This Privacy Notice explains how Netmera (“we”, “us”, “our”) collects, uses, stores, and discloses personal data in compliance with the General Data Protection Regulation (“GDPR”).
Netmera is a company established and operating in Türkiye. Although Netmera is not located within the European Union, we process personal data in accordance with the General Data Protection Regulation (“GDPR”) to the extent that our Services are used by Customers or Data Subjects located in the EU.
Accordingly, whenever Netmera processes personal data of individuals who are in the European Union, or where an EU-based Customer uses our Services, we comply with the obligations set out under the GDPR, including transparency requirements, data subject rights, international data transfer mechanisms, and security measures.
Netmera may act in different roles under the GDPR depending on the nature of the processing activity:
Data Processor
For personal data of Customer End Users processed through Netmera’s software development kits (SDKs), APIs, and cloud-based customer engagement and analytics solutions (the “Service”), Netmera acts as a data processor.
In these cases, the Customer determines the purposes and means of the processing and acts as the data controller.
Data Controller
For personal data collected directly through our corporate website (netmera.com), marketing activities, communications with representatives of business clients and vendors, and applications submitted by job candidates, Netmera acts as the data controller.
This Privacy Notice provides information regarding:
Netmera is committed to ensuring that personal data is processed lawfully, fairly, transparently, and in accordance with all applicable data protection laws and regulations.
If you have any questions, comments, complaints, or requests relating to this Privacy Notice or wish to exercise your rights under the GDPR, you may contact Netmera’s Data Protection Officer using the details below:
NETMERA ARGE VE BİLİŞİM HİZMETLERİ ANONİM ŞİRKETİ
BUDOTEK, Dudullu OSB Mah. DES 2. Caddesi No: 8 D:8
34776 Ümraniye, İstanbul, Türkiye
Website: www.netmera.com
Email: privacy@netmera.com
Phone: +90 850 757 83 21
Data Subjects may submit requests to exercise their GDPR rights by contacting us through the channels listed above. If preferred, you may also use the application form provided at the following link:
https://netmera.com/wp-content/uploads/2025/12/DATA_SUBJECT_RIGHTS_REQUEST_FORM.docx.pdf
We collect personal data through different channels depending on how you interact with us and how you use our Services. Personal data may be collected:
Directly from you
When you contact us via our website, submit a form, request information, subscribe to marketing communications, communicate with our sales or support teams, or apply for a job.
Automatically through your use of our website and digital platforms
This includes data collected through cookies and similar technologies, log files, analytics tools, and your device or browser when you visit our website or interact with our online materials. Further details are provided in our Cookie Policy.
Through our Services as a Data Processor
When Customers use Netmera’s SDKs, APIs, or cloud-based engagement and analytics tools, we process Customer End User data on behalf of the Customer. In such cases, the Customer is the data controller, and Netmera acts strictly under the Customer’s instructions.
From business partners or third parties
Where permitted by law, we may receive personal data from service providers, business partners, or publicly available sources to support our business operations and customer relationships.
The categories of personal data we collect depend on how you interact with Netmera and how our Services are used. Netmera may process the following categories of personal data:
Contact information: name, email address, phone number (when voluntarily provided).
Technical and usage data: IP address, browser type, device information, log data, and cookie-related data.
Communication data: information you provide when contacting us through forms or support channels.
Business contact information: name, surname, job title, email address, telephone number.
Account and billing information: company name, invoicing details, and communication records related to our business relationship.
Application information: CV/resume data, contact information, employment history, and other information voluntarily submitted during the recruitment process.
When Customers integrate Netmera SDKs or APIs into their applications or websites, Netmera processes the following categories of data on behalf of the Customer:
Device identifiers: device ID, push notification token, mobile advertising ID (IDFA, GAID).
Technical data: IP address, operating system, device type, browser information, network information.
Engagement and analytics data: user events, session data, actions taken within the Customer’s app or website, preferences, and interaction history.
Communication data: details related to push notifications and in-app messaging (timestamps, delivery status, etc.).
Netmera processes these data categories strictly under the instructions of the Customer, who acts as the data controller.
Netmera does not intentionally collect or process the following categories of personal data in relation to Website visitors, Customer representatives, or Customer End Users:
Netmera may process certain categories of personal data listed above only for internal human resources, employment, occupational health and safety, and legal compliance purposes, in accordance with applicable employment laws and GDPR requirements. Such processing is governed by a separate Employee Privacy Notice, which is provided directly to employees and job applicants and is not part of this Customer-facing Privacy Notice.
This clarification ensures that Netmera does not process the above categories of data within the scope of its Services or website operations, unless required for internal employment-related purposes.
The purposes for which we process personal data depend on whether Netmera acts as a data controller or a data processor.
We process personal data for the following purposes and on the corresponding legal bases:
Purposes:
Legal Basis:
Purposes:
Legal Basis:
Purposes:
Legal Basis:
Purposes:
Legal Basis:
Purposes:
Legal Basis:
Purposes:
Legal Basis:
Netmera processes Customer End User data solely on behalf of the Customer, for purposes determined by the Customer, which may include:
Legal Basis:
Determined by the Customer (the data controller).
Netmera processes such data only under the Customer’s documented instructions, in accordance with Art. 28 GDPR.
The recipients of personal data depend on whether Netmera acts as a data controller or a data processor. Personal data is shared only where necessary, proportionate, and lawful under the GDPR.
When we process personal data for our own business purposes (e.g., website operations, marketing, customer relationships), we may share personal data with:
We use trusted third-party providers to support our operations, such as:
These parties process personal data only under our instructions and are bound by GDPR-compliant data processing agreements.
Where relevant, personal data may be shared with:
This occurs solely to deliver or support Netmera’s products and services.
Such as:
Only where necessary to protect our legitimate interests or comply with legal obligations.
We may share personal data with courts, regulators, or government authorities only where legally required (Art. 6(1)(c)).
When Customers use Netmera’s Services and integrate our SDKs or APIs, Netmera may transfer Customer End User data:
These include:
A current list of Netmera’s Sub-processors is maintained and made available to Customers upon request.
Netmera enters into GDPR-compliant sub-processor agreements in accordance with Article 28(4) GDPR.
If Customer End User data is transferred outside the European Economic Area (EEA), Netmera ensures that appropriate safeguards are in place, such as:
Netmera also conducts Transfer Impact Assessments where required.
We do not sell personal data.
We do not share personal data with:
Netmera does not transfer special categories of personal data unless expressly provided by the data subject and required under a lawful basis.
Personal data is retained only for as long as necessary to fulfill the purpose for which it was collected or as required by applicable law.
After the retention period expires, personal data is securely deleted, anonymized, or destroyed.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with applicable legal, contractual, or regulatory requirements. Retention periods may vary depending on whether Netmera is acting as a data controller or a data processor.
We retain personal data for the following periods unless a longer retention period is required by law:
Customer End User data is retained only for the period defined in the contract with the Customer.
Upon termination of the Customer’s subscription or upon instruction from the Customer, Netmera will:
in accordance with Article 28 GDPR.
Netmera does not retain Customer End User data beyond the Customer-defined retention period.
Once the applicable retention period expires, personal data is irreversibly:
using secure industry-standard methods.
Netmera processes personal data in accordance with the core principles set out in Article 5 of the GDPR. We adhere to the following principles in all of our data processing activities:
Lawfulness, fairness and transparency:
Personal data is processed lawfully and fairly, and individuals are informed about how their data is used.
Purpose limitation:
Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Data minimisation:
Only the personal data that is necessary for the relevant purposes is collected and processed.
Accuracy:
Personal data is kept accurate and, where necessary, updated. We take reasonable steps to ensure that inaccurate data is corrected or deleted without delay.
Storage limitation:
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law.
Integrity and confidentiality:
Appropriate technical and organizational measures are implemented to ensure the security of personal data, including protection against unauthorized access, loss, destruction, or damage.
Accountability:
Netmera is responsible for complying with these principles and is able to demonstrate such compliance.
Netmera uses cookies and similar technologies (such as JavaScript tags, pixels, and local storage) to operate and improve our website, analyze usage patterns, and enhance user experience.
Cookies we use may include:
Certain cookies are essential for the functionality and security of the website. Other cookies—such as analytics or marketing cookies—are used only with your consent, in accordance with GDPR requirements.
You can manage or disable non-essential cookies at any time through your browser settings or through the cookie preference tool displayed on our website.
For more information about the types of cookies we use, their purposes, and how you can manage your cookie preferences, please refer to our full Cookie Policy available at:
https://netmera.com/cookie-policy-eu.
When you use Netmera’s digital platforms—including our website, dashboards, and online tools—we may process personal data to:
Personal data processed through our digital platforms is used only for purposes necessary to deliver, improve, or support the services you choose to use, and is handled in accordance with this Privacy Notice and applicable data protection laws.
Netmera implements appropriate technical and organizational measures to protect personal data against unauthorized access, accidental loss, destruction, or alteration, in accordance with Article 32 of the GDPR. Our security measures include:
Use of secure infrastructure:
We employ industry-standard security technologies, including firewalls, encryption, intrusion detection and prevention systems, and continuous monitoring tools.
Access control:
Access to personal data is restricted on a strict need-to-know basis and is granted only to authorized personnel who require such access to perform their job responsibilities.
Data minimization and retention controls:
Personal data is stored only for as long as necessary and is securely deleted or anonymized once no longer required.
Secure development and operational practices:
We maintain policies, procedures, and frameworks to ensure secure development, deployment, and operation of our systems and services.
Third-party security obligations:
When we engage third-party service providers, we require them to implement GDPR-compliant security measures and enter into appropriate data processing agreements.
Employee training and awareness:
Netmera regularly trains employees on privacy, security, and data protection responsibilities to ensure effective compliance with applicable laws.
Netmera continually reviews, evaluates, and enhances its security practices to ensure an appropriate level of protection corresponding to the risks associated with personal data processing.
Under the GDPR, you are entitled to exercise the following rights regarding your personal data.
Further information about these rights is available at the official website of the European Commission:
https://commission.europa.eu/law/law-topic/data-protection/reform/rights-citizens_en
You have the following rights:
Right to withdraw consent (Art. 7 GDPR):
You may withdraw your consent at any time where we rely on your consent for processing.
Right of access (Art. 15 GDPR):
You have the right to obtain confirmation as to whether we process your personal data and to request a copy of such data.
Right to rectification (Art. 16 GDPR):
You may request the correction of inaccurate or incomplete personal data.
Right to erasure (“right to be forgotten”) (Art. 17 GDPR):
You may request the deletion of your personal data under certain circumstances.
Right to restriction of processing (Art. 18 GDPR):
You may request that we limit the processing of your personal data in specific cases.
Right to data portability (Art. 20 GDPR):
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
Right to object (Art. 21 GDPR):
You may object to the processing of your personal data based on our legitimate interests, including profiling and direct marketing activities.
Limitations to These Rights
These rights are not absolute and may be subject to limitations under the GDPR or applicable national laws. For example, we may decline a request if:
We will inform you of any applicable exemptions when responding to your request.
How to Exercise Your Rights
You may exercise your rights by contacting us using the contact details provided in Section 2 of this Privacy Notice.
To help us respond efficiently, please specify which right you wish to exercise. For security and verification purposes, we may request certain information to confirm your identity. We will only request the minimum information necessary.
If we request identification documents, you may redact irrelevant data (e.g., only name and address may remain visible).
Legal Basis for Processing Your Request
We process personal data provided in connection with your rights request on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in verifying your identity and responding to your request.
Right to Lodge a Complaint
If you believe that we have processed your personal data in violation of the GDPR, you have the right to lodge a complaint with a competent supervisory authority (Art. 77 GDPR).
A list of EU supervisory authorities is available at:
https://edpb.europa.eu/about-edpb/about-edpb/members_en
We may update this Privacy Notice from time to time in order to reflect changes in our data processing practices, legal requirements, or developments in our Services.
If we make any material changes, we will notify Data Subjects through appropriate means, such as:
All updates will take effect once the revised Privacy Notice is published, unless otherwise stated. We encourage you to review this Privacy Notice periodically to stay informed about how we protect your personal data.
Subscribe to our newsletter
© 2024 — Netmera. All Rights Reserved. | Privacy Policy | Cookie Policy (EU) | GDPR | KVKK
