Light/Dark:

Let us call you to clarify your needs together

Our team will contact you as soon as possible and together we will plan the most suitable solution for the process.

İŞTE Kayıt Gizlilik Politikası

İŞTE Kayıt Mobile Application Privacy Policy

Last Updated: May 2, 2026

This Privacy Policy explains how personal data is processed within the İŞTE Kayıt mobile application (package name: com.istekayit), including processing purposes, sharing, retention periods, and user rights.

1. Data Controller and Contact Information

Data Controller: Emre Şekeroğlu
Address: Güzelyalı Mah. T.Özal Bulvarı 81077 Sk. No:2 Dostlar Apt. K:1 D:1 Çukurova/Adana, Türkiye
Email: [email protected]
Web: www.istebuyuyelim.com
Phone: +90 535 554 43 14

2. What Data We Process

  • Authentication data: server URL/domain, username, password, 2FA code
  • Customer registration data: full name/company title, Turkish ID number (TCKN) / tax number (VKN), birth details, parents' names, gender, nationality
  • Contact data: phone, email, address (including city/district/neighborhood)
  • Corporate registration data: tax office and tax certificate fields
  • Document data: front/back ID images, tax certificate images, KVKK form (signed/unsigned PDF), additional documents
  • Notification and device data: FCM token, device model, notification content/meta data (title/message/type/customer_id)
  • Security and audit data: IP address, login and access logs (server side)

3. Processing Purposes

  • User login, two-factor authentication, and account security
  • Creating, updating, and verifying customer records
  • Uploading, processing, and archiving ID, tax certificate, and related documents
  • Sending push notifications and in-app redirection
  • Operational monitoring, support, and audit processes
  • Information security and compliance with legal obligations

4. Legal Basis and User Consent Flow

Personal data is processed under the Turkish Personal Data Protection Law No. 6698 (KVKK), based on legal grounds such as explicit legal requirements, contract performance, legal obligations of the data controller, protection/exercise of rights, and legitimate interests. Explicit consent is obtained where required.

Permission consent flow in the app:

  • CAMERA: Requested when the user starts ID/document capture.
  • POST_NOTIFICATIONS: Requested to display push notifications.

5. Android Permissions and SDK Mapping

  • android.permission.INTERNET: API communication, document upload/download, push infrastructure
  • android.permission.CAMERA: Capturing ID/document photos
  • android.permission.POST_NOTIFICATIONS: Showing notifications
  • android.permission.ACCESS_NETWORK_STATE: Network state management
  • android.permission.WAKE_LOCK: Background delivery continuity for notifications
  • com.google.android.c2dm.permission.RECEIVE: Receiving FCM messages
  • com.istekayit.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION: In-app receiver security

SDKs/Services used: Firebase Cloud Messaging, Firebase Installations, CameraX, OkHttp/Retrofit.

6. Third-Party Sharing / Service Providers

  • Application backend infrastructure: Türkiye
  • Backup/hosting/CDN: Türkiye
  • Google Firebase (FCM/Firebase Installations): Technical data processing for push notifications and installation identifiers

Cross-border processing note: Push notification infrastructure (Firebase Cloud Messaging/Firebase Installations) may be processed on Google's global infrastructure; processing location may vary by region and is not limited to the EU.

7. Retention Periods and Deletion Method

  • Customer registration data: 10 years
  • Uploaded documents (ID/tax certificate/KVKK form): 10 years
  • Login and access logs: 5 years
  • Push records/tokens: 5 years
  • Backups: 10 years

Deletion requests: Processed through customer-company-specific channels. A general contact channel is [email protected].

  • Response time: Within 30 days at the latest
  • Technical deletion after approval: 30 days

8. Security Measures

  • Encryption in transit (HTTPS/TLS)
  • Server-side validation and authorization controls
  • Secure local storage mechanisms for sensitive values
  • Timed cleanup of temporary files
  • Monitoring of access and operation logs

9. User Rights

Under Article 11 of KVKK, data subjects may request to learn whether personal data is processed, request information if processed, learn processing purposes, know third parties to whom data is transferred, request correction or deletion where applicable, and exercise other rights granted by law.

Requests can be submitted through customer-company-specific channels or via [email protected].

10. Children's Privacy

İŞTE Kayıt is not directed to children under the age of 13.

11. Policy Changes

This policy may be updated when necessary. The latest version is published on this page.

Update Date: May 2, 2026

12. Play Console Data Safety Mapping Summary

Data Type Purpose Sharing Retention
Identity and customer registration data App functionality, account management Backend (Türkiye) 10 years
Document/photo data Document management, registration completion Backend (Türkiye) 10 years
FCM token / device data Notification delivery Firebase + Backend 5 years
Log/IP data Security and auditing Backend (Türkiye) 5 years

Last Update: May 3, 2026, 12:42 a.m.