Data Responsible in terms of your personal data that you share through the channels described under this section is Zotlo Teknoloji Anonim Şirketi which is registered in Istanbul Trade Registry with the number 307607-5, and Mersis numbered 0999118029700001, and its center is Maslak Mah. Büyükdere Cad. USO Center NTV Apt. No:245/27 Sarıyer, İstanbul.

Within the scope of the service we provide to you, we process the following personal data:

ID&Communication Usage Information Payment Information Device Information
Name, e-mail, phone number Technical data collected from your devices Credit Card Information Encrypted by Payment Service Provider, E-mail, IP address, country information Device model, Device ID, IDFA, IDFVA

We may collect your personal data through the website(s) we have created for payment and operated by us.

As Zotlo, we process your personal data mentioned above for the following purposes:

  • completion of payment transactions,
  • registration of users,
  • user complaint management and error reporting,
  • preventing unauthorized and fraudulent transactions,
  • optimizing our services and measuring and analyzing their quality,
  • making evaluation between companies,
  • risk management,
  • meeting valid requests submitted by authorized public institutions and organizations,
  • managing complaint management processes,
  • storing financial records and,
  • or the purposes such as fulfilling our legal obligations, for instance the resolution of possible disputes arising from the law and secondary legislation, to which Zotlo is a party,

Payment information is mainly stored by the payment service provider. As Zotlo, we only keep credit card information encrypted and tokenized by the payment service provider and process it for the purposes stated in this text.

We do not knowingly collect or request personal data from anyone under the age of 16. If you learn that a minor has provided us with personal data without the consent of a parent or guardian, you can report this to our customer support team.

We process your personal data for the legal reasons specified in Article 5 of the KVKK, based on the following:

  • If personal data processing is necessary for the establishment or performance of the contract between you and Zotlo: Your data under Identity & Communication, User, Payment and Device Information are processed for the effective use of Zotlo; and your Identity & Communication and User data are processed for you to send your possible requests/suggestions.
  • Obligatory personal data processing for our legitimate interests: Your Identity & Communication, User Transaction, Transaction Security data are processed in order to provide you with a better service and to carry out our customer service activities.
  • The processing of personal data is based on your explicit consent: In order to promote Zotlo and carry out marketing activities, your contact information is processed to contact you via e-mail if you have your express consent.

Your personal data can be transferred to the domestic and international groups shown in the table below and only for the purposes shown in the table:

Person Groups that can Transfer the Data Statement About Contact Groups Purposes of Data Transfer
Our Third Party Service Providers Payment service providers authorized to complete payment transactions. We may share payment information with our third-party service providers so that we can complete payment transactions. Payment information shall only be shared with authorized payment service providers and is never stored on our servers.
Other Third Party Service Providers They are third-party service providers that promote limited to Zotlo's instructions. We may share identity and device information with other third-party service providers for promotion and information purposes. These third-party service providers shall be obliged to fulfill the instructions given to them on our behalf and not to disclose or use the data they obtain to a third party other than the said instructions.
Legally Authorized Public Institutions and Organizations and Private Legal Persons Authorized law enforcement, regulatory, executive bodies, courts or other third parties to whom we deem necessary disclosure in accordance with the provisions of the relevant legislation. In accordance with our legal obligation, if required by our own and third parties' rights, property and safety, we may need to share Personal Data with authorized institutions. Before sharing personal data, we shall investigate whether the party requesting the data is authorized to make such a request.

By applying to our Company in accordance with Article 11 of KVKK, You have following rights;

  • Learning whether your personal data are processed,
  • Requesting information if your personal data has been processed,
  • Withdrawing any prior consent you have given us regarding the use of your personal data,
  • Learning the purpose of processing your personal data and whether they are used in accordance with their purpose,
  • Knowing the third parties to whom personal data are transferred at home or abroad,
  • Requesting correction of personal data in case of incomplete or incorrect processing,
  • Requesting deletion or destruction for evaluation within the principles of purpose, duration and legitimacy,
  • Requesting that these transactions be notified to the third parties to whom personal data are transferred in case of correction, deletion or destruction of personal data,
  • Objecting to this result if a result is found against you in case the processed data is analyzed exclusively through automated systems,
  • Requesting compensation in case of unlawful processing of personal data and therefore if you are harmed.

You can choose the following methods to exercise your rights specified in this article and to forward your requests to Zotlo:

1. by email (please check your e-mail address registered in our system) to email address below:

2. by hand with a wet signature to our postal address listed below or through a notary public,

Address: Maslak Mah. Büyükdere CAD. USO Center NTV Apt. No:245/27 Sarıyer

3. by other methods specified in the Communiqué on Application Procedures and Principles to the Data Controller.