Netskope

Türkiye Privacy Commitment

The following is a brief summary of how Netskope complies with applicable data privacy laws in Türkiye, including Law on Protection of Personal Data (LPPD).

Law on Protection of Personal Data Supervisory Authority Our Commitment to Data Protection Key Definitions Your Rights Under the LPPD Our Responsibilities Our Compliance Measures

Law on Protection of Personal Data

The LPPD, enacted as Law No. 6698 in 2016, governs the processing and protection of personal data within Türkiye. It regulates to protect fundamental rights and freedoms of persons, particularly the right to privacy with respect to processing of personal data and to set forth obligations, principles and procedures which shall be binding upon natural or legal persons who process personal data. The LPPD applies to natural persons whose personal data are processed.

By adhering to the LPPD, we ensure the protection of personal information and comply with both legal and ethical standards, building trust with our stakeholders.

Supervisory Authority

Türkiye’s data protection authority is Kisisel Verileri Koruma Kurumu (Personal Data Protection Authority). You can find more information at Kisisel Verileri Koruma Kurumu official website.

Our Commitment to Data Protection

At Netskope, safeguarding personal data and ensuring compliance with privacy laws are our top priorities. Below, we explain our approach to data protection as it relates to Türkiye privacy laws, your rights as an individual, and our responsibilities as a business.

Key Definitions

Personal Data: Information relating to an identifiable or identified natural person.
Processing of Personal Data: Any operation performed on personal data, which includes the collection, storage, recording, retention, alteration, disclosure, re-organization, transferring, making retrievable, taking over, classification or preventing the use thereof, partially or fully through automated means or provided that the process is a part of any data registry system, through non-automatic means.

Your Rights Under the LPPD

Under Türkiye’s Law on the Protection of Personal Data (LPPD), individuals have several rights regarding their personal data, including:

Right to Access and Information: Obtain confirmation as to whether their personal data is being processed and request information regarding such processing.
Right to Purpose Limitation: Learn the purpose of the processing of their personal data and whether it is used in accordance with that purpose.
Right to Know Data Transfers: Be informed of the third parties, whether domestic or abroad, to whom their personal data has been transferred.
Right to Correction: Request the rectification of any incomplete or inaccurate personal data.
Right to Erasure or Destruction: Request the deletion or destruction of their personal data under the conditions set out in applicable law.
Right to Notification: Request that corrections, deletions, or destructions of personal data be notified to third parties to whom the data has been transferred.
Right to Object to Automated Decisions: Object to results that are detrimental to them arising from the analysis of personal data processed solely through automated systems.

To exercise these rights, please visit our Exercise Your Rights Section.

Our Responsibilities

As a data processor, Netskope processes personal data on behalf of our customers and in accordance with their instructions. Our key responsibilities as a processor include:

We process personal data on behalf of our customers under clear contractual agreements, ensuring that all processing is conducted lawfully, fairly, and transparently.
We implement robust technical and organizational measures to safeguard personal data against unauthorized access, alteration, or loss.
We provide reasonable assistance to customers to help them meet their compliance needs. This may include working with customers to respond to third-party requests, providing information to demonstrate our security and privacy compliance measures, and helping customers complete risk assessments.

As a data controller, Netskope manages the processing of personal data related to employees, marketing activities, training courses, website users, and more. In this capacity, we ensure that:

Data processing is done for legitimate and transparent purposes.
Transparency is maintained by informing individuals about data usage and ensuring their rights to access, correction, and erasure.
Appropriate measures protect personal data from unauthorized access or loss.
Staff receive ongoing training, and internal policies are reviewed to ensure compliance with privacy laws, including LGPD, fostering a culture of data protection.
Procedures are in place to promptly report and address data breaches, including notifications to supervisory authority or affected individuals when required.

Our Compliance Measures

We maintain strict data protection practices, including:

Data Protection Policies: Establishing clear and comprehensive internal policies consistent with Türkiye’s privacy laws.
Employee Training: Annual training for all employees on data protection responsibilities.
Data Audits: Netskope undergoes annual SSAE-18 SOC 2 Type II attestation through an independent, third-party auditor.
Security Measures: Technical and organizational measures such as utilizing encryption, securing storage, and having strict access controls are implemented to ensure an appropriate level of security, taking into account the nature, scope, context, purpose of the processing, and the risks for the rights and freedoms of natural persons.
Third-Party Assurance: All partners and vendors undergo security reviews involving a risk assessment and vetting procedure to ensure our partners and vendors meet our high standards.
Breach Management: Privacy and Security Incident Response Plan is well documented, implemented, and regularly reviewed and tested.

This page provides a high-level overview of our data protection practices under Türkiye’s data protection laws. We’re committed to protecting your data and ensuring transparency every step of the way.

If you have questions or concerns about how we handle your data, please contact our Data Protection Officer (DPO) at [email protected].

For more detailed information, please refer to our Privacy Policy or reach out to us directly.