technical support and customer services
• Sending important updates and notifications
• Ensuring platform security and preventing fraud

Data Security and Protection

We take industry-standard technical and administrative measures to ensure the security of your personal data. These measures include encryption, secure server infrastructure, access control, and regular security audits.

All data is protected with SSL/TLS encryption and can only be accessed by authorized personnel to the extent required by their duties. Our databases are regularly backed up, and disaster recovery plans are in place.

Security Measures

• Data transmission with 256-bit SSL encryption
• Multi-factor authentication systems
• Regular vulnerability scans
• Staff security training and access control
• 24/7 system monitoring and anomaly detection

Your Rights and Objection Mechanisms

Under KVKK, you have various rights regarding your personal data. You can contact us to exercise these rights and submit your request in writing.

Your Fundamental Rights

• Learn whether your personal data is processed
• Request information regarding processed data
• Learn the purpose of processing and whether it is used appropriately
• Know the third parties to whom data is transferred domestically or abroad
• Request correction of incomplete or inaccurate data
• Request deletion or destruction of data under certain conditions
• Request notification of correction, deletion, or destruction to third parties
• Object to adverse results through analysis by automated systems

Cookie Policy and Tracking Technologies

We use cookies on our website to improve user experience and analyze site performance. Thanks to these cookies, we can remember your preferences and offer you a more personalized experience.

Mandatory cookies are necessary for site functionality and cannot be disabled, while analytical and marketing cookies require your consent. You can change your cookie preferences at any time.

Types of Cookies

• Mandatory cookies: Necessary for site functionality
• Performance cookies: Analyzing site usage
• Functional cookies: Remembering preferences
• Targeting cookies: Delivering personalized content

Data Retention Periods

We retain your personal data only for as long as required by the purpose of processing. These periods may vary depending on the type of data, our legal obligations, and our legitimate interests.

Active user accounts are stored indefinitely, while inactive accounts are deleted after 3 years. Accounting records are kept for 10 years, and log records for 2 years. Communication history and support requests are stored for 5 years.

International Data Transfers

To improve our service quality, we may share your data with our reliable business partners abroad in certain cases. These transfers are carried out in accordance with KVKK and GDPR rules, with countries providing adequate protection or with appropriate security measures.

Data protection agreements are signed for all international transfers, and regular audits are conducted. Legal mechanisms such as EU Standard Contractual Clauses or Binding Corporate Rules are applied.

Transfer Safeguards

• Countries with adequacy decisions are prioritized
• Agreements with standard data protection clauses
• Regular security and compliance audits
• Implementation of the data minimization principle

Children's Privacy

We take special measures to protect the privacy of our users under the age of 18. Parental consent is required for students in this age group, and additional protection mechanisms are applied.

Children's data is retained for shorter periods and used only for educational purposes. Marketing activities are not carried out for this age group, and special category data is not collected.

Policy Updates

We reserve the right to update this privacy policy in line with legal changes, service improvements, or technological developments. You will be informed before significant changes.

Updates will be published on our website and sent via email. The effective date of changes will be clearly stated, and detailed information about the transition process will be provided.