Privacy Policy and KVKK Information Notice

BenBuldum.com values user privacy. This Privacy Policy explains for what purposes personal data collected through the Platform is processed, by which methods it is collected, the retention periods, and the rights of data subjects.

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Data Subject: The natural person whose personal data is processed (e.g. Platform users).
  • Data Controller: The company/entity providing BenBuldum.com services.
  • Processing: Any operation performed on personal data such as obtaining, recording, storing, modifying, sharing, etc., by automatic or non-automatic means.
  • Cookies: Small text files and similar technologies (pixel tags, local storage, etc.) placed in your browser by the website you visit.

2. Identity of the Data Controller

Data Controller: BenBuldum.com
Address: Fatih Sultan Mehmet Neighborhood, Poligon Avenue, Buyaka 2 Site, Block 3, No: 8C, Inner Door No: 1, Ümraniye / Istanbul
E-mail: info@benbuldum.com
Phone: +90 850 309 02 81

3. What Personal Data Do We Collect?

During your use of the Platform, personal data in the following categories may be collected for different purposes and through different channels:

  • Identity Information: Name, surname, Turkish ID number (if required), username, profile photo.
  • Contact Information: Email address, phone number, billing or contact address.
  • Account Information: Username, password (passwords are stored in encrypted form), account creation/session information.
  • Transaction Data: Listing contents, listing photos, listing history, favorites, message contents (between users).
  • Technical and Device Data: IP address, device, browser type and version, operating system, device identifiers, access date/time information, error logs.
  • Location Data: GPS or IP-based location information with user consent.
  • Payment and Financial Data: Information processed through payment providers (payment card data is processed directly by the payment provider; we only keep transaction result records).
  • Cookie and Analytics Data: Page views, interaction data, and similar statistics.
Note: All collected data is limited to the purpose of processing and the principle of data minimization is observed.

4. How Do We Collect Data?

  • Direct user inputs via membership/account creation forms, listing creation forms, and other user forms.
  • Logs and technical data automatically generated during Platform use (server logs, error reports).
  • Cookies, web beacons/pixel tags, and similar tracking technologies.
  • Data provided through third-party services (e.g. social login, payment providers, external analytics tools).
  • Additional information collected with the explicit consent of users.

5. Processing Purposes and Legal Grounds

The data we collect may be processed for the following purposes and based on the legal grounds set forth in the KVKK:

  1. Service Provision and Account Management: Membership processes, account verification, performance of services. (Legal ground: Establishment/performance of a contract.)
  2. Listing Management and Content Publication: Creation, display, and management of listings. (Legal ground: Establishment/performance of a contract.)
  3. Security and Fraud Prevention: Detection of suspicious activities, prevention of abuse. (Legal ground: Legitimate interest.)
  4. Fulfillment of Legal Obligations: Tax, accounting, legal notifications, and requests from authorized authorities. (Legal ground: Legal obligation.)
  5. Marketing and Advertising: Display of campaigns and targeted advertisements in line with user preferences (requires explicit consent; processed where consent is obtained).
  6. Analytics and Performance Improvement: Analysis of Platform usage, product development. (Legal ground: Explicit consent or legitimate interest, depending on the nature of the activity.)
  7. Cooperation with Third-Party Service Providers: Integration with payment processors, cloud services, analytics/advertising providers. (Legal ground: Performance of the service or explicit consent.)

6. Special Categories of Personal Data

The Platform generally aims not to collect special categories of personal data (such as health data, biometric data, trade union membership). However, if it is exceptionally necessary to collect such data due to legal requirements or service needs, such data will only be processed with the explicit consent of the data subject or based on other legal grounds stipulated by legislation.

7. Data Sharing and Third Parties

Your personal data may be shared with third parties in the following categories in line with processing purposes:

  • Cloud and Infrastructure Providers: For server and storage services (e.g. AWS, Google Cloud, Azure).
  • Analytics Providers: For website usage statistics (e.g. Google Analytics).
  • Advertising Networks: For targeted advertising (with user consent).
  • Legal Requests and Public Authorities: Courts, prosecutors, and public authorities when required.
  • External Service Providers: Software vendors/agencies/business partners for service delivery.

Data shared with third parties is limited to what is necessary, and it is aimed to ensure their data security obligations through contractual arrangements.

8. Cross-Border Data Transfer

Some of our service providers’ servers may be located in different countries. In this case, your personal data may be transferred abroad. For cross-border transfers, compliance with applicable legislation and KVKK provisions, implementation of adequate security measures, and provision of necessary contractual safeguards are ensured.

9. Retention Periods

Your personal data is retained for the period necessary in connection with the purpose of collection. When the retention period expires, data is securely deleted or anonymized. For example:

  • Session cookies: Deleted when the browser is closed.
  • Listing data: Retained as long as the listing is active; after deletion, it may be kept for an additional period in accordance with legal obligations.
  • Invoice/payment records: Retained for the periods required by tax legislation (e.g. 10 years, depending on applicable law).
  • Analytics data: May be retained longer in anonymized form depending on the purpose of collection and processing.

10. Security Measures

Technical and administrative measures are taken to protect personal data. These measures include:

  • Encryption of critical data in databases (hashing/salting/encryption).
  • Ensuring secure data transmission via HTTPS/TLS.
  • Access controls and authorization mechanisms.
  • Logging and detection of anomalies/suspicious behavior.
  • Regular security and penetration tests, software updates.

However, no transaction over the internet can be considered 100% secure; it is also important for users to take basic security measures such as using strong passwords and avoiding suspicious links.

11. Children’s Data

The Platform is designed for users aged 18 and over. If personal data of individuals under the age of 18 is processed, explicit consent from their legal representatives is required. If you believe that a child’s data has been processed without consent, please contact us and we will take the necessary steps to remove the relevant content.

12. User Rights

Pursuant to Article 11 of the KVKK, data subjects have the following rights:

  • To learn whether their personal data is processed.
  • To request information if their data has been processed.
  • To learn the purpose of processing and how data is used.
  • To learn whether data is transferred domestically or abroad.
  • To request correction of incomplete/incorrect data.
  • To request deletion or destruction in accordance with the KVKK.
  • To object to processing and request compensation for damages.
  • The right to withdraw consent (for consent-based processing activities).

To exercise these rights, you may submit your request through the contact channels below. Responses will be provided within the periods specified in the KVKK.

13. Exercising Rights — Application Procedure

You may submit your requests in writing, via email, or through an application form created on the Platform. Providing complete identification information (name, surname, Turkish ID or passport number, contact details, and the content of the request) will expedite the process.

14. Changes to the Policy

This policy may be updated from time to time. When updates are published on the Platform, the “Last Updated” date will be revised and significant changes will be notified to users. Users are advised to review changes regularly.

15. Legal Grounds and Objections

For rights requests or complaints under the KVKK, you may first contact us. If you are not satisfied with the outcome, you retain the right to apply to the KVKK and/or resort to the relevant judicial authorities.

16. Data Processors / External Providers

Data sharing with data processors (e.g. hosting providers, analytics and advertising platforms, payment service providers) is carried out under contracts ensuring that data is processed only for specified purposes and kept secure. An up-to-date list of data processors may be requested via info@benbuldum.com.

17. Cookie Policy and Links to Other Policies

For detailed information about cookie usage, cookie types, and preference management, please review our Cookie Policy. Our Terms of Service and Security Policy are also available on the Platform.

18. Contact

For requests regarding the Privacy Policy or your personal data, please contact us:

  • Email: info@benbuldum.com
  • Address: Fatih Sultan Mehmet Neighborhood, Poligon Avenue, Buyaka 2 Site, Block 3, No: 8C, Inner Door No: 1, Ümraniye / Istanbul
  • Phone: +90 850 309 02 81

  • KVKK Applications: May be submitted via the contact channels above or through the in-Platform application form.