This policy sets out the principles for processing, storing, and protecting the personal data of individuals (“Data Subjects”) who use our website, in accordance with the Turkish Law on the Protection of Personal Data No. 6698 (KVKK) and the EU General Data Protection Regulation (GDPR).

1. Data Controller

We are the data controller responsible for the personal data collected on this website within the scope of applicable legislation. You can contact us through the communication channels listed on our website.

2. Personal Data Collected

We may collect the following data directly from the user or by automated means:

• Identity Information: Name, surname, username, date of birth

• Contact Information: Phone number, email address, postal address

• Technical Information: IP address, browser type, operating system, device information

• Usage Information: On-site navigation, transaction history, click records

• Financial Information: Payment and billing details (if a transaction is made)

• Cookie Data: Information collected through cookies and similar technologies

3. Purposes of Processing Personal Data

Collected data may be processed for the following purposes:

• Providing, improving, and personalizing our services

• Managing membership and transaction processes

• Responding to requests and complaints

• Fulfilling legal obligations

• Enhancing user experience

• Marketing, campaigns, and informational communications (with explicit consent)

4. Legal Bases

Your personal data are processed on the following legal grounds:

• Explicit consent

• Performance of a contract

• Compliance with a legal obligation

• Legitimate interests

5. Data Retention Period

Personal data are retained for the periods specified in the relevant legislation or as long as necessary for the purpose of processing. When the retention period expires, data are securely deleted, destroyed, or anonymized.

6. Sharing of Personal Data

Your personal data may be shared only in the following cases:

• Legal obligations

• Requests from competent public authorities and institutions

• Our service-provider business partners (e.g., hosting, shipping, payment)

Data are not sold or shared with third parties for commercial purposes.

7. International Data Transfers

Where required by the service, your data may be transferred abroad to countries providing adequate protection under KVKK and GDPR, or based on your explicit consent, in compliance with applicable transfer conditions.

8. Data Security

To protect your personal data, we implement:

• Technical measures to prevent unauthorized access (encryption, firewalls, SSL, etc.)

• Authorization and access controls

• Staff confidentiality obligations

9. Rights of the Data Subject

Under KVKK Article 11 and GDPR Articles 15–22, data subjects have the right to:

• Request access to their personal data

• Request rectification of data

• Request deletion or destruction of data

• Request restriction of processing

• Request data portability

• Object to processing

• Withdraw consent

To exercise these rights, please contact us using the addresses provided on our website.

10. Changes to This Policy

This policy may be updated from time to time. The updated version becomes effective upon publication on our website.