İyiden İyiye; Toplum, Çevre ve Kültür İçinDaha Fazla Bilgi
You can find details about the iyzico Privacy & Personal Data Policy, which is prepared for the protection of your personal data on this page.
Privacy & Personal Data Policy
This Privacy & Personal Data Policy is meant to provide information on the personal data collected, retained, processed, shared and transferred by iyzico. Any person who visits iyzico website, or uses any service provided by iyzico (e.g. makes a payment with his/her credit card to a merchant that receives payments via iyzico) is covered by this Privacy & Personal Data Policy
When the term "iyzico" is used, it covers both iyzico Turkey and iyzico Europe as they share the same privacy principles and policy. iyzico might be referred to as "we", "us" or "our" in this policy. Legal titles and contact information of iyzico companies can be found at the end of this document.
The terms "personal data", "personal information" and "your information" are used interchangeably and they mean any information than can be associated to an identified or identifiable natural person (e.g. name, e-mail address, birth date, national ID number)
We are aware that personal data is important for our clients as well as end users and we endeavor to undertake all necessary measures to ensure this policy is complied with by everyone within iyzico and that your personal data is kept safe.
Purpose of this Privacy & Personal Data Policy is:
• To explain, in the most transparent and readable way possible, our ways and purposes of using the data we collect about you;
• To clarify the types of information we collect upon your permission and the purposes and methods for processing of them;
• To inform you on the third parties we transfer this information to as well as our purpose and method in doing so;
• To let you know your choices and legal rights with respect to your personal data;
• To describe the extent of our responsibility for protection of your rights and privacy.
This policy applies to products and services of iyzico only. On websites and mediums that do not belong to iyzico, the policies and rules of the respective person or organization. Sometimes, in addition to iyzico's policies and rules, e.g. on a checkout form placed on a merchant's website, but transmits payment data to iyzico) both iyzico and the merchant's privacy policies shall apply.
The type of personal data processed by iyzico depends on which services you benefit (some of them may not be available according to your region and legal status) and how you benefit from them.
2. Personal Data Collected by iyzico
We collect different types of personal data about you when you visit our website or use our services.
When you visit our websites, send or receive a payment via iyzico, or register to open an account you may use for receiving or sending funds and similar purposes; we will collect information necessary to offer and fulfill your request in an efficient and secure way. This information may include:
• Your contact details (e.g. your name, address, e-mail address, ID number).
• Payment details (e.g. your credit card number, expiry date, instalment choice).
• When someone sends funds to, or enters into any transaction that requires them to provide personal information about third persons, we collect personal data about those third persons.
• Information obtained from third-party sources, such as our clients from whom we receive category and name of the products or services you wish to purchase from the merchant, details on your membership with the merchant, your IP address and past transactions. We also receive information about your purchase from delivery companies to monitor your transaction's status.
• If you are applying to use the services of iyzico, your business details (e.g. your business name and category, tax ID, bank account details) some of the information requested may be related to a legal person and therefore outside the scope of personal data, however, as far as these details contain information related to a real person, you declare that you are authorized to share these pieces of personal information.
• If you are a seller utilizing a platform (e.g. a marketplace) which uses our services, the platform may transfer your personal data such as contact details and bank account number.
• Additional details you provide to us when you make use of optional services provided by iyzico or when you contact iyzico (e.g. via the contact us form located on our website or e-mail).
3. Use of Personal Data by iyzico and Legal Basis for Processing
We use your personal data for various purposes permitted under data protection laws in Turkey and the European Union. Our purposes in using your personal data are explained with some examples below and are justified by lawfulness criteria stipulated in data protection regulations of the European Union and Turkey, such as performance of contractual obligations, our legitimate interests, and legal obligations.
• To operate our sites and provide our services,
We need to use your information to initiate payments, transfer funds, store your credit cards for your future use, and enable you to create, access and modify your account.
• To improve our services and manage our business needs,
We monitor usage of our sites and services by you and analyze usage data to enhance our performance.
• To mitigate and manage risk and protect our platform and customers from harm,
We detect and prevent fraud by identifying customers and measuring their risk level. These decisions may be made by automatic algorithms as well as human effort under set rules. If you learn that your application or a transaction you want to make has been rejected as a result of those procedures, you may contact us at the contact information provided at the end of this document.
• To contact you when needed,
We may contact you regarding the status of your transaction. Also, when there is an issue related to your account or a payment you make, we may use your personal information to reach out to you so that we can resolve the issue. You may be contacted by iyzico employees, or by employees of our business partners, in which case we need to share your personal data with those business partners.
• To meet our legal obligations or resolve disputes,
Some regulations in the jurisdictions require us to use and retain your information in certain ways. As a payment services provider, we are obliged to keep and inspect records of all transactions we facilitate for various reasons including data retention, anti-money laundering and taxation.
When there is a legal dispute between iyzico and you, or between parties of a transaction facilitated by iyzico, your information may be used to resolve the dispute and presented to courts and other authorized dispute resolution authorities.
We may also use your information in additional ways that you have consented to. For instance, we may seek your consent for sending you marketing material, receiving your feedback or other processing activities. In those cases, you can always withdraw your consent by contacting us at the addresses provided at the end of this Policy. You should include information that enable us to recognize you in that notification. Your notification of withdrawal of your consent will be effective in the future and therefore will not make our prior processing unlawful but it will make us cease to process that information from the receipt of your notification onwards.
When you use the iyzico website, access information related to you, such as your ISP's (Internet Sevice Provider) name, your IP Address, your browsing information and geolocation may be collected by iyzico. This information is used for improvement of iyzico's infrastructure, statistical evaluations, and better targeting of marketing material. Cookies and other tracking technologies (e.g. web beacons) that are operated by iyzico or third party service providers may also be used for collecting information on your usage to enable the website's functionalities such as customization, to mitigate risk (e.g. by prevent fraud), manage our infrastructure, and to promote our services.
Our website uses a web analytics tool named Google Analytics developed by Google, Inc. ("Google"). Google Analytics utilizes cookies and other identifiers to help website owners analyze the use of their website by their visitors and for rendering of the services provided by Google. Information related to your use of the website may be transferred to Google's servers located in various countries and be processed by Google at those locations. Google shall use this information for analyzing your use of the web, drafting reports on the usage of website for website owners and providing other services related to internet use (e.g. creating user segmentations). Google may transfer this information to third parties upon legal obligation and when third parties process this information on behalf of Google. For more information on privacy practices of Google with respect to Google Analytics, please visit this website: https://www.google.com/policies/privacy/partners/ If you do not wish your information to be used by Google Analytics, you may use the following link to opt out: https://tools.google.com/dlpage/gaoptout/
Our website utilizes a service provided by Hotjar Ltd. ("Hotjar") that identifies users' experiences on a website and evaluates the ease of use of the website and receives anonymous feedback from users. Cookies are placed on your computer for the provision of this service.
Our website utilizes a service provided by Optimizely Inc. ("Optimizely") that helps find out which version of the website is more suitable for use by showing different versions to different users. Cookies are placed on your computer for the provision of this service.
This website and iyzico merchant control panel utilize a service provided by Sosyo Plus Bilgi Bil. Tekn. Dan. Hiz. Tic. A.Ş. ("Insider") that helps merchants to find out the features they were not able to use before. Cookies are placed on your computer for the provision of this service.
This website utilizes a service provided by Doğan İnternet Yayıncılığı ve Yatırım A.Ş. ("Medyanet") that analyses user behavior. Cookies are placed on your computer for the provision of this service.
5. Retainment and Erasure of Personal Data
iyzico retains your personal data in an identifiable format for the shortest period of time necessary to fulfil our legal obligations and for our business needs.
When the period during which we retain your personal data ends, we will erase or anonymize your personal data so that they can no longer be associated with you, in line with our internal procedures that aim to ensure safety of your personal data.
When you close your account or request erasure of your personal data, we will erase or anonymize parts of it that we are not legally obliged to reject your erasure request or to keep even if your account is deleted.
The cookies we use have defined expiration times; unless you visit our sites or use our services within that time, the cookies are automatically disabled and retained data is deleted. You may also manually delete those cookies through your web browser's settings.
6. Transfer of Personal Data to Third Parties
While providing our services, we sometimes share your personal information with third persons for purposes explained in this section.
We utilize services of other companies as necessary and we may need to share your personal data with some of them. For example, when we receive your payment details (either directly from you or via the merchant you wish to make a payment to) we need to transfer them to respective financial institutions to initiate the payment. Or when the transaction you have made requires some additional steps to be taken (e.g. if it is an international purchase and customs procedures are to be completed) we may share your personal data with relevant service providers (e.g. customs brokers). We may also transfer personal data to third persons (e.g. anti-fraud processing companies) in order to ensure safety and convenience of our users and business.
When you use our services, we notify the other parties to the transaction you have made, such as other users and merchants and this might include transfer of a portion of your personal data.
Law enforcement agents and other authorities may request information from us. We will share your information only when there is a legal obligation to do so; or when it is deemed necessary to prevent and/or prosecute a crime.
We may also need to share personal data with third parties for other business purposes (e.g. for audits, corporate governance, or executing our legal rights). We will always comply with the law when doing so.
7. Personal Data Transfers to Other Countries
Due to nature of our services, we might need to transfer some personal data internationally. A big part of our information technology infrastructure (the all infrastructure of iyzico Turkey) is located within Turkey and this means that if you are using our services or reaching out to our website from another country, your personal data will be transferred to Turkey. This transfer takes place within a lawful framework that ensures safety of your personal information. We rely on model contractual clauses issued by the European Commission for transfers between iyzico Europe and iyzico Turkey.
In addition to the transfers between iyzico group companies, other transfers to third parties mentioned above, may require your personal data to be transferred to different countries. However we guarantee that your personal data is only transferred to countries regarded to be providing adequate safeguards or to parties that guarantee to ensure the safety of your personal information.
8. Choices Available to You
You have choices available with respect to our privacy practices. You may always decline to provide personal data requested by iyzico. However, if the information you have declined to provide is mandatory for provision of our services, you may not use our services. For instance, if you decline to enter your credit card number on the checkout form for a merchant who accepts credit card payments via iyzico, we cannot initiate the payment.
You may review and modify some of the personal data we have about you in the settings section of our mobile or web application when you log in to your account. If you want to review or modify other pieces of information than available on the website, please contact us using the contact information at the end of this document.
From time to time, we communicate with you. These communications may be for marketing purposes or notifications related to a transaction you have been a party to. You can opt-out of all marketing related communications by following the instructions at the end of messages we send. However, you cannot opt-out of transactional messages, but you may only choose the methods and addresses you receive them to.
9. Your Rights
We want you to know that you have following rights with respect to your personal data, as per the regulations governing use of personal data within EEA or Turkey:
(a) To learn if we process your personal data, the types of data we process, sources we get your personal data from, third parties we transfer your personal data to within the country or internationally, the period for which we keep the personal data or how we determine that period;
(b) To access your personal data and to request the data provided by you to be given to you or another data controller in a structured, commonly used and machine readable format,
(c) To learn the purposes for which your personal data is processed and to query if they are used in a compatible manner with those purposes,
(d) To object to and request restriction of processing of your personal data,
(e) To request rectification of inaccurate and incomplete personal data about you,
(f) To request erasure of your personal data when there is no legal basis for further processing,
(g) To request notification of procedures such as erasure and rectification to other third parties to whom your personal data has been transferred,
(h) To object to any negative consequences arising from automatic analysis of your personal data,
(i) To request indemnification for any damages arising from unlawful processing of your personal data.
You can exercise these rights by contacting us at the addresses provided at the end of this Policy. Your application should include the information you have given to us while registering or making use of our services as well as a photo ID, so that we may identify you.
10. Protection of Personal Data
All personal data collected by iyzico is transmitted and stored in compliance with reasonable security standards as adopted by the industry. The security of payment data is ensured with our PCI DSS Level 1 Compliant infrastructure and all connections where personal data is transmitted are protected with encryption. Even though we take all reasonable measures to protect your information, you are responsible for securing and maintaining your account information, including your password.
Our services and websites are not directed to children, i.e. people who are not legal adults. We do not collect personal data from children or other individuals who are not legally able to use our services. If we find out that we have collected Personal Data from a child, we will promptly delete it, unless we are legally obligated to retain such data. If you believe that we have mistakenly or unintentionally collected information from a child, please contact us immediately at the addresses below.
12. Contact Information
For iyzico Turkey:
Company Title: iyzi Ödeme ve Elektronik Para Hizmetleri A.Ş.
MERSIS (Central Registration System) Number: 0483034315700019
Address: Burhaniye Mahallesi Atilla Sokak No:7 Üsküdar İstanbul
E-Mail: [email protected]
Phone: +90 216 599 01 00
For iyzico Europe:
Company Title: Iyzi Payments, UAB
Registration Code: 304782968
Address: Mėsinių g. 5, LT-01133 Vilnius LITHUANIA
E-Mail: [email protected]
Phone: +90 216 599 01 00
Consent Form Regarding Personal Data Processing
1. The purpose of the privacy notice and the role of our company as data controller:
As per Law No. 6698 on the Protection of Personal Data, our company iyzi Ödeme ve Elektronik Para Hizmetleri A.Ş. (“iyzico” or “Company”) qualifies as a “data controller” in regard to the personal data personal data of its users. The objective of this this Information and Consent Statement is to inform its users about the personal data processing activities carried out by iyzico in accordance with the aforementioned Law and to obtain their express consent for circumstances set out in Article 3 below.
2. The purpose of the processing of user’s personal data:
The personal data of users is processed within the scope of the conditions and purposes set out in Articles 5 and 6 of the Law, which include: the execution of necessary works and respective work processes by business units in order to allow relevant persons to benefit from services offered by iyzico; the carrying out of works by business units that are necessary for the performance of commercial activities of iyzico and the execution of related work processes; the planning and execution of iyzico’s commercial and/or business strategies; ensuring the legal, technical and commercial safety of iyzico and relevant persons having a professional relation with iyzico; and the planning and execution of activities that are necessary to market and offer the services offered by iyzico by personalising such services according to the liking, habits and needs of relevant persons.
3. Personal data to be processed on the basis of explicit consent of users and the purpose of processing:
In circumstances where the conditions for personal data processing set out in Articles 5/2 and 6/3 of the Law are not met, the explicit consent of user’s must be obtained for iyzico to process personal data.
Accordingly, the personal data of users for the purposes of developing campaigns directed at users, cross-selling, identifying a target audience, implementing activities that enhance user experience through tracking users’ movements, developing the operation of iyzico’s website, user panel and mobile application and personalising them according to the needs of users, executing direct and indirect marketing, customised marketing and re-marketing activities, executing customised segmentation, targeting, re-targeting, analysis and inter-corporate reporting activities, planning and executing the sales and marketing processes offered by iyzico including with the intent of planning and executing user satisfaction activities and user relationship management processes, planning and implementing processes of generating and/or increasing loyalty to the services offered by iyzico may only be processed, submitted to third persons and shared with parties set out in this Information and Consent Statement.
4. The transfer of user’s personal data
The personal data of users may be transferred to Company authorities, our affiliates, business partners, suppliers, shareholders, legally authorised public institutions and organisations and private entities pursuant to the personal data processing conditions and purposes set out in Articles 8 and 9 of the Law which include the following: the execution of necessary works by business units in order to allow relevant persons to benefit from the services offered by iyzico and the execution of relevant work processes; the execution of necessary works by business units to perform commercial activities carried out by iyzico and the execution of related work processes; the planning and implementation of iyzico’s commercial and/or business strategies; ensuring the legal, technical and commercial safety of iyzico and relevant persons having a professional relation with iyzico; and the planning and execution of activities that are necessary to market and offer the services offered by iyzico by personalising such services according to the liking, habits and needs of relevant persons.
5. The method and legal purpose of personal data collection:
The personal data of users is collected either electronically or physically in case of iyzico’s request. Personal data collected for legal reasons stipulated above may be processed and transferred for purposes set out in Articles 5 and 6 of the Law and this Information and Consent Statement.
6. The rights of users as data subjects:
Pursuant to Article 11 of the Law, a data subject is entitled to: (i) learn whether or not his or her personal data have been processed, (ii) request information as to processing where his or her data have been processed, (iii) learn the purpose of personal data processing and whether the personal data is used in accordance with such purpose, (iv) know the third parties in the country or abroad to whom personal data have been transferred, (v) request rectification in case personal data have been processed incompletely or inaccurately and request the notification of the operations in this regard to third parties to whom personal data have been transferred, (vi) despite having been processed in accordance with the provisions of the Law or other related regulations, request the erasure or destruction of such personal data in case the reasons necessitating their processing cease to exist and request notification of the operations in this regard to third parties to whom personal data have been transferred, (vii) object against any result that is to his or her detriment occurring from the analysis of personal data exclusively through automated systems, (viii) request compensation in case the data subject incurs any damage due to the unlawful processing of personal data.
Information Notice Regarding Personal Data Processing
Data Controller: iyzi Ödeme ve Elektronik Para Hizmetleri A.Ş. (“iyzico”)
Legal Title: iyzi Ödeme ve Elektronik Para Hizmetleri A.Ş.
MERSİS Number: 0483034315700019
Address: Burhaniye Mahallesi Atilla Sokak No:7 Üsküdar İstanbul
E-mail: [email protected]
Telephone: +90 216 599 01 00
Legal Title: iyzi Payments, UAB
Registry Number: 304782968
Address: Mėsinių g. 5, LT-01133 Vilnius LITHUANIA
E-Mail: [email protected]
Telephone: +90 216 599 01 00
We, as iyzi Ödeme ve Elektronik Para Hizmetleri A.Ş. (“iyzico” or “Company”) care about protecting the personal data. In this Information Notice, we would like to inform you about personal data processing by iyzico within the scope of the Law No. 6698 on the Protection of Personal Data (“KVKK”).
The Purpose of The Processing of User’s Personal Data:
Users’ (Customers or people visiting our website) personal data shall be processed;
- In the manner prescribed by the rule of law and in good faith
- In connection, limited and proportionately with the processing purposes,
- In an accurate and updated manner,
- For specified, explicit, and legitimate purposes.
As iyzico, we process Users’ personal data in accordance with the Articles 5 and 6 of the KVKK for the following purposes:
i. The execution of necessary works and respective work processes by business units in order to allow relevant persons to benefit from services offered by iyzico,
ii. The carrying out of works by business units that are necessary for the performance of commercial activities of iyzico and the execution of related work processes,
iii. The planning and execution of iyzico’s commercial and/or business strategies,
iv. Ensuring the legal, technical and commercial safety of iyzico and relevant persons having a professional relation with iyzico,
v. The planning and execution of activities that are necessary to market and offer the services offered by iyzico by personalising such services according to the liking, habits and needs of relevant persons.
The Transfer of Users’ Personal Data
Users’ personal data may be transferred to the Company authorities, our affiliates, business partners, suppliers, shareholders, legally authorised public institutions and organisations and private entities pursuant to the personal data processing conditions set out in Articles 8 and 9 of the Law (KVKK) and within the scope of above-mentioned purposes.
The Method and Legal Ground of Personal Data Collection:
The personal data of Users is collected either electronically or physically in case of iyzico’s request. Personal data collected for legal ground stipulated above may be processed and transferred for the purposes specified in this Information Notice and pursuant to the Articles 5 and 6 of the Law.
The Rights of Users As Data Subjects:
Within the scope of Article 11 of Law (KVKK), Users have right to;
i. Learn whether or not his or her personal data have been processed
ii. Request information as to processing where his or her data have been processed,
iii. Learn the purpose of personal data processing and whether the personal data is used in accordance with such purpose,
iv. Know the third parties in the country or abroad to whom personal data have been transferred,
v. Request rectification in case personal data have been processed incompletely or inaccurately and request the notification of the operations in this regard to third parties to whom personal data have been transferred,
vi. Despite having been processed in accordance with the provisions of the Law or other related regulations, request the erasure or destruction of such personal data in case the reasons necessitating their processing cease to exist and request notification of the operations in this regard to third parties to whom personal data have been transferred,
vii. Object against any result that is to his or her detriment occurring from the analysis of personal data exclusively through automated systems,
viii. Request compensation in case the data subject incurs any damage due to the unlawful processing of personal data.
The claims with respect to such rights may be submitted in writing or in accordance with the method stated by Personal Data Protection Board. iyzico will assess and determine such requests within 30 days. iyzico reserves the right to request a reasonable fee on the basis of the rate specified by the Personal Data Protection Board in relation to such requests.
Consent Letter of Commercial Communication
I acknowledge that iyzi Ödeme ve Elekronik Para Hizmetleri A.Ş. to send a commercial electronic message to me by means of all kinds of electronic communication means such as text message (SMS), video and voice message (MMS), e-mail, letter, telephone, call center, automatic search and so on regarding all kinds of products and services to be offered by iyzi Ödeme ve Elekronik Para Hizmetleri A.Ş., by itself and / or by its service providers; the purpose of advertising, campaigns, discounts, gifts, raffles, promotions, advertising, publicity and information, developing special opportunities for my needs, maintaining the connection with me, customer satisfaction research, survey studies, celebration, wishes, approval and marketing studies.
iyzi Ödeme ve Elektronik Para Hizmetleri A.Ş. / Mersis No: 0483034315700019 Tel No: 02165990100 Address: Burhaniye Mah. Atilla Sok. No:7 Uskudar Istanbul – Turkey