PERSONAL DATA PROTECTION LAW CLARIFICATION TEXT (KVKK)

Last Updated: 19.06.2026

This Clarification Text has been prepared by Appia Yazılım Ltd. Şti. ("APPIA") as the data controller in accordance with Article 10 of the Personal Data Protection Law No. 6698 ("KVKK").

1. Identity of the Data Controller

Title: Appia Yazılım Ltd. Şti.
Address: Demirtaş Dumlupınar Mahallesi 38. Sokak No:62, Bursa, Turkey
Phone: 0224 502 00 18
Email: info@appiaglobal.com
Web: www.appiaglobal.com

2. Processed Personal Data

Identity Data: Name, surname, TR ID number (if legally required), date of birth

Contact Data: Email address, phone number, physical address

Customer Transaction Data: Order details, shipping tracking records, refund requests

Financial Data: Invoice details, payment records, tax number

Transaction Security Data: IP address, log records, cookie data

Visual/Audio Data: Profile photo, only depending on the user's preference

3. Legal Grounds for Processing Personal Data

KVKK Article 5/2-a: Explicitly prescribed by law (e-invoice, tax legislation)
KVKK Article 5/2-c: Direct relevance to the establishment and performance of a contract
KVKK Article 5/2-ç: Compliance with a legal obligation of the data controller
KVKK Article 5/2-f: Legitimate interest of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject
KVKK Article 5/1: Explicit consent (for marketing, analytical operations)

4. Purposes of Processing Personal Data

Execution of membership and subscription processes
Provision of order, shipping, and logistics services
Issuance of e-invoices and management of accounting processes
Provision of customer service and technical support
Fulfillment of legal obligations and cooperation with official authorities
Ensuring platform security and preventing fraud
Commercial communication (consent-based)

5. Parties to Whom Personal Data is Transferred

Domestic Transfers:

Shipping and logistics companies (for delivery purposes)
Accounting and e-invoice integration companies (Logo, Sysmond)
Public institutions and organizations in case of legal obligation (GİB, SGK, etc.)

Cross-Border Transfers (KVKK Article 9):

International payment processors (Paddle) — under adequacy decisions or undertakings
International shipping companies (FedEx, DHL) — for delivery purposes
Cloud infrastructure providers — with necessary safeguards under KVKK Article 9

6. Retention Periods of Personal Data

Membership and account data: Active account period + 3 years
Invoice and accounting records: 10 years (pursuant to Tax Procedure Law - VUK)
Shipping and order records: 5 years
Technical log and security data: 2 years
Marketing data: Until consent is withdrawn

7. Rights of the Data Subject (KVKK Article 11)

You have the following rights regarding your personal data:

Learning whether your personal data is processed or not
Requesting information if your personal data has been processed
Learning the purpose of processing your personal data and whether they are used in accordance with their purpose
Knowing the third parties to whom your personal data is transferred domestically or abroad
Requesting rectification of your personal data if it is processed incompletely or inaccurately
Requesting erasure or destruction of your personal data within the framework of Article 7 of KVKK
Requesting notification of rectification and erasure operations to third parties to whom personal data has been transferred
Objecting to the occurrence of a result against you by analyzing the processed data exclusively through automated systems
Requesting compensation for damages in case you incur damages due to unlawful processing of your personal data

8. How Can You Exercise Your Rights?

You can contact us in the following ways to exercise your rights under Article 11 of KVKK:

Written application: With a wet-signed petition to the address Demirtaş Dumlupınar Mahallesi 38. Sokak No:62, Bursa, Turkey
Email: With registered email or secure electronic signature to info@appiaglobal.com
In-platform: Account Settings > Privacy > Data Request

Your application will be answered free of charge within 30 days. If the request is excessively repetitive or clearly groundless, a reasonable fee may be charged.

9. Security Measures

APPIA takes necessary technical and administrative measures, such as SSL/TLS encryption, secure server infrastructure, access authorization systems, regular security tests, and employee training, in order to prevent unlawful processing of and unauthorized access to your personal data, and to ensure its preservation.

10. Right to Complain to the Board

If you think that your rights under KVKK have been violated, you have the right to lodge a complaint with the Personal Data Protection Board (kvkk.gov.tr).

11. Validity of the Clarification Text

This text was updated on 19.06.2026. Changes will be announced through the platform. You can always access the up-to-date text at www.appiaglobal.com/kvkk.

GDPR COMPLIANCE POLICY (EU General Data Protection Regulation)

Last Updated: 19.06.2026

This document explains your rights under the EU General Data Protection Regulation (GDPR) No. 2016/679, which entered into force on May 25, 2018, and APPIA's data processing practices for users residing in the European Union or the European Economic Area.

1. Data Controller

Appia Yazılım Ltd. Şti.
Address: Demirtaş Dumlupınar Mahallesi 38. Sokak No:62, Bursa, Turkey
Email: info@appiaglobal.com

APPIA has the status of data controller processing the data of users in the EU.

2. Categories of Processed Personal Data

Identity Data: Name, surname, username, verification details

Contact Data: Email, phone number, mailing address

Financial Data: Billing information, payment history (card details are not stored)

Transaction Data: Order, shipping, stock, and logistics records

Technical Data: IP address, cookie ID, device information, log records

Usage Data: Platform activity, feature usage, preferences

3. Processing Purposes and Legal Bases

Performance of a contract (GDPR Art. 6/1b): Provision of services, account management, payment processing
Legal obligation (GDPR Art. 6/1c): Tax declaration, accounting, legal reporting
Legitimate interest (GDPR Art. 6/1f): Platform security, fraud prevention, product development
Explicit consent (GDPR Art. 6/1a): Email marketing, analytical cookies

4. Your Rights Under GDPR

Article 15 — Right of Access: You can request a copy of your personal data processed by us.

Article 16 — Right to Rectification: You can request correction of incorrect or incomplete data.

Article 17 — Right to Erasure ('Right to be Forgotten'): Under certain conditions, you can request the deletion of your personal data.

Article 18 — Right to Restriction of Processing: You can request restriction of processing of your data.

Article 20 — Right to Data Portability: You can receive your data in a structured, machine-readable format and transfer it to another controller.

Article 21 — Right to Object: You can object to processing based on legitimate interests or for marketing purposes.

Withdrawal of Consent: You can withdraw your consent at any time for consent-based processing (marketing, etc.).

5. International Data Transfers

Your data may be transferred outside the EU. In this case, one of the following safeguards applies:

EU Standard Contractual Clauses (SCCs)
Adequacy decisions of the European Commission
Binding Corporate Rules (BCRs)

6. Data Retention

Active account data: During the subscription + 3 years
Financial records: 7-10 years pursuant to EU legislation
Marketing data: Until consent is withdrawn
Technical log: 2 years

7. Automated Decision-Making and Profiling

APPIA does not use fully automated decision-making mechanisms that produce legal effects concerning users.

8. Cookies and Tracking

The platform uses necessary (session management), functional (preferences), and analytical (anonymous usage statistics) cookies. Analytical cookies are only activated with your consent.

9. Right to Lodge a Complaint with a Supervisory Authority

If you think that your EU data protection rights have been violated, you have the right to lodge a complaint with the competent data protection authority of the country where you reside.

10. Data Protection Request and Contact

To submit your requests under GDPR:

Email: info@appiaglobal.com
Write 'GDPR Request' in the subject line. Requests are answered within 30 days.
Post: Demirtaş Dumlupınar Mahallesi 38. Sokak No:62, Bursa, Turkey

PERSONAL DATA PROTECTION LAW CLARIFICATION TEXT (KVKK)

Last Updated: 19.06.2026

This Clarification Text has been prepared by Appia Yazılım Ltd. Şti. ("APPIA") as the data controller in accordance with Article 10 of the Personal Data Protection Law No. 6698 ("KVKK").

1. Identity of the Data Controller

Title: Appia Yazılım Ltd. Şti.
Address: Demirtaş Dumlupınar Mahallesi 38. Sokak No:62, Bursa, Turkey
Phone: 0224 502 00 18
Email: info@appiaglobal.com
Web: www.appiaglobal.com

2. Processed Personal Data

Identity Data: Name, surname, TR ID number (if legally required), date of birth

Contact Data: Email address, phone number, physical address

Customer Transaction Data: Order details, shipping tracking records, refund requests

Financial Data: Invoice details, payment records, tax number

Transaction Security Data: IP address, log records, cookie data

Visual/Audio Data: Profile photo, only depending on the user's preference

3. Legal Grounds for Processing Personal Data

KVKK Article 5/2-a: Explicitly prescribed by law (e-invoice, tax legislation)
KVKK Article 5/2-c: Direct relevance to the establishment and performance of a contract
KVKK Article 5/2-ç: Compliance with a legal obligation of the data controller
KVKK Article 5/2-f: Legitimate interest of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject
KVKK Article 5/1: Explicit consent (for marketing, analytical operations)

4. Purposes of Processing Personal Data

Execution of membership and subscription processes
Provision of order, shipping, and logistics services
Issuance of e-invoices and management of accounting processes
Provision of customer service and technical support
Fulfillment of legal obligations and cooperation with official authorities
Ensuring platform security and preventing fraud
Commercial communication (consent-based)

5. Parties to Whom Personal Data is Transferred

Domestic Transfers:

Shipping and logistics companies (for delivery purposes)
Accounting and e-invoice integration companies (Logo, Sysmond)
Public institutions and organizations in case of legal obligation (GİB, SGK, etc.)

Cross-Border Transfers (KVKK Article 9):

International payment processors (Paddle) — under adequacy decisions or undertakings
International shipping companies (FedEx, DHL) — for delivery purposes
Cloud infrastructure providers — with necessary safeguards under KVKK Article 9

6. Retention Periods of Personal Data

Membership and account data: Active account period + 3 years
Invoice and accounting records: 10 years (pursuant to Tax Procedure Law - VUK)
Shipping and order records: 5 years
Technical log and security data: 2 years
Marketing data: Until consent is withdrawn

7. Rights of the Data Subject (KVKK Article 11)

You have the following rights regarding your personal data:

Learning whether your personal data is processed or not
Requesting information if your personal data has been processed
Learning the purpose of processing your personal data and whether they are used in accordance with their purpose
Knowing the third parties to whom your personal data is transferred domestically or abroad
Requesting rectification of your personal data if it is processed incompletely or inaccurately
Requesting erasure or destruction of your personal data within the framework of Article 7 of KVKK
Requesting notification of rectification and erasure operations to third parties to whom personal data has been transferred
Objecting to the occurrence of a result against you by analyzing the processed data exclusively through automated systems
Requesting compensation for damages in case you incur damages due to unlawful processing of your personal data

8. How Can You Exercise Your Rights?

You can contact us in the following ways to exercise your rights under Article 11 of KVKK:

Written application: With a wet-signed petition to the address Demirtaş Dumlupınar Mahallesi 38. Sokak No:62, Bursa, Turkey
Email: With registered email or secure electronic signature to info@appiaglobal.com
In-platform: Account Settings > Privacy > Data Request

Your application will be answered free of charge within 30 days. If the request is excessively repetitive or clearly groundless, a reasonable fee may be charged.

9. Security Measures

10. Right to Complain to the Board

If you think that your rights under KVKK have been violated, you have the right to lodge a complaint with the Personal Data Protection Board (kvkk.gov.tr).

11. Validity of the Clarification Text

This text was updated on 19.06.2026. Changes will be announced through the platform. You can always access the up-to-date text at www.appiaglobal.com/kvkk.

GDPR COMPLIANCE POLICY (EU General Data Protection Regulation)

Last Updated: 19.06.2026

1. Data Controller

Appia Yazılım Ltd. Şti.
Address: Demirtaş Dumlupınar Mahallesi 38. Sokak No:62, Bursa, Turkey
Email: info@appiaglobal.com

APPIA has the status of data controller processing the data of users in the EU.

2. Categories of Processed Personal Data

Identity Data: Name, surname, username, verification details

Contact Data: Email, phone number, mailing address

Financial Data: Billing information, payment history (card details are not stored)

Transaction Data: Order, shipping, stock, and logistics records

Technical Data: IP address, cookie ID, device information, log records

Usage Data: Platform activity, feature usage, preferences

3. Processing Purposes and Legal Bases

Performance of a contract (GDPR Art. 6/1b): Provision of services, account management, payment processing
Legal obligation (GDPR Art. 6/1c): Tax declaration, accounting, legal reporting
Legitimate interest (GDPR Art. 6/1f): Platform security, fraud prevention, product development
Explicit consent (GDPR Art. 6/1a): Email marketing, analytical cookies

4. Your Rights Under GDPR

Article 15 — Right of Access: You can request a copy of your personal data processed by us.

Article 16 — Right to Rectification: You can request correction of incorrect or incomplete data.

Article 17 — Right to Erasure ('Right to be Forgotten'): Under certain conditions, you can request the deletion of your personal data.

Article 18 — Right to Restriction of Processing: You can request restriction of processing of your data.

Article 20 — Right to Data Portability: You can receive your data in a structured, machine-readable format and transfer it to another controller.

Article 21 — Right to Object: You can object to processing based on legitimate interests or for marketing purposes.

Withdrawal of Consent: You can withdraw your consent at any time for consent-based processing (marketing, etc.).

5. International Data Transfers

Your data may be transferred outside the EU. In this case, one of the following safeguards applies:

EU Standard Contractual Clauses (SCCs)
Adequacy decisions of the European Commission
Binding Corporate Rules (BCRs)

6. Data Retention

Active account data: During the subscription + 3 years
Financial records: 7-10 years pursuant to EU legislation
Marketing data: Until consent is withdrawn
Technical log: 2 years

7. Automated Decision-Making and Profiling

APPIA does not use fully automated decision-making mechanisms that produce legal effects concerning users.

8. Cookies and Tracking

The platform uses necessary (session management), functional (preferences), and analytical (anonymous usage statistics) cookies. Analytical cookies are only activated with your consent.

9. Right to Lodge a Complaint with a Supervisory Authority

If you think that your EU data protection rights have been violated, you have the right to lodge a complaint with the competent data protection authority of the country where you reside.

10. Data Protection Request and Contact

To submit your requests under GDPR:

Email: info@appiaglobal.com
Write 'GDPR Request' in the subject line. Requests are answered within 30 days.
Post: Demirtaş Dumlupınar Mahallesi 38. Sokak No:62, Bursa, Turkey