Linkedin

Vedubox

Vedubox is coming to HRSE Dubai 2025 — join us on 22–23 October at the Dubai World Trade Centre!

More Info
Sign In
Try Now

Data Protection Policy

VEDUBOX GLOBAL DATA PROTECTION POLICY

(GDPR, UK DPA 2018, and KVKK Compliant)


1. INTRODUCTION

This Global Data Protection Policy (“Policy”) is issued by Etgi Grup Bilişim Teknolojileri Yazılım Donanım Bilgisayar Mimarlık Mühendislik İnşaat Taahhüt İthalat İhracat Ticaret A.Ş., trading as Vedubox (“Vedubox”, “Company”, “we”, “our”), acting as Data Controller.

Vedubox is committed to protecting personal data and ensuring compliance with the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the Turkish Law No. 6698 on the Protection of Personal Data (KVKK), and other applicable international data protection laws.

2. PURPOSE AND SCOPE

2.1. This Policy defines how Vedubox collects, uses, transfers, stores, and safeguards personal data belonging to users, customers, employees, suppliers, and other natural persons.

2.2. It applies globally to all Vedubox services, websites, cloud systems, and communication platforms, including vedubox.com, vedubox.co.uk, and associated applications.

3. LEGAL FRAMEWORK

Vedubox complies with:

EU Regulation (EU) 2016/679 (GDPR),

UK Data Protection Act 2018 and UK GDPR,

Turkish Law No. 6698 (KVKK),

Council of Europe Convention 108+,

Applicable privacy and electronic communications laws (including PECR).

4. PRINCIPLES OF DATA PROCESSING

Vedubox processes personal data in accordance with the following principles:

Lawfulness, fairness, and transparency – processing in a lawful and open manner;

Purpose limitation – collected for specified, legitimate purposes;

Data minimization – only necessary data is processed;

Accuracy – data kept accurate and up-to-date;

Storage limitation – retained only as long as necessary;

Integrity and confidentiality – secured against unauthorized access or loss;

Accountability – Vedubox is responsible for demonstrating compliance.

5. LAWFUL BASES OF PROCESSING

Vedubox lawfully processes personal data when:

The data subject has given explicit consent;

Processing is necessary for contract performance or pre-contractual steps;

Processing is required for legal compliance;

Processing protects vital interests of an individual;

Processing serves Vedubox’s legitimate business interests, provided such interests do not override the individual’s fundamental rights.

6. PURPOSES OF PROCESSING

Personal data is processed for the following legitimate purposes:

Delivering, operating, and improving Vedubox’s online education, LMS, and communication services;

Managing customer relationships and providing support;

Performing billing, payment, and accounting operations;

Conducting marketing, campaign, and promotional activities (subject to consent);

Ensuring IT and network security, fraud prevention, and compliance;

Meeting legal and regulatory obligations;

Managing internal audits, risk management, and administrative operations.

7. DATA COLLECTION AND RETENTION

7.1. Vedubox collects personal data directly from users, through automated means (cookies, analytics), and via lawful third-party sources.

7.2. Personal data is retained only for as long as necessary for the purpose it was collected or as required by applicable law.

7.3. Once the purpose of processing ceases, data is securely deleted, anonymized, or pseudonymized according to internal retention schedules.

8. DATA TRANSFERS

8.1. Vedubox may transfer data to group companies, service providers, or public authorities within or outside the European Economic Area (EEA) or Türkiye.

8.2. International data transfers are conducted using appropriate safeguards, such as:

Adequacy decisions (Article 45 GDPR);

Standard Contractual Clauses (SCCs) or UK International Data Transfer Addendum (IDTA);

Binding Corporate Rules (BCRs);

Explicit data subject consent.

8.3. Vedubox ensures all third parties adhere to equivalent data protection standards through written data processing agreements.

9. DATA SECURITY

Vedubox employs robust technical and organizational security measures, including:

Role-based access control and encryption;

Secure data transmission (TLS/SSL) and storage;

Regular vulnerability and penetration testing;

Incident detection, response, and breach notification procedures;

Confidentiality agreements and staff awareness training.

In case of a data breach, Vedubox will notify the competent supervisory authority and affected data subjects without undue delay in accordance with Articles 33–34 GDPR.

10. DATA SUBJECT RIGHTS

Under Articles 12–23 GDPR and Article 11 KVKK, individuals have the right to:

Be informed about the processing of their personal data;

Access their personal data;

Request rectification of inaccurate or incomplete data;

Request deletion (“right to be forgotten”);

Restrict or object to processing;

Exercise data portability;

Withdraw consent at any time;

Lodge a complaint with a supervisory authority.

Requests are handled free of charge unless manifestly unfounded or excessive.

11. DATA PROTECTION OFFICER (DPO)

Vedubox has appointed a Data Protection Officer to oversee compliance, advise management, and act as the main contact point for data subjects and authorities.

Email: dpo@vedubox.com


12. COMPLAINTS AND SUPERVISORY AUTHORITIES


Data subjects may contact the following supervisory authorities:

Türkiye: Personal Data Protection Authority (KVKK Kurumu),

United Kingdom: Information Commissioner’s Office (ICO),

European Union: The relevant supervisory authority of their Member State.

Vedubox encourages individuals to contact the DPO first for efficient resolution.


13.GOVERNING LAW AND JURISDICTION


This Policy shall be governed by and interpreted in accordance with the laws of the Republic of Türkiye.

Vedubox also ensures compliance with EU GDPR and UK DPA 2018 for users within those jurisdictions.

Any disputes arising shall fall under the exclusive jurisdiction of the Ankara Courts and Enforcement Offices.


14. POLICY REVIEW AND UPDATES

Vedubox reserves the right to amend this Policy at any time to reflect regulatory or operational changes.

The updated version will always be available at www.vedubox.com  and takes effect upon publication.

Effective Date: January 2025

Last Updated: October 2025