Privacy Policy — BAYİDEA

1. Data Controller

This privacy policy has been prepared by Faruk Şener Consulting, the operator of the BAYİDEA platform. We process your personal data as the data controller within the scope of applicable data protection regulations, including Turkey's Law No. 6698 on the Protection of Personal Data (KVKK) and the EU General Data Protection Regulation (GDPR) where applicable.

Data Controller: Faruk Şener Consulting
Email: info@bayidea.com.tr
Website: faruksener.com.tr

2. Personal Data We Collect

When you use our platform, we may process the following personal data:

Identity Information: Name, surname, title
Contact Information: Email address, phone number
Company Information: Company name, tax number, address, sector, number of dealers
Assessment Data: Dealer management maturity model responses and notes
Technical Data: IP address, browser information, login timestamps
Payment Information: Card details (processed through iyzico's secure infrastructure — not stored by us)

3. Purpose of Processing

Providing the platform service and generating assessment reports
Membership and account management
Processing payments
Ensuring system security and fraud prevention
Fulfilling legal obligations
Improving service quality and benchmark analyses (anonymously)
Informing you about new platform features (with your consent)

            Your assessment results are accessible only to you. They may be used in anonymous
            benchmark calculations but are never shared with third parties linked to your identity.
        

4. Legal Basis

Performance of a contract (KVKK Art. 5/2-c / GDPR Art. 6(1)(b))
Legitimate interests (KVKK Art. 5/2-f / GDPR Art. 6(1)(f))
Explicit consent (for marketing communications)
Legal obligation (tax, accounting records)

5. Data Security

All data is transmitted using SSL/TLS encryption
Passwords are hashed using BCrypt — never stored in plain text
Payment information is processed through iyzico's PCI-DSS compliant infrastructure
Database access is restricted through role-based authorization
Unauthorized access attempts are logged

6. Sharing with Third Parties

Your personal data is not shared with third parties except in the following cases:

iyzico: Payment infrastructure provider
Hosting/Server: Plesk infrastructure (Turkey/EU data centers)
Legal obligation: Competent authorities in case of a court order or legal requirement

7. Data Retention Periods

Account information: Duration of account activity + 3 years after closure
Assessment reports: Duration of account activity
Payment records: 10 years (statutory obligation)
Login logs: 1 year

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

The right to know whether your personal data is being processed
The right to access your personal data
The right to rectification of inaccurate data
The right to erasure ("right to be forgotten")
The right to restriction of processing
The right to data portability
The right to object to automated processing
The right to compensation for damages arising from unlawful processing

To exercise your rights, please contact us at: info@bayidea.com.tr
Requests will be responded to within 30 days.

9. International Data Transfers

Your data is primarily stored on servers located in Turkey and/or the European Union. Where data is transferred outside these regions, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.