Privacy & Cookie Policy
1. Data We Collect
We collect minimal data necessary to operate our website and respond to your inquiries:
- Contact form submissions: name, email address, company, country, phone (optional), and your message.
- Analytics data: anonymised usage data (pages visited, session duration, referral source) via Google Analytics 4 — only when you consent.
- Technical data: IP address (anonymised), browser type, operating system, collected automatically via server logs.
We do not collect payment information, identity documents, or sensitive personal data.
2. Cookies
Cookies are small text files stored on your device when you visit our website. We use two categories:
Strictly Necessary Cookies
These cookies are essential for the website to function. They cannot be disabled.
| Cookie | Purpose | Duration |
|---|---|---|
| cc_cookie | Stores your cookie consent preferences | 6 months |
| cf_clearance | Cloudflare Turnstile bot protection on contact form | 30 minutes |
| __cf_bm | Cloudflare bot management (set automatically by CDN) | 30 minutes |
Analytics Cookies (opt-in only)
These cookies are set only when you click “Accept all” or enable analytics in your cookie preferences.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Distinguishes unique visitors | 2 years |
| _ga_* | Google Analytics | Maintains session state | 2 years |
| _gid | Google Analytics | Distinguishes visitors (24h) | 24 hours |
3. Google Consent Mode V2
We implement Google Consent Mode V2, which means:
- Before consent: Google Analytics loads but sends only cookieless, anonymised pings. No cookies are placed on your device.
- After consent (accept): Analytics cookies are activated for full usage measurement.
- After consent (reject): No analytics cookies are set. Previously set cookies are automatically cleared.
4. Legal Basis for Processing
- Consent (Art. 6(1)(a) GDPR): Analytics cookies are set only after your explicit consent.
- Legitimate interest (Art. 6(1)(f) GDPR): Strictly necessary cookies and basic server logs for website security and functionality.
- Contract performance (Art. 6(1)(b) GDPR): Processing contact form data to respond to your inquiry.
5. Data Sharing
We do not sell your personal data. We share data only with:
- Google LLC — Analytics data processing (subject to your consent). Google acts as a data processor under standard contractual clauses.
- Amazon Web Services (AWS) — Website hosting and email delivery (contact form). Data processed in eu-central-1 (Frankfurt).
- Cloudflare, Inc. — CDN, DNS, and DDoS protection. Cloudflare processes minimal data as a reverse proxy.
6. International Data Transfers
Some of our service providers (Google, Cloudflare) are based in the United States. These transfers are safeguarded by:
- EU-US Data Privacy Framework (adequacy decision)
- Standard Contractual Clauses (SCCs) approved by the European Commission
7. Data Retention
- Contact form data: Retained for the duration necessary to handle your inquiry, then deleted.
- Analytics data: Google Analytics data is automatically deleted after 14 months.
- Server logs: Retained for up to 90 days for security purposes.
- Cookie consent record: Your consent preference is stored for 6 months.
8. Your Rights
Under the GDPR, ePrivacy Directive, and Turkish KVKK, you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate or incomplete data
- Erase your personal data
- Restrict processing of your data
- Object to processing based on legitimate interest
- Data portability — receive your data in a structured, machine-readable format
- Withdraw consent at any time (without affecting the lawfulness of prior processing)
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
10. Managing Your Cookie Preferences
You can change your cookie preferences at any time by clicking the “Cookie Preferences” link in the website footer. You can also clear cookies through your browser settings.
10. Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- TLS/SSL encryption for all data in transit
- Content Security Policy (CSP) headers
- Cloudflare DDoS protection and WAF
- Rate limiting on form submissions
- Cloudflare Turnstile (bot protection) on contact forms
11. Changes to This Policy
We may update this policy from time to time. The “Last updated” date at the top of this page indicates the most recent revision. Continued use of the website after changes constitutes acceptance of the updated policy.
12. Contact & Complaints
Togi Teknoloji LTD. (trading as LiBat) is the data controller responsible for your personal data.
- TR Office: Gebze, Kocaeli, Türkiye
- European Office: Amsterdam, Netherlands
- Email: [email protected]
- Website: li-bat.com
- Contact page: li-bat.com/contact
If you have questions about this policy or wish to exercise your data rights, please contact us at the email above. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority:
- Netherlands: Autoriteit Persoonsgegevens (AP) — autoriteitpersoonsgegevens.nl
- Türkiye: Kişisel Verileri Koruma Kurumu (KVKK) — kvkk.gov.tr
Last updated: March 2026