Privacy Policy/Notice (January 1st, 2022)


We (“us”, “the Services”, “TrackZero”, “LEİRA BİLİŞİM TİCARET LİMİTED ŞİRKETİ”)
are incorporated in Turkey.

Maintaining your Personal Data (the same as Personal Information) secure, while ensuring your Privacy is really a big deal to us (LEİRA BİLİŞİM TİCARET LİMİTED ŞİRKETİ, and its TrackZero Service).

A Privacy Policy’s goal is to inform everyone of what data we collect and why; how your data is processed; what entitles us to process it; and your rights under the applicable Personal Data Protection laws.

We will modify this Privacy Policy, from time to time, on a need basis, always posting a time-stamped updated version.

We do not, nor will ever sell your Personal Data.

We strive to make this policy as clear as possible, if you feel there is some information which is not clearly shared in here, please feel free to reach out with your perspective on how to make this Policy more “crystal” via

While not disregarding other potentially applicable laws (CCPA/CPRA; HIPAA; PIPEDA; PDPA; POPIA; LGPD), we observe the highest standards in terms of Personal Data Protection requirements towards everyone (regardless of your geographic location), meaning having done our adequacy program towards the EU/ EEA General Data Protection Regulation (the GDPR); at present date the most comprehensive, strict and demanding regulation in this context.


Applicability Of
This Privacy Policy

This Privacy Policy applies to TrackZero’s website as well as the platform that our users resort to in order to benefit from out service, plus any other interactions such as Client or user service inquiries, other.

A separate agreement governs delivery, access and use of the Services (the “Terms of Service”).


What data do we process

We do not process any data that is not required as an enabler for the delivery and improvement of the Services.

We process Personal Data pertaining to both our Corporate Client users as well as 3rd party natural persons who are Customers or Prospective Customers of our Corporate Clients.

The Processing Activities towards our users consist of managing such users and their Login (username and password) into the TrackZero Platform, identifying them and supporting their operation of TrackZero platform, including monitoring such usage.

The Processing Activities towards Personal Data pertaining to our Corporate Client’s Customers/ Prospective Customers consist of having our algorithms performing the analytics that constitute our services.

In both cases the Legal Basis that allows LEİRA BİLİŞİM TİCARET LİMİTED ŞİRKETİ to
Process such Personal Data via its TrackZero Platform consists of the Fulfilment of Existing Contractual Obligations (between LEİRA BİLİŞİM TİCARET LİMİTED ŞİRKETİ and each Corporate Client).

Each Corporate Client has its users and Customers/ Prospective Customers’ data hosted on fully segregated and encrypted independent Database instances, although under the same engine.

Users will therefore exclusively get access to their organization (our Corporate Client) instances and inherent Personal Data.

TrackZero licenses can be acquired via Azure. In such case, if a natural person acquires a TrackZero license, he/ she will be doing so on his/ her own free will and initiative fully aware that Azure will be sharing relevant Personal Data (Contact Data: name; email; country; other…) pertaining to that natural person so that TrackZero may identify the rightful owner of such license. Note that when one considers sole traders, the Personal Data is also the Corporate Data.
TrackZero will be processing that Personal Data therefore under its Legitimate

Regardless of which of the above applies, every user maintains full control over their Personal Data and what we do with it, because everyone is able to exercise their Rights under the law (which are listed below in this document). Nevertheless, TrackZero is a Processor and each Corporate Client the Controller, which means that TrackZero will exclusively Process Personal Data under the specific instructions of the Corporate Client; the exercise of Rights by all Data Subjects is not directly fulfilled by TrackZero, yet promptly informed (within 24 hours) to the Corporate Client.

TrackZero Processing Activities Consist of automated processing via our analytics algorithms.

We do not share any Personal Data with any 3rd party that is not involved in the delivery of the Services, unless under a legal obligation.

Applicable Laws

This Privacy Policy is provided to you, in line with the following Personal Data Protection Legislation:

The Regulation (EU) 2016/679, also known as the General Data Protection Regulation (GDPR), which at present date is the most comprehensive Personal Data Protection law enforceable around the Globe;

The (EU) EPrivacy Directive, which mainly focuses on the use of Cookies by us;

The California Consumer Privacy Act 2018, also known as the CCPA.

Anyone who is identified as being under 16 years of age is not allowed to be a user of TrackZero, therefore if any Personal Data has been gathered pertaining to such an individual, it shall be immediately erased from all repositories, and the user privileges will be revoked.

In the same manner, TrackZero does not allow its Corporate Clients to Process Personal Data pertaining to any natural person under 16 years of age, unless there is fully documented consent by their parents or Legal Representatives submitted by the Corporate Client to LEİRA BİLİŞİM TİCARET LİMİTED ŞİRKETİ in advance and with a clear timeline of validity, plus purpose and scope.


When you pay us a visit or use our service, we use session cookies that:

  • gather Login Data to enable providing access to registered users;
  • gather the IP addresses plus browser versions to optimize the user experience;
  • enforce security and enable load balancing to optimize our service delivery;
  • Track anonymous user behavior on the website;
  • Track registered user usage of the Service

We only use secure Cookies, in the sense that they do not share your Personal Data with any 3rd party; and which are essential, in the sense that if not in place, you may not be able to Log-in.

All these Cookies are deemed “mandatory” in the sense that if not in use, the
service cannot be properly delivered and/ or may not fulfil all committed deliverables
as contracted.

The Controller


You can reach out to us via the email address


DPO Contacts

We have someone in our team who is responsible for ensuring our on-going compliance towards applicable Personal Data Protection laws and here is his identification and contacts:

Mr. Rui Serrano

Country: Portugal, European Union

email –


Data Retention

We will maintain your Personal Data for the duration of the service contract with our Corporate Client.


Ensuring the Security and Confidentiality of your Personal Data

We resort to secure and encrypted hosting environments at Azure in the EU to host and process your Personal Data, observing by the highest market standards and operated under market best practices, and all transfer of Data from and to your browser is also encrypted.


Your Rights under the Law

You may exercise the following Rights where these apply to you:

GDPR ) Right of access. The right to obtain from us confirmation as to whether your Personal Data is being processed by us, and where that is the case, access to such Personal Data. To prevent violating your Privacy there may be the need to identify you prior to sharing the Personal Data with you.

CCPA ) Right to know and access your personal information – similar to the Right of Access under the GDPR, California resident natural persons have the right to:

  • Know the categories of personal information we collect and the categories of sources
    from which we got the information;
  • Know the business or commercial purposes for which we collect and share personal information;
  • Know the categories of third parties and other entities with whom we share personal information; and
  • Access the specific pieces of personal information we have collected about you.

GDPR ) Right to rectification – you can ask for the update of inaccurate Personal Data pertaining to you. You may directly amend existing information while logged-in towards us or by submitting a request as herein defined ahead.

GDPR ) Right to erasure – you can ask us to erase your Personal Data, which will be done unless there is a legal obligation or Legitimate Interest from our side to maintain it.

CCPA ) Right to deletion – again in a similar manner to what the GDPR rules, natural persons who reside in the state of California may ask us to delete their Personal Data.

GDPR ) The right to restrict processing – you may request of us to have in place specific processing restrictions. If you exercise this right make sure to explain which are those restrictions and the reason for the request and we will provide you a reply, either
acknowledging your request or denying it and explaining why.

GDPR ) The right to object to processing– you may object to processing activities that occur under our Legitimate Interest, however we may refuse to comply if that means no longer being able to deliver our services.

CCPA ) Right to opt-out of sales – As previously informed we do not “sell“ Personal Data

GDPR ) Right to data portability – you may ask us to provide all the Personal Data that we have pertaining to you or just some that you specifically ask us for.

GDPR ) Right to be informed about a Personal Data Breach – in case of an incident that breaches your Privacy (in the sense that your Personal Data under Processing by us has been/ or even potentially has been exposed to unauthorized 3rd parties) you have the Right to be informed within 72 hours of such incident.

GDPR ) Right to lodge a complaint with a supervisory authority – you have the right to lodge a complaint regarding our Processing activities over your Personal Data towards any of the EU Member States data protection Supervisory Authorities.

Right to be free from discrimination
– You may exercise any of the above rights without fear of being discriminated against.

For any of the above-mentioned CCPA related rights, you may designate an authorized agent to submit a request on your behalf. In the request, you or your authorized agent must provide sufficient information for us to confirm the identity of such authorized agent as well as your own. We are also required to verify that your agent has been properly authorized to request information on your behalf and this may represent additional time to fulfil your request.

Exercising your Rights

You may exercise your Rights towards us by sending us an email to