This policy sets out the principles for processing, storing, and protecting the personal data of individuals (“Data Subjects”) who use our website, in accordance with Türkiye’s Law No. 6698 on the Protection of Personal Data (KVKK) and the European Union General Data Protection Regulation (GDPR).

1. Data Controller

We act as the data controller for personal data collected on this website within the scope of the applicable legislation. For any inquiries, you can contact us through the communication channels provided on our website.

2. Personal Data We Collect

We may collect the following data from users directly or automatically:

• Identity Information: Name, surname, username, date of birth

• Contact Information: Phone number, email address, postal address

• Technical Information: IP address, browser type, operating system, device details

• Usage Information: On-site navigation, transaction history, click records

• Financial Information: Payment and invoicing details (where a transaction is performed)

• Cookie Data: Information collected through cookies

3. Purposes of Processing Personal Data

Collected data may be processed for the following purposes:

• Providing, improving, and personalizing our services

• Managing membership and transactional processes

• Responding to requests and complaints

• Fulfilling legal obligations

• Enhancing user experience

• Conducting marketing, campaign, and informational activities (with explicit consent)

4. Legal Bases

Your personal data are processed on the following legal grounds:

• Explicit consent

• Performance of a contract

• Compliance with a legal obligation

• Legitimate interests (provided that your fundamental rights and freedoms are not harmed)

5. Data Retention Period

Personal data are retained for the periods specified in the relevant legislation or as long as necessary for the purpose of processing. When the retention period expires or the purpose no longer applies, data are securely deleted, destroyed, or anonymized.

6. Sharing of Personal Data

Your personal data may be shared only in the following circumstances:

• Where required by legal obligations

• In response to requests from competent public authorities

• With service provider business partners (e.g., hosting, shipping, payment) strictly for service provision

Data are not sold or shared with third parties for commercial purposes.

7. International Data Transfers

Where required for service provision, your data may be transferred abroad to countries that provide adequate protection under KVKK and GDPR, or with your explicit consent where adequate protection is not available, in accordance with legal requirements.

8. Data Security

To protect your personal data, we implement:

• Technical measures to prevent unauthorized access (encryption, firewalls, SSL, etc.)

• Authorization and access controls based on role and necessity

• Confidentiality obligations for personnel and relevant third parties

9. Data Subject Rights

Under KVKK Article 11 and GDPR Articles 15–22, data subjects have the right to:

• Request access to their personal data

• Request correction of inaccurate or incomplete data

• Request deletion or destruction of data

• Request restriction of processing

• Request data portability

• Object to processing

• Withdraw consent at any time (where processing is based on consent)

To exercise your rights, please contact us using the communication details provided on our website.

10. Changes to This Policy

This policy may be updated from time to time. The updated version takes effect upon publication on our website.