Effective date: 13 June 2025
1. Data Controller
GROWMIRE TEKNOLOJİ ANONİM ŞİRKETİ ("GROWMIRE") acts as the data controller for processing on this website.
2. Data Protection Officer
Given the scale and nature of our processing, a formal DPO appointment is not legally required. Nevertheless, we have designated an internal privacy lead who can be reached atinfo@growmire.com.
3. Legal Bases for Processing
- Contractual necessity (Art. 6 §1 (b)) – Processing contact-form enquiries.
- Legitimate interests (Art. 6 §1 (f)) – Ensuring security, preventing fraud, improving performance.
- Consent (Art. 6 §1 (a)) – Deploying non-essential cookies & analytics.
- Legal obligation (Art. 6 §1 (c)) – Complying with tax, accounting, and regulatory laws.
4. GDPR Principles We Follow
- Lawfulness, fairness, transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
5. Sub-Processors
We maintain written Data Processing Agreements (DPAs) with all sub-processors:
| Processor | Service | Location | Safeguards |
|---|---|---|---|
| Google LLC | Analytics & reCAPTCHA | USA | Standard Contractual Clauses (2021/914/EU) |
6. International Transfers
When data leave the EEA, we rely on SCCs plus supplementary measures such as encryption, data minimisation, and limited retention.
7. Data Subject Rights
Data subjects can exercise the following rights under Articles 15-22:
- Access
- Rectification
- Erasure ("Right to be forgotten")
- Restriction
- Portability
- Objection
- Automated decision-making opt-out (not applicable—no profiling)
8. DPIAs & Risk Assessments
We perform Data Protection Impact Assessments when introducing any new technology or process that could involve high-risk profiling or sensitive data.
9. Data Breach Response
We follow a documented incident-response plan: (i)identify & contain, (ii)assess likely impact, (iii)notify the supervisory authority within 72 hours, (iv)communicate with affected data subjects if risk is high.
10. Staff Training & Awareness
All employees receive onboarding privacy training and annual refreshers; engineers follow secure coding practices and least-privilege access.
11. Audit & Certification
Our cloud infrastructure provider holds ISO 27001, SOC 2 Type II, and PCI-DSS certifications. Internal audits are performed bi-annually.
12. Contact & Complaints
Email info@growmire.com. EU residents may also lodge complaints with their local Data Protection Authority.