Privacy Policy
Atabaş Grup Dış Tic. Ltd. Şti. · Transparency, lawful processing and responsible data handling
This Privacy Policy explains how Atabaş Grup Dış Tic. Ltd. Şti. processes personal data when individuals interact with our website, communicate with our teams, submit business inquiries, subscribe to updates, use our forms or otherwise engage with our services. It is written to provide a clear, professional and practical explanation of what data we collect, why we collect it, how we use it, how long we keep it and how individuals can exercise their rights.
Policy Snapshot
- ControllerAtabaş Grup Dış Tic. Ltd. Şti.
- Main ScopeWebsite visitors, business contacts, customers, suppliers and inquiry senders
- Primary SourcesWebsite forms, direct communications, cookies, operational records
- Core PurposesCommunication, contract handling, compliance, security and service delivery
- Legal FrameworkApplicable privacy laws, including GDPR principles where relevant
- Data SharingLimited to group operations, service providers and lawful disclosures
- TransfersHandled only where operationally necessary and lawfully supported
- RetentionOnly as long as needed for legal or business purposes
- RightsAccess, correction, deletion, restriction and related legal rights
- Related PagesCookie Policy, GDPR Compliance Policy, Contact Us
A stronger and clearer privacy framework
The live page already states that Atabaş Group processes personal data lawfully and transparently. This redesigned version preserves that foundation while presenting the information in a more complete, more professional and easier to navigate structure.
Atabaş Group values privacy as part of responsible corporate conduct. Personal data is processed only for legitimate, defined and proportionate purposes connected to business communication, service delivery, legal compliance, operational administration, website functionality and security. We seek to handle personal data fairly, transparently and with appropriate safeguards.
This Policy applies to personal data collected through our website, forms, contact channels, newsletter or subscription interactions, commercial discussions, supplier or customer onboarding processes, event participation and related business records. It also explains how cookies and similar technologies may be used when individuals visit our digital services.
Where a local law grants stronger protection or imposes additional obligations, those local requirements should be read together with this Policy. This document is intended to provide a high standard privacy baseline for individuals who interact with Atabaş Group in a business or website context.
Scope of this Privacy Policy
Privacy notices are stronger when they clearly define whose data is involved and in which contexts the notice applies.
Individuals who browse our website, read our pages, interact with cookies, review our content or submit forms through online channels.
Representatives of counterparties, prospective clients, suppliers, logistics partners, service providers and other business stakeholders.
Individuals who contact Atabaş Group through email, phone, contact forms, complaint channels, newsletter signups or operational communications.
Personal data we may collect, organized by use
The live privacy page lists contact, business, website, visitor and communication data. This version preserves that logic while grouping the information more clearly.
Identity and contact data
We may collect names, titles, company names, business addresses, telephone numbers, email addresses, job roles and related contact details when individuals communicate with us, submit forms or interact with our business teams.
- Name
- Email address
- Phone number
- Job title
- Company details
Commercial and operational data
Where relevant to a transaction or business relationship, we may process company information, invoicing details, tax or registration data, order details, complaint records, due diligence information and basic billing or payment related records necessary to manage operations lawfully.
- Order details
- Invoice data
- Supplier records
- Due diligence inputs
- Contract administration
Website usage and technical data
When individuals use our website, we may receive technical information such as IP address, browser type, device information, cookie preferences, usage patterns, form submission metadata and other limited online identifiers needed for website administration, analytics, security and user experience functions.
- IP address
- Device data
- Cookies
- Usage logs
- Consent preferences
Communication and support data
We may keep copies of communications, inquiry details, complaint messages, support requests, follow up correspondence and related records where this is necessary to respond, maintain business continuity, improve service quality or demonstrate a lawful handling history.
- Emails
- Contact forms
- Complaint logs
- Inquiry history
- Support communication
Sources of personal data, kept proportionate
A modern privacy page should explain not only what data is processed, but where it comes from.
Most personal data is collected directly when someone contacts us, submits a form, requests information, signs up for updates, enters a business relationship or otherwise communicates with Atabaş Group.
Certain data may be generated through website use, access logs, cookies, security tools, transactional records, third party service providers or counterparties participating in the same commercial process.
Processing purposes, clearly linked to operations
The live page correctly links data use to contracts, legal obligations, service improvement, security and communication. The structure below makes those purposes easier to understand and verify.
To answer messages, provide requested information, manage contact requests, handle complaints and maintain a reliable communication history.
To onboard business contacts, manage orders, process documents, coordinate suppliers, handle billing and support ongoing commercial operations.
To comply with tax, accounting, audit, sanctions, regulatory, record keeping and lawful disclosure obligations.
To support website security, fraud prevention, internal controls, incident management and the protection of our legitimate business interests.
To understand website performance, optimize user experience, measure service usage and maintain the quality and functionality of our digital platforms.
To share relevant updates, newsletters or service information where an individual has requested them or where communication is otherwise lawful.
When processing is lawfully justified
Because the website and related policies reference GDPR aligned standards, the legal basis section should be explicit and practical.
| Legal Basis | What it means in practice | Typical examples |
|---|---|---|
| Consent | Processing takes place because an individual has clearly agreed to it. | Newsletter signup, optional cookies, marketing communications where consent is required. |
| Contractual necessity | Processing is needed to enter into, perform or manage a contract or requested pre contract step. | Handling orders, supplier onboarding, responding to a business request that may lead to a transaction. |
| Legal obligation | Processing is necessary to comply with applicable laws or regulatory duties. | Tax records, accounting obligations, lawful disclosures, record keeping requirements. |
| Legitimate interests | Processing supports a legitimate business purpose that is not overridden by individual rights. | Website security, corporate administration, fraud prevention, maintaining communication records. |
How website tools and cookies support functionality
The live page already states that cookies and similar tools are used to improve user experience. This section gives that statement a more complete compliance structure.
Our website may use cookies and related technologies for strictly necessary functions, preference storage, analytics and other purposes explained through our consent interface and Cookie Policy. Individuals can usually manage cookie settings through the website consent tool or their browser preferences.
Where consent is required for non essential cookies, those technologies should not be activated until the relevant choice has been made. Blocking certain cookies may affect website functionality, saved preferences or the availability of some content and features.
When personal data may be shared responsibly
Data sharing should be limited, necessary and linked to a clear operational or legal reason.
Personal data may be shared with Atabaş Group entities and trusted service providers that support hosting, IT services, communications, website operations, advisory services, logistics, payment or other business administration functions, but only to the extent reasonably necessary.
Where required by law or legitimately necessary in a corporate process, data may be disclosed to courts, regulators, law enforcement, auditors, insurers, professional advisers or parties involved in a reorganization, acquisition or similar transaction.
Cross border handling, where necessary
Because Atabaş Group operates in international trade, it is appropriate to explain that some data handling may cross borders under lawful safeguards.
In some situations, personal data may be accessed, stored or transferred outside the individual’s country as part of international business communication, group operations, hosting arrangements or service provider support. When such transfers occur, Atabaş Group seeks to apply appropriate safeguards and legal mechanisms required by the applicable framework.
The exact transfer mechanism may vary depending on the jurisdictions involved, the service model, the nature of the processing activity and the legal standards that apply to the data in question.
How long personal data is kept and reviewed
A strong privacy notice should explain that retention is tied to business need and legal duty, not convenience.
How personal data is protected in practice
The live page already mentions technical and organizational measures. This section turns that statement into a stronger governance message without making unrealistic promises.
Access to personal data should be limited to personnel or providers who need it for a legitimate function and are expected to act under appropriate confidentiality duties.
Atabaş Group may use procedures, system controls, provider oversight, staff awareness and internal checks to reduce the risk of unauthorized access, loss or misuse.
Security arrangements are designed to reflect the sensitivity of the data, the purpose of the processing and the practical risks associated with the relevant activity.
Rights that individuals may exercise under applicable law
The live page refers to access, correction, deletion and restriction rights. This page presents them in a more complete and more useful format.
| Right | What it generally allows | Important note |
|---|---|---|
| Access | To ask whether personal data is processed and to request a copy where the law provides that right. | Identity verification may be required before disclosure. |
| Correction | To request that inaccurate or incomplete personal data be corrected. | Supporting information may be needed to validate the request. |
| Deletion | To ask for deletion in situations where there is no continuing legal basis to keep the data. | This right is not absolute and may be limited by legal obligations. |
| Restriction | To ask for limited processing while a dispute or legal assessment is ongoing. | Available only in certain legal circumstances. |
| Objection | To object to certain processing, especially where based on legitimate interests or direct marketing rules. | The outcome depends on the specific legal basis involved. |
| Withdraw consent | To withdraw consent where processing relies on consent. | Withdrawal does not affect earlier lawful processing. |
A practical route for privacy related questions
A privacy notice should make it easy for people to act on their rights without overcomplicating the process.
Individuals who wish to exercise a privacy right, update their information, ask a question about this Policy or raise a concern about data handling may contact Atabaş Group using the contact information provided on our website. To protect personal data, we may ask for enough information to verify identity and understand the request before responding.
Where a concern cannot be resolved directly, an individual may also have the right to contact the relevant supervisory or data protection authority under the rules that apply to their situation.
How this policy supports corporate trust
A strong privacy page should not rely on generic statements alone. It should show that the business treats privacy as part of disciplined governance and professional communication.
Individuals should be able to understand what data is processed, for what reason and under which basic legal framework.
Data handling should remain connected to a legitimate operational purpose and should not exceed what is reasonably necessary.
Access, retention, sharing and rights handling should be supported by internal discipline rather than informal or undocumented practice.
Common privacy questions, answered clearly
FAQ content strengthens readability, search usefulness and user confidence when written in a precise and non exaggerated way.
Does this Privacy Policy apply only to website visitors?
No. It applies both to website related interactions and to broader business communications involving customers, suppliers, prospective partners and other contacts who share personal data with Atabaş Group.
Why does Atabaş Group need personal data in a business context?
Because communication, contract administration, supplier coordination, regulatory compliance, website functionality, complaint handling and security all require a limited amount of personal data to operate responsibly.
Will personal data be shared with third parties?
Personal data may be shared with service providers, group entities, advisers or authorities where that is operationally necessary or legally required. The intention is to keep sharing limited and purpose based, not broad or uncontrolled.
How long does Atabaş Group keep personal data?
Retention depends on the purpose of collection, the legal framework, the existence of a business relationship, audit or record keeping obligations and any continuing need to defend or manage claims.
Can a person ask to access or correct their data?
Yes, where the applicable law provides such a right. A request may be subject to identity verification and to any limitations created by legal obligations or competing rights.
How is this page different from the GDPR Compliance Policy?
This Privacy Policy is a general notice explaining how personal data is handled in practice. The GDPR Compliance Policy provides a more focused governance level explanation of data protection commitments and compliance standards.
Questions about privacy, cookies or data handling
Review the related legal pages or contact Atabaş Group through the official contact channels on the website
A credible privacy policy should be clear, restrained and operationally realistic.