KVKK Privacy Notice

Data controller

Tengra Teknoloji acts as data controller for the Fuaryo platform. Address: Barbaros Mahallesi, Büklüm Caddesi No:119 D:A, 06540 Çankaya/Ankara. Email: info@tengrateknoloji.com. Phone: +90 (531) 866-3101.

Fuaryo is a B2B event technology product for organizers, field teams, sponsor/exhibitor teams, and attendees. It supports registration, ticketing, check-in, lead capture, networking, messaging, and integration workflows.

Personal data categories

Identity and contact data: name, surname, email, optional phone number, company, title, role, and account status.

Event operation data: registrations, tickets, QR codes, check-ins, session signals, lead capture records, exhibitor membership, networking profiles, match and meeting requests.

Consent and communication preferences: essential service consent, marketing email, WhatsApp communication, third-party sharing, and profiling/networking choices.

Technical and security data: IP address, user agent, session/refresh token records, audit logs, API key prefix/hash data, webhook delivery states, and error codes. Raw API keys and webhook secrets are not persistently exposed.

Device data: Expo push token, platform, and linked user when OS-level notification permission is granted. Camera permission is used only for QR scanning; camera frames are not stored.

Collection methods and legal bases

Data is collected electronically through account creation, sign-in, event registration, profile updates, QR scanning, lead capture, networking profiles, communication preferences, admin panel actions, API/webhook use, and mobile device permissions.

Registration, account, ticket, check-in, session security, and operational notification data required to provide the service are processed under KVKK Article 5/2-c.

Audit, security, abuse prevention, authorization, and system integrity data are processed under legitimate interest in KVKK Article 5/2-f and, where applicable, legal obligation under Article 5/2-ç.

Marketing email, WhatsApp marketing communication, sponsor/exhibitor lead sharing, and networking/profiling depend on the relevant active choice or explicit consent. This mandatory notice does not replace an explicit consent text.

Purposes of processing

Fuaryo processes data to create accounts, authenticate users, authorize roles, manage registrations, tickets, check-in, field operations, lead capture, exhibitor/sponsor work, agenda and speaker data, meeting/networking flows, messaging campaigns, and integrations.

Data may also be used to investigate security events, keep audit trails, respond to legal requests, measure service quality, manage KVKK requests, and improve the product securely.

Recipients and transfers

Data may be shared with authorized Tengra teams, relevant organizer/tenant admins, event role holders, and sponsor/exhibitor teams only within their task scope.

Technical providers may be used for email delivery, WhatsApp template messaging, push notifications, hosting, error monitoring, analytics, API, and webhook delivery. Providers such as Resend, Meta/WhatsApp Business, Expo Push Notification Service, and DigitalOcean Frankfurt infrastructure may be involved only as needed for the configured service.

Sponsor/exhibitor lead capture sharing is limited to the event configuration and the relevant active choice or consent. Lead data does not include identity documents or payment data.

Providers that may involve international transfer are assessed under explicit consent, contractual/technical safeguards, or applicable KVKK transfer mechanisms.

Retention and deletion

Account and profile data is retained while the account is active; refresh token records are retained for limited session security periods; push token records are retained until sign-out, permission withdrawal, or account deletion.

Consent and audit records may generally be retained for 5 years to evidence KVKK Article 12 security and accountability obligations. Commercial, invoice, and event operation records may follow applicable legal or contractual retention periods.

After account deletion, active sessions are revoked, direct profile access is removed, push tokens are deleted, and the account is handled under the current deletion or anonymization process. Records that must be retained by law are kept with an anonymized account reference where possible.

Your KVKK Article 11 rights

You may ask whether your personal data is processed, request information, learn processing purposes and recipients, request correction, deletion or destruction, request notification of correction/deletion to recipients, object to adverse automated results, and claim compensation for unlawful processing.

You can send requests to info@tengrateknoloji.com. KVKK requests are answered as soon as possible and no later than 30 days depending on the nature of the request. We may ask for additional information to verify your identity and request ownership.

Version and legal review

This notice is based on the current Fuaryo web, mobile, messaging, notification, lead capture, and integration behavior. Final production reliance and event-specific contractual/privacy needs should be approved by legal counsel.