Privacy Policy
Obiolink Privacy Policy
Effective Date: 04.05.2024 • Version: 1.0
At Obiolink (“Obiolink”, “we”), we value your privacy. This Privacy Policy explains how we collect, use, transfer, and protect your personal data within the scope of obiolink.com, our subdomains, our administrative panel, and all the services we provide (collectively, the “Service”). We aim to comply with the KVKK (Keywords Law) in Turkey and the GDPR in Europe.
Summary: The information you provide when setting up your account, the content on the linked pages you create, and the activity data of visitors to these pages are processed to provide the Service, ensure security, and measure performance. We do not sell your data; we only share it with our service providers and in accordance with legal obligations.
1) Data Controller and Contact
Email: [info@obiolink.com]
You can submit your requests under the KVKK and your rights under the GDPR through the communication channels above.
2) Scope and Roles (Data Controller/Data Processor)
As the account holder/customer, we are the data controller for most transactions in our relationship with you.
For data about visitors to your own Obiolink page (e.g., click statistics), you are the data controller, and Obiolink is the data processor. This information is shared upon your request under a Data Processing Agreement (DPA).
3) Categories of Data We Collect
Account and Profile Data: First/last name, email, username, avatar/profile image, company information, billing and subscription plan information.
Content Data: Link titles, URLs, button/icon configurations, theme/branding settings, cover and profile images, multilingual text, embedded content.
Campaign & Traffic Data: UTM parameters, referrer, QR code scan records, click counts, referring channels, device/OS/browser breakdowns, IP address (for security and coarse location analysis).
Usage and Technical Logs: Login/log records, error records, performance metrics, cookie identifiers/similar technologies.
Contact Data: Support requests, email correspondence, feedback forms.
Payment/Subscription Data: Payment status, billing, and collection information (your card data is stored with the payment institution; we do not store the full card number).
4) Processing Purposes and Legal Grounds
Purpose Examples Legal Ground
Providing the Service Account creation, publishing link pages, displaying analytics Contract performance (KVKK Art. 5/2-c, GDPR 6/1-b)
Security Abuse detection, fraud prevention, logging Legitimate interest (KVKK Art. 5/2-f, GDPR 6/1-f)
Improvement & Analytics Product development, performance and feature optimization Legitimate interest
Marketing (Permissioned) Newsletter/feature announcements, campaign notifications Explicit consent (KVKK Art. 5/1, GDPR 6/1-a)
Legal obligation Financial records, response to requests and audits Legal obligation (KVKK Art. 5/2-ç, GDPR 6/1-c)
You can withdraw your consent at any time for transactions based on explicit consent.
5) Cookies and Similar Technologies
Mandatory cookies: Session and security.
Statistics/Performance cookies: Understand visits, clicks, and conversions.
Marketing/Tagging cookies (optional): UTM campaign analysis, multi-channel measurement.
You can manage your cookie preferences in your browser. Details in our Cookie Policy (coming soon/separate document) apply.
6) Data Sharing
Service providers: Hosting, content delivery network (CDN/WAF), storage/backup, email/message management, error tracking, analytics, payment and billing, authentication. These parties process data only in accordance with our instructions.
Customer instructions: Transfers within the scope of your own integrations (e.g., importing form data into your CRM).
Legal obligations: Proper requests from legal authorities.
Business transfer: In the event of a merger, acquisition, or asset sale, protection will be provided in accordance with this Policy.
We do not sell data.
7) International Transfers
Your data may be processed/stored on servers located in Turkey, the EU/EEA, or countries outside these regions.
Appropriate safeguards are provided, such as Standard Contractual Clauses (SCCs) under the GDPR, Board decisions under Article 9 of the KVKK, or explicit consent.
8) Retention Periods
Account data: The duration of your account + legal/technical requirements (e.g., backups).
Log and security records: 6–24 months depending on type.
Billing/financial records: Up to 10 years, as required by legislation.
Campaign/analytics breakdowns: Typically 24 months, depending on product requirements.
At the end of this period, data is securely anonymized or deleted.
9) Security
Encryption during transmission and storage, access controls, and authorization restrictions.
Up-to-date infrastructure and monitoring, vulnerability management, recording, and auditing.
Employee privacy commitments and training.
While 100% security cannot be guaranteed, we implement reasonable and industry-wide best practices.
10) Children's Privacy
The Service is not intended for children under the age of 18. Data from users under the age of 18 is not knowingly collected. If such a situation is detected, we will initiate deletion procedures.
11) User Rights
Your rights under Article 11 of the Personal Data Protection Law (KVKK):
To learn whether your personal data has been processed,
To request information if it has been processed,
To learn about its intended use,
To know the third parties to whom your personal data was transferred, both domestically and internationally,
To request rectification if it has been processed incompletely or incorrectly,
To request erasure/destruction (if applicable),
To request notification to third parties to whom it was transferred,
To object to a detrimental result arising from analysis by automated systems,
To request compensation for damages due to unlawful processing.
If you are subject to the GDPR, you also have the following rights:
Access, rectification, deletion ("right to be forgotten"), restriction of processing, data portability, objection, and withdrawal of consent.
Request: Verify your identity and submit it to us. We will respond within 30 days in accordance with the KVKK. The first request is generally free of charge; additional requests may incur a fee.
12) Our Customers' Visitors (Your Users)
You are the data controller for visitor data on your own Obiolink page. Obiolink acts as a data processor on your behalf:
You are responsible for responding to data subject requests; we provide technical support.
It is recommended that you mention Obiolink as a data processor in your privacy statements. A DPA is provided to our customers who request it.
13) Custom Domain and Integrations
Additional logs may be generated on pages you publish with a custom domain due to your DNS and hosting configurations.
Data transfer to third-party form, CRM, marketing, and pixel/tag tools you use is at your discretion. You are responsible for the privacy policies of these tools.
14) Third-Party Links
The external links and embedded content you include on Obiolink pages belong to third parties. We are not responsible for the privacy practices of these parties. We encourage your visitors to review the policies of these sites.
15) Policy Changes
We may update this Policy from time to time. The most current version is published on the site; we strive to notify you of significant changes via email/panel notifications. The new version takes effect when it is published.
16) Contact
For all privacy-related questions, requests, and complaints:
Email: [info@obiolink.com] • Subject: “Privacy Application (Obiolink)”
Please include the required documentation and request details for identity verification in your addressed applications.
Additional Notes (Product Transparency)
Analytics & UTM: We process UTM parameters for accurate tagging of source channels and campaign performance.
QR Codes: Basic logging is maintained for each scan to determine the campaign/channel/device breakdown.
SEO & Speed: Mandatory technical data is processed during Open Graph/Favicon/meta settings and caching/delivery optimizations.
Export/Download: You can download your analytics data as a CSV/Excel file from the panel.
Account Deletion: You can initiate the deletion process via “Delete My Account” in the panel (financial/registration obligations reserved).
Effective Date: 04.05.2024 • Version: 1.0
At Obiolink (“Obiolink”, “we”), we value your privacy. This Privacy Policy explains how we collect, use, transfer, and protect your personal data within the scope of obiolink.com, our subdomains, our administrative panel, and all the services we provide (collectively, the “Service”). We aim to comply with the KVKK (Keywords Law) in Turkey and the GDPR in Europe.
Summary: The information you provide when setting up your account, the content on the linked pages you create, and the activity data of visitors to these pages are processed to provide the Service, ensure security, and measure performance. We do not sell your data; we only share it with our service providers and in accordance with legal obligations.
1) Data Controller and Contact
Email: [info@obiolink.com]
You can submit your requests under the KVKK and your rights under the GDPR through the communication channels above.
2) Scope and Roles (Data Controller/Data Processor)
As the account holder/customer, we are the data controller for most transactions in our relationship with you.
For data about visitors to your own Obiolink page (e.g., click statistics), you are the data controller, and Obiolink is the data processor. This information is shared upon your request under a Data Processing Agreement (DPA).
3) Categories of Data We Collect
Account and Profile Data: First/last name, email, username, avatar/profile image, company information, billing and subscription plan information.
Content Data: Link titles, URLs, button/icon configurations, theme/branding settings, cover and profile images, multilingual text, embedded content.
Campaign & Traffic Data: UTM parameters, referrer, QR code scan records, click counts, referring channels, device/OS/browser breakdowns, IP address (for security and coarse location analysis).
Usage and Technical Logs: Login/log records, error records, performance metrics, cookie identifiers/similar technologies.
Contact Data: Support requests, email correspondence, feedback forms.
Payment/Subscription Data: Payment status, billing, and collection information (your card data is stored with the payment institution; we do not store the full card number).
4) Processing Purposes and Legal Grounds
Purpose Examples Legal Ground
Providing the Service Account creation, publishing link pages, displaying analytics Contract performance (KVKK Art. 5/2-c, GDPR 6/1-b)
Security Abuse detection, fraud prevention, logging Legitimate interest (KVKK Art. 5/2-f, GDPR 6/1-f)
Improvement & Analytics Product development, performance and feature optimization Legitimate interest
Marketing (Permissioned) Newsletter/feature announcements, campaign notifications Explicit consent (KVKK Art. 5/1, GDPR 6/1-a)
Legal obligation Financial records, response to requests and audits Legal obligation (KVKK Art. 5/2-ç, GDPR 6/1-c)
You can withdraw your consent at any time for transactions based on explicit consent.
5) Cookies and Similar Technologies
Mandatory cookies: Session and security.
Statistics/Performance cookies: Understand visits, clicks, and conversions.
Marketing/Tagging cookies (optional): UTM campaign analysis, multi-channel measurement.
You can manage your cookie preferences in your browser. Details in our Cookie Policy (coming soon/separate document) apply.
6) Data Sharing
Service providers: Hosting, content delivery network (CDN/WAF), storage/backup, email/message management, error tracking, analytics, payment and billing, authentication. These parties process data only in accordance with our instructions.
Customer instructions: Transfers within the scope of your own integrations (e.g., importing form data into your CRM).
Legal obligations: Proper requests from legal authorities.
Business transfer: In the event of a merger, acquisition, or asset sale, protection will be provided in accordance with this Policy.
We do not sell data.
7) International Transfers
Your data may be processed/stored on servers located in Turkey, the EU/EEA, or countries outside these regions.
Appropriate safeguards are provided, such as Standard Contractual Clauses (SCCs) under the GDPR, Board decisions under Article 9 of the KVKK, or explicit consent.
8) Retention Periods
Account data: The duration of your account + legal/technical requirements (e.g., backups).
Log and security records: 6–24 months depending on type.
Billing/financial records: Up to 10 years, as required by legislation.
Campaign/analytics breakdowns: Typically 24 months, depending on product requirements.
At the end of this period, data is securely anonymized or deleted.
9) Security
Encryption during transmission and storage, access controls, and authorization restrictions.
Up-to-date infrastructure and monitoring, vulnerability management, recording, and auditing.
Employee privacy commitments and training.
While 100% security cannot be guaranteed, we implement reasonable and industry-wide best practices.
10) Children's Privacy
The Service is not intended for children under the age of 18. Data from users under the age of 18 is not knowingly collected. If such a situation is detected, we will initiate deletion procedures.
11) User Rights
Your rights under Article 11 of the Personal Data Protection Law (KVKK):
To learn whether your personal data has been processed,
To request information if it has been processed,
To learn about its intended use,
To know the third parties to whom your personal data was transferred, both domestically and internationally,
To request rectification if it has been processed incompletely or incorrectly,
To request erasure/destruction (if applicable),
To request notification to third parties to whom it was transferred,
To object to a detrimental result arising from analysis by automated systems,
To request compensation for damages due to unlawful processing.
If you are subject to the GDPR, you also have the following rights:
Access, rectification, deletion ("right to be forgotten"), restriction of processing, data portability, objection, and withdrawal of consent.
Request: Verify your identity and submit it to us. We will respond within 30 days in accordance with the KVKK. The first request is generally free of charge; additional requests may incur a fee.
12) Our Customers' Visitors (Your Users)
You are the data controller for visitor data on your own Obiolink page. Obiolink acts as a data processor on your behalf:
You are responsible for responding to data subject requests; we provide technical support.
It is recommended that you mention Obiolink as a data processor in your privacy statements. A DPA is provided to our customers who request it.
13) Custom Domain and Integrations
Additional logs may be generated on pages you publish with a custom domain due to your DNS and hosting configurations.
Data transfer to third-party form, CRM, marketing, and pixel/tag tools you use is at your discretion. You are responsible for the privacy policies of these tools.
14) Third-Party Links
The external links and embedded content you include on Obiolink pages belong to third parties. We are not responsible for the privacy practices of these parties. We encourage your visitors to review the policies of these sites.
15) Policy Changes
We may update this Policy from time to time. The most current version is published on the site; we strive to notify you of significant changes via email/panel notifications. The new version takes effect when it is published.
16) Contact
For all privacy-related questions, requests, and complaints:
Email: [info@obiolink.com] • Subject: “Privacy Application (Obiolink)”
Please include the required documentation and request details for identity verification in your addressed applications.
Additional Notes (Product Transparency)
Analytics & UTM: We process UTM parameters for accurate tagging of source channels and campaign performance.
QR Codes: Basic logging is maintained for each scan to determine the campaign/channel/device breakdown.
SEO & Speed: Mandatory technical data is processed during Open Graph/Favicon/meta settings and caching/delivery optimizations.
Export/Download: You can download your analytics data as a CSV/Excel file from the panel.
Account Deletion: You can initiate the deletion process via “Delete My Account” in the panel (financial/registration obligations reserved).