GDPR & KVKK Compliance
Last Updated: March 2026
Effective Date: March 2026
Narsent operates in full compliance with the General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK). As a B2B SaaS provider, we typically act as a Data Processor on behalf of our clients (the Data Controllers).
1. Lawful Basis for Processing
We process corporate and associated contact data strictly on the basis of Legitimate Interest and Contractual Necessity, ensuring the technical delivery of our platform. We implement regular Data Protection Impact Assessments (DPIAs) for all major architectural changes.
2. Data Subject Rights
Authorized users within client organizations retain full rights to request access, rectification, restricted processing, and erasure (Right to be Forgotten) of any personally identifiable information (PII) residing on our servers, such as authentication logs or contact profiles.
3. Cross-Border Data Transfers
We utilize Standard Contractual Clauses (SCCs) and verified localized data residency options. For compliance with KVKK, data localization requirements are strictly adhered to via localized deployment centers, ensuring data sovereignty for Turkish enterprise entities.