Privacy Policy & Clarification Text
Clarification text on the protection of personal data.
This Privacy Policy and Personal Data Protection Notice is prepared by SOFTWEEN YAZILIM LİMİTED ŞİRKETİ ("glossgo"), acting as the data controller, under Turkey's Personal Data Protection Law No. 6698 ("KVKK") and, where applicable, the European Union General Data Protection Regulation ("GDPR"). It informs the customers, businesses, and visitors who use our platform about how their personal data is collected, processed, transferred, retained, and protected.
Data Controller Identity
- Legal name: SOFTWEEN YAZILIM LİMİTED ŞİRKETİ
- Mersis No: 0772146927900001
- Tax ID: 7721469279
- Address: Fenerbahçe Mah. İğrip Sk. No: 13/1 Kadıköy / İstanbul, Türkiye
- Email: info@glossgo.com
Personal Data We Process
While you use the platform, the following categories of personal data are collected and processed, either directly from you or automatically through systems such as cookies:
- Identity data: Name, surname, date of birth, and similar data that identify you.
- Contact data: Email address, mobile phone number, address details.
- Customer transaction data: Booking details (date, time, service type), transaction history, payment information (transaction confirmation and masked card number), requests and complaints.
- Financial data: Data required for invoicing and payment transactions.
- Location data (optional): If you grant permission, real-time or background location data used to show nearby businesses.
- Device and transaction security data: IP address, device type and model, operating system, browser information, sign-in/sign-out (log) records.
- Marketing and cookie data: Browsing habits, marketing preferences, and behavioral data collected through cookies and similar technologies.
- User-generated content: Reviews, ratings, uploaded photos, and in-platform messages directed at businesses.
Purposes and Legal Bases of Processing
Your personal data is processed for the following purposes, based on the legal grounds set out in Articles 5 and 6 of the KVKK:
- Carrying out membership operations and managing your account (performance of a contract).
- Managing booking, payment, and service-purchase processes (performance of a contract).
- Providing after-sales support (cancellation, refund, change) (performance of a contract).
- Evaluating and responding to your requests, complaints, and suggestions (legitimate interest).
- Carrying out finance and accounting operations (legal obligation).
- Resolving legal disputes and requests from public authorities (legal obligation).
- Ensuring platform security and preventing fraud (legitimate interest).
- Performing analysis to improve service quality (legitimate interest).
- Providing location-based services (explicit consent).
- Sending marketing, advertising, and campaign notifications (explicit consent).
Transfer of Personal Data
In line with the purposes above and in accordance with Articles 8 and 9 of the KVKK, your data may be shared with the following recipient groups:
- Member businesses (salons): To deliver the service you booked, your booking and contact details are shared with the relevant business.
- Payment service providers: Licensed payment institutions, to carry out your payments securely.
- Technical infrastructure and service providers: Partners providing cloud computing, SMS/email delivery, analytics, and marketing tools.
- Authorized public institutions: Courts, prosecutors, and other official authorities where required by law.
International transfers: Some of our technical infrastructure providers may host their servers abroad. In such cases, the transfer is carried out under Article 9 of the KVKK, either with your explicit consent or under conditions deemed to provide adequate protection by the Turkish Personal Data Protection Authority.
Data Retention Periods
We retain your personal data only for as long as necessary for the purposes for which it was processed, or for the retention periods required by applicable legislation. When the retention period expires or the processing purpose ceases, your data is deleted, destroyed, or irreversibly anonymized.
The main retention periods are as follows:
- Account and profile data: Retained while your account is active. If you close your account, it is deleted or anonymized within 30 days at the latest, subject to the legal retention obligations below.
- Booking and transaction history: Retained for the applicable legal limitation periods after the service relationship ends.
- Invoice, payment, and accounting records: Retained for 10 years under the Turkish Commercial Code and Tax Procedure Law.
- Marketing and consent-based data: Retained until you withdraw your consent; processing stops once consent is withdrawn.
- Cookie, device, and security (log) records: Retained for the relevant cookie lifetime and the periods set by applicable regulations.
Your Rights as a Data Subject
Under Article 11 of the KVKK, you have the following rights:
- To learn whether your personal data is processed and, if so, to request information about it,
- To learn the purpose of processing and whether the data is used in line with that purpose,
- To know the third parties to whom your data is transferred, domestically or abroad,
- To request correction of incomplete or inaccurately processed data,
- To request the deletion or destruction of your data,
- To request that correction, deletion, or destruction be notified to the third parties to whom the data was transferred,
- To object to a result against you arising solely from automated analysis of your data,
- To claim compensation if you suffer damage due to unlawful processing.
Deleting Your Data and Closing Your Account
You can request the deletion, destruction, or anonymization of your personal data and the closure of your account at any time. You can submit a data deletion request through the following channels:
- Email: Write to info@glossgo.com from the email address registered in our system, with the subject line "Personal Data Deletion Request".
- Online: Follow the Data Subject Request Procedure at glossgo.com/tr/legal/data-subject-request.
- Written / registered email: Apply with a wet-signed petition or via registered electronic mail (KEP) to the address stated in the "Data Controller Identity" section.
Your request is concluded free of charge as soon as possible and within 30 days at the latest, depending on its nature. We may ask you for additional information to verify your identity. Data subject to a legal retention obligation (for example, invoice and accounting records) continues to be stored for the relevant statutory periods; once those periods expire, that data is also deleted or anonymized.
Data Security
glossgo takes the technical and administrative measures necessary to ensure an appropriate level of security and to prevent unlawful processing of, and unauthorized access to, your personal data. These measures include access controls, data encryption, regular security audits, incident response plans, and staff training.
Changes and Contact
glossgo may update this Policy to comply with legal regulations or to reflect operational changes. Material changes are announced before they take effect by publishing a prominent notice on the platform or by sending a notification to your registered email address.
For any questions or requests about our privacy practices or this Policy, you can reach us at info@glossgo.com.