PRIVACY POLICY

PURPOSE

This Privacy Policy regulates how personal data processed within the scope of activities conducted through the Company's website and mobile application are collected, processed, transferred and protected.

This Privacy Policy has been prepared within the scope of the Personal Data Protection Law No. 6698 (KVKK), the European General Data Protection Regulation (GDPR) and all other relevant legislation.

PERSONAL DATA PROCESSED AND PURPOSE OF PROCESSING

Within the scope of this Privacy Policy, the Company may process identity information, contact information, financial information, information of transactions made through the website and/or mobile application, and IP, cookie, device and similar information belonging to users.

The Company processes the said personal data in accordance with legal regulations for the purposes of providing and developing products/services, processing orders and payments through the website and/or mobile application and billing, conducting customer service processes more efficiently, fulfilling legal obligations in accordance with legal regulations, marketing activities carried out with the explicit consent of users, and ensuring the security of the website and mobile application.

SOFTWARE DEVELOPMENT KIT (SDK) USAGE

Software Development Kits (SDK) may be used in our mobile applications, integrated solutions and third-party services to increase performance quality and security for our users. Through these SDKs, certain personal data may be collected, processed or shared with third-party service providers.

3.1. Data Collected and Processing Purposes

The main data that can be collected through SDKs are as follows:

• Device Information: Operating system, model, screen resolution, language preference, application version, etc.,
• Usage Data: In-app movements, clicks, navigation paths, session duration, etc.,
• Identifiers: Advertising ID (IDFA, GAID), session ID, user-specific anonymous identifiers, etc.,
• Performance and Error Logs: Crash reports, error logs, loading times, etc.,
• Location Data (optional): GPS or IP-based location data (only with explicit consent)

Data obtained through SDKs are processed in accordance with relevant legal regulations for the purposes of measuring and improving website and mobile application performance, detecting errors and security vulnerabilities, improving user experience, advertising, marketing and user profiling (only if explicit consent has been obtained), and analyzing and reporting user behaviors.

3.2. Third-Party SDK Providers

SDKs may be developed by third-party service providers. The legal responsibility for operations related to personal data in third-party SDKs belongs to the third party, and the Company has no responsibility.

Third-party SDKs are subject to the privacy policy of the third party. Personal data may be transferred abroad, and in this case, the Company takes necessary legal and security measures within the scope of KVKK and GDPR, and the Company operates within the scope of the user's explicit consent.

3.3. Data Security

All data collected through SDKs are protected by methods such as encryption, access control, and anonymization. Data sharing with third parties is carried out only within the scope of contractual security measures and legal responsibilities.

WEB TRACKING POLICY

Our Company uses various Web Tracking Technologies through the website and mobile application to improve user experience, measure performance and ensure security. These technologies are only activated in compliance with KVKK and GDPR and with the explicit consent of users.

4.1. Tracking Technologies Used

• Cookies: Small text files placed in the browser. Session cookies, persistent cookies, necessary cookies, analytical cookies and advertising cookies may be used.
• Pixel Tags: Small pieces of visual code that track page views and ad interactions.
• Analytics Tools: Technologies used to analyze and report user behaviors.
• Advertising and Retargeting Tools: Technologies used to provide marketing optimization for users and to ensure that such operations work more efficiently and accurately.
• Log Files: Technologies used to collect data such as IP address, browser type, access date and time through server logs.

Personal data collected through Web Tracking Technologies parallel the types of personal data collected through SDKs, and are subject to the system and legal regulations related to SDKs in terms of the purposes of processing users' personal data, conditions for transferring collected personal data to third-party service providers, and the security of collected data.

LEGAL GROUNDS

Our Company processes users' personal data within the scope of KVKK, GDPR and relevant legal regulations under this Privacy Policy.

5.1. Processing of Personal Data Under GDPR and KVKK

The processing of personal data is regulated under Article 5 of KVKK and Article 6 of GDPR. According to these regulations;

• Explicit Consent: Obtained especially for operations that are not legally required, such as marketing, profiling, SDK and web tracking technologies.
• Expressly Provided by Laws: Records that must be kept within the scope of tax, commercial or consumer legislation.
• Physical Impossibility: Mandatory for the protection of the life or physical integrity of the person or another person who is unable to express consent due to physical impossibility or whose consent is not legally valid.
• Establishment or Performance of Contract: Necessary processing of personal data belonging to the parties of a contract, provided that it is directly related to the establishment or performance of a contract.
• Legal Obligation: Mandatory for the data controller to fulfill its legal responsibility.
• Publicization: The personal data has been made public by the data subject themselves.
• Establishment, Exercise or Protection of a Right: Data processing is mandatory for the establishment, exercise and protection of a right.
• Legitimate Interest: Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

Within the scope of KVKK Article 6 and GDPR Article 9 legal regulations; special category data such as race, health, and biometric data can only be processed with explicit consent or in exceptional cases provided by law. Our Company does not process special category personal data as a rule. If processing of special category personal data is mandatory, additional security measures determined by the relevant board are applied.

INTERNATIONAL DATA TRANSFER

For personal data processed through SDK and web tracking technologies, if the servers of SDK and web tracking providers are located abroad, transfer is made with security measures in compliance with KVKK and GDPR (explicit consent, undertaking, standard contractual clauses, etc.).

DATA RETENTION PERIOD

Personal data belonging to users are stored for the period required by the processing purpose or for the period specified in relevant legislation after being processed in accordance with legal regulations. When the period expires or when there is no longer a need to store the data, personal data may be deleted, anonymized or destroyed.

USER RIGHTS

Our Company is committed to the principles of transparency and accountability in the protection of personal data. In this context, the rights of our users arising from KVKK and GDPR are guaranteed.

8.1. Rights Under KVKK

Within the scope of legal regulations in KVKK, certain rights have been defined for users regarding personal data. These are:

• To learn whether personal data is processed,
• To request information if personal data has been processed,
• To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
• To know the third parties to whom personal data is transferred domestically or abroad,
• To request correction of personal data if it has been processed incompletely or incorrectly, and to request notification of this to third parties,
• To request deletion or destruction of personal data within the framework of conditions stipulated in KVKK Article 7 and to request notification of this to third parties,
• To object to the emergence of a result against the person themselves by analyzing processed data exclusively through automated systems,
• To claim compensation for damages in case of damage due to unlawful processing of personal data,

users have these rights.

8.2. Rights Under GDPR

Our users located in the EU/EEA region also have the following rights:

• Right of Access: To request access to personal data and learn for what purposes it is used,
• Right to Rectification: To request correction of incorrect or incomplete data,
• Right to Erasure: To request deletion of data under certain conditions,
• Restriction of Processing: To request that processing of data be stopped in certain situations,
• Data Portability: To receive personal data in a structured and commonly used format or transfer it to another data controller,
• Right to Object: To object to data processing based on legitimate interests, including direct marketing,
• Rights Related to Automated Decision-Making: To be subject to decisions based solely on automated processing, including profiling,

they have these rights.

8.3. Exercising Rights

Users can apply to our Company by email or in writing to exercise their rights. Applications made under KVKK are responded to within 30 days at the latest. However, this period may be extended except for necessary or force majeure situations to the extent permitted by law, in which case the user is informed about how long the period may be extended.

For applications made under GDPR, transactions are concluded within one month as a rule. However, if deemed necessary, an additional period of two months may be taken, in which case the user is informed.

Applications made by users within the scope of the rights granted to them are free of charge; however, if the transaction requires an additional cost, a fee may be charged in accordance with KVKK and relevant legislation.

Requests for deletion of data or suspension of processing can only be fulfilled to the extent that legal obligations do not prevent it. Our Company reserves the right to reject requests that abuse such requests or that would violate the rights and freedoms of third parties.

CHANGES

This Privacy Policy may be updated in accordance with legal regulations and/or legal requirements. Updates become effective from the moment they are announced on our Company's website or mobile application.

CONTACT

MERS YAZILIM VE TEKNOLOJİ HİZMETLERİ LİMİTED ŞİRKETİ

Address: Karaman Mah. Ceylan(170) Sk. No: 1 İç Kapı No: 1 Nilüfer/Bursa
Email: [email protected]