Last Updated: April 24, 2025
This Data Processing Agreement (“Agreement”) is entered into between:
- Data Controller: The Client (you), who engages Markethinkers for services such as SEO consultancy, content creation, or similar collaborations.
- Data Processor: Markethinkers, a digital marketing and content agency operating from Turkey, which processes personal data on behalf of its Clients.
This Agreement forms part of the engagement between the parties and governs the processing of personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR, Türkiye 6698 sayılı Kişisel Verilerin Korunması Kanunu (KVKK), and other applicable laws.
1. Subject Matter and Duration
This Agreement applies to all personal data processed by Markethinkers on behalf of the Client in the context of providing professional services. It remains valid for the duration of the engagement and any period during which Markethinkers continues to retain the Client’s data.
2. Nature and Purpose of Processing
Markethinkers processes personal data exclusively for:
- Project management and communication (e.g., via Basecamp, Rock)
- Delivering SEO services and digital content
- Managing requests submitted via contact or project forms
- Issuing and managing invoices using Zoho CRM
- Storing submitted forms directly on Markethinkers’ website infrastructure
- Handling customer data through Google Workspace (e.g., Gmail, Google Drive)
- Internal reporting and service improvement
- Client onboarding and support follow-up
- Invoicing and payment documentation (if applicable)
3. Types of Personal Data Processed
Depending on the services provided, the following personal data may be processed:
- Full name
- Business email address
- Company name and title
- Phone number (if shared)
- Country and language preference
- Communication content (e.g., Basecamp, Rock, contact forms)
- Uploaded project files (may contain personal data)
- IP address (via contact forms or email tracking)
- Google Analytics metadata (aggregate, non-PII)
- Billing data (e.g., tax ID, invoice address, billing contact)
- CRM-related client notes and communication logs (Zoho CRM)
Note: Markethinkers does not process sensitive personal data (special categories) or store any user passwords.
4. Data Subjects
Data subjects typically include:
- Clients or representatives who engage Markethinkers
- Platform users who fill out contact or quote request forms
- Business partners or representatives involved in project execution
5. Subprocessors
Markethinkers may use the following GDPR- and KVKK-compliant subprocessors:
| Subprocessor | Purpose | Location |
| Google Drive / Workspace (Google LLC) | File storage, email, and docs | EU or U.S. (SCCs in place) |
| Basecamp / Rock | Client communication & task management | U.S. (SCCs / contract terms) |
| MailerLite / MailerSend | Transactional email delivery | EU (Lithuania) |
| Cloudflare | DDoS protection & content delivery | Global (including Turkey) |
| Google Analytics / Tag Manager | Website usage analytics (IP anonymized) | U.S. |
| Turhost | Server & website hosting provider | Turkey |
| Zoho CRM (Zoho Corp.) | CRM for invoice issuance and client tracking | EU or U.S. (SCCs in place) |
All subprocessors are contractually bound by data protection terms, including access limitations and security requirements.
6. Controller Responsibilities
As the Data Controller, you are responsible for:
- Ensuring a lawful basis for data processing (e.g., contract, consent)
- Informing your users/clients via a proper privacy notice
- Collecting valid consents when required (e.g., newsletter opt-in)
- Responding to data subject rights requests
- Notifying Markethinkers if data must be erased, rectified, or restricted
7. Processor Responsibilities (Markethinkers)
Markethinkers agrees to:
- Only process personal data on documented instructions from the Client
- Ensure confidentiality and train relevant personnel
- Secure all data via encryption, access control, and HTTPS/TLS
- Use secure and privacy-respecting tools (e.g., cookies with SameSite and Secure flags)
- Notify the Client without delay in case of any data breach
- Assist with compliance (e.g., audits, DPIAs, legal requests)
8. Data Transfers
- Data is primarily stored and processed within Turkey.
- If any processing occurs outside the EEA or Turkey (e.g., via subprocessors like Google), such transfers are governed by:
- Adequacy decisions (if applicable)
- Standard Contractual Clauses (SCCs)
- Technical & organizational safeguards
- Adequacy decisions (if applicable)
9. Termination and Deletion
Upon request or project completion, Markethinkers will:
- Return all personal data to the Client (if requested)
- Delete all personal data unless retention is legally required
- Provide a certificate of deletion upon request
10. Contact
For any questions or to exercise your rights under this agreement: