This notice explains how personal data is processed in connection with the SOCManage platform and related services. It reflects transparency expectations under Turkey’s Law No. 6698 on the Protection of Personal Data (KVKK) and the EU/EEA General Data Protection Regulation (GDPR); the text is a high-level summary, not a substitute for legal advice.
This page does not replace legal counsel or a full privacy policy. For organisation-specific compliance, transfers, retention or contract clauses, consult your legal or privacy team.
Scope and context
SOCManage is a platform that provides email-driven alarm ingestion, correlation and decision support for security operations centre (SOC) and managed security service provider (MSSP) teams. In this context, most data processed is operational content related to security events (for example alarm notifications) and accompanying technical metadata; we may also process contact and demo request information you send via our website.
The platform is expected to operate with a passive architecture, without deploying agents in your environment or directly manipulating your security products. This notice outlines, in line with that model, what categories of data SOCManage may see and for what purposes they are processed.
Categories of personal data
The list below summarises data types commonly encountered given the nature of the service. The actual scope depends on your configuration and the alarm content you send.
Alarm and incident data: Subject and body text of notifications emailed from your security products, processed attachment-related content and derived incident records.
Technical and traffic data: IP address, timestamps and similar metadata that may relate to connections and sessions, for secure and auditable delivery of the service.
Contact and request data: Fields you provide on demo or information request forms such as name, company, email, phone, role and message.
We do not deliberately request special-category or sensitive personal data; however such information may technically appear inside alarm text. If it does, processing is kept purpose-limited and bounded by contractual and technical safeguards.
Purposes of processing
Personal data is processed for the purposes below and in line with data minimisation.
Alarm and incident management: Collecting and normalising notifications, correlation and anomaly analysis, and SOC decision support.
Operating the service: Platform security, performance, support processes and fulfilling contractual obligations.
Commercial communication: Scheduling demos, handling information requests and prospect processes (under explicit consent or legitimate interest where applicable law allows).
Transfers and technical & organisational security
On transfers to third parties, the baseline principle is that personal data is not shared with third parties without your explicit consent or a legal obligation. Use of sub-processors is defined separately under contract or the DPA and required safeguards are documented.
Illustrative technical and organisational measures include:
Use of encrypted connections (such as TLS) in communications and end-to-end where feasible;
Logical or physical isolation of processing environments to restrict access;
Role-based access control and administrative and technical controls against unauthorised access.
Retention periods are defined per data category in line with the service agreement, legal requirements and legitimate business needs, and deletion or anonymisation is applied when appropriate.
Data subject rights
Under KVKK, data subjects have rights to learn whether their data are processed, to request information if processed, to learn the purpose and whether use is consistent with that purpose, to know third parties to whom data are transferred domestically or abroad, to request rectification if incomplete or inaccurate, to request erasure or destruction under KVKK conditions, to object to outcomes produced solely by automated processing that are adverse to them, and to claim compensation for unlawful processing.
For data subjects under the GDPR, similar rights apply—including access, rectification, erasure, restriction, data portability and objection—while applicability and procedures follow the legal framework of the controller’s jurisdiction.
You may exercise your rights via your organisation’s internal procedures as controller, or directly through SOCManage contact channels. Identity verification and response timelines follow applicable law.
KVKK
KVKK transparency notice — summary
The bullet list below captures the core elements of our KVKK summary transparency notice. Updates are published on this page.
Data processed: Content and metadata in alarm emails; IP and timestamps; contact form fields.
Purposes: Alarm management, anomaly analysis, SOC decision support, and handling demo and contact requests.
Transfers: Not shared with third parties except with explicit consent or a legal obligation.
Security: Encrypted connections, environment isolation and role-based access.
DPA
Data processing agreement (DPA) — summary
In enterprise customer relationships SOCManage typically acts as processor to deliver the service. Your organisation, as the entity with legal control over alarm and incident data, is usually the controller. This split clarifies who carries GDPR Article 28 and KVKK-aligned contractual duties.
Data categories covered by the DPA (summary): security alarm emails, incident records derived from them, and related metadata processed in the platform. The full DPA covers categories, sub-processors, technical and organisational measures, cooperation on data subject requests, audit and deletion duties, and is provided as a signed contract annex.
This summary is not legal advice. For a customer-specific DPA, transfer mechanisms and compliance materials, contact us.
Cookie policy
This site may use cookies and similar technologies for secure delivery and—only with your consent—to evaluate visit statistics.
Strictly necessary cookies: those required for session operation, security or remembering preferences; they are processed in proportion to your continued use of the site.
Analytics cookies: Google Analytics (measurement ID depends on site configuration) loads only if you approve via “Accept all”. If you decline, analytics tags are not executed. Your choice is stored locally in the browser; manage cookies via browser settings for details.
Changing preferences: Re-open the banner using the “Cookie preferences” link in the page footer.
See other sections of this notice for general information on cookies and personal data. For legal bases and retention specific to your processing, refer to your internal compliance documentation.
Sections in this notice and contact
The KVKK summary transparency notice is in the KVKK notice summary section; the data processing agreement summary is in the DPA summary section.
For compliance, records of processing, technical review or procurement questions from your legal and information security teams, reach us via the contact form.
Support on compliance and contracts
If you are running an internal assessment on the DPA, records of processing or technical safeguards, our team can share information appropriate to your process.