PRIVACYANDDATASECURITY

Monolith Works ('the Company', 'we') acts as the 'Data Controller' under this policy. It covers all personal data obtained through our website, digital tools, communication channels and services. The policy may be updated by the Company without prior notice to maintain legal compliance; it is the user's responsibility to follow the current version.

Depending on the service and interaction, the following categories may be processed:

• Identity & Contact Data: Name, email, phone, company/title and similar details you provide.
• Customer Transaction Data: Quote requests, project briefs, correspondence and service records.
• Technical Data: IP address, device/browser information, approximate location, server logs and on-site interaction data.
• Marketing Data: Newsletter and campaign preferences, subject to your explicit consent.

We obtain personal data through two main channels:

• Active (Direct): Data you submit voluntarily via contact forms, quote processes, newsletter sign-ups and the authorized portal.
• Passive (Automatic): Technical data collected automatically through cookies, server logs and analytics tools.

Your data is processed based on the legal grounds set out in KVKK art. 5 and 6 (conclusion/performance of a contract, legitimate interest, legal obligation and explicit consent):

• Service Delivery: Fulfilling requests, preparing quotes and running projects.
• System Optimization: Measuring site performance, improving experience and debugging.
• Security: Preventing unauthorized access, detecting misuse and meeting legal obligations.
• Communication: Sending newsletters, updates and announcements subject to your consent.

We apply industry-standard administrative and technical measures to protect your data. However, no method of transmission or storage is 100% secure, and the Company cannot be held liable for indirect damages arising from breaches caused by force majeure or factors beyond its control.

• Encryption: SSL/TLS in transit and appropriate encryption layers for sensitive data.
• Access Control: Logged access limited on a 'need-to-know' basis.
• Monitoring: Firewalls, anomaly detection and regular audits.

Your data is never sold for commercial purposes. It may be shared only with limited partners to the extent required to deliver the service and with appropriate safeguards. Any cross-border transfer is carried out under the conditions required by KVKK.

• Infrastructure Providers: Suppliers providing hosting, CDN and email infrastructure.
• Analytics Partners: Tools providing anonymized traffic analysis.
• Legal Authorities: Lawful requests from competent public authorities.

Personal data is kept for as long as the processing purpose requires and for the statutory retention periods set by applicable law. Once the purpose ceases or the legal period expires, data is deleted, destroyed or anonymized. Commercial/legal records are retained for the minimum periods required by law.

Our site uses cookies and similar technologies to improve experience and measure performance. For a detailed classification and management of cookies, please see our 'Cookie Policy' page.

As a data subject, you have the following rights:

• Learn whether your personal data is processed and request information.
• Learn the purpose of processing and whether it is used accordingly.
• Know the third parties to whom data is transferred domestically or abroad.
• Request correction of incomplete or inaccurate data.
• Request erasure or destruction of your data.
• Object to outcomes against you resulting from automated analysis.

The Company reserves the right to update this policy at any time; changes take effect once published on this page. The Company cannot be held liable for uses outside the stated scope, for content you choose to share, or for the privacy practices of third-party sites.