Legal Information

Data Protection Notice

Last Updated: April 7, 2026

This Data Protection Notice ("Notice") is provided by Avchare ("Avchare," "we," "us," or "our") as the data controller responsible for the processing of your personal data. This Notice is intended to inform you about how we process your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK General Data Protection Regulation ("UK GDPR"), the Turkish Law on the Protection of Personal Data No. 6698 ("KVKK"), and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

  • Avchare
  • Email: support@avchare.com
  • Website: www.avchare.com

For any inquiries regarding the processing of your personal data, you may contact our Data Protection Officer at support@avchare.com.

2. Categories of Personal Data We Process

We may process the following categories of personal data:

  • Identity Data: Full name, username, title, date of birth, and government-issued identification numbers where legally required.
  • Contact Data: Email address, postal address, telephone number.
  • Financial Data: Payment card details, bank account information, billing records, and transaction history.
  • Technical Data: IP address, browser type and version, device identifiers, operating system, time zone setting, and other technology on the devices you use to access the Services.
  • Usage Data: Information about how you use the Services, including pages visited, features used, time spent, click patterns, and search queries.
  • Communications Data: Records and content of correspondence and communications with us, including support tickets, feedback, and survey responses.
  • Professional Data: Company name, job title, industry, and professional role.

3. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases:

PurposeLegal Basis
Providing and managing the ServicesPerformance of contract
Account registration and authenticationPerformance of contract
Processing payments and billingPerformance of contract
Customer support and communicationsPerformance of contract / Legitimate interest
Improving and developing the ServicesLegitimate interest
Security and fraud preventionLegitimate interest / Legal obligation
Marketing and promotional communicationsConsent
Analytics and usage statisticsLegitimate interest / Consent
Compliance with legal obligationsLegal obligation

4. Recipients and Data Sharing

Your personal data may be shared with the following categories of recipients:

  • Service Providers: Third-party providers who process data on our behalf (hosting, payment processing, analytics, email delivery, customer support tools). All service providers are bound by data processing agreements that comply with applicable data protection laws.
  • Professional Advisors: Lawyers, auditors, and consultants as necessary for business operations.
  • Regulatory Authorities: Government bodies, law enforcement, and regulatory agencies where disclosure is required by law or to protect our legal rights.
  • Business Successors: Potential buyers or successors in the event of a merger, acquisition, or restructuring.

5. International Transfers

Your personal data may be transferred to, stored, and processed in countries outside the European Economic Area (EEA), the United Kingdom, or Turkey. When such transfers occur, we ensure that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • UK International Data Transfer Agreement or Addendum, as applicable.
  • Adequacy decisions by the European Commission for the recipient country.
  • Compliance with KVKK requirements for cross-border transfers, including obtaining necessary approvals from the Personal Data Protection Board where required.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Our retention criteria include:

  • Active Account Data: Retained for the duration of your account and subscription.
  • Post-Termination: Retained for up to 30 days after account closure for data export, then securely deleted.
  • Financial Records: Retained for a minimum period as required by applicable tax and commercial laws (typically 5-10 years).
  • Legal Claims: Data relevant to potential legal claims may be retained for the applicable statute of limitations period.
  • Consent-Based Processing: Retained until you withdraw consent or until no longer necessary.

7. Your Rights

Under applicable data protection laws, you have the following rights:

7.1 Under GDPR / UK GDPR

  • Right of Access (Art. 15): Obtain confirmation whether your data is being processed and request a copy.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your data in certain circumstances.
  • Right to Restriction (Art. 18): Request restriction of processing in certain circumstances.
  • Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
  • Right not to be Subject to Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing that produce legal or significant effects.
  • Right to Withdraw Consent (Art. 7): Withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: File a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

7.2 Under KVKK (Turkish Data Protection Law)

In accordance with Article 11 of KVKK, you have the right to:

  • Learn whether your personal data is being processed.
  • Request information about processing if your data has been processed.
  • Learn the purpose of processing and whether it is being used in accordance with its purpose.
  • Know the third parties to whom your data has been transferred domestically or abroad.
  • Request rectification of incomplete or inaccurate data.
  • Request erasure or destruction of your data under conditions set forth in Article 7 of KVKK.
  • Request notification of rectification, erasure, or destruction actions to third parties to whom your data has been transferred.
  • Object to the occurrence of a result against you by means of analysis of your data exclusively through automated systems.
  • Claim compensation for damages arising from unlawful processing of your data.

8. Data Security Measures

We implement comprehensive technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access controls and multi-factor authentication for internal systems.
  • Regular security assessments, penetration testing, and vulnerability scanning.
  • Incident response and breach notification procedures.
  • Employee training on data protection and security awareness.
  • Physical security measures for data center facilities.
  • Regular backups with secure storage and disaster recovery procedures.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay in accordance with GDPR Article 34 and applicable local laws.

10. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of individuals, as required by GDPR Article 35. This includes processing involving new technologies, large-scale processing of sensitive data, or systematic monitoring.

11. Sub-Processors

We maintain a list of sub-processors that process personal data on our behalf. We conduct due diligence on all sub-processors and ensure they provide sufficient guarantees to implement appropriate technical and organizational measures. We will notify you of any intended changes to sub-processors, giving you the opportunity to object.

12. Exercising Your Rights

To exercise any of your rights under this Notice, you may:

  • Email our Data Protection Officer at support@avchare.com.
  • Use the data management tools available in your account settings.
  • Submit a written request to our registered address.

We will respond to your request within 30 days (or within the timeframe specified by applicable law). We may request verification of your identity before processing your request. If we need additional time, we will inform you of the extension and the reasons for the delay.

13. Changes to This Notice

We may update this Data Protection Notice from time to time to reflect changes in our processing activities, legal requirements, or organizational practices. We will notify you of material changes through the Services or via email and update the "Last Updated" date accordingly.

14. Contact Information

For questions or concerns about this Notice or our data protection practices:

  • Avchare
  • Data Protection Officer: support@avchare.com
  • General Inquiries: info@avchare.com
  • Website: www.avchare.com