Last Updated: 27.12.2025

This Privacy Policy (“Policy”) has been prepared to explain the rules and principles regarding the processing of personal data within the digital platform available at www.eenrat.com (the “Portal”). By accessing and/or using the Portal, you acknowledge that you have been informed under this Policy.

1. Data Controller

Data Controller: Bedrettin Kahraman – Rmood Yazılım
Contact: data@eenrat.com

2. Scope

This Policy covers personal data processed in relation to the Portal’s features, including maturity, sustainability, resilience and innovation assessments, scoring/reporting tools, user/organization management, subscription/plan operations, and the security of the Portal.

3. Definitions

• Portal: The digital platform accessible via www.eenrat.com and its subdomains.
• Personal Data: Any information relating to an identified or identifiable natural person.
• Data Controller: The party determining the purposes and means of processing personal data.
• Processor: The party processing personal data on behalf of the Data Controller.
• User: A registered user of the Portal or a representative of a legal entity using the Portal.

4. Categories of Personal Data Processed

• Account Data: Name, email, password (hashed), roles/permissions, user preferences.
• Contact Data: Email, phone (if provided), address (if provided).
• Company/Organization Data: Company/organization name, tax number (corporate data), sector/sub-sector, country/city/region.
• Assessment Data: Survey answers, notes, progress data, and score/report outputs generated based on inputs.
• Security & Usage Logs: IP address, browser/device data, timestamps, access logs, session data.
• Subscription/Payment Data: Plan details, transaction records, billing/payment status (via payment providers).

5. Purposes of Processing

• Managing registrations, accounts, authentication and sessions.
• Operating assessment modules and producing scores, reports and benchmarking outputs.
• Managing subscriptions/plans, payments and billing operations.
• Providing customer support and communications.
• Ensuring Portal security, preventing abuse, detecting attacks, monitoring and logging.
• Product improvement, quality assurance, performance analysis and statistics (where possible, anonymized/aggregated).
• Compliance with legal obligations and responding to lawful requests from competent authorities.

6. Legal Bases

Personal data may be processed under applicable data protection laws (including KVKK No. 6698 and, where applicable, GDPR), based on one or more of the following legal bases:

• Contract necessity (to provide Portal services),
• Legal obligation (financial/tax, security, lawful requests, etc.),
• Legitimate interests (security, fraud prevention, service improvement), provided that fundamental rights are not overridden,
• Consent where required (e.g., certain cookies, marketing communications, specific cross-border transfers).

7. Cookies and Similar Technologies

The Portal may use cookies and similar technologies to ensure core functionality, enhance user experience and maintain security. Strictly necessary cookies may be required for operation. Where required by law, consent may be requested for analytics/performance or marketing cookies. Please refer to the Portal’s Cookie Policy for details.

8. Data Sharing and Transfers (Domestic / International)

Personal data may be shared/transferred on a need-to-know basis, with appropriate safeguards, including:

• Payment service providers and banks for payment/billing operations,
• Infrastructure providers (hosting, email delivery, logging/monitoring, security),
• Competent authorities where legally required,
• Third parties for integrations explicitly requested by the User.

9. Hosting and International Processing

The Portal may be hosted within the European Union (e.g., Germany) to meet service quality and security requirements. Accordingly, personal data may be processed and stored abroad due to technical necessity. Where cross-border transfers require additional legal mechanisms or consent, the required compliance steps will be applied.

10. Retention

Personal data is retained for as long as necessary for the purposes of processing and for the statutory limitation/retention periods. At the end of such periods, data is deleted, destroyed or anonymized.

11. Data Security

Reasonable technical and organizational measures are implemented, such as access control, authorization, encryption where applicable, logging, network security and backups. However, absolute security over the internet cannot be guaranteed.

12. Your Rights and Contact

To exercise your rights under applicable laws, please contact us at data@eenrat.com. Requests will be handled within legally prescribed timeframes.

13. Uploading Third-Party Personal Data (B2B Use)

The Portal is primarily a B2B digital service. If the User uploads personal data of third parties (e.g., employees), the User is responsible for ensuring lawful processing and for fulfilling any notice/consent requirements. Depending on the circumstances, the Portal may act as a “processor”.

14. Changes to this Policy

This Policy may be updated when necessary. The current version becomes effective when published on the Portal.

15. Contact

For all privacy-related requests: data@eenrat.com