Last Updated: March 25, 2026 | Valid Until: March 25, 2028
Data Controller
MİBOSO MEDYA İLETİŞİM ANONİM ŞİRKETİ (the "Company") acts as the data controller within the scope of the Turkish Personal Data Protection Law No. 6698 (the "Law").
Address: Rüzgarlıbahçe Mah. Çam Pınarı Sok. Smart Plaza B Blok No:4/9 34805 Beykoz/İstanbul, Türkiye
Trade Registry No (MERSİS): 0-6210-98680-500001
Registered Email (KEP): mibosomedya@hs01.kep.tr
Email: info@mibosowellbeing.com
Personal data held by the Company is under the Company's protection. All necessary technical and administrative measures are taken to ensure the secure storage and lawful processing of personal data in accordance with the Law and applicable regulations.
This Privacy Policy has been prepared to inform our customers about the processing, storage, and transfer of their personal data.
1. Categories of Personal Data Collected
The following categories of personal data are collected by our Company:
Identity Information: Name, surname, national ID number, date of birth, and similar information.
Contact Information: Phone number, email address, postal address.
Digital Usage Data: IP address, browser information, session data, usage patterns on the platform, access logs, and cookie data.
Our Company does not process health data or other special categories of personal data.
2. Purposes and Legal Bases for Processing Personal Data
Your personal data may be collected through various channels, by automated or non-automated means, in verbal, written, or electronic form, in connection with the services and commercial activities provided by the Company.
Your personal data is processed for the following purposes and based on the legal grounds indicated below:
Performance of a contract (Law Art. 5/2-c):
• Provision of services and offers
• Provision of customer support services
• Management of requests and complaints
Compliance with legal obligations (Law Art. 5/2-ç):
• Fulfillment of legal obligations
• Execution of finance and accounting processes
• Management of legal proceedings
Legitimate interest (Law Art. 5/2-f):
• Conducting Company operations in compliance with regulations and company policies
• Determination and implementation of commercial strategies
• Management of information security processes
• Establishment and operation of IT infrastructure
• Market research and statistical analysis
• Ensuring the accuracy and currency of data
Explicit consent (Law Art. 5/1):
• Marketing and advertising activities
• Execution of campaigns, promotions, and sweepstakes
• Identification of visitor and user profiles
3. Transfer of Personal Data and Transfer Purposes
Your personal data may be transferred to the following recipient groups under Articles 8 and 9 of the Law, only where strictly necessary for the provision of our services:
Service providers: Data may be transferred to business partners providing communication, analytics, and technical services on behalf of the Company, only to the extent strictly necessary for the performance of the service and under binding agreements that ensure confidentiality.
Professionals and consultants: Professionals providing services on the platform are granted access only to the data of their own clients. Professionals do not have access to platform-wide data.
Competent public authorities: Data may be transferred to authorized public authorities upon request, within the scope of legal obligations.
Mobile Data Security: We do not sell, rent, or share mobile phone numbers or SMS-related data with third parties, affiliates, business partners, or any other companies for marketing or promotional purposes. Your data may only be shared with third parties when it is strictly necessary to deliver our services and only under binding agreements that ensure confidentiality. Under no circumstances will mobile data be shared or sold for advertising or promotional use.
4. International Data Transfers
Your personal data may be transferred to service providers located in European Union member states and the United States of America for the purposes of service delivery, cloud infrastructure, analytics tools, and communication services.
Such transfers are carried out in accordance with Article 9 of the Law and applicable regulations, through standard contractual clauses or your explicit consent. Appropriate data protection safeguards are ensured with the receiving parties, who are subject to the data protection legislation of their respective jurisdictions. Data transferred internationally is never shared with third parties for marketing or promotional purposes.
5. Methods of Collecting Personal Data
Your personal data may be collected through websites, mobile applications, social media platforms, electronic forms, email, and telephone.
Digital usage data is also collected through cookies on our website. For detailed information on cookie usage, please visit: https://mibosowellbeing.com/en/privacy/cookies
6. Retention Period of Personal Data
Your personal data is retained for as long as your customer relationship continues and throughout the statutory retention periods required by applicable legislation. Following the termination of your customer relationship, your data continues to be stored until the statutory retention periods are fulfilled.
Upon your request for deletion, data that is not subject to mandatory statutory retention obligations will be deleted, destroyed, or anonymised within a reasonable timeframe.
7. Your Rights as a Data Subject
Under Article 11 of the Law, you have the following rights:
• To learn whether your personal data is being processed
• To request information if your data has been processed
• To learn the purpose of processing and whether data is used in accordance with its purpose
• To learn the third parties to whom your data has been transferred
• To request correction of incomplete or inaccurate data
• To request deletion, destruction, or anonymisation of your data
• To request that such operations be notified to third parties
• To object to any outcome arising exclusively from automated processing
• To claim compensation in case of damage due to unlawful processing
Application Method
You may submit your requests via wet signature, notary public, registered mail, registered email (KEP: mibosomedya@hs01.kep.tr), or email at info@mibosowellbeing.com.
Your requests will be concluded free of charge as soon as possible and within thirty (30) days at the latest, depending on the nature of your request. If the process requires an additional cost, fees may be charged in accordance with the tariff determined by the Personal Data Protection Board.
Right to Complain to the Board
If your application is rejected, the response is deemed insufficient, or no response is received within thirty (30) days, you have the right to file a complaint with the Personal Data Protection Board.
8. Automated Decision-Making
Our Company does not use fully automated decision-making mechanisms that produce legal effects concerning your personal data.
9. Changes
The Company reserves the right to amend this Privacy Policy in accordance with changes in the Law or regulations issued by the Personal Data Protection Board. Updates will be published on our website.