Privacy Policy

Privacy Policy

EGEMONEY PRIVACY POLICY

1. Introduction

Ege Money Investment Yazılım Anonim Şirketi (hereinafter also “our Company”, “EgeMoney”, “we” and “us”) recognizes the importance of protecting the privacy of your personal data.

This Privacy Policy aims to explain how we collect, use, store, share, dispose of and protect your personal data in accordance with the Turkish Personal Data Protection Law (“KVKK”) and the General Data Protection Regulation (EU) 2016/679 (“GDPR”), when you access our platforms bearing EgeMoney brand owned and/or operated by us or whenever we otherwise connect with you.

You can feel safe while using our website. However, please remember that no system is entirely secure. Even if we take all necessary steps to protect your data, there is always the possibility of being out of security. For this reason, please be very careful with your personal data. We strongly advise you not to share your voice, photos, or other personally identifiable information through email, message, or any other communication channel unless expressly requested by us.

1. Cookies

We use cookies and similar tracking technologies to track the activity on our website and hold certain information.

Cookies are technical communication files with a small amount of data. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies such as beacons, tags and scripts are also used to collect and track information and to improve and analyze our services.

We mainly use cookies to obtain statistical information about the number of visitors, visit purpose, and duration of visit and dynamically generate advertisements and content from user pages. The technical communication file is not designed to receive any other personal data from the main memory.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our services.

For more detailed information, please check our Cookie Policy.

1. Data Controller

Ege Money Investment Anonim Şirketi registered at Yalı Mah. 6523 sok. No: 32 B / 601 Karsiyaka / Izmir with a Mersis Number 0325107235900001 is the data controller. Please find our contact information below:

• Postal address: Yalı Mah. 6523 sok. No: 32 B / 601 Karsiyaka / Izmir
• For privacy-related communications: [email protected]
• For all other communications: [email protected]

 

1. Use of Your Personal Data and Our Legal Bases

1. For Registration and Know-Your-Customer process:

• Your identity information, which includes name, surname, Turkish identity number for Turkish citizens, foreign identity number for foreign nationals, wallet serial no. and wallet number, mother’s name, father’s name, date and place of birth, gender, nationality;
• Your contact information, which includes phone number, fax number, e-mail address, residential address, postal code, province, and district;
• Your professional experience information, which includes occupation, education status and working industry;
• Your financial information, which includes bank account details, IBAN, and tax identification number;
• Your suitability test information, which includes planned investment period and amount, risk and return preferences and source of investment;
• Your account information, which includes username, password, account settings and commercial electronic communication preferences;
• Your photo and biometric data, which includes the biometric photograph captured during the process of taking a selfie;
• Your identity verification information, which includes images of your government-issued ID, passport, national ID card or driving license, proof of residence or other identification documents deemed appropriate by government authorities, biometric selfie, proof of residence, the invoice of a subscribed service (e.g., electricity, water, natural gas, telephone services etc.);
• If you provide your old ID cards, your religion and health information (including blood type);
• Your user number, user ID, and reference information.

a.1. Purpose of Processing: 

• to process your subscription and create your account;
• to verify your identity and inform the public authorities and institutions in accordance with applicable know-your-customer, anti-money laundering, counter-terrorism financing regulations and our User Agreement and other legislations to which we are subject;
• to develop, comply and undertake the purchase contract for the products, items or services you have purchased or of any other contract with us through the service and perform our contractual responsibilities;
• to provide our services and process your transactions on our platforms;
• to provide and maintain our product and services;
• to conduct marketing activities and marketing analysis;
• to send commercial electronic messages, bulletins, newsletters and other messages to you;
• to contact you via email, phone call, SMS, or other equivalent forms of electronic communication;
• to track advertising tailored to your interests on the services and other websites;
• to facilitate thorough reference processes;
• to keep our users informed about significant Platform updates;
• to meticulously monitor and identify whether our users are on the potential banned lists;
• to share essential information with authorized public entities upon request or ex officio,
• to fulfill our commercial and legal obligations arising from the nature of our services.

a.2 Legal Basis: 

We collect and process your personal data on the following bases, which are stated in Articles 5 and 6 of the KVKK and Articles 6 and 9 of the GDPR:

• You have explicitly consented to the processing of your personal data for one or more specific purposes,
• Processing is expressly provided for by the laws,
• Processing is necessary for the establishment or performance of a contract,
• Processing is necessary for compliance with a legal obligation to which we are subject,
• Processing is necessary to establish, exercise or defend legal claims.

 

1. Transaction Information: 

• Your identity information, which includes name, surname, signature;
• Your contact information, which includes your e-mail address;
• Your location information, which includes the location of the transaction;
• Your customer transaction information, which includes your communication history with us, transaction history, account activity and user ID ;
• Your financial information, which includes payment card information, bank account number, IBAN, receipt information, monthly income, salary and source of funds;
• Your transaction security information, which includes IP address, device type, operating system and browser information.

b.1. Purpose of Processing: 

• to carry out all transactions, including deposits, withdraw any other transactions you can make on the platform;
• to create reports on daily/monthly user transaction amounts;
• to meticulously validate wallet addresses for precision and ensure that wallet addresses align accurately;
• to carry out risk acceptance agreement procedures through the User Identification Form and Risk Analysis Form;
• to conduct anonymous reviews of wallet transaction history for enhanced security;
• to verify the integrity of data flow across systems;
• to manage financial processes;
• to guarantee the robustness of the technical infrastructure supporting our service;to conduct financial verifications regarding user transactions;
• to prevent any third party other than our users from unfairly benefiting from our services;
• to ensure the security of our users’ accounts;
• to establish, exercise or defend the rights of our Company, our users, or other third parties regarding a current or potential legal dispute;
• to detect suspicious transactions and execution of processes related to suspicious transaction reporting,
• to share essential information with authorized public entities upon request or ex officio,to fulfill our commercial and legal obligations arising from the nature of the services provided by Our Company.

b.2 Legal Basis: 

We collect and process your personal data on the following bases, which are stated in Article 5 of the KVKK and Article 6 of the GDPR:

• You have explicitly consented to the processing of your personal data for one or more specific purposes,
• Processing is expressly provided for by the laws;
• Processing is necessary for the establishment or performance of a contract;
• Processing is necessary for compliance with a legal obligation to which we are subject; and,
• Processing is necessary to establish, exercise or defend legal claims.

 

1. Compliant & Service Request Information: 

• Your identity information, which includes name, surname, Turkish ID number, country;
• Your contact information, which includes e-mail address, phone number, social media account information;
• Your customer transaction information, which includes ticket information;
• Your visual and audio information, which includes voice recordings;
• Your requests, feedback, complaints and suggestions.

c.1 Purpose of Processing: 

• to provide and improve our website;
• to enhance a better user experience by tailoring our services;
• to review your questions, recommendations and opinions and respond to your customer service requests and support needs;
• to proficiently carry out reporting and information processes;
• to manage, supervise, and elevate business operations;
• to ensure the coordination between the units of our Company for the continuity of our services.

c.2 Legal Basis: 

We collect and process your personal data for our legitimate interests, as stated in Article 5 of the KVKK and Article 6 of the GDPR, always provided that such interests are not overridden by your interests or fundamental rights and freedoms which require the protection of personal data.

1. Data Collected During Event, Contest, and/or Campaign Activities:

 

• Your identity information, which includes name and surname;
• Your contact information, which includes email address, delivery address, and social media username;
• Your customer transaction information, which includes your User ID;
• Additional contest-related information, which includes codes used during campaign participation and your adherence to the contest's participation criteria.

d.1. Purpose of Processing:

• to enable users to participate in competitions, events, and/or campaigns organized by us;
• to comprehensively assess eligibility for participation;
• to execute dynamic loyalty programs;
• to inform users about our organized competitions, events, and/or campaigns;
• to transparently publish and announce the list of winners;
• to distribute prizes to deserving winners.

d.2 Legal Basis: 

We collect and process your personal data on the following bases, which are stated in Article 5 of the KVKK and Article 6 of the GDPR:

• You have explicitly consented to the processing of your personal data for one or more specific purposes,
• Processing is necessary for the establishment or performance of a contract;
• Processing is necessary to establish, exercise or defend legal claims; and,
• Processing is necessary for our legitimate interests, always provided that such interests are not overridden by your interests or fundamental rights and freedoms which require the protection of personal data.

 

1. Data Collected Through EgeMoney Shop:

• Your identity information, which includes name, surname, and Turkish ID number;
• Your contact information, which includes email address, delivery address, and phone number;
• Your financial details, which includes payment information, payment amount, bank account details, payment method, billing particulars, and tax identification number;
• Your legal transaction details, which includes distance sales contracts and preliminary information forms.

e.1. Purpose of Processing:

• to promptly deliver the products you have purchased to your designated location,
• to handle payment transactions and manage invoicing procedures,
• to manage procurement operations,
• to fulfill our tax and other legal responsibilities.

e.2 Legal Basis: 

We collect and process your personal data on the following bases, which are stated in Article 5 of the KVKK and Article 6 of the GDPR:

• Processing is necessary for the establishment or performance of a contract;
• Processing is necessary for compliance with a legal obligation to which we are subject; and,
• Processing is necessary to establish, exercise, or defend legal claims; and,

 

1. Data Collected Through Cookies: Please check our Cookie Policy.

d.1 Purpose of Processing: Please check our Cookie Policy.

d.2 Legal Basis: 

We collect and process your personal data on the following bases, which are stated in Article 5 of the KVKK and Article 6 of the GDPR:

• Processing is expressly provided for by the laws;
• Processing is necessary for the establishment or performance of a contract; and
• Processing is necessary for compliance with a legal obligation to which we are subject.

IMPORTANT NOTE: You agree that your personal data provided to us is complete, accurate and up-to-date, and you will update them as soon as possible upon any change.

1. Disclosure of Your Personal Data

We may disclose your personal data to the following third parties for the purposes mentioned in Section 4:

• Our hosting service provider suppliers for securely storing your data;
• Our suppliers from whom we receive support during identity verification processes.
• Our suppliers to check whether the conditions for participation in the competitions organized are met.
• Our suppliers in order to send commercial electronic messages to you within the scope of carrying out marketing activities.
• Our business partners and solution partners for enhancing a better user experience as specified in Section 4;
• Our servers and cloud computing providers located abroad that we receive information technology support for archiving and storage;
• Public authorities, legally authorized persons and institutions, regulators, and government officials to meet our legal and regulatory requirements or to protect or defend our rights or property under applicable laws.

For compliance with the GDPR, we ensure our suppliers and business partners, whether located outside the EEA or not, take appropriate technical and organizational security measures in accordance with applicable data protection laws and use it solely for the purposes specified by us.

Unless otherwise stipulated in the KVKK, third parties with whom we share your personal data are obliged to protect your personal data and are limited for the purpose of sharing, and are under the control of EgeMoney.

1. Retention and Security of Your Personal Data

We take all the necessary measures to ensure that your data is treated securely and in accordance with this Privacy Policy, and no transfer of your personal data will take place to an organization or a country unless stated in this Privacy Policy and there are adequate controls in place including the security of your data and other personal information.

We will retain your personal data only for as long as they are necessary for the purposes set out in this Privacy Policy. If we no longer have a legal basis or a purpose for processing your personal data, we will delete, destroy or anonymize such personal data.

6.1 Technical Measures

• We carry out systematic, regulated, planned, manageable, sustainable and recorded activities that are accepted by the management and based on global security standards within the scope of the Information Security Management System to ensure confidentiality, integrity, and availability of information.
• We take measures to ensure cyber security, including but not limited to firewall and gateway measures; preventing employees from accessing threatening websites or online services; deleting unused software and services from computers; ensuring that software and hardware are up-to-date against security vulnerabilities.
• We take measures to monitor personal data security, including checking software and services running in our information networks and determining infiltrations or non-infiltrations in them; keeping log records of all our users; preventing unlawful copying of data by third parties during maintenance and repair of any device on which the data is processed.
• We take measures to ensure the security of environments containing personal data, such as identifying, preventing and minimizing risks such as theft, loss, or damage of the devices or printed documents where personal data are stored.
• We take measures for personal data stored in the cloud, such as controlling data security measures of cloud storage systems and providers; encrypting personal data with cryptographic methods when disclosing to these systems and service providers; restricting and controlling access to these systems and service providers.
• We take measures to ensure the security of supply, development and maintenance of information technology systems, such as establishing control mechanisms within the applications to control data entry and preventing its corruption; preventing data loss; avoiding sending data-storing parts or taking necessary measures when the devices are sent to third parties due to hardware errors.
• We make access restrictions in environments in our Company’s buildings, such as archive rooms where personal data is kept and take security measures for electronic devices containing personal data.

6.2 Organizational Measures

To protect your personal data, we provide awareness training to our employees and inform them not to disclose and use in any way any personal data to third parties against the KVKK, GDPR and applicable data privacy legislation during and after their employment.

We keep our privacy policies and notices under regular review and make sure they are up-to-date and accurate. In addition, we include special provisions in the contracts with third parties to protect your personal data, carry out periodic audits to assess the risks, and minimize the personal data we collect to what is necessary.

6.3 Notification and Communication of Personal Data Breaches

In case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed (“data breach”), we will notify the relevant data protection authorities and the relevant data subjects of the data breach within 72 hours after having become aware of it, if required by Article 33 of the GDPR.

1. Reporting Security Vulnerability

If you notice any technical vulnerability, please contact us via [email protected] including your contact information and name and with the details of the vulnerability and if possible, the explanations about what we need to do to identify or verify this vulnerability.

1. Links to Third Party Sites

We may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy notices of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies/notices or practices of any third-party sites or services.

1. Marketing

We may occasionally communicate news, updates, promotions, and information relating to our products and services. We shall only do this where you have given us your consent or otherwise where we are permitted to do so under the data protection laws in pursuit of our legitimate interests.

We may share personal data with third parties to help us with our marketing and promotional projects or send marketing communications.

If you want to opt out of receiving promotional and marketing emails, text messages, posts and other forms of communication from us (or our promotional partners), which you might receive in accordance with this section, you can choose one of the following ways:

• Click “unsubscribe” at the bottom of an email we sent you; or
• Contact us at [email protected] and request to opt out.

If you do opt out of receiving promotional and marketing messages, we will no longer use or transfer your personal data to third parties for direct marketing purposes. We want to remind you that we may continue to send transactional or administrative e-mails (e.g., account status and activity updates, respond to your inquiries or complaints etc.) related to our services or your requests for information or materials, even if you opt out.

1. Age Limit and Collection of Children’s Personal Data

To use our services, you must be at least 18 years old. No one under 18 should provide personal data to or on the services. We will terminate or suspend the relevant user accounts without notice if the account owner or the person who performs the transaction is under 18.

We do not knowingly collect personal data from children under 18. We encourage parents and legal guardians to monitor their children's internet usage and to help enforce our Privacy Policy by instructing their children never to provide us with personal data without their permission. If you have any concerns about your child’s privacy with respect to our services, or if you believe that your child may have provided his/her personal data to us, please contact us via [email protected]. We ensure to delete such personal data from our records immediately.

DISCLAIMER: When processing open data from social networks, it might be reasonably impossible to recognize the real age of users. Our verification of the age of users is limited to technically available and reasonable treatment of the information openly provided by the social networks from which we collect the data. In case of fallacious, erroneous or missing age data, the social networks shall be solely responsible for violation of requirements of the GDPR and other data protection laws in relation to the personal data of children.

1. Your Rights

You may benefit from various rights as a "data subject".

You may, at any time, exercise any of the above rights, by contacting us via [email protected] or by sending your request to Yalı Mah. 6523 sok. No:32 B/601 Karşıyaka/İZMİR, together with proof of your identity, i.e. a copy of your ID card, passport, or any other valid identifying document.

Please note that we may reject requests that are excessive or a misuse of the relevant right or we may not be able to give you access to your personal data that we hold, if making such a disclosure would breach our legal obligations to other data subjects or if prevented by any applicable law or regulation.

1. If you are from Turkey:

Under Article 11 of the KVKK, you are entitled to:

• learn whether your personal data is processed or not;
• demand information as to if your personal data have been processed;
• learn the purpose of the processing of your personal data and whether these personal data are used in compliance with the purpose;
• know the third parties to whom your personal data are transferred in-country or abroad;
• request the rectification of the incomplete or inaccurate data, if any;
• request the erasure or destruction of your personal data under the conditions referred to in Article 7 of the KVKK;
• request reporting of operations as the rectification of the incomplete or inaccurate data or the erasure or destruction, to the third parties to whom your personal data have been transferred;
• object to the occurrence of a result against you, by analyzing the data processed solely through automated systems;
• claim compensation for the damage arising from the unlawful processing of your personal data.

1. If you are from the European Economic Area or in certain countries, you are also entitled (with some exceptions and restrictions) to:

• Access: You have the right to request information about how we process your personal data and to obtain a copy of that personal data.
• Rectification: You have the right to request the rectification of inaccurate personal data about you and for any incomplete personal information about you to be completed.
• Objection: You have the right to object to the processing of your personal information, which is based on our legitimate interests.
• Deletion: You can delete your account by using the corresponding functionality directly on the service.
• Automated decision-making: You have the right to object to a decision made about you that is based solely on automated processing if that decision produces legal or similarly significant effects concerning you.
• Restriction: You have the right to ask us to restrict our processing of your personal data so that we no longer process that personal data until the restriction is lifted.
• Portability: You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and to have that personal data transmitted to another organization in certain circumstances.
• Complaint: You have a right to lodge a complaint with the authorized data protection authority if you have concerns about how we process your personal data. The data protection authority you can lodge a complaint with notably may be that of your habitual residence, where you work or where we are established.

 

1. Right to withdraw consent

If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. To withdraw your consent please follow the opt-out links on any message sent to you or contact us via [email protected].

Once we have received the notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

1. Changes to our Privacy Policy

This Privacy Policy is published on our website (https://www.egemoney.com) and is applicable as of the Last Updated date.

We reserve the right to update and change this Privacy Policy from time to time to reflect any changes to how we process your personal data or if any legal requirements change. Any changes we may make to our Privacy Policy in the future will be posted on this page. So please check back frequently for any updates or changes to our Privacy Policy.

1. Contact us

If you have any questions or concerns about our privacy practices, data collection or processing practices, or if you want to report any security violations to us, please get in touch with us via [email protected].