Legal

Privacy Policy

Protecting the privacy of your personal data is a priority for us. This policy explains how we collect, process and protect your data.

Last updated: December 15, 2024Approximately 6 min readKVKK & GDPR compliant

Overview

As CMR System, we are committed to protecting the privacy of your personal data and acting in accordance with the requirements of KVKK and GDPR .

This policy explains what information is collected while using our platform, how it is used, how long it is stored and with which security measures it is protected. By using our services, you are deemed to have accepted this policy.

Our Principles

Four core principles that shape our data processing practices.

Openness

We share our data processing practices in a clear and transparent manner.

Security

Data is protected with industry-standard encryption.

Data Minimization

We collect only the data necessary for the service.

User Control

You can easily exercise all your rights over your data.

Information Collected

The categories of data we collect in order to provide our services.

  • Personal identity information (first name, last name, email)
  • Contact information (phone, address)
  • Company information (title, tax number)
  • Usage data and cookies
  • CMR document contents

Use of Information

The purposes for which we process the data we collect.

  • Service provision and continuous improvement
  • Providing customer support
  • Fulfilling legal obligations
  • Billing and payment transactions
  • Security and fraud prevention

Information Sharing

Whom we share your data with and under what conditions.

  • Not shared with third parties except for legal obligations
  • Service providers (payment, hosting, email)
  • In accordance with court orders and legal requests
  • In the event of a company merger or acquisition

Data Security

The measures we take to keep your data protected.

  • End-to-end encryption with TLS 1.3
  • Regular security tests and audits
  • Role-based access control and authorization
  • Automatic backup and disaster recovery
  • ISO 27001 compliant security standards

User Rights

The rights granted to you under KVKK and GDPR.

  • The right to access your data
  • The right to rectification and updating
  • The right to erasure (the right to be forgotten)
  • The right to data portability
  • The right to object to processing

Cookies

The types of cookies we use on the platform and their purposes.

  • Essential cookies (session management)
  • Analytics cookies (usage statistics)
  • Performance cookies (site optimization)
  • Marketing cookies (personalization)
  • You can manage your cookie preferences at any time

Retention Periods

Data is deleted or anonymized when the purpose of processing ceases to exist or the legal period expires.

Data CategoryRetention Period
Account informationAs long as the account is active + 3 years
CMR / Invoice / Packing documents10 years (legal obligation)
Payment records10 years (Tax Procedure Law)
Support tickets2 years after resolution
Marketing preferencesUntil consent is withdrawn
Analytics / log data12 months

Data Controller

CMR Sistemi

Istanbul, Turkey

Contact

To exercise your data rights or to ask questions about our policy:

Send EmailContact Form

Your applications are answered within 30 days at the latest under Article 13 of the KVKK.

Terms of UseCookie PolicyKVKK / GDPR