This Privacy Policy and Clarification Text has been prepared pursuant to Article 10 of the Turkish Personal Data Protection Law No. 6698 ("KVKK"). As Shipink Teknoloji AŞ ("Shipink," "Company," "we"), we attach great importance to the security of your personal data.
1. Identity of the Data Controller
Name: Shipink Teknoloji AŞ
Email: info@shipink.io
Web: shipink.io
As data controller under the KVKK, we process your personal data for the purposes and legal grounds explained below.
2. Personal Data Processed
Identity Information: Name, surname, username, Turkish ID number (for invoicing purposes).
Contact Information: Email address, phone number, mailing address.
Customer Transaction Information: Order history, shipment details (recipient name, address, phone number, shipment description, package dimensions and weight), subscription information.
Financial Information: Billing address, payment method details (credit card information is processed by secure payment processors and is not stored by Shipink).
Transaction Security Information: IP address, session data, device information, browser type and version, operating system.
Marketing Information: Cookie data, preferences, campaign participation data (with your explicit consent).
Usage Data: Pages visited, click data, visit durations and other analytical data.
3. Purposes of Processing Personal Data
Your personal data is processed for the following purposes:
- To provide, maintain and improve our Services
- To create and manage your membership account
- To generate shipping labels, provide shipment tracking and carry out carrier integration processes
- To execute payment and billing transactions
- To respond to customer support requests
- To send service updates, technical notifications and support messages
- To improve service quality by analyzing Platform usage
- To prevent fraud and ensure information security
- To fulfill legal and regulatory obligations
- To carry out marketing and communication activities with your explicit consent
4. Collection Method and Legal Basis
Your personal data is collected through our website, mobile applications, email, cookies, registration forms, customer support channels and API integrations by automated and non-automated means.
The legal grounds for processing under KVKK Article 5 are:
- Necessity for the establishment and performance of a contract
- Fulfillment of legal obligations (tax legislation, commercial code, etc.)
- Legitimate interest of the data controller (service improvement, security)
- Your explicit consent (marketing activities, non-essential cookies)
5. Recipients and Transfer Purposes
Your personal data may be transferred to the following parties under KVKK Articles 8 and 9:
Carriers: Shipment information (recipient name, address, phone number) necessary to provide shipping services is shared with your selected carrier.
Payment Service Providers: Payment information is shared with trusted payment institutions for secure processing of payments.
Infrastructure and Service Providers: Necessary data is shared with cloud hosting, analytics, customer support and email service providers.
Authorized Public Institutions: Information is shared with relevant public institutions when required by law.
6. International Data Transfer
In connection with the provision of our Services, your personal data may be transferred to servers and service providers abroad in accordance with KVKK Article 9. Where the destination country does not provide adequate protection, the transfer is carried out with the safeguards prescribed by the KVKK.
7. Data Security
We take the necessary technical and administrative measures in accordance with KVKK Article 12 to ensure the security of your personal data:
Technical Measures: SSL/TLS encryption, firewalls, access controls, regular security scans, data backup, penetration testing.
Administrative Measures: Employee training, authorization matrices, confidentiality agreements, data processing contracts, regular audits.
8. Data Retention and Destruction
Your personal data is retained for the duration required by the processing purpose. Key retention periods:
- Commercial books and documents: 10 years pursuant to Turkish Commercial Code No. 6102
- Tax-related documents: 5 years pursuant to Tax Procedure Law No. 213
- Electronic commerce records: 3 years pursuant to Law No. 6563
- Transaction security logs: 2 years pursuant to Law No. 5651
Upon expiry of the retention period or where the processing purpose no longer exists, personal data is deleted, destroyed or anonymized in accordance with the Regulation on Deletion, Destruction or Anonymization of Personal Data.
9. Data Processing Principles
Your personal data is processed in compliance with the principles set out in KVKK Article 4:
- Lawfulness and fairness
- Accuracy and being up-to-date where necessary
- Processing for specific, explicit and legitimate purposes
- Being relevant, limited and proportionate to the purposes for which they are processed
- Retention for the period stipulated by relevant legislation or required for the purpose of processing
10. Your Rights under KVKK
Under KVKK Article 11, you have the following rights:
(a) To learn whether your personal data is being processed
(b) To request information if your personal data has been processed
(c) To learn the purpose of processing and whether data is used in accordance with its purpose
(d) To know the third parties to whom your personal data is transferred domestically or abroad
(e) To request correction if your personal data has been processed incompletely or incorrectly
(f) To request deletion or destruction of your personal data under KVKK Article 7
(g) To request that correction, deletion and destruction operations be notified to third parties to whom your data has been transferred
(h) To object to results produced against you through exclusive analysis by automated systems
(i) To claim compensation for damages arising from unlawful processing of your personal data
11. Application Method
To exercise your rights under the KVKK, you may contact us through the following methods:
- Email: By sending an application including your identity verification to info@shipink.io
- Written application: By sending a registered letter or notarized correspondence to our Company address
Your application will be concluded free of charge within 30 (thirty) days at the latest, depending on the nature of the request. If the process requires an additional cost, the fee determined by the Personal Data Protection Board may be charged.
12. Children's Privacy
Our Services are not intended for persons under 18 years of age. We do not knowingly collect personal data from persons under 18. If we become aware that we have collected personal data from a minor, such data will be promptly deleted in accordance with KVKK provisions.
13. Policy Changes
We may update this Privacy Policy. Changes will be posted on this page and significant changes will be notified via email or through our website.
14. Contact
For questions about our privacy practices or your rights under KVKK:
Shipink Teknoloji AŞ
Email: info@shipink.io
Web: shipink.io