GDPR Compliance
Our commitment to data protection regulations
GDPR Compliance
Our commitment to data protection regulations
Data Protection Commitment
Vexfin is committed to complying with the General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK - Kişisel Verilerin Korunması Kanunu). This page outlines how we fulfill our obligations under these regulations.
1. Data Controller
lonean.dev is the data controller responsible for your personal data. We determine the purposes and means of processing personal data in accordance with applicable laws.
2. Legal Basis for Processing
We process your personal data based on your consent when you create an account, the necessity to perform our contract with you (providing the Vexfin service), our legitimate interests (service improvement, security), and compliance with legal obligations.
3. Your Rights Under GDPR/KVKK
Under applicable data protection laws, you have the following rights:
Right to Access
You can request a copy of all personal data we hold about you.
Right to Rectification
You can request correction of any inaccurate or incomplete personal data.
Right to Erasure
You can request the deletion of your personal data ('right to be forgotten').
Right to Restrict Processing
You can request that we limit how we use your personal data.
Right to Data Portability
You can request your data in a structured, machine-readable format (CSV/PDF export).
Right to Object
You can object to the processing of your personal data for certain purposes.
4. Data Transfers
Your data may be processed in countries outside of Turkey and the EU/EEA. In such cases, we ensure appropriate safeguards are in place, including standard contractual clauses and adequacy decisions.
5. Data Protection Officer
For any data protection inquiries, you can contact our Data Protection Officer at dpo@lonean.dev. We will respond to your requests within the legally required timeframes (30 days under GDPR, 30 days under KVKK).
6. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority. In Turkey, this is the Personal Data Protection Authority (KVKK Kurumu). In the EU, you may contact the supervisory authority in your member state.
7. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.