TURKTICARET.NET SOFTWARE SERVICES INDUSTRY AND TRADE JOINT STOCK COMPANY (“Turkticaret.Net”) PERSONAL DATA PROTECTION AND PROCESSING POLICY Turkticaret.Net PERSONAL DATA PROTECTION AND PROCESSING POLICY INFORMATION FORM
Document Name:
Turkticaret.Net Personal Data Protection and Processing Policy (“Policy”)
Target Audience:
All real persons whose personal data is processed by Turkticaret.Net
Prepared by:
Turkticaret.Net
Version:
1.0
Effective Date:
27.02.2026
In case of any discrepancy between the Turkish version of the Policy and any translated version, the Turkish text shall prevail.
© Turkticaret.Net Software Services Industry and Trade Joint Stock Company, 2026
This document may not be reproduced or distributed without the written permission of Turkticaret.Net.
Within the scope of the activities carried out by Turkticaret.Net Software Services Industry and Trade Joint Stock Company (“Turkticaret.Net”), the protection of personal data is among the main priorities. This Turkticaret.Net Personal Data Protection and Processing Policy (“Policy”) explains the principles and procedures adopted in personal data processing activities carried out by Turkticaret.Net and the basic principles regarding the compliance of these activities with the provisions of the Personal Data Protection Law No. 6698 (“Law”).
In this framework, it is aimed to inform the data subjects and to provide the necessary transparency by providing detailed information regarding the personal data processing activities carried out by Turkticaret.Net in the Policy. With the awareness of this responsibility, Turkticaret.Net processes and protects personal data within the scope of this Policy.
This Policy belongs to data subjects other than Turkticaret.Net employees; it covers all personal data processed by Turkticaret.Net through fully or partially automated means or non-automated means provided that they are part of any data recording system. Detailed information regarding the said groups of data subjects is included in ANNEX-2 (“Data Subjects”) of this Policy.
The legal regulations in force regarding the processing and protection of personal data shall be applied primarily. In case of any conflict between the provisions of the legislation in force and this Policy, Turkticaret.Net accepts that the provisions of the relevant legislation shall be taken as a basis. This Policy regulates the procedures and principles for the concretization and implementation of the rules and obligations set forth by the legislation in force within the framework of Turkticaret.Net practices.
This Policy issued by Turkticaret.Net is dated 27.02.2026.
In case all or any part of the Policy is updated, the effective date of the current text shall be revised accordingly. The Policy is published on Turkticaret.Net’s website (www.turkticaret.net) and is also made available to the access of data subjects upon their request.
Turkticaret.Net, in accordance with Article 12 of the Law, takes the necessary technical and administrative measures appropriate to the nature of the data in order to prevent the unlawful processing of personal data, unauthorized access to these data, transfer or any other risks that may damage data security and to ensure the preservation of personal data.
In this context, Turkticaret.Net implements administrative measures aimed at ensuring an adequate level of security in accordance with the principle decisions and guides published by the Personal Data Protection Board (“Board”); it performs or ensures the performance of the necessary audits.
Personal data of a sensitive nature, as they carry the risk of causing victimization or discrimination for the data subjects in case of unlawful processing, have been subjected to special protection within the scope of the Law. In this direction, according to Article 6 of the Law, “special categories of personal data” are defined as data regarding race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and appearance, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
The technical and administrative measures taken by Turkticaret.Net for the protection of personal data are also implemented within the framework of higher security standards for special categories of personal data. In this context, the adequate measures stipulated in the Board's Decision dated 31/01/2018 and numbered 2018/10 are implemented in accordance with the principles explained in the Special Categories of Personal Data Processing and Security Policy; the activities carried out in this framework are regularly monitored and audited within the scope of the audits performed within Turkticaret.Net.
Detailed explanations regarding the processing of special categories of personal data are included in Article 3.3 of this Policy.
Turkticaret.Net ensures that regular trainings are provided to the relevant business units in order to increase awareness among employees to prevent the unlawful processing of personal data or unauthorized access to these data and to ensure the secure preservation of personal data. The training and awareness studies organized by Turkticaret.Net are prepared based on the “Personal Data Security Guide” published by the Personal Data Protection Board on its official website.
With the trainings and awareness activities performed, it is aimed that the personal data processing activities carried out by employees while fulfilling their duties are performed in accordance with the Law and relevant secondary legislation. In this context, Turkticaret.Net establishes the necessary systems to ensure that its existing employees as well as new employees joining its body gain awareness regarding the protection of personal data; it receives support from consultants in these processes if needed. In addition, participation in training, seminars and information activities is evaluated taking into account the updates in the relevant legislation and new training programs are organized in this direction.
Personal data are processed in accordance with the general trust and honesty rules in a way that does not damage the fundamental rights and freedoms of persons. In this framework, personal data are processed to the extent required by the business activities of Turkticaret.Net and limited to them.
Turkticaret.Net takes the necessary measures to ensure that personal data is accurate and up-to-date during the period it is processed and establishes the necessary mechanisms for ensuring the accuracy and up-to-dateness of personal data at certain periods.
Turkticaret.Net clearly reveals the purposes of processing personal data and processes them within the scope of purposes connected with these activities in line with the business activities.
Turkticaret.Net collects personal data only in the nature and to the extent required by the business activities and processes them limited to the determined purposes.
Turkticaret.Net preserves personal data for the period required for the purpose for which they are processed and for the minimum period stipulated in the relevant legal legislation. In this context, Turkticaret.Net first determines whether a period is stipulated in the relevant legislation for the storage of personal data, and if a period is determined, it acts in accordance with this period. If a legal period is not available, personal data are stored for the period required for the purpose for which they are processed. Personal data are destroyed at the end of the determined storage periods in accordance with the periodic destruction periods or the application of the data subject and with the determined destruction methods (deletion and/or destruction and/or anonymization).
Except for the case where the data subject gives explicit consent, the basis for the personal data processing activity can be only one of the conditions specified below, or more than one condition can be the basis for the same personal data processing activity. In the event that the processed data is a special category of personal data, the conditions included in the title 3.3 of this Policy (“Processing of Special Categories of Personal Data”) shall be applied.
One of the conditions for processing personal data is the explicit consent of the data subject. The explicit consent of the data subject must be declared based on information and with free will regarding a specific subject.
In the event of the presence of the personal data processing conditions listed below, personal data may be processed without the need for the explicit consent of the data subject.
If the personal data of the data subject is explicitly stipulated in the law, in other words, if there is an explicit provision regarding the processing of personal data in the relevant law, the presence of this data processing condition can be mentioned.
In the event that it is compulsory to process personal data to protect the life or physical integrity of a person who is unable to disclose their consent due to de facto impossibility or whose consent is not granted legal validity, or to protect the life or physical integrity of another person, the personal data of the data subject may be processed.
Provided that it is directly related to the establishment or performance of a contract to which the data subject is a party, this condition can be considered fulfilled if the processing of personal data is necessary.
In the event that processing is mandatory for Turkticaret.Net to fulfill its legal obligations, the personal data of the data subject may be processed.
In the event that the data subject has made their personal data public, the relevant personal data may be processed limited to the purpose of making it public.
In the event that data processing is mandatory for the establishment, use, or protection of a right, the personal data of the data subject may be processed.
Provided that it does not damage the fundamental rights and freedoms of the data subject, the personal data of the data subject may be processed if data processing is mandatory for the legitimate interests of Turkticaret.Net.
As a rule, it is forbidden to process special categories of personal data. However, as Turkticaret.Net, special categories of personal data are processed in the presence of the following conditions specified in Article 6 of the Law and by being in accordance with the principles specified in this Policy:
One of the conditions for processing special categories of personal data is the explicit consent of the data subject. The explicit consent of the data subject must be declared based on information and with free will regarding a specific subject.
In the presence of the special data processing conditions listed below, personal data may be processed without the need for the explicit consent of the data subject:
If the special categories of personal data of the data subject are explicitly stipulated in the law, in other words, if there is an explicit provision regarding the processing of special categories of personal data in the relevant law, the presence of this data processing condition can be mentioned.
In the event that it is mandatory to process special categories of personal data to protect the life or physical integrity of a person who is unable to disclose their consent due to de facto impossibility or whose consent is not granted legal validity, or to protect the life or physical integrity of another person, the personal data of the data subject may be processed.
In the event that the data subject has made their special category of personal data public in accordance with their own will to make it public, the relevant special categories of personal data may be processed limited to the purpose of making it public.
In the event that data processing is mandatory for the establishment, use, or protection of a right, the special categories of personal data of the data subject may be processed.
In the event that it is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment and care services and for the planning, management and financing of health services by persons under the obligation of confidentiality or authorized institutions and organizations, the special categories of personal data of the data subject may be processed.
In the event that it is mandatory to fulfill legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance, the special categories of personal data of the data subject may be processed.
Foundations, associations and other non-profit organizations or formations established for political, philosophical, religious or trade union purposes may process special categories of personal data of the data subject regarding their existing or former members and employees or persons who are in regular contact with these organizations and formations, provided that they comply with the legislation they are subject to and their purposes, are limited to their fields of activity and are not disclosed to third parties.
Turkticaret.Net informs the data subjects during the collection of their personal data by whom and for what purposes their personal data is processed as the data controller, for what purposes and with whom it is shared, by which methods it is collected and the legal reason for its processing and the rights they have within the scope of the processing of their personal data, in accordance with Article 10 of the Law and secondary legislation.
Turkticaret.Net may transfer the personal data and special categories of personal data of the data subject to third parties (third party companies, third real persons) by taking the necessary security measures in line with the lawful personal data processing purposes. Turkticaret.Net acts in accordance with the regulations stipulated in Articles 8 and 9 of the Law in this direction. Detailed information regarding this subject can be reached from ANNEX 4 (“ANNEX 4 – Third Parties to Whom Personal Data are Transferred by Turkticaret.Net and the Purposes of Transfer”) of this Policy.
In the presence of one or more of the data processing conditions specified below (“Data Processing Conditions”), personal data may be transferred to third parties by Turkticaret.Net by showing necessary care and taking all necessary security measures, including methods stipulated by the Board.
Transfer of personal data abroad by Turkticaret.Net; will be carried out in accordance with Article 9 of the Law and the principles specified in this Policy, by taking technical and administrative measures in the direction explained below:
Personal data may be transferred abroad by Turkticaret.Net in the presence of one of the conditions specified in Articles 5 and 6 of the Law and the presence of an adequacy decision given by the Board regarding the country, international organization, or sectors within the country where the transfer will be made.
The adequacy decision is given by the Board and published in the Official Gazette. The Board may also receive the opinions of relevant institutions and organizations if needed. The adequacy decision is evaluated at the latest every four years. The Board may change, suspend, or cancel the adequacy decision with effect for the future as a result of the evaluation or in other cases it deems necessary.
In the absence of an adequacy decision, personal data may be transferred abroad by Turkticaret.Net in the presence of one of the personal data processing conditions specified in Articles 5 and 6 of the Law and provided that the data subject has the opportunity to exercise their rights and apply for effective legal remedies in the country where the transfer will be made, in the event that one of the appropriate safeguards specified below is provided by the parties:
The presence of an agreement not in the nature of an international treaty between public institutions and organizations or international organizations abroad and public institutions and organizations or professional organizations with the character of public institutions in Turkey and the permission for transfer by the Board.
The presence of binding corporate rules approved by the Board, containing provisions regarding the protection of personal data, which companies within an undertaking group engaged in a joint economic activity are obliged to comply with.
The presence of standard contractual clauses announced by the Board, containing matters such as data categories, purposes of data transfer, recipient and recipient groups, technical and administrative measures to be taken by the data recipient, and additional measures taken for special categories of personal data, and notification to the Board about these standard contractual clauses within legal periods.
The presence of a written undertaking containing provisions that will provide adequate protection and permission for transfer by the Board.
In the case of the absence of an adequacy decision and the failure to provide one of the appropriate safeguards, personal data may be transferred abroad by Turkticaret.Net, provided that it is occasional, in the presence of one of the following cases:
The data subject giving explicit consent to the transfer provided that they are informed about potential risks.
The transfer being mandatory for the performance of a contract between the data subject and the data controller or the implementation of pre-contractual measures taken upon the request of the data subject.
The transfer being mandatory for the establishment or performance of a contract to be made between the data controller and another real or legal person for the benefit of the data subject.
The transfer being mandatory for an overriding public interest.
The transfer of personal data being mandatory for the establishment, use, or protection of a right.
The transfer of personal data being mandatory for the protection of the life or physical integrity of the person who is unable to disclose their consent due to de facto impossibility or whose consent is not granted legal validity, or to protect the life or physical integrity of another person.
Transfer being made from a registry open to the public or to persons who have a legitimate interest, provided that the conditions required for accessing the registry in the relevant legislation are met and the person with a legitimate interest requests it.
As a rule, it is forbidden to transfer special categories of personal data. However, as Turkticaret.Net, special categories of personal data are processed in the presence of the following conditions specified in Article 6 of the Law and by being in accordance with the principles specified in this Policy:
One of the conditions for processing special categories of personal data is the explicit consent of the data subject. The explicit consent of the data subject must be declared based on information and with free will regarding a specific subject.
In the presence of the special categories of personal data processing conditions listed below, personal data may be processed without the need for the explicit consent of the data subject:
If the special categories of personal data of the data subject are explicitly stipulated in the law, in other words, if there is an explicit provision regarding the processing of special categories of personal data in the relevant law, the presence of this data processing condition can be mentioned.
In the event that it is mandatory to process special categories of personal data to protect the life or physical integrity of a person who is unable to disclose their consent due to de facto impossibility or whose consent is not granted legal validity, or to protect the life or physical integrity of another person, the personal data of the data subject may be processed.
In the event that the data subject has made their special category of personal data public in accordance with their own will to make it public, the relevant special categories of personal data may be processed limited to the purpose of making it public.
In the event that data processing is mandatory for the establishment, use, or protection of a right, the special categories of personal data of the data subject may be processed.
In the event that it is necessary for the protection of public health, preventive medicine, medical diagnosis, treatment and care services and for the planning, management and financing of health services by persons under the obligation of confidentiality or authorized institutions and organizations, the special categories of personal data of the data subject may be processed.
In the event that it is mandatory to fulfill legal obligations in the fields of employment, occupational health and safety, social security, social services and social assistance, the special categories of personal data of the data subject may be processed.
Foundations, associations and other non-profit organizations or formations established for political, philosophical, religious or trade union purposes may process special categories of personal data of the data subject regarding their existing or former members and employees or persons who are in regular contact with these organizations and formations, provided that they comply with the legislation they are subject to and their purposes, are limited to their fields of activity and are not disclosed to third parties.
Transfer of special categories of personal data abroad by Turkticaret.Net will be carried out in accordance with Article 9 of the Law and the principles specified in this Policy, by taking technical and administrative measures in the direction explained below:
Special categories of personal data may be transferred abroad by Turkticaret.Net in the presence of one of the conditions specified in Article 6 of the Law and the presence of an adequacy decision given by the Board regarding the country, international organization, or sectors within the country where the transfer will be made.
In the absence of an adequacy decision, special categories of personal data may be transferred abroad by Turkticaret.Net in the presence of one of the conditions specified in Article 6 of the Law and provided that the data subject has the opportunity to exercise their rights and apply for effective legal remedies in the country where the transfer will be made, in the event that one of the appropriate safeguards specified below is provided by the parties:
The presence of an agreement not in the nature of an international treaty between public institutions and organizations or international organizations abroad and public institutions and organizations or professional organizations with the character of public institutions in Turkey and the permission for transfer by the Board.
The presence of binding corporate rules approved by the Board, containing provisions regarding the protection of personal data, which companies within an undertaking group engaged in a joint economic activity are obliged to comply with.
The presence of standard contractual clauses announced by the Board, containing matters such as data categories, purposes of data transfer, recipient and recipient groups, technical and administrative measures to be taken by the data recipient, and additional measures taken for special categories of personal data, and notification to the Board about these standard contractual clauses within legal periods.
The presence of a written undertaking containing provisions that will provide adequate protection and permission for transfer by the Board.
In the case of the absence of an adequacy decision and the failure to provide one of the appropriate safeguards, special categories of personal data may be transferred abroad by Turkticaret.Net, provided that it is occasional, in the presence of one of the following cases:
The data subject giving explicit consent to the transfer provided that they are informed about potential risks.
The transfer being mandatory for the performance of a contract between the data subject and the data controller or the implementation of pre-contractual measures taken upon the request of the data subject.
The transfer being mandatory for the establishment or performance of a contract to be made between the data controller and another real or legal person for the benefit of the data subject.
The transfer being mandatory for an overriding public interest.
The transfer of personal data being mandatory for the establishment, use, or protection of a right.
The transfer of personal data being mandatory for the protection of the life or physical integrity of the person who is unable to disclose their consent due to de facto impossibility or whose consent is not granted legal validity, or to protect the life or physical integrity of another person.
Transfer being made from a registry open to the public or to persons who have a legitimate interest, provided that the conditions required for accessing the registry in the relevant legislation are met and the person with a legitimate interest requests it.
Within Turkticaret.Net, data subjects are informed in accordance with Article 10 of the Law and relevant secondary legislation provisions; personal data are processed in line with the personal data processing purposes determined by Turkticaret.Net, based on at least one of the personal data processing conditions specified in Articles 5 and 6 of the Law and limited to these conditions. In these processes, all principles stipulated in the Law, especially the general principles regulated in Article 4 of the Law, are complied with.
Personal data categories processed within the framework of the purposes and conditions specified in this Policy and detailed information regarding these categories can be reached from ANNEX – 3 (“Personal Data Categories”) of the Policy.
Detailed explanations regarding personal data processing purposes can be reached from ANNEX – 1 (“Personal Data Processing Purposes”) of the Policy.
Turkticaret.Net preserves personal data for the period required for the purpose for which they are processed and by being limited to the minimum preservation periods stipulated in the relevant legislation. In this context, Turkticaret.Net first evaluates whether an explicit period is stipulated in the relevant legislation regarding the preservation of personal data; if there is a period determined in the legislation, it preserves personal data in accordance with the said period. In the event that no preservation period is stipulated in the legislation, personal data are preserved for as long as required for the purpose for which they are processed.
Personal data processed by Turkticaret.Net are handled on a category basis and maximum preservation periods are determined for each personal data category. These periods are clearly presented through tables included in Turkticaret.Net’s Personal Data Storage and Destruction Policy. In the event of the expiration of the determined maximum preservation periods, personal data are destroyed using appropriate destruction methods (deletion and/or destruction and/or anonymization), taking into account periodic destruction periods or data subject applications.
Data subjects have the following rights:
Data subjects will be able to convey their requests regarding their rights listed in section 6.1 (“Rights of the Data Subject”) to Turkticaret.Net through methods determined by the Board. In this direction, they will be able to benefit from the “Data Subject Application Form” which can be reached from the address www.turkticaret.net.
Turkticaret.Net takes the necessary administrative and technical measures to conclude the applications to be made by the data subject in accordance with the Law and secondary legislation.
In the event that the data subject conveys their request regarding the rights included in section 6.1 (“Rights of the Data Subject”) to Turkticaret.Net in accordance with the procedure, Turkticaret.Net will conclude the relevant request free of charge as soon as possible and at the latest within 30 (thirty) days depending on the nature of the request. However, in case the transaction requires an additional cost, a fee may be charged in accordance with the tariff determined by the Board.
| PURPOSES |
| Conducting Emergency Management Processes |
| Conducting Information Security Processes |
| Conducting Employee Candidate / Intern / Student Selection and Placement Processes |
| Conducting Application Processes of Employee Candidates |
| Conducting Employee Satisfaction and Loyalty Processes |
| Fulfillment of Obligations Arising from Employment Contract and Legislation for Employees |
| Conducting Side Benefits and Interests Processes for Employees |
| Conducting Audit / Ethics Activities |
| Conducting Educational Activities |
| Conducting Access Authorizations |
| Conducting Activities in Accordance with the Legislation |
| Conducting Finance and Accounting Affairs |
| Conducting Loyalty Processes for Company / Product / Services |
| Ensuring Physical Space Security |
| Conducting Assignment Processes |
| Follow-up and Conduct of Legal Affairs |
| Conducting Internal Audit / Investigation / Intelligence Activities |
| Conducting Communication Activities |
| Planning Human Resources Processes |
| Conducting / Auditing Business Activities |
| Conducting Occupational Health / Safety Activities |
| Receiving and Evaluating Suggestions for Improvement of Business Processes |
| Conducting Business Continuity Ensuring Activities |
| Conducting Logistics Activities |
| Conducting Goods / Service Procurement Processes |
| Conducting After-Sales Support Services for Goods / Services |
| Conducting Goods / Services Sales Processes |
| Conducting Goods / Service Production and Operation Processes |
| Conducting Customer Relationship Management Processes |
| Conducting Customer Satisfaction Oriented Activities |
| Organization and Event Management |
| Conducting Marketing Analysis Studies |
| Conducting Performance Evaluation Processes |
| Conducting Advertisement / Campaign / Promotion Processes |
| Conducting Risk Management Processes |
| Conducting Storage and Archive Activities |
| Conducting Social Responsibility and Non-Governmental Organization Activities |
| Conducting Contractual Processes |
| Conducting Sponsorship Activities |
| Conducting Strategic Planning Activities |
| Follow-up of Requests / Complaints |
| Ensuring the Security of Movable Property and Resources |
| Conducting Supply Chain Management Processes |
| Conducting Remuneration Policy |
| Conducting Marketing Processes of Products / Services |
| Ensuring the Security of Data Controller Operations |
| Foreign Personnel Work and Residence Permit Procedures |
| Conducting Investment Processes |
| Conducting Talent / Career Development Activities |
| Providing Information to Authorized Persons, Institutions and Organizations |
| Conducting Management Activities |
| Creation and Follow-up of Visitor Records |
| Other |
| DATA SUBJECT CATEGORIES |
| Employee |
| Employee Candidate |
| Intern |
| Intern Candidate |
| Service Recipient/Service Recipient Official or Employee |
| Shareholder/Partner |
| Potential Service Recipient / Service Recipient Official or Employee |
| Third Parties Other Than the Service Recipient |
| Supplier Official / Employee |
| Visitor |
| Other - Business Partner |
| PERSONAL DATA CATEGORIES | PERSONAL DATA CATEGORIZATION DESCRIPTION |
| Identity Information | Data clearly belonging to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of a data recording system; containing information about the person's identity (such as name-surname, mother-father name, mother's maiden name, date of birth, place of birth, marital status, identity card serial number, T.C. identity number, etc.) |
| Contact Information | Data clearly belonging to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of a data recording system; information such as telephone number, address, e-mail address, fax number |
| Family Members and Relative Information | Data clearly belonging to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of a data recording system; information about the family members (e.g. spouse, mother, father, child) and relatives of the data subject within the framework of the operations carried out by Turkticaret.Net, in order to protect the legal interests of Turkticaret.Net and the data subject |
| Customer Transaction Information | Data clearly belonging to an identified or identifiable natural person and included in the data recording system; information such as records for the use of our services and the instructions and requests necessary for the data subjects to use the services |
| Physical Space Security Information | Data clearly belonging to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of a data recording system; personal data regarding recordings and documents taken at the entrance to the physical space or during the stay within the physical space; camera records and records taken at the security point, etc. |
| Transaction Security Information | Data clearly belonging to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of a data recording system; personal data processed to ensure technical, administrative, and legal security during the execution of our services (e.g. log records) |
| Financial Information | Data clearly belonging to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of a data recording system; personal data processed regarding all kinds of information, documents and records showing any financial result created within the scope of the relationship between Turkticaret.Net and its employees, suppliers or service recipients, as well as data such as bank account number, IBAN number, credit card information, financial profile, asset data, income information |
| Professional Experience Information | Data clearly belonging to an identified or identifiable natural person; processed partially or completely automatically or non-automatically as part of a data recording system; personal data such as job applications made to Turkticaret.Net and resume information, certificates, training participation records processed in accordance with the human resources needs of Turkticaret.Net |
| Special Categories of Personal Data | Data clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; data specified in Article 6 of the Personal Data Protection Law (e.g. health data including blood group, biometric data, etc.) |
| Request/Complaint Management Information | Data clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; personal data regarding the receipt and evaluation of all kinds of requests or complaints directed to Turkticaret.Net |
| Visual/Audio Data | Data clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; photographs and camera recordings, voice recordings, and data included in documents that are copies of documents containing personal data |
| Audit and Inspection Information | Data clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; personal data processed during the internal audit activities or external audits of Turkticaret.Net |
| Legal Transaction and Compliance Information | Data clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; personal data processed within the scope of our legal obligations and compliance with Turkticaret.Net's policies |
| Device/Technical Information | Data clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; technical identifier information such as device type, operating system information, application version, IP address and similar regarding the device and technical infrastructure used. |
| Application Usage Information | Data clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; data regarding active usage information of applications, background running times of applications, device session times, inactive times of the device and similar usage habits. |
| Location Information | Data clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; GPS data regarding the location of the data subject, approximate or precise location information and other data allowing location detection. |
| System Information | Data clearly belonging to an identified or identifiable natural person, processed partially or completely automatically or non-automatically as part of a data recording system; IP address information, login and logout logs to the application, error (crash) records, time stamps and other records regarding systemic transaction security. |
Personal data obtained by Turkticaret.Net in accordance with Articles 8 and 9 of the Law can be transferred to the categories of persons listed below:
The scope of the above-mentioned persons to whom the transfer is made and the data transfer purposes are stated below.
| Persons to Whom Data Transfer Can Be Made | Description | Data Transfer Purpose |
| Business Partners | Real or legal persons with whom cooperation is made during the execution of the services offered by Turkticaret.Net. Business partners from whom services are received in financial, legal, financial and operational processes. Service providers worked with for the purpose of fulfilling various activities. | Sharing personal data limited to the purpose of cooperation, in order to fulfill the services provided within the scope of the business/solution partnership relationship. |
| Suppliers | In cases where Turkticaret.Net carries out its service processes through outsourcing; real/legal person service providers who carry out data processing activities on behalf of and with the instructions of Turkticaret.Net. E.g. cloud system providers, IT companies, software-hardware service providers, security firms. | Transfer of personal data limited only to the provision of the relevant service, in order to provide the services received through outsourcing within the scope of the activities of Turkticaret.Net. |
| Legally Authorized Public Institutions and Organizations | Public authorities authorized to request information and documents from Turkticaret.Net within the framework of relevant legislation. E.g. Ministries, Tax Office, Courts, Prosecutor's Offices, SGK, Trade Registry Directorates. | Fulfilling the obligations regarding the personal data requested by public institutions and organizations within the scope of their legal powers and sharing data limited only to the relevant request. |
| Legally Authorized Private Law Persons | Private law persons clearly authorized by law; institutions and organizations whose field of activity is legally determined and who act within this framework of authority. E.g. notaries, independent audit companies, authorized mediators, professional organizations. | Sharing the personal data required within the scope of the activities they are obliged to carry out, limited only to the relevant process. |