This policy sets out the principles for processing, storing and protecting personal data of individuals who use our website (“data subjects”), within the framework of the Turkish Law No. 6698 on Personal Data Protection (KVKK) and the General Data Protection Regulation (GDPR) of the European Union.

---

1. Person responsible for data processing

Within the framework of the applicable legal regulations, we are responsible for the personal data collected on this website as the controller (“controller for processing”).
You can use the channels listed on the website to contact us.

---

2. Personal data collected

Personal data may be collected directly from the user or automatically:

• Identity data: First name, last name, username, date of birth

• Contact details: Telephone number, email address, postal address

• Technical data: IP address, browser type, operating system, device information

• Usage data: Website navigation, transaction history, click logs

• Financial data: Payment and billing information (for transactions)

• Cookie data: Information collected through cookies

---

3. Purposes of processing personal data

The data collected may be processed for the following purposes:

• Providing, improving and personalizing services

• Managing membership and transaction processes

• Answering inquiries and complaints

• Fulfillment of legal obligations

• Improving the user experience

• Marketing, campaign and information measures (with express consent)

---

4. Legal basis

Your personal data will be processed on the basis of the following legal bases:

• Her express consent

• Fulfillment of a contract

• Fulfillment of a legal obligation

• Legitimate interest

---

5. Data retention period

Personal data will be stored for the periods specified in the relevant legislation or for as long as the purpose for which it is processed exists.
After this period, the data will be securely deleted, destroyed or anonymized.

---

6. Disclosure of personal data

Your personal data will only be shared in the following cases:

• Legal obligations
• Requirements of competent authorities
• Service partners (hosting, shipping, payment, etc.)

The data will not be passed on for commercial purposes or sold to third parties.

---

7. Data transfer abroad

If necessary for the provision of the service, your data may be transferred to countries with an adequate level of data protection or abroad with your express consent, in compliance with the provisions of the KVKK and GDPR.

---

8. Data security

The following measures are taken to protect your personal data:

• Technical measures to prevent unauthorized access (encryption, firewalls, SSL, etc.)
• Authorization and access controls
• Confidentiality obligations for employees

---

9. Rights of the data subject

According to Article 11 KVKK and Articles 15–22 GDPR, data subjects have the following rights:

• Request information about your personal data
• Request correction of data
• Request deletion or destruction of the data
• Request restriction of processing
• Request portability of the processed data
• Object to processing
• Revoke consent at any time

To exercise these rights, you can contact us using the contact details provided on our website.

---

10. Amendments to the Directive

This policy may be updated from time to time.
The updated version will take effect upon its publication on our website.