ACCREDITED BY
ZDHC Worldly Cascale
LinkedIn
EN|TR
Request an Audit →

Privacy Policy

Last updated: 6 May 2026

1. About this Policy

This Privacy Policy explains how Minerva VA Denetim ve Danışmanlık Anonim Şirketi (hereinafter "Minerva", "we", "us", or "our") collects, uses, stores, transfers, and protects your personal data when you visit minervava.com or engage with our environmental and social compliance audit, verification, certification support, and consultancy services.

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Turkish Personal Data Protection Law No. 6698 (KVKK).

2. Data Controller

The data controller responsible for your personal data is:

  • Legal name: Minerva VA Denetim ve Danışmanlık Anonim Şirketi
  • Registered address: 55. Sk. 42 Maslak, B Blok, No: 542/4 Sarıyer, Istanbul, Türkiye
  • Email: info@minervava.com

For any questions regarding this Policy or to exercise your data protection rights, please contact us at the email above.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Information you provide directly

  • Identification data (full name, job title, company affiliation)
  • Contact details (business email, phone number, postal address)
  • Communication content (messages sent through our contact form, email correspondence)
  • Audit and consultancy engagement details (project scope, factory and supply-chain information, environmental performance data, management-system records, and — in the context of social compliance audits — limited worker-related information collected with appropriate safeguards and confidentiality protections)

3.2 Information collected automatically

  • Technical data (IP address, browser type and version, device type, operating system)
  • Usage data (pages visited, time spent, navigation paths, referring URLs)
  • Cookies and similar technologies (see our Cookie Policy for details)

3.3 Information from third parties

  • Publicly available business directories and registers
  • Industry partners and accreditation bodies (where relevant to engagement)
  • Professional networks (e.g., LinkedIn) when you contact us through them

4. How We Use Your Personal Data

We process personal data for the following purposes:

4.1 To deliver our services

  • Conducting environmental and social compliance audits, verifications, validations, and assessments under recognized sustainability and social-compliance frameworks (including but not limited to Higg FEM, ZDHC, EIM, Worldly, SLCP, amfori BSCI, Sedex SMETA, SA8000, WRAP, APSCA-aligned audits, carbon assessments, and similar standards)
  • Providing training and consultancy on environmental and social sustainability frameworks
  • Issuing reports, certificates, and audit deliverables
  • Managing client relationships and project logistics

4.2 To communicate with you

  • Responding to inquiries submitted via our website or email
  • Sending service-related updates, scheduling notices, and audit reminders
  • Sharing industry insights and educational content (only where you have consented)

4.3 To operate and improve our website

  • Analyzing site performance and visitor behavior to improve user experience
  • Detecting and preventing fraud, security threats, and technical issues

4.4 To comply with legal obligations

  • Maintaining records as required by Turkish and international audit, certification, and social compliance standards
  • Cooperating with accreditation, certification, and oversight bodies (such as Cascale, ZDHC Foundation, Worldly, Jeanologia, SLCP, APSCA, amfori, Sedex, SAI, and similar organizations) as part of our service delivery and credentialing
  • Responding to lawful requests from public authorities

5. Legal Basis for Processing (GDPR)

For visitors and clients in the European Economic Area, we rely on the following legal bases:

  • Performance of a contract — when you engage our audit or consultancy services
  • Legitimate interests — for website analytics, security, and direct B2B outreach to relevant industry contacts
  • Consent — for non-essential cookies, marketing communications, and where specifically requested
  • Legal obligation — for tax, audit, and regulatory compliance

6. Sharing and International Transfers

Minerva operates globally. We have clients in Europe and the United States, an office serving Latin America based in Argentina, and a partner in Vietnam. As a result, your personal data may be transferred to, stored in, or processed in countries outside your country of residence, including jurisdictions with different data protection standards.

6.1 Categories of recipients

  • Internal teams — our auditors, consultants, and administrative staff in Türkiye and partner offices
  • Accreditation, certification, and oversight bodies — Cascale, ZDHC Foundation, Worldly, Jeanologia (EIM), SLCP Secretariat, APSCA, amfori, Sedex, SAI (SA8000), and other relevant sustainability and social compliance organizations
  • Service providers — IT hosting, email, analytics, and cloud storage vendors
  • Professional advisors — accountants, lawyers, insurers, and auditors bound by confidentiality
  • Public authorities — when legally required

6.2 Safeguards for international transfers

Where we transfer data outside the European Economic Area or Türkiye, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions where applicable, and contractual data protection commitments with our partners. We do not sell personal data to third parties.

7. Data Retention

We retain personal data only as long as necessary for the purposes set out in this Policy or as required by law. Typical retention periods:

  • Audit and certification records: 5–10 years (as required by accreditation standards and Turkish commercial law)
  • Client correspondence: duration of engagement plus 3 years
  • Website analytics: up to 26 months (Google Analytics default)
  • Marketing contacts: until you opt out

After retention periods expire, data is securely deleted or anonymized.

8. Your Rights

Depending on your jurisdiction, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure — request deletion of your data ("right to be forgotten")
  • Right to restriction — limit how we process your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — at any time, where processing is based on consent
  • Right to lodge a complaint — with the competent supervisory authority (e.g., your local Data Protection Authority, the Turkish KVKK, or the relevant EU member state authority)

California residents have additional rights under the CCPA/CPRA, including the right to know what personal information is collected and the right to opt out of the sale or sharing of personal information. We do not sell personal information.

To exercise any of these rights, please email info@minervava.com. We will respond within the timeframes required by applicable law (typically 30 days under GDPR).

9. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit, access controls, staff training, and vendor due diligence. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

10. Cookies

Our website uses cookies and similar tracking technologies. For details on what cookies we use and how you can manage them, please see our Cookie Policy.

11. Children and Vulnerable Persons

Our website and commercial services are intended for businesses and professionals. We do not knowingly market to or collect personal data from individuals under the age of 16 through our website. If you believe a child has provided us with personal data through our website, please contact us so we can delete it.

In the limited context of social compliance audits, our work may include the identification and remediation of underage workers or other vulnerable individuals in supply chains. Any such information is processed solely for the purpose of remediation, child-labor protection, and compliance reporting in line with applicable laws and the protocols of the relevant social compliance framework (e.g., SLCP, SA8000, amfori BSCI, Sedex SMETA, WRAP, APSCA-aligned audits). We handle such data with strict confidentiality, the highest level of access control, and the best interests of the child or vulnerable person as the guiding principle.

12. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. The "Last updated" date at the top of this page indicates when the most recent revision was made. We encourage you to review this Policy periodically.

13. Contact Us

For any questions, requests, or concerns about this Privacy Policy or our data protection practices, please contact:

Minerva VA Denetim ve Danışmanlık Anonim Şirketi
55. Sk. 42 Maslak, B Blok, No: 542/4 Sarıyer, Istanbul, Türkiye
Email: info@minervava.com