(KVKK – Turkish Personal Data Protection Law)

Personal Data Protection Notice

At BYTELLI, we attach great importance to the protection of personal data belonging to our members and visitors. This notice has been prepared to inform you about how your personal data is processed in accordance with the Turkish Personal Data Protection Law No. 6698 (“KVKK”) and related regulations.

1. Definitions

For the purposes of this Notice:

• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing of Personal Data: Any operation performed on personal data, such as collection, recording, storage, protection, modification, disclosure, transfer, classification, or prevention of use.
• Data Processor: A natural or legal person who processes personal data on behalf of the Data Controller.
• Data Recording System: A system in which personal data is processed by being structured according to specific criteria.
• Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system.

2. Data Controller

In accordance with Law No. 6698, the Data Controller is:

Telli Mücevherat ve Altın İnşaat Sanayi ve Ticaret Ltd. Şti.
Email: info@bytelli.com
Website: www.bytelli.com

3. Purpose of Processing Personal Data

Personal data of members and visitors may be processed for the following purposes, in line with Articles 5 and 6 of Law No. 6698:

• carrying out sales, order, delivery, return, and customer service processes,
• managing commercial and operational activities,
• planning and executing business strategies,
• ensuring legal, technical, and commercial security,
• customizing and promoting products and services according to user preferences,
• managing customer relations and satisfaction processes,
• conducting marketing, campaign, promotion, survey, and market research activities (subject to consent where required),
• fulfilling legal obligations and responding to requests from authorized public institutions,
• creating and monitoring visitor and transaction records.

4. Processing Based on Explicit Consent

In cases where the conditions set out in Articles 5/2 and 6/3 of Law No. 6698 are not met, personal data may be processed only with the explicit consent of the data subject.

5. Transfer of Personal Data

Personal data may be transferred, in accordance with Articles 8 and 9 of Law No. 6698, to:

• payment service providers and banks,
• logistics and delivery companies,
• business partners, suppliers, and service providers,
• legally authorized public institutions and private entities,

solely for purposes related to the execution of services, fulfillment of legal obligations, and business operations.

For identity verification and payment processing, certain personal data may be shared with payment institutions in line with applicable financial crime prevention regulations.

Personal data may be transferred domestically or internationally, provided that the conditions stipulated by Law No. 6698 are met.

6. Method and Legal Basis of Data Collection

Personal data is collected electronically through the website and related digital channels.

The legal basis for processing personal data includes compliance with legal obligations, performance of contracts, legitimate interests of the Data Controller, and explicit consent where required.

7. Retention Period of Personal Data

Personal data is retained for the periods stipulated in applicable legislation.

If no specific retention period is prescribed by law, personal data is stored for the duration necessary for the purpose of processing, in line with commercial practices, and is subsequently deleted, destroyed, or anonymized.

Where required for the establishment, exercise, or defense of legal claims, personal data may be retained for the relevant limitation periods.

8. Rights of Data Subjects

Pursuant to Article 11 of Law No. 6698, data subjects have the right to:

• learn whether personal data is processed,
• request information regarding processed personal data,
• learn the purpose of processing and whether it is used accordingly,
• know third parties to whom personal data is transferred domestically or abroad,
• request correction of incomplete or inaccurate data,
• request deletion or destruction of personal data where processing grounds cease to exist,
• object to outcomes arising from automated data processing,
• request compensation for damages arising from unlawful processing.

Requests regarding these rights may be submitted via the communication channels provided by BYTELLI. Requests will be evaluated and finalized within 30 days in accordance with applicable legislation.

9. Amendments

This Notice may be updated from time to time in line with legal, technological, or operational developments.

Acceptance Statement

I have read, understood, and acknowledge the Personal Data Protection Notice.