GDPR & KVKK Compliance

Mediadoor™ acts as the data controller for the personal data collected through this website, meaning we decide why and how your data is processed. You can reach our team using the contact details at the bottom of this page for any data-related request.

We process all personal data in line with the core principles of the GDPR:

• Lawfulness, fairness and transparency.
• Purpose limitation — collected for specified, explicit purposes only.
• Data minimisation — only what is adequate and necessary.
• Accuracy — kept correct and up to date.
• Storage limitation — kept no longer than needed.
• Integrity and confidentiality — protected with appropriate security.

Every processing activity rests on a lawful basis: your consent, the performance of a contract, our legitimate interests, or compliance with a legal obligation. Where we rely on consent, you are free to withdraw it at any time.

As a data subject you have the following rights, which we honour free of charge:

• The right to be informed about how your data is used.
• The right of access to the data we hold about you.
• The right to rectification of inaccurate data.
• The right to erasure (the "right to be forgotten").
• The right to restrict processing.
• The right to data portability.
• The right to object to processing.
• Rights relating to automated decision-making and profiling.

For visitors and clients in Türkiye, we also comply with Law No. 6698 on the Protection of Personal Data (KVKK). The principles and rights it grants closely mirror the GDPR, including the right to learn whether your data is processed, to request correction or deletion, and to object to outcomes that work against you.

Where personal data is transferred between countries in which we operate, we apply appropriate safeguards — such as Standard Contractual Clauses or recognised adequacy decisions — to ensure your data remains protected to GDPR standards wherever it travels.

We maintain procedures to detect, investigate and respond to personal data breaches. Where a breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority — and, where required, you — without undue delay.

To exercise any of your rights, contact us using the details below. We will respond within one month, as required by the GDPR. You also have the right to lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office (ICO); in Türkiye, the Personal Data Protection Authority (KVKK Kurumu).