Privacy & Compliance
GDPR and KVKK compliance in Enafeedback — data retention, anonymisation, PII handling, and deletion requests.
Last updated on
Enafeedback is designed for compliance with European GDPR and Turkish KVKK (Kişisel Verilerin Korunması Kanunu) data protection regulations.
Legal documents
Full legal texts are published on EnaSpace:
Privacy Policy,
KVKK Notice,
Cookie Policy,
Security, and
Terms of Service.
Turkish versions use /tr/legal/* on the same domain.
Data categories collected
| Category | Source | Contains PII? |
|---|---|---|
| Survey responses | Visitors | Only if a question explicitly asks for name/email/phone |
| Hygiene assessments | Visitors | No |
| Feedback tickets | Visitors | Only if the contact field is filled |
| Cleaning logs | Staff (via personnel code) | Staff name linked to code |
| Visitor analytics events | Server-side | No — no IP, no fingerprint |
| Audit log | Admin actions | Admin email and IP address |
Explicit consent
Enafeedback does not use cookies for visitor-facing forms. The visitor analytics event tracking is server-side and does not require a consent banner.
For survey or feedback forms that collect identifiable information (email, phone, name), you are responsible for displaying the appropriate privacy notice to visitors. Enafeedback provides a configurable privacy link that can be shown in the form footer.
Data retention policy
Configure your workspace retention policy in Global Settings → Privacy:
| Period | Description |
|---|---|
| Default | 24 months |
| Minimum | 6 months |
| Maximum | 60 months |
After the retention period expires, feedback content is anonymised:
- Text responses: replaced with
[ANONYMISED] - Contact fields: replaced with
[REDACTED] - Aggregate scores: preserved for analytics
Anonymisation is irreversible.
Manual anonymisation
To anonymise a specific ticket immediately (e.g., in response to a KVKK Article 7 deletion request):
- Open the ticket or submission.
- Click Anonymise (requires
platform:ownerrole). - Confirm.
The content is immediately replaced. The audit log records that anonymisation occurred but not the original content.
Data cleaning
Global Settings → Data Cleaning lets you run bulk anonymisation of data older than a specified date across all modules. This is useful for periodic compliance cleanup.
- Select the cutoff date.
- Preview the count of records that will be affected.
- Click Run cleaning.
Cleaning runs in the background. You receive an email summary when complete.
Data export (subject access request)
To fulfill a data subject access request (KVKK Article 11 / GDPR Article 15), you can export all data linked to a specific contact (email or phone number):
- Navigate to Privacy → Data export.
- Enter the contact identifier.
- The system searches all submissions for matching contact fields.
- Download the export as JSON or PDF.
Sub-processors
Enafeedback uses the following sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Google Gemini | AI Insights, Transcription, Translation | EU / US |
| Configured SMS provider | SMS notifications | Varies |
| Email provider | Transactional email | EU |
Data sent to Google Gemini is anonymised before transmission (PII replaced with tokens). See AI Insights for details.