FlowMaster | Versatile Management Platform

Flow Master Data Processing Agreement (DPA)

Effective Date: 30.07.2025

Last Updated: 06.08.2025

Company Name: Netta Software Yazılım Teknolojileri Anonim Şirketi ("Netta", "we", "our")

Platform: Flow Master

Contact: info@flowmaster.io

Address: İlkadım Mahallesi, Yeşilvadi Caddesi No: 41/36, Çankaya, Ankara, Turkey

1. PARTIES

• Data Controller: The customer or organization using Flow Master.

• Data Processor: Netta Software Yazılım Teknolojileri A.Ş. (“Netta” or “Processor”)

2. PURPOSE

This Agreement governs the processing of Personal Data by the Processor on behalf of

the Controller within the scope of using the Flow Master platform, in accordance with

GDPR (EU Regulation 2016/679) and Turkish Law No. 6698 on the Protection of

Personal Data (KVKK).

3. DATA SUBJECTS AND DATA TYPES

Data Subjects: Users of the Controller's organization (employees, clients, contractors,

etc.)

Processed Data Types May Include:

• Name, email address, phone number

• Authentication tokens and credentials

• Usage logs and activity data

• Any other data input by users into the Flow Master platform

4. DURATION

This Agreement remains in force as long as Netta processes personal data on behalf of

the Controller.

5. OBLIGATIONS OF THE PROCESSOR

• Process data only on documented instructions from the Controller.

• Ensure personnel authorized to process personal data are bound by confidentiality.

• Implement appropriate technical and organizational security measures.

• Assist the Controller in fulfilling data subject rights.

• Delete or return all personal data upon termination of services.

• Make available all necessary information to demonstrate compliance.

6. SUB-PROCESSORS

The Controller authorizes Netta to engage sub-processors such as:

• AWS (for data storage)

• Iyzico (for payment processing)

• Other service providers listed at [flowmaster.io/legal/subprocessors]

Netta will inform the Controller of any intended changes to sub-processors.

7. DATA TRANSFERS

If personal data is transferred to a third country, Netta will ensure such transfers comply

with GDPR (e.g., via SCCs).

8. SECURITY MEASURES

Netta implements:

• Encrypted data at rest and in transit

• Role-based access control

• Regular audits and vulnerability scans

• Logging and monitoring

9. AUDIT RIGHTS

The Controller may audit the Processor's compliance once per year with reasonable

notice.

10. LIABILITY

Each party is liable for the damages arising from its own breach of data protection laws.

11. TERMINATION

Upon termination of services, Netta will:

• Return or delete personal data (based on the Controller’s instructions)

• Cease processing except for legal obligations

12. GOVERNING LAW

This Agreement is governed by the laws of the Republic of Turkey. Any dispute shall be

settled in the courts of Ankara.

Signed by:

Data Processor: Netta Software Yazılım Teknolojileri A.Ş.

Representative: Deniz Avcı

Address: İlkadım Mahallesi, Yeşilvadi Caddesi No: 41/36, Çankaya, Ankara, Turkey

Email: info@nettasoftware.com

Date: 30.07.2025