GDPR Notice

Your personal data are processed by ………………………………………………………. ("Company") acting as the data controller, within the scope and purposes specified below and in accordance with the Personal Data Protection Law No. 6698. You can access detailed information about the processing of your data through our Privacy Policy.

1. Personal Data Processing Purposes for Service Provision

The personal data categories specified below are processed by the Company in compliance with the Personal Data Protection Law No. 6698. Unless otherwise stated, the term "personal data" in this Privacy Policy covers all types of information listed below.

• Identity and Contact Data: Information that identifies you and enables us to communicate with you, such as first and last name, phone number, date of birth, gender, address information, employer information and e-mail address

• Location Data: GPS-based precise or approximate location information obtained from your device during your access to the services

• Transaction Security Data: Session information used for account access, username information, authentication data securely stored by cryptographic methods and digital trace records related to system security

• User and Transaction Information and Financial Data: Account registration information, user ID number, information about service usage times, your in-app search and filtering preferences, your reviews and comments, pages you visited and technical error records occurring during use; invoice and receipt data related to payment processes, financial records such as invoice amount and transaction time

• Marketing and Profile Information: Your preferences, analyses of your usage habits, notification permission statuses, targeting data, cookie records and similar digital media interaction information

• Complaint and Request Management Data: Records of complaints, requests and feedback you have sent to us through the application or communication channels

• Risk and Audit Data: Information such as IP address and systemic monitoring records kept for security purposes

• Biometric and Face Recognition Data: Facial features obtained from photographs, face shape and expression, hair and beard status, age estimation, observations regarding accessories and identifier data outputs of characteristic facial points

• Data Shared by User: Event creation information (event name, location, date), photographs uploaded to the platform and similar content

In accordance with Articles 3 and 7 of the Personal Data Protection Law No. 6698, information anonymized in a way that removes its personal data nature is not considered personal data within the scope of the relevant legislation; processing activities related to this data may be carried out outside the scope of this Information Notice. However, you can submit your requests for information regarding whether your personal data are processed by applying to the Company.

Your personal data that you have shared with the Company may be processed for the purposes of enabling you to benefit from the services offered through the website and/or mobile application ("Site"), creating and updating your membership registration, developing the services provided by the Company, introducing new services and informing you within this scope, conducting the Company's commercial activities, determining and implementing business strategies, ensuring the legal and commercial security of persons and institutions in business relationship with the Company and fulfilling the obligations arising from these activities.

Your personal data may be processed for purposes such as contacting you, improving user experience, conducting customer satisfaction activities, managing technical support processes and similar purposes; as well as for reporting, analysis, business development and planning activities of the Company, making statistical evaluations without disclosing your identity, creating databases and conducting market research. Additionally, this data may be processed, stored by the Company within the scope of direct marketing, digital marketing, retargeting, profiling and analytical studies, transferred to third party service providers when necessary, and information may be provided about product and service promotion and maintenance and support processes through this data.

The Company, as a rule, carries out personal data processing activities based on the explicit consent of the data subject. However, in the presence of exceptional circumstances regulated in Articles 5 and 8 of the KVKK and prescribed by legislation, your personal data may be processed without seeking your explicit consent and may only be transferred to persons, institutions or organizations that are legally authorized. The main ones of these exceptional situations are exemplified below:

• Personal data may be processed in cases required by the legitimate interests of the Company, provided that they do not harm the fundamental rights and freedoms of the data subject.

• Personal data may be processed without explicit consent in cases necessary for the fulfillment of the Company's legal obligations

• Processing of personal data is possible in cases where it is mandatory for the establishment, exercise or protection of a right.

• In cases where the person is unable to express consent or legal validity is not recognized to their consent, personal data may be processed for the purpose of protecting the life or bodily integrity of themselves or a third party.

• In cases where the data subject has made their personal data public, this data may be processed in accordance with the purpose of making it public.

• Processing of personal data is possible to the extent that it is directly connected and necessary for the contract to be established or performed between the data subject and the Company.

• Processing of personal data may be carried out without seeking the explicit consent of the data subject in cases explicitly regulated in relevant legal provisions.

The Company may use cookie technology to improve your experience regarding the use of the Site and to optimize its services by analyzing visitor traffic. Data obtained within this scope may be transferred to third party providers with whom services are received only to the extent required by the relevant analysis services and for limited purposes. Cookies are small data files placed in your browser during your visit to the Site that store information about your preference settings and usage habits, and allow the Site to be used in a more functional and personal way. These files are used to help obtain statistical data on how many people visit a website and for what purposes, the number and duration of visits, and to present user-specific content and advertisements. In addition, cookies are not designed to access any personal data other than from your device. You can completely block cookie use by changing your browser settings at any time or choose to receive notifications when cookies are sent.

2. Personal Data Collection Process and Legal Processing Reasons

Your personal data are obtained and processed by the Company through websites and digital platforms owned by the Company, with your consent to share, in whole or in part through automatic means or through non-automatic means provided that they are connected to a data recording system.

Your personal data are primarily processed based on your explicit consent within the scope of Article 5/1 of the KVKK. In addition, if the necessary conditions exist; in cases required by the contract to be established or performed with you in accordance with Article 5/2-c of the KVKK, in cases where there is an obligation for the fulfillment of the legal obligations to which the Company is subject within the scope of Article 5/2-ç, for the purpose of establishing, exercising or protecting a right in accordance with Article 5/2-e and in cases required by the legitimate interests of the Company provided that the fundamental rights and freedoms of the data subject are not harmed within the framework of Article 5/2-f, your personal data may be processed without seeking your explicit consent.

3. Personal Data Retention Periods

Your personal data are retained for the period required by the processing purposes specified in this Information Notice and in any case taking into account the statute of limitations and retention periods prescribed in the relevant legislation.

Within this scope;

Personal data processed within the scope of service provision, user account management and platform activities are retained for 1 (one) year from the end of the relevant legal relationship.

Biometric face recognition data obtained from photographs and photographs are retained for 1 (one) year following the completion of the relevant event and the end of service provision, and are automatically deleted, destroyed or anonymized at the end of this period.

The specified retention periods may be updated by the Company in accordance with the relevant legislation in case of changes in the relevant legislation, requirements of legal obligations, necessity to retain data for a longer period for the purpose of establishing, exercising or protecting a right, or situations requiring the legitimate interests of the Company arise.

4. Purpose and Scope of Transfer of Personal Data to Third Parties

Your personal data may be transferred to business partners, intermediary service providers, service suppliers and consultants with whom there is a business relationship within the scope of requirements such as ensuring service provision and security, sending commercial electronic messages, and carrying out data processing and storage activities, in accordance with Articles 8 and 9 of the Law No. 6698 in order to fulfill the above-mentioned purposes; provided that the necessary protective measures regarding confidentiality and data security are taken and only to the extent required by the relevant purpose.

Your personal data may be transferred to persons and organizations located in Turkey as required by the above-mentioned purposes, as well as to countries outside Turkey for processing or storage, provided that necessary measures regarding data security are taken and acted in accordance with the conditions prescribed in Article 9 of the KVKK. In cross-border transfer processes, reliance is placed on countries where adequate protection as determined by the Personal Data Protection Board exists, or in cases where adequate protection does not exist, on the explicit consent of the data subject or other safeguard mechanisms prescribed by legislation.

For the purpose of fulfilling legal obligations, your personal data may be shared with the relevant authorities only on a need-to-know basis when public institutions and organizations authorized to access this data under the legislation make requests.

5. Data Subject Rights (KVKK Art.11)

• As a data subject, you have the right to request information regarding whether your personal data are processed.

• If your personal data have been processed, you may request detailed explanation about these processing activities.

• You have the right to learn for what purposes your personal data are processed and whether the processing activities are carried out in accordance with the stated purposes.

• If you think your personal data have been processed incorrectly or incompletely, you have the right to request their correction.

• You have the right to request information about which third parties your personal data have been shared with, domestically or abroad.

• You may also request that the operations performed in accordance with your requests for correction, deletion or destruction of your personal data be notified to third parties to whom such data have been transferred.

• Within the framework of the legislation, you may request the deletion or destruction of your personal data.

• In case of a result arising against you through the analysis of your personal data exclusively through automated systems, you have the right to object to this result.

• If you suffer damage due to unlawful processing of your personal data, you may request compensation for this damage.

Data subjects may submit their requests within the scope of Article 11 of the KVKK to the Company. The Company will conclude such requests as soon as possible according to the nature of the request and in any case within 30 (thirty) days at the latest.

In case the operations for fulfilling the request require an additional cost, a fee may be requested from the data subject in accordance with the tariff determined by the Personal Data Protection Board.