Legal

Privacy Policy

Last updated:

This notice explains how Agentrof collects and uses personal data through agentrof.com, and the rights you have over that data. It serves as our clarification text (aydınlatma metni) under Türkiye's Personal Data Protection Law (KVKK) and, for visitors in the European Economic Area and the United Kingdom, as our privacy notice under the GDPR. The site is informational: it has no online store, no payments, and no user accounts. The only personal data you actively give us is what you type into our contact form.

Data controller identity and contact

The data controller (veri sorumlusu) responsible for the personal data described here is:

  • Legal name: AGENTROF BİLİŞİM SİSTEMLERİ SANAYİ VE TİCARET LİMİTED ŞİRKETİ
  • Address: Fatih Sultan Mehmet Mah., Balkan Cad. No:62/A, JustWork, Ümraniye, 34770 İstanbul, Türkiye
  • Email: info@agentrof.com
  • Website: agentrof.com
  • MERSİS No: 0009200934700001
  • Trade registry number: 1140769

We have not appointed a dedicated Data Protection Officer. For any question about this notice or your personal data, write to us at info@agentrof.com or by post to the address above.

What personal data we collect

We keep data collection to what the site needs. The categories are:

  • Contact and enquiry details you submit. When you use our contact form, we collect your full name, email address, phone number, company name, your message, and your area of interest. In the IT marketplace flow only, we also record whether you are a buyer or a supplier (your role).
  • Your IP address, for bot protection. To tell real people from automated bots, the form is protected by Cloudflare Turnstile, which processes your IP address at the moment of submission. Turnstile is designed to be privacy-preserving and largely cookieless.
  • Cookieless, aggregate usage measurement. The site uses Cloudflare Web Analytics, which counts overall traffic (page views, referrers, approximate country, and device or browser type) without setting any cookie, fingerprinting your device, or identifying you. It processes request metadata, including your IP address, transiently at the edge to produce aggregate counts, and keeps only those aggregate statistics. Because it is cookieless and does not build profiles, it runs on our legitimate interest, separately from Google Analytics.
  • Pseudonymous usage data, only after you consent. If, and only if, you accept analytics cookies, Google Analytics 4 collects pseudonymous data about your visit: pages viewed, approximate location, and device and browser type. No Google Analytics cookie is set, and no Google Analytics data is collected, before you opt in.

We do not ask for special categories of data (such as health, religion, or biometric data), and you should not include such data in your message.

Purposes of processing and the legal basis for each

We use each category of data for a specific purpose, and each purpose rests on a specific legal basis under the KVKK and, where the GDPR applies, under Article 6 of the GDPR.

PurposeData usedKVKK basisGDPR basis
Answering your enquiry and taking pre-contractual steps you ask forName, email, phone, company, message, area of interest, roleArt. 5/2: necessary for the establishment or performance of a contract (pre-contractual steps at your request), and our legitimate interest in responding to enquiriesArt. 6(1)(b) pre-contractual measures, and/or Art. 6(1)(f) legitimate interest
Protecting the form and site from bots and abuseIP address via Cloudflare TurnstileLegitimate interest in the security of our systemsArt. 6(1)(f) legitimate interest (security)
Measuring overall site traffic in aggregate, to understand, improve and secure the siteAggregate, cookieless web analytics (Cloudflare Web Analytics)Legitimate interest in understanding, improving and securing the siteArt. 6(1)(f) legitimate interest
Understanding how the site is used, to improve itPseudonymous analytics data (GA4)Explicit consent (açık rıza)Art. 6(1)(a) consent, with ePrivacy Art. 5(3)
Sending you optional marketing communications, if you separately ask for themName, emailExplicit consent (açık rıza)Art. 6(1)(a) consent

How we collect personal data

  • Directly from you, when you fill in and submit the contact form.
  • Automatically, for security, when Cloudflare Turnstile checks your submission and processes your IP address.
  • Automatically and cookielessly, when Cloudflare Web Analytics counts your visit in aggregate at the edge, without any cookie or device identifier.
  • Through cookies and similar technologies, including strictly necessary first-party cookies that remember your language and your cookie choice, and, only after you opt in, Google Analytics cookies. See our Cookie Policy for the full list.

Who receives your data

We do not sell your personal data. We share it only with the service providers (processors) that run parts of our site on our behalf, and only for the purposes above. Each acts on our instructions under a contract.

  • Cloudflare, Inc. (United States): website hosting and content delivery, the Turnstile bot-protection check, and privacy-preserving web analytics.
  • Airtable, Inc. (United States): stores the lead and contact records submitted through the form.
  • Google (Google LLC) (United States): provides Google Analytics 4, used only after you consent.

We may also disclose data where the law requires it, for example to a competent public authority acting within its powers.

International data transfers

The providers above are based in the United States, so using the site involves transferring personal data outside Türkiye and outside the European Economic Area.

For transfers from Türkiye, we rely on the appropriate safeguards under KVKK Article 9, in particular the standard contract (standart sözleşme) approved by the Personal Data Protection Board, which we are putting in place with our providers. These standing transfers do not rely on the one-off explicit-consent exception.

For transfers from the European Economic Area to the United States, the safeguard depends on the provider:

  • Cloudflare is certified under the EU-US Data Privacy Framework (DPF), with EU Standard Contractual Clauses (SCCs) as a fallback.
  • Google is certified under the EU-US Data Privacy Framework (DPF).
  • Airtable is not DPF-certified; transfers rely on EU Standard Contractual Clauses (SCCs).

The EU-US Data Privacy Framework rests on the European Commission's 2023 adequacy decision, which is valid and operational in 2026 but is currently under appeal before the Court of Justice of the European Union (the Latombe case). If that decision were invalidated, the DPF-based transfers would continue under the Standard Contractual Clauses instead.

How long we keep data

  • Contact and lead records: kept for the duration of our relationship and for up to three years after our last contact, unless a longer period is required by law or you ask us to erase them sooner.
  • Analytics data: retained in aggregate according to our Google Analytics settings, currently up to 14 months.
  • Cloudflare Web Analytics: only aggregate statistics, with no cookie or individual identifier, kept by Cloudflare for a limited period.
  • Consent records: kept for as long as needed to evidence the consent you gave and to meet our accountability obligations.

When a retention period ends, we delete or irreversibly anonymise the data.

Data security

We take reasonable technical and organisational measures to protect personal data against loss, misuse, and unauthorised access. Traffic to the site is encrypted in transit (HTTPS), access to the lead records is limited to people who need it, and the form is shielded by Cloudflare Turnstile against automated abuse. Our providers maintain their own recognised security programmes. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to keep our safeguards current.

Your rights

Under KVKK Article 11, you have the right to:

  1. learn whether your personal data is being processed;
  2. request information if your personal data has been processed;
  3. learn the purpose of the processing and whether your data is used in line with that purpose;
  4. know the third parties, in Türkiye or abroad, to whom your data is transferred;
  5. request correction of your data if it is incomplete or incorrectly processed;
  6. request erasure or destruction of your data within the conditions of Article 7;
  7. request that any correction, erasure, or destruction be notified to the third parties to whom your data was transferred;
  8. object to any result that arises against you solely from the automated analysis of your data;
  9. claim compensation for damage you suffer because your data was processed unlawfully.

If the GDPR applies to you (for example, you are in the European Economic Area or the United Kingdom), you also have the right to access your data, to have it rectified or erased, to restrict or object to its processing, to data portability, to withdraw any consent at any time without affecting processing already carried out, and to lodge a complaint with a supervisory authority.

How to exercise your rights

To make a request (başvuru), contact us in any of these ways:

  • in writing, by post to our address above;
  • through your registered electronic mail (KEP) address, if we have one on file;
  • using a secure electronic signature or a mobile signature;
  • from an email address you have previously registered with us;
  • by writing to info@agentrof.com, which we accept as a practical first channel.

So that we can respond, please state your request clearly and give us enough detail to verify your identity. We will answer within 30 days of your request. If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Board (Kişisel Verileri Koruma Kurulu) in Türkiye. If the GDPR applies to you, you may also complain to the data protection supervisory authority in your country.

Cookies

We use a small set of strictly necessary first-party cookies to remember your language and your cookie choice, and, only after you opt in, Google Analytics cookies. No analytics cookie is set until you accept it. The cookies we may use are:

CookieProviderPurposeDurationCategory
agentrof_consentAgentrof (first-party)Stores your cookie preferenceAbout 180 daysStrictly necessary
pref_langAgentrof (first-party)Remembers your language choiceUp to 1 yearStrictly necessary
Cloudflare Turnstile (cf_* challenge)CloudflareBot and security verificationSession / short-livedStrictly necessary
_gaGoogleDistinguishes unique visitorsUp to 2 yearsAnalytics (consent only)
_ga_GooglePersists analytics session stateUp to 2 yearsAnalytics (consent only)

When you first visit, a cookie banner lets you Accept all, Reject non-essential, or Manage your choice. A preferences dialog toggles Analytics on or off, while strictly necessary cookies stay on because the site cannot work without them. Google Consent Mode v2 keeps analytics denied by default until you accept. You can change your choice at any time through the Cookie preferences button in the footer, and you can also clear or block cookies in your browser settings. For the full cookie list, durations, and controls, see our Cookie Policy.

Automated decision-making

We do not make decisions about you that produce legal or similarly significant effects based solely on automated processing or profiling. The bot check protecting the form assesses the submission, not you, and does not by itself decide anything about you.

Changes to this policy

We may update this notice as our site or the law changes. When we do, we will revise the date at the top of the page, and for material changes we will give clearer notice on the site. The current version is dated 1 July 2026.

Contact

For any question about this notice or your personal data, contact us at info@agentrof.com or by post at AGENTROF BİLİŞİM SİSTEMLERİ SANAYİ VE TİCARET LİMİTED ŞİRKETİ, Fatih Sultan Mehmet Mah., Balkan Cad. No:62/A, JustWork, Ümraniye, 34770 İstanbul, Türkiye.

Back to top

Cookie preferences

Choose which cookies Agentrof may use. Strictly necessary cookies keep the site working and stay on. Everything else is off until you turn it on.

Strictly necessary Always active

Needed for core functions: security and bot protection, remembering your language, and storing this cookie choice. The site cannot run without them, so they need no consent.

Analytics

Google Analytics helps us learn which pages are useful, using aggregated data. It loads only if you allow it, and is never used for advertising.

Separately, we run Cloudflare Web Analytics: a privacy-preserving, cookieless measure of aggregate traffic that sets no cookies and needs no consent. It cannot identify you, so it is not part of this choice.

Read our Cookie Policy