BOOSTIPAY PRIVACY NOTICE FOR USERS 

Last Updated: 01.03.2024

BOOSTI TEKNOLOJİ ANONİM ŞİRKETİ (“BoostiPay” and/or “Company”) values your privacy and is committed to protecting your personal data. This Privacy Notice (“Statement”) provides you with information about how we process your personal data.

This Statement has been prepared to provide you with information regarding the processing, storage, and transfer of personal data of individuals or representatives of legal entities who contact us through BoostiPay and the website https://www.boostipay.com (“Website”) in accordance with Law No. 6698 on the Protection of Personal Data (“Law”) and related legislation.

1.  DATA CONTROLLER

The data controller for the processing of your personal data is BOOSTİ TEKNOLOJİ ANONİM ŞİRKETİ with a MERSIS Number of 0179-1550-6890-0001. The contact information for BoostiPay is as follows:

• Address: 19 Mayıs Mahallesi, Turaboğlu Sokak, Hamdiye Yazgan İş Merkezi, No:4/2 Kadıköy, İstanbul.
• Email  : info@boostipay.com

2. PERSONAL DATA CATEGORIES

When you visit or use our platforms, we process your personal data in the following categories: 

Personal Data Category	Example of Personal Data
Identity Information	Name, Surname, Title, Age
Communication Information	Email address and other personal data
Marketing Information	Conversations and correspondence between BoostiPay and the User via the message section in the contact form, e-mail, communication history
Statistical Information	User’s IP address, website login and login information, internet provider, operating system and browser used by the User, device type, geographical region reported by the Users device

3. PURPOSES AND LEGAL REASONS FOR PROCESSING PERSONAL DATA

Your personal data is processed by us for the purposes listed below in accordance with the principles set out in Article 4 of the Law No. 6698 on the Protection of Personal Data ("KVKK") and based on the legal reasons listed in Articles 5 and 6: 

Purpose(s)	Legal Reason(s) within the scope of Article 5/2 of the KVKK
- Compliance with the Regulation on Measures to Prevent Laundering Proceeds of Crime and Financing of Terrorism - Performance of Activities in Compliance with the Legislation - Monitoring and Performance of Legal Affairs - Providing Information to Authorized Persons, Institutions and Organizations	a) Explicitly stipulated in the law.
- Updating identity and contact information - Performance of Goods / Service Sales Processes - Performance of Goods / Services After Sales Support Services - Performance of Communication Activities - Performance of Finance and Accounting Affairs  - Tracking Requests / Complaints - Executing Contract Processes	c) Provided that it is directly related to the establishment or performance of a contract, it is necessary to process personal data belonging to the parties to such contract.
- Performance of Activities in Compliance with the Legislation  - Monitoring and Performance of Legal Affairs - Performing Finance and Accounting Affairs Providing Information to Authorized Persons, Institutions and Organizations (such as MASAK, BTK, BDDK, GIB) - Executing Information Security Processes	ç) It is mandatory for the data controller to fulfill their legal obligation.
- Tracking Requests / Complaints  - Requesting information/documents from the user to ensure account security - Performance of Goods / Services After Sales Support Services	e) Data processing is mandatory for the establishment, exercise or protection of a right.
- Performance of Management Activities - Receiving and Evaluating Suggestions for Improvement of Business Processes    - Executing Information Security Processes  - Performance of Activities for Customer Satisfaction - Performance of Customer Relationship Management Processes - Executing Advertising / Campaign / Promotion Processes - Executing Company / Product / Service Loyalty Processes - Conducting Communication Activities	f) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.

Your personal data in the identity and communication categories are processed with your explicit consent for the execution of advertising/campaign/promotion processes.

You have the right to withdraw your explicit consent for the processing of your personal data at any time, without any restriction or harm. You can submit your requests regarding this matter through our contact channels mentioned above.

4. DATA COLLECTION METHOD

In order to fulfil the purposes specified in section C of this Statement, your personal data is collected by the relevant person through filling out the forms on our Website, sending e-mail messages, communications made via Discord server and notifications sent by authorized public institutions by automatic or non-automatic methods based on the legal reason specified in 5 (2) of the KVKK.  

Your statistical personal data is collected by our supplier (Google Analytics), whose infrastructure is located abroad, which we have integrated into our Website in order to improve the service we provide to you.

5. STORAGE OF PERSONAL DATA

BoostiPay retains your personal data only for the duration necessary to fulfil the purposes stated in the relevant legislation or for the purpose they were processed.

In addition, BoostiPay carries out data minimization efforts, determines the periods prescribed by the legislation for the storage of personal data, or determines the maximum period based on the processing purpose if there is no period prescribed in the legislation, and destroys the personal data upon the expiration of this period. 

If you request the erasure of your personal data, you can always contact us through the contact channels mentioned above. Our team will fulfil your erasure request as soon as possible. However, if the fulfilment of legal obligations or the establishment and protection of a right is involved, BoostiPay may continue to store the data processed for these purposes for the necessary period. 

6. TRANSFER OF PERSONAL DATA

In line with the provisions of both the Constitution and the Law on the Protection of Personal Data, BoostiPay pays utmost care and attention to the sharing of personal data domestically and / or abroad and continues its activities in accordance with the current regulations in this context. 

Your personal data will be transferred without seeking the explicit consent of the relevant person in accordance with Article 8 (2) (a) of the KVKK for the purposes specified below:

• In order to fulfill legal obligations in accordance with the relevant legislation, it may be shared with authorized public institutions and organizations if necessary or upon request.
• In order to follow legal processes, it may be shared with our lawyers as much as necessary within the framework of the confidentiality obligation.
• Transfer Abroad

As a rule, BoostiPay does not transfer personal data collected in accordance with the law abroad. Information and communication technology applications and software (“IT Systems”) will be used for the execution of our business activities. The infrastructure and databases of these services are located abroad.

Your personal data will be transferred abroad “with your explicit consent” due to the fact that the infrastructure and databases of the IT Systems used for the purposes of carrying out communication activities and storing your personal data are located abroad.

Such data transfer may be recorded for the purposes of conducting communication activities, conducting and supervising business activities, performing the products and services offered to you, marketing and promoting new products and services, conducting storage and archive activities, following up requests and complaints, and therefore may be transferred abroad as described above. Your personal data that we transfer abroad are not shared with other third parties abroad, except for the above-mentioned purposes.

7. WHO WILL HAVE ACCESS TO YOUR DATA?

BoostiPay will be able to share your personal data with the following persons or organizations (“Recipients”) within the framework of BoostiPay activity and for the purposes stated above:

• BoostiPay Personnel: Your personal data may also be processed by the personnel assigned with the contract and service management that includes confidentiality obligations within BoostiPay.
• Third Party Service Providers: On behalf of BoostiPay and in accordance with its instructions, BoostiPay may also use third parties to perform certain services (e.g., data storage, sending messages on behalf of BoostiPay, consumer service, IT services related to the operation of the Website, sending e-mails) based on the need to process personal data.

The aforementioned BoostiPay Personnel and Third-Party Service Provider data processors have undertaken an obligation of confidentiality and may not use the personal data to which they are granted access for any purpose other than to fulfill the functions they have undertaken. They are also subject to a legal duty of confidentiality. A complete and up-to-date list of companies acting as data processors is available upon request by writing to info@boostipay.com.

8. PROTECTION OF CHILDREN'S PERSONAL DATA

Persons under 18 years of age and minors are prohibited from using our Platforms. Persons in this group should not order any paid services through our Platforms or go online on our Platforms.

9. OBSERVING THE RIGHTS OF THE DATA SUBJECT

Pursuant to Article 11 of the KVKK, the relevant persons; 

• Learn whether their personal data is being processed or not,
• Request information if their personal data has been processed,
• To learn the purpose of processing personal data and whether they are used in accordance with their purpose,
• To know the third parties to whom personal data are transferred domestically or abroad,
• To request correction of personal data in case of incomplete or incorrect processing and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
• To request the deletion or destruction of personal data within the framework of the conditions stipulated in Article 7 of the Law (the disappearance of the reasons requiring the processing of personal data, although it has been processed in accordance with the provisions of the Law and other relevant laws) and to request notification of the transaction made within this scope to third parties to whom personal data is transferred,
• To object to the occurrence of a result against you by analyzing the processed data exclusively through automated systems,
• In the event that their personal data is damaged due to unlawful processing, they have the right to demand compensation for the damage.

The exceptional cases stipulated in Article 28 of the Law are reserved.

You may submit your requests regarding these rights by filling in all the information specified in the Data Subject Application Form in accordance with Article 11 and paragraph 1 of Article 13 of the KVKK and the Communiqué on the Procedures and Principles of Application to the Data Controller,

• By personally coming to BoostiPay at the address of 19 Mayıs Mahallesi, Turaboğlu Sokak, Hamdiye Yazgan İş Merkezi, No:4/2 Kadıköy, İstanbul.
  • In order to verify your identity and prevent the disclosure of information to unauthorized individuals, you may provide written documents through a notary or by sending a registered letter,

  • You can send an e-mail to support@boostipay.com by using a secure electronic signature, mobile signature or (if any) the e-mail address previously notified by you to BoostiPay and registered in our systems.

In addition to the rights specified in Article 11 of the KVKK, we remind you that if you give explicit consent to the processing of your personal data, you have the right to withdraw such explicit consent at any time.

10. APPLICATION and EFFECTIVENESS

This Statement is published on our company's Website and is effective from the date of its publication.

BoostiPay may make changes or updates in accordance with legal regulations and company policies. All such changes and updates will be reflected in the documents on our Website. The date of the latest modification in the documents will be indicated at the beginning of the text. It is your responsibility to periodically review the documents in order to stay informed of these updates.

11. REPORTING SECURITY VULNERABILITIES

As BoostiPay, we have implemented the necessary technical and administrative measures to ensure the security of your personal data. However, if you notice any security issues regarding your data, please inform us.

When reporting such issues to us, please send us a submission that includes the details of the security vulnerability, an email explaining what actions we need to take to reproduce or validate the vulnerability, your contact information, and your name to the email address info@boostipay.com. If you believe there has been a breach of the protection of your personal data, you can fill out the relevant individual application form and breach form and submit it to us through any of the contact channels provided above.