PRIVACY&DATASECURITY

Monolith Works ('Company') prioritizes the security of your personal data at the highest level. This document is prepared in compliance with the Personal Data Protection Law (KVKK) and the European General Data Protection Regulation (GDPR) standards. All data collected through our platform is processed by our company as the 'Data Controller' within the framework of these principles.

We collect your data through two main channels while providing our services:

• Active Data Collection: Data you provide voluntarily through contact forms, offer request processes, newsletter subscriptions, and the client login panel.
• Passive (Automatic) Data Collection: IP address, geographic location, browser type, and site interaction maps collected via cookies, server logs, and telemetry tools.

The collected data is used for the following legitimate purposes:

• Operational Processes: Fulfilling your service requests, preparing offers, and managing projects.
• System Optimization: Improving website performance, personalizing user experience, and debugging.
• Security Measures: Preventing unauthorized access, detecting cyber attacks, and fulfilling legal obligations.
• Communication Management: Marketing newsletters, updates, and collaboration announcements (subject to your consent).

Monolith Works infrastructure applies high-level technical measures to secure your data:

• Cryptography: All data transfers are protected by SSL/TLS 1.3 technologies and AES-256 encryption layers.
• Access Control: Access to data is limited on a 'Need-to-Know' basis, with ISO 27001 compliant access management.
• Continuous Monitoring: Our systems are audited 24/7 with penetration tests, anomaly detection algorithms, and firewalls.

Your data is never sold or shared as a commercial commodity, except for legal requirements. However, to enhance service quality, data may only be shared with the following 'Limited Stakeholders':

• Infrastructure Providers: Secure server providers like AWS, Google Cloud, and Cloudflare.
• Analytic Partners: Google Analytics and PostHog (using fully anonymized data) to analyze site traffic.
• Legal Authorities: Mandatory sharing within the framework of official and legal requests from judicial authorities.

Your universal rights as a data subject:

• Right to learn whether your personal data is being processed.
• Right to request information if your data has been processed.
• Right to know the purpose of processing and if used accordingly.
• Right to know third parties to whom data is transferred.
• Right to request rectification of incomplete or inaccurate data.
• Right to erasure or destruction of data (Right to be Forgotten).
• Right to object to automated decision-making processes.