Privacy Policy & Legal Notice

1. Introduction

EndoGrup ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you visit our website endogrup.com (the "Website") or use our services.

This policy complies with the EU General Data Protection Regulation (GDPR), Turkish Personal Data Protection Law No. 6698 (KVKK), Swiss Federal Act on Data Protection (FADP), and other applicable data protection laws.

By accessing or continuing to use this Website, you acknowledge that analytics, advertising measurement, and security logging technologies may process technical and usage data from the start of your session as part of our service operation, fraud prevention, and performance measurement.

2. Data Controller

3. Information We Collect

3.1 Information You Provide Directly

• Contact Forms: Name, email address, subject, and message content
• Training Registration: Name, company name, job title, contact details, and training preferences
• Service Requests: Technical information about equipment requiring repair or service
• WhatsApp Communications: Messages sent via WhatsApp contact links

3.2 Information Collected Automatically

• Log Data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps
• Cookies: Session cookies, preference cookies, and analytics cookies (see Cookie Policy below)
• Analytics Data: Google Analytics data including user behavior, demographics, and interests
• Device Information: Device type, screen resolution, and language preferences
• Visitor Intelligence: For security and service improvement purposes, we collect approximate geographic location (country, region, city), Internet Service Provider (ISP) information, and page visit patterns via server-side processing. This data is derived from your IP address using third-party geolocation services and is stored in secure server logs accessible only to authorized personnel

3.3 Third-Party Sources

• Social Media: Public profile information if you interact with us on social platforms
• Business Partners: Information from authorized distributors or training partners

4. How We Use Your Information

4.1 Legal Basis for Processing (GDPR Article 6)

We process your personal data based on:

• Contract Performance / Pre-Contractual Steps: Processing is necessary to provide requested services and operate core website functions
• Legitimate Interests: Processing is necessary for security, fraud prevention, service improvement, campaign measurement, and business continuity
• Legal Obligation: Processing is required to comply with applicable legal and regulatory requirements
• Consent (where required by law): Used for specific optional activities such as certain direct marketing communications

4.2 Purposes of Processing

• Responding to inquiries and providing customer support
• Processing training registrations and course administration
• Providing technical service and repair services
• Sending service-related communications and updates
• Improving our website and services through analytics
• Marketing communications (only with your consent)
• Complying with legal and regulatory requirements
• Preventing fraud and ensuring website security

5. Cookie Policy

5.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide you with a better experience and allow certain features to function properly.

5.2 Types of Cookies We Use

• Essential Cookies: Required for basic website functionality (cannot be disabled)
• Analytics Cookies: Google Analytics to understand how visitors use our site
• Functional Cookies: Remember your preferences and settings
• Marketing and Measurement Cookies: Google Ads conversion and attribution tracking

5.3 Third-Party Cookies and Analytics

• Google Analytics: Website traffic analysis and user behavior
• Google Maps: Interactive maps on our Contact page
• YouTube: Embedded videos on our Video References page
• Social Media: Social sharing buttons (Facebook, Twitter, Instagram)
• Cloudflare Web Analytics: Privacy-focused website performance and traffic analytics provided by Cloudflare, Inc. This service collects anonymized page load metrics and does not use cookies or track individual users across sites

5.4 Mandatory Analytics and Advertising Measurement

Our website uses Google Analytics, Google Ads measurement technologies, and related logging controls as part of our standard service delivery, security monitoring, and campaign performance operations. These technologies may begin processing technical and behavioral data when you access the Website.

By using the Website, you acknowledge and accept this processing as part of our service terms and this Privacy Policy. If you do not agree, you must discontinue use of the Website and services.

5.5 Browser Controls and Data Rights

You may use browser and device settings to manage or block certain cookies and tracking technologies. Please note that restricting these technologies may limit website functionality, analytics quality, fraud prevention capability, or service availability.

Where local law grants additional rights regarding tracking technologies, you may exercise those rights by contacting us using the details in this Policy.

6. Data Sharing and Disclosure

6.1 We Share Data With:

• Service Providers: Hosting providers, email services, analytics platforms
• IP Geolocation Provider: ipinfo.io (used to derive approximate country/region/city and ISP from IP address for security logging)
• Payment Processors: For processing training fees and service payments
• Legal Authorities: When required by law or to protect our rights
• Business Partners: Authorized training centers and service partners (with your consent)

6.2 International Data Transfers

Your data may be transferred to and processed in countries outside the EU/EEA. We ensure appropriate safeguards are in place, including:

• EU Standard Contractual Clauses
• Adequacy decisions by the European Commission
• EU-US Data Privacy Framework (where applicable)

7. Data Retention

We retain your personal data only as long as necessary:

• Contact Inquiries: 2 years from last contact
• Training Records: 7 years for certification purposes
• Service Records: 5 years for warranty and quality assurance
• Analytics Data: 26 months (Google Analytics default)
• Marketing Consent: Until consent is withdrawn
• Visitor Intelligence Logs (IP, page, device, approximate location): Up to 12 months
• Security Audit Logs (blocked abuse/injection attempts): Up to 12 months
• Application Error Logs: Up to 12 months
• Mail Transport Logs: Up to 24 months

Where legally required (for example, dispute resolution, fraud investigations, or regulatory obligations), certain records may be retained for longer and then securely deleted or anonymized.

8. Your Rights (GDPR, Swiss FADP & KVKK)

You have the following rights regarding your personal data:

8.1 Right of Access

Request a copy of the personal data we hold about you

8.2 Right to Rectification

Request correction of inaccurate or incomplete data

8.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data (subject to legal obligations)

8.4 Right to Restriction

Request limitation of processing in certain circumstances

8.5 Right to Data Portability

Receive your data in a structured, machine-readable format

8.6 Right to Object

Object to processing based on legitimate interests or for marketing purposes

8.7 Right to Withdraw Consent

Where a processing activity is based on consent under applicable law, you may withdraw that consent at any time (without affecting the lawfulness of processing carried out before withdrawal).

8.8 Right to Lodge a Complaint

File a complaint with your local data protection authority

8.9 Turkish KVKK Article 11 Rights

If you are in Turkey, you may also exercise your rights under Law No. 6698 (KVKK), including learning whether your personal data is processed, requesting information about processing, requesting correction or deletion where conditions are met, and objecting to results produced exclusively by automated systems.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

• SSL/TLS encryption for data transmission
• Secure server infrastructure with regular security updates
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Employee training on data protection
• Incident response procedures

10. Children's Privacy

Our services are not directed to individuals under 16 years of age (or 18 where required by local law, such as the Turkish Personal Data Protection Law No. 6698). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will promptly delete such information.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR Article 33)
• Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms (GDPR Article 34)
• Notify the Turkish Personal Data Protection Authority (KVKK) as soon as possible in accordance with Article 12 of Law No. 6698
• Document all breaches and the remedial actions taken

12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

13. Visitor Tracking and Logging

Our website uses tracking mechanisms (tracker.php) to monitor website usage, detect security threats, and improve user experience. This includes:

• Page views and navigation patterns
• Referral sources
• Technical information (IP address, browser type, device type)
• Approximate geographic location (country, city) derived from IP address
• Internet Service Provider (ISP) information

This data is processed based on our legitimate interest in website security and improvement. You can object to this processing by contacting us.

This server-side security logging does not set advertising cookies by itself, but it is operated alongside our broader analytics and advertising measurement stack.

14. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing any personal data.

15. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending email notifications for material changes (if you have provided your email)

16. Contact Information

17. Supervisory Authorities

Turkey: Personal Data Protection Authority (KVKK - Kisisel Verileri Koruma Kurumu)
Website: www.kvkk.gov.tr

EU: Your local Data Protection Authority
List: EDPB Members

Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
Website: www.edoeb.admin.ch

18. Legal Basis Summary

Processing Activity	Legal Basis
Contact form processing	Consent / Contract performance
Training registration	Contract performance
Website analytics	Legitimate interest / Contract performance (service operation)
Marketing communications	Consent
Security logging	Legitimate interest

---

By accessing or using our website, you acknowledge and accept the data processing practices described in this Privacy Policy, including analytics, advertising measurement, and security logging as part of service operation.
If you do not agree with this policy, please do not use our website or services.