PRIVACY NOTICE

At Bitci Borsa Teknoloji A.Ş. ("Bitci" or "We"), we are committed to protecting your personal data. With this Privacy Notice ("Notice"), we would like to inform you about our activities in which we process your personal data.

This Notice also forms an integral part of the Bitci Borsa User Agreement executed by and between Bitci and real person users who become members via Bitci.com.tr website or Bitci's mobile applications ("mobile applications") (the website and mobile applications are collectively referred to as the "Platforms").

1. DATA CONTROLLER

The data controller in the processing of your personal data is BİTCİ BORSA TEKNOLOJİ ANONİM ŞİRKETİ with Mersis Number [0178118113600001]. Contact information for Bitci is as follows:

• Address: Ortakent Yahşi Mahallesi, Hortma Caddesi, No:9 Bodrum/MUĞLA
• Phone: +90 850 255 48 48
• E-mail: [email protected]

2. DATA COLLECTION AND CATEGORIES OF PERSONAL DATA

Bitci collects (i) information that you voluntarily share with us when you use the Platforms and (ii) information that is automatically obtained when you use the Services available on the Platforms for the purposes set out in this Notice, but only to the extent permitted by law.

Personal Data Category	Example of Personal Data
Identity Information	Name, date of birth, place of birth, ID number, identity information, mother's name, father's name, ID serial number, ID validity date, nationality, signature, ID photo, gender
Contact Details	E-mail address, postal address, residential address, telephone number and other personal data
User Transaction Information	Payment card information, call document records, account holder's name, billing information, bank account number, IBAN number, receipt, receipt information, account information, account transactions performed by the User on the crypto currency wallet, contact history, etc.
Financial Information	Bank/payment institution information, User number, payment account information, call document records, name of account holder, invoice information, bank account number, IBAN number, receipt, receipt information, account information, financial performance information, asset information.
Visual Records	User’s photo
Marketing Information	Conversations and correspondence between Bitci and the User via phone and e-mail, communication history, shopping history information, survey, cookie records, information obtained through campaigns, etc.
Location Information	Information about the location where the transaction took place and  is located.
Transaction Security Information	User's IP address, website login-logout information, password and password information, snapshot, transaction receipts, residence address, birth certificate, internet provider, operating system and browser used, device type (laptop or smart phone), mobile application or website, device cookie settings, geographical region reported by the User’s device

3. PURPOSES AND LEGAL REASONS FOR PROCESSING PERSONAL DATA

 Your personal data is processed by us for the purposes listed below in accordance with the principles set out in Article 4 of Law No. 6698 on the Protection of Personal Data ("PDPL") and on the basis of the legal justifications listed in Articles 5 and 6: 

Purposes	Legal Purposes Within the Framework of Article 5/2 of PDPL
·       Compliance with the Regulation on Measures to Prevent Laundering Proceeds of Crime and Financing of Terrorism ·       Execution of Operations in Compliance with the Legislation ·       Pursuing and Execution of Legal Affairs Providing Information to Authorized Persons, Institutions and Organizations	a) When it is clearly provided for by the laws
·       Updating identity and contact information ·       Performing Goods / Service Sales Processes ·       Providing After Sale Support Services For Goods/Services ·       Performing Communication Activities ·       Executing Financing and Accounting Processes  ·       Following-Up Requests and Complaints ·       Execution of Contract Processes	c) Provided that it is directly related to the establishment or performance of a contract, when it is necessary to process the personal data of the parties.
• Execution of Operations in Compliance with the Legislation  • Pursuing and Execution of Legal Affairs • Executing Financing and Accounting Processes • Providing Information to Authorized Persons, Institutions and Organizations (such as BTK, BDDK etc.) • Performing Information Security Processes	ç) When it is mandatory for the data controller to fulfill its legal obligations.
·       Following-Up Requests and Complaints  ·       Requesting information/documentation from the user to ensure account security ·       Providing After Sale Support Services For Goods/Services	e) When data processing is mandatory for the establishment, exercise or protection of any right
·       Performing Management Activities ·       Receiving and evaluating suggestions for improvement of business processes    ·       Performing Information Security Processes  ·       Performing activities for customer satisfaction ·       Performing customer relationship management processes ·       Executing Advertising / Campaign / Promotion Processes ·       Executing Company / Product / Service Loyalty Processes ·       Performing Communication Activities	f) When data processing is mandatory for the legitimate interests of the controller, provided that it does no violate the fundamental rights and freedoms of the data subject..

Your personal data that falls within the category of identity and communication will be processed with your explicit consent for the purposes of carrying out the advertising / campaign / promotion processes.

Due to the fact that the infrastructure of the IT Systems and databases that are used for conducting communication activities and keeping your data safe are located abroad, your personal data will be transferred abroad with your “explicit consent”.

You have the right to withdraw such explicit consent at any time without any limitation or damages. You can send us your requests to this end via our communication channels listed above.

4. METHOD OF COLLECTION

In order to fulfill the purposes specified in title C of this text, and based on the legal reason specified in 5 (2) of PDPL, your personal data will be processed by having the related person filling the forms on our Platforms, answering surveys, sending an e-mail, contacting us via mail, relevant documents, call center, or phone number, contacting via social media platforms, subscribing to our newsletter, notifications sent by authorized public institutions and via cookies by using automatic or non-automatic methods.

5. STORAGE AND ACCURACY OF PERSONAL DATA

Bitci securely stores the data provided by you and takes all necessary measures to prevent unauthorized access or collection of the information you share, as required by applicable legislation.

Bitci retains the personal data only for the period set forth in the relevant regulations, or for such period of time as is necessary for the purpose for which the data are processed.

In addition, Bitci also conducts data minimization studies, establishes the periods stipulated in the legislation for the storage of personal data, or the maximum period according to the purpose of processing in cases when there is no period stipulated in the legislation and destroys personal data upon the expiration of this period. 

When you want your personal data to be destroyed, you can always contact us through our communication channels listed above. Our team will fulfill your request to destruct data as soon as possible. However, in cases when it is necessary to fulfill legal obligations or to establish and protect a right, Bitci will continue to store the data processed to this end throughout the required period. 

In the event that you provide personal or other data to us or to the relevant service provider for the payment of goods or services purchased or subject to your transactions, you do hereby agree that you are solely responsible for the accuracy, completeness of the data as well as any other material or non-material issues, losses, damages arising as a result of the provision of this data or the performance of the transaction.

WITH WHOM YOUR INFORMATION IS SHARED, TRANSFER OF PERSONAL DATA

Bitci will not share personally identifiable information with third parties for marketing purposes without your consent. In line with the provisions of both the Constitution and the Law on the Protection of Personal Data, Bitci pays utmost care and attention to the sharing of personal data within and/or without Turkey and carries on its activities in accordance with the current regulations within this framework. 

In accordance with Article 8 (2) (a) of PDPL and for the purposes stated below, your personal data will be transferred without seeking the explicit consent of the related person:

• In order to fulfill legal obligations pursuant to the relevant legislation, if necessary or upon request, your personal data may be shared with authorized public institutions and organizations.
• For the purposes of carrying out finance and/or accounting transactions and after-sale processes of goods/services, your personal data may be shared with our suppliers.
• In order to follow the legal processes, your personal data may be shared with our lawyers and our legal councils to the extent that is necessary within the framework of the confidentiality obligation.
• In order to carry out advertising / campaign / promotion processes, your personal data may be shared with our business partners.
• Your personal data may be shared with our business partners providing us call center process services for carrying out communication processes.
• Bitci's main shareholder and other companies in which the main shareholder is a shareholder, and other members of Bitci acting on our behalf.

Bitci may forward this data to third-party vendors in response to a product order or include you in the commercial newsletter circulation list, provided that we obtain your separate consent under the Regulation on Commercial Communication and Commercial Electronic Messages.

Some of the data collected by Bitci may be shared with other users in order to display your profile. The scope of the information to be displayed in your profile will be established by you.

External websites and companies that are our service providers may access your personally identifiable information via links on the platforms. These websites and companies are outside the scope of this Notice which is not applicable to these websites and companies. Please refer directly to the privacy policies of relevant websites and companies.

6. LEVEL OF SECURITY

Bitci is committed to protecting personal information, its integrity and security. Therefore, we ensure that the data provided by you is not altered and that your personal information is securely stored in our highly secure databases in which your personal information is strictly monitored to guarantee any information is not accessed by unauthorized persons.

7. PROTECTION OF PERSONAL DATA RELATING TO CHILDREN

Persons under 18 years of age and minors should not order any paid services through our platforms or go online on our platforms without the permission of their parents or guardians. Persons aged 13-17 should ask their parents to read this Privacy Notice if they wish to be informed about or comment on the content and, if necessary, to contact us regarding our privacy obligation.

8. TRANSFERRING ABROAD

Within the scope of conducting our business activities, information and communication technology applications and software (“IT Systems”) (“e-mail software, Amazon-Cloud Systems”) will be used.  The infrastructure and databases of these services are located abroad.  

Due to the fact that the infrastructure of the IT Systems and databases that are used for conducting communication activities and keeping your data safe are located abroad, your personal data will be transferred abroad by obtaining your “explicit consent”.

9. COOKIES

We may use cookies as specified in the Cookie Policy, and process your personal data collectively as anonymous data in order to analyze and reveal statistics on habits, usage patterns and demographic characteristics of user groups on a group or individual basis. Bitci may share such anonymized data with third parties without your consent.

10. PROTECTING THE RIGHTS OF THE DATA SUBJECT

According to Article 11 of PDPL, related persons are entitled; 

• To learn whether their personal data are processed or not,
• To request information if one’s personal data are processed,
• To learn the purpose behind the personal data being processed and to learn whether or not the data is used in accordance with this purpose,
• To know the third parties to whom the personal data is transferred at home or abroad,
• To request the rectification of their Personal Data if they are processed incompletely or inaccurately and, within this framework, to request that third parties whom their personal data were transferred are notified of such action,
• To request the deletion or destruction of personal data, and to request that the relevant process be notified to the third parties to whom the personal data has been transferred in accordance with the provisions of Law No. 7 and other relevant laws (in the event that the reasons requiring its processing are repealed even though the data are processed in line with the Law and other related legislation),
• To object to the processing, exclusively by automatic means, of personal data, which leads to an unfavorable consequence for the person,
• To request compensation for the damages arising from the unlawful processing of their personal data.

The exceptions set out in Article 28 of the Law are reserved.

Within the scope of Article 11 and paragraph 1 of Article 13 of PDPL and the Communique on the Application Procedures and Principles to the Data Controller, you can submit your requests regarding these rights by filling in all the information specified in the Related Person Application Form;

• By personally visiting our Company located at Ortakent Yahşi Mahallesi, Hortma Caddesi, No:9 Bodrum / MUĞLA,
• Through a notary public or by registered letter with return receipt, in order to identify you and not to provide information to the wrong people,
• By sending an e-mail to [email protected] using a secure electronic signature, mobile signature or (if any) the e-mail address already notified to our Company and registered in our systems.

In addition to the right specified in Article 11 of PDPL, we kindly remind you that if you give your explicit consent for the processing of your personal data, you have the right to withdraw such explicit consent at any time without giving any reason.

11. EXECUTION AND VALIDITY

This Privacy Notice is published on the Bitci website (Bitci.com.tr) and is effective as of the date of publication.

Bitci may make changes or updates in line with legal regulations and corporate policies. You will be notified about these changes and updates via our Platforms.

12. SECURITY AND VULNERABILITY REPORTING

As Bitci, we have taken the necessary technical and administrative measures to ensure the security of your personal data. However, please notify us if you notice any issues regarding the security of your data.

To this end, send an e-mail to  [email protected] explaining the details of the security vulnerability and what we need to do to literally discern or verify this vulnerability, and also include your contact information and your name. If you are convinced that the protection of your personal data has been breached, you can fill out the Related Person Application Form and Breach Form below and send it to us via any of the above communication channels.