Last Updated: October 2025

Data Protection & Privacy Notice

This notice explains how personal data collected through the Mentora platform operated by MTM Biotechnology ("Mentora") is processed and protected in accordance with Law No. 6698 on the Protection of Personal Data (KVKK) and, where applicable, the General Data Protection Regulation (GDPR).

1. Data Controller

  • Data Controller: MTM Biyoteknoloji San. Tic. Ltd. Şti.
  • Address: Yıldırım Beyazıt Mah. Aşık Veysel Bul. Erciyes TGB-4 No:23 Melikgazi, Kayseri, Turkey
  • Email: [email protected]

2. Personal Data Processed

2.1 User Data

First and last name, email address, phone number, billing information, username and login records.

2.2 Client Data

Client test results, session notes, age, gender, assessment notes and other measurement data entered manually into the platform by the psychologist user.

2.3 Technical and Traffic Data

IP address, session duration, browser information, cookie data and system log records.

3. Purposes of Processing

  • Providing, managing and verifying user accounts for Mentora services
  • Providing technical support and ensuring system security
  • Processing billing and payment transactions
  • Improving user satisfaction and service quality
  • Fulfilling legal obligations

4. Data Transfers

Mentora does not transfer personal data to third parties. Limited transfers may occur only in the following circumstances:

  • Official requests from legal authorities
  • Technical partners such as server, hosting or email service providers
  • Legal requirements for billing or payment services

All transfers are carried out with confidentiality and data security in accordance with KVKK provisions.

5. Retention Period

Data is retained for as long as the user account remains active. Upon account deletion or termination of the service relationship, data is anonymised or securely destroyed. Documents arising from legal obligations may be retained for the applicable statutory periods.

6. Data Security

  • 256-bit SSL encryption
  • Role-based access control
  • Server firewalls
  • Regular backups and penetration testing

7. Rights of Data Subjects

Under KVKK Article 11 and GDPR, users have the right to:

  • Learn whether their personal data is being processed
  • Request information where their personal data has been processed
  • Learn the purpose of processing and whether data is used in accordance with that purpose
  • Know whether personal data has been transferred
  • Request correction of incomplete or inaccurate personal data
  • Request deletion or destruction of data where the grounds for processing no longer exist
  • Claim compensation for damages suffered

To submit a request: [email protected]

8. Policy Updates

This notice may be updated as necessary. The current version is effective from the date it is published on the website.

9. Contact

  • Address: Yıldırım Beyazıt Mah. Aşık Veysel Bul. Erciyes TGB-4 No:23 Melikgazi, Kayseri, Turkey
  • Email: [email protected]