The New Mobile Platform
Shopping & Consumer Loans

Personal Data Protection Policy


Regulated in Article 20 of the Constitution; this right, that everyone has the right to demand the protection of their personal data; In accordance with the Law on the Protection of Personal Data No. 6698, on the basis of the basic legal basis that personal data can be processed only in cases stipulated by the law or with the explicit consent of the person. We attach utmost importance to the protection and processing of Personal Data in accordance with the law and we act with this care in all our planning and activities. As the company, we take all administrative and technical measures for the protection and processing of Personal Data, which is the basis of privacy, and we inform and warn our personnel about the legal sanctions regulated in Article 135 of the Turkish Penal Code (TPC) No. 5237 and the following.


With the Law No. 6698 on the Protection of Personal Data in force, the protection of fundamental rights and freedoms of individuals, in particular the privacy of private life, and the obligations of natural and legal persons processing personal data, as well as the procedures and principles to be followed, are regulated in the processing of personal data. The aim of our policy, which was prepared by taking into account the regulation in question; ensuring compliance with the obligations regarding the protection of personal data, processing, transferring and protecting the confidentiality of the information provided within the scope of the activities carried out by our Company, by evaluating with a risk-based approach, determining strategies, internal controls and measures, operating rules and responsibilities, and raising awareness of the employees of the institution on these issues. At the same time; It is aimed to ensure transparency by informing the people whose personal data are processed by our Company, especially our customers, potential customers, employees, employee candidates, Company shareholders, Company officials, visitors, employees, shareholders and officials of the institutions/organizations we cooperate with, and third parties.


This policy applies to all transactions processed automatically or non-automatically, provided that it is a part of any data recording system, of our customers, potential customers, employees, employee candidates, Company shareholders, Company officials, visitors, employees, shareholders and officials of the institutions we cooperate with, and third parties. regarding your personal data.


Explicit Consent

Consent, which is based on information on a particular subject and expressed with free will.


It is the change of personal data in such a way that it loses its ability to be associated with an identified or identifiable person and this situation cannot be undone. Example: Masking, aggregation, data corruption etc. making personal data incapable of being associated with a natural person with techniques.


Persons working in the Company pursuant to the employment contract concluded with the Company.

Employee Candidate

Real persons who have either applied for a job in the Company by any means or have opened their CV and related information to the Company’s inspection.

Real Persons and Private Law Legal Entities

Real persons are those who were born right and full and currently living in accordance with the Turkish Civil Code. Private Law Legal persons refer to the Commercial Companies defined in the Turkish Commercial Code and the associations and foundations defined in the Turkish Civil Code.

Open to Everyone

It refers to the group of people that does not constitute any characteristic, that is, all people.


Real or legal persons who own shares (shares) in the Company of the Data Controller.

Business Partner

The parties with which the Data Controller carries out commercial activities and has a commercial relationship.

Employees, Shareholders and Officials of the Institutions We Collaborate with

Natural persons, including the shareholders and officials of these institutions, working in the institutions (such as but not limited to business partners, suppliers) with which the company has all kinds of business relations.

Affiliates and Subsidiaries

Affiliates are companies in which the Data Controller has a share in the capital of another company. If the company has more than 50% of the voting rights of the company it is a partner of, the relationship between the company and the partner company creates a subsidiary, if the majority is not in the company, there is a simple affiliate relationship.

Processing of Personal Data

Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data by fully or partially automatic or non-automatic means provided that it is a part of any data recording system, All kinds of operations performed on data such as classification or prevention of use.

Personal Data Owner

The natural person whose personal data is processed. For example; Customers and employees.

Personal Data

Any information relating to an identified or identifiable natural person. The processing of information regarding legal persons is not within the scope of the law. For example; name-surname, TR, e-mail, address, date of birth, credit card number etc.


Real persons who use or have used the products and services offered by the Company, regardless of whether they have any contractual relationship with the Company.

Special Quality Personal Data

Data related to race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data are special data.

Potential Customer

Real persons who have requested or interested in using our products and services or who have been evaluated in accordance with commercial practices and honesty rules that they may have.


Real persons who have applied for an internship to the company by any means, and who aim to put their theoretical knowledge about the profession into practice in the workplace.

Company Shareholder

The shareholders of the company are natural persons.

Company Official

Member of the company’s board of directors and other authorized natural persons.


Parties that have a business relationship with the Data Controller based on the service contract and/or power of attorney agreement for service procurement within the scope of the Data Controller’s commercial activities.

Group Companies

According to the definition in the Turkish Commercial Code, “Companies that are directly or indirectly affiliated with the controlling company form the group of companies together with it.”

Third Party

Third party real persons (eg Family Members and relatives) who are related to these persons in order to ensure the security of commercial transactions between the Company and the above-mentioned parties or to protect the rights of the aforementioned persons and to obtain benefits.

Data Processor

It is the natural and legal person who processes personal data on behalf of the Data Controller based on the authority given by him. For example, the firm or companies that hold the Company’s data, etc.

Data Controller

The person who determines the purposes and means of processing personal data, manages the place where the data is kept systematically (data recording system), provides the data owner with the necessary information about his personal information as a result of the request / application of the data owner, and makes the referrals.

Authorized Public Institutions and Organizations

Public institutions and organizations that are authorized by the relevant legislation to request information and documents from the Data Controller and are also required to transfer in order for the Data Controller to fulfill their legal obligations.


Real persons who enter the physical premises of the company for various purposes or visit our websites.



Law No. 6698, Law on Protection of Personal Data No. 6698, dated March 24, 2016, published in the Official Gazette No. 29677, dated 7 April 2016.


The Constitution of the Republic of Turkey, dated 7 November 1982 and numbered 2709, published in the Official Gazette dated 9 November 1982 and numbered 17863.

PDP Board

Personal Data Protection Board

PDP Authority

Personal Data Protection Authority


Company Policy on Protection and Processing of Personal Data


Turkish Code of Obligations dated 11 January 2011 and numbered 6098, published in the Official Gazette dated 4 February 2011 and numbered 27836.


Turkish Penal Code No. 5237, dated 26 September 2004, published in the Official Gazette dated 12 October 2004 and numbered 25611.


Turkish Commercial Code No. 6102, dated January 13, 2011, published in the Official Gazette dated February 14, 2011 and numbered 27846.


The Company may save, process or transfer data for the following categories of data.


Information such as name, surname, mother and father’s name, mother’s maiden name, date of birth, place of birth, marital status, identity card serial number, Turkish Citizenship identification number.


Information such as address number, e-mail address, contact address, registered e-mail address (KEP), telephone number.


The location information of the current location.


Information such as payroll information, disciplinary investigation, entry-exit document records, property declaration information, resume information, performance evaluation reports.

Legal Action

Information such as information in correspondence with judicial authorities, information in the case file.

Customer Transaction

Information such as call center records, invoice, promissory note, check information, information in box office receipts, order information, request information.

Physical Space Security

Information such as entry and exit registration information of employees and visitors, camera recordings.

Transaction Security

Information such as IP address information, website login and exit information, password and password information.

Risk Management

Information such as information processed to manage commercial, technical, administrative risks.


Information such as balance sheet information, financial performance information, credit and risk information, and asset information.

Professional Experience

Information such as diploma information, courses attended, vocational training information, certificates, transcript information.


Shopping history information, survey, cookie records, information obtained through campaign work.

Audio-Visual Recordings

Recordings such as audio-visual recordings.

Health Information

Information about disability, blood group information, personal health information, PCR test results, pandemic health information, such as device and prosthesis information.

Criminal Conviction and Security Measures

Information such as information on criminal convictions, information on security measures.


The Company may save, process or transfer personal data for the following purposes:

Execution of Emergency Management Processes

Execution of Information Security Processes

LearningExecution of Employee Candidate/Intern/Student Selection and Placement Processes

Execution of Application Processes of Employee Candidates

Execution of Employee Satisfaction and Loyalty Processes

Fulfillment of Employment Contract and Legislative Obligations for Employees

Execution of Benefits and Benefits Processes for Employees Conducting Audit/Ethical Activities

Conducting Audit/Ethics Activities

Conducting Educational Activities

Execution of Access Authorizations

Execution of Activities in Compliance with the Legislation

Execution of Finance and Accounting Affairs

Execution of Company/Product/Services Loyalty Processes

Providing Physical Space Security

Execution of Assignment Processes

Follow-up and Execution of Legal Affairs

Conducting Internal Audit/Investigation/Intelligence Activities

Execution of Communication Activities

Planning of Human Resources Processes

Execution/Audit of Business Activities

Conducting Business Continuity Ensuring Activities

Receiving and Evaluating Suggestions for Improvement of Business Processes

Execution of Occupational Health/Safety Activities

Execution of Logistics Activities

Execution of Goods/Service Procurement Processes

Execution of Goods/Services After Sales Support Services

Execution of Goods/Service Sales Processes

Execution of Good/Service Production and Operation Processes

Execution of Customer Relationship Management Processes

Execution of Activities for Customer Satisfaction

Organization and Event Management

Conducting Marketing Analysis Studies

Execution of Performance Evaluation Processes

Execution of Advertising / Campaign / Promotion Processes

Execution of Risk Management Processes

Creating and Tracking Visitor Records

Execution of Management Activities

Providing Information to Authorized Persons, Institutions and Organizations

Execution of Talent/Career Development Activities

Execution of Investment Processes

Foreign Personnel Work and Residence Permit Procedures

Ensuring the Security of Data Controller Operations

Execution of Marketing Processes of Products/Services

Execution of Wage Policy

Ensuring the Security of Movable Property and Resources

Follow-up of Requests/Complaints

Execution of Strategic Planning Activities

Execution of Sponsorship Activities

Execution of Contract Processes

Conducting Social Responsibility and Civil Society Activities

Execution of Storage and Archive Activities


The legal reasons for the processing of personal data are regulated in Article 5 of the PDP.

Personal data cannot be processed without the explicit consent of the person concerned.

In the presence of one of the following conditions, it is possible to process personal data without seeking the explicit consent of the data subject:


The legal reasons for the processing of personal data are regulated in Article 6 of the PDP.

It is prohibited to process sensitive personal data without the explicit consent of the person concerned.

Special categories of personal data other than health and sexual life may be processed without seeking the explicit consent of the person concerned, in cases stipulated by the laws. Personal data related to health and sexual life are only for the purpose of protecting public health, performing preventive medicine, medical diagnosis, treatment and care services, planning and managing health services and financing, by persons or authorized institutions and organizations under the obligation of secrecy without seeking the explicit consent of the person concerned. can be processed.


The Company may transfer personal data to the following Personal Data Transfer Recipient groups.



Business Partner

Affiliates and Subsidiaries


Community Company

Authorized Public Institutions and Organizations


The company may save, process or transfer personal data according to the following types of persons:

Employee Candidate



Potential Product and Service Buyer


SupplierSupplier Employee

Supplier Representative

Product or Service Recipient



Although the personal data has been processed in accordance with the law, in the event that the reasons for the processing disappear, these data are deleted, destroyed or anonymized by the data controller ex officio or upon the request of the person concerned.

The Data Controller deletes, destroys or anonymizes personal data in the first periodical destruction process following the date on which the obligation to delete, destroy or anonymize personal data arises.

The actions to be taken regarding these matters are explained in detail in the Personal Data Retention and Destruction Policy.


Personal data retention periods are regulated in detail in the Personal Data Retention and Disposal Policy.


For questions and/or comments regarding the Personal Data Protection Policy, please contact us using the contact information below:

Mersis No

KEP Address

E-Mail Address

Physical Mailing Address




Küçükbakkalköy Mahallesi Kayışdağı Caddesi Allianz Plaza Sitesi No: 1 İç Kapı No: 108 Kat:29 Ataşehir-İstanbul