KVKK CLARIFICATION TEXT Last Updated: 02.04.2026 1. Identity of the Data Controller Within the scope of the Personal Data Protection Law No. 6698 ("KVKK"), your personal data is processed by the data controller for the purposes explained below. Email: info@emregecer.com Website: https://emregecer.com 2. Personal Data Collected and Collection Methods Your personal data is collected through the website electronically by automated and non-automated methods: • Identity Information: First name, last name (membership, contact, and appointment forms) • Contact Information: Email address, phone number (membership, contact, and appointment forms) • Account Information: Username, encrypted password, profile photo (membership registration and profile settings) • Transaction Security Information: Session tokens, IP address, browser information (automatically, by the system) • Payment Information: Payment history, transaction reference numbers (via payment providers - Stripe, Iyzico) • Service Usage Information: Appointment dates, meeting records (booking and meeting systems) • Preference Information: Language, theme, notification preferences (profile settings) • Analytics Information: Page views, click behavior, session durations, device and browser information, approximate location (country/city level) (automatically, subject to cookie consent, via Google Analytics and Microsoft Clarity) Note: Sensitive payment information such as credit card numbers and CVV is not stored directly on our site; this information is processed by PCI DSS certified payment providers (Stripe, Iyzico). 3. Purposes of Processing Personal Data and Legal Bases • Creating and managing membership accounts → Performance of a contract (Art. 5/2-c) • Scheduling and managing consulting appointments → Performance of a contract (Art. 5/2-c) • Providing online meeting services → Performance of a contract (Art. 5/2-c) • Processing payment transactions → Performance of a contract (Art. 5/2-c) • Responding to contact form messages → Legitimate interest (Art. 5/2-f) • Sending notifications and reminders → Explicit consent (marketing); contract performance (appointment reminders) • Ensuring site security, fraud prevention → Legitimate interest + legal obligation (Art. 5/2-ç, Art. 5/2-f) • Fulfilling legal obligations → Legal obligation (Art. 5/2-ç) • Analyzing site usage statistics and improving user experience → Explicit consent (Art. 5/1) — via Google Analytics and Microsoft Clarity, only when cookie consent is given 4. Transfer of Personal Data 4.1. International Transfers Within the scope of KVKK Art. 9, your personal data may be transferred abroad due to third-party service providers used in service processes: • Stripe Inc. (USA) — International payment processing • Iyzico Ödeme Hizmetleri A.Ş. (Turkey) — Domestic payment processing • Cal.com Inc. (USA) — Appointment scheduling • Daily.co Inc. (USA) — Video meeting infrastructure • Google LLC (USA) — OAuth authentication, email delivery (SMTP), Google Analytics site analytics • Microsoft Corporation (USA) — Microsoft Clarity user behavior analysis and session recordings These transfers are carried out in accordance with the international transfer requirements under KVKK Art. 9. 4.2. Legal Authorities Transfers may be made to authorized public institutions and organizations in case of legal necessity. 5. Retention Period of Personal Data • Membership account data: Until the account is deleted + legal period • Contact form messages: 2 years • Payment transaction records: 10 years (tax legislation) • Appointment and meeting records: 2 years • Session and security logs: 1 year • Cookie data: Periods specified in the Cookie Policy 6. Your Rights Under KVKK Art. 11 As a data subject, you have the following rights: • To learn whether your personal data is being processed • To request information about it if processed • To learn the purpose of processing and whether it is used appropriately for the purpose • To know third parties to whom personal data has been transferred domestically or abroad • To request correction of personal data if it has been processed incompletely or incorrectly • To request its deletion or destruction within the scope of KVKK Art. 7 • To request that correction and deletion operations be notified to third parties to whom data has been transferred • To object to the emergence of a result against you by analyzing the processed data exclusively through automated systems • To request compensation for damages suffered due to unlawful processing You can submit your applications in writing to info@emregecer.com. Your requests will be answered free of charge within a maximum of 30 days. --- PRIVACY POLICY Last Updated: 02.04.2026 This Privacy Policy explains how the https://emregecer.com website collects, uses, stores, and protects personal data. This policy has been prepared to meet obligations under the Turkish KVKK, the EU General Data Protection Regulation (GDPR), and the US California Consumer Privacy Act (CCPA/CPRA). 1. Data Controller Email: info@emregecer.com Web: https://emregecer.com 2. Categories of Data Processed For a detailed list, see Section 2 of the KVKK Clarification Text above. In summary: identity, contact, account, transaction security, payment, service usage, and preference information are processed. 3. Legal Basis (GDPR Art. 6) • Performance of contract (Art. 6/1-b): Membership, appointment, payment, meeting services • Legitimate interest (Art. 6/1-f): Site security, responding to contact forms, service improvement • Legal obligation (Art. 6/1-c): Tax and accounting legislation, court orders • Explicit consent (Art. 6/1-a): Marketing emails, newsletter subscription 4. Third-Party Service Providers • Stripe / Iyzico — Payment processing • Cal.com — Appointment management • Daily.co — Video meeting infrastructure • Google — OAuth authentication, email delivery, and Google Analytics site analytics • Microsoft — Microsoft Clarity user behavior analysis and session recordings The privacy policies of these providers apply. Data may be transferred to countries outside the EU/EEA (USA); these transfers are based on appropriate safeguards (Standard Contractual Clauses, etc.). 5. Retention Periods • Membership account data: Until the account is deleted + legal period • Contact form messages: 2 years • Payment transaction records: 10 years (tax legislation) • Appointment and meeting records: 2 years • Session and security logs: 1 year • Cookie data: Periods specified in the Cookie Policy 6. Your Rights Under GDPR (EU) • Right of access (Art. 15) — Obtain a copy of your processed data • Right to rectification (Art. 16) — Request correction of inaccurate data • Right to erasure / Right to be forgotten (Art. 17) • Right to restriction of processing (Art. 18) • Right to data portability (Art. 20) • Right to object (Art. 21) — Object to processing based on legitimate interest • Right not to be subject to automated decision-making (Art. 22) • Right to withdraw consent — You can withdraw at any time for consent-based processing; withdrawal does not affect the lawfulness of prior processing • Right to lodge a complaint with a supervisory authority — You may apply to the data protection authority in your country 7. Your Rights Under CCPA/CPRA (California, USA) If you reside in California and CCPA/CPRA conditions apply: • Right to know what personal information is collected and how it is used • Right to request deletion of your personal information • Right to opt out of the sale or sharing of your personal information (our site does not sell or share personal data for behavioral advertising purposes) • Right not to be discriminated against for exercising your rights 8. Data Security Industry-standard technical and administrative security measures are implemented to protect your personal data. These include HTTPS encryption, secure session management, access control, and regular security assessments. 9. Children's Privacy Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from individuals under 18. 10. Policy Changes This policy may be updated from time to time. We will notify you of significant changes via email or through the site. The current text will always be published on this page. 11. Contact For all questions and requests regarding privacy: info@emregecer.com