Privacy & GDPR Policy

  • 1. GENERAL
  • 2. PURPOSE OF THE PERSONAL DATA POLICY
  • 3. PERSONAL DATA COLLECTED
  • 4. LEGAL BASES
  • 5. USE OF COOKIES
  • 6. STORAGE OF PERSONAL DATA
  • 7. TRANSFER TO THIRD PARTIES
  • 8. TRANSFER TO THIRD COUNTRIES
  • 9. USE AND PROCESSING OF AMAZON DATA
  • 10. YOUR CHOICES
  • 11. YOUR RIGHTS
  • 12. PROTECTION OF PERSONAL DATA
  • 13. OTHER INFORMATION
  • 14. CONTACT INFORMATION

1. GENERAL

This Privacy & Personal Data Policy aims to inform you about the personal data collected, stored, processed, shared, and transferred by Iwastech. All real persons who visit the websites of Iwastech and its affiliated applications, or who use any Iwastech service (for example, making a credit card payment to a merchant who receives payments via Iwastech), fall within the scope of this Privacy & Personal Data Policy.

Throughout this Privacy & Personal Data Policy, expressions such as “we” or “our company” may be used to refer to Iwastech. The official title and contact details of the Iwastech company are provided at the end of this policy.

The terms “personal data,” “personal information,” and “your information” are used interchangeably and refer to any data related to an identified or identifiable real person (e.g., name, email address, date of birth, ID number).

We are aware that personal data is important to our customers and end users, and everyone within Iwastech will make every effort to comply with this policy and ensure the security of your personal data under all circumstances.

2. PURPOSE OF THE PERSONAL DATA POLICY

To explain as clearly and transparently as possible the purpose and manner in which we use the data we collect,
● To inform you, with your consent, about what information we collect and how and for what purposes this information is processed,
● To provide details on the purposes and methods of sharing this information with third parties,
● To inform you about your legal rights concerning your personal data,
● To explain our responsibility to protect your rights and privacy.

This policy applies solely to the use of Iwastech’s products and services. For all websites and platforms not owned by Iwastech, the respective privacy policies and rules of the related person or institution shall apply.
In cases where, for example, a merchant embeds an Iwastech payment form on their website to transfer payment information to Iwastech, both Iwastech’s and the relevant merchant’s privacy policies will be applicable.

The types of personal data processed by Iwastech may vary depending on how you use the services.
Some services may not be available to you depending on your location and legal status.

3. PERSONAL DATA COLLECTED BY IWASTECH

When you visit our website or use our services, we collect various types of personal data about you. When you access our website, send or receive a payment via Iwastech, or register and create an account with Iwastech, we collect the information necessary to provide the services you requested effectively and securely. This information may include:

● Your personal information: (e.g., your name, address, email address, identification number).

● Payment information: (e.g., your credit card number, expiration date, installment preference).

● Information obtained from third parties: For example, we may receive details about the products or services you wish to purchase from a customer registered with Iwastech, your membership details with the seller, your IP address, and information about your past transactions. We may also receive shipment status updates from courier companies.

● Information about your business: If you wish to become a customer using Iwastech services, we collect information identifying your business type and identity, contact details, descriptive documents about the business, bank account details required for fund transfers, and data regarding your use of Iwastech products and services (such as IP address, website infrastructure used, etc.).

● Platform information: If you are a merchant selling on a platform (e.g., a marketplace), your business’s identifying information, contact details, and bank account information may be transferred to Iwastech by the platform to which you are affiliated.

● Cookies and other tracking technologies: We collect information through cookies, beacons, and other tracking mechanisms used to deliver our services and conduct interest-based marketing activities (e.g., details about your device, geographic location, and usage behavior).

4. USE OF PERSONAL DATA BY IWASTECH AND LEGAL BASES

Under the GDPR, we use the personal data we collect for various purposes permitted by the legal regulations in Turkey and the European Union. Our purposes for using personal data are outlined below with examples. While processing this data, we rely on legal bases as defined under the GDPR, which may include the fulfillment of contractual obligations, our legitimate interests, your explicit consent, and our legal obligations.

● To provide our website and services to you: We need to use your personal information to process payments, facilitate fund transfers, store your credit card details upon your request for future use, and allow you to create, access, and modify your account.

● To improve our services and manage operational needs: We monitor how our websites and services are used and analyze usage data to enhance our performance.

● To manage risk and protect our platform and customers from harm: We identify our customers and assess risk levels in order to detect and prevent fraudulent activities. These decisions may be made by automated algorithms under specific rules or directly by our personnel. If any application or transaction you attempt is denied following such an assessment, you can request an explanation by contacting us using the details provided at the end of this document.

● To contact you when necessary: We use your contact information to update you about the status of your transactions. Additionally, if an issue arises concerning your transaction or account, we may reach out to help resolve it. Communication may come directly from Iwastech employees or from our business partners, in which case your personal data may need to be shared with them.

● To fulfill our legal obligations or resolve disputes: Certain regulations in the jurisdictions where we operate may require us to use and store your information in specific ways. As a payment service provider, we are obligated to retain records of all mediated transactions for purposes such as compliance with data retention requirements, anti-money laundering regulations, and taxation. In the event of a dispute between the parties of a transaction or between users and Iwastech, your personal data may be used to resolve the issue and may be shared with courts or alternative dispute resolution bodies.

● Consent: We may use your information for other purposes with your consent. For example, we may request your permission to send you marketing communications or collect your feedback. You may withdraw your consent at any time by contacting us using the information at the end of this document. When doing so, please include details that will help us identify you. Withdrawal of consent will take effect going forward and does not render any previous processing based on your consent unlawful; however, we will cease processing the relevant data after receiving your withdrawal notice.

5. USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

During your use of Iwastech’s website and services, access data such as the name of your internet service provider, IP addresses, and the pages you browse are collected. This information may be used in accordance with applicable regulations to provide the website infrastructure, conduct statistical analysis, and better target promotions related to Iwastech.

In addition, information collected through cookies, beacons, and other tracking mechanisms may be used to support site functionality, manage the website infrastructure, and for marketing purposes. You may refuse the use of cookies by adjusting the appropriate settings in your browser; however, please note that doing so may limit the full functionality of our website.

6. STORAGE AND DELETION OF PERSONAL DATA

The period during which Iwastech will retain your personal data in a manner that allows your identification will be in compliance with the durations required by the GDPR and other applicable local regulations. Once the retention period for your personal data has expired, we will ensure that your data can no longer be associated with you by deleting it or anonymizing it in accordance with our internal procedures designed to safeguard data security.

7. TRANSFER OF PERSONAL DATA TO THIRD PARTIES

While providing our services, we may sometimes share your personal data with third parties for the purposes described below. When necessary, we use the services of other companies, and in doing so, we may need to share some of your personal data with them.

For example, when we receive your payment information (which we may collect directly from you or through a merchant you wish to pay), we share it with relevant financial institutions to complete the transaction.
Or, if your transaction requires additional steps (such as customs clearance for an international purchase), we may share your data with the relevant service providers (e.g., customs brokers) to facilitate those steps.

To ensure the safety and convenience of our users and operations, we may also share personal data with third parties (e.g., data processors involved in fraud prevention).
When you use our services, we may inform the other parties involved in your transaction (e.g., the merchant you are paying or other users), which may involve sharing some of your personal data with them.

Law enforcement and other authorities may request your personal data from us. We share this data only when legally required or when we believe it is necessary to prevent or investigate a crime.

We may also need to share your data with third parties for other operational purposes. These purposes may include company audits, corporate governance, and the exercise of our legal rights.
In all such cases, we ensure that data sharing is carried out in compliance with legal regulations.

8. TRANSFER TO THIRD COUNTRIES

As we are subject to the GDPR, if your personal data is transferred outside the European Economic Area (EEA), we ensure that such transfers comply with the GDPR and other applicable local regulations. Data will only be shared with countries that we believe provide an adequate level of protection or with recipients who implement appropriate safeguards in accordance with the GDPR.

9. USE AND PROCESSING OF AMAZON DATA

Data received from Amazon is processed for the purpose of delivering and improving Iwastech’s services and is stored on AWS RDS (Amazon Web Services Relational Database Service). This data is collected, used, and processed for the following purposes:

  1. Order Management
    Processing, tracking, and managing your Amazon orders:
    Order Confirmation: Verifying order information received from Amazon, processing it, and providing order confirmations.
    Product Preparation: Managing the preparation and packaging of ordered items.
    Shipping and Delivery: Managing logistics to ensure accurate and timely delivery of orders.
    Order Tracking: Monitoring the current status of orders and informing customers accordingly.

  2. Customer Support
    Responding to Amazon customer service requests:
    Returns and Exchanges: Processing return, exchange, and refund requests.
    Communication: Providing support and information to customers via email, phone, or other communication channels.

  3. Marketing and Analytics
    Analyzing data obtained via Amazon and using it for marketing purposes:
    Data Analysis: Analyzing data such as sales performance, customer preferences, and market trends.
    Personalized Marketing: Creating tailored product suggestions and marketing campaigns based on customer behavior.
    Advertising and Promotions: Planning and running targeted ad and promotional campaigns based on customer segments.
    Customer Satisfaction: Analyzing customer feedback and developing strategies to improve satisfaction.

  4. Legal Requirements
    Storing and processing Amazon data in compliance with legal obligations:
    Legal Compliance: Retaining and processing personal data in accordance with legal regulations, including tax laws, commercial laws, and data protection regulations.
    Auditing and Reporting: Performing necessary audits and submitting reports to regulatory authorities to fulfill legal obligations.
    Dispute Resolution: Retaining and sharing relevant data with legal or regulatory bodies in the event of disputes or conflicts.
    Security and Fraud Prevention: Monitoring and analyzing data to detect fraud and implement security measures.

Each of these processes is carefully managed and executed to enhance Iwastech’s service quality, ensure customer satisfaction, and guarantee compliance with legal obligations. The security and confidentiality of your data remain our highest priority throughout all of these operations.

10. YOUR CHOICES

You have certain choices regarding your privacy. You may always refuse to provide the personal data requested by Iwastech. However, if the information you decline to provide is essential for us to deliver our services, you may not be able to use those services. For example, if you do not enter your credit card number on a payment page of a merchant who accepts payments through Iwastech, we will not be able to process your payment.

As explained in previous sections, we also use cookies to improve our services. You can reject these cookies by adjusting your internet browser settings, but doing so may prevent you from being able to use our website and services effectively.

Some of your personal data held by us can be viewed in the settings section after logging into the mobile or web applications of Iwastech and its affiliated platforms. If you wish to exercise your rights over this or any other personal data, you may contact us using the information provided at the end of this document.

From time to time, we may contact you. This communication may be for marketing purposes or in relation to transactions you are involved in. You can opt out of receiving all marketing-related messages by following the instructions provided at the bottom of those messages.

You cannot opt out of receiving transaction-related notifications, but you may be able to change the method and contact details through which those notifications are delivered.

11. YOUR RIGHTS

In accordance with the GDPR and other applicable legal regulations, you have the following rights:

(a) To learn whether your personal data is being processed, which personal data is being processed, the sources from which the data is obtained, the third parties to whom the data is transferred both domestically and abroad, and the duration for which the data is retained or the criteria used to determine that duration,
(b) To access your personal data and to request a copy of the data you have provided in a structured, commonly used, and machine-readable format, or to request that it be transferred to another data controller,
(c) To learn the purpose of the processing of your personal data and whether it is being used in accordance with that purpose,
(d) To object to the processing of your personal data or to request its restriction,
(e) To request correction of your personal data if it is incomplete or inaccurate,
(f) To request the deletion or destruction of your personal data if the reasons for processing no longer exist,
(g) To request that any corrections or deletions be communicated to third parties to whom the data has been transferred,
(h) To object to the outcome of a decision made solely based on automated processing of your personal data that produces legal or similarly significant effects on you,
(i) To request compensation if you suffer damage as a result of the unlawful processing of your personal data.

12. PROTECTION OF PERSONAL DATA

All personal data obtained by Iwastech is transmitted and stored under industry-accepted reasonable security standards. The security of payment data is ensured through our PCI DSS (Payment Card Industry Data Security Standard) Level 1 compliant infrastructure, and the transmission of personal data is protected through encrypted connections. While we take all reasonable measures to protect your personal information, it is your responsibility to maintain the security of your password and account details.

13. OTHER INFORMATION

Our services and website are not intended for use by children (i.e., anyone who is not legally an adult). We do not knowingly collect personal data from children or individuals who are legally prohibited from using our services. If we become aware that we have obtained personal data belonging to a child, we will delete it immediately unless we are legally required to retain it. If you believe that we have unintentionally collected personal data from a child, please contact us immediately using the contact information provided below.

We may update this privacy policy from time to time. Any changes will become effective as of the date the new privacy policy is published. Users and customers are responsible for monitoring such updates and for informing any individuals with whom they engage in transactions—or whose information they share with Iwastech—about Iwastech’s data processing activities and this privacy policy before doing so.

14. CONTACT INFORMATION

Company Name: Iwastech Software E-Commerce Export and Import Limited Company
Address: Eryaman Mah. Oyak Atakent No:27, Etimesgut / Ankara, Turkey
Email: [email protected]
Phone: (+90) 545 596 33 20