This Privacy Policy is intended to define the terms and conditions governing the use of personal data shared with or generated by Elit Teknoloji Hizmetleri İnternet Anonim Şirketi (“eÇift”) in connection with the services provided through the website www.ecift.com and all current and future platforms, including mobile applications regardless of the operating system on which they run (collectively, the “Platform”), by users of the Platform (“Members”).

By accepting this Privacy Policy, the Member declares that they have been duly informed regarding the processing of their personal data and consents to the use of their personal data as set forth herein.

Which Data Is Processed?

This section outlines the categories of data processed by eÇift that qualify as personal data under the Personal Data Protection Law. Unless expressly stated otherwise, the term “personal data” within the scope of this Privacy Policy includes the information listed below.

• Identity Information
• Contact Information
• Customer Information
• Customer Transaction Information
• Transaction Security Information
• Financial Information
• Legal Transaction and Compliance Information
• Audit and Inspection Information
• Marketing Information
• Product/Service Usage Information
• Request/Complaint Management Information
• Incident Management Information

The Member acknowledges that sensitive personal data such as religion, race, health data, biometric data obtained from photographs, and appearance-related data submitted to eÇift may also be processed. Such data constitutes “special category personal data,” and the Member expressly consents to its processing for the purposes specified in this Privacy Policy.

eÇift may collect information regarding the Member’s use of the Platform through technical communication files known as cookies. IP information may be collected via cookies in order to determine access and usage patterns related to the services offered on the Platform.

In accordance with Articles 3 and 7 of the Personal Data Protection Law No. 6698, data that has been irreversibly anonymized shall not be deemed personal data, and processing activities related to such data shall be carried out independently of this Privacy Policy.

For What Purposes Is the Data Used?

eÇift uses personal data provided by the Member for the purpose of completing membership registration and subsequently delivering the services committed to the Member. Personal data may also be processed to improve and develop services, provide necessary notifications to the Member, and fulfill obligations arising from the nature of the services offered.

Personal information may be used to contact the Member or enhance their experience on the Platform, including improving existing services, developing new services, and offering personalized features. Such information may also be used for reporting, business development, statistical analysis, database creation, and market research without disclosing the Member’s identity. Where the Member provides consent, personal data may additionally be processed, stored, shared with third parties, and used for direct marketing activities and related communications.

In accordance with Articles 5 and 8 of the Personal Data Protection Law and applicable legal exceptions, eÇift may process and share personal data without obtaining additional consent where legally permitted, including but not limited to circumstances expressly provided by law, protection of life or physical integrity, contractual necessity, fulfillment of legal obligations, public disclosure by the Member, establishment or protection of legal rights, and legitimate interests of eÇift provided fundamental rights are not harmed.

Cookies may also be used to support analytics services provided by third parties, limited strictly to what is required for such services. Cookies are small text files stored in the browser’s memory that help save preferences, improve usability, generate statistical insights, and support personalized advertising and content delivery. No additional personal data is collected from device memory beyond these purposes.

Most browsers accept cookies by default; however, users may modify their browser settings at any time to block cookies or receive alerts when cookies are sent.

eÇift may use cookies for online behavioral advertising and marketing to display interest-based advertisements across the Platform or third-party networks. If cookies are not accepted, advertisements will still be shown, but they will not be tailored based on usage behavior.

eÇift may send instant notifications (push notifications) to Members via its mobile applications through third-party service providers. Members may opt out of receiving such notifications through their device or application settings.

Who Can Access the Data?

eÇift may share personal data and derived data with third parties that provide services necessary to fulfill its obligations to the Member, limited strictly to the scope of such services.

Personal data may also be shared with payment service providers for fee collection or dispute resolution purposes.

eÇift may share personal data with third parties such as hosting providers, law firms, research companies, call centers, and SMS service providers for purposes including service improvement, security, fraud prevention, error resolution, and fulfillment of this Privacy Policy. The Member consents to the storage of such data on servers located within the European Union.

Method and Legal Basis for Data Collection

Personal data may be collected, processed, and transferred electronically through the Platform or via Members’ social media accounts in accordance with the purposes and legal grounds specified in this Privacy Policy and applicable legislation.

Right of Access and Requests for Correction

Members may apply to eÇift to exercise their rights under applicable law, including learning whether personal data is processed, requesting information, correcting inaccuracies, requesting deletion or destruction, objecting to automated processing results, and claiming compensation for unlawful processing.

Requests may be submitted in writing to “Mevlüt Pehlivan Sok., Yılmaz İş Merkezi, No.:26 Floor:7, 34349 Gayrettepe/Istanbul.” Responses may be provided in writing or electronically. Requests are generally processed free of charge, though fees may apply where processing incurs costs, in accordance with tariffs set by the Personal Data Protection Board.

The Member undertakes that all information provided is accurate and up to date and agrees to promptly update any changes. eÇift shall not be liable for issues arising from outdated information.

The Member acknowledges that restricting the use of personal data may limit their ability to fully benefit from the services offered by eÇift.

Retention Period of Personal Data

Personal data will be retained for the duration necessary to provide services and fulfill obligations arising from their nature.

Data may also be retained for applicable limitation periods to support potential legal claims or defenses.

Data Security Measures and Commitments

eÇift undertakes to implement necessary technical and administrative measures to prevent unlawful processing or access to personal data and to ensure appropriate data security in accordance with applicable legislation and this Privacy Policy.

Personal data shall not be disclosed or used for purposes other than those specified in this Privacy Policy and applicable law.

eÇift bears no responsibility for the privacy policies or content of third-party applications linked through the Platform.

Amendments to the Privacy Policy

eÇift may amend this Privacy Policy at any time. The updated Privacy Policy shall become effective on the date it is made available to the Member by any means.