Privacy Policy

1. Introduction

TrueThinks Ltd ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Clientrue platform and related services.

We operate in compliance with:

• UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018
• EU General Data Protection Regulation (EU GDPR) - Regulation (EU) 2016/679
• Turkish Personal Data Protection Law (KVKK) - Law No. 6698

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information You Provide

• Identity Data: First name, last name, username, title
• Contact Data: Email address, telephone numbers, postal address
• Business Data: Company name, job title, department
• Account Data: Login credentials, account preferences
• Financial Data: Payment card details, billing information
• Communication Data: Your correspondence with us and your contacts

3.2 Automatically Collected Data

• Technical Data: IP address, browser type and version, device information, operating system
• Usage Data: Pages visited, features used, time spent on the platform
• Location Data: Country and city based on IP address

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

• Contract Performance: To provide our CRM services as agreed in our terms of service
• Legitimate Interests: To improve our services, prevent fraud, and for business analytics
• Legal Obligation: To comply with applicable laws and regulations
• Consent: For marketing communications and optional features (where applicable)

5. How We Use Your Data

We use your personal data to:

• Provide, maintain, and improve our CRM platform
• Process transactions and send related information
• Send administrative messages, updates, and security alerts
• Respond to your comments, questions, and support requests
• Analyse usage patterns to improve user experience
• Detect, prevent, and address technical issues and fraud
• Send marketing communications (with your consent)
• Comply with legal obligations

6. Data Sharing and Disclosure

We may share your personal data with:

• Service Providers: Third-party vendors who assist in providing our services (hosting, payment processing, analytics)
• Business Partners: Partners who offer complementary services with your consent
• Legal Authorities: When required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal data to third parties.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreement (IDTA) for UK transfers
• Adequacy decisions where applicable
• Binding Corporate Rules where approved

8. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this policy, unless a longer retention period is required or permitted by law. Retention periods vary depending on:

• The nature of the data and why it was collected
• Legal, regulatory, tax, accounting, or reporting requirements
• Whether there is an ongoing business need

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

9. Your Rights

Under applicable data protection laws, you have the following rights:

To exercise your rights, please contact us at [email protected] or use the data request feature in your account settings.

10. Additional Rights for Turkish Residents (KVKK)

If you are a resident of Türkiye, in addition to the rights above, you have the right to:

• Learn whether your personal data is being processed
• Request information about processing activities
• Learn the purpose of processing and whether it is being used for that purpose
• Know the third parties to whom your data is transferred domestically or abroad
• Request compensation for damages arising from unlawful processing

You may submit your requests to the Data Controller Representative for Türkiye or file a complaint with the Personal Data Protection Authority (KVKK).

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response procedures

12. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

13. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through a notice on our platform. We encourage you to review this policy periodically.

15. Supervisory Authorities

You have the right to lodge a complaint with a supervisory authority:

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: