TervaX is a cybersecurity company, headquartered in Istanbul, Turkey, that delivers enterprise security services — smart contract audits, penetration testing, cloud security, DevSecOps, and digital forensics and incident response — to clients worldwide. This Privacy Policy explains how we handle personal data collected through our website at tervax.com.
We are committed to handling personal data in accordance with applicable data protection law. This policy applies only to this website; it does not cover any separate processing carried out under a signed client engagement, which is governed by the relevant contract. This document is a template and should be reviewed by qualified counsel before you rely on it.
1. Who we are
TervaX is the data controller responsible for the personal data processed through this website. "Controller" means the organisation that decides how and why your personal data is used.
You can contact us about this policy, or about any personal data we hold, by email at info@tervax.com. Any enquiry sent to that address will be routed to the person responsible for data-protection matters at TervaX.
2. The information we collect
This website is a marketing and services site. There are no user accounts and no payments taken on the site. The personal data we hold is either provided by you directly through our contact form, or generated automatically as limited technical data when you visit the site. Both are described below.
Information you give us through the Contact form
- Your name (required)
- Your email address (required)
- Your message (required)
- Your company name (optional)
- Any other detail you choose to include in the free-text fields (optional)
Technical data processed when you use the site
As part of operating and protecting the site, our hosting and security providers process limited technical data on our behalf, which may include:
- Your IP address
- Your browser type and device or user-agent information
- Request and security logs, including the pages requested and the date and time of the request
Anti-spam verification
When you submit the contact form, your IP address may be processed transiently to run a privacy-friendly anti-spam check (a CAPTCHA alternative) that confirms a submission comes from a genuine person rather than an automated script. We do not use this data to build a profile of you or to track you across other websites.
If you choose to include additional personal data within the free-text fields — for example, in your message — that information will also be processed by us. Please share only what is necessary for us to respond to your enquiry, and do not send us sensitive information through the form.
3. How and why we use your information
We only use your personal data for the purposes for which it was provided, and we always rely on a lawful basis under applicable data protection law. The headings below set out what we do.
Responding to and managing your enquiry
We use the information from the contact form to read, understand, and reply to your message, to answer questions about our services, and to keep a record of our correspondence. Lawful basis: our legitimate interests in responding to and managing business enquiries, and — where your enquiry concerns a possible engagement — taking steps at your request prior to entering into a contract.
Protecting and operating the website
We use technical data and the transient anti-spam check to keep the site available, secure, and free from spam and abuse. Lawful basis: our legitimate interests in maintaining the security and integrity of our website.
Complying with our legal obligations
We may use or retain personal data where we are required to do so to comply with the law, to establish, exercise, or defend legal claims, or to respond to a lawful request from a regulator or authority. Lawful basis: compliance with a legal obligation and, where relevant, our legitimate interests in protecting our rights.
6. International data transfers
Some of our providers may process personal data outside the country in which you are located. Where personal data is transferred internationally, we take steps to ensure it remains protected to the standards required by applicable data protection law, using appropriate safeguards such as standard contractual clauses. If you would like more information about the safeguards in place, please contact us by email at info@tervax.com.
7. How long we keep your information
We keep personal data only for as long as we need it for the purposes described in this policy, and then we delete or anonymise it. Enquiry correspondence is kept for as long as is reasonably necessary to deal with your enquiry and for a limited period afterwards; technical and security logs are retained only for the short periods needed to operate and secure the site. If you would like us to delete an enquiry sooner, please contact us by email at info@tervax.com.
8. Your data protection rights
Depending on where you are located, you may have a number of rights in relation to your personal data. These rights may not all apply in every situation, and some are subject to conditions and exemptions, but they may include:
- The right to be informed — to know how your personal data is used, which this policy is intended to explain.
- The right of access — to obtain a copy of the personal data we hold about you.
- The right to rectification — to have inaccurate or incomplete data corrected.
- The right to erasure — to ask us to delete your personal data in certain circumstances.
- The right to restriction — to ask us to limit how we use your data in certain circumstances.
- The right to data portability — to receive certain data in a structured, commonly used, machine-readable format, where the right applies.
- The right to object — to object to processing based on our legitimate interests.
To exercise any of these rights, please email us at info@tervax.com. We may need to verify your identity before we act on a request, and we will respond within the timeframe required by applicable law. If you are unhappy with how we have handled your personal data, please contact us first so we can put it right; you may also have the right to complain to the data-protection authority in your jurisdiction.
9. How we keep your information secure
As a cybersecurity company, protecting data is central to what we do. We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
- Our website is served over encrypted HTTPS connections.
- We use a reputable hosting, content-delivery, and security platform, including protection against common web threats.
- We use an anti-spam check to reduce automated abuse of our contact form.
- We limit access to enquiry data to those who need it to respond to you.
No method of transmission over the internet or of electronic storage is completely secure, so while we work hard to protect your personal data we cannot guarantee its absolute security. Please avoid sending us sensitive personal information through the form unless it is necessary.
10. Children's privacy
Our website and services are aimed at businesses and the professionals who work for them. They are not directed to children, and we do not knowingly collect personal data from children through this website. If you believe that a child has provided us with personal data, please contact us by email at info@tervax.com and we will take steps to delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our providers, or the law. When we make changes, we will update the policy on this page so that the version published here is always the current one. We encourage you to review this page periodically.
12. How to contact us
If you have any questions about this Privacy Policy, about how we handle your personal data, or if you wish to exercise any of your rights, you can contact us by email at info@tervax.com.