PROTECTION OF PERSONAL DATA

General Information on the Law on the Protection of Personal Data

The Law No. 6698 on the Protection of Personal Data (hereinafter referred to as the “KVKK”) was adopted on 24 March 2016 and published in the Official Gazette No. 29677 dated 7 April 2016. Certain provisions of the KVKK entered into force on the date of publication, while others entered into force on 7 October 2016.

Information as the Data Controller

Pursuant to Law No. 6698 KVKK and in our capacity as the Data Controller, your personal data may be recorded, stored, updated, disclosed to or transferred to third parties where permitted by legislation, classified, and processed in the ways stipulated under the KVKK, within the scope explained on this page.

Methods of Processing Personal Data

In accordance with Law No. 6698 KVKK, the personal data you share with our Company may be processed by us—either fully or partially, through automatic or non-automatic means provided that they form part of a data recording system—by obtaining, recording, storing, modifying, reorganizing, and otherwise subjecting the data to any kind of processing operation.

Any operation performed on personal data within the scope of the KVKK is deemed “processing of personal data.”

Purposes and Legal Grounds for Processing Personal Data

The personal data you share may be processed for the following purposes:

To properly perform the requirements of the services provided to our customers, in compliance with contractual and technological necessities, and to improve our products and services;
To record identity, address, and other necessary information for identifying transaction owners in accordance with Law No. 6563 on the Regulation of Electronic Commerce, Law No. 6502 on the Protection of Consumers, the Regulation on Service Providers and Intermediary Service Providers in Electronic Commerce published in the Official Gazette dated 26.08.2015 No. 29457, the Regulation on Distance Contracts published in the Official Gazette dated 27.11.2014 No. 29188, and other applicable legislation;
To prepare all records and documents forming the basis of transactions in banking and electronic payment systems, whether in electronic or physical form, and to comply with statutory obligations regarding data retention, reporting, and notification imposed by legislation and regulatory authorities;
To provide information to public prosecutors, courts, and authorized public officials upon request in matters related to public security and legal disputes, as required by law.

All processing activities are carried out in accordance with Law No. 6698 KVKK and related secondary legislation.

Information on Third Parties to Whom Personal Data May Be Transferred

For the purposes stated above, your personal data may be transferred to the following persons and organizations:

primarily İkas, the provider of our e-commerce infrastructure;
suppliers, cargo and logistics companies, and other parties related to the services provided;
program partners, domestic and international organizations, and third parties from whom services are obtained and with whom we cooperate, acting as Data Processors.

Methods of Collecting Personal Data

Your personal data may be collected and processed through the following channels:

Via forms on our website and mobile applications, including name, surname, Turkish ID number, address, phone number, business or personal email address; preferences on pages accessed with username and password; IP records of transactions, cookie data collected by browsers, browsing duration and details, and location data;
Through verbal, written, or electronic means via our sales and marketing staff, branches, suppliers, other sales channels, paper forms, business cards, digital marketing platforms, and call centers;
From individuals who share their personal data for purposes such as establishing a commercial relationship with our Company, submitting job applications, or making offers—through business cards, résumés (CVs), proposals, or similar methods—whether in physical or digital environments, face-to-face or remotely;
Indirectly obtained data from various channels such as websites, blogs, contests, surveys, games, campaigns, micro-websites, social media platforms, newsletter open or click activities, publicly available databases, and publicly shared profile information on social media platforms.

Transfer of Personal Data Abroad

Personal data collected through any of the methods mentioned above may be transferred abroad—provided that it remains within the scope of the KVKK and is consistent with contractual purposes—to service providers located in countries accredited by the Personal Data Protection Board as having an adequate level of data protection.

Storage and Protection of Personal Data

Your personal data shall be stored confidentially in the Company’s databases and systems in accordance with Article 12 of the KVKK and shall not be shared with third parties except as required by legal obligations and the provisions stated in this document.

Our Company is obliged to take all necessary technical and administrative measures, including software-based access controls and physical security measures, to prevent unlawful processing of personal data and unauthorized access.

In the event that personal data are obtained unlawfully by third parties, the situation shall be promptly reported in writing to the Personal Data Protection Board, in accordance with applicable legislation.

Keeping Personal Data Accurate and Up to Date

Pursuant to Article 4 of the KVKK, our Company is obligated to keep personal data accurate and up to date.

Accordingly, for the Company to fulfill its legal obligations, customers are required to share accurate and current information or update their data via the website or mobile application.