Privacy Policy

EGE MONEY INVESTMENT YAZILIM AŞ INTERNET SITE DISCLOSURE TEXT

(KVKK- PROTECTION OF PERSONAL DATA)

As Ege Money Investment Yazılım Joint-Stock Company ("Our Company" or "Ege Money"), to ensure the security of your personal data obtained through our official websites www.egemoney.com, within the framework of the Personal Data Protection Law No. 6698 and the relevant legislation, We attach great importance to processing and protection issues.

This Website KVK Clarification Text ("Clarification Text") has been prepared as Ege Money to fulfill our obligation of illumination arising from the KVK legislation as a data controller.

Following the provisions of the Law on the Protection of Personal Data No.6698 and the relevant regulations (KVKK Regulations), any information that makes your identity specific or identifiable, including your special personal data, is considered as Personal Data, and Ege Money as Data Supervisor as described below and by the legislation It is processed within the limits ordered.

"Processing of Your Personal Data" refers to all kinds of operations performed on data such as obtaining, saving, storing, preserving, changing, reorganizing, disclosing, transferring, taking over, making available, classifying, or preventing their use.

Definitions in the Ege Money User Agreement ("Agreement") and "Customer Recognition Policy and Principles for Preventing Money Laundering and Terrorism Financing" ("AML and KYC Policy") for the interpretation of expressions not defined in this Policy will be considered.

You can feel safe while using the site. However, please remember that no system is completely secure. Even if we take all necessary steps to protect your data, there is always the possibility of being out of a security. For this reason, we would like to remind you that you should be very careful while processing your personal data. Other than the data requested by the Company, the processing of the data transmitted by you without the request of the Company will not be counted as personal data processed by the Company under this Policy. For this reason, we strongly warn you that you should not share your voice, images, and other personal data not requested by the Company, including but not limited to, via e-mail, message, or any other communication channel.

Regarding Cookies

The Company will be able to obtain information about the User's use of the Site by using cookies (Cookies), which are a technical communication file, process the data in this context, and transmit it to third parties for the purpose of processing within the scope of analysis services offered by third parties, only for the use of these analytics services to the extent required. The aforementioned technical communication files are small text files that the Site sends to the user's browser to be stored in the main memory. The technical communication file facilitates the use of the internet in this sense by storing the status and preference settings about a website.

Technical communication file designed for users to obtain statistical information about how many people use the Site in temporal proportion, for what purpose, how many times a person visits the Site and for how long, and to help dynamically generate advertisements and content from user pages especially. It is designed and used for these purposes. The technical communication file is not designed to receive any other personal data from the main memory. Most of the browsers are initially designed to accept the technical communication file, but users will always be able to change the browser settings so that the technical communication file does not arrive or a warning is given when the technical communication file is sent. You can find details about cookies in the "Ege Money Cookie Policy" on the Site.

The Company will be able to determine and use the IP address of the Users when necessary, to identify the problems related to the system, and resolve the problems urgently. IP addresses can also be used to define Users in general and to collect comprehensive demographic information.

  1. Who is Responsible for the Processing of Your Personal Data?

The data controller in the processing of data is Ege Money Investment Anonim Şirketi with Mersis Number 0325107235900001. Contact information of Ege Money is as follows:

Postal address: Yalı Mah. 6523 sok. No: 32 B / 601 Karsiyaka / IZMIR

Email: [email protected]

  1. Which Personal Data We Process, In Which Ways and For What Purpose?

Your personal data, all contracts/information forms and other documents issued with your consent and/or signature, with your electronic consent and/or your signature, physical environments, call centers, websites, mobile applications, internet transactions, social media, and other public In written, automatic and non-automatic methods in electronic and physical media in a limited and measured manner, in connection with the purposes described, through channels such as channels; Turkish Penal Code No. 5237, Electronic Commerce Law No. 6563, Code of Criminal Procedure No. 5271, Law No. 5549 on the Prevention of Laundering Proceeds of Crime, Labor Law No. 4857 and Turkish Commercial Code No. 6102, all relevant national / international legislation and national / In order to fulfill the obligations arising from the secondary regulations published by international competent authorities based on them and also from all contracts to which it is a party, your personal data are processed by our Company in accordance with the legislation of KVK for the following purposes and depending on the legal bases stated below.

a. Collected For The Application Identity and Contact Information : Name, surname, mobile phone, e-mail address, the Republic of Turkey identity number, identity card serial number, address, parents' name, photograph, and other personal information.

a.1 Our Purpose of Processing : To provide your membership to our site and to verify your information. To use in the products and services you buy / will receive from our company, to communicate about the product and service you will receive / will receive, to provide an effective user service.

a.2 Legal Reason : Fulfillment of legal and administrative obligations by our company, fulfillment of our obligations within the scope of ETK legislation, establishment and performance of contracts with our company.

b.Customer Transaction Information: Payment card information, bank account number, IBAN, receipt, receipt information, account information, account activities performed by the customer on the crypto money wallet, contact history, etc.

b.1 Our Purpose of Processing: To enable you to perform Turkish Lira transactions. To verify and perform financial transactions related to transactions

b.2 Legal Reason: Establishment and execution of a purchase/sale contract with the customer (member) and execution of the transactions to be made within this scope

c. Location Information: Location information of the place where the transaction takes place and where it is located.

c.1 Our Purpose of Processing: To fulfill our obligations arising from Law No. 5651 on the Regulation of Broadcasts Made on the Internet and Fight Against Crimes Committed Through These Publications and its secondary regulations.

c.2 Legal Reason: The processing activity is clearly stipulated in the laws and the fulfillment of the related legal obligations.

d. Data Collected Through Cookies: You can find detailed information about your processed data, including the IP address, the type of device used, the operating system, and browser information, in the “Ege Money Cookie Policy” published on the Site.

Data that are irreversibly anonymized by Articles 3 and 7 of the Law will not be considered as personal data in accordance with the Law, and the processing activities related to these data will be carried out without being bound by the provisions of this Policy.

The applicant undertakes that the information subject to this Policy is complete, accurate and up-to-date, and will update them immediately in case of any change in this information. The Company will not be liable for the situations caused by the applicant's failure to share his / her up-to-date information.

Who Can Access Your Data?

The Company provides the personal data provided by the Users and the new data produced by the Company using these personal data, the provision and/or development of the Services, the development of the Users' experience, and the "For What Purposes We Process Your Data?" with outsourcing service providers and other third parties for the realization of any of the purposes stated under the heading.

The Company will also be able to process the data subject to this privacy policy without obtaining the consent of the Users and share them with third parties following Articles 5 and 8 of the Law and/or in the presence of exceptions in the relevant legislation. The main ones are as follows:

It is clearly stipulated in the laws,

● The person who is unable to disclose his / her consent due to actual impossibility or whose consent is not legally valid is compulsory for the protection of himself or someone else's life or bodily integrity,

● The processing of personal data is necessary, provided that it is directly related to the establishment or performance of a contract, including the contract,

● It is mandatory for the company to fulfill its legal obligation,

● It is made public by the users themselves,

● Data processing is mandatory for the establishment, use or protection of a right,

● Provided that it does not harm the fundamental rights and freedoms of users, the Company's legitimate data processing is mandatory for their interests.

Limited to the fulfillment of the aforementioned purposes, the Company transfers personal data to its servers (the servers may belong to itself, its affiliates, subcontractors, or service providers with proven international reliability) located anywhere in the world other than the country of residence of the Users, in order to receive hosting services has the right.

General Principles in Processing Personal Data

Ege Money, Constitution of Turkey, Personal Data Protection Law and the GDPR for alignment with the EU legislation (General Data Protection Regulation) scope and in and protect process data in accordance with these regulations.

In this context, Ege Money acts in accordance with Article 4 of the Law, in accordance with the following principles:

4.1 Compliance with Law and Good Faith

As a prudent merchant, Ege Money acts in accordance with the principles of legal regulations and general trust and honesty in the processing of personal data.

4.2 Ensuring that Personal Data is Accurate and Updated when Required

Ege Money ensures that the personal data it processes are accurate and up-to-date, taking into account the fundamental rights of personal data owners and their own legitimate interests within the scope of the Law on the Protection of Personal Data, along with other laws that it has to comply with within the scope of its activities.

4.3 Processing for Specific, Clear, and Legitimate Purposes

Ege Money clearly and precisely determines the legitimate and legal purpose of processing personal data. In this context, personal data are presented or processed limited to the services to be provided and legal obligations. The purpose for which personal data will be processed is revealed before the personal data processing activity begins.

4.4 Being Related, Limited, and Measured for the Purpose of Processing

Ege Money processes personal data in a way that is convenient for the realization of the specified purposes and avoids the processing of personal data that are not related to the realization of the purpose or not needed. Accordingly, the processing of data is limited to activities and legal obligations.

5. Conditions of Processing Personal Data

5.1 Obtaining the Explicit Consent of the Personal Data Owner

One of the conditions for processing personal data is the explicit consent of the owner. The explicit consent of the personal data owner should be explained on a specific subject, based on the information and with free will.

5.2 Cases Where Personal Data Can Be Processed Without Requiring Explicit Consent

5.2.1 Explicitly Stipulated in Laws

Personal data of the data owner may be processed in accordance with the law without obtaining express consent if explicitly stipulated in the law (For example, Regulation on Prevention of Laundering Proceeds of Crime and Terrorist Financing, Article 5).

5.2.2 Failure to Obtain Explicit Consent of the Relevant Person Due to Actual Impossibility

Personal data of the data owner may be processed if it is necessary to process the personal data of the person who is unable to disclose his consent due to the actual impossibility or whose consent cannot be validated or to protect the life or body integrity of another person. saving).

5.2.3 Being Directly Related to the Conclusion or Performance of the Contract

Provided that it is directly related to the establishment or execution of a contract, it is possible to process personal data if it is necessary to process personal data belonging to the parties of the contract (For example, obtaining billing information of a person receiving a service from our company).

5.2.4 Legal Obligation

Ege Money may process the personal data of the data owner if the processing is necessary in order to fulfill its legal obligations (For example, answering the questions asked by public institutions such as MASAK, BTK, BRSA, sending the requested documents).

5.2.5 Making Personal Data Public by Personal Data Owner

If the personal data is made public by the data owner himself, the relevant personal data may be processed (For example, searching for a person applying for a job to our company).

5.2.6 When Data Processing is Mandatory for the Establishment or Protection of a Right

In the event that data processing is necessary for the establishment, use or protection of a right, the data subject's personal data may be processed (For example, obtaining the information of non-customers who apply to our company through the help section).

5.2.7 Data Processing Required for the Legitimate Interest of Ege Money

Provided that it does not harm the fundamental rights and freedoms of the personal data owner, the personal data of the data owner may be processed if data processing is necessary for the legitimate interests of Ege Money.

6. Processing of Special Quality Personal Data

Ege Money carefully acts in accordance with the regulations stipulated in the Personal Data Protection Law in the processing of personal data determined as "special quality" by the Law on Protection of Personal Data.

Data determined as "special quality" in Article 6 of the Personal Data Protection Law; Data on race, ethnicity, political opinion, philosophical belief, religion, sect or other beliefs, dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures.

By Ege Money in accordance with the Personal Data Protection Law; Special categories of personal data are processed upon the explicit consent of the personal data subject, provided that adequate measures are taken by the Personal Data Protection Board, and in cases stipulated by law, if there is no express consent.

7.To Whom and For What Purpose the Processed Personal Data Can Be Transferred

Unless otherwise stipulated in the KVK legislation, third parties with whom we share your personal data are obliged to process and protect your personal data-bound and limited for the purpose of sharing and are under the control of Ege Money.

If Money can be transferred to the personal data of third parties in Turkey to be maintained processed outside treatment or Turkey in Turkey, as given above, including outsourcing Act and in accordance with the conditions stipulated in the relevant legislation and all safety precautions specified in the legislation by taking; Unless otherwise stipulated in the contract signed electronically with the data subject and other relevant legislation, it can be transferred abroad.

Due to legal obligations and within the framework of legal limitations, it can be transferred to administrative and official authorities that need to be transferred legally, to third parties from outsourced services, to third parties with whom we cooperate in areas such as program partner institutions, organizations, cooperated call centers.

In order to provide a healthier service and to carry out our activities within the scope of the cooperation to be established as a result of the services offered by our company with the campaigns that our company is currently carrying out with third parties, your "name and surname, city of residence, date of birth, e-mail address, telephone number", your contractual relationship / to domestic/foreign organizations we will be with, domestic/international/international organizations that receive service/support/consultancy or become a project/program partner, companies providing security, SMS and e-mail services, companies providing social media services, surveyors and subcontractors, independent Audit and support services can be shared with third parties such as service and infrastructure providers and business partners to ensure the legal and commercial security of third parties and/or to ensure the security of electronic and physical environments.

The establishment, development, and maintenance of technical and administrative infrastructure and electronic systems (website), and keeping customer data, and managing call center processes can be transferred to third parties, as required by the business.

7.a Transfer of Personal Data Domestically

Your personal data listed in this Clarification Text, as well as the purposes stated in this text, in connection with the purpose of conducting the commercial activities of our Company, with our solution partners and external service providers (IT experts, database providers, backup, and recovery services in order to carry out the commercial activities of our Company. experts, banks, investment institutions, private financial institutions, payment systems organizations, card institutions, financial institutions, etc.) and administrative and official authorities that need to be transferred legally, in accordance with the KVK legislation, with the Microsoft Azure B2C for security system.

Mobile phone number and/or e-mail address of the Member Customer; It is shared with the commercial electronic message intermediary service provider in order to provide promotion, advertisement, benefits, and opportunities in line with the commercial electronic message approval in accordance with its account.

7.b Transfer of Personal Data Abroad

Our company transfers abroad within the scope of the operation of the infrastructure and information systems used by our company with our foreign-based foreign service providers, which we work with, in accordance with the purpose of processing the data and provided that the necessary security measures are taken. Our company also obtains approval from the data owner in the Explicit Consent Text for the transfer abroad.

Your personal data can be transferred to electronic media such as servers, hosting companies, software, cloud computing, which are supported by information technologies abroad for archiving and storage purposes, and can be processed and stored here.

8.Security, Storage, and Destruction of Your Personal Data

Ege Money takes all necessary technical and administrative measures within the scope of KVK and related legislation to ensure the appropriate level of security in order to prevent unlawful processing of personal data and illegal access to personal data and to ensure the protection of personal data.

Although it has been processed in accordance with the provisions of the Personal Data Protection Law and other relevant laws, if the reasons for processing disappear, the personal data are deleted, destroyed, or anonymized by the data controller ex officio or upon the request of the person concerned.

Ege Money reserves the right not to fulfill the request of the data owner in cases where it has the right and/or obligation to preserve personal data in accordance with the provisions of the relevant legislation.

Your personal data are kept for the period required for the purposes of processing specified in this Clarification Text and, in any case, for the statutory statute of limitations specified in the legal regulations or upon the request of the person concerned. In the event of the expiration of the aforementioned periods, continue to use the personal data processed by deleting or anonymizing one or more of the methods of deletion and anonymization specified in the Guide on the Deletion, Destruction or Anonymization of Personal Data published by the KVK Board, using one or more techniques that best suit business processes and activities does.

In the event that your personal data is damaged and/or captured/disclosed by third parties as a result of attacks on our company's physical archive and/or servers and/or other systems, our company informs you and the Personal Data Protection Board within 72 hours after being informed of the incident.

9.Your Right to Obtain Information Regarding Your Personal Data

In this context, by applying to our Company, in accordance with Article 11 of the Law, the persons whose personal data are processed by our Company;

- Learning whether your personal data is being processed,

- If personal data has been processed, to request information regarding this,

- Learning the purpose of processing personal data and whether they are used appropriately for their purpose,

- To know the third parties to whom personal data is transferred domestically or abroad,

- To request correction of personal data in case of incomplete or incorrect processing, and to request notification of the transaction made within this scope to third parties to whom personal data have been transferred,

- To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law (the situation that the reasons requiring the processing of personal data are eliminated despite the fact that it has been processed in accordance with the provisions of the Law and other relevant laws) and to notify the third parties to whom the personal data has been transferred don't want

- To object to any unfavorable result arising by analyzing the processed data exclusively through automated systems,

- In case of damage due to the processing of personal data illegally, they have the right to demand the compensation of the damage. Exceptional circumstances stipulated in article 28 of the Law are reserved.

In this context, you can fulfill data owners requests to us by:

Our company's official office address is registered in written with identity confirmation or by registered electronic mail (KEP) address, secure electronic signature, mobile signature or by using the e-mail address registered in our system and notified to us by the person concerned. in accordance with Article 13 of the KVKK and Article 5 of the Communiqué on Application Procedures and Principles of Application to the Data Controller published in the Official Gazette numbered 30356 and dated 10.03.2018.

Our company will finalize the application requests, which are duly, according to the nature of the request and within 30 (thirty) days at the latest. If the transaction requires cost, the tariff determined by the KVK Board will be applied. If the request is rejected, the reason (s) for rejection will be justified in writing or electronically.

This Context may be updated in order to comply with the KVK legislation due to our changing processes. We kindly ask you to visit our site for updates that may occur.

We would like to remind you that if the message in question is not encrypted in e-mail communication, the security of the message cannot be guaranteed and you are responsible for the security of the e-mails you send.

10. Disclosure Obligation

In accordance with Article 10 of the Law on the Protection of Personal Data, Ege Money offers personal data owners during the acquisition of personal data, the identity of Ege Money during the acquisition of personal data, the purpose for which personal data will be processed, to whom and for what purpose the processed personal data can be transferred, personal data. provides clarification on the method and legal reason of the collection and the rights that the personal data owner has within the scope of Article 11 of the Personal Data Protection Law. Ege Money informs the customer with the Illumination Text issued by a pop-up during the membership process, and every person who accepts the usage agreement on the site and is a member of the site accepts that this awareness has been made to him.

In addition, in cases where the explicit consent of the relevant persons is required for the processing of personal data, comprehensive clarifications are made in order to obtain the consent of the data subjects regarding a specific subject and declared with free will.

In addition, Ege Money informs the personal data owners and those concerned that it carries out personal data processing activities in accordance with all the issues in the Personal Data Protection Law, especially in accordance with the "law and the rule of honesty", with various public documents, especially this Policy document, to inform and transparency in personal data processing activities. provides.

11. Ensuring the Security of Personal Data

Our company takes technical, administrative, and physical measures regarding data security to be taken in order to prevent unlawful access to personal data and to protect personal data by illegally processing personal data.

11.1 Technical Measures for Data Security

Within the scope of the Information Security Management System, it carries out activities that are systematic, laid down, planned, manageable, sustainable, documented, accepted by the management, and based on international security standards in order to ensure confidentiality, integrity, and uninterrupted availability (accessibility) of information.

- Taking, but not limited to, firewall and gateway measures in order to ensure cybersecurity; preventing employees from accessing threatening websites or online services; deletion of unused software and services from computers; It takes measures such as ensuring that software and hardware are in the most up-to-date version against security vulnerabilities.

In the name of tracking personal data security; Measures are taken such as checking which software and services are running in the information networks, determining whether there is infiltration or non-infiltration in the information networks, keeping the log records of all users, and preventing the acquisition of data by copying in case of maintenance and repair of any device on which the data is processed.

In order to ensure the security of environments containing personal data; Necessary measures are taken to anticipate the risks such as theft, loss, or damage of the devices or printed documents where personal data are stored, and to take measures to prevent these risks and to minimize the damages in case these risks occur.

- If personal data is stored in the cloud; The data security measures of the relevant cloud storage systems and providers are examined, measures such as encryption of personal data to be transmitted (to be uploaded) to data storage service providers with cryptographic methods, encrypted and disposed of in cloud environments, restriction, and control of people, places and internet networks where data storage service providers can be accessed.

Within the scope of procurement, development, and maintenance of information technology systems; In order to control the correct data entry of existing systems and to ensure that the correct entered information is not corrupted during the process, measures such as establishing control mechanisms within the applications, preventing errors that may cause data loss, avoiding sending data-storing parts or taking necessary precautions when there is a need to send the devices to third parties in case of hardware errors.

11.2 Administrative Measures Regarding Data Security

In order to protect personal data, our company provides awareness training to its employees, informs its employees that they cannot disclose the personal data they have learned to anyone in violation of the provisions of the Law and that they cannot use them except for the purpose of processing, and this obligation will continue after they leave their duties, and accordingly receives necessary commitments from them. In case of making necessary updates by following the changes in the legislation, in case of transfer of personal data, special provisions are added to protect the data of personal data subjects in the contracts made with the data transferred persons, risks are determined through periodic audits, efforts are made to keep personal data as little as possible and other administrative measures are taken.

11.3 Physical Precautions Regarding Data Security

In order to protect personal data, our company takes security measures in the buildings belonging to our Company, makes authorizations in environments such as archives where personal data is kept, and takes measures for the security of electronic devices where personal data are kept.

11.4 Precautions To Be Taken In Case Personal Data Are Obtained By Others Illegally

Our company, as the data controller, notifies the relevant person and the Board, as soon as possible, in the event that personal data is obtained by others through illegal means.

In case of any violation, our company, as a rule, anticipates making a Board notification within 72 hours of the violation is detected.

12. Reporting Security Vulnerability

As Ege Money, we do not accept any security risks. If you notice any technical issues, let us know. You can send an e-mail to [email protected] with the details of the vulnerability and explaining what we need to do to see or verify this vulnerability, including your contact information and name.

In case of linking to other applications through the site, the Company will not bear any responsibility for the privacy policies and contents of the applications.

13. Communication Permission

Providing and offering various advantages to you of your personal data specified in this Policy, which you have given consent to be shared with us with an explicit consent text and electronic communication permission, and making all kinds of electronic communication for your specific advertising, sales, marketing, survey, reservation privilege and other similar purposes and other in order to send communication messages; You consent to its collection, storage, processing, use, transfer. The company, verification by e-mail address during registration, verification that the password is forgotten, informing / approval in case of money / crypto deposit / withdrawal, confirmation during the registration of addresses where money / crypto money can be withdrawn, notification for security reasons, e-invoice via mail with Users for the purpose of transmission; Phone number verification during registration, notification as a double-factor verification method, for the purpose of verifying that the password is the right person when it is forgotten, money / cryptocurrency withdrawal confirmation / notification, notification to be made for security reasons, and suspicious transaction reporting will communicate with the Users via phone or SMS.

The Company will take all necessary measures to ensure that the personal data in question is stored securely in accordance with Article 12 of the Law, and to prevent unauthorized access and illegal data processing.

14. Age Limit

The company will not intentionally collect and record data of persons under the age of 18. If you are under the age of 18, we importantly inform you that you should not use the Platform and the Services and not share any personal data with the Company. In this regard, the Company will have the right to terminate / suspend the relevant user accounts without notice if at any time the Company reaches a reasonable level of suspicion or determines that the user who is the account owner or the person who performs the transaction with the account belonging to the User is under the age of 18. The company will take reasonable steps to delete the data when it becomes known that the data of a person under the age of 18 has been collected.

15. Changes in Policy

The Company may change the provisions of this Policy at any time by publishing it on the Site. Policy provisions that the Company has changed will become effective on the date of publication. Ege Money will make the necessary information to the Users in order to be aware of the changes made in this Policy.

16. Application and Enforcement

The matters regulated in this Policy are subject to the Law and secondary legislation, in case of conflict between the policy and the provisions of the legislation, the provisions of the legislation will be applied. This Policy is published on our Company's website (https://www.egemoney.com) and is in effect from the date of its publication.

Ege Money may make changes or updates in this policy in line with legal regulations and Company Policy. Necessary information is provided about the new Policy text, which reflects all these changes and updates, via the website or other Ege Money services such as mobile applications or by communicating via other means of communication such as your e-mail.

17. Conflict Resolution

This policy is subject to the laws of the Republic of Turkey. İzmir Courthouse and Enforcement Offices shall be authorized for all disputes arising from or related to this Policy.