Whatsapp Number
0850 252 22 22LAW ON THE PROTECTION OF PERSONAL DATA
MOKA UNITED PAYMENT SERVICES AND ELECTRONIC MONEY INSTITUTION INC. Privacy Notice
Moka United Payment Services and Electronic Money Institution Inc. (“Moka United” or “Company”) exercises the utmost care and diligence in ensuring the confidentiality and security of the personal data it collects and processes.
Therefore, personal information processed by our Company in its capacity as Data Controller or Data Recipient is processed and stored in accordance with the Personal Data Protection Law No. 6698 ("KVKK"). To this end, Moka United takes the necessary administrative and technical measures to protect your personal data in all your transactions and processes your personal data under the conditions described below and within the limits set forth in the Law and other relevant legislation.
1. Legal Nature and Scope
Article 10 of the Personal Data Protection Law No. 6698, titled "Obligation to Inform," requires that individuals whose personal data is processed be informed by the data controllers. According to the provisions of the KVKK, Moka United is the "Data Controller" for personal data within its sphere of control.
This Information Notice informs data subjects about: the identity of the data controller, the purposes of processing personal data, the persons to whom personal data is transferred and the purposes of transfer, the legal grounds for collecting personal data, to whom it may be transferred and the methods of transfer, and the rights of the personal data owner as listed in Article 11 of the Law, such as the right to request the data controller to update, delete, or anonymize their data.
2. Identity of the Data Controller
Article 3/1(ı) of the KVKK defines the Data Controller as "real or legal persons who determine the purposes and means of processing personal data and are responsible for establishing and managing the data recording system." Within this framework, our Company is the data controller for certain data.
The contact details of our Company as the Data Controller are as follows:
Levent Mah. Meltem Sok. İşbankası Kuleleri Blok No: 10 İç Kapı No:4 Beşiktaş/İstanbul,
info@mokaunited.com
www.mokaunited.com
3. Your Processed Personal Data
The personal data you have shared with the Company,
1 ) Identity Information: Name, surname, TCKN/VKN, date of birth, nationality, copy of ID/Passport/Driver's License (where necessary)
2 ) Contact Information: Mobile phone number, email address, office and/or residential address information (where required)
3 ) Customer Transaction Information: IBAN, customer card number, customer account balance, transaction limit, risk information, transaction history, payment methods, and billing information
4 ) Transaction Security Information: IP Address, internet entry and exit information, password and passphrase information, device and browser information, user session information
5 ) Visual and Audio Information: Selfie or biometric photo for identity verification (where required), voice recordings of calls made to the call center
6 ) Location Information: Device location (IP-based or GPS data)
7 ) Online Support and Customer Service Records: Written or verbal communications with our company via online support, call center, email, and similar channels, live support chat records
8 ) Email Communications: Content and attached documents in emails you have sent to our company
9 ) Web Interaction and Analytical Data: Device model and operating system, browser information, pages visited and session duration, IP address, page and ad interaction data, user behavior analytics data (most frequently used buttons, browsing habits, etc.),
are processed in accordance with the relevant legislation under the KVKK. Within the framework of the data processing conditions specified in Articles 5 and 6 of the KVKK, data is processed by fulfilling contractual obligations, complying with legal obligations, protecting legitimate interests, and obtaining explicit consent where necessary. The purposes and categories of your data processing are detailed in the table below.
4. Purposes and Legal Grounds for Processing Your Personal Data
| Purposes of Data Processing | Personal Data Category | Legal Basis for Processing |
|---|---|---|
| Establishing a valid contract and providing services | Identity information, Contact information | Directly related to the establishment or performance of the contract, necessary for the Company to fulfill its legal obligations, explicitly provided for by law |
| Creation of your user account and execution of identity verification processes | Identity information, Contact information, Visual and audio information | Directly related to the establishment or performance of the contract, necessary for the Company to fulfill its legal obligations |
| Performing fund deposits, payment transactions, and money transfers | Identity information, contact information, customer transaction information, transaction security information, location information | Directly related to the establishment or performance of the contract, necessary for the Company to fulfill its legal obligations, explicitly provided for by law |
| Creation of your virtual card and provision of and ensuring that payment and cash withdrawal transactions can be made with the card, and providing wallet services | Identity information, Contact information, Customer transaction information, Transaction security information | Directly related to the establishment or performance of the contract, necessary for the Company to fulfill its legal obligations, explicitly stipulated by law |
| Receiving and following up on your requests and complaints, providing you with the Company's services so that you can benefit from the call center service and resolve any issues you may encounter | Identity information, Contact information, Customer transaction information, Online Help and Customer Service Records, Visual and Audio Information | Directly related to the establishment or performance of the contract, and necessary for the Company to fulfill its legal obligations |
| Ensuring financial security, implementing customer identification processes (KYC - Know Your Customer), preventing money laundering (AML - Anti-Money Laundering) and anti-fraud mechanisms; implementation, auditing, and continuous improvement of the compliance program within the scope of relevant legislation; management of legal processes aimed at preventing the laundering of criminal proceeds and irregular transactions | Identity information, Contact information, Customer transaction information, Transaction Security Information, Location Information, Visual and Audio Information | It is mandatory for the company to fulfill its legal obligations, as expressly provided for by law |
| Management of risk management and internal control processes, primarily for electronic services, ensuring the highest level of financial and commercial data security, establishing appropriate IT infrastructure and databases, and taking administrative and technical measures | Identity information, Contact information, Customer transaction information, Transaction Security Information | It is mandatory for the company to fulfill its legal obligations, as explicitly stipulated by law |
| Improving user experience, marketing, advertising, and personalized campaign activities | Identity information, Contact information, User preferences, Web Interaction and Analytical Data | are processed subject to obtaining explicit consent. The user may withdraw their consent at any time. |
Your personal data is processed in accordance with the specified methods and purposes, pursuant to Law No. 6493 on Payment and Securities Settlement Systems, Payment Services, and Electronic Money Institutions, Law No. 5549 on the Prevention of Money Laundering, the Regulation on Payment Services and Electronic Money Issuance, and Payment Institutions and Electronic Money Institutions, Decree Law No. 660 on the Organization and Duties of the Public Oversight, Accounting, and Auditing Standards Authority, and other relevant legislation, in accordance with Articles 4, 5, and 6 of the KVKK and the provisions of the Attorney Law No. 1136.
In this context, your data is collected and processed in order for our Company to fully and accurately fulfill its obligations arising from the contract and applicable legal regulations, to ensure the security of the financial system, to fulfill its obligations to prevent money laundering at , and to comply with legal audit processes.
5. Our Principles Regarding the Processing of Personal Data
As Moka United, we commit to acting in accordance with all relevant legislation, primarily the Personal Data Protection Law No. 6698 ("KVKK"), when processing your personal data. In this context, we conduct our data processing processes in line with the following basic principles:
a ) Processing in accordance with the law and rules of good faith:
Your personal data is processed in accordance with legal obligations and within the framework of the principle of transparency.
b ) Accuracy and timeliness:
We take the necessary measures to ensure the accuracy and timeliness of your personal data.
c )Processing for specific, explicit, and legitimate purposes:
Your data is used only for clearly stated and legally valid processing purposes.
d ) Purpose limitation, proportionality, and data minimization:
Your personal data is processed only to the extent necessary for the processing purpose, and unnecessary data collection or processing activities are avoided.
e ) Compliance with retention period:
Your personal data is stored only for the period specified in the relevant legislation or necessary for the processing purpose, and data whose retention period has expired is securely destroyed.
6. Methods of Processing Personal Data
Your personal data is processed in accordance with the processing conditions specified in Article 5 of the KVKK. In this context, your data is processed:
a ) Explicitly provided for by law,
b )Necessary for the establishment or performance of a contract,
c ) Being necessary for the data controller to fulfill its legal obligations,
d ) Processing based on the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.
Your special category personal data is processed only in accordance with the conditions stipulated by law under the KVKK and relevant legislation. In this regard, your biometric data (such as selfie or facial recognition data in identity verification processes) is processed only when it is necessary for our company to fulfill its legal obligations, when it is necessary for the establishment, exercise, or protection of a right, when it is expressly provided for in the legislation, or when you have given your explicit consent.
Our company exercises the utmost sensitivity in the processing and protection of special category personal data, processing it only when necessary, in the most limited manner possible, and with secure technical/administrative measures in place.
7. To Whom and for What Purpose Processed Personal Data May Be Transferred
Your personal data collected and processed in accordance with the KVKK at our company may be transferred to third parties for the purposes of
• primarily the Law No. 6493 on Payment and Securities Settlement Systems, Payment Services and Electronic Money Institutions, the Law No. 5549 on the Prevention of Money Laundering, the Law No. 660 on Public Oversight, Accounting and Auditing Standards Authority, may be transferred to legally authorized public institutions or private institutions/organizations such as the Banking Regulation and Supervision Agency (BDDK), the Money Laundering and Terrorist Financing Investigation Board (MASAK), the Central Bank of the Republic of Turkey, and independent audit institutions for the purpose of fulfilling the obligations of risk management, reporting, accounting, internal control and audit, and compliance envisaged for Moka United in the relevant legislation.
• To domestic suppliers of goods and services, business and solution partners, and consultants, in accordance with confidentiality agreements, for the purpose of procuring administrative, financial, legal, and technical materials and services required by the Company,
• To authorized public legal entities or judicial authorities due to lawsuits and proceedings in which the Company is involved for the establishment, protection, and exercise of a right.
Provided that it is directly related to the establishment or performance of a contract, the transfer of personal data belonging to the parties to the contract to is necessary for the Companies to fulfill their legal obligations, based on the legal grounds clearly stipulated in the law;
• Your identity, contact, and financial data for the purpose of providing you with the Company's services through the wallet application,
• In order for you to benefit from the call center service, resolve any issues, and provide you with the Company's services, your identity, contact, customer transaction information, online help and customer service records, visual and audio information
May be transferred to third parties specified under Law No. 6493 by Moka United.
Personal data processed by our Company is shared only within the country and with authorized persons, institutions, and organizations for the purposes specified above, and no personal data is transferred abroad.
8. Methods of Collecting Your Personal Data
Your personal data is collected by our Company in the Individual and Corporate categories;
a ) Execution of transactions related to the payment account, such as depositing money into the payment account and sending money from the payment account based on a payment order,
b ) Direct debit transactions related to the transfer of funds in the payment account, payment transactions made with a payment card or similar instrument, and money transfers including standing orders,
c ) Issuance or acceptance of a payment instrument,
ç ) Money transfers,
d ) Facilitating bill payments,
e ) During the provision of our basic payment services, such as presenting consolidated information relating to one or more payment accounts on online platforms, provided that the payment service user's consent is obtained, data is collected by automated or non-automated means.
9. How Do We Protect It?
Moka United takes all necessary technical and administrative measures in full compliance with the Personal Data Protection Law No. 6698 ("KVKK") and related legislation to ensure the confidentiality and security of personal data.
Advanced technical measures such as strong encryption methods, access control mechanisms, network security measures, and data masking techniques are implemented to prevent unauthorized access, loss, alteration, disclosure, or misuse of your personal data.
In addition, as part of administrative measures, internal data security policies have been implemented, regular training is provided to employees, and personal data is only processed by authorized personnel.
In the event that your personal data is shared with third parties, contractual obligations are applied to ensure that the relevant parties comply with the same high security standards, and these processes are regularly audited.
Our data security practices are continuously updated in line with technological developments, and regular tests and checks are carried out against cybersecurity risks.
10. Protection and Storage Period of Your Data
Moka United takes all necessary technical and administrative measures to protect the personal data it collects, prevent it from falling into the hands of unauthorized persons, and ensure that our customers and prospective customers are not harmed.
In this context, compliance with our Privacy and Information Security Policies, which include a set of administrative and technical measures such as ensuring that software complies with standards, using up-to-date firewalls and anti-virus systems against cyber attacks, carefully selecting third parties, and ensuring access and authorization controls, is ensured within the company.
Your Personal Data After the termination of the contract you have concluded with our company, in accordance with Law No. 6493 on Payment and Securities Settlement Systems, Payment Services, and Electronic Money Institutions, Law No. 5549 on the Prevention of Money Laundering, Decree Law No. 660 on the Organization and Duties of the Public Oversight, Accounting, and Auditing Standards Authority ( ), and other legislation, your personal data will be deleted, anonymized, or destroyed automatically or upon your request, unless otherwise required by law.
However, in cases where laws and regulations stipulate that data must be retained for a specific period, your data will be retained for the specified period. Upon expiration of this period, your relevant data will be deleted either automatically or upon your request.
11. Rights of the Data Subject and Application
Under Article 11 of the KVKK, as personal data subjects, you have the following rights:
a ) To learn whether personal data has been processed,
b ) To request information regarding the processing of personal data,
c ) To learn the purpose of processing personal data and whether they are being used in accordance with that purpose,
d ) To know the third parties to whom your personal data has been transferred within or outside the country,
e ) To request the correction of personal data if it has been processed incompletely or incorrectly, and to request that this action be communicated to third parties to whom the personal data has been transferred,
f ) To request the deletion or destruction of personal data when the reasons for processing no longer exist, even if the processing was carried out in accordance with the provisions of the KVK Law and other relevant laws, and to request that the third parties to whom the personal data has been transferred be notified of this action,
g ) Object to the analysis of processed data exclusively through automated systems resulting in a decision adverse to the individual,
h ) You have the right to request compensation for damages incurred due to the unlawful processing of personal data.
Data subjects may submit their requests to exercise the above rights in accordance with Article 13 of Law No. 6698 and the Communiqué on the Procedures and Principles for Applying to the Data Controller.
You must submit your requests in writing to our company address, through a notary public, or via registered email (KEP) with a secure electronic signature/mobile signature, along with documents verifying your identity.
Our company will respond to requests free of charge within thirty (30) days at the latest, depending on the nature of the request; however, for requests that incur additional costs, a fee may be charged according to the rates determined by the Personal Data Protection Board.
As required by law, requests must be made only by the relevant data subject and must contain only information belonging to the applicant. Requests made on behalf of third parties (e.g., spouse, relative, friend) will be accepted only if made by a duly authorized representative of the relevant person.
Last updated: 01/09/2025
Law On The Protectıon Of Personal Data
